Index: firmware/App/Services/WatchdogMgmt.c =================================================================== diff -u -r5adaa0ae1236d34fca1fc8def7fa107ec470115e -r195f895cd5f580b448db5a251ab7a7f40ba0f40f --- firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision 5adaa0ae1236d34fca1fc8def7fa107ec470115e) +++ firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision 195f895cd5f580b448db5a251ab7a7f40ba0f40f) @@ -15,7 +15,9 @@ * ***************************************************************************/ -#include "CPLD.h" +#include "CPLD.h" +#include "InternalADC.h" +#include "OperationModes.h" #include "SystemCommMessages.h" #include "Timers.h" #include "WatchdogMgmt.h" @@ -28,9 +30,13 @@ // ********** private definitions ********** #define MIN_WATCHDOG_PET_INTERVAL_MS 45 ///< Minimum watchdog pet interval. -#define WATCHDOG_POST_TIMEOUT_MS 100 ///< Watchdog POST timeout in ms. -#define WATCHDOG_RECOVERY_TIME_MS 250 ///< Watchdog recovery time in ms. +#define WATCHDOG_POST_TIMEOUT_MS 500 ///< Watchdog POST timeout in ms. +#define WATCHDOG_RECOVERY_TIME_MS 500 ///< Watchdog recovery time in ms. + +#define MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED 5.0 ///< Maximum voltage on 24V line when watchdog is expired. // TODO - check w/ Systems. Takes time for V to bleed off. Had to raise to 5V. +#define MIN_24V_LEVEL_ON_WATCHDOG_RECOVER 22.6 ///< Minimum voltage on 24V line when watchdog is recovered. + /// List of watchdog states. typedef enum Button_Self_Test_States { @@ -108,10 +114,11 @@ } // check to see if watchdog has expired - if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) + if ( getCPLDWatchdogExpired() == PIN_SIGNAL_LOW ) { // ignore expired watchdog until after watchdog POST - if ( WATCHDOG_SELF_TEST_STATE_COMPLETE == watchdogSelfTestState ) + if ( ( WATCHDOG_SELF_TEST_STATE_COMPLETE == watchdogSelfTestState ) || + ( getCurrentOperationMode() != DG_MODE_INIT ) ) { #ifndef DEBUG_ENABLED activateAlarmNoData( ALARM_ID_WATCHDOG_EXPIRED ); @@ -161,22 +168,44 @@ { // waiting here for w.d. test period to prevent this task from checking in - watchdog should expire } - if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) + if ( getCPLDWatchdogExpired() == PIN_SIGNAL_LOW ) { - watchdogSelfTestStatus = SELF_TEST_STATUS_PASSED; + F32 v24 = getIntADCVoltageConverted( INT_ADC_MAIN_24_VOLTS ); + + // Verify 24V is down when w.d. expired + if ( v24 > MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED ) + { + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_WATCHDOG_POST_TEST_FAILED, 2.0, v24 ); + watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; + } } else { - activateAlarmNoData( ALARM_ID_WATCHDOG_POST_TEST_FAILED ); + SET_ALARM_WITH_1_U32_DATA( ALARM_ID_DG_WATCHDOG_POST_TEST_FAILED, 1 ); watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; } - watchdogSelfTestTimerCount = getMSTimerCount(); - watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_RECOVER; + watchdogSelfTestTimerCount = getMSTimerCount(); + watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_RECOVER; break; case WATCHDOG_SELF_TEST_STATE_RECOVER: if ( TRUE == didTimeout( watchdogSelfTestTimerCount, WATCHDOG_RECOVERY_TIME_MS ) ) { + if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) + { + F32 v24 = getIntADCVoltageConverted( INT_ADC_MAIN_24_VOLTS ); + + // Verify 24V is down when w.d. recovered + if ( v24 < MIN_24V_LEVEL_ON_WATCHDOG_RECOVER ) + { + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_WATCHDOG_POST_TEST_FAILED, 3.0, v24 ); + watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; + } + else + { + watchdogSelfTestStatus = SELF_TEST_STATUS_PASSED; + } + } result = watchdogSelfTestStatus; watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_COMPLETE; }