Details
-
Type:
Story
-
Status: Done
-
Resolution: Done
-
Fix Version/s: None
-
Component/s: ts_main_telescope
-
Labels:
-
Story Points:2
-
Epic Link:
-
Sprint:TSSW Sprint - Jan 18 - Feb 1, TSSW Sprint - Feb 1 - Feb 15
-
Team:Telescope and Site
-
Urgent?:No
Description
We want to implement a software safety system in the MTRotator CSC: if the error between the rotator and camera cable wrap gets larger than some specified amount, halt the rotator and put the system into a FAULT state. (This gives the camera cable wrap a chance to catch up, which makes it fairly easy to recover from this error).
In order to support this I would like a new low-level command which tells the rotator controller to halt the rotator and go into a FAULT state.
(Note that the CSC summary state is maintained in the low-level controller, not the CSC, so it is not practical to simply send the CSC itself into a FAULT state.)
We would like to have in place by the time we add all the lines to the camera cable wrap and have to keep it in sync with the camera rotator. My understanding is that will occur sometime in February.
Attachments
Issue Links
Activity
It looks like I could use the rotatorCommands_signal.StateCommands_errorCheck to make the value of errorIsTrue to be True. This should stop the rotator's motion and put into the system into Fault state in a latter time. Need to test this idea in the Simulink model. I may need to consider the behavior of clearError, which should reset the value of errorIsTrue.
The state machine now supports the errorIsTrue in Standby, Disabled, and Enabled state. I realized this is used by the interlock system.
It looks like this idea only works if the rotator's movement is not done yet (the target of point-to-point movement is 1.5 degree):
Updated the state machine to decrease the restriction of errorIsTrue in Enabled state. Set the target position to be 1.5 degree, the system could be put into the Fault state even though the system finished the movement:
Discussed with Russell and updated the commanding.c for the ERRORCHECK command. Updated the configRot.c and utility.c for the memory allocation. Removed the /nfsdemo in runmain.
Please ignore the first commit of rotator controller for the clang-format. For the simulink part, please base on the comment in this ticket to see the simulation result. Thanks!
Looks nice (though there's a bit of it I don't understand). A few minor suggestions on github that you can adopt or ignore as you see fit.
Discussed with Russell for the possible options to put the system into the Fault state. We agreed that when this new command is issued, the system should stop the active motion gently and transition to the Fault state. In addition, this new command is only needed in the CSC level and the EUI does not need to support this.
Russell and I agreed this new command should only work in the Enabled state. Once the system is in the Enabled state, no matter what it is doing right now, it should be put into the Fault state. The clearError command should be able to clear this special command and put the system back to the Standby state.
It might be easier to allow the Standby, Disabled, and Enabled states.