Index: firmware/App/Controllers/ROPump.c =================================================================== diff -u -r48e0b1cb6c93d25dbef53a413bf809dfb1e7cdf7 -r3090e6aa356758a9ff72913ae6496db6478a493b --- firmware/App/Controllers/ROPump.c (.../ROPump.c) (revision 48e0b1cb6c93d25dbef53a413bf809dfb1e7cdf7) +++ firmware/App/Controllers/ROPump.c (.../ROPump.c) (revision 3090e6aa356758a9ff72913ae6496db6478a493b) @@ -80,7 +80,7 @@ #define MAX_PRESSURE_OUT_OF_RANGE_PERSISTENT_INTERVAL MS_PER_SECOND ///< Maximum allowed time that the pressure can be very high. #define MAX_ALLOWED_RAMP_UP_TIME ( 5 * MS_PER_SECOND ) ///< Maximum allowed ramp up time to a flow rate in ms. #define ROP_PSI_TO_PWM_DC(p) ( 0.2 + ( (F32)((p) - 100) * 0.01 ) ) ///< conversion factor from target PSI to PWM duty cycle estimate. -#define SAFETY_SHUTDOWN_TIMEOUT_COUNT ( MS_PER_SECOND / TASK_PRIORITY_INTERVAL ) ///< RO pump safety shutdown activation timeout in counts. +#define SAFETY_SHUTDOWN_TIMEOUT ( 2 * MS_PER_SECOND ) ///< RO pump safety shutdown activation timeout in ms. /// Enumeration of RO pump states. typedef enum ROPump_States @@ -133,7 +133,6 @@ static S32 measuredFlowReadingsSum = 0; ///< Raw flow reading sums for averaging. static U32 flowFilterCounter = 0; ///< Flow filtering counter. -static U32 safetyShutdownTimeoutCounter = 0; ///< Timeout counter to activate safety shutdown. // ********** private function prototypes ********** @@ -186,6 +185,9 @@ initPersistentAlarm( PERSISTENT_ALARM_RO_PUMP_RAMP_UP_TO_TARGET_FLOW_TIMEOUT, ALARM_ID_RO_PUMP_RAMP_UP_TO_FLOW_TIMEOUT, TRUE, MAX_ALLOWED_RAMP_UP_TIME, MAX_ALLOWED_RAMP_UP_TIME ); + // Initialize the persistent alarm for not turning off the pump + initPersistentAlarm( PERSISTEMT_ALARM_RO_PUMP_OFF_ERROR, ALARM_ID_RO_PUMP_OFF_FAULT, TRUE, SAFETY_SHUTDOWN_TIMEOUT, SAFETY_SHUTDOWN_TIMEOUT ); + // Initialize the variables roControlTimerCounter = 0; roPumpOpenLoopTargetDutyCycle = 0; @@ -198,7 +200,6 @@ roPumpState = RO_PUMP_OFF_STATE; roPumpControlMode = NUM_OF_PUMP_CONTROL_MODES; roPumpControlModeSet = roPumpControlMode; - safetyShutdownTimeoutCounter = 0; } /*********************************************************************//** @@ -336,13 +337,17 @@ } // If the pump is off and PPi + 5psi < PPo for a certain period of time, activate safety shutdown - if ( FALSE == isROPumpOn && ( getMeasuredDGPressure( PRESSURE_SENSOR_RO_PUMP_INLET ) + MAX_PRESSURE_TARGET_TOLERANCE < actualPressure ) ) + if ( FALSE == isROPumpOn ) { + F32 pressureInlet = getMeasuredDGPressure( PRESSURE_SENSOR_RO_PUMP_INLET ); + BOOL isPumpRunning = pressureInlet + MAX_PRESSURE_TARGET_TOLERANCE < actualPressure; + + checkPersistentAlarm( PERSISTEMT_ALARM_RO_PUMP_OFF_ERROR, isPumpRunning, pressureInlet, pressureInlet + MAX_PRESSURE_TARGET_TOLERANCE ); + // Check if it has timed out - if ( ++safetyShutdownTimeoutCounter > SAFETY_SHUTDOWN_TIMEOUT_COUNT ) + if ( isAlarmActive( ALARM_ID_RO_PUMP_OFF_FAULT ) ) { activateSafetyShutdown(); - safetyShutdownTimeoutCounter = 0; } } @@ -491,11 +496,13 @@ // Control at set interval else if ( ++roControlTimerCounter >= ROP_CONTROL_INTERVAL ) { + F32 targetPressure = getTargetROPumpPressure(); + // If the actual pressure is greater than the target pressure or it is within the tolerance of the maximum pressure, move to set // to target pressure straight. At the beginning the maximum pressure is set in the targetROPumpPressure override variable. // If the flow rate was reached without reaching to maximum pressure, the pressure that was set to targetROPumpPressure override will // be reset to the corresponding pressure of the target flow rate. - if ( actualPressure > getTargetROPumpPressure() || ( getTargetROPumpPressure() - actualPressure ) < MAX_PRESSURE_TARGET_TOLERANCE ) + if ( actualPressure > targetPressure || ( targetPressure - actualPressure ) < MAX_PRESSURE_TARGET_TOLERANCE ) { result = RO_PUMP_CONTROL_TO_TARGET_STATE; }