mhu/reflow-oven-control-sw
2
0
Fork 0
Code Issues 4 Pull Requests Releases 4 Wiki Activity

Implement fault handling of safety controller and document it #5

New Issue
Open
opened 2020-08-16 01:30:07 +02:00 by mhu · 2 comments
mhu commented 2020-08-16 01:30:07 +02:00
Owner
Copy Link

Safety Controller

  • must stop PID in case of severe error
  • must force oven driver output to 0 in case of a severe error
  • Must enter panic mode in case of non recoverable hard error.

Severe errors

These errors stop the PID and force the oven off but do not force user to restart the whole device.

  1. Analog Watchdog flag set: ERR_FLAG_MEAS_ADC_WATCHDOG
  2. Timing monitor violation of PID: ERR_FLAG_TIMING_PID
  3. Timing monitor violation of measurement ADC: ERR_FLAG_TIMING_MEAS_ADC
  4. Measurement ADC off: ERR_FLAG_MEAS_ADC_OFF
  5. Reference voltage analog monitor: ERR_FLAG_AMON_VREF
  6. measurement ADC overflow: ERR_FLAG_MEAS_ADC_OVERFLOW
  7. All hard errors, listed below

Hard Errors

These errors force the reflow controller into panic mode. It will not serve a shell or GUI anymore and can only be restarted. Panic mode is still to be defined in detail. Panic can't be terminated without power cycling the device.

The following errors trigger the panic mode:

  1. Hanging main loop: ERR_FLAG_TIMING_MAIN_LOOP
  2. Fired watchdog: ERR_FLAG_WTCHDG_FIRED
  3. Over temperature of uC: ERR_FLAG_AMON_UC_TEMP
  4. Hanging systick: ERR_FLAG_SYSTICK
  5. Stack overflow / stack-heap-collision protection: ERR_FLAG_STACK
  6. Safety ADC error: ERR_FLAG_SAFETY_ADC
  7. Check issue #15. If a broken structure of the safety stuff is detected, the controller shall also go into panic mode.
Safety Controller * must stop PID in case of severe error * must force oven driver output to 0 in case of a severe error * Must enter panic mode in case of non recoverable hard error. ## Severe errors These errors stop the PID and force the oven off but do not force user to restart the whole device. 1. Analog Watchdog flag set: `ERR_FLAG_MEAS_ADC_WATCHDOG` 2. Timing monitor violation of PID: `ERR_FLAG_TIMING_PID` 3. Timing monitor violation of measurement ADC: `ERR_FLAG_TIMING_MEAS_ADC` 4. Measurement ADC off: `ERR_FLAG_MEAS_ADC_OFF` 5. Reference voltage analog monitor: `ERR_FLAG_AMON_VREF` 6. measurement ADC overflow: `ERR_FLAG_MEAS_ADC_OVERFLOW` 7. **All hard errors, listed below** ## Hard Errors These errors force the reflow controller into panic mode. It will not serve a shell or GUI anymore and can only be restarted. Panic mode is still to be defined in detail. Panic can't be terminated without power cycling the device. The following errors trigger the panic mode: 1. Hanging main loop: `ERR_FLAG_TIMING_MAIN_LOOP` 2. Fired watchdog: `ERR_FLAG_WTCHDG_FIRED` 3. Over temperature of uC: `ERR_FLAG_AMON_UC_TEMP` 4. Hanging systick: `ERR_FLAG_SYSTICK` 5. Stack overflow / stack-heap-collision protection: `ERR_FLAG_STACK` 6. Safety ADC error: `ERR_FLAG_SAFETY_ADC` 7. Check issue #15. If a broken structure of the safety stuff is detected, the controller shall also go into panic mode.
mhu commented 2020-08-21 00:48:15 +02:00
Author
Owner
Copy Link

Add this information to the sphinx docu!

Add this information to the sphinx docu!
mhu commented 2021-05-22 11:51:50 +02:00
Author
Owner
Copy Link

Change behavior:

After a panic occured, the controller will restart normally, but report that a panic occured and you have to check the safety memory for details.

Change behavior: After a panic occured, the controller will restart normally, but report that a panic occured and you have to check the safety memory for details.
mhu added a new dependency 2021-12-29 01:18:16 +01:00
#33 Write documentation for v1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
duplicate
enhancement
help wanted
high-prio
invalid
question
SAFETY
SHELL
UI
wontfix
No Label
enhancement
high-prio
SAFETY
Milestone
No items
No Milestone v1.0
Assignees
Clear assignees
mhu
No Assignees mhu
1 Participants
Notifications
Due Date
No due date set.
Blocks
#33 Write documentation for v1
mhu/reflow-oven-control-sw
Reference: mhu/reflow-oven-control-sw#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?