Issue #18: Store correct flag number in error memory

stm-firmware/include/reflow-controller/safety/safety-config.h

@@ -23,6 +23,7 @@
 
 
 enum safety_flag {
+	ERR_FLAG_NO_FLAG = 0,
 	ERR_FLAG_MEAS_ADC_OFF = (1<<0),
 	ERR_FLAG_MEAS_ADC_OVERFLOW = (1<<1),
 	ERR_FLAG_MEAS_ADC_WATCHDOG = (1<<2),

stm-firmware/include/reflow-controller/safety/safety-memory.h

@@ -55,7 +55,7 @@ struct safety_memory_header {
 	uint32_t config_overrides_len;	/**< @brief Length of override entries in words */
 	uint32_t err_memory_offset;	/**< @brief Offset of the error memory */
 	uint32_t err_memory_end;	/**< @brief End of the error memory. This points to the word after the error memory, containing the CRC of the whole backup RAM. */
-	uint32_t magic_i;		/**< @brief Invers Magic. Set to the bitwise inverse of @ref SAFETY_MEMORY_MAGIC */
+	uint32_t crc;		/**< @brief  CRC of the header */
 };
 
 struct safety_memory_boot_status {

stm-firmware/safety/fault.c

@@ -26,14 +26,16 @@
 
 void HardFault_Handler(void)
 {
-	/* This is a non recoverable fault. Hang here */
+	/* This is a non recoverable fault. Stop the oven */
 
 	oven_driver_set_power(0);
 	oven_driver_apply_power_level();
 
+	/* Set the error led */
 	led_set(0, 1);
 
-	while (1);
+	/* Try the real panic mode */
+	panic_mode();
 }
 
 /* Overwrite default handler. Go to panic mode */
@@ -44,12 +46,9 @@ void __int_default_handler(void)
 
 void panic_mode(void)
 {
+	/* This variable is static, because I don't want it to be on the stack */
 	static struct safety_memory_boot_status IN_SECTION(.ccm.bss) boot_status;
 
-	/* Panic mode is esentially the same as a hardfault,
-	 * but it can be expected, that more functionality is still usable
-	 */
-
 	oven_driver_set_power(0);
 	oven_driver_apply_power_level();
 
@@ -59,6 +58,6 @@ void panic_mode(void)
 		(void)safety_memory_set_boot_status(&boot_status);
 	}
 
-
+	/* Let the watchdog do the rest */
 	while (1);
 }

stm-firmware/safety/safety-controller.c

@@ -259,6 +259,31 @@ static void safety_controller_process_monitor_checks()
 	safety_controller_process_active_timing_mons();
 }
 
+static uint8_t flag_enum_to_flag_no(enum safety_flag flag)
+{
+	uint32_t flag_mask;
+	uint8_t i;
+
+	if (!is_power_of_two(flag))
+		return 0xFF;
+
+	flag_mask = (uint32_t)flag;
+	for (i = 0; i < 32; i++) {
+		if ((flag_mask >> i) & 0x1U)
+			break;
+	}
+
+	return i;
+}
+
+static enum safety_flag flag_no_to_flag_enum(uint8_t no)
+{
+	if (no >= COUNT_OF(flags))
+		return ERR_FLAG_NO_FLAG;
+
+	return (1U << no);
+}
+
 int safety_controller_report_error(enum safety_flag flag)
 {
 	return safety_controller_report_error_with_key(flag, 0x0UL);
@@ -281,7 +306,7 @@ int safety_controller_report_error_with_key(enum safety_flag flag, uint32_t key)
 
 			if (flags[i].persistent && !old_state) {
 				err_mem_entry.counter = 1;
-				err_mem_entry.flag_num = i;
+				err_mem_entry.flag_num = flag_enum_to_flag_no(flags[i].flag);
 				err_mem_entry.type = SAFETY_MEMORY_ERR_ENTRY_FLAG;
 				res = safety_memory_insert_error_entry(&err_mem_entry);
 				if (res) {

stm-firmware/safety/safety-memory.c

@@ -76,13 +76,21 @@ static enum safety_memory_state safety_memory_get_header(struct safety_memory_he
 	if (res)
 		return SAFETY_MEMORY_INIT_CORRUPTED;
 
-	/* Check magics */
+	/* Check magic */
-	if (header->magic != SAFETY_MEMORY_MAGIC || header->magic_i != (uint32_t)(~SAFETY_MEMORY_MAGIC)) {
+	if (header->magic != SAFETY_MEMORY_MAGIC) {
-		/* Magics invalid */
+		/* Magic invalid */
 		ret = SAFETY_MEMORY_INIT_FRESH;
 		goto return_val;
 	}
 
+	/* Check the header crc */
+	crc_unit_reset();
+	crc_unit_input_array((uint32_t *)header, wordsize_of(struct safety_memory_header));
+	if (crc_unit_get_crc() != 0UL) {
+		ret = SAFETY_MEMORY_INIT_CORRUPTED;
+		goto return_val;
+	}
+
 	res = 0;
 	if (header->boot_status_offset < wordsize_of(struct safety_memory_header))
 		res++;
@@ -106,8 +114,14 @@ return_val:
 	return ret;
 }
 
-static void safety_memory_write_header(const struct safety_memory_header *header)
+static void safety_memory_write_and_patch_header(struct safety_memory_header *header)
 {
+	/* Patch the CRC */
+	crc_unit_reset();
+	crc_unit_input_array((uint32_t *)header, wordsize_of(struct safety_memory_header) - 1U);
+	header->crc = crc_unit_get_crc();
+
+	/* Write to memory */
 	backup_ram_write_data(0UL, (uint32_t *)header, wordsize_of(*header));
 }
 
@@ -121,10 +135,9 @@ static void safety_memory_write_new_header(void)
 	header.err_memory_offset = header.config_overrides_offset + SAFETY_MEMORY_CONFIG_OVERRIDE_COUNT;
 	header.err_memory_end = header.err_memory_offset;
 	header.magic = SAFETY_MEMORY_MAGIC;
-	header.magic_i = ~SAFETY_MEMORY_MAGIC;
 
 	backup_ram_wipe();
-	safety_memory_write_header(&header);
+	safety_memory_write_and_patch_header(&header);
 }
 
 static int safety_memory_check_crc()
@@ -399,7 +412,7 @@ int safety_memory_insert_error_entry(struct error_memory_entry *entry)
 			/* Still fits in memory */
 			backup_ram_write_data(header.err_memory_end, &input_data, 1UL);
 			header.err_memory_end++;
-			safety_memory_write_header(&header);
+			safety_memory_write_and_patch_header(&header);
 			safety_memory_gen_crc();
 			ret = 0;
 		}
@@ -435,7 +448,7 @@ int safety_memory_insert_error_entry(struct error_memory_entry *entry)
 			if ((addr + 1) < backup_ram_get_size_in_words()) {
 				backup_ram_write_data(addr, &input_data, 1UL);
 				header.err_memory_end++;
-				safety_memory_write_header(&header);
+				safety_memory_write_and_patch_header(&header);
 			} else {
 				ret = -3;
 				goto return_value;