4.6. Supervisory Algorithms¶
Supervisory algorithms include
- Monitoring (including fault detection)
- Overvoltage/undervoltage detection
- Overcurrent detection
- Watchdog timer management
- Stall detection and recovery
- Other supervisory algorithms
- Thermal management
- Saturation and antiwindup management (if not already present in the velocity and current controllers)
- Adaptive estimators (e.g. online resistance estimation)
- Field weakening
- Maximum torque per ampere (MTPA) controllers
4.6.1. Implementation Notes¶
More specific information is available on monitoring (including stall detection), and recovery in the corresponding documents.
MCAF v1.0 does not include any of these algorithms:
- Field weakening
- Thermal management
- Adaptive estimators
- MTPA
4.6.1.1. Watchdog Timer Management¶
The watchdog module leverages the watchdog timer found in PIC® microcontroller and
dsPIC® DSC devices. The hardware watchdog timeout is relatively simple, just
a counter that automatically increments and causes a watchdog reset if
it overflows; firmware prevents this by clearing the watchdog timer as
a signal that it is operating normally, so that in the event that a
blocking operation unexpectedly stops the firmware from being responsive,
a reset will occur.
The MCAF uses the hardware watchdog timer to catch unresponsive code in
both the main loop and the control ISR. It does this by requiring two simple
tasks to run, one in the main loop and the other in the control ISR, in order
for the watchdog timer to be reset. The function MCAF_WatchdogManageIsr()
is the task that actually clears the watchdog timer from within the control ISR,
but it also maintains a “software watchdog” counter isrCount which increments on each control
loop update. It is the responsibility of the main loop task to call MCAF_WatchdogManageMainLoop(),
which clears the software counter, often enough so that the software watchdog does not reach a timeout.
- If the ISR becomes unresponsive, it will not clear the hardware watchdog timer, and upon the next watchdog timeout, a watchdog reset will occur.
- If the main loop becomes unresponsive, it will not clear the software watchdog timer, and when that timer reaches a timeout threshold, the ISR will stop clearing the hardware watchdog timer. Upon the next watchdog timeout, a watchdog reset will occur. The main loop software watchdog timeout is essentially much longer than the hardware watchdog timeout, but it is also a much less critical task thread.
Cause of a watchdog reset can be determined by examining the value of the software watchdog counter; if it is above the timeout threshold then the main loop was unresponsive, whereas if the software counter is below the timeout threshold then the control ISR was unresponsive.
4.6.1.2. Modules¶
| Module | Files | Description | Comments |
|---|---|---|---|
parameters/fault_detect_params |
parameters/fault_detect_params.h |
Fault detection parameters | |
fault_detect |
fault_detect.cfault_detect.hfault_detect_types.h |
Fault detection | |
monitor |
monitor.cmonitor.hmonitor_types.h |
Fault-handling | |
recover |
recover.crecover.h |
Recovery from stall detection | |
stall_detect |
stall_detect.cstall_detect.hstall_detect_types.h |
Stall detection | |
watchdog |
watchdog.h |
Watchdog timer management | see section on Watchdog Timer Management |