180 lines
7.3 KiB
C
180 lines
7.3 KiB
C
/* Reflow Oven Controller
|
|
*
|
|
* Copyright (C) 2020 Mario Hüttel <mario.huettel@gmx.net>
|
|
*
|
|
* This file is part of the Reflow Oven Controller Project.
|
|
*
|
|
* The reflow oven controller is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with the reflow oven controller project.
|
|
* If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/**
|
|
* @file safety-config.h
|
|
* @brief Safety Controller Configuration.
|
|
* @warning MAKE SURE XOU UNDERSTAND WHAT YOU ARE DOING IN HERE
|
|
*/
|
|
|
|
#ifndef __SAFETY_CONFIG_H__
|
|
#define __SAFETY_CONFIG_H__
|
|
|
|
/**
|
|
* @brief Enum type representing safety flags.
|
|
*
|
|
* The enum type is binary or'able to allow combining
|
|
* multiple safety flags.
|
|
*/
|
|
enum safety_flag {
|
|
ERR_FLAG_NO_FLAG = 0,
|
|
ERR_FLAG_MEAS_ADC_OFF = (1<<0),
|
|
ERR_FLAG_MEAS_ADC_OVERFLOW = (1<<1),
|
|
ERR_FLAG_MEAS_ADC_WATCHDOG = (1<<2),
|
|
ERR_FLAG_MEAS_ADC_UNSTABLE = (1<<3),
|
|
ERR_FLAG_TIMING_PID = (1<<4),
|
|
ERR_FLAG_TIMING_MEAS_ADC = (1<<5),
|
|
ERR_FLAG_AMON_VREF = (1<<6),
|
|
ERR_FLAG_AMON_UC_TEMP = (1<<7),
|
|
ERR_FLAG_STACK = (1<<8),
|
|
ERR_FLAG_SAFETY_ADC = (1<<9),
|
|
ERR_FLAG_SYSTICK = (1<<10),
|
|
ERR_FLAG_WTCHDG_FIRED = (1<<11),
|
|
ERR_FLAG_UNCAL = (1<<12),
|
|
ERR_FLAG_DEBUG = (1<<13),
|
|
ERR_FLAG_TIMING_MAIN_LOOP = (1<<14),
|
|
ERR_FLAG_SAFETY_MEM_CORRUPT = (1<<15),
|
|
ERR_FLAG_SAFETY_TAB_CORRUPT = (1<<16),
|
|
ERR_FLAG_AMON_SUPPLY_VOLT = (1<<17),
|
|
};
|
|
|
|
/**
|
|
* @brief Enum Type representing timing monitors.
|
|
*
|
|
* The enum type is binary or'able to allow combining
|
|
* multiple safety flags.
|
|
*/
|
|
enum timing_monitor {
|
|
ERR_TIMING_PID = (1<<0),
|
|
ERR_TIMING_MEAS_ADC = (1<<1),
|
|
ERR_TIMING_SAFETY_ADC = (1<<2),
|
|
ERR_TIMING_MAIN_LOOP = (1<<3),
|
|
};
|
|
|
|
/**
|
|
* @brief Enum Type representing analog value monitors.
|
|
*
|
|
* The enum type is binary or'able to allow combining
|
|
* multiple safety flags.
|
|
*/
|
|
enum analog_value_monitor {
|
|
ERR_AMON_VREF = (1<<0),
|
|
ERR_AMON_UC_TEMP = (1<<1),
|
|
ERR_AMON_SUPPLY_VOLT = (1<<2),
|
|
};
|
|
|
|
#define ERR_FLAG_ENTRY(errflag) {.name=#errflag, .flag = (errflag), .error_state = false, .error_state_inv = true, .key = 0UL, .weight = NULL, .persistency = NULL}
|
|
#define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false}
|
|
#define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false}
|
|
#define ERR_FLAG_WEIGHT_ENTRY(_flag, _weight) {.flag = (_flag), .flag_ptr = NULL, .weight = (_weight), .start_dummy = 0x11823344, .end_dummy = 0xAABBCCFD}
|
|
#define ERR_FLAG_PERSIST_ENTRY(_flag, _persist) {.flag = (_flag), .flag_ptr = NULL, .persistency = (_persist), .start_dummy = 0xFF1100BB, .end_dummy = 0xEBB439A2}
|
|
|
|
/**
|
|
* @brief Magic key used to reset the watchdog using the @ref watchdog_ack function
|
|
*/
|
|
#define WATCHDOG_MAGIC_KEY 0x1a2c56F4
|
|
|
|
#ifdef DEBUGBUILD
|
|
/**
|
|
* @brief If one, the watchdog is halted whenever the core is halted by the debugger.
|
|
*
|
|
* This is only applicable in a debug build. In release mode, the watchdog stays always enabled
|
|
*/
|
|
#define WATCHDOG_HALT_DEBUG (1)
|
|
#else
|
|
#define WATCHDOG_HALT_DEBUG (0)
|
|
#endif
|
|
|
|
#define WATCHDOG_PRESCALER 16
|
|
|
|
/**
|
|
* @brief Minimum number of bytes that have to be free on the stack. If this is not the case, an error is detected
|
|
*/
|
|
#define SAFETY_MIN_STACK_FREE 0x100
|
|
|
|
#define PID_CONTROLLER_ERR_CAREMASK (ERR_FLAG_STACK | ERR_FLAG_AMON_UC_TEMP | ERR_FLAG_AMON_VREF | \
|
|
ERR_FLAG_TIMING_PID | ERR_FLAG_TIMING_MEAS_ADC | ERR_FLAG_MEAS_ADC_OFF | \
|
|
ERR_FLAG_MEAS_ADC_OVERFLOW)
|
|
|
|
#define HALTING_CAREMASK (ERR_FLAG_STACK | ERR_FLAG_AMON_UC_TEMP)
|
|
|
|
#define SAFETY_ADC_VREF_MVOLT (2500.0f)
|
|
#define SAFETY_ADC_VREF_TOL_MVOLT (100.0f)
|
|
#define SAFETY_ADC_TEMP_LOW_LIM (0.0f)
|
|
#define SAFETY_ADC_TEMP_HIGH_LIM (65.0f)
|
|
#define SAFETY_ADC_SUPPLY_MVOLT (3300.0f)
|
|
#define SAFETY_ADC_SUPPLY_TOL_MVOLT (150.0f)
|
|
|
|
#define SAFETY_EXT_WATCHDOG_PORT GPIOD
|
|
#define SAFETY_EXT_WATCHDOG_RCC_MASK RCC_AHB1ENR_GPIODEN
|
|
#define SAFETY_EXT_WATCHDOG_PIN (12)
|
|
|
|
/**
|
|
* @brief Key used to lock the safety flags coming from the measurment ADC from external ack'ing
|
|
*/
|
|
#define MEAS_ADC_SAFETY_FLAG_KEY 0xe554dac3UL
|
|
|
|
/**
|
|
* @brief Safety ADC trigger interval
|
|
*/
|
|
#define SAFETY_CONTROLLER_ADC_DELAY_MS 250
|
|
|
|
#define SAFETY_CONFIG_DEFAULT_PERSIST ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, false), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_PID, false), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_UC_TEMP, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_VREF, false), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_STACK, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_ADC, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SYSTICK, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_WTCHDG_FIRED, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_UNCAL, false), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_DEBUG, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_TAB_CORRUPT, true), \
|
|
ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_SUPPLY_VOLT, false), \
|
|
|
|
#define SAFETY_CONFIG_DEFAULT_WEIGHTS ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OFF, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_PID, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_UC_TEMP, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_VREF, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_STACK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SYSTICK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
|
|
/* Watchdog timeout is not handled periodically, but only on startup.
|
|
* Therefore, it is not listed here */\
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_WTCHDG_FIRED, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_UNCAL, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_DEBUG, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_TAB_CORRUPT, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_SUPPLY_VOLT, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
|
|
|
|
#endif /* __SAFETY_CONFIG_H__ */
|