Safety Controller

The safety controller is the software component that monitors the overall condition of the reflow controller, and stops the output driver in case of an error.

Severe error flags, like a drifting reference voltage, stop the PID controller and force the output to zero. The controller stays in a usable state. After the errors have been cleared, normal operation may continue.

On the other hand, fatal errors like an over-temperature error, or memory problem, lead to the activation of the Panic Mode, which forces the output zero, but does not allow any further interaction.

On top of this, a Safety Backup RAM is implemented. It stores permantent errors, which are reset at a restart. On top of that, it stores the Boot Status Flag Entries, which are used to retain boot information across resets, for example to communicate with the firmware updater etc. The RAM also contains entries, that allow overrides of flag weights and persistance.

• Safety Flags
  • ERR_FLAG_MEAS_ADC_OVERFLOW
  • ERR_FLAG_MEAS_ADC_OFF
  • ERR_FLAG_MEAS_ADC_WATCHDOG
  • ERR_FLAG_MEAS_ADC_UNSTABLE
  • ERR_FLAG_SAFETY_MEM_CORRUPT
  • ERR_FLAG_STACK
  • ERR_FLAG_TIMING_PID
  • ERR_FLAG_OVERTEMP
• Safety Backup RAM
  • Overview
  • Partitioning and Entries
    • Header
    • Boot Status Flag Entries
    • Config Overrides
    • Error Memory
    • CRC Checksum
• Error Handling
  • Panic Mode
  • Error memory
• Safety Stack Checking
  • Stack Pointer Checking
  • Stack and Heap Corruption Checking