/* Reflow Oven Controller * * Copyright (C) 2020 Mario Hüttel * * This file is part of the Reflow Oven Controller Project. * * The reflow oven controller is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * * The Reflow Oven Control Firmware is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with the reflow oven controller project. * If not, see . */ /** * @file safety-config.h * @brief Safety Controller Configuration. * @warning MAKE SURE XOU UNDERSTAND WHAT YOU ARE DOING IN HERE */ #ifndef __SAFETY_CONFIG_H__ #define __SAFETY_CONFIG_H__ /** * @brief Weights of error flags. */ enum config_weight { SAFETY_FLAG_CONFIG_WEIGHT_NONE = 0, /**< @brief This flag has no global error consequence, but might be respected by certain software modules. */ SAFETY_FLAG_CONFIG_WEIGHT_PID = 1, /**< @brief This flag will force a stop of the temperature PID controller */ SAFETY_FLAG_CONFIG_WEIGHT_PANIC = 2, /**< @brief This flag will trigger the panic mode */ }; /** * @brief Enum type representing safety flags. * * The enum type is binary or'able to allow combining * multiple safety flags. * * @note For a more detailed explaination of the flags, check out the Sphinx documentation. */ enum safety_flag { ERR_FLAG_NO_FLAG = 0, ERR_FLAG_MEAS_ADC_OFF = (1<<0), ERR_FLAG_MEAS_ADC_OVERFLOW = (1<<1), ERR_FLAG_MEAS_ADC_WATCHDOG = (1<<2), ERR_FLAG_MEAS_ADC_UNSTABLE = (1<<3), ERR_FLAG_TIMING_PID = (1<<4), ERR_FLAG_TIMING_MEAS_ADC = (1<<5), ERR_FLAG_AMON_VREF = (1<<6), ERR_FLAG_AMON_UC_TEMP = (1<<7), ERR_FLAG_STACK = (1<<8), ERR_FLAG_SAFETY_ADC = (1<<9), ERR_FLAG_SYSTICK = (1<<10), ERR_FLAG_WTCHDG_FIRED = (1<<11), ERR_FLAG_UNCAL = (1<<12), ERR_FLAG_DEBUG = (1<<13), ERR_FLAG_TIMING_MAIN_LOOP = (1<<14), ERR_FLAG_SAFETY_MEM_CORRUPT = (1<<15), ERR_FLAG_SAFETY_TAB_CORRUPT = (1<<16), ERR_FLAG_AMON_SUPPLY_VOLT = (1<<17), ERR_FLAG_OVERTEMP = (1<<18), ERR_FLAG_FLASH_CRC_CODE = (1<<19), ERR_FLAG_FLASH_CRC_DATA = (1<<20), ERR_FLAG_CFG_CRC_MEAS_ADC = (1<<21), ERR_FLAG_CFG_CRC_SAFETY_ADC = (1<<22), ERR_FLAG_CFG_CRC_MISC = (1<<23), }; /** * @brief Enum Type representing timing monitors. * * The enum type is binary or'able to allow combining * multiple safety flags. */ enum timing_monitor { ERR_TIMING_PID = (1<<0), ERR_TIMING_MEAS_ADC = (1<<1), ERR_TIMING_SAFETY_ADC = (1<<2), ERR_TIMING_MAIN_LOOP = (1<<3), }; enum crc_monitor { ERR_CRC_MON_MEAS_ADC = 0, ERR_CRC_MON_SAFETY_ADC, ERR_CRC_MON_MISC, N_ERR_CRC_MON }; /** * @brief Enum Type representing analog value monitors. * * The enum type is binary or'able to allow combining * multiple safety flags. */ enum analog_value_monitor { ERR_AMON_VREF = (1<<0), ERR_AMON_UC_TEMP = (1<<1), ERR_AMON_SUPPLY_VOLT = (1<<2), }; #define ERR_FLAG_ENTRY(errflag) {.name=#errflag, .flag = (errflag), .error_state = false, .error_state_inv = true, .key = 0UL, .weight = NULL, .persistence = NULL} #define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false} #define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false} #define ERR_FLAG_WEIGHT_ENTRY(_flag, _weight) {.flag = (_flag), .flag_ptr = NULL, .weight = (_weight), .start_dummy = 0x11823344, .end_dummy = 0xAABBCCFD} #define ERR_FLAG_PERSIST_ENTRY(_flag, _persist) {.flag = (_flag), .flag_ptr = NULL, .persistence = (_persist), .start_dummy = 0xFF1100BB, .end_dummy = 0xEBB439A2} /** * @brief Magic key used to reset the watchdog using the @ref watchdog_ack function */ #define WATCHDOG_MAGIC_KEY 0x1a2c56F4 #ifdef DEBUGBUILD /** * @brief If one, the watchdog is halted whenever the core is halted by the debugger. * * This is only applicable in a debug build. In release mode, the watchdog stays always enabled */ #define WATCHDOG_HALT_DEBUG (1) #else #define WATCHDOG_HALT_DEBUG (0) #endif #define WATCHDOG_PRESCALER 16 /** * @brief Minimum number of bytes that have to be free on the stack. If this is not the case, an error is detected */ #define SAFETY_MIN_STACK_FREE 0x100 #define SAFETY_ADC_VREF_MVOLT (2500.0f) #define SAFETY_ADC_VREF_TOL_MVOLT (100.0f) #define SAFETY_ADC_TEMP_LOW_LIM (0.0f) #define SAFETY_ADC_TEMP_HIGH_LIM (65.0f) #define SAFETY_ADC_SUPPLY_MVOLT (3300.0f) #define SAFETY_ADC_SUPPLY_TOL_MVOLT (150.0f) #define SAFETY_EXT_WATCHDOG_PORT GPIOD #define SAFETY_EXT_WATCHDOG_RCC_MASK RCC_AHB1ENR_GPIODEN #define SAFETY_EXT_WATCHDOG_PIN (12) /** * @brief Default Limit of the overtemperature detection in degrees celsius */ #define SAFETY_DEFAULT_OVERTEMP_LIMIT_DEGC (260.0f) /** * @brief Key used to lock the safety flags coming from the measurment ADC from external ack'ing */ #define MEAS_ADC_SAFETY_FLAG_KEY 0xe554dac3UL /** * @brief Safety ADC trigger interval */ #define SAFETY_CONTROLLER_ADC_DELAY_MS 250 /** * @brief Password for resetting ERR_CRC_MON_MEAS_ADC */ #define SAFETY_CRC_MON_MEAS_ADC_PW 0xD96254A2 /** * @brief Password for resetting ERR_CRC_MON_SAFETY_ADC */ #define SAFETY_CRC_MON_SAFETY_ADC_PW 0xA8DF2368 /** * @brief Password for resetting ERR_CRC_MON_MISC * */ #define SAFETY_CRC_MON_MISC_PW 0x9A62E96A /** * @brief Default persistence of safety flags. These values are loaded into the safety tables on startup. */ #define SAFETY_CONFIG_DEFAULT_PERSIST ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_PID, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_UC_TEMP, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_VREF, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_STACK, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_ADC, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SYSTICK, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_WTCHDG_FIRED, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_UNCAL, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_DEBUG, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_TAB_CORRUPT, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_SUPPLY_VOLT, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_OVERTEMP, false), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_FLASH_CRC_CODE, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_FLASH_CRC_DATA, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_CFG_CRC_MEAS_ADC, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_CFG_CRC_SAFETY_ADC, true), \ ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_CFG_CRC_MISC, true), /** * @brief Default config weights of safety flags. These values are loaded into the safety tables on startup. */ #define SAFETY_CONFIG_DEFAULT_WEIGHTS ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OFF, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_PID, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_UC_TEMP, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_VREF, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_STACK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SYSTICK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_WTCHDG_FIRED, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_UNCAL, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_DEBUG, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_TAB_CORRUPT, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_SUPPLY_VOLT, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_OVERTEMP, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_FLASH_CRC_CODE, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_FLASH_CRC_DATA, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_CFG_CRC_MEAS_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PID), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_CFG_CRC_SAFETY_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \ ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_CFG_CRC_MISC, SAFETY_FLAG_CONFIG_WEIGHT_NONE) #endif /* __SAFETY_CONFIG_H__ */