;
; FAULTS AND POWER:
;
-; Shutdown CDU Timeout User Fault Next states
+; Shutdown CDU Time User Fault Next states and action when
+; fault timeout ON OFF
;
-; Off shutdown off none off *On (or +Fault)
-; On power-up on none off Fault, or *Off
-; Stopping shutdown off 500ms 50% 1/100ms ->Retry
-; Retry power-up off 50ms off ->Off, or Persists
-; Persists shutdown off 90ms on ->Retry
-; * = when host instructs
-; + = lost race, only
-; -> = after timeout
+; Off shutdown off none off On
+; On power-up on none off Stopping,FAULT Off
+; Stopping shutdown on 500ms 50% 1/100ms Retry
+; Retry power-up off 50ms off Persists Off,FIXED Off
+; Persists shutdown off 90ms on Retry Off
+;
+; (no notation: event ignored)
;
; shutdown LAT stop_wait retry_wait
;
-; Off H (shutdown) stopped stopped
-; On L (power-up) stopped stopped
+; Off H (shutdown) 0 0
+; On L (power-up) 0 0
; Stopping H (shutdown) before Retry for LED flash
-; Retry L (power-up) stopped before Off
-; Persists H (shutdown) stopped before retry
+; Retry L (power-up) 0 before Off
+; Persists H (shutdown) 0 before retry
;
; (uses tickdiv) (uses tick)
;----------
command_power_off @
-; On -> Off; noop in other states
- pinlat_ifh p0_booster_shutdown
- return ; Off, Stopping or Persists
- ; might be On or Retry:
-
- tst_f_ifnz retry_wait
- return ; that deals with Retry
- ; must be On:
+; On, Retry, Persists -> Off; noop in Off or Stopping
+ tst_f_ifnz stop_wait
+ return ; that deals with Stopping
+ ; must be On, Off, Retry or Persists:
+ ; (it's harmless to do this if we were already Off)
power_off_now
+ clr_f retry_wait
+ pin_vh p0_booster_userfault
pin_vh p0_booster_shutdown
goto cdu_off
; we have a fault:
bc_f INTCON3, INT1IF
- call power_off_now
- mov_fw retry_wait
- bra_z power_fault_stop ; we were Off or On, goto Stopping
- ; must be Stopping, Retry or Persists:
+ pinlat_ifh p0_booster_shutdown
+ bra faultintrl_noop
+ ; Off, Stopping or Persists - must have lost the race
+ ; or flapped while we faffed. Well, never mind, it's
+ ; off now and we're taking care of it. (If the host
+ ; caused Off by OFF they can at worst send an OFF and
+ ; immediate ON in about 2ms, so worst-case duty cycle
+ ; for a short (if the host is perversely timed) is
+ ; (our interrupt latency) / 2ms
+ ; and if they ever don't manage to get the OFF through
+ ; in time then we go into Stopping.)
+ ; must be On or Retry:
- tst_f_ifnz stop_wait
- bra power_fault_stop ; we were already Stopping; restart timer
- ; might be Retry or Persists, goto Persists (restarting any timer):
+ pin_vh p0_booster_shutdown
+ tst_f_ifnz retry_wait
+ bra fault_persists ; that deals with Retry
+ ; must be On:
- mov_lw persist_timeout / tick_us
- mov_wf retry_wait
- pin_vl p0_booster_userfault
- intrl_handled_nostack
+ mov_lw b'00000111'
+ call serial_addbyte
-;-----
-power_fault_stop
mov_lw stop_timeout / tickdiv_us
mov_wf stop_wait
pin_vl p0_booster_userfault
- mov_lw b'00000111'
- call serial_addbyte
rcall power_stop_doflash
intrl_handled_nostack
+;-----
+fault_persists ; Retry -> Persists (booster was shut down just a moment ago)
+ mov_lw persist_timeout / tick_us
+ mov_wf retry_wait
+ pin_vl p0_booster_userfault
+faultintrl_noop
+ intrl_handled_nostack
+
;--------------------
power_fault_tick @
tst_f_ifnz retry_wait
; we were in Stopping, Retry or Persists:
tst_f_ifnz stop_wait
- bra power_stop_doflash ; that was Stopping, just flash the LED
+ bra power_stop_doflash ; that deals with Stopping (just flash)
; must be Retry or Persists:
pinlat_ifh p0_booster_shutdown
return
; stop_wait was running but has just reached zero;
; we were in Stopping, now we can Retry:
+ call cdu_off
power_retry
mov_lw retry_timeout / tickdiv_us
mov_wf retry_wait