Versions Compared

Version Old Version 16 New Version 17
Changes made by

Kyle Chan

Mitchell Langdon Ostler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • dashboard_init()

  • update_indicators()

    • Gets notification value from button presses, updates indicator lights and output can_messages

      • Power button:

        • Set cc_power_ctrl.power_event

          • POWER_EV_NONE if no power button pressed event

          • POWER_EV_BTN if button is pressed and brake reading == 0

          • POWER_EV_BTN_AND_BRAKE if button is pressed and brake reading != 0

      • Hazard enabled:

        • when pressed, toggle static hazard state

        • update indicator and cc_power_control.hazard_enabled message based on stored value

      • Regen Brake:

        • when pressed, toggle static regen brake state

        • update indicator and drive_output.regen_brake_enabled message based on stored value

      • Lights left/right

        • update left/right indicator based on steering_info.input_lights

      • Cruise Control Enabled:

        • update static cc state based on steering_info.cc_input

        • update indicator based on cc_state

        • update drive_output based on cc_state + target_velocity

  • update_displays()

    • Reads values from CAN messages, uses values for 7-seg:

      • motor_info.current_speed → speed display

      • battery_info.batt_percentage → battery display

      • if (cruise control enabled) target_velocity → cruise control display

  • cruise_control_monitor()

    • Checks for cruise control inputs from steering

    • Updates

Called

This module needs to read/display

All others will be sent to the main task, and will be processed in the main loop.

CAN messages:

Received:

  • Pedal - Constantly monitor brake state to determine whether to enter main power state

    • Must receive value within 100MS (Could be certain number of cycles with new architecture)

  • MCI

    • Constantly monitor speed message - Must receive new message within 3 seconds

    • Send pre-charge and wait for complete message with a timeout

  • BMS - Heartbeat Message

    • If not received in 3 seconds, or has errors in message, a BPS fault has occurred

  • ACK messages from Power Distribution, MCI,

  • Used for Cruise Control, speed, and battery percentage

    • Cruise control target speed

Drive FSM

The Drive FSM handles the control of drive state of the car. It receives the drive buttons (Neutral (N), Drive (D), Reverse(R)) and runs the preparations and checks needed to change the drive state of the car, and communicate this value with the motor controllers.

The initial/default state is Neutral. This is the mandated state of the FSM when we are in POWER_OFF state or POWER_ON state as dictated by power distribution. In addition, any major faults should force the car into neutral.

The drive state is dependent on power_state == power_drive. We expect to receive this message every cycle, and if we do not receive this message, we will record a fault after 3 cycles

State Input Functions:

All the following must be met for a transition to happen from the following states

Neutral → Drive

  • Button pressed (D)

  • Power state == POWER_DRIVE (received from Power distribution)

  • Speed == 0: All drive state transitions should happen when we are stopped

Actions:

  • Transmit DRIVE state to MCI

Neutral → Reverse

  • Button pressed (D)

  • Power state == POWER_DRIVE (received from Power distribution)

  • Speed == 0: All drive state transitions should happen when we are stopped

Actions:

  • Transmit REVERSE state to MCI

Drive → Neutral

  • Neutral button or force (sent by power fsm)

  • Transmit NEUTRAL state to MCI

Reverse → Neutral

  • Neutral button or force (sent by power fsm) or drive_state != main (drive state)

  • Transmit NEUTRAL state to MCI, receive ACK (state 1)

Expand
titlePower State FSM - Moved to Power Distribution

Power FSM

The power FSM governs the power state of the car. There are 4 main States:

  • POWER_OFF

  • POWER_MAIN

  • POWER_AUX

  • POWER_FAULT

For the main power states however, when we are transitioning there is a sequence of checks we run to make sure that the system is in a correct state to allow a transition. These steps typically involve sending a CAN message to another system, waiting for it to do its checks and balances and then receiving an acknowledgement (ACK) message. If these checks fail, we will transition back to the normal power state.

The sequence model for these states is along the following lines:

  • All steps must be executed successfully before a transition can take place

  • If a step fails, we should handle the error and remain in the current state

The diagram is shown below, hexagons representing the sequence steps. The states themselves have no real functionality in their output functions.

...

Image Added

Power Aux Sequence*

  1. Confirm a valid aux status has been received from Power Select Info message

    1. Correct status bits should be set in the message

    2. No fault bits should be set

  2. Transmit TURN_ON_EVERYTHING to Power Distribution and receive BPS heartbeat

    1. Once Power Distribution has turned everything on, we wait for BMS to power up and send heartbeat message, indicating that the power on was successful

*From Power Aux, if a fault condition is detected (ie invalid power select status message) we should return to off

Power main sequence

  1. Confirm Aux Status

    1. Confirm no issues with aux supply at Power Select

    2. Check power select message for valid aux status, and no faults

  2. Power on boards

    1. Tell Power distribution to power on all outputs

  3. Confirm battery status

    1. Wait for BMS to start up and reply with a Heartbeat and status message

    2. This indicates initial state is all good

  4. Close Relays

    1. Transmit message to BMS to close relays and switch to main power

    2. Transmits to BMS to close relays

  5. Confirm DCDC

    1. Check at power select that main power (DCDC) is now in use

  6. Power Main Complete

    1. Sends “ready to drive” to MCI

    2. Start BPS watchdog

Power Off Sequence:

  1. Discharge Precharge

    1. Send message to MCI to discharge precharge

  2. Open Relays (Transition to fault on BPS Fault)

    1. Tell BMS to open the relays

  3. Confirm Back to Aux with power select

  4. Turn Off everything

    1. Tell Power distribution to turn off everything except for power select, centre console, and pedal

Fault

  • This state covers a BPS fault during operation. It occurs if we receive a message from BMS saying that we have a fault condition, or a timeout occurs on the BPS heartbeat message

    • If a message is received saying that a fault has occurred, then we can attempt to handle the specific fault

    • If a BPS timeout has occurred, we must discharge MCI and loop until BPS communication resumes, or the car is power cycled.

    • BPS indicator is on during this time (and hazard lights flash as well I believe

...

Drive FSM

The Drive FSM handles the control of drive state of the car. It receives the drive buttons (Neutral (N), Drive (D), Reverse(R), Parking (P)) and runs the preparations and checks needed to change the drive state of the car, and communicate this value with the motor controllers. One of these preparations is MCI Precharge.

The following conditions need to be met when changing the drive state

...

    • )

...

Discharge MCI when exiting a drive state (to park or fault)

  • Neutral should stay charged

If a fault condition occurs, we should exit back to neutral and indicate failure.

State Input Functions:

All the following must be met for a transition to happen from the following states

Neutral → Drive

  • Drive button has been pressed (neutral state)

  • Power state is POWER_MAIN (neutral state)

  • Speed state is stationary (speed >= 0) (neutral state)

  • Get precharge state (state 1)

    • if state is down (not charged) go to state 2

    • else go to state 3 (is charged)

  • Turn on Pre-charge and get ack (state 2)

  • Transmit REVERSE state to MCI, receive ACK (state 3)

  • If either step fails, return to neutral

Neutral → Reverse

  • Drive button has been pressed (neutral state)

  • Power state is POWER_MAIN (neutral state)

  • Speed state is stationary (speed <= 0) (neutral state)

  • Get precharge state (state 1)

    • if state is down (not charged) go to state 2

    • else go to state 3 (is charged)

  • Turn on Pre-charge and get ack (state 2)

  • Transmit REVERSE state to MCI, receive ACK (state 3)

Drive → Neutral

  • Neutral button or force (sent by power fsm) or drive_state != main (drive state)

  • Transmit NEUTRAL state to MCI, receive ACK (state 1)

Reverse → Neutral

  • Neutral button or force (sent by power fsm) or drive_state != main (drive state)

  • Transmit NEUTRAL state to MCI, receive ACK (state 1)

Centre Console Communications:

Between power and drive fsm:

Create a struct that is protected by a mutex.

Power fsm will update its state

Drive fsm will read power state

Both fsms will/can update the error status, and both fsms will read the error status.

To MCI:

Current drive state, (forward, reverse, cuise, off?)

cruise target velocity, ignored if not in cruise.