70 lines
2.8 KiB
C++
70 lines
2.8 KiB
C++
#ifndef FSFW_DEVICEHANDLERS_DEVICEHANDLERFAILUREISOLATION_H_
|
|
#define FSFW_DEVICEHANDLERS_DEVICEHANDLERFAILUREISOLATION_H_
|
|
|
|
#include "../fdir/FailureIsolationBase.h"
|
|
#include "../fdir/FaultCounter.h"
|
|
|
|
namespace Factory {
|
|
void setStaticFrameworkObjectIds();
|
|
}
|
|
|
|
class DeviceHandlerFailureIsolation : public FailureIsolationBase {
|
|
friend void(Factory::setStaticFrameworkObjectIds)();
|
|
friend class Heater;
|
|
|
|
public:
|
|
DeviceHandlerFailureIsolation(object_id_t owner, object_id_t parent,
|
|
uint8_t eventQueueDepth = 10);
|
|
~DeviceHandlerFailureIsolation();
|
|
ReturnValue_t initialize();
|
|
bool isFdirActionInProgress();
|
|
virtual ReturnValue_t getParameter(uint8_t domainId, uint8_t uniqueId,
|
|
ParameterWrapper* parameterWrapper,
|
|
const ParameterWrapper* newValues, uint16_t startAtIndex);
|
|
|
|
protected:
|
|
FaultCounter strangeReplyCount;
|
|
FaultCounter missedReplyCount;
|
|
FaultCounter recoveryCounter;
|
|
|
|
enum FDIRState { NONE, RECOVERY_ONGOING, DEVICE_MIGHT_BE_OFF, AWAIT_SHUTDOWN };
|
|
FDIRState fdirState;
|
|
|
|
MessageQueueId_t powerConfirmation = MessageQueueIF::NO_QUEUE;
|
|
static object_id_t powerConfirmationId;
|
|
|
|
static const uint32_t DEFAULT_MAX_REBOOT = 1;
|
|
static const uint32_t DEFAULT_REBOOT_TIME_MS = 180000;
|
|
static const uint32_t DEFAULT_MAX_STRANGE_REPLIES = 10;
|
|
static const uint32_t DEFAULT_STRANGE_REPLIES_TIME_MS = 10000;
|
|
static const uint32_t DEFAULT_MAX_MISSED_REPLY_COUNT = 5;
|
|
static const uint32_t DEFAULT_MISSED_REPLY_TIME_MS = 10000;
|
|
|
|
/**
|
|
* This is the default implementation of the eventReceived function.
|
|
*
|
|
* It will perform recoveries or failures on a pre-defined set of events. If the user wants
|
|
* to add handling for custom events, this function should be overriden.
|
|
*
|
|
* It should be noted that the default implementation will not perform FDIR reactions if the
|
|
* handler is faulty or in external control by default. If the user commands the device
|
|
* manually, this might be related to debugging to testing the device in a low-level way. FDIR
|
|
* reactions might get in the way of this process by restarting the device or putting it in
|
|
* the faulty state. If the user still requires FDIR handling in the EXTERNAL_CONTROL case,
|
|
* this function should be overriden.
|
|
*/
|
|
virtual ReturnValue_t eventReceived(EventMessage* event);
|
|
virtual void eventConfirmed(EventMessage* event);
|
|
void wasParentsFault(EventMessage* event);
|
|
void decrementFaultCounters();
|
|
void handleRecovery(Event reason);
|
|
virtual void clearFaultCounters();
|
|
void setFdirState(FDIRState state);
|
|
void startRecovery(Event reason);
|
|
void setFaulty(Event reason);
|
|
|
|
bool isFdirInActionOrAreWeFaulty(EventMessage* event);
|
|
};
|
|
|
|
#endif /* FSFW_DEVICEHANDLERS_DEVICEHANDLERFAILUREISOLATION_H_ */
|