Merge remote-tracking branch 'origin/main' into swap-rtd-9-and-11
All checks were successful
EIVE/eive-obsw/pipeline/pr-main This commit looks good

This commit is contained in:
Robin Müller 2023-10-26 13:45:10 +02:00
commit c06cd710cf
Signed by: muellerr
GPG Key ID: FCE0B2BD2195142F
3 changed files with 53 additions and 26 deletions

View File

@ -22,6 +22,8 @@ will consitute of a breaking change warranting a new major release:
CFDP interface. CFDP interface.
- Proper back pressure handling for the CFDP handler, where the `LiveTmTask` is able to throttle - Proper back pressure handling for the CFDP handler, where the `LiveTmTask` is able to throttle
the CFDP handler. the CFDP handler.
- The EIVE system will command the payload OFF explicitely again when receiving the
`power::POWER_LEVEL_CRITICAL` event.
## Fixed ## Fixed
@ -42,6 +44,8 @@ will consitute of a breaking change warranting a new major release:
strongly suspected the cables for those devices were swapped during integration. This is probably strongly suspected the cables for those devices were swapped during integration. This is probably
the easiest way to fix the issue without the need to tweak ground or other OBSW or controller the easiest way to fix the issue without the need to tweak ground or other OBSW or controller
code. code.
- Added a 3 second delay in the EIVE system between commanding all PL components except the SUPV,
and the SUPV itself OFF when the power level becomes low or critical.
# [v7.1.0] 2023-10-11 # [v7.1.0] 2023-10-11

View File

@ -70,6 +70,9 @@ void EiveSystem::performChildOperation() {
} }
pdecRecoveryLogic(); pdecRecoveryLogic();
i2cRecoveryLogic(); i2cRecoveryLogic();
if (forcePlOffState != ForcePlOffState::NONE) {
forceOffPayload();
}
} }
ReturnValue_t EiveSystem::initialize() { ReturnValue_t EiveSystem::initialize() {
@ -203,10 +206,14 @@ void EiveSystem::handleEventMessages() {
break; break;
} }
case power::POWER_LEVEL_LOW: { case power::POWER_LEVEL_LOW: {
forceOffPayload(); forcePlOffState = ForcePlOffState::FORCE_ALL_EXCEPT_SUPV_OFF;
break; break;
} }
case power::POWER_LEVEL_CRITICAL: case power::POWER_LEVEL_CRITICAL: {
// Force payload off in any case. It really should not be on when the power level
// becomes critical, but better be safe than sorry..
forcePlOffState = ForcePlOffState::FORCE_ALL_EXCEPT_SUPV_OFF;
// Also set the STR assembly to faulty, which should cause a fallback to SAFE mode.
CommandMessage msg; CommandMessage msg;
HealthMessage::setHealthMessage(&msg, HealthMessage::HEALTH_SET, HasHealthIF::FAULTY); HealthMessage::setHealthMessage(&msg, HealthMessage::HEALTH_SET, HasHealthIF::FAULTY);
ReturnValue_t result = MessageQueueSenderIF::sendMessage( ReturnValue_t result = MessageQueueSenderIF::sendMessage(
@ -216,6 +223,7 @@ void EiveSystem::handleEventMessages() {
<< std::endl; << std::endl;
} }
break; break;
}
} }
break; break;
default: default:
@ -403,37 +411,45 @@ void EiveSystem::pdecRecoveryLogic() {
void EiveSystem::forceOffPayload() { void EiveSystem::forceOffPayload() {
CommandMessage msg; CommandMessage msg;
ReturnValue_t result;
// set PL to faulty // set PL to faulty
HealthMessage::setHealthMessage(&msg, HealthMessage::HEALTH_SET, HasHealthIF::FAULTY); HealthMessage::setHealthMessage(&msg, HealthMessage::HEALTH_SET, HasHealthIF::FAULTY);
ReturnValue_t result = commandQueue->sendMessage(plPcduQueueId, &msg); if (forcePlOffState == ForcePlOffState::FORCE_ALL_EXCEPT_SUPV_OFF) {
if (result != returnvalue::OK) { result = commandQueue->sendMessage(plocMpsocQueueId, &msg);
sif::error << "EIVE System: Sending FAULTY command to PL PCDU failed" << std::endl; if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PLOC MPSOC failed" << std::endl;
}
result = commandQueue->sendMessage(cameraQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PL CAM failed" << std::endl;
}
result = commandQueue->sendMessage(scexQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to SCEX failed" << std::endl;
}
result = commandQueue->sendMessage(radSensorQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to RAD SENSOR failed" << std::endl;
}
result = commandQueue->sendMessage(plPcduQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PL PCDU failed" << std::endl;
}
forcePlOffState = ForcePlOffState::WAITING;
supvOffDelay.resetTimer();
} }
result = commandQueue->sendMessage(plocMpsocQueueId, &msg); if (forcePlOffState == ForcePlOffState::WAITING and supvOffDelay.hasTimedOut()) {
if (result != returnvalue::OK) { forcePlOffState = ForcePlOffState::FORCE_SUPV_OFF;
sif::error << "EIVE System: Sending FAULTY command to PLOC MPSOC failed" << std::endl;
} }
result = commandQueue->sendMessage(plocSupervisorQueueId, &msg); if (forcePlOffState == ForcePlOffState::FORCE_SUPV_OFF) {
if (result != returnvalue::OK) { result = commandQueue->sendMessage(plocSupervisorQueueId, &msg);
sif::error << "EIVE System: Sending FAULTY command to PLOC SUPERVISOR failed" << std::endl; if (result != returnvalue::OK) {
} sif::error << "EIVE System: Sending FAULTY command to PLOC SUPERVISOR failed" << std::endl;
}
result = commandQueue->sendMessage(cameraQueueId, &msg); forcePlOffState = ForcePlOffState::NONE;
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to PL CAM failed" << std::endl;
}
result = commandQueue->sendMessage(scexQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to SCEX failed" << std::endl;
}
result = commandQueue->sendMessage(radSensorQueueId, &msg);
if (result != returnvalue::OK) {
sif::error << "EIVE System: Sending FAULTY command to RAD SENSOR failed" << std::endl;
} }
} }

View File

@ -22,6 +22,12 @@ class EiveSystem : public Subsystem, public HasActionsIF {
[[nodiscard]] MessageQueueId_t getCommandQueue() const override; [[nodiscard]] MessageQueueId_t getCommandQueue() const override;
private: private:
enum class ForcePlOffState {
NONE,
FORCE_ALL_EXCEPT_SUPV_OFF,
WAITING,
FORCE_SUPV_OFF
} forcePlOffState = ForcePlOffState::NONE;
enum class I2cRebootState { enum class I2cRebootState {
NONE, NONE,
SYSTEM_MODE_BOOT, SYSTEM_MODE_BOOT,
@ -37,6 +43,7 @@ class EiveSystem : public Subsystem, public HasActionsIF {
bool alreadyTriedI2cRecovery = false; bool alreadyTriedI2cRecovery = false;
uint8_t frameDirtyErrorCounter = 0; uint8_t frameDirtyErrorCounter = 0;
Countdown supvOffDelay = Countdown(3000);
Countdown frameDirtyCheckCd = Countdown(10000); Countdown frameDirtyCheckCd = Countdown(10000);
// If the PDEC reset was already attempted in the last 2 minutes, there is a high chance that // If the PDEC reset was already attempted in the last 2 minutes, there is a high chance that
// only a full reboot will fix the issue. // only a full reboot will fix the issue.