Power Distribution
- Mitchell Langdon Ostler
- Aryan Kashem
Hardware Validation - Rev 1
| Validation Steps | Status | Blockers |
|---|---|---|---|
Outputs | Verify Operation of Load switches using bts_load_switch driver @Adhiraj Singh Verify Operation of Outputs using Output Config @Adhiraj Singh Verify current readings Verify multiplexor with current readings Trigger Undervoltage/overvoltage conditions, see if it triggers interrupt (do after everything else in case board explodes) | In Progress
|
|
Output Read verification | Verify Outputs are successfully read in main loop | Blocked | Need gpio expanders verified |
Lights FSM verification | Verify by setting can messages internally Verify by sending can messages over PEAK CAN | Blocked | Need all previous verified |
Power FSM Verification | Verify by setting can messages internally Verify by sending can messages over PEAK CAN | Blocked | Need all previous verified |
Hardware Validation - Rev 2
IMPORTANT: Send battery status information as soon as the program starts to prevent fault mode
Using Python CAN parser tool with this message: repeat(1, send_bms_carrier_battery_status, 10, 0, 0)
| Validation Steps | Inputs | Outputs |
|---|---|---|---|
IO expander | Verify PCA expanders are able to communicate with STM PCA 1 (0x20) PCA 2 (0x21) | Trigger FSM state changes using CAN messages. Easy ones: | Corresponding LEDs and power sources turn on |
Outputs | Verify outputs all enable/disable as expected SOLAR_SENSE_1 SOLAR_SENSE_2 PEDAL STEERING LEFT_TURN RIGHT_TURN DRL_LIGHT BRAKE_LIGHT CENTER_CONSOLE BMS_DCDC MCI BPS_LIGHT SPARE_12V_1 SPARE_12V_2 BMS_AUX DRIVER_FAN REAR_CAM_LCD SPARE_5V_DCDC TELEMETRY SPARE_5V_AUX | Cycle through all FSMs: To go from off state → close relays state, send
To go from close relays state → power on, send To go from on state → off state, send
To go from on state → turn on drive state, send
To go from turn on drive state → drive state, send To go from drive state → on state, send
LIGHTS FSM: To turn on left light, send
To turn on right light, send
To turn on brake light, send
To turn on hazard lights, send
|
|
Output isense read | Verify Mux select allows for output current values to be read: |
|
|
AUX Valid pins | Ensure AUX valid low when no AUX supply connected Ensure AUX Valid high when aux is connected |
|
|
DCD Valid pins | Ensure DCDC valid low when no DCDC supply connected Ensure DCDC Valid high when DCDC is connected |
|
|
Output Config and Power FSM Validation
For the outputs, CAN TX indicates a message we expect to see, LOG indicates an expected printed message, OUTPUT indicates the expected output group to be set
For state changes, the following outputs are what we are looking for:
power_info_power_state - should reflect the current power state (OFF/ON/DRIVE)
relay_request_set_relays - This signal tells BMS that we want the relays connected (main power connected to the car). Should start as EE_RELAY_STATE_OPEN in POWER OFF, in any other state should be EE_RELAY_STATE_CLOSED
| Validation Steps | Initial Conditions | Outputs |
|---|---|---|---|
Check for each power state, ensure only the correct outputs are set
| N/A | See Power Distribution Design doc for expected outputs | |
On startup, output group enabled is POWER_FSM_OUTPUT_OFF | Initial Power On | Initial state is Power FSM OFF (BMS and Centre Console Outputs Enabled) LOG: STATE = POWER_OFF | |
Both centre console messages should cause a transition to TRANSMIT_BMS_CLOSE_RELAYS. After 3sec with no relay message, we should return to POWER_OFF | From POWER_OFF send | CAN TX: relay_request_set_relays == EE_RELAY_STATE_CLOSED LOG: STATE = BMS_RELAYS after 3 seconds LOG: STATE = POWER OFF OUTPUT: POWER_OFF | |
If PD receives a PWR_CTL_EVENT_BTN and then a relays_closed state from BMS, we should transition to POWER_ON, and stay there | From POWER_OFF send and battery_relay_info_state == EE_RELAY_STATE_CLOSED
| CAN_TX:
LOG: Transitioned to DRIVE STATE OUTPUT: POWER_ON | |
Centre console message should cause a transition to POWER_OFF | From POWER_ON, send either of the two PWR_CTL_EVENTS to the controller board | CAN_TX:
LOG: Transitioned to OFF STATE OUTPUT: POWER_OFF | |
If we receive EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE in POWER_ON state, we should transition to TURN_ON_DRIVE_OUTPUTS. If we don’t receive a message from MCI, we should return to POWER_ON | From POWER_ON, send EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE. We should transition to TURN_ON_DRIVE_OUTPUTS which sets the output group to POWER_DRIVE, and then after 3 cycles return to POWER_ON | CAN_TX:
LOG: transition to TURN_ON_OUTPUTS OUTPUT: POWER_DRIVE *after 3 cycle timeout* LOG: transition to POWER_ON OUTPUT: POWER_ON | |
A successful transition to POWER_DRIVE from POWER_OFF requires the following in order:
| Start in POWER_OFF, send 3 messages described | CAN_TX: (each updated state will send a new message)
| |
If we are in power drive, and we receive either PWR_CTL_EVENT, we should transition to POWER_ON. receiving a second event (EE_CC_PWR_CTL_EVENT_BTN without brake) will transition us to POWER_OFF | Start in POWER_DRIVE. Send:
| CAN_TX: (each updated state will send a new message)
LOG (look for each state printed as we transition)
| |
If we are in power drive, and we receive either PWR_CTL_EVENT, we should transition to POWER_ON. Receiving EE_CC_PWR_CTL_EVENT_BTN_AND_BRAKE should send us back to POWER_DRIVE | Start in POWER_DRIVE. Send:
|
| |
Fault Conditions | Faults occur, only when we lose communication with BMS. For each state, we need to see that it successfully transitions to fault on not receiving the BMS Message |
|
|
On startup, if no BMS status message is received for 3 cycles we should automatically transition to the fault state | Start in POWER_OFF (automatically done on startup) |
| |
if no BMS status message is received for 3 cycles we should automatically transition to the fault state | Start in BMS_RELAYS |
| |
if no BMS status message is received for 3 cycles we should automatically transition to the fault state | Start in POWER_ON |
| |
if no BMS status message is received for 3 cycles we should automatically transition to the fault state | Start in TURN_ON_DRIVE_OUTPUTS |
| |
if no BMS status message is received for 3 cycles we should automatically transition to the fault state | Start in POWER_DRIVE |
|
Lights verification
There are two parts to the lights verification, the lights FSM and the standalone lights.
The lights FSM controls, the right and left turning signals (and hazards, which is both). The standalone lights are the BPS indicator and the brake lights. We need to verify that they work in each of the states, as well as through transitions.
For each of the tests, we need to check them in each state, which is what the States Checked box is for
| Validation Steps | Initial Conditions | Outputs | States checked |
|---|---|---|---|---|
Transition through each state, ensure that right, left, and brake lights are not enabled by default. BPS Fault indicator will be set by any transition into the fault state, so ensure that all transitions are valid | N/A | No lights | ||
Set steering info message to contain left_signal, send to power_distribution |
| left light |
| |
Set steering info message to contain right_signal, send to power_distribution |
| right light |
| |
Set centre console message to contain hazard enabled signal. Verify output. Send hazards off signal |
| Right and left light blink when hazards enabled |
| |
Try for each, left and right turning signal. Start with the turn signal enabled. Turn on hazards, check that both lights start blinking. Turn off hazards, check that we return to turn signal with one light blinking |
|
|
| |
Check that brake signal > 0 turns on brake light |
| Brake light on |
|