COS DCE Operate FSW changes from v1043 to v1044

Patchable constant change only.  Changing data values from ground test values to those for flight operations.  Specifically, change "Over-current count persistence limit" on both HV Segment A and B from 6 to 100 (See SCR DCE SCRD2).  All changed lines are marked with the text "SCR#2" in the comment field.

 

 

 

COS DCE Operate FSW changes from v1042 to v1043

Requirements Change: During FUV Detector Environmental Testing, a hardware failure to the Quantum Efficiency (QE) Grid led to a situation where a very high count rate - from electrons streaming off the broken QE Grid Wire - produced EXTREMELY high event rates detected at the anode - even though the CRP algorithm had dropped the HV to  HVLOW.  Because this could potentially lead to MCP degradation if a HW failure of this type occurred on-orbit, a decision was made to change the CRP error action to turn OFF the HV - in exactly the same fashion that the DCE FSW presently reacts to an HV over-current event.  The algorithm for triggering a CRP violation remains unchanged.  (See SCR DCE SCRD1.)

1.          Change ACTIVITY_CRP to shut off HV and GRID power when a CRP violation occurs.  This eliminates the need to keep a copy of the CRP history buffer (mCRP_HISTORY) and to maintain the flags CRP_OUT_A and CRP_OUT_B.  Remove these flags and the buffer.  These changes result in simplification of ACTIVITY_CRP in OPERMAIN.A51, and very minor changes to COMMON.INC and PATCHCST.A51.

2.          Unrelated to CRP Change: Added and clarified various COMMENTS ONLY in order to close an action item (AI-8 dated 18Jan01).

 

 

 

COS DCE Operate FSW changes from v1041 to v1042

Problem:  Because the HST errors lists and the number of diagnostics received since the last housekeeping are cleared AFTER building the housekeeping packet, HST errors and diagnostics received DURING the build process are lost.  (This gap in collection/clearing Ð which is approx. 60ms in length Ð results in approx. 6% of HST Errors for Current Limit Protection to be lost.  No other HST Errors are lost because of this gap.)

1.          Double-buffer the HST errors and HST error parameter list using the new (temporary) arrays "mLFDERRcpy" and "mLFDERRPcpy" in module "patchcst.a51".  These copies are made in the routine 'SETUP_TO_BUILD_HKP', at which time the actual actual HST error list is cleared (instead of later in routine 'CLEAR_HKP_PKT').

2.          The housekeeping building script has been updated to use these temporary copies, "mLFDERRcpy" and "mLFDERRPcpy".

3.          Clear counter "mCURR_NUM" in routine 'SETUP_TO_BUILD_HKP' AFTER copying the most recent 5 diagnostics to the holding array "mCURR_5".  This counter was formerly cleared after building housekeeping in routine 'CLEAR_HKP_PKT'.

4.          Change Unrelated to Problem -- For consistency, no longer clear the PH data in routine 'CLEAR_HKP_PKT'.  Rather, clear it "on the fly" right after reading each byte in routine 'SETUP_TO_BUILD_HKP'.

5.          Change Unrelated to Problem -- Changed 'ticks_per_sec' to 100.  There is no need to call 'ACTIVITY_ILIM' any more often than every 10ms. The corresponding persistence limits were also decreased by the factor 4ms/10ms.

 

 

 

COS DCE Operate FSW changes from v1040 to v1041

1.          Change default value of the "Over-current count limit" instructures "ilim_param_hva" and "ilim_param_hvb" from 5 to 15.

2.          New flag bits -- CRP_OUT_A and CRP_OUT_B -- are set to '1' when the corresponding CRP is out of limits and '0' when in limits.  Using these flags, an HST error for CRP violation is sent only when CRP transitions from within limits to out of limits.

3.          A new circular HISTORY buffer is established for CRP counts. If CRP counts go out of limits, the offending CRP buffer is copied to this HISTORY buffer for later analysis.  HISTORY buffer is not overwritten unless CRP goes back in bounds and then out again.

4.          ACTIVITY_CRP now uses the full 256 locations of each CRP circular buffer but only looks at the most-recently stored 'LFPINT' values for testing.  This allows a longer history of the CRP rates to be copied to the new HISTORY buffer for diagnostics.

5.          Created a new routine called 'In_The_Weeds'.  If code ever jumps to one of the filled areas, a call will be made to routine 'In_The_Weeds' which will record the return address associated with the call in XDATA variables 'mWeeds' and then jump to address 0000h (i.e., Boot Mode) for analysis.

6.          Implemented a new 1-byte counter which counts seconds since the last stroking of the watchdog.  If the system ever resets, this counter ('mElapsed') may be inspected for clues.

7.          HST error parameter for CRP violation is changed from the buffer address to '0Axx' for Segment A and '0Bxx' for Segment B, where 'xx' is the offset in the buffer where the most-recent count rate was stored (the one which caused the system to trip).

 

 

 

COS DCE Operate FSW changes from v1039 to v1040

1.          Opermain.a51 Ð Routine 'SAFE_CONTROLS', which, among other things, turns off STIM pulses, now clears the software indicators of the STIM rate on both segments.

 

 

 

COS DCE Operate FSW changes from v1038 to v1039

1.          Opermain.a51 Ð Routine ÔSETUP_TO_BUILD_HKPÕ now reads all 256 words of PH histogram data, byte-swaps it, and stores it as the first 512 bytes of the housekeeping packet.  The housekeeping script now begins with a jump over the first 512 bytes and the four script lines which read PH data are removed.

 

 

 

COS DCE Operate FSW changes from v1034 to v1038

1.          Opermain.a51 Ð Analog sensor readings (68 total) are now performed once per second independent of the BUILD_HKP function.  Routine BUILD_HKP then reads these values from their stored locations in external RAM.

2.          Opermain.a51 Ð Functions LFRACT1 and LFRACT2, if commanded to turn on their respective actuators, will turn off the other actuator.  This ensures that only one actuator is powered at a time.

3.          Patchcst.a51 Ð Housekeeping script reflects collection of analog sensor readings from external RAM vice A/D readings made during the housekeeping build process.

 

 

 

COS DCE Operate FSW changes from v1033 to v1034

1.          Expanded all CRC regions to multiples of 0800 (hex) bytes and rearranged patchable constants (as a block) and scratch pad space (as a block) for greater memory efficiency.  No further CRC region changes should be necessary with this modification (as long as all new code can rightly be classified as ÒsimilarÓ to other routines and, therefore, can be included in an existent CRC block).

 

 

 

COS DCE Operate FSW changes from v1032 to v1033

1.          Opermain.a51 Ð Modified function ÔDCE_LFRACTENÕ to set 3-minute timer then actuators are enabled.

 

 

 

COS DCE Operate FSW changes from v1031 to v1032

1.          Opermain.a51 Ð Modified function ÔDCE_LFPCRPÕ to not clear any portion of the CRP buffer when given an interval of zero (LFPINT = 0).  This was necessary because the routine which clears RAM treats 0000h as 10000h (65,536) bytes and attempts to clear all of external RAM.  Not a pretty picture.

 

 

 

 

COS DCE Operate FSW changes from v1030 to v1031

1.          Patchcst.a51 Ð Housekeeping now reports the full 16-bit value of the parameter LFHRAMPT.  Formerly, only the LSB was reported.

 

 

 

COS DCE Operate FSW changes from v1029 to v1030

1.          Opermain.a51 Ð Change the criterion by which calls to ÔACTIVITY_DOORÕ are made.  Old criterion was Aux Power Enabled.  New criterion is if any of the following conditions is true:  Motor commanding enabled (a software switch), or Motor power is On (hardware), or Actuators enabled (hardware).

 

 

 

COS DCE Operate FSW changes from v1028 to v1029

1.          Opermain.a51 Ð Diagnostic 22 was made into an HST error with error parameter being the starting address of the CRP circular buffer of the segment which caused the shutdown.

2.          Opermain.a51 Ð Diagnostic 26 was made into an HST error with error parameter being the Auxillary current measurement at the time of shutdown.

3.          Patchcst.a51 Ð Removed some harmless vestiges of Boot mode from the HST Error table.  Several diagnostics which exist in Boot mode but not in Operate still had an HST error parameter in this table.  Since the diagnostics do not exist in Operate mode, these parameters would never be seen, but their presence could be confusing.

 

 

 

COS DCE Operate FSW changes from v1017 to v1028

1.          Opermain.a51 Ð DOOR_STOP, due to 3-minute door activity countdown, is now called from the Timer0 ISR rather than from the door activity.  This ensures a DOOR_STOP will be executed even if auxilliary power has been removed prematurely, thus preventing further execution of the door activity.

2.          Opermain.a51 Ð Each of the Operate FSW CRC regions now has a Òdelta CRCÓ as its last two bytes, thus forcing each region to have a fixed CRC Ð 0xC0DE.  Implementation is facilitated by a new macro, FILL_TO_ADDRESS_CRC, found in include file Ôcommon.incÕ.

3.          Opermain.a51 Ð LFHVPWR command now causes a change of state to LFHSTATE=7 whenever power is turned on.  Previously, only if power had been off and then turned on was the state changed to 7.

4.          Opermain.a51 Ð Functions LFRACT1 and LFTACT2 now check that the actuators have been enabled before allowing activation of the HOPS.  If an attempt is made to turn on an actuator without prior enabling, a diagnostic 10 is issued.  This is not an HST error.

5.          Opermain.a51 Ð The door timeout parameter has been converted from an ÒequÓ to a patchable constant.

6.          Opermain.a51 Ð Door motor directions were reversed in documentation and the FSW.  This has been corrected in both the LFRMDIR and LFRACTRS commands.  Old values:  (0=Safe, 1=Close, 2=Open).  New values:  (0=Safe, 1=Open, 2=Close).

7.          Opermain.a51 Ð New command, LFSAFE, calls the DOOR_STOP and SAFE_CONTROLS subroutines, thereby providing a quick way to safe the hardware.  Command opcode is ÔDDÕ.

8.          Opermain.a51 Ð The current limit activity now disables further voltage commands when a shutdown is performed.  One must call the LFHVENA command to enable further voltage commands.

9.          Opermain.a51 Ð DOOR_STOP now clears the motor direction bits as well as turning off motor power.  These are CONTROLS1 bits 3&4.

10.       Opermain.a51 Ð DOOR_STOP now clears the logical variable LFRMENA, thereby disabling further motor commands until reenabled by the LFRMENA command.

11.       Opermain.a51 Ð Status Bits 4 and 5 were reversed.  Status Bits 4 now points to CONTROLS2 (locked register) and Status Bits 5 now points to CONTROLS1 (unlocked register).

12.       Opermain.a51 Ð SAFE_CONTROLS, called upon jump-to-operate and by the new LFSAFE command, now clears the software variables associated with HV target and DAC settings (the hardware was already cleared Ð this just makes the software variables mirror that change).  It also returns LFHSTATE to zero and disables further voltage commands until LFHVENA is called to reenable voltage commanding.

13.       Patchcst.a51 Ð a Òdelta CRCÓ is placed at address 0xFFFE which forces the CRC of the full 32 KB Operate Image to be 0xC0DE.  Of course, this CRC is only valid on fresh copies of Operate FSW and prior to a jump-to-operate, since it also includes the scratchpad and buffer areas of memory.

14.       Patchcst.a51 Ð The patchable constant for door timeout now resides in this file.

 

 

 

COS DCE Operate FSW changes from v1016 to v1017

1.          Opermain.a51 Ð LFHVPWR Command clears circular Buffers and Histograms used by the ILIM Task when commanded to turn HV Power ON.

 

 

 

COS DCE Operate FSW changes from v1002 to v1016

1.          Opermain.a51 Ð Primary and Secondary command channel ISRs now set to interrupt priority HIGH (before, all interrupts were set to same priority).  This allows command words to interrupt the LOW priority Timer0 ISR.  This was necessary to work with the Berkeley GSE and does not violate the ICD.  Since the command ISRs can interrupt the Timer0 ISR, the command ISRs now use register bank 3 (previously unused) so as not to conflict with Timer0Õs use of register bank 1.

2.          Opermain.a51 Ð Operate mode now displays the LSB of the 1-second timer on the LEDs (in order to see that operate mode is ÒaliveÓ and to differentiate it from boot mode).

3.          Opermain.a51 Ð The Òfill_to_boundaryÓ macro was replaced with the Òfill_to_addressÓ macro in those large spaced between the code regions so that as code was added, the boundaries would not change.  Macro Òfill_to_boundaryÓ is still used at the start of every subroutine to start it on the next 16-byte boundary.

4.          Opermain.a51 Ð Routine Òread_countersÓ now writes a zero to the 4th byte (MSB) of each of the counters so that, when reported in housekeeping, it will be zero.  Previously, since the counters are actually 3 bytes but are reported as 4 bytes in housekeeping, the 4th byte was not set to zero (and actually pointed to the LSB of the next counter).

5.          Opermain.a51 Ð The LFDUPLOD command now calls ÔINIT_CRCÕ along with its call to ÔCLEAR_OLD_CRCSÕ in order to prevent upload commands from causing background CRC errors.  This change was made for compatibility with the new boot code (version 01.12) which needed this change due to a bug.

6.          Opermain.a51 Ð Added new command, ÔLFDRSTAÕ, which performs an ACTEL counter reset.  This same reset is performed in Ôsafe_controlsÕ, but was desirable to have as a separately-commandable reset.  The opcode is ÔFAÕ.  The subroutine which implements this command is ÔDCE_LFDRSTAÕ and it is called in the command table.

7.          Opermain.a51 Ð All TDC DAC commands had the wrong DAC channel address.  The upper nibble of each TDC DAC MUX address was incremented by Ô1Õ, so that DAC0 is Ô1Õ, DAC1 is Ô2Õ, and DAC2 is Ô3Õ (upper nibble).  This affects all digitizer DAC commands (the ADC commands were OK).

8.          Opermain.a51 Ð Command ÔLFHVPWRÕ no longer resets VMAX for Segments A and B on power ON, but still does so for power OFF.

9.          Opermain.a51 Ð The current limit task, ÔACTIVITY_ILIMÕ, now reads the three current readings even after the HV is turned off so that the post-HV-shutdown samples show true currents.  This was a bug fix.

10.       Opermain.a51 Ð The current limit task, ÔACTIVITY_ILIMÕ, no longer distinguishes the Ôcurrent reading = 255Õ case from other cases.

11.       Opermain.a51 Ð The current limit task, ÔACTIVITY_ILIMÕ, now shuts off Grid power when HV is shut off.

12.       Opermain.a51 Ð The current limit task, ÔACTIVITY_ILIMÕ, now resets VMAX and VSET to zero when HV is turned off and also clears (to zero) various external RAM parameters associated with voltage ramping (max, target, DAC setting).

13.       Opermain.a51 Ð The count rate protection task, ÔACTIVITY_CRPÕ, now uses the HV ramping task to shut off HV.  It sets the target voltage to the lesser of the current DAC setting and the current target and enables HV ramping.  The HV ramping task then takes one step to the desired voltage and disables further HV ramping.

14.       Opermain.a51 Ð The door task, ÔACTIVITY_DOORÕ, had an undocumented feature allowing one to bypass the Ôperform door stop upon change of state of the door latchÕ test.  The concern was that there might be noise in the door latch switch which could cause premature door stop.  This bypass is now removed.

15.       Opermain.a51 Ð A spurious Ô255Õ was showing up in housekeeping (and jumping all around the GSE screen).  The bug that was found in the FSW was that instead of disabling Timer0 ISR while in Ôbuild_hkpÕ during ADC reads, old Timer1 ISR was being disabled and later re-enabled.  Timer1 ISR never fired off because Timer1 had never been started, but failure to inhibit Timer0 allowed ÔACTIVITY_ILIMÕ, which also uses the ADC and is called by Timer0, to change the MUX address and thereby allow bogus readings in the housekeeping.  The bogus readings moved around depending on where in the Ôbuild_hkpÕ one was executing when the Timer0 ISR was called.

16.       Opermain.a51 Ð Subroutine Ôsafe_controlsÕ now disables STIMS and resets VMAX and VSET on both A and B segments to zero.

17.       Patchcst.a51 Ð Diagnostics 2A, 2B, and 2E are now HST errors, with the HST error parameter being the offset within the circular buffer where the current limit caused an HV shutoff.

18.       Patchcst.a51 Ð Various initial values for the tasks were changed from their Ôused for testing by WillÕ values to settings more appropriate for operation.

19.       Patchcst.a51 Ð Housekeeping was collecting the PH data incorrectly Ð reading 64 words and then skipping 64 words before reading the next 64 words.  Merely a programming oversight.  It was evident from the GSE display that something was amiss and also from the GSE display that the correction was proper.

20.       Patchcst.a51 Ð CRP parameters ÔLFPINTAÕ and ÔLFPINTBÕ are given in housekeeping as 2-byte quantities when they are, in reality, only 1-byte each.  They are now stored in housekeeping as 1-byte with the second byte (MSB) being left with its initial (zero) value.