Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Centre console is the board which contains the main state logic for the entire car’s electrical system. It governs starting the system and controlling the power states, as well as the drive state of the car. When the car is off (Main Battery disconnected), this board, along with pedal and power distribution are the only ones which are powered, so that they can be used to start the broader system.

The car is powered on when the power button is pressed. Initially this is “aux power”, which means that car is powered by a supply separate to the main batteries. This means minimal functionality is available, and is good for testing initial startup. If the brake is pressed and the power button is pressed at the same time, the car will enter the main power state, powered by the main electrical system, and full functionality will be available.

TODO:

Inputs

Buttons

  • Power Button

    • Used to control power state, along with pedal

  • R, N, D → drive state control buttons

  • Hazard button → Latching, sends message to power distribution to strobe turn lights

  • Regen Braking Enable:

  • DRL Lights?

Buttons will be handled as gpio interrupts. R, N, D will be registered to send notifications to the Drive state FSM. Power button will send a notification to the Power State FSM.

All others will be sent to the main task, and will be processed in the main loop.

CAN messages:

Received:

  • Pedal - Constantly monitor brake state to determine whether to enter main power state

    • Must receive value within 100MS (Could be certain number of cycles with new architecture)

  • MCI

    • Constantly monitor speed message - Must receive new message within 3 seconds

    • Send pre-charge and wait for complete message with a timeout

  • BMS - Heartbeat Message

    • If not received in 3 seconds, or has errors in message, a BPS fault has occurred

  • ACK messages from Power Distribution, MCI,

Outputs

LED Indicators - All on a I2C Expander for 8 possible outputs

  • CENTRE_CONSOLE_LED_BPS

  • CENTRE_CONSOLE_LED_POWER

  • CENTRE_CONSOLE_LED_DRIVE

  • CENTRE_CONSOLE_LED_REVERSE

  • CENTRE_CONSOLE_LED_NEUTRAL

  • CENTRE_CONSOLE_LED_PARKING

  • CENTRE_CONSOLE_LED_HAZARDS

  • CENTRE_CONSOLE_LED_SPARE,

7-Segment displays (x3)

  • Used for Cruise Control, speed, and battery percentage

Power FSM

The power FSM governs the power state of the car. There are 4 main States:

  • POWER_OFF

  • POWER_MAIN

  • POWER_AUX

  • POWER_FAULT

For the main power states however, when we are transitioning there is a sequence of checks we run to make sure that the system is in a correct state to allow a transition. These steps typically involve sending a CAN message to another system, waiting for it to do its checks and balances and then receiving an acknowledgement (ACK) message. If these checks fail, we will transition back to the normal power state.

The sequence model for these states is along the following lines:

  • All steps must be executed successfully before a transition can take place

  • If a step fails, we should handle the error and remain in the current state

The diagram is shown below, hexagons representing the sequence steps. The states themselves have no real functionality in their output functions.

Power Aux Sequence*

  1. Confirm a valid aux status has been received from Power Select Info message

    1. Correct status bits should be set in the message

    2. No fault bits should be set

  2. Transmit TURN_ON_EVERYTHING to Power Distribution and receive BPS heartbeat

    1. Once Power Distribution has turned everything on, we wait for BMS to power up and send heartbeat message, indicating that the power on was successful

*From Power Aux, if a fault condition is detected (ie invalid power select status message) we should return to off

Power main sequence

  1. Confirm Aux Status

    1. Confirm no issues with aux supply at Power Select

    2. Check power select message for valid aux status, and no faults

  2. Power on boards

    1. Tell Power distribution to power on all outputs

  3. Confirm battery status

    1. Wait for BMS to start up and reply with a Heartbeat and status message

    2. This indicates initial state is all good

  4. Close Relays

    1. Transmit message to BMS to close relays and switch to main power

    2. Transmits to BMS to close relays

  5. Confirm DCDC

    1. Check at power select that main power (DCDC) is now in use

  6. Power Main Complete

    1. Sends “ready to drive” to MCI

    2. Start BPS watchdog

Power Off Sequence:

  1. Discharge Precharge

    1. Send message to MCI to discharge precharge

  2. Open Relays (Transition to fault on BPS Fault)

    1. Tell BMS to open the relays

  3. Confirm Back to Aux with power select

  4. Turn Off everything

    1. Tell Power distribution to turn off everything except for power select, centre console, and pedal

Fault

  • This state covers a BPS fault during operation. It occurs if we receive a message from BMS saying that we have a fault condition, or a timeout occurs on the BPS heartbeat message

    • If a message is received saying that a fault has occurred, then we can attempt to handle the specific fault

    • If a BPS timeout has occurred, we must discharge MCI and loop until BPS communication resumes, or the car is power cycled.

    • BPS indicator is on during this time (and hazard lights flash as well I believe)

Drive FSM

The Drive FSM handles the control of drive state of the car. It receives the drive buttons (Neutral (N), Drive (D), Reverse(R), Parking (P)) and runs the preparations and checks needed to change the drive state of the car, and communicate this value with the motor controllers. One of these preparations is MCI Precharge.

The following conditions need to be met when changing the drive state

  • Successfully precharge (receive ack) MCI before going into a drive state (D or R)

  • Discharge MCI when exiting a drive state (to park or fault)

    • Neutral should stay charged

If a fault condition occurs, we should exit back to neutral and indicate failure.

State Input Functions:

All the following must be met for a transition to happen from the following states

Neutral → Drive

  • Drive button has been pressed (neutral state)

  • Power state is POWER_MAIN (neutral state)

  • Speed state is stationary (speed >= 0) (neutral state)

  • Get precharge state (state 1)

    • if state is down (not charged) go to state 2

    • else go to state 3 (is charged)

  • Turn on Pre-charge and get ack (state 2)

  • Transmit REVERSE state to MCI, receive ACK (state 3)

  • If either step fails, return to neutral

Neutral → Reverse

  • Drive button has been pressed (neutral state)

  • Power state is POWER_MAIN (neutral state)

  • Speed state is stationary (speed <= 0) (neutral state)

  • Get precharge state (state 1)

    • if state is down (not charged) go to state 2

    • else go to state 3 (is charged)

  • Turn on Pre-charge and get ack (state 2)

  • Transmit REVERSE state to MCI, receive ACK (state 3)

Drive → Neutral

  • Neutral button or force (sent by power fsm) or drive_state != main (drive state)

  • Transmit NEUTRAL state to MCI, receive ACK (state 1)

Reverse → Neutral

  • Neutral button or force (sent by power fsm) or drive_state != main (drive state)

  • Transmit NEUTRAL state to MCI, receive ACK (state 1)

Centre Console Communications:

Between power and drive fsm:

Create a struct that is protected by a mutex.

Power fsm will update its state

Drive fsm will read power state

Both fsms will/can update the error status, and both fsms will read the error status.

To MCI:

Current drive state, (forward, reverse, cuise, off?)

cruise target velocity, ignored if not in cruise.

  • No labels