issue #5: Implement safety weight checking in control loop

stm-firmware/include/reflow-controller/oven-driver.h

@@ -43,6 +43,8 @@ void oven_pid_handle(float target_temp);
 
 void oven_pid_stop(void);
 
+void oven_pid_abort(void);
+
 void oven_driver_apply_power_level(void);
 
 enum oven_pid_status oven_pid_get_status(void);

stm-firmware/include/reflow-controller/safety/safety-config.h

@@ -132,7 +132,9 @@ enum analog_value_monitor {
 			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_STACK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
 			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
 			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SYSTICK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
-			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_WTCHDG_FIRED, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
+			/* Watchdog timeout is not handled perioodically, but only on startup.
+			 * Therefore, it is not listed here */\
+			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_WTCHDG_FIRED, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
 			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_UNCAL, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
 			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_DEBUG, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
 			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \

stm-firmware/oven-driver.c

@@ -118,6 +118,12 @@ void oven_pid_stop(void)
 	safety_controller_enable_timing_mon(ERR_TIMING_PID, false);
 }
 
+void oven_pid_abort(void)
+{
+	oven_pid_aborted = true;
+	oven_pid_stop();
+}
+
 enum oven_pid_status oven_pid_get_status(void)
 {
 	enum oven_pid_status ret = OVEN_PID_ABORTED;

stm-firmware/pid-controller.c

@@ -77,6 +77,7 @@ float pid_sample(struct pid_controller *pid, float deviation)
 
 	output = deviation * pid->k_p;
 
+	/* PID runaway compensation */
 	if (!(deviation > 0.0f && pid->control_output > pid->output_sat_max - 0.5) &&
 	    !(deviation < 0.0f && pid->control_output < pid->output_sat_min + 0.5)) {
 		calculate_integral(pid, deviation);

stm-firmware/safety/safety-controller.c

@@ -37,6 +37,7 @@
 #include <stddef.h>
 #include <string.h>
 #include <reflow-controller/safety/safety-memory.h>
+#include <reflow-controller/oven-driver.h>
 #include <helper-macros/helper-macros.h>
 
 #define check_flag_persistent(flag) ((flag)->persistency && (flag)->persistency->persistency)
@@ -216,6 +217,9 @@ static void init_safety_flag_persistencies_from_default(void)
 
 static bool error_flag_get_status(const volatile struct error_flag *flag)
 {
+	if (!flag)
+		return true;
+
 	if (flag->error_state == flag->error_state_inv) {
 		return true;
 	} else {
@@ -576,6 +580,31 @@ static void safety_controller_do_systick_checking()
 	last_systick = systick;
 }
 
+static void safety_controller_handle_weighted_flags()
+{
+	uint32_t weight_index;
+	volatile struct safety_weight *current_weight;
+
+	for (weight_index = 0; weight_index < COUNT_OF(flag_weights); weight_index++) {
+		current_weight = &flag_weights[weight_index];
+		if (error_flag_get_status(current_weight->flag_ptr)) {
+			switch (current_weight->weight) {
+			case SAFETY_FLAG_CONFIG_WEIGHT_NONE:
+				break;
+			case SAFETY_FLAG_CONFIG_WEIGHT_PID:
+				oven_pid_abort();
+				break;
+			case SAFETY_FLAG_CONFIG_WEIGHT_PANIC:
+				/* Expected fallthrough */
+			default:
+				oven_pid_abort();
+				panic_mode();
+				break;
+			}
+		}
+	}
+}
+
 int safety_controller_handle()
 {
 	int ret = 0;
@@ -583,12 +612,9 @@ int safety_controller_handle()
 	safety_controller_check_stack();
 	safety_controller_handle_safety_adc();
 	safety_controller_handle_memory_checks();
-
 	safety_controller_do_systick_checking();
-
 	safety_controller_process_monitor_checks();
-
-	/* TODO: Check flag weights and trigger appropriate safety action */
+	safety_controller_handle_weighted_flags();
 
 	ret |= watchdog_ack(WATCHDOG_MAGIC_KEY);