Errors and severities

This is a classification of the current driver display warnings (as of 2021-04-11) into three categories:

dangerous (better pull over)
possibly a problem (depends on context from other telemetry systems - some of them could be better classified into dangerous or warnings based on additional data)
warnings (can wait)

I’ll also note which ones were removed or no longer applicable, and new ones that should be added (but aren’t in the driver display code right now).

Applicable errors

These errors are thrown by the car, and are currently implemented in the driver display.

Fault	Severity	Notes

Fault	Severity	Notes
`CentreConsoleStateTransitionFault`	Possibly a problem	Thrown if we fail to transition between power states (main ↔︎ aux ↔︎ off) or drive states (drive ↔︎ neutral ↔︎ reverse).
`MCIOverTemp`	Dangerous	Not yet implemented in driver display (and still in progress in firmware), but should be thrown when the motor controllers are over a threshold temperature. Name is kind of a misnomer since the motor controllers are overtemperature, not the MCI board which interfaces with them.
`MCIAckFailed`	Dangerous	Not implemented in firmware, and the current driver display implementation will have to be changed (it checks for a CAN message that doesn’t exist). If/when implemented, would be thrown when MCI fails to respond to a heartbeat message, so it’s cut off from CAN and/or down.
`PedalAckFailed`	Dangerous	Same deal as `MCIAckFailed` just for pedal. Not implemented in firmware and driver display implementation will need changed.
`ChargerFaultHardwareFailure`	Possibly a problem	Note for all charger faults: these should only be thrown when we’re physically parked and charging with a wall charger. If any of these are thrown, we aren’t charging. Severities are estimates since I haven’t read the charger spec in detail, but @Jess Douglas Muir (Deactivated) has and might have more insight. Thrown if the charger hardware fails, I guess.
`ChargerFaultOverTemperature`	Dangerous	Thrown if the charger goes into overtemperature protection.
`ChargerFaultWrongVoltage`	Warning	Thrown if the charger gets the wrong input voltage.
`ChargerFaultPolarityFailure`	Warning	Thrown if the charger doesn’t start charging to prevent reverse polarity.
`ChargerFaultCommunicationTimeout`	Warning	Thrown if the charger interface board fails to communicate with the charger.
`ChargerFaultChargerOff`	Warning	Thrown if the charger is off when we try to charge.
`SolarFaultMCP3427`	Warning (minor)	Thrown if one of the ADCs (analog-digital converters) on the solar board has failed to convert a voltage too many times, so we don’t have fresh data. Currently “too many” = 3. MCP3427 is the name of the ADC chip. Might indicate that an MCP3427 needs to be replaced on solar. Which MCP3427 it is can be decoded from the fault data on the CAN message if necessary (ask @Ryan Dancy). Really a minor issue unless we’re getting lots of them from many different MCP3427s. Could reduce our ability to detect solar overvoltages.
`SolarFaultMPPTOverCurrent`	Possibly a problem	Thrown if there’s an overcurrent in a single MPPT (maximum power point tracker - handles getting max power from the solar panels), as reported by the MPPT. Which MPPT it is can be gotten from the CAN data. @Micah Black may know more about how big a problem this is (and the rest of the solar faults).
`SolarFaultMPPTOverVoltage`	Possibly a problem	Thrown if there’s an overvoltage in a single MPPT, as reported by the MPPT. Again we can get which MPPT it is from the CAN data.
`SolarFaultMPPTOverTemperature`	Possibly a problem	Thrown if there’s an overtemperature in a single MPPT, as reported by the MPPT. Again we can get which MPPT it is.
`SolarFaultOverCurrent`	Possibly a problem (major, see note)	Thrown if the whole solar array outputs too much current (currently, >9A). Note: If this is thrown, the solar array will be cut off from the battery and solar will stop working until a power cycle. We should still be able to drive when that happens. Soon to come from firmware: we will check that the solar array was indeed cut off and transmit a new CAN message to notify if it is, or we’ll transmit a new solar fault (“dangerous” level) if it wasn’t successfully cut off. If it was successfully cut off, driver display should notify the driver that it’s safe to continue, and if it wasn’t, we need to pull over. This applies to all solar faults where solar stops working until a power cycle.
`SolarFaultNegativeCurrent`	Possibly a problem (major, see note)	Thrown if the current output from the solar array is negative. Note: Again, if thrown, solar will stop working until a power cycle.
`SolarFaultOverVoltage`	Possibly a problem (major, see note)	Thrown if the total voltage output from the solar array is too high (currently, >160V). Note: Again, if thrown, solar will stop working until a power cycle.
`SolarFaultOverTemperature`	Possibly a problem (major)	Thrown if the solar array is overtemperature (threshold not calibrated yet). This does not cause solar to stop working.
`BPSACKFailed`	Dangerous	Note for all BPS faults: If a BPS fault occurs, a strobe light will go off, we’ll immediately transition to aux power, MCI will be turned off (so the motors will die), and centre console will lock up so the only way to get out of this state is to completely power cycle the car. We’ll be forced to pull over. We send a BPS heartbeat message every second to verify that the BPS (battery protection system) is online and OK. This is thrown by the BMS (battery management system) if it doesn’t get an acknowledgement from centre console for the BPS heartbeat, so centre console is down or CAN communication has been cut.
`BPSKillSwitch`	Dangerous	Thrown if the driver flips the kill switch in the car.
`BPSRelayFault`	Dangerous	Thrown if opening or closing the main relay fails.
`BPSCurrentSenseFault`	Dangerous	Thrown if the main battery has an overcurrent. Thresholds: currently 130A for discharging, 81.6A for charging. Also thrown if the ADC (chip: ADS1259) has a fault.
`BPSAFECellFault`	Dangerous	Thrown if an AFE (analog front end, controls an individual cell) indicates an overvoltage or undervoltage from a cell. Thresholds: currently 2.5V undervoltage, 4.2V overvoltage (but might be calibrated more in the future).
`BPSAFETempFault`	Dangerous	Thrown if an AFE indicates an overtemperature from a cell. Thresholds currently not calibrated.
`BPSAFEFSMFault`	Dangerous	Thrown if an AFE has a miscellaneous error (e.g. SPI errors, checksum failures).
`BMSOverVoltage`	Dangerous	Not implemented in driver display or firmware yet.

Errors to be added

These errors aren’t currently implemented, but should be added. Naming is flexible.

For power distribution (PD) errors: guidelines on decoding PD error messages here: Decoding Power Distribution Error Codes (bug @Ryan Dancy to update it if it’s out of date)

Fault	Severity	Notes

Fault

Severity

Notes

PDFanFault

Warning

Thrown if one of the fans get stuck or otherwise fail. Front PD handles driver fans, rear PD handles rear enclosure and DCDC fans.

PDLoadSwitchFault

Possibly a problem

Thrown if there’s a fault in a BTS7200 or BTS7040 load switch. This means that the output the load switch controls will switch off for at least a moment and possibly more. How big a deal this is depends on which output is faulting: see https://github.com/uw-midsun/firmware_xiv/blob/master/projects/power_distribution/inc/output.h for the list of outputs in order starting from 0.

In the future firmware might support clearing these faults so we know whether the output has turned off permanently or whether the BTS7200/7040 firmware has recovered from the fault.

Errors to be removed

These errors should be removed from the driver display codebase, they’re no longer thrown by the car.

Fault to remove	Notes

Fault to remove	Notes
`CentreConsoleFault`	Was triggered on a `FAULT_SEQUENCE` CAN message, which was never implemented and ended up being removed.