mhu/reflow-oven-control-sw
2
0
Fork 0
Code Issues 4 Pull Requests Releases 4 Wiki Activity

Implement fault handling of safety controller and document it #5

New Issue
Open
opened 2020-08-16 01:30:07 +02:00 by mhu · 2 comments
mhu commented 2020-08-16 01:30:07 +02:00
Owner
Copy Link

Safety Controller

  • must stop PID in case of severe error
  • must force oven driver output to 0 in case of a severe error
  • Must enter panic mode in case of non recoverable hard error.

Severe errors

These errors stop the PID and force the oven off but do not force user to restart the whole device.

  1. Analog Watchdog flag set: ERR_FLAG_MEAS_ADC_WATCHDOG
  2. Timing monitor violation of PID: ERR_FLAG_TIMING_PID
  3. Timing monitor violation of measurement ADC: ERR_FLAG_TIMING_MEAS_ADC
  4. Measurement ADC off: ERR_FLAG_MEAS_ADC_OFF
  5. Reference voltage analog monitor: ERR_FLAG_AMON_VREF
  6. measurement ADC overflow: ERR_FLAG_MEAS_ADC_OVERFLOW
  7. All hard errors, listed below

Hard Errors

These errors force the reflow controller into panic mode. It will not serve a shell or GUI anymore and can only be restarted. Panic mode is still to be defined in detail. Panic can't be terminated without power cycling the device.

The following errors trigger the panic mode:

  1. Hanging main loop: ERR_FLAG_TIMING_MAIN_LOOP
  2. Fired watchdog: ERR_FLAG_WTCHDG_FIRED
  3. Over temperature of uC: ERR_FLAG_AMON_UC_TEMP
  4. Hanging systick: ERR_FLAG_SYSTICK
  5. Stack overflow / stack-heap-collision protection: ERR_FLAG_STACK
  6. Safety ADC error: ERR_FLAG_SAFETY_ADC
  7. Check issue #15. If a broken structure of the safety stuff is detected, the controller shall also go into panic mode.
Safety Controller * must stop PID in case of severe error * must force oven driver output to 0 in case of a severe error * Must enter panic mode in case of non recoverable hard error. ## Severe errors These errors stop the PID and force the oven off but do not force user to restart the whole device. 1. Analog Watchdog flag set: `ERR_FLAG_MEAS_ADC_WATCHDOG` 2. Timing monitor violation of PID: `ERR_FLAG_TIMING_PID` 3. Timing monitor violation of measurement ADC: `ERR_FLAG_TIMING_MEAS_ADC` 4. Measurement ADC off: `ERR_FLAG_MEAS_ADC_OFF` 5. Reference voltage analog monitor: `ERR_FLAG_AMON_VREF` 6. measurement ADC overflow: `ERR_FLAG_MEAS_ADC_OVERFLOW` 7. **All hard errors, listed below** ## Hard Errors These errors force the reflow controller into panic mode. It will not serve a shell or GUI anymore and can only be restarted. Panic mode is still to be defined in detail. Panic can't be terminated without power cycling the device. The following errors trigger the panic mode: 1. Hanging main loop: `ERR_FLAG_TIMING_MAIN_LOOP` 2. Fired watchdog: `ERR_FLAG_WTCHDG_FIRED` 3. Over temperature of uC: `ERR_FLAG_AMON_UC_TEMP` 4. Hanging systick: `ERR_FLAG_SYSTICK` 5. Stack overflow / stack-heap-collision protection: `ERR_FLAG_STACK` 6. Safety ADC error: `ERR_FLAG_SAFETY_ADC` 7. Check issue #15. If a broken structure of the safety stuff is detected, the controller shall also go into panic mode.
mhu commented 2020-08-21 00:48:15 +02:00
Author
Owner
Copy Link

Add this information to the sphinx docu!

Add this information to the sphinx docu!
mhu commented 2021-05-22 11:51:50 +02:00
Author
Owner
Copy Link

Change behavior:

After a panic occured, the controller will restart normally, but report that a panic occured and you have to check the safety memory for details.

Change behavior: After a panic occured, the controller will restart normally, but report that a panic occured and you have to check the safety memory for details.
mhu added a new dependency 2021-12-29 01:18:16 +01:00
#33 Write documentation for v1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
help wanted

   
high-prio

   
invalid

   
question

   
SAFETY

   
SHELL

   
UI

   
wontfix
No Label
bug
duplicate
enhancement
help wanted
high-prio
invalid
question
SAFETY
SHELL
UI
wontfix
Milestone
Clear milestone
No items
No Milestone
v1.0
Assignees
Clear assignees
No Assignees
mhu
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Blocks
#33 Write documentation for v1
mhu/reflow-oven-control-sw
Reference: mhu/reflow-oven-control-sw#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?