Index: firmware/App/Drivers/SafetyShutdown.c =================================================================== diff -u -r256d5cb05f1ef09e19e2f2733a111f600c73a7ee -r7d4711edd7b40cd3e29f43e766f79a8a09586fe9 --- firmware/App/Drivers/SafetyShutdown.c (.../SafetyShutdown.c) (revision 256d5cb05f1ef09e19e2f2733a111f600c73a7ee) +++ firmware/App/Drivers/SafetyShutdown.c (.../SafetyShutdown.c) (revision 7d4711edd7b40cd3e29f43e766f79a8a09586fe9) @@ -1,14 +1,14 @@ /************************************************************************** * -* Copyright (c) 2019-2022 Diality Inc. - All Rights Reserved. +* Copyright (c) 2019-2024 Diality Inc. - All Rights Reserved. * * THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN * WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. * * @file SafetyShutdown.c * -* @author (last) Darren Cox -* @date (last) 11-Aug-2022 +* @author (last) Vinayakam Mani +* @date (last) 03-Oct-2023 * * @author (original) Dara Navaei * @date (original) 05-Nov-2019 @@ -33,30 +33,30 @@ #define SET_SAFETY_SHUTDOWN() {mibspiREG1->PC3 |= SAFETY_SPI1_PORT_MASK;} ///< Set safety shutdown GPIO macro. #define CLR_SAFETY_SHUTDOWN() {mibspiREG1->PC3 &= ~SAFETY_SPI1_PORT_MASK;} ///< Clear safety shutdown GPIO macro. -#define SAFETY_SHUTDOWN_POST_TIMEOUT_MS 500 ///< Safety shutdown POST test timeout (in ms). -#define SAFETY_SHUTDOWN_RECOVERY_TIME_MS 500 ///< After safety shutdown POST test, wait this long (in ms) to recover before moving on. +#define SAFETY_SHUTDOWN_POST_TIMEOUT_MS 500 ///< Safety shutdown POST test timeout (in ms). +#define SAFETY_SHUTDOWN_RECOVERY_TIME_MS 500 ///< After safety shutdown POST test, wait this long (in ms) to recover before moving on. -#define MAX_24V_LEVEL_ON_SAFETY_SHUTDOWN 5.0F ///< Maximum voltage on 24V line when safety shutdown asserted. -#define MIN_24V_LEVEL_ON_SAFETY_RECOVER 22.6F ///< Minimum voltage on 24V line when safety shutdown is recovered. +#define MAX_24V_LEVEL_ON_SAFETY_SHUTDOWN 5.0F ///< Maximum voltage on 24V line when safety shutdown asserted. +#define MAX_ISOLATED_24V_LEVEL_ON_SS_EXPIRED 22.6F ///< Maximum voltage on isolated 24V line when watchdog is expired. 10% of 24V. +#define MIN_24V_LEVEL_ON_SAFETY_RECOVER 22.6F ///< Minimum voltage on 24V line when safety shutdown is recovered. /// Enumeration of safety shutdown self-test states. typedef enum Safety_Shutdown_Self_Test_States { - SAFETY_SHUTDOWN_SELF_TEST_STATE_START = 0, ///< Safety shutdown self-test start state - SAFETY_SHUTDOWN_SELF_TEST_STATE_IN_PROGRESS, ///< Safety shutdown self-test in progress state - SAFETY_SHUTDOWN_SELF_TEST_STATE_RECOVER, ///< Safety shutdown self-test recovery state - SAFETY_SHUTDOWN_SELF_TEST_STATE_COMPLETE, ///< Safety shutdown self-test completed state - NUM_OF_SAFETY_SHUTDOWN_SELF_TEST_STATES ///< Number of safety shutdown self-test states + SAFETY_SHUTDOWN_SELF_TEST_STATE_START = 0, ///< Safety shutdown self-test start state + SAFETY_SHUTDOWN_SELF_TEST_STATE_IN_PROGRESS, ///< Safety shutdown self-test in progress state + SAFETY_SHUTDOWN_SELF_TEST_STATE_RECOVER, ///< Safety shutdown self-test recovery state + SAFETY_SHUTDOWN_SELF_TEST_STATE_COMPLETE, ///< Safety shutdown self-test completed state + NUM_OF_SAFETY_SHUTDOWN_SELF_TEST_STATES ///< Number of safety shutdown self-test states } SAFETY_SHUTDOWN_SELF_TEST_STATE_T; // ********** private data ********** -static BOOL safetyShutdownActivated; ///< Status of safety shutdown signal. -static BOOL safetyShutdownOverrideResetState; ///< Natural status of safety shutdown signal. Used to restore state on override reset. -/// Current safety shutdown self-test state. -static SAFETY_SHUTDOWN_SELF_TEST_STATE_T safetyShutdownSelfTestState; -static SELF_TEST_STATUS_T safetyShutdownSelfTestStatus; ///< Safety shutdown self-test preliminary status. -static U32 safetyShutdownSelfTestTimerCount; ///< Safety shutdown self-test state timer counter. +static BOOL safetyShutdownActivated; ///< Status of safety shutdown signal. +static BOOL safetyShutdownOverrideResetState; ///< Natural status of safety shutdown signal. Used to restore state on override reset. +static SAFETY_SHUTDOWN_SELF_TEST_STATE_T safetyShutdownSelfTestState; ///< Current safety shutdown self-test state. +static SELF_TEST_STATUS_T safetyShutdownSelfTestStatus; ///< Safety shutdown self-test preliminary status. +static U32 safetyShutdownSelfTestTimerCount; ///< Safety shutdown self-test state timer counter. /*********************************************************************//** * @brief @@ -74,7 +74,7 @@ safetyShutdownSelfTestState = SAFETY_SHUTDOWN_SELF_TEST_STATE_START; safetyShutdownSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; safetyShutdownSelfTestTimerCount = 0; - CLR_SAFETY_SHUTDOWN(); + CLR_SAFETY_SHUTDOWN(); } /*********************************************************************//** @@ -127,10 +127,11 @@ case SAFETY_SHUTDOWN_SELF_TEST_STATE_IN_PROGRESS: if ( TRUE == didTimeout( safetyShutdownSelfTestTimerCount, SAFETY_SHUTDOWN_POST_TIMEOUT_MS ) ) { - F32 v24 = getIntADCVoltageConverted( INT_ADC_SECONDARY_HEATER_24_VOLTS ); + F32 v24 = getIntADCVoltageConverted( INT_ADC_SECONDARY_HEATER_24_VOLTS ); + F32 isolatedV24 = getRawIsolatedPowerSupplyVoltage(); // Verify 24V is down when w.d. expired - if ( v24 > MAX_24V_LEVEL_ON_SAFETY_SHUTDOWN ) + if ( ( v24 > MAX_24V_LEVEL_ON_SAFETY_SHUTDOWN ) || ( isolatedV24 > MAX_ISOLATED_24V_LEVEL_ON_SS_EXPIRED ) ) { SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_SAFETY_SHUTDOWN_POST_TEST_FAILED, 1.0, v24 ); safetyShutdownSelfTestStatus = SELF_TEST_STATUS_FAILED; @@ -145,16 +146,18 @@ case SAFETY_SHUTDOWN_SELF_TEST_STATE_RECOVER: if ( TRUE == didTimeout( safetyShutdownSelfTestTimerCount, SAFETY_SHUTDOWN_RECOVERY_TIME_MS ) ) { - F32 v24 = getIntADCVoltageConverted( INT_ADC_SECONDARY_HEATER_24_VOLTS ); + F32 v24 = getIntADCVoltageConverted( INT_ADC_SECONDARY_HEATER_24_VOLTS ); + F32 isolatedV24 = getRawIsolatedPowerSupplyVoltage(); // Verify 24V is down when w.d. recovered -// if ( v24 < MIN_24V_LEVEL_ON_SAFETY_RECOVER ) // TODO - talk with systems why 24V does not recover fully. -// { -// SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_SAFETY_SHUTDOWN_POST_TEST_FAILED, 2.0, v24 ); -// safetyShutdownSelfTestStatus = SELF_TEST_STATUS_FAILED; -// } -// else + if ( ( v24 < MIN_24V_LEVEL_ON_SAFETY_RECOVER ) || ( isolatedV24 < MAX_ISOLATED_24V_LEVEL_ON_SS_EXPIRED ) ) { + // TODO - If issue persisted talk with systems why 24V does not recover fully. + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_SAFETY_SHUTDOWN_POST_TEST_FAILED, 2.0, v24 ); + safetyShutdownSelfTestStatus = SELF_TEST_STATUS_FAILED; + } + else + { safetyShutdownSelfTestStatus = SELF_TEST_STATUS_PASSED; } safetyShutdownSelfTestState = SAFETY_SHUTDOWN_SELF_TEST_STATE_COMPLETE; @@ -177,6 +180,18 @@ return result; } +/*********************************************************************//** + * @brief + * The resetSafetyShutdownPOSTState function resets the safety shutdown POST state. + * @details Inputs: none + * @details Outputs: safetyShutdownSelfTestState + * @return none + *************************************************************************/ +void resetSafetyShutdownPOSTState( void ) +{ + safetyShutdownSelfTestState = SAFETY_SHUTDOWN_SELF_TEST_STATE_START; +} + /*********************************************************************//** * @brief * The testSetSafetyShutdownOverride function overrides the HD safety shutdown.