Centre console is the board which contains the main drive state logic for the entire car. When the car is off (Relays to main battery are open, and car is powered off the aux battery), this board, along with BMS carrier and power distribution are the only ones which are powered, so that they can be used to start the car.
Centre console also provides feedback on the state of the car through:
Buttons to change state
Drive, Reverse, and Neutral
Power button
Regen Braking button
Hazard Button
three 7-segment displays with the below quantities
Speedometer (speed in km/h)
Battery Percentage Indicator (Percent remaining charge)
Cruise Control indicator (desired speed in km/h)
Indicator LEDS
One for each of the above buttons (P/D/N/R/Haz/Reg)
Left turn signal
Right Turn Signal
Cruise control enabled indicator
CAN Signals
TX:
power_direction: (POWER_ON or POWER_OFF)
cc_cruise_info → MCI
Centre Console Functionality
Module: cc_buttons
Buttons should be read in the fast cycle. They are connected to the pca9555 gpio expander, and must be read over i2c. This read function should just send notifications to the requisite tasks.
Power Button, hazard, regen: send notifications to main task
R, N, D → Send notifications to Drive FSM
Module: refresh_dashboard:
Static variables:
cruise_control_state
target_velocity
regen_braking_state
power_state_to_transmit
Functions:
update_indicators()
Gets notification value from button presses, updates indicator lights and output can_messages
Power button: when pressed, toggles power_state_to_transmit value, sets toggled value in CAN message to P
Regen Brake : when pressed, toggle regen brake state, update indicator and can message based on
update_displays()
Reads values from CAN messages, uses values
cruise_control_monitor()
Checks for cruise control inputs from steering
Updates
Called
This module needs to read/display
All others will be sent to the main task, and will be processed in the main loop.
CAN messages:
Received:
Pedal - Constantly monitor brake state to determine whether to enter main power state
Must receive value within 100MS (Could be certain number of cycles with new architecture)
MCI
Constantly monitor speed message - Must receive new message within 3 seconds
Send pre-charge and wait for complete message with a timeout
BMS - Heartbeat Message
If not received in 3 seconds, or has errors in message, a BPS fault has occurred
ACK messages from Power Distribution, MCI,
Outputs
LED Indicators - All on a I2C Expander for 8 possible outputs
CENTRE_CONSOLE_LED_BPS
CENTRE_CONSOLE_LED_POWER
CENTRE_CONSOLE_LED_DRIVE
CENTRE_CONSOLE_LED_REVERSE
CENTRE_CONSOLE_LED_NEUTRAL
CENTRE_CONSOLE_LED_PARKING
CENTRE_CONSOLE_LED_HAZARDS
CENTRE_CONSOLE_LED_SPARE,
7-Segment displays (x3)
Used for Cruise Control, speed, and battery percentage
Power FSM
The power FSM governs the power state of the car. There are 4 main States:
POWER_OFF
POWER_MAIN
POWER_AUX
POWER_FAULT
For the main power states however, when we are transitioning there is a sequence of checks we run to make sure that the system is in a correct state to allow a transition. These steps typically involve sending a CAN message to another system, waiting for it to do its checks and balances and then receiving an acknowledgement (ACK) message. If these checks fail, we will transition back to the normal power state.
The sequence model for these states is along the following lines:
All steps must be executed successfully before a transition can take place
If a step fails, we should handle the error and remain in the current state
The diagram is shown below, hexagons representing the sequence steps. The states themselves have no real functionality in their output functions.
Power Aux Sequence*
Confirm a valid aux status has been received from Power Select Info message
Correct status bits should be set in the message
No fault bits should be set
Transmit TURN_ON_EVERYTHING to Power Distribution and receive BPS heartbeat
Once Power Distribution has turned everything on, we wait for BMS to power up and send heartbeat message, indicating that the power on was successful
*From Power Aux, if a fault condition is detected (ie invalid power select status message) we should return to off
Power main sequence
Confirm Aux Status
Confirm no issues with aux supply at Power Select
Check power select message for valid aux status, and no faults
Power on boards
Tell Power distribution to power on all outputs
Confirm battery status
Wait for BMS to start up and reply with a Heartbeat and status message
This indicates initial state is all good
Close Relays
Transmit message to BMS to close relays and switch to main power
Transmits to BMS to close relays
Confirm DCDC
Check at power select that main power (DCDC) is now in use
Power Main Complete
Sends “ready to drive” to MCI
Start BPS watchdog
Power Off Sequence:
Discharge Precharge
Send message to MCI to discharge precharge
Open Relays (Transition to fault on BPS Fault)
Tell BMS to open the relays
Confirm Back to Aux with power select
Turn Off everything
Tell Power distribution to turn off everything except for power select, centre console, and pedal
Fault
This state covers a BPS fault during operation. It occurs if we receive a message from BMS saying that we have a fault condition, or a timeout occurs on the BPS heartbeat message
If a message is received saying that a fault has occurred, then we can attempt to handle the specific fault
If a BPS timeout has occurred, we must discharge MCI and loop until BPS communication resumes, or the car is power cycled.
BPS indicator is on during this time (and hazard lights flash as well I believe)
Drive FSM
The Drive FSM handles the control of drive state of the car. It receives the drive buttons (Neutral (N), Drive (D), Reverse(R), Parking (P)) and runs the preparations and checks needed to change the drive state of the car, and communicate this value with the motor controllers. One of these preparations is MCI Precharge.
The following conditions need to be met when changing the drive state
Successfully precharge (receive ack) MCI before going into a drive state (D or R)
Discharge MCI when exiting a drive state (to park or fault)
Neutral should stay charged
If a fault condition occurs, we should exit back to neutral and indicate failure.
State Input Functions:
All the following must be met for a transition to happen from the following states
Neutral → Drive
Drive button has been pressed (neutral state)
Power state is POWER_MAIN (neutral state)
Speed state is stationary (speed >= 0) (neutral state)
Get precharge state (state 1)
if state is down (not charged) go to state 2
else go to state 3 (is charged)
Turn on Pre-charge and get ack (state 2)
Transmit REVERSE state to MCI, receive ACK (state 3)
If either step fails, return to neutral
Neutral → Reverse
Drive button has been pressed (neutral state)
Power state is POWER_MAIN (neutral state)
Speed state is stationary (speed <= 0) (neutral state)
Get precharge state (state 1)
if state is down (not charged) go to state 2
else go to state 3 (is charged)
Turn on Pre-charge and get ack (state 2)
Transmit REVERSE state to MCI, receive ACK (state 3)
Drive → Neutral
Neutral button or force (sent by power fsm) or drive_state != main (drive state)
Transmit NEUTRAL state to MCI, receive ACK (state 1)
Reverse → Neutral
Neutral button or force (sent by power fsm) or drive_state != main (drive state)
Transmit NEUTRAL state to MCI, receive ACK (state 1)
Centre Console Communications:
Between power and drive fsm:
Create a struct that is protected by a mutex.
Power fsm will update its state
Drive fsm will read power state
Both fsms will/can update the error status, and both fsms will read the error status.
To MCI:
Current drive state, (forward, reverse, cuise, off?)
cruise target velocity, ignored if not in cruise.