Index: firmware/App/Services/WatchdogMgmt.c =================================================================== diff -u -r82bd1d24c050e79690a7f5b236e49dd7db7e2a91 -r61d4eec686348a36e2fdabb47b3eaa9810b94eb4 --- firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision 82bd1d24c050e79690a7f5b236e49dd7db7e2a91) +++ firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision 61d4eec686348a36e2fdabb47b3eaa9810b94eb4) @@ -40,6 +40,8 @@ #define MIN_BACKUP_ALARM_CURRENT_MA 200.0F ///< Minimum backup alarm audio current (in mA) detected when watchdog is expired. #define MAX_BACKUP_ALARM_CURRENT_MA 10.0F ///< Maximum backup alarm audio current (in mA) detected when watchdog is recovered. +#define MAX_SAFETY_SHUTDOWN_MISMATCH_MS 100 ///< Maximum time (in ms) that safety shutdown cmd vs. feedback can be mismatched. + /// Enumeration of watchdog self-test states. typedef enum Watchdog_Self_Test_States { @@ -55,8 +57,9 @@ static U32 lastWatchdogPetTime; ///< Timestamp (ms counter) since last watchdog pet. static OVERRIDE_U32_T watchdogTaskCheckedIn[ NUM_OF_TASKS ]; ///< Array of flags indicating whether individual tasks have checked in with watchdog manager. static WATCHDOG_SELF_TEST_STATE_T watchdogSelfTestState; ///< Current watchdog self-test state. -static SELF_TEST_STATUS_T watchdogSelfTestStatus; ///< Watchdog self-test state timer counter. -static U32 watchdogSelfTestTimerCount; +static SELF_TEST_STATUS_T watchdogSelfTestStatus; ///< Watchdog self-test state status. +static U32 watchdogSelfTestTimerCount; ///< Watchdog self-test state timer counter. +static U32 safetyShutdownFeedbackMismatchTS; ///< Persistence timestamp for safety shutdown cmd vs. feedback mismatch. // ********** private function prototypes ********** @@ -76,10 +79,11 @@ { U32 i; - lastWatchdogPetTime = 0; - watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_START; - watchdogSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; - watchdogSelfTestTimerCount = 0; + lastWatchdogPetTime = 0; + watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_START; + watchdogSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; + watchdogSelfTestTimerCount = 0; + safetyShutdownFeedbackMismatchTS = getMSTimerCount(); // Initialize task check-ins to false for ( i = 0; i < NUM_OF_TASKS; i++ ) @@ -100,7 +104,9 @@ *************************************************************************/ void execWatchdogMgmt( void ) { - BOOL allTasksCheckedIn; + BOOL allTasksCheckedIn; + PIN_SIGNAL_STATE_T safetyShutdownFeedbackSignal = getCPLDWatchdogExpired(); + PIN_SIGNAL_STATE_T safetyShutdownSoftwareCmd = ( TRUE == isSafetyShutdownActivated() ? PIN_SIGNAL_LOW : PIN_SIGNAL_HIGH ); // Called by background task, so give bg task credit for checking in checkInWithWatchdogMgmt( TASK_BG ); @@ -114,17 +120,23 @@ petWatchdog(); resetWDTaskCheckIns(); } - // Check to see if watchdog has expired - if ( PIN_SIGNAL_LOW == getCPLDWatchdogExpired() ) + // Check to see if watchdog has expired or safety shutdown feedback does not match s/w command (only after POST completed) + if ( ( safetyShutdownSoftwareCmd != safetyShutdownFeedbackSignal ) && ( getCurrentOperationMode() != MODE_INIT ) ) { - // Ignore expired watchdog until after POST - if ( getCurrentOperationMode() != MODE_INIT ) - { -#ifndef DEBUG_ENABLED + if ( ( PIN_SIGNAL_LOW == safetyShutdownFeedbackSignal ) || ( TRUE == didTimeout( safetyShutdownFeedbackMismatchTS, MAX_SAFETY_SHUTDOWN_MISMATCH_MS ) ) ) + { + /* DEBUG WARNING + * It may be necessary to comment out the following + * line to prevent the alarm from occurring while + * debugging. + */ activateAlarmNoData( ALARM_ID_HD_WATCHDOG_EXPIRED ); -#endif - } + } } + else + { + safetyShutdownFeedbackMismatchTS = getMSTimerCount(); + } } /*********************************************************************//**