eive/eive-obsw
eive/eive-obsw
13
4
Fork 0
Code Issues 4 Pull Requests 1 Releases 120 Wiki Activity

Merge remote-tracking branch 'origin/main' into swap-rtd-9-and-11
All checks were successful
EIVE/eive-obsw/pipeline/pr-main This commit looks good
Details

Browse Source
This commit is contained in:
Robin Müller 2023-10-26 13:45:10 +02:00
commit c06cd710cf
Signed by: muellerr
GPG Key ID: FCE0B2BD2195142F
3 changed files with 53 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -22,6 +22,8 @@ will consitute of a breaking change warranting a new major release:
CFDP interface.
- Proper back pressure handling for the CFDP handler, where the `LiveTmTask` is able to throttle
the CFDP handler.
- The EIVE system will command the payload OFF explicitely again when receiving the
`power::POWER_LEVEL_CRITICAL` event.
## Fixed
@ -42,6 +44,8 @@ will consitute of a breaking change warranting a new major release:
strongly suspected the cables for those devices were swapped during integration. This is probably
the easiest way to fix the issue without the need to tweak ground or other OBSW or controller
code.
- Added a 3 second delay in the EIVE system between commanding all PL components except the SUPV,
and the SUPV itself OFF when the power level becomes low or critical.
# [v7.1.0] 2023-10-11

68
mission/system/EiveSystem.cpp
View File

@ -70,6 +70,9 @@ void EiveSystem::performChildOperation() {
}
pdecRecoveryLogic();
i2cRecoveryLogic();
if (forcePlOffState != ForcePlOffState::NONE) {
forceOffPayload();
}
}
ReturnValue_t EiveSystem::initialize() {
@ -203,10 +206,14 @@ void EiveSystem::handleEventMessages() {
break;
}
case power::POWER_LEVEL_LOW: {
forceOffPayload();
forcePlOffState = ForcePlOffState::FORCE_ALL_EXCEPT_SUPV_OFF;
break;
}
case power::POWER_LEVEL_CRITICAL:
case power::POWER_LEVEL_CRITICAL: {
// Force payload off in any case. It really should not be on when the power level
// becomes critical, but better be safe than sorry..
forcePlOffState = ForcePlOffState::FORCE_ALL_EXCEPT_SUPV_OFF;
// Also set the STR assembly to faulty, which should cause a fallback to SAFE mode.
CommandMessage msg;
HealthMessage::setHealthMessage(&msg, HealthMessage::HEALTH_SET, HasHealthIF::FAULTY);
ReturnValue_t result = MessageQueueSenderIF::sendMessage(
@ -216,6 +223,7 @@ void EiveSystem::handleEventMessages() {
<< std::endl;
}
break;
}
}
break;
default:
@ -403,37 +411,45 @@ void EiveSystem::pdecRecoveryLogic() {
void EiveSystem::forceOffPayload() {
CommandMessage msg;
ReturnValue_t result;
// set PL to faulty
HealthMessage::setHealthMessage(&msg, HealthMessage::HEALTH_SET, HasHealthIF::FAULTY);
ReturnValue_t result = commandQueue->sendMessage(plPcduQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PL PCDU failed" << std::endl;
if (forcePlOffState == ForcePlOffState::FORCE_ALL_EXCEPT_SUPV_OFF) {
result = commandQueue->sendMessage(plocMpsocQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PLOC MPSOC failed" << std::endl;
}
result = commandQueue->sendMessage(cameraQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PL CAM failed" << std::endl;
}
result = commandQueue->sendMessage(scexQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to SCEX failed" << std::endl;
}
result = commandQueue->sendMessage(radSensorQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to RAD SENSOR failed" << std::endl;
}
result = commandQueue->sendMessage(plPcduQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PL PCDU failed" << std::endl;
}
forcePlOffState = ForcePlOffState::WAITING;
supvOffDelay.resetTimer();
}
result = commandQueue->sendMessage(plocMpsocQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PLOC MPSOC failed" << std::endl;
if (forcePlOffState == ForcePlOffState::WAITING and supvOffDelay.hasTimedOut()) {
forcePlOffState = ForcePlOffState::FORCE_SUPV_OFF;
}
result = commandQueue->sendMessage(plocSupervisorQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PLOC SUPERVISOR failed" << std::endl;
}
result = commandQueue->sendMessage(cameraQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PL CAM failed" << std::endl;
}
result = commandQueue->sendMessage(scexQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to SCEX failed" << std::endl;
}
result = commandQueue->sendMessage(radSensorQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to RAD SENSOR failed" << std::endl;
if (forcePlOffState == ForcePlOffState::FORCE_SUPV_OFF) {
result = commandQueue->sendMessage(plocSupervisorQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PLOC SUPERVISOR failed" << std::endl;
}
forcePlOffState = ForcePlOffState::NONE;
}
}

7
mission/system/EiveSystem.h
View File

@ -22,6 +22,12 @@ class EiveSystem : public Subsystem, public HasActionsIF {
[[nodiscard]] MessageQueueId_t getCommandQueue() const override;
private:
enum class ForcePlOffState {
NONE,
FORCE_ALL_EXCEPT_SUPV_OFF,
WAITING,
FORCE_SUPV_OFF
} forcePlOffState = ForcePlOffState::NONE;
enum class I2cRebootState {
NONE,
SYSTEM_MODE_BOOT,
@ -37,6 +43,7 @@ class EiveSystem : public Subsystem, public HasActionsIF {
bool alreadyTriedI2cRecovery = false;
uint8_t frameDirtyErrorCounter = 0;
Countdown supvOffDelay = Countdown(3000);
Countdown frameDirtyCheckCd = Countdown(10000);
// If the PDEC reset was already attempted in the last 2 minutes, there is a high chance that
// only a full reboot will fix the issue.