Index: firmware/App/Modes/ModeFault.c
===================================================================
diff -u -r51f42cd88bd9c50ed9096a2d1d8ff859a95aff95 -rfe9b77e60850fe37da225d4348f0a6a8defc28db
--- firmware/App/Modes/ModeFault.c	(.../ModeFault.c)	(revision 51f42cd88bd9c50ed9096a2d1d8ff859a95aff95)
+++ firmware/App/Modes/ModeFault.c	(.../ModeFault.c)	(revision fe9b77e60850fe37da225d4348f0a6a8defc28db)
@@ -15,12 +15,21 @@
 *
 ***************************************************************************/
 
+#include "AirPump.h"
+#include "BloodFlow.h"
 #include "Bubbles.h"
+#include "BubbleDetector.h"
+#include "Buttons.h"
+#include "CpldInterface.h"
+#include "Ejector.h"
 #include "Messaging.h"
 #include "ModeFault.h"
 #include "OperationModes.h"
+#include "RotaryValve.h"
 #include "Switches.h"
 #include "Utilities.h"
+#include "Valve3Way.h"
+#include "Valves.h"
 
 /**
  *  @addtogroup TDFaultMode
@@ -33,10 +42,13 @@
 static SELF_TEST_STATUS_T faultPOSTSelfTestResult;      ///< Fault POST self test result.
 
 // ********** private function prototypes **********
+static void transitionToModeFaultState( TD_FAULT_STATE_T newState );
 
-static TD_FAULT_STATE_T handleFaultStartState( void );
-static TD_FAULT_STATE_T handleFaultRunNVPOSTsState( void );
+static TD_FAULT_STATE_T handleFaultEnergizedActuatorsState( void );
+static TD_FAULT_STATE_T handleFaultDeenergizedActuatorsState( void );
 
+// TODO keep reading the NV data if came here from POST
+
 /*********************************************************************//**
  * @brief
  * The initFaultMode function initializes the Fault Mode unit.
@@ -46,8 +58,13 @@
  *************************************************************************/
 void initFaultMode( void )
 {
-    faultState              = TD_FAULT_STATE_START;
+    faultState              = TD_FAULT_ENERGIZED_STATE;
     faultPOSTSelfTestResult = SELF_TEST_STATUS_IN_PROGRESS;
+
+    if ( TRUE == isSafetyShutdownActivated() )
+    {
+        faultState = TD_FAULT_DEENERGIZED_STATE;
+    }
 }
 
 /*********************************************************************//**
@@ -59,10 +76,11 @@
  *************************************************************************/
 U32 transitionToFaultMode( void )
 {
-    TD_OP_MODE_T previousOpMode  = getPreviousOperationMode();
-//    DD_OP_MODE_T dgOperationMode = getDGOpMode();
+    TD_OP_MODE_T previousOpMode = getPreviousOperationMode();
 
     initFaultMode();
+    transitionToModeFaultState( faultState );
+
 //    requestAlarmLampPattern( LAMP_PATTERN_FAULT );  // in case we get here before LED POST can take alarm lamp out of manual control.
     doorClosedRequired( FALSE );
 //    syringeDetectionRequired( FALSE );
@@ -73,10 +91,6 @@
     setAlarmUserActionEnabled( ALARM_USER_ACTION_RESUME, FALSE );
     setAlarmUserActionEnabled( ALARM_USER_ACTION_RINSEBACK, FALSE );
     setAlarmUserActionEnabled( ALARM_USER_ACTION_END_TREATMENT, FALSE );
-//    // Stop trimmer heater
-//    cmdStopDGTrimmerHeater();
-//    // Stop syringe pump
-//    stopSyringePump();
 
     // Publish POST failure status to UI if fault triggered in Init/POST mode
     if ( MODE_INIT == previousOpMode )
@@ -102,46 +116,23 @@
  *************************************************************************/
 U32 execFaultMode( void )
 {
-//    BOOL stop                    = isStopButtonPressed();
-//    DG_OP_MODE_T dgOperationMode = getDGOpMode();
+    // The stop button press events are consumed here upon requesting to stop.
+    isStopButtonPressed();
 
-    // Ensure all pumps are stopped
-//    signalBloodPumpHardStop();
-//    setAirPumpState( AIR_PUMP_STATE_OFF );
-
-    // Ensure all valves are in safe position
-//    setValveAirTrap( VALVE_3WAY_COMMON_TO_CLOSED_STATE );
-//    setValvePosition( H1_VALV, VALVE_POSITION_C_CLOSE );
-//    setValvePosition( H19, VALVE_POSITION_C_CLOSE );
-
-    // If DG not stopped, stop it
-//    if ( DG_MODE_GENE == dgOperationMode )
-//    {
-//        cmdStopDG();
-//    }
-
     switch( faultState )
     {
-        case TD_FAULT_STATE_START:
-            faultState = handleFaultStartState();
+        case TD_FAULT_ENERGIZED_STATE:
+            faultState = handleFaultEnergizedActuatorsState();
             break;
 
-        case TD_FAULT_STATE_RUN_NV_POSTS:
-            faultState = handleFaultRunNVPOSTsState();
+        case TD_FAULT_DEENERGIZED_STATE:
+            faultState = handleFaultDeenergizedActuatorsState();
             break;
 
-        case TD_FAULT_STATE_COMPLETE:
-            // Do nothing unless the test configuration to recover treatment is enabled
-//            if ( ( TRUE == getTestConfigStatus( TEST_CONFIG_RECOVER_TREATMENT ) ) && ( TRUE == hasRecoverFromFaultModeBeenSet() ) )
-//            {
-//                TD_OP_MODE_T prevMode = getPreviousOperationMode();
-//
-//                requestNewOperationMode( prevMode );
-//            }
-            break;
-
         default:
-            faultState = TD_FAULT_STATE_COMPLETE;
+            // Fault in fault mode is needed?
+            SET_ALARM_WITH_2_U32_DATA( ALARM_ID_TD_SOFTWARE_FAULT, SW_FAULT_ID_MODE_FAULT_INVALID_STATE, (U32)faultState )
+            faultState = TD_FAULT_ENERGIZED_STATE;
             break;
     }
 
@@ -164,52 +155,76 @@
 
 /*********************************************************************//**
  * @brief
- * The handleFaultStartState function handles the start state of the fault mode.
+ * The transition to mode fault state function.
  * @details \b Inputs: none
  * @details \b Outputs: none
+ * @return none
+ *************************************************************************/
+static void transitionToModeFaultState( TD_FAULT_STATE_T newState )
+{
+    switch ( newState )
+    {
+        case TD_FAULT_ENERGIZED_STATE:
+            signalBloodPumpHardStop();
+            setAirPumpState( AIR_PUMP_STATE_OFF, AIR_PUMP_MOTOR_OFF );
+            setValvePosition( H1_VALV, VALVE_POSITION_C_CLOSE );
+            setValvePosition( H19_VALV, VALVE_POSITION_C_CLOSE );
+            set3WayValveState( H13_VALV, VALVE_3WAY_COMMON_TO_CLOSED_STATE );
+            set3WayValveState( H20_VALV, VALVE_3WAY_COMMON_TO_CLOSED_STATE );
+            abortEjectorOperation();
+            //    stopSyringePump();
+            break;
+
+        case TD_FAULT_DEENERGIZED_STATE:
+            signalBloodPumpHardStop();
+            setAirPumpState( AIR_PUMP_STATE_OFF, AIR_PUMP_MOTOR_OFF );
+            setValvePosition( H1_VALV, VALVE_POSITION_C_CLOSE );
+            setValvePosition( H19_VALV, VALVE_POSITION_C_CLOSE );
+            set3WayValveState( H13_VALV, VALVE_3WAY_COMMON_TO_CLOSED_STATE );
+            set3WayValveState( H20_VALV, VALVE_3WAY_COMMON_TO_CLOSED_STATE );
+            abortEjectorOperation();
+            //    stopSyringePump();
+            break;
+
+        default:
+            SET_ALARM_WITH_2_U32_DATA( ALARM_ID_TD_SOFTWARE_FAULT, SW_FAULT_ID_MODE_FAULT_INVALID_STATE, (U32)newState )
+            break;
+    }
+}
+
+/*********************************************************************//**
+ * @brief
+ * The handleFaultEnergizedActuatorsState function handles the energized state
+ * of the fault mode.
+ * @details \b Inputs: none
+ * @details \b Outputs: none
  * @return next state
  *************************************************************************/
-static TD_FAULT_STATE_T handleFaultStartState( void )
+static TD_FAULT_STATE_T handleFaultEnergizedActuatorsState( void )
 {
-    TD_FAULT_STATE_T state                  = TD_FAULT_STATE_COMPLETE;
-//    NVDATAMGMT_RECORDS_READ_STATUS_T status = getNVRecordsReadStatus();
-//
-//    switch ( status )
-//    {
-//        // If the records are queued or already read, go directly to NV POST to process
-//        // their CRCs.
-//        case NVDATAMGMT_RECORDS_QUEUED:
-//        case NVDATAMGMT_RECORDS_READ:
-//            state = HD_FAULT_STATE_RUN_NV_POSTS;
-//            break;
-//
-//        // If the NV post was completed prior to transitioning to fault mode, do nothing
-//        case NVDATAMGMT_RECORDS_CRC_CHECKED:
-//            state = HD_FAULT_STATE_COMPLETE;
-//            break;
-//    }
+    TD_FAULT_STATE_T state = TD_FAULT_ENERGIZED_STATE;
 
+    if ( TRUE == isSafetyShutdownActivated() )
+    {
+        state = TD_FAULT_DEENERGIZED_STATE;
+        transitionToModeFaultState( state );
+    }
+
     return state;
 }
 
 /*********************************************************************//**
  * @brief
- * The handleFaultRunNVPOSTsState function handles running non-volatile POSTs.
- * @details \b Inputs: faultPOSTSelfTestResult
- * @details \b Outputs: faultPOSTSelfTestResult
+ * The handleFaultDeenergizedActuatorsState function handles the deenergized state
+ * of the fault mode.
+ * @details \b Inputs: none
+ * @details \b Outputs: none
  * @return next state
  *************************************************************************/
-static TD_FAULT_STATE_T handleFaultRunNVPOSTsState( void )
+static TD_FAULT_STATE_T handleFaultDeenergizedActuatorsState( void )
 {
-    TD_FAULT_STATE_T state  = TD_FAULT_STATE_RUN_NV_POSTS;
-//    faultPOSTSelfTestResult = execNVDataMgmtSelfTest();
-//
-//    // Regardless of the status of the NV POST transition to the complete state.
-//    if ( ( SELF_TEST_STATUS_PASSED == faultPOSTSelfTestResult ) || ( SELF_TEST_STATUS_FAILED == faultPOSTSelfTestResult ) )
-//    {
-//        state = HD_FAULT_STATE_COMPLETE;
-//    }
-
+    TD_FAULT_STATE_T state = TD_FAULT_DEENERGIZED_STATE;
+    // terminal state
     return state;
 }