Index: firmware/App/Services/WatchdogMgmt.c =================================================================== diff -u -ra8d919375cdb830f52e82e2d1c72c8153f5f58ca -r47c41046beba8affaaaa13a4f222a7b99bd193f1 --- firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision a8d919375cdb830f52e82e2d1c72c8153f5f58ca) +++ firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision 47c41046beba8affaaaa13a4f222a7b99bd193f1) @@ -15,7 +15,9 @@ * ***************************************************************************/ -#include "CPLD.h" +#include "CPLD.h" +#include "InternalADC.h" +#include "OperationModes.h" #include "SystemCommMessages.h" #include "Timers.h" #include "WatchdogMgmt.h" @@ -28,9 +30,13 @@ // ********** private definitions ********** #define MIN_WATCHDOG_PET_INTERVAL_MS 45 ///< Minimum watchdog pet interval. -#define WATCHDOG_POST_TIMEOUT_MS 100 ///< Watchdog POST timeout in ms. -#define WATCHDOG_RECOVERY_TIME_MS 250 ///< Watchdog recovery time in ms. +#define WATCHDOG_POST_TIMEOUT_MS 500 ///< Watchdog POST timeout in ms. +#define WATCHDOG_RECOVERY_TIME_MS 750 ///< Watchdog recovery time in ms. + +#define MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED 5.0 ///< Maximum voltage on 24V line when watchdog is expired. // TODO - check w/ Systems. Takes time for V to bleed off. Had to raise to 5V. +#define MIN_24V_LEVEL_ON_WATCHDOG_RECOVER 22.6 ///< Minimum voltage on 24V line when watchdog is recovered. + /// List of watchdog states. typedef enum Button_Self_Test_States { @@ -108,10 +114,11 @@ } // check to see if watchdog has expired - if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) + if ( PIN_SIGNAL_LOW == getCPLDWatchdogExpired() ) { // ignore expired watchdog until after watchdog POST - if ( WATCHDOG_SELF_TEST_STATE_COMPLETE == watchdogSelfTestState ) + if ( ( WATCHDOG_SELF_TEST_STATE_COMPLETE == watchdogSelfTestState ) || + ( getCurrentOperationMode() != DG_MODE_INIT ) ) { #ifndef DEBUG_ENABLED activateAlarmNoData( ALARM_ID_WATCHDOG_EXPIRED ); @@ -161,22 +168,44 @@ { // waiting here for w.d. test period to prevent this task from checking in - watchdog should expire } - if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) + if ( PIN_SIGNAL_LOW == getCPLDWatchdogExpired() ) { - watchdogSelfTestStatus = SELF_TEST_STATUS_PASSED; + F32 v24 = getIntADCVoltageConverted( INT_ADC_PRIMARY_HEATER_24_VOLTS ); + + // Verify 24V is down when w.d. expired + if ( v24 > MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED ) + { + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_WATCHDOG_POST_TEST_FAILED, 2.0, v24 ); + watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; + } } else { - activateAlarmNoData( ALARM_ID_WATCHDOG_POST_TEST_FAILED ); + SET_ALARM_WITH_1_U32_DATA( ALARM_ID_DG_WATCHDOG_POST_TEST_FAILED, 1 ); watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; } - watchdogSelfTestTimerCount = getMSTimerCount(); - watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_RECOVER; + watchdogSelfTestTimerCount = getMSTimerCount(); + watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_RECOVER; break; case WATCHDOG_SELF_TEST_STATE_RECOVER: if ( TRUE == didTimeout( watchdogSelfTestTimerCount, WATCHDOG_RECOVERY_TIME_MS ) ) { + if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) + { + F32 v24 = getIntADCVoltageConverted( INT_ADC_PRIMARY_HEATER_24_VOLTS ); + + // Verify 24V is down when w.d. recovered TODO - ask EE team why 24V does not quite recover all the way to 22.6V even after 750 ms. How long should it take? +// if ( v24 < MIN_24V_LEVEL_ON_WATCHDOG_RECOVER ) +// { +// SET_ALARM_WITH_2_F32_DATA( ALARM_ID_DG_WATCHDOG_POST_TEST_FAILED, 3.0, v24 ); +// watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; +// } +// else + { + watchdogSelfTestStatus = SELF_TEST_STATUS_PASSED; + } + } result = watchdogSelfTestStatus; watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_COMPLETE; } @@ -266,7 +295,7 @@ } else { - activateAlarmNoData( ALARM_ID_DG_SOFTWARE_FAULT ); + SET_ALARM_WITH_2_U32_DATA( ALARM_ID_DG_SOFTWARE_FAULT, SW_FAULT_ID_INVALID_TASK, task ); } return result;