reflow-oven-control-sw/stm-firmware/include/reflow-controller/safety/safety-config.h

/* Reflow Oven Controller
*
* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
*
* This file is part of the Reflow Oven Controller Project.
*
* The reflow oven controller is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with the reflow oven controller project.
* If not, see <http://www.gnu.org/licenses/>.
*/

/**
 * @file safety-config.h
 * @brief Safety Controller Configuration.
 * @warning MAKE SURE XOU UNDERSTAND WHAT YOU ARE DOING IN HERE
 */

#ifndef __SAFETY_CONFIG_H__
#define __SAFETY_CONFIG_H__

/**
 * @brief Enum type representing safety flags.
 *
 * The enum type is binary or'able to allow combining
 * multiple safety flags.
 *
 * @note For a more detailed explaination of the flags, check out the Sphinx documentation.
 */
enum safety_flag {
	ERR_FLAG_NO_FLAG = 0,
	ERR_FLAG_MEAS_ADC_OFF = (1<<0),
	ERR_FLAG_MEAS_ADC_OVERFLOW = (1<<1),
	ERR_FLAG_MEAS_ADC_WATCHDOG = (1<<2),
	ERR_FLAG_MEAS_ADC_UNSTABLE = (1<<3),
	ERR_FLAG_TIMING_PID = (1<<4),
	ERR_FLAG_TIMING_MEAS_ADC = (1<<5),
	ERR_FLAG_AMON_VREF = (1<<6),
	ERR_FLAG_AMON_UC_TEMP = (1<<7),
	ERR_FLAG_STACK = (1<<8),
	ERR_FLAG_SAFETY_ADC = (1<<9),
	ERR_FLAG_SYSTICK = (1<<10),
	ERR_FLAG_WTCHDG_FIRED = (1<<11),
	ERR_FLAG_UNCAL = (1<<12),
	ERR_FLAG_DEBUG = (1<<13),
	ERR_FLAG_TIMING_MAIN_LOOP = (1<<14),
	ERR_FLAG_SAFETY_MEM_CORRUPT = (1<<15),
	ERR_FLAG_SAFETY_TAB_CORRUPT = (1<<16),
	ERR_FLAG_AMON_SUPPLY_VOLT = (1<<17),
	ERR_FLAG_OVERTEMP = (1<<18),
	ERR_FLAG_FLASH_CRC_CODE = (1<<19),
	ERR_FLAG_FLASH_CRC_DATA = (1<<20),
	ERR_FLAG_CFG_CRC_MEAS_ADC = (1<<21),
	ERR_FLAG_CFG_CRC_SAFETY_ADC = (1<<22),
};

/**
 * @brief Enum Type representing timing monitors.
 *
 * The enum type is binary or'able to allow combining
 * multiple safety flags.
 */
enum timing_monitor {
	ERR_TIMING_PID = (1<<0),
	ERR_TIMING_MEAS_ADC = (1<<1),
	ERR_TIMING_SAFETY_ADC = (1<<2),
	ERR_TIMING_MAIN_LOOP = (1<<3),
};

enum crc_monitor {
	ERR_CRC_MON_MEAS_ADC = 0,
	ERR_CRC_MON_SAFETY_ADC,
	N_ERR_CRC_MON
};

/**
 * @brief Enum Type representing analog value monitors.
 *
 * The enum type is binary or'able to allow combining
 * multiple safety flags.
 */
enum analog_value_monitor {
	ERR_AMON_VREF = (1<<0),
	ERR_AMON_UC_TEMP = (1<<1),
	ERR_AMON_SUPPLY_VOLT = (1<<2),
};

#define ERR_FLAG_ENTRY(errflag) {.name=#errflag, .flag = (errflag), .error_state = false, .error_state_inv = true, .key = 0UL, .weight = NULL, .persistence = NULL}
#define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false}
#define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false}
#define ERR_FLAG_WEIGHT_ENTRY(_flag, _weight) {.flag = (_flag), .flag_ptr = NULL, .weight = (_weight), .start_dummy = 0x11823344, .end_dummy = 0xAABBCCFD}
#define ERR_FLAG_PERSIST_ENTRY(_flag, _persist) {.flag = (_flag), .flag_ptr = NULL, .persistence = (_persist), .start_dummy = 0xFF1100BB, .end_dummy = 0xEBB439A2}

/**
 * @brief Magic key used to reset the watchdog using the @ref watchdog_ack function
 */
#define WATCHDOG_MAGIC_KEY 0x1a2c56F4

#ifdef DEBUGBUILD
/**
 * @brief If one, the watchdog is halted whenever the core is halted by the debugger.
 *
 * This is only applicable in a debug build. In release mode, the watchdog stays always enabled
 */
#define WATCHDOG_HALT_DEBUG (1)
#else
#define WATCHDOG_HALT_DEBUG (0)
#endif

#define WATCHDOG_PRESCALER 16

/**
 * @brief Minimum number of bytes that have to be free on the stack. If this is not the case, an error is detected
 */
#define SAFETY_MIN_STACK_FREE 0x100

#define PID_CONTROLLER_ERR_CAREMASK (ERR_FLAG_STACK | ERR_FLAG_AMON_UC_TEMP | ERR_FLAG_AMON_VREF | \
					ERR_FLAG_TIMING_PID | ERR_FLAG_TIMING_MEAS_ADC | ERR_FLAG_MEAS_ADC_OFF | \
					ERR_FLAG_MEAS_ADC_OVERFLOW)

#define HALTING_CAREMASK (ERR_FLAG_STACK | ERR_FLAG_AMON_UC_TEMP)

#define SAFETY_ADC_VREF_MVOLT (2500.0f)
#define SAFETY_ADC_VREF_TOL_MVOLT (100.0f)
#define SAFETY_ADC_TEMP_LOW_LIM (0.0f)
#define SAFETY_ADC_TEMP_HIGH_LIM (65.0f)
#define SAFETY_ADC_SUPPLY_MVOLT (3300.0f)
#define SAFETY_ADC_SUPPLY_TOL_MVOLT (150.0f)

#define SAFETY_EXT_WATCHDOG_PORT GPIOD
#define SAFETY_EXT_WATCHDOG_RCC_MASK RCC_AHB1ENR_GPIODEN
#define SAFETY_EXT_WATCHDOG_PIN (12)

/**
 * @brief Default Limit of the overtemperature detection in degrees celsius
 */
#define SAFETY_DEFAULT_OVERTEMP_LIMIT_DEGC (260.0f)

/**
 * @brief Key used to lock the safety flags coming from the measurment ADC from external ack'ing
 */
#define MEAS_ADC_SAFETY_FLAG_KEY 0xe554dac3UL

/**
 * @brief Safety ADC trigger interval
 */
#define SAFETY_CONTROLLER_ADC_DELAY_MS 250

/**
 * @brief Password for resetting ERR_CRC_MON_MEAS_ADC
 */
#define SAFETY_CRC_MON_MEAS_ADC_PW 0xD96254A2

/**
 * @brief Password for resetting ERR_CRC_MON_SAFETY_ADC
 */
#define SAFETY_CRC_MON_SAFETY_ADC_PW 0xA8DF2368

/**
 * @brief Default persistence of safety flags. These values are loaded into the safety tables on startup
 */
#define SAFETY_CONFIG_DEFAULT_PERSIST	ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_PID, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_UC_TEMP, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_VREF, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_STACK, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_ADC, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SYSTICK, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_WTCHDG_FIRED, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_UNCAL, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_DEBUG, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_SAFETY_TAB_CORRUPT, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_AMON_SUPPLY_VOLT, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_OVERTEMP, false), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_FLASH_CRC_CODE, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_FLASH_CRC_DATA, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_CFG_CRC_MEAS_ADC, true), \
					ERR_FLAG_PERSIST_ENTRY(ERR_FLAG_CFG_CRC_SAFETY_ADC, true), \
/**
 * @brief Default config weights of safety flags. These values are loaded into the safety tables on startup
 */
#define SAFETY_CONFIG_DEFAULT_WEIGHTS 	ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OFF, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_PID, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_UC_TEMP, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_VREF, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_STACK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_ADC, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SYSTICK, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_WTCHDG_FIRED, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_UNCAL, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_DEBUG, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_TAB_CORRUPT, SAFETY_FLAG_CONFIG_WEIGHT_PANIC), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_SUPPLY_VOLT, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_OVERTEMP, SAFETY_FLAG_CONFIG_WEIGHT_PID), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_FLASH_CRC_CODE, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_FLASH_CRC_DATA, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_CFG_CRC_MEAS_ADC, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \
			ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_CFG_CRC_SAFETY_ADC, SAFETY_FLAG_CONFIG_WEIGHT_NONE), \

#endif /* __SAFETY_CONFIG_H__ */