Versions Compared

Version Old Version 57 New Version Current
Changes made by

Aryan Kashem

Aryan Kashem

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Hardware Validation - Rev 1

Validation Steps

Status

Blockers

Outputs

  •  Verify Operation of Load switches using bts_load_switch driver Adhiraj Singh
  •  Verify Operation of Outputs using Output Config Adhiraj Singh
  •  Verify current readings
  •  Verify multiplexor with current readings
  •  Trigger Undervoltage/overvoltage conditions, see if it triggers interrupt (do after everything else in case board explodes)

Status
titleIn Progress

Output Read verification

  •  Verify Outputs are successfully read in main loop

Status
colourRed
titleBlocked

Need gpio expanders verified

Lights FSM verification

  •  Verify by setting can messages internally
  •  Verify by sending can messages over PEAK CAN

Status
colourRed
titleBlocked

Need all previous verified

Power FSM Verification

  •  Verify by setting can messages internally
  •  Verify by sending can messages over PEAK CAN

Status
colourRed
titleBlocked

Need all previous verified

Hardware Validation - Rev 2

IMPORTANT: Send battery status information as soon as the program starts to prevent fault mode

Using Python CAN parser tool with this message: repeat(1, send_bms_carrier_battery_status, 10, 0, 0)

Validation Steps

...

Inputs

...

Outputs

IO expander

Verify PCA expanders are able to communicate with STM

  •  PCA 1 (

...

  • 0x20)
  •  PCA 2

...

  • (0x21)

Trigger FSM state changes using CAN messages. Easy ones:
send_steering_steering_info(0,1) (LEFT LIGHT)
send_pedal_pedal_output(0,1) (BRAKE LIGHT)

Corresponding LEDs and power sources turn on

Outputs

Verify outputs all enable/disable as expected

  •  SOLAR_SENSE_1
  •  SOLAR_SENSE_2
  •  PEDAL
  •  STEERING
  •  LEFT_TURN
  •  RIGHT_TURN
  •  DRL_LIGHT
  •  BRAKE_LIGHT
  •  CENTER_CONSOLE
  •  BMS_DCDC
  •  MCI
  •  BPS_LIGHT
  •  SPARE_12V_1
  •  SPARE_12V_2
  •  BMS_AUX
  •  DRIVER_FAN
  •  REAR_CAM_LCD
  •  SPARE_5V_DCDC
  •  TELEMETRY
  •  SPARE_5V_AUX

Cycle through all FSMs:

POWER FSM:

To go from off state → close relays state, send

send_centre_console_cc_power_control(1,0) OR

send_centre_console_cc_power_control(2,0)

To go from close relays state → power on, send send_bms_carrier_battery_relay_info(1)

To go from on state → off state, send

send_centre_console_cc_power_control(1,0)

To go from on state → turn on drive state, send

send_centre_console_cc_power_control(2,0)

To go from turn on drive state → drive state, send send_motor_controller_mc_status(0, 0, 0, 0, 0, 0, 1)

To go from drive state → on state, send

send_centre_console_cc_power_control(1,0)

LIGHTS FSM:

To turn on left light, send

send_steering_steering_info(0,1)

To turn on right light, send

send_steering_steering_info(0,2)

To turn on brake light, send

send_pedal_pedal_output(0,1)

To turn on hazard lights, send

send_centre_console_cc_power_control(0,1)

Output isense read

Verify Mux select allows for output current values to be read:

  •  SOLAR_SENSE_1
  •  SOLAR_SENSE_2
  •  PEDAL
  •  STEERING
  •  LEFT_TURN
  •  RIGHT_TURN
  •  DRL_LIGHT
  •  BRAKE_LIGHT
  •  CENTER_CONSOLE
  •  BMS_DCDC
  •  MCI
  •  BPS_LIGHT
  •  SPARE_12V_1
  •  SPARE_12V_2
  •  BMS_AUX
  •  DRIVER_FAN
  •  REAR_CAM_LCD
  •  SPARE_5V_DCDC
  •  TELEMETRY
  •  SPARE_5V_AUX

AUX Valid pins

Ensure AUX valid low when no AUX supply connected

  •  AUX_VALID_1
  •  AUX_VALID_2

Ensure AUX Valid high when aux is connected

  •  AUX_VALID_1
  •  AUX_VALID_2

DCD Valid pins

Ensure DCDC valid low when no DCDC supply connected

  •  DCDC_VALID_1
  •  DCDC_VALID_2

Ensure DCDC Valid high when DCDC is connected

  •  DCDC_VALID_1
  •  DCDC_VALID_2

Output Config and Power FSM Validation

For the outputs, CAN TX indicates a message we expect to see, LOG indicates an expected printed message, OUTPUT indicates the expected output group to be set

For state changes, the following outputs are what we are looking for:

  • power_info_power_state - should reflect the current power state (OFF/ON/DRIVE)

  • relay_request_set_relays - This signal tells BMS that we want the relays connected (main power connected to the car). Should start as EE_RELAY_STATE_OPEN in POWER OFF, in any other state should be EE_RELAY_STATE_CLOSED

Validation Steps

Initial Conditions

Outputs

  •  Outputs correct for each output group

Check for each power state, ensure only the correct outputs are set

  •  POWER_FSM_OUTPUT_OFF
  •  POWER_FSM_OUTPUT_ON
  •  POWER_FSM_OUTPUT_DRIVE
  •  POWER_FSM_OUTPUT_FAULT

  •  LIGHTS_OUTPUT_BPS
  •  LIGHTS_OUTPUT_LEFT
  •  LIGHTS_OUTPUT_RIGHT
  •  LIGHTS_OUTPUT_HAZARDS

N/A

See Power Distribution Design doc for expected outputs

  •  FSM Initial State

On startup, output group enabled is POWER_FSM_OUTPUT_OFF

Initial Power On

Initial state is Power FSM OFF (BMS and Centre Console Outputs Enabled)

LOG: STATE = POWER_OFF

  •  POWER_OFF → TRANSMIT_BMS_CLOSE_RELAYS

Both centre console messages

  •  EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE and
  •  EE_CC_PWR_CTL_EVENT_BTN

should cause a transition to TRANSMIT_BMS_CLOSE_RELAYS. After 3sec with no relay message, we should return to POWER_OFF

From POWER_OFF send
cc_power_control_power_event == EE_CC_PWR_CTL_EVENT_BTN or BTN_AND_BRAKE

CAN TX: relay_request_set_relays == EE_RELAY_STATE_CLOSED

LOG: STATE = BMS_RELAYS

after 3 seconds

LOG: STATE = POWER OFF

OUTPUT: POWER_OFF

  •  POWER_OFF TO POWER_ON

If PD receives a PWR_CTL_EVENT_BTN and then a relays_closed state from BMS, we should transition to POWER_ON, and stay there

From POWER_OFF send
cc_power_control_power_event == EE_CC_PWR_CTL_EVENT_BTN

and battery_relay_info_state == EE_RELAY_STATE_CLOSED

CAN_TX:

  • power_info_power_state == EE_POWER_ON_STATE

LOG: Transitioned to DRIVE STATE

OUTPUT: POWER_ON

  •  POWER_ON to POWER_OFF

Centre console message

  •  EE_CC_PWR_CTL_EVENT_BTN

should cause a transition to POWER_OFF

From POWER_ON, send either of the two PWR_CTL_EVENTS to the controller board

CAN_TX:

  • power_info_power_state == EE_POWER_OFF_STATE

  • relay_request_set_relays == EE_RELAY_STATE_OPEN

LOG: Transitioned to OFF STATE

OUTPUT: POWER_OFF

  •  POWER_ON to TURN_ON_DRIVE_OUTPUTS

If we receive EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE in POWER_ON state, we should transition to TURN_ON_DRIVE_OUTPUTS. If we don’t receive a message from MCI, we should return to POWER_ON

From POWER_ON, send EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE. We should transition to TURN_ON_DRIVE_OUTPUTS which sets the output group to POWER_DRIVE, and then after 3 cycles return to POWER_ON

CAN_TX:

  • power_info_power_state == EE_POWER_ON_STATE (This should not change, as we have not completed transition to POWER_ON)

LOG: transition to TURN_ON_OUTPUTS

OUTPUT: POWER_DRIVE

*after 3 cycle timeout*

LOG: transition to POWER_ON

OUTPUT: POWER_ON

  •  POWER_OFF to POWER_DRIVE through POWER_ON

A successful transition to POWER_DRIVE from POWER_OFF requires the following in order:

  • EE_CC_PWR_CTL_EVENT_BTN received

  • battery_relay_info_state == EE_RELAY_STATE_CLOSED received

  • EE_CC_PWR_CTL_EVENT_BTN

Start in POWER_OFF, send 3 messages described

CAN_TX: (each updated state will send a new message)

  • power_info_power_state == EE_POWER_OFF_STATE

  • power_info_power_state == EE_POWER_ON_STATE

  • power_info_power_state == EE_POWER_DRIVE_STATE

  •  POWER_DRIVE to POWER_OFF

If we are in power drive, and we receive either PWR_CTL_EVENT, we should transition to POWER_ON. receiving a second event (EE_CC_PWR_CTL_EVENT_BTN without brake) will transition us to POWER_OFF

Start in POWER_DRIVE. Send:

  1. EE_CC_PWR_CTL_EVENT_BTN or EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE

  2. EE_CC_PWR_CTL_EVENT_BTN

CAN_TX: (each updated state will send a new message)

  • power_info_power_state == EE_POWER_DRIVE_STATE

  • power_info_power_state == EE_POWER_ON_STATE

  • power_info_power_state ==

  • EE_POWER_OFF_STATE

LOG (look for each state printed as we transition)

  • DRIVE

  • ON

  • OFF

  •  POWER_DRIVE to POWER_ON to POWER_DRIVE

If we are in power drive, and we receive either PWR_CTL_EVENT, we should transition to POWER_ON. Receiving EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE should send us back to POWER_DRIVE

Start in POWER_DRIVE. Send:

  1. EE_CC_PWR_CTL_EVENT_BTN or EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE

  2. EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE

Fault Conditions

Faults occur, only when we lose communication with BMS. For each state, we need to see that it successfully transitions to fault on not receiving the BMS Message

  •  POWER_OFF → POWER FAULT

On startup, if no BMS status message is received for 3 cycles we should automatically transition to the fault state

Start in POWER_OFF (automatically done on startup)

  •  BMS_RELAYS → POWER FAULT

if no BMS status message is received for 3 cycles we should automatically transition to the fault state

Start in BMS_RELAYS

  •  POWER_ON-> POWER_FAULT

if no BMS status message is received for 3 cycles we should automatically transition to the fault state

Start in POWER_ON

  •  TURN_ON_DRIVE_OUTPUTS → POWER_FAULT

if no BMS status message is received for 3 cycles we should automatically transition to the fault state

Start in TURN_ON_DRIVE_OUTPUTS

  •  POWER_DRIVE → POWER_FAULT

if no BMS status message is received for 3 cycles we should automatically transition to the fault state

Start in POWER_DRIVE


Lights verification

There are two parts to the lights verification, the lights FSM and the standalone lights.
The lights FSM controls, the right and left turning signals (and hazards, which is both). The standalone lights are the BPS indicator and the brake lights. We need to verify that they work in each of the states, as well as through transitions.

For each of the tests, we need to check them in each state, which is what the States Checked box is for

Validation Steps

Initial Conditions

Outputs

States checked

  •  Default No lights

Transition through each state, ensure that right, left, and brake lights are not enabled by default.

BPS Fault indicator will be set by any transition into the fault state, so ensure that all transitions are valid

N/A

No lights

  •  OFF
  •  BMS_RELAY
  •  ON
  •  TRANSM_DR
  •  DRIVE
  •  FAULT
  •  Left turn signal enables left light blinking

Set steering info message to contain left_signal, send to power_distribution

left light

  •  Right turn signal enables right light blinking

Set steering info message to contain right_signal, send to power_distribution

right light

  •  Hazard signal enables hazards

Set centre console message to contain hazard enabled signal. Verify output. Send hazards off signal

Right and left light blink when hazards enabled

  •  If right/left signal is enabled, turning on hazards and then off again returns us to left/right signal

Try for each, left and right turning signal. Start with the turn signal enabled. Turn on hazards, check that both lights start blinking. Turn off hazards, check that we return to turn signal with one light blinking

  •  Brake light

Check that brake signal > 0 turns on brake light

Brake light on