Index: firmware/App/Services/WatchdogMgmt.c =================================================================== diff -u -rf3326a3d0fd2a465a518e31ee578e335db301c27 -rd27dcf1fbbc9651636f211028917a1c0702bb56a --- firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision f3326a3d0fd2a465a518e31ee578e335db301c27) +++ firmware/App/Services/WatchdogMgmt.c (.../WatchdogMgmt.c) (revision d27dcf1fbbc9651636f211028917a1c0702bb56a) @@ -16,7 +16,9 @@ ***************************************************************************/ #include "CPLD.h" -#include "InternalADC.h" +#include "FPGA.h" +#include "InternalADC.h" +#include "OperationModes.h" #include "SafetyShutdown.h" #include "SystemCommMessages.h" #include "Timers.h" @@ -30,11 +32,13 @@ // ********** private definitions ********** #define MIN_WATCHDOG_PET_INTERVAL_MS 45 ///< Minimum watchdog pet interval (in ms). -#define WATCHDOG_POST_TIMEOUT_MS 100 ///< Watchdog POST test timeout (in ms). -#define WATCHDOG_RECOVERY_TIME_MS 250 ///< After watchdog POST test, wait this long (in ms) before moving on. +#define WATCHDOG_POST_TIMEOUT_MS 500 ///< Watchdog POST test timeout (in ms). +#define WATCHDOG_RECOVERY_TIME_MS 500 ///< After watchdog POST test, wait this long (in ms) before moving on. -#define MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED 1.0 ///< Maximum voltage on 24V line when watchdog is expired. -#define MIN_BACKUP_ALARM_CURRENT 10.0 ///< Minimum backup alarm audio current (in mA) detected when watchdog is expired. +#define MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED 5.0 ///< Maximum voltage on 24V line when watchdog is expired. // TODO - check w/ Systems. Takes time for V to bleed off. Had to raise to 5V. +#define MIN_24V_LEVEL_ON_WATCHDOG_RECOVER 22.6 ///< Minimum voltage on 24V line when watchdog is recovered. +#define MIN_BACKUP_ALARM_CURRENT_MA 200.0 ///< Minimum backup alarm audio current (in mA) detected when watchdog is expired. +#define MAX_BACKUP_ALARM_CURRENT_MA 10.0 ///< Maximum backup alarm audio current (in mA) detected when watchdog is recovered. /// Enumeration of watchdog self-test states. typedef enum Watchdog_Self_Test_States @@ -115,7 +119,8 @@ if ( getCPLDWatchdogExpired() == PIN_SIGNAL_LOW ) { // Ignore expired watchdog until after watchdog POST - if ( WATCHDOG_SELF_TEST_STATE_COMPLETE == watchdogSelfTestState ) + if ( ( WATCHDOG_SELF_TEST_STATE_COMPLETE == watchdogSelfTestState ) || + ( getCurrentOperationMode() != MODE_INIT ) ) { #ifndef DEBUG_ENABLED activateAlarmNoData( ALARM_ID_WATCHDOG_EXPIRED ); @@ -124,7 +129,6 @@ } } - /*********************************************************************//** * @brief * The checkInWithWatchdogMgmt function checks a given task in with the @@ -167,33 +171,58 @@ { // Waiting here for w.d. test period to prevent this task from checking in - watchdog should expire } - if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) - { + if ( getCPLDWatchdogExpired() == PIN_SIGNAL_LOW ) + { + F32 v24 = getIntADCVoltageConverted( INT_ADC_24V_ACTUATORS ); + F32 audioCurrent = getFPGABackupAlarmAudioCurrent(); + // Verify 24V is down when w.d. expired - if ( getIntADCVoltageConverted( INT_ADC_24V_ACTUATORS ) > MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED ) + if ( v24 > MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED ) { - // TODO - alarm + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_HD_WATCHDOG_POST_TEST_FAILED, 2.0, v24 ); + watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; } // Verify backup alarm audio is on when w.d. expired - if ( getIntADCVoltageConverted( INT_ADC_BACKUP_ALARM_CURRENT ) < MIN_BACKUP_ALARM_CURRENT ) + else if ( audioCurrent < MIN_BACKUP_ALARM_CURRENT_MA ) { - // TODO - alarm + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_HD_WATCHDOG_POST_TEST_FAILED, 3.0, audioCurrent ); + watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; } - // TODO - user needs to verify backup alarm audio and LED? - watchdogSelfTestStatus = SELF_TEST_STATUS_PASSED; } else { - activateAlarmNoData( ALARM_ID_WATCHDOG_POST_TEST_FAILED ); + SET_ALARM_WITH_1_U32_DATA( ALARM_ID_HD_WATCHDOG_POST_TEST_FAILED, 1 ); watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; } - watchdogSelfTestTimerCount = getMSTimerCount(); - watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_RECOVER; + watchdogSelfTestTimerCount = getMSTimerCount(); + watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_RECOVER; break; case WATCHDOG_SELF_TEST_STATE_RECOVER: if ( TRUE == didTimeout( watchdogSelfTestTimerCount, WATCHDOG_RECOVERY_TIME_MS ) ) - { + { // Verify watchdog expired signal no longer active + if ( getCPLDWatchdogExpired() == PIN_SIGNAL_HIGH ) + { + F32 v24 = getIntADCVoltageConverted( INT_ADC_24V_ACTUATORS ); + F32 audioCurrent = getFPGABackupAlarmAudioCurrent(); + + // Verify 24V is down when w.d. recovered + if ( v24 < MIN_24V_LEVEL_ON_WATCHDOG_RECOVER ) + { + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_HD_WATCHDOG_POST_TEST_FAILED, 4.0, v24 ); + watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; + } + // Verify backup alarm audio is on when w.d. recovered + else if ( audioCurrent > MAX_BACKUP_ALARM_CURRENT_MA ) + { + SET_ALARM_WITH_2_F32_DATA( ALARM_ID_HD_WATCHDOG_POST_TEST_FAILED, 5.0, audioCurrent ); + watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; + } + else + { + watchdogSelfTestStatus = SELF_TEST_STATUS_PASSED; + } + } result = watchdogSelfTestStatus; watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_COMPLETE; }