Versions Compared

Version Old Version 10 New Version Current
Changes made by

Kyle Chan

Aryan Kashem

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Centre console is the board which contains the main state logic for the entire car’s electrical system. It governs starting the system and controlling the power states, as well as the drive state of the car. When the car is off, this board, along with pedal and power distribution are the only ones which are powered, so that they can be used to start the broader system.

...

The car is powered on when the power button is pressed. Initially this is “aux power”, which means that car is powered by a supply separate to the main batteries. This means minimal functionality is available, and is good for testing initial startup. If the brake is pressed and the power button is pressed at the same time, the car will enter the main power state, powered by the main electrical system, and full functionality will be available.

TODO:

  •  Find out if we want a parked state (Ebrake/parking brake, if manual will it have a sensor?) Not needed
  •  How are we handling ack messages?
  •  We should write a module to handle monitoring (ie. wait for a repeated event with a timeout)
  •  Do CAN messages remain the same or are they cleared after each cycle? They will remain the same unless manually cleared

Inputs

Buttons

  • Power Button

    • Used to control power state, along with pedal

  • P, R, N, D → drive state control buttons

  • Hazard button → Latching, sends message to power distribution to strobe turn lights

  • DRL Lights

Buttons will be handled as gpio interrupts, received as notifications to the relevant fsm tasks. Maybe can block on notifications taking place? (TBD)

CAN messages

  • Pedal - Constantly monitor brake state to determine whether to enter main power state

    • Must receive value within 100MS (Could be certain number of cycles with new architecture)

  • MCI

    • Constantly monitor speed message - Must receive new message within 3 seconds

    • Send pre-charge and wait for complete message with a timeout

  • BMS - Heartbeat Message

    • If not received in 3 seconds, or has errors in message, a BPS fault has occurred

  • ACK messages from Power Distribution, MCI,

Outputs

LED Indicators - All on a I2C Expander for 8 possible outputs

  • CENTRE_CONSOLE_LED_BPS

  • CENTRE_CONSOLE_LED_POWER

  • CENTRE_CONSOLE_LED_DRIVE

  • CENTRE_CONSOLE_LED_REVERSE

  • CENTRE_CONSOLE_LED_NEUTRAL

  • CENTRE_CONSOLE_LED_PARKING

  • CENTRE_CONSOLE_LED_HAZARDS

  • CENTRE_CONSOLE_LED_SPARE,

7-Segment displays (x3)

...

Center Console is the only driver interface. It controls all power transitions, motor output and steering lights. It also displays BMS data, vehicle speed and has LED indicators. This board is always on when the car is on.

Rundown of Center Console Functions:

  • Buttons to change state

    • Drive, Reverse, and Neutral

    • Regen Braking button

    • Hazard Button

  • three 7-segment displays with the below quantities

    • Speedometer (speed in km/h)

      • When we BPS fault it will display the error code instead

    • Current Readings (Amps)

    • Aux Battery Voltage (Volts)

  • Indicator LEDs

    • One for each of the above buttons (D/N/R/Haz/Reg)

    • Left turn signal

    • Right Turn Signal

    • Cruise control enabled indicator

    • BPS Fault Light

    • AFE Loss of Communications

  • Buzzer to highlight events

    • Button Clicks

    • BPS fault

  • Pedal Position

    • Maps ADC reading from 0-1 for the Motor Controller

    • Stores pedal calibration data in flash non-volatile memory

    • Refer to FW15 Pedal Board Design for more documentation! This board has been merged to CC. It is almost the same, but it doesn’t use the MAX11600. It instead uses a pedal that we ripped off a car

  • Steering Stalk

    • Toggles Left/Right lights

    • Toggles Cruise Control

    • Refer to FW15 Steering Design for more documentation! This board was merged to CC so it hasn’t really changed

Expand
titleCAN Signals

TX:

  • cc_info:

    • Target Velocity (Cruise Control Speed)

    • Drive State (D/N/R)

    • Cruise Control (Boolean)

    • Hazard Enabled (Boolean)

  • cc_pedal:

    • Throttle output (Mapped from 1 - 0) Float

    • Brake output (Boolean)

  • cc_steering:

    • Input CC (Cruise control toggle/decrease/increase)

    • Input Lights (Left/Right lights)

  • cc_regen:

    • Regen Percent (Calculated with battery data to determine max regen permitted)

RX:

  • battery_status (BMS)

    • Fault

    • Aux Battery Voltage

    • AFE Status

  • battery_info (BMS)

    • Max Cell Voltage

    • Min Cell Voltage

  • battery_vt (BMS)

    • Pack Voltage

    • Pack Current

    • Pack Temperature

    • Battery Percentage

  • pd_status (Power Distribution)

    • Power State

    • PD Fault Bitset

    • BPS Persisted Fault

  • motor_controller_vc (MCI)

    • Right/Left motor voltage

    • Right/left motor current

  • motor_velocity (MCI)

    • Right/left motor velocity

    • One pedal brake lights

  • mc_stauts (MCI)

    • Left/Right errors + limit messages

Centre Console Functionality

Module: cc_buttons

This module gets all button values. Buttons should be read in the fast cycle. They are connected to the pca9555 gpio expander, and must be read over i2c. This read function should send notifications to the requisite tasks.

  • Power Button, hazard, regen: send notifications to main task

  • R, N, D → Send notifications to Drive FSM

Module: update_dashboard

Static variables:

  • cruise_control_state

  • target_velocity

  • regen_braking_state

  • power_state_to_transmit

Functions (all called in medium cycle):

  • dashboard_init()

  • update_indicators()

    • Gets notification value from button presses, updates indicator lights and output can_messages

      • Hazard enabled:

        • when pressed, toggle static hazard state

        • update indicator and cc_power_control.hazard_enabled message based on stored value

      • Regen Brake:

        • when pressed, toggle static regen brake state

        • update indicator and drive_output.regen_brake_enabled message based on stored value

      • Lights left/right

        • update left/right indicator based on steering stalk position

      • Cruise Control Enabled:

        • update static cc state + indicator based on steering stalk ISR (Button click)

        • update drive_output based on cc_state + target_velocity

  • update_displays() [SEPERATE TASK]

    • Reads values from CAN messages, uses values for 7-seg:

      • Calculated speed using RPM to MPH → speed display (Top)

      • Current reading in Amps → current display (Middle)

      • Aux Battery Voltage → aux batt display (Bottom)

  • cruise_control_monitor()

    • Checks for cruise control inputs from steering stalk

    • Updates Cruise control target speed

Module: pedal

Module: steering

Drive FSM

The Drive FSM handles the control of drive state of the car. It receives the drive buttons (Neutral (N), Drive (D), Reverse(R)) and runs the preparations and checks needed to change the drive state of the car, and communicates this value with the motor controllers.

The initial/default state is Neutral. This is the mandated state of the FSM when we start the car up and are in POWER_IDLE state. In addition, any major faults should force the car into neutral.

The drive state is dependent on power_state. We expect to receive this message every cycle, and if we do not receive this message, we will record a fault after 3 cycles and enter neutral.

State Input Functions:

All the following must be met for a transition to happen from the following states

Neutral → Drive/Reverse

  • Button pressed (D/R)

  • Power state == POWER_DRIVE (received from Power distribution)

  • Speed == 0: All drive state transitions should happen when we are stopped

Actions:

  • Runs precharge, and closes motor relay

  • Transmit DRIVE/REVERSE state to MCI

Drive/Reverse → Neutral

  • Neutral button or forced because of fault

  • Transmit NEUTRAL state to MCI

Reverse → Drive OR Drive → Reverse

  • Since we are an EV we can do this easily! Transmits NEW_STATE to MCI

The following represent a

Expand
titlePower State FSM - Moved to Power Distribution

Power FSM

The power FSM governs the power state of the car. There are 4 main States:

  • POWER_OFF

  • POWER_MAIN

  • POWER_AUX

  • POWER_FAULT

For the main power states however, when we are transitioning there is a sequence of checks we run to make sure that the system is in a correct state to allow a transition. These steps typically involve sending a CAN message to another system, waiting for it to do its checks and balances and then receiving an acknowledgement (ACK) message. If these checks fail, we will transition back to the normal power state.

The sequence model for these states is along the following lines:

  • All steps must be executed successfully before a transition can take place

  • If a step fails, we should handle the error and remain in the current state

The diagram is shown below, hexagons representing the sequence steps. The states themselves have no real functionality in their output functions.

...

Image Added

Power Aux Sequence

...

Transmit CONFIRM_AUX_STATUS and receive ack OK

...

checking any aux faults before enabling power

...

*

  1. Confirm a valid aux status has been received from Power Select Info message

    1. Correct status bits should be set in the message

    2. No fault bits should be set

  2. Transmit TURN_ON_EVERYTHING to Power Distribution and receive

...

  1. Sent to power distribution, which turns on outputs needed for aux state

Power Main Sequence:

Power main sequence needs to send the following messages and receive an ack for each.

...

confirm_aux_status

  1. Tell power select to check any aux faults before enabling power (Maybe not needed in main seq?)

...

  1. BPS heartbeat

    1. Once Power Distribution has turned everything on, we wait for BMS to power up and send heartbeat message, indicating that the power on was successful

*From Power Aux, if a fault condition is detected (ie invalid power select status message) we should return to off

Power main sequence

  1. Confirm Aux Status

    1. Confirm no issues with aux supply at Power Select

    2. Check power select message for valid aux status, and no faults

  2. Power on boards

    1. Tell Power distribution to power on

...

confirm_battery_status

  1. Battery checks, waits for ack

...

    1. all outputs

  2. Confirm battery status

    1. Wait for BMS to start up and reply with a Heartbeat and status message

    2. This indicates initial state is all good

  3. Close Relays

    1. Transmit message to BMS to close relays and switch to main power

    2. Transmits to BMS to close relays

...

confirm_dcdc

  1. Power Select confirms DCDC

...

turn_on_everything

  1. Power Distribution enables all boards

  1. Confirm DCDC

    1. Check at power select that main power (DCDC) is now in use

  2. Power Main Complete

    1. Sends “ready to drive” to MCI

    2. Start BPS watchdog

...

Power Off Sequence:

...

Discharge Precharge

  1. Send message to MCI to discharge precharge

...

Turn Off everything

  1. Tell Power distribution to turn off the relevant boards

Open Relays (Transition to fault on BPS Fault)

...

Fault

  • This state covers a BPS fault during operation. It occurs if we receive a message from BMS saying that we have a fault condition

...

    • If a message is received saying that a fault has occurred, then we can attempt to handle the specific fault

...

    • Car must be power-cycled and then put into drive to clear the persisted fault

    • BPS indicator is on during this time

...

Drive FSM

The Drive FSM handles the control of drive state of the car. It receives the drive buttons (Neutral (N), Drive (D), Reverse(R), Parking (P)) and runs the preparations and checks needed to change the drive state of the car, and communicate this value with the motor controllers. One of these preparations is MCI Precharge.

The following conditions need to be met when changing the drive state

  • Successfully precharge (receive ack) MCI before going into a drive state (D or R)

  • Discharge MCI when exiting a drive state (to park or fault)

    • Neutral should stay charged

If a fault condition occurs, we should exit back to neutral and indicate failure.

State Input Functions:

All the following must be met for a transition to happen from the following states

Neutral → Drive

  • Drive button has been pressed (neutral state)

  • Power state is POWER_MAIN (neutral state)

  • Speed state is stationary (speed >= 0) (neutral state)

  • Get precharge state (state 1)

    • if state is down (not charged) go to state 2

    • else go to state 3 (is charged)

  • Turn on Pre-charge and get ack (state 2)

  • Transmit REVERSE state to MCI, receive ACK (state 3)

  • If either step fails, return to neutral

Neutral → Reverse

  • Drive button has been pressed (neutral state)

  • Power state is POWER_MAIN (neutral state)

  • Speed state is stationary (speed <= 0) (neutral state)

  • Get precharge state (state 1)

    • if state is down (not charged) go to state 2

    • else go to state 3 (is charged)

  • Turn on Pre-charge and get ack (state 2)

  • Transmit REVERSE state to MCI, receive ACK (state 3)

Drive → Neutral

  • Neutral button or force (sent by power fsm) or drive_state != main (drive state)

  • Transmit NEUTRAL state to MCI, receive ACK (state 1)

Reverse → Neutral

  • Neutral button or force (sent by power fsm) or drive_state != main (drive state)

  • Transmit NEUTRAL state to MCI, receive ACK (state 1)

Centre Console Communications:

Between power and drive fsm:

Create a struct that is protected by a mutex.

Power fsm will update its state

Drive fsm will read power state

Both fsms will/can update the error status, and both fsms will read the error status.

To MCI:

Current drive state, (forward, reverse, cuise, off?)

cruise target velocity, ignored if not in cruise.