tasks_startup.c

Go to the documentation of this file.

 
// Standard Library Includes
#include <stdbool.h>
#include <stdint.h>
 
// Framework Includes
#include <define_error_flags.h>
#include <define_error_ids.h>
#include <define_error_inject_reset.h>
#include <error_handler.h>
#include <midware_error_manager.h>
#include <midware_interrupt_manager.h>
#include <midware_memory_manager.h>
#include <midware_power_manager_diag.h>
#include <midware_reset_manager.h>
#include <midware_watchdog_manager.h>
#include <tasks_config.h>
#include <tasks_startup.h>
#include <tasks_startup_private.h>
 
// Private function prototypes
static bool IsPersistentValsUnreliable(void);
static bool IsPersistentFlagsUnreliable(void);
static errInjectReset_t ConvertToErrInjReason(uint8_t errInjReasonVal);
static resetReason_t ConvertToResetReason(uint8_t resetReasonVal);
static errId_t ConvertToErrId(uint8_t resetErrorIdVal);
static void ReportPreStartupErrors(bool isSafeIoFault, bool isCpuCompFault, bool isWdtExpFault,
                                   bool isSwdtExpFault);
 
void T_HandlePreStartupErrors(void)
{
    // Retrieve all error flags from persistent memory
    const bool isSafeIoFault  = MW_GetPersistentFlag(PFLAG_IO_FLOAT_FAULT);
    const bool isCpuCompFault = MW_GetPersistentFlag(PFLAG_CPU_INJ_FAULT);
    const bool isWdtExpFault  = MW_GetPersistentFlag(PFLAG_WDT_INJ_FAULT);
    const bool isSwdtExpFault = MW_GetPersistentFlag(PFLAG_SWDT_INJ_FAULT);
 
    const bool isFlagsUnreliable = IsPersistentFlagsUnreliable();
 
    // Ensure persistent flags do not interfere with a future reset by clearing them
    MW_ClearPersistentFlags();
 
    if (isFlagsUnreliable)
    {
        EH_HandleError(ERROR, ERRID_GPR_FLAGS);
    }
    else
    {
        ReportPreStartupErrors(isSafeIoFault, isCpuCompFault, isWdtExpFault, isSwdtExpFault);
    }
}
 
void T_InitSafetySystem(void)
{
    errFlag_t flag = ERROR;
 
    // Enable watchdogs with configured WDT period and SWDT open window + inital closed window
    flag = InitWatchdogs();
    EH_HandleError(flag, ERRID_INIT_WATCHDOGS);
 
    // Set configured main clock frequency and enable CFD0 and CFM0 to monitor the main clock
    flag = InitClocks();
    EH_HandleError(flag, ERRID_INIT_CLOCKS);
 
    // Configure the severity and I/O float of each error channel and the error controller timeout
    flag = InitErrorController();
    EH_HandleError(flag, ERRID_INIT_ERRCTRL);
 
    // Configure interrupt scheduling and enable interrupts for all error channel sources
    flag = InitInterrupts();
    EH_HandleError(flag, ERRID_INIT_INTERRUPTS);
 
    // Configure the device sleep mode and the internal and external power monitors (VMON and VLM)
    flag = InitPower();
    EH_HandleError(flag, ERRID_INIT_POWER);
 
    // Configure NVM ECC behaviour and the Stack Pointer Limit in RAM
    flag = InitMemories();
    EH_HandleError(flag, ERRID_INIT_MEMORIES);
}
 
void T_RunStartupDiagnostics(void)
{
    errFlag_t flag = ERROR;
 
    // Performs enabled CFM error injections and begins enabled CFD error injections
    RunStartupDiagClock();
 
    /*
     * The VMON error injection diagnostics have long execution times. To reduce the overall Task
     * execution time, the diagnostics are initiated while other diagnostics are run concurrently.
     */
    flag = MW_DiagVmonOverBegin();
    EH_HandleError(flag, ERRID_DIAG_VMON_OVER);
 
    // Bus parity error injection between CPU and memory (RAM, Flash, EEPROM)
    RunStartupDiagParity();
 
    if (flag == NO_ERROR) // Only complete diagnostic if successfully started
    {
        while (MW_IsDiagVmonOverDone() == false)
        {
            // The error injection must complete before checking the result of the diagnostic
        }
        flag = MW_DiagVmonOverEnd();
        EH_HandleError(flag, ERRID_DIAG_VMON_OVER);
    }
 
    // Initiate the undervoltage VMON error injection diagnostic to run concurrently
    flag = MW_DiagVmonUnderBegin();
    EH_HandleError(flag, ERRID_DIAG_VMON_UNDER);
 
    // ECC error injection for memory controllers (RAM and NVM)
    RunStartupDiagEcc();
 
    // Error injection on ERRCTRL channels without error source diagnostics (SPLIM, EVSYS0/1)
    RunStartupDiagErrorCh();
 
    if (flag == NO_ERROR) // Only complete diagnostic if successfully started
    {
        while (MW_IsDiagVmonUnderDone() == false)
        {
            // The error injection must complete before checking the result of the diagnostic
        }
        flag = MW_DiagVmonUnderEnd();
        EH_HandleError(flag, ERRID_DIAG_VMON_UNDER);
    }
}
 
void T_StartMissionMode(void)
{
    errFlag_t flag = NO_ERROR;
 
    // Configure the WDT to run in Window mode, but it will only take effect after the next clear
    flag = MW_SetWdtTimeout(WWDT_CLOSED_WINDOW, WWDT_OPEN_WINDOW);
    EH_HandleError(flag, ERRID_WWDT_TIMEOUT_VAL);
 
    /* Intentional misra-c2012-2.2/14.3 deviation */
    if (HEARTBEAT_OUTPUT == ENABLED)
    {
        MW_StartHeartbeat();
    }
 
    /* Intentional misra-c2012-2.2/14.3 deviation */
    if (STRICT_SAFE_STATE == ENABLED)
    {
        flag = MW_DisableForceFloat(); // Release all tri-stated I/O pins and exit Safe State
        EH_HandleError(flag, ERRID_FORCE_FLOAT);
    }
 
    flag = MW_EnableGlobalInterrupts(); // Ensure hardware errors can be reported and handled
    EH_HandleError(flag, ERRID_INT_DISABLED);
}
 
void T_HandleResetReason(void)
{
    resetInfo_t resetInfo = {
        .reason = RSTRSN_UNKNOWN,
        .id     = ERRID_NONE,
    };
 
    // Retrieve reset reason and Error ID from persistent memory
    const uint8_t resetReasonVal  = MW_GetPersistentVal(PVAL_RESET_REASON);
    const uint8_t resetErrorIdVal = MW_GetPersistentVal(PVAL_ERRID_REASON);
 
    const bool isRstReasonUnreliable = IsPersistentValsUnreliable();
 
    // Ensure persistent values does not interfere with a future reset by clearing them
    MW_ClearPersistentVals();
 
    if (isRstReasonUnreliable)
    {
        EH_HandleError(ERROR, ERRID_GPR_VALS);
    }
    else
    {
        resetInfo.reason = ConvertToResetReason(resetReasonVal); // Defaults to unknown if invalid
 
        if (resetInfo.reason == RSTRSN_SOFTWARE)
        {
            // Include which Error ID was reported before the software reset was issued
            resetInfo.id = ConvertToErrId(resetErrorIdVal); // Defaults to none if invalid
        }
 
        // Issue user configurable callback
        resetReasonCallback(resetInfo);
    }
}
 
// Checks values from persistent memory for reliability
static bool IsPersistentValsUnreliable(void)
{
    // If the reset FSM was corrupted, the true reset reason might have been erroneously overwritten
    const uint8_t errInjReasonVal       = MW_GetPersistentVal(PVAL_ERRINJ_REASON);
    const errInjectReset_t errInjReason = ConvertToErrInjReason(errInjReasonVal);
    const bool isFsmStateCorrupted      = (errInjReason == ERRINJ_RESET_CORRUPT);
 
    const bool isValsCorrupted = MW_IsPersistentValsCorrupt();
 
    return (isFsmStateCorrupted || isValsCorrupted);
}
 
// Checks flags from persistent memory for reliability
static bool IsPersistentFlagsUnreliable(void)
{
    /*
     * Persistent flags are unreliable if any of the following occur:
     * 1. The flags themselves are corrupted (tested by MW_IsPersistentFlagsCorrupt)
     * 2. The Pre-Startup Diagnostic FSM reports a corrupt state, leading to potential false
     * positives/negatives
     * 3. The persistent values are corrupted meaning that the Pre-Startup Diagnostic FSM state is
     * unreliable (both 2 and 3 are tested by IsPersistentValsUnreliable)
     */
    const bool isValsUnreliable = IsPersistentValsUnreliable();
    const bool isFlagsCorrupted = MW_IsPersistentFlagsCorrupt();
 
    return (isValsUnreliable || isFlagsCorrupted);
}
 
// Converts and validates an Error Injection Reason value from unsigned int to it's correct type
static errInjectReset_t ConvertToErrInjReason(uint8_t errInjReasonVal)
{
    /* Intentional misra-c2012-10.5 deviation */
    errInjectReset_t errInjReason = (errInjectReset_t)(errInjReasonVal);
 
    // Assumes that corrupt is the highest enum value
    if (errInjReason > ERRINJ_RESET_CORRUPT)
    {
        errInjReason = ERRINJ_RESET_CORRUPT;
    }
 
    return errInjReason;
}
 
// Converts and validates a reset reason value from unsigned int to it's correct type
static resetReason_t ConvertToResetReason(uint8_t resetReasonVal)
{
    /* Intentional misra-c2012-10.5 deviation */
    resetReason_t resetReason = (resetReason_t)(resetReasonVal);
 
    if (resetReason >= RSTRSN_MAX)
    {
        resetReason = RSTRSN_UNKNOWN; // Defaults to unknown if out of range
    }
 
    return resetReason;
}
 
// Converts and validates an Error Id value from unsigned int to it's correct type
static errId_t ConvertToErrId(uint8_t resetErrorIdVal)
{
    /* Intentional misra-c2012-10.5 deviation */
    errId_t resetErrorId = (errId_t)(resetErrorIdVal);
 
    if (resetErrorId >= ERRID_MAX)
    {
        resetErrorId = ERRID_NONE; // Defaults to none if out of range
    }
 
    return resetErrorId;
}
 
// Reports any faults detected in the pre-startup sequence to the Error Handler
static void ReportPreStartupErrors(bool isSafeIoFault, bool isCpuCompFault, bool isWdtExpFault,
                                   bool isSwdtExpFault)
{
    if (isSafeIoFault)
    {
        EH_HandleError(ERROR, ERRID_SAFE_IO);
    }
 
    if (isCpuCompFault)
    {
        EH_HandleError(ERROR, ERRID_DIAG_CPU_COMP);
    }
 
    if (isWdtExpFault)
    {
        EH_HandleError(ERROR, ERRID_DIAG_WDT_EXPIRE);
    }
 
    if (isSwdtExpFault)
    {
        EH_HandleError(ERROR, ERRID_DIAG_SWDT_EXPIRE);
    }
}