Index: WatchdogMgmt.c =================================================================== diff -u -r4997cacd5a1501b7da1c8a3ba71f9594ad23a603 -r4e16a1c22b73b14cfd62cce4f07a1b9086c55dd7 --- WatchdogMgmt.c (.../WatchdogMgmt.c) (revision 4997cacd5a1501b7da1c8a3ba71f9594ad23a603) +++ WatchdogMgmt.c (.../WatchdogMgmt.c) (revision 4e16a1c22b73b14cfd62cce4f07a1b9086c55dd7) @@ -15,7 +15,7 @@ * ***************************************************************************/ -#ifdef _TD_ +#ifdef _TD_ #include "CpldInterface.h" #include "FpgaTD.h" #endif @@ -29,94 +29,94 @@ #endif //#include "InternalADC.h" #include "Messaging.h" -#include "OperationModes.h" -#include "Timers.h" -#include "WatchdogMgmt.h" - +#include "OperationModes.h" +#include "Timers.h" +#include "WatchdogMgmt.h" + /** * @addtogroup WatchdogMgmt * @{ */ -// ********** private definitions ********** - -#define MIN_WATCHDOG_PET_INTERVAL_MS 45 ///< Minimum watchdog pet interval (in ms). -#define WATCHDOG_POST_TIMEOUT_MS 500 ///< Watchdog POST test timeout (in ms). +// ********** private definitions ********** + +#define MIN_WATCHDOG_PET_INTERVAL_MS 45 ///< Minimum watchdog pet interval (in ms). +#define WATCHDOG_POST_TIMEOUT_MS 500 ///< Watchdog POST test timeout (in ms). #define WATCHDOG_RECOVERY_TIME_MS 500 ///< After watchdog POST test, wait this long (in ms) before moving on. #define MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED 5.0F ///< Maximum voltage on 24V line when watchdog is expired. // TODO - check w/ Systems. Takes time for V to bleed off. Had to raise to 5V. #define MIN_24V_LEVEL_ON_WATCHDOG_RECOVER 22.6F ///< Minimum voltage on 24V line when watchdog is recovered. -#define MIN_BACKUP_ALARM_CURRENT_MA 200.0F ///< Minimum backup alarm audio current (in mA) detected when watchdog is expired. +#define MIN_BACKUP_ALARM_CURRENT_MA 200.0F ///< Minimum backup alarm audio current (in mA) detected when watchdog is expired. #define MAX_BACKUP_ALARM_CURRENT_MA 10.0F ///< Maximum backup alarm audio current (in mA) detected when watchdog is recovered. #define MAX_SAFETY_SHUTDOWN_MISMATCH_MS 100 ///< Maximum time (in ms) that safety shutdown cmd vs. feedback can be mismatched. -/// Enumeration of watchdog self-test states. -typedef enum Watchdog_Self_Test_States -{ - WATCHDOG_SELF_TEST_STATE_START = 0, ///< Watchdog self-test start state - WATCHDOG_SELF_TEST_STATE_IN_PROGRESS, ///< Watchdog self-test in progress state - WATCHDOG_SELF_TEST_STATE_RECOVER, ///< Watchdog self-test recovery state - WATCHDOG_SELF_TEST_STATE_COMPLETE, ///< Watchdog self-test completed state - NUM_OF_WATCHDOG_SELF_TEST_STATES ///< Number of watchdog self-test states -} WATCHDOG_SELF_TEST_STATE_T; - -// ********** private data ********** - -static U32 lastWatchdogPetTime; ///< Timestamp (ms counter) since last watchdog pet. -static OVERRIDE_U32_T watchdogTaskCheckedIn[ NUM_OF_TASKS ]; ///< Array of flags indicating whether individual tasks have checked in with watchdog manager. -static WATCHDOG_SELF_TEST_STATE_T watchdogSelfTestState; ///< Current watchdog self-test state. -static SELF_TEST_STATUS_T watchdogSelfTestStatus; ///< Watchdog self-test state status. +/// Enumeration of watchdog self-test states. +typedef enum Watchdog_Self_Test_States +{ + WATCHDOG_SELF_TEST_STATE_START = 0, ///< Watchdog self-test start state + WATCHDOG_SELF_TEST_STATE_IN_PROGRESS, ///< Watchdog self-test in progress state + WATCHDOG_SELF_TEST_STATE_RECOVER, ///< Watchdog self-test recovery state + WATCHDOG_SELF_TEST_STATE_COMPLETE, ///< Watchdog self-test completed state + NUM_OF_WATCHDOG_SELF_TEST_STATES ///< Number of watchdog self-test states +} WATCHDOG_SELF_TEST_STATE_T; + +// ********** private data ********** + +static U32 lastWatchdogPetTime; ///< Timestamp (ms counter) since last watchdog pet. +static OVERRIDE_U32_T watchdogTaskCheckedIn[ NUM_OF_TASKS ]; ///< Array of flags indicating whether individual tasks have checked in with watchdog manager. +static WATCHDOG_SELF_TEST_STATE_T watchdogSelfTestState; ///< Current watchdog self-test state. +static SELF_TEST_STATUS_T watchdogSelfTestStatus; ///< Watchdog self-test state status. static U32 watchdogSelfTestTimerCount; ///< Watchdog self-test state timer counter. -static U32 safetyShutdownFeedbackMismatchTS; ///< Persistence timestamp for safety shutdown cmd vs. feedback mismatch. - -// ********** private function prototypes ********** - -static void resetWDTaskCheckIns( void ); -static BOOL haveAllTasksCheckedIn( void ); -static void petWatchdog( void ); -static BOOL hasTaskGeneralCheckedIn( U32 task ); - -/*********************************************************************//** - * @brief - * The initWatchdogMgmt function initializes the watchdog management unit. - * @details \b Inputs: none - * @details \b Outputs: Watchdog management unit initialized. - * @return none - *************************************************************************/ -void initWatchdogMgmt( void ) -{ - U32 i; - - lastWatchdogPetTime = 0; - watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_START; - watchdogSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; +static U32 safetyShutdownFeedbackMismatchTS; ///< Persistence timestamp for safety shutdown cmd vs. feedback mismatch. + +// ********** private function prototypes ********** + +static void resetWDTaskCheckIns( void ); +static BOOL haveAllTasksCheckedIn( void ); +static void petWatchdog( void ); +static BOOL hasTaskGeneralCheckedIn( U32 task ); + +/*********************************************************************//** + * @brief + * The initWatchdogMgmt function initializes the watchdog management unit. + * @details \b Inputs: none + * @details \b Outputs: Watchdog management unit initialized. + * @return none + *************************************************************************/ +void initWatchdogMgmt( void ) +{ + U32 i; + + lastWatchdogPetTime = 0; + watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_START; + watchdogSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; watchdogSelfTestTimerCount = 0; safetyShutdownFeedbackMismatchTS = getMSTimerCount(); - - // Initialize task check-ins to false - for ( i = 0; i < NUM_OF_TASKS; i++ ) - { - watchdogTaskCheckedIn[ i ].data = FALSE; - watchdogTaskCheckedIn[ i ].ovData = FALSE; - watchdogTaskCheckedIn[ i ].ovInitData = FALSE; - watchdogTaskCheckedIn[ i ].override = OVERRIDE_RESET; - } -} - -/*********************************************************************//** - * @brief + + // Initialize task check-ins to false + for ( i = 0; i < NUM_OF_TASKS; i++ ) + { + watchdogTaskCheckedIn[ i ].data = FALSE; + watchdogTaskCheckedIn[ i ].ovData = FALSE; + watchdogTaskCheckedIn[ i ].ovInitData = FALSE; + watchdogTaskCheckedIn[ i ].override = OVERRIDE_RESET; + } +} + +/*********************************************************************//** + * @brief * The execWatchdogMgmt function executes the watchdog management service. * If all tasks have checked in, the watchdog is pet. - * @details \b Inputs: watchdogTaskCheckedIn[] - * @details \b Outputs: watchdogTaskCheckedIn[] + * @details \b Inputs: watchdogTaskCheckedIn[] + * @details \b Outputs: watchdogTaskCheckedIn[] * @details \b Alarm: ALARM_ID_XX_WATCHDOG_EXPIRED if safety activated * @warning: It may be necessary to comment out the alarm activation lines to * prevent the alarm occurring while debugging. - * @return none - *************************************************************************/ -void execWatchdogMgmt( void ) -{ + * @return none + *************************************************************************/ +void execWatchdogMgmt( void ) +{ BOOL allTasksCheckedIn; #ifdef _TD_ PIN_SIGNAL_STATE_T safetyShutdownFeedbackSignal = getCPLDSafety(); @@ -141,9 +141,9 @@ if ( ( TRUE == allTasksCheckedIn ) && ( TRUE == didTimeout( lastWatchdogPetTime, MIN_WATCHDOG_PET_INTERVAL_MS ) ) ) { petWatchdog(); - resetWDTaskCheckIns(); + resetWDTaskCheckIns(); } -#ifdef _TD_ +#ifdef _TD_ // Check to see if watchdog has expired or safety shutdown feedback does not match s/w command (only after POST completed) if ( ( safetyShutdownSoftwareCmd != safetyShutdownFeedbackSignal ) && ( getCurrentOperationMode() != MODE_INIT ) ) #endif @@ -154,86 +154,86 @@ #ifdef _RO_ // Check to see if watchdog has expired or safety shutdown feedback does not match s/w command (only after POST completed) if ( ( safetyShutdownSoftwareCmd != safetyShutdownFeedbackSignal ) && ( getCurrentOperationMode() != RO_MODE_INIT ) ) -#endif - { +#endif + { if ( ( PIN_SIGNAL_LOW == safetyShutdownFeedbackSignal ) || ( TRUE == didTimeout( safetyShutdownFeedbackMismatchTS, MAX_SAFETY_SHUTDOWN_MISMATCH_MS ) ) ) { #ifdef _TD_ activateAlarmNoData( ALARM_ID_TD_WATCHDOG_EXPIRED ); -#endif +#endif #ifdef _DD_ activateAlarmNoData( ALARM_ID_DD_WATCHDOG_EXPIRED ); #endif #ifdef _RO_ //activateAlarmNoData( ALARM_ID_RO_WATCHDOG_EXPIRED ); #endif } - } + } else { safetyShutdownFeedbackMismatchTS = getMSTimerCount(); } -} - -/*********************************************************************//** - * @brief - * The checkInWithWatchdogMgmt function checks a given task in with the - * watchdog management service. - * @details \b Inputs: none - * @details \b Outputs: task is checked in +} + +/*********************************************************************//** + * @brief + * The checkInWithWatchdogMgmt function checks a given task in with the + * watchdog management service. + * @details \b Inputs: none + * @details \b Outputs: task is checked in * @details \b Alarms: ALARM_ID_TD_SOFTWARE_FAULT if invalid task given - * @param task the task that is checking in - * @return none - *************************************************************************/ -void checkInWithWatchdogMgmt( TASK_T task ) -{ - if ( task < NUM_OF_TASKS ) - { - watchdogTaskCheckedIn[ task ].data = TRUE; + * @param task the task that is checking in + * @return none + *************************************************************************/ +void checkInWithWatchdogMgmt( TASK_T task ) +{ + if ( task < NUM_OF_TASKS ) + { + watchdogTaskCheckedIn[ task ].data = TRUE; } else { SET_ALARM_WITH_2_U32_DATA( ALARM_ID_TD_SOFTWARE_FAULT, SW_FAULT_ID_WATCHDOG_INVALID_TASK, task ) - } -} - -/*********************************************************************//** - * @brief - * The execWatchdogTest function executes the watchdog self-test. + } +} + +/*********************************************************************//** + * @brief + * The execWatchdogTest function executes the watchdog self-test. * @warning This function should be called periodically until a pass or fail * result is returned. - * @details \b Inputs: watchdogSelfTestState, watchdogSelfTestTimerCount + * @details \b Inputs: watchdogSelfTestState, watchdogSelfTestTimerCount * @details \b Outputs: watchdogSelfTestState, watchdogSelfTestTimerCount, * watchdogSelfTestStatus * @details \b Alarm: ALARM_ID_XX_WATCHDOG_POST_TEST_FAILED if self-test fails. * @details \b Alarm: ALARM_ID_XX_SOFTWARE_FAULT if self-test state is invalid. - * @return in progress, passed, or failed - *************************************************************************/ -SELF_TEST_STATUS_T execWatchdogTest( void ) -{ - SELF_TEST_STATUS_T result = SELF_TEST_STATUS_IN_PROGRESS; - - switch ( watchdogSelfTestState ) - { - case WATCHDOG_SELF_TEST_STATE_START: - watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_IN_PROGRESS; - watchdogSelfTestTimerCount = getMSTimerCount(); - // No break here so we pass through directly to in progress processing - - case WATCHDOG_SELF_TEST_STATE_IN_PROGRESS: - while ( FALSE == didTimeout( watchdogSelfTestTimerCount, WATCHDOG_POST_TIMEOUT_MS ) ) - { - // Waiting here for w.d. test period to prevent this task from checking in - watchdog should expire + * @return in progress, passed, or failed + *************************************************************************/ +SELF_TEST_STATUS_T execWatchdogTest( void ) +{ + SELF_TEST_STATUS_T result = SELF_TEST_STATUS_IN_PROGRESS; + + switch ( watchdogSelfTestState ) + { + case WATCHDOG_SELF_TEST_STATE_START: + watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_IN_PROGRESS; + watchdogSelfTestTimerCount = getMSTimerCount(); + // No break here so we pass through directly to in progress processing + + case WATCHDOG_SELF_TEST_STATE_IN_PROGRESS: + while ( FALSE == didTimeout( watchdogSelfTestTimerCount, WATCHDOG_POST_TIMEOUT_MS ) ) + { + // Waiting here for w.d. test period to prevent this task from checking in - watchdog should expire } -#ifdef _TD_ +#ifdef _TD_ // if ( PIN_SIGNAL_LOW == getCPLDSafety() ) #else // if ( TBD ) -#endif +#endif // { // F32 v24 = getIntADCVoltageConverted( INT_ADC_24V_ACTUATORS ); // F32 audioCurrent = getFPGABackupAlarmAudioCurrent(); -// +// // // Verify 24V is down when w.d. expired // if ( v24 > MAX_24V_LEVEL_ON_WATCHDOG_EXPIRED ) // { @@ -251,19 +251,19 @@ // watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; // } // } -// } -// else -// { +// } +// else +// { // SET_ALARM_WITH_1_U32_DATA( ALARM_ID_HD_WATCHDOG_POST_TEST_FAILED, 1 ); -// watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; -// } +// watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; +// } // watchdogSelfTestTimerCount = getMSTimerCount(); // watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_RECOVER; - break; - - case WATCHDOG_SELF_TEST_STATE_RECOVER: - if ( TRUE == didTimeout( watchdogSelfTestTimerCount, WATCHDOG_RECOVERY_TIME_MS ) ) - { // Verify watchdog expired signal no longer active + break; + + case WATCHDOG_SELF_TEST_STATE_RECOVER: + if ( TRUE == didTimeout( watchdogSelfTestTimerCount, WATCHDOG_RECOVERY_TIME_MS ) ) + { // Verify watchdog expired signal no longer active #ifdef _TD_ // if ( PIN_SIGNAL_HIGH == getCPLDSafety() ) #else @@ -300,24 +300,24 @@ // SET_ALARM_WITH_1_U32_DATA( ALARM_ID_HD_WATCHDOG_POST_TEST_FAILED, 6 ); // watchdogSelfTestStatus = SELF_TEST_STATUS_FAILED; // } -// result = watchdogSelfTestStatus; -// watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_COMPLETE; - } - break; - - case WATCHDOG_SELF_TEST_STATE_COMPLETE: - // If we get called in this state, assume we are doing self-test again - watchdogSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; - watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_START; - break; - - default: - result = SELF_TEST_STATUS_FAILED; - SET_ALARM_WITH_2_U32_DATA( ALARM_ID_TD_SOFTWARE_FAULT, SW_FAULT_ID_WATCHDOG_INVALID_SELF_TEST_STATE, watchdogSelfTestState ) - break; +// result = watchdogSelfTestStatus; +// watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_COMPLETE; + } + break; + + case WATCHDOG_SELF_TEST_STATE_COMPLETE: + // If we get called in this state, assume we are doing self-test again + watchdogSelfTestStatus = SELF_TEST_STATUS_IN_PROGRESS; + watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_START; + break; + + default: + result = SELF_TEST_STATUS_FAILED; + SET_ALARM_WITH_2_U32_DATA( ALARM_ID_TD_SOFTWARE_FAULT, SW_FAULT_ID_WATCHDOG_INVALID_SELF_TEST_STATE, watchdogSelfTestState ) + break; } - - return result; + + return result; } /*********************************************************************//** @@ -331,62 +331,62 @@ void resetWatchdogPOSTState( void ) { watchdogSelfTestState = WATCHDOG_SELF_TEST_STATE_START; -} - -/*********************************************************************//** - * @brief - * The resetWDTaskCheckIns function resets the task check-ins with the watchdog. - * @details \b Inputs: none - * @details \b Outputs: watchdogTaskCheckedIn[] array reset to all false. - * @return none - *************************************************************************/ -static void resetWDTaskCheckIns( void ) -{ - U32 i; - - // Initialize task check-ins to false - for ( i = 0; i < NUM_OF_TASKS; i++ ) - { - watchdogTaskCheckedIn[ i ].data = FALSE; - } -} - -/*********************************************************************//** - * @brief - * The haveAllTasksCheckedIn function determines whether all tasks have - * checked in. - * @details \b Inputs: watchdogTaskCheckedIn[] - * @details \b Outputs: none - * @return TRUE if all tasks have checked in since last watchdog pet, FALSE if not. - *************************************************************************/ -static BOOL haveAllTasksCheckedIn( void ) -{ - BOOL result = TRUE; - U32 i; - - // Check that each task has checked in - for ( i = 0; i < NUM_OF_TASKS; i++ ) - { - if ( FALSE == hasTaskGeneralCheckedIn( i ) ) - { - result = FALSE; - break; - } - } - - return result; -} - -/*********************************************************************//** - * @brief - * The hasTaskGeneralCheckedIn function gets the checked in status of a given - * task. - * @details \b Inputs: watchdogTaskCheckedIn[] +} + +/*********************************************************************//** + * @brief + * The resetWDTaskCheckIns function resets the task check-ins with the watchdog. + * @details \b Inputs: none + * @details \b Outputs: watchdogTaskCheckedIn[] array reset to all false. + * @return none + *************************************************************************/ +static void resetWDTaskCheckIns( void ) +{ + U32 i; + + // Initialize task check-ins to false + for ( i = 0; i < NUM_OF_TASKS; i++ ) + { + watchdogTaskCheckedIn[ i ].data = FALSE; + } +} + +/*********************************************************************//** + * @brief + * The haveAllTasksCheckedIn function determines whether all tasks have + * checked in. + * @details \b Inputs: watchdogTaskCheckedIn[] * @details \b Outputs: none - * @details \b Alarm: ALARM_ID_XX_SOFTWARE_FAULT if given task is invalid. - * @param task ID of task to determine checked in status of - * @return TRUE if given task has checked in, FALSE if not - *************************************************************************/ + * @return TRUE if all tasks have checked in since last watchdog pet, FALSE if not. + *************************************************************************/ +static BOOL haveAllTasksCheckedIn( void ) +{ + BOOL result = TRUE; + U32 i; + + // Check that each task has checked in + for ( i = 0; i < NUM_OF_TASKS; i++ ) + { + if ( FALSE == hasTaskGeneralCheckedIn( i ) ) + { + result = FALSE; + break; + } + } + + return result; +} + +/*********************************************************************//** + * @brief + * The hasTaskGeneralCheckedIn function gets the checked in status of a given + * task. + * @details \b Inputs: watchdogTaskCheckedIn[] + * @details \b Outputs: none + * @details \b Alarm: ALARM_ID_XX_SOFTWARE_FAULT if given task is invalid. + * @param task ID of task to determine checked in status of + * @return TRUE if given task has checked in, FALSE if not + *************************************************************************/ BOOL hasTaskGeneralCheckedIn( U32 task ) { BOOL result = FALSE; @@ -417,46 +417,46 @@ return result; } - -/*********************************************************************//** - * @brief - * The petWatchdog function pets the watchdog by pulsing the watchdog pet - * signal. - * @details \b Inputs: none - * @details \b Outputs: Watchdog pet signal is pulsed - * @return none - *************************************************************************/ -static void petWatchdog( void ) -{ + +/*********************************************************************//** + * @brief + * The petWatchdog function pets the watchdog by pulsing the watchdog pet + * signal. + * @details \b Inputs: none + * @details \b Outputs: Watchdog pet signal is pulsed + * @return none + *************************************************************************/ +static void petWatchdog( void ) +{ // Pulse the watchdog signal -#ifdef _TD_ +#ifdef _TD_ toggleCPLDWatchdog(); #else // TBD -#endif - - // Remember when we last pet the watchdog - lastWatchdogPetTime = getMSTimerCount(); -} - - -/************************************************************************* - * TEST SUPPORT FUNCTIONS - *************************************************************************/ - - -/*********************************************************************//** - * @brief - * The testWatchdogTaskCheckInOverride function overrides the state of the - * check-in for a given task with a given check-in state. +#endif + + // Remember when we last pet the watchdog + lastWatchdogPetTime = getMSTimerCount(); +} + + +/************************************************************************* + * TEST SUPPORT FUNCTIONS + *************************************************************************/ + + +/*********************************************************************//** + * @brief + * The testWatchdogTaskCheckInOverride function overrides the state of the + * check-in for a given task with a given check-in state. * @warning Dialin must be logged into related firmware stack to perform * an override successfully. - * @details \b Inputs: none - * @details \b Outputs: watchdogTaskCheckedIn[] + * @details \b Inputs: none + * @details \b Outputs: watchdogTaskCheckedIn[] * @param message Override message from Dialin which includes an ID of * the task to override and the check-in status to override the task to. * @return TRUE if override successful, FALSE if not - *************************************************************************/ + *************************************************************************/ BOOL testWatchdogTaskCheckInOverride( MESSAGE_T *message ) { BOOL result = u32ArrayOverride( message, &watchdogTaskCheckedIn[0], NUM_OF_TASKS - 1, FALSE, TRUE );