Index: firmware/App/Drivers/SafetyShutdown.c =================================================================== diff -u -r6ce9326aeabf018e9c531163359f7283f9d60ae9 -r090cfb22a7c0b4738299c3fb411ca77aaba8d968 --- firmware/App/Drivers/SafetyShutdown.c (.../SafetyShutdown.c) (revision 6ce9326aeabf018e9c531163359f7283f9d60ae9) +++ firmware/App/Drivers/SafetyShutdown.c (.../SafetyShutdown.c) (revision 090cfb22a7c0b4738299c3fb411ca77aaba8d968) @@ -21,6 +21,7 @@ #include "Messaging.h" #include "SafetyShutdown.h" #include "Timers.h" +#include "PAL.h" /** * @addtogroup SafetyShutdown @@ -29,10 +30,6 @@ // ********** private definitions ********** -#define SAFETY_SPI1_PORT_MASK 0x00000010 ///< Safety shutdown GPIO port mask (CS[4] - re-purposed as output GPIO). -#define SET_SAFETY_SHUTDOWN() {mibspiREG1->PC3 |= SAFETY_SPI1_PORT_MASK;} ///< Set safety shutdown GPIO macro. -#define CLR_SAFETY_SHUTDOWN() {mibspiREG1->PC3 &= ~SAFETY_SPI1_PORT_MASK;} ///< Clear safety shutdown GPIO macro. - #define SAFETY_SHUTDOWN_POST_TIMEOUT_MS 500 ///< Safety shutdown POST test timeout (in ms). #define SAFETY_SHUTDOWN_RECOVERY_TIME_MS 500 ///< After safety shutdown POST test, wait this long (in ms) to recover before moving on. @@ -60,9 +57,11 @@ /*********************************************************************//** * @brief - * The initSafetyShutdown function initializes the safety shutdown module. - * @details Inputs: none - * @details Outputs: safetyShutdownActivated, safetyShutdownOverrideResetState, + * The initSafetyShutdown function initializes the safety shutdown module. + * The safety shutdown module is to cut down the 24v DC supply to majority of actuators + * when system detects critical faulty conditions. + * @details \b Inputs: none + * @details \b Outputs: safetyShutdownActivated, safetyShutdownOverrideResetState, * safetyShutdownSelfTestState, safetyShutdownSelfTestStatus, * safetyShutdownSelfTestTimerCount * @return none @@ -74,28 +73,28 @@ safetyShutdownSelfTestState = SAFETY_SHUTDOWN_SELF_TEST_STATE_START; safetyShutdownSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; safetyShutdownSelfTestTimerCount = 0; - CLR_SAFETY_SHUTDOWN(); + clear_saftety_shutdown(); } /*********************************************************************//** * @brief * The activateSafetyShutdown function activates the safety shutdown signal. - * @details Inputs: none - * @details Outputs: Safety shutdown signal output set to active state. + * @details \b Inputs: none + * @details \b Outputs: Safety shutdown signal output set to active state. * @return none *************************************************************************/ void activateSafetyShutdown( void ) { - SET_SAFETY_SHUTDOWN(); + set_safety_shutdown(); safetyShutdownActivated = TRUE; } /*********************************************************************//** * @brief * The isSafetyShutdownActivated function returns whether the safety shutdown * signal has been activated. - * @details Inputs: none - * @details Outputs: none + * @details \b Inputs: none + * @details \b Outputs: none * @return safetyShutdownActivated *************************************************************************/ BOOL isSafetyShutdownActivated( void ) @@ -107,9 +106,12 @@ * @brief * The execSafetyShutdownTest function executes the safety shutdown test. * This function should be called periodically until a pass or fail - * result is returned. - * @details Inputs: safetyShutdownSelfTestState - * @details Outputs: safetyShutdownSelfTestState + * result is returned. This function primarily checks when safety shutdown + * activated/ deactivated, the corresponding voltage is seen or not. + * @details \b Inputs: safetyShutdownSelfTestState + * @details \b Outputs: safetyShutdownSelfTestState + * @details \b Alarms: ALARM_ID_DD_SAFETY_SHUTDOWN_POST_TEST_FAILED, + * SW_FAULT_ID_SAFETY_SHUTDOWN_INVALID_SELF_TEST_STATE * @return in progress, passed, or failed *************************************************************************/ SELF_TEST_STATUS_T execSafetyShutdownTest( void ) @@ -133,11 +135,11 @@ // // Verify 24V is down when w.d. expired // if ( ( v24 > MAX_24V_LEVEL_ON_SAFETY_SHUTDOWN ) || ( isolatedV24 > MAX_ISOLATED_24V_LEVEL_ON_SS_EXPIRED ) ) // { -// SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_SAFETY_SHUTDOWN_POST_TEST_FAILED, 1.0, v24 ); +// SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DD_SAFETY_SHUTDOWN_POST_TEST_FAILED, 1.0, v24 ); // safetyShutdownSelfTestStatus = SELF_TEST_STATUS_FAILED; // } safetyShutdownSelfTestTimerCount = getMSTimerCount(); - CLR_SAFETY_SHUTDOWN(); + clear_saftety_shutdown(); safetyShutdownActivated = FALSE; safetyShutdownSelfTestState = SAFETY_SHUTDOWN_SELF_TEST_STATE_RECOVER; } @@ -153,7 +155,7 @@ // if ( ( v24 < MIN_24V_LEVEL_ON_SAFETY_RECOVER ) || ( isolatedV24 < MAX_ISOLATED_24V_LEVEL_ON_SS_EXPIRED ) ) // { // // TODO - If issue persisted talk with systems why 24V does not recover fully. -// SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_SAFETY_SHUTDOWN_POST_TEST_FAILED, 2.0, v24 ); +// SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DD_SAFETY_SHUTDOWN_POST_TEST_FAILED, 2.0, v24 ); // safetyShutdownSelfTestStatus = SELF_TEST_STATUS_FAILED; // } // else @@ -173,7 +175,7 @@ default: result = SELF_TEST_STATUS_FAILED; - //SET_ALARM_WITH_2_U32_DATA( ALARM_ID_DG_SOFTWARE_FAULT, SW_FAULT_ID_SAFETY_SHUTDOWN_INVALID_SELF_TEST_STATE, safetyShutdownSelfTestState ) + SET_ALARM_WITH_2_U32_DATA( ALARM_ID_DD_SOFTWARE_FAULT, SW_FAULT_ID_SAFETY_SHUTDOWN_INVALID_SELF_TEST_STATE, safetyShutdownSelfTestState ) break; } @@ -183,8 +185,8 @@ /*********************************************************************//** * @brief * The resetSafetyShutdownPOSTState function resets the safety shutdown POST state. - * @details Inputs: none - * @details Outputs: safetyShutdownSelfTestState + * @details \b Inputs: none + * @details \b Outputs: safetyShutdownSelfTestState * @return none *************************************************************************/ void resetSafetyShutdownPOSTState( void ) @@ -195,8 +197,8 @@ /*********************************************************************//** * @brief * The testSetSafetyShutdownOverride function overrides the HD safety shutdown. - * @details Inputs: none - * @details Outputs: HD safety shutdown overridden + * @details \b Inputs: none + * @details \b Outputs: HD safety shutdown overridden * @param value TRUE to activate safety shutdown, FALSE to de-activate it * @return TRUE if override successful, FALSE if not *************************************************************************/ @@ -216,7 +218,7 @@ else { safetyShutdownActivated = FALSE; - CLR_SAFETY_SHUTDOWN(); + clear_saftety_shutdown(); } result = TRUE; } @@ -228,8 +230,8 @@ * @brief * The testResetSafetyShutdownOverride function resets the override of the * HD safety shutdown. - * @details Inputs: none - * @details Outputs: shutdown override reset + * @details \b Inputs: none + * @details \b Outputs: shutdown override reset * @return TRUE if override reset successful, FALSE if not *************************************************************************/ BOOL testResetSafetyShutdownOverride( void ) @@ -245,7 +247,7 @@ else { safetyShutdownActivated = FALSE; - CLR_SAFETY_SHUTDOWN(); + clear_saftety_shutdown(); } result = TRUE; }