...
The power FSM governs the power state of the car. There are 4 main States:
POWER_OFF
POWER_MAIN
POWER_AUX
POWER_FAULT
For the main power states however, when we are transitioning there is a sequence of checks we run to make sure that the system is in a correct state to allow a transition. These steps typically involve sending a CAN message to another system, waiting for it to do its checks and balances and then receiving an acknowledgement (ACK) message. If these checks fail, we will transition back to the normal power state.
The sequence model for these states is along the following lines:
...
confirm_aux_status
Tell power select to check any aux faults before enabling power (Maybe not needed in main seq?)
Turn on bms, wait for ack
Tell Power distribution to power on BMS board (do this separately to run independent bms checks)
confirm_battery_status
Battery checks, waits for ack
close_battery_relays
Transmits to BMS to close relays
confirm_dcdc
Power Select confirms DCDC
turn_on_everything
Power Distribution enables all boards
power_main_complete
Sends “ready to drive” to MCI
Start BPS watchdog
Power Off Sequence:
Discharge Precharge
Send message to MCI to discharge precharge
Turn Off everything
Tell Power distribution to turn off the relevant boards
Open Relays (Transition to fault on BPS Fault)
Tell BMS to open the relays (receive ack)
Fault
This state covers a BPS fault during operation. It occurs if we receive a message from BMS saying that we have a fault condition, or a timeout occurs on the BPS heartbeat message
If a message is received saying that a fault has occurred, then we can attempt to handle the specific fault
If a BPS timeout has occurred, we must discharge MCI and loop until BPS communication resumes, or the car is power cycled.
BPS indicator is on during this time (and hazard lights flash as well I believe)
...