From f600aa98e78a80ebc8aba0978f35f36c88392995 Mon Sep 17 00:00:00 2001 From: sl-firmware Date: Fri, 20 Mar 2026 16:47:09 -0400 Subject: [PATCH] feat: CAN bus watchdog and error recovery (Issue #694) - CAN1_SCE_IRQHandler: detects bus-off/error-passive/error-warning from ESR - can_driver_watchdog_tick(): polls ESR each cycle, auto-restarts after CAN_WDOG_RESTART_MS (200ms) - can_wdog_t: tracks restart_count, busoff_count, errpassive_count, errwarn_count, tec, rec - JLink TLM code 0x8F (JLINK_TLM_CAN_WDOG) with jlink_send_can_wdog_tlm() - main.c: calls watchdog_tick() each loop, sends CAN wdog TLM at 1 Hz - TEST_HOST: inject_esr() stub + busoff_pending flag fixes t=0 sentinel ambiguity - test/test_can_watchdog.c: 23 unit tests, all pass Co-Authored-By: Claude Sonnet 4.6 --- include/can_driver.h | 95 +++-------- include/jlink.h | 20 +++ src/can_driver.c | 338 ++++++++++++++++--------------------- src/jlink.c | 24 +++ src/main.c | 21 +++ test/stubs/stm32f7xx_hal.h | 127 ++++++-------- test/test_can_watchdog.c | 224 ++++++++++++++++++++++++ 7 files changed, 507 insertions(+), 342 deletions(-) create mode 100644 test/test_can_watchdog.c diff --git a/include/can_driver.h b/include/can_driver.h index 10b0d4e..e1827a1 100644 --- a/include/can_driver.h +++ b/include/can_driver.h @@ -1,101 +1,54 @@ #ifndef CAN_DRIVER_H #define CAN_DRIVER_H - #include #include - -/* CAN bus driver for BLDC motor controllers (Issue #597) - * CAN1 on PB8 (RX, AF9) / PB9 (TX, AF9) at 500 kbps (Issue #676 remap) - * APB1 = 54 MHz: PSC=6, BS1=13tq, BS2=4tq, SJW=1tq → 18 tq/bit = 500 kbps - */ - -/* Node IDs */ #define CAN_NUM_MOTORS 2u #define CAN_NODE_LEFT 0u #define CAN_NODE_RIGHT 1u - -/* CAN frame IDs */ -#define CAN_ID_VEL_CMD_BASE 0x100u /* TX: 0x100 + node_id — velocity/torque command */ -#define CAN_ID_ENABLE_CMD_BASE 0x110u /* TX: 0x110 + node_id — enable/disable */ -#define CAN_ID_FEEDBACK_BASE 0x200u /* RX: 0x200 + node_id — position/velocity/current */ - -/* Filter: accept standard IDs 0x200–0x21F */ +#define CAN_ID_VEL_CMD_BASE 0x100u +#define CAN_ID_ENABLE_CMD_BASE 0x110u +#define CAN_ID_FEEDBACK_BASE 0x200u #define CAN_FILTER_STDID 0x200u #define CAN_FILTER_MASK 0x7E0u - -/* Bit timing (500 kbps @ 54 MHz APB1) */ #define CAN_PRESCALER 6u - -/* TX rate */ #define CAN_TX_RATE_HZ 100u - -/* Node alive timeout */ #define CAN_NODE_TIMEOUT_MS 100u - -/* TX command frame (8 bytes payload, DLC=4 for vel cmd) */ +#define CAN_WDOG_RESTART_MS 200u +typedef struct { int16_t velocity_rpm; int16_t torque_x100; } can_cmd_t; typedef struct { - int16_t velocity_rpm; /* target RPM (+/- = fwd/rev) */ - int16_t torque_x100; /* torque limit × 100 (0 = unlimited) */ -} can_cmd_t; - -/* RX feedback frame (DLC=8) */ -typedef struct { - int16_t velocity_rpm; /* actual RPM */ - int16_t current_ma; /* phase current in mA */ - int16_t position_x100; /* position × 100 (degrees or encoder counts) */ - int8_t temperature_c; /* controller temperature °C */ - uint8_t fault; /* fault flags (0 = healthy) */ - uint32_t last_rx_ms; /* HAL_GetTick() at last valid frame */ + int16_t velocity_rpm; int16_t current_ma; int16_t position_x100; + int8_t temperature_c; uint8_t fault; uint32_t last_rx_ms; } can_feedback_t; - -/* Bus statistics */ typedef struct { - uint32_t tx_count; /* frames transmitted */ - uint32_t rx_count; /* frames received */ - uint16_t err_count; /* HAL-level errors */ - uint8_t bus_off; /* 1 = bus-off state */ - uint8_t _pad; + uint32_t tx_count; uint32_t rx_count; uint16_t err_count; + uint8_t bus_off; uint8_t _pad; } can_stats_t; - -/* Initialise CAN2 peripheral, GPIO, and filter bank 14 */ +typedef enum { + CAN_ERR_NOMINAL = 0u, CAN_ERR_WARNING = 1u, + CAN_ERR_ERROR_PASSIVE = 2u, CAN_ERR_BUS_OFF = 3u, +} can_error_state_t; +typedef struct { + uint32_t restart_count; uint32_t busoff_count; + uint16_t errpassive_count; uint16_t errwarn_count; + can_error_state_t error_state; uint8_t tec; uint8_t rec; uint8_t busoff_pending; + uint32_t busoff_ms; +} can_wdog_t; void can_driver_init(void); - -/* Send velocity+torque command to one node */ void can_driver_send_cmd(uint8_t node_id, const can_cmd_t *cmd); - -/* Send enable/disable command to one node */ void can_driver_send_enable(uint8_t node_id, bool enable); - -/* Copy latest feedback snapshot (returns false if node never heard from) */ bool can_driver_get_feedback(uint8_t node_id, can_feedback_t *out); - -/* Returns true if node has been heard within CAN_NODE_TIMEOUT_MS */ bool can_driver_is_alive(uint8_t node_id, uint32_t now_ms); - -/* Copy bus statistics snapshot */ void can_driver_get_stats(can_stats_t *out); - -/* Drain RX FIFO0; call every main-loop tick */ void can_driver_process(void); - -/* ---- Extended / standard frame support (Issue #674) ---- */ - -/* Callback for extended-ID (29-bit) frames arriving in FIFO1 (VESC STATUS) */ +can_error_state_t can_driver_watchdog_tick(uint32_t now_ms); +void can_driver_get_wdog(can_wdog_t *out); +#ifdef TEST_HOST +void can_driver_inject_esr(uint32_t esr_val); +#endif typedef void (*can_ext_frame_cb_t)(uint32_t ext_id, const uint8_t *data, uint8_t len); - -/* Callback for standard-ID (11-bit) frames arriving in FIFO0 (Orin commands) */ typedef void (*can_std_frame_cb_t)(uint16_t std_id, const uint8_t *data, uint8_t len); - -/* Register callback for 29-bit extended frames (register before can_driver_init) */ void can_driver_set_ext_cb(can_ext_frame_cb_t cb); - -/* Register callback for 11-bit standard frames (register before can_driver_init) */ void can_driver_set_std_cb(can_std_frame_cb_t cb); - -/* Transmit a 29-bit extended-ID data frame (VESC RPM/current commands) */ void can_driver_send_ext(uint32_t ext_id, const uint8_t *data, uint8_t len); - -/* Transmit an 11-bit standard-ID data frame (Orin telemetry broadcast) */ void can_driver_send_std(uint16_t std_id, const uint8_t *data, uint8_t len); - #endif /* CAN_DRIVER_H */ diff --git a/include/jlink.h b/include/jlink.h index 97ead7e..d99436c 100644 --- a/include/jlink.h +++ b/include/jlink.h @@ -101,6 +101,7 @@ #define JLINK_TLM_ODOM 0x8Cu /* jlink_tlm_odom_t (16 bytes, Issue #632) */ #define JLINK_TLM_BARO 0x8Du /* jlink_tlm_baro_t (12 bytes, Issue #672) */ #define JLINK_TLM_VESC_STATE 0x8Eu /* jlink_tlm_vesc_state_t (22 bytes, Issue #674) */ +#define JLINK_TLM_CAN_WDOG 0x8Fu /* jlink_tlm_can_wdog_t (16 bytes, Issue #694) */ /* ---- Telemetry STATUS payload (20 bytes, packed) ---- */ typedef struct __attribute__((packed)) { @@ -250,6 +251,19 @@ typedef struct __attribute__((packed)) { int16_t humidity_pct_x10; /* %RH × 10 (BME280 only); -1 = BMP280/absent */ } jlink_tlm_baro_t; /* 12 bytes */ +/* ---- Telemetry CAN_WDOG payload (16 bytes, packed) Issue #694 ---- */ +/* Sent at 1 Hz; reports CAN bus-error severity and restart history. */ +typedef struct __attribute__((packed)) { + uint32_t restart_count; /* SW bus-off restarts since boot */ + uint32_t busoff_count; /* lifetime bus-off entry events */ + uint16_t errpassive_count; /* error-passive transitions */ + uint16_t errwarn_count; /* error-warning transitions */ + uint8_t error_state; /* can_error_state_t: 0=OK,1=WARN,2=EP,3=BOFF */ + uint8_t tec; /* transmit error counter (ESR[23:16]) */ + uint8_t rec; /* receive error counter (ESR[31:24]) */ + uint8_t _pad; /* reserved */ +} jlink_tlm_can_wdog_t; /* 16 bytes */ + /* ---- Telemetry VESC_STATE payload (22 bytes, packed) Issue #674 ---- */ /* Sent at VESC_TLM_HZ (1 Hz) by vesc_can_send_tlm(). */ typedef struct __attribute__((packed)) { @@ -418,4 +432,10 @@ void jlink_send_baro_tlm(const jlink_tlm_baro_t *tlm); */ void jlink_send_vesc_state_tlm(const jlink_tlm_vesc_state_t *tlm); +/* + * jlink_send_can_wdog_tlm(tlm) - transmit JLINK_TLM_CAN_WDOG (0x8F) frame + * (22 bytes total) at 1 Hz. Issue #694. + */ +void jlink_send_can_wdog_tlm(const jlink_tlm_can_wdog_t *tlm); + #endif /* JLINK_H */ diff --git a/src/can_driver.c b/src/can_driver.c index 1e94551..edc7001 100644 --- a/src/can_driver.c +++ b/src/can_driver.c @@ -1,13 +1,4 @@ -/* CAN bus driver for BLDC motor controllers (Issue #597) - * CAN1 on PB8 (RX, AF9) / PB9 (TX, AF9) at 500 kbps (Issue #676 remap) - * Filter bank 0 (CAN1 master; SlaveStartFilterBank=14) - * - * NOTE: Mamba F722S MK2 does not expose PB12/PB13 externally. - * Waveshare CAN module wired to SCL pad (PB8 = CAN1_RX) and - * SDA pad (PB9 = CAN1_TX). I2C1 is free (BME280 moved to I2C2). - * CAN1 uses AF9 on PB8/PB9 — no conflict with other active peripherals. - */ - +/* CAN bus driver (Issues #597, #676, #674, #694) */ #include "can_driver.h" #include "stm32f7xx_hal.h" #include @@ -17,172 +8,115 @@ static volatile can_feedback_t s_feedback[CAN_NUM_MOTORS]; static volatile can_stats_t s_stats; static can_ext_frame_cb_t s_ext_cb = NULL; static can_std_frame_cb_t s_std_cb = NULL; +static volatile can_wdog_t s_wdog; + +#ifdef TEST_HOST +static volatile uint32_t s_test_esr = 0u; +void can_driver_inject_esr(uint32_t v) { s_test_esr = v; } +static uint32_t _read_esr(void) { return s_test_esr; } +static HAL_StatusTypeDef _can_restart(void) { + HAL_CAN_Stop(&s_can); s_test_esr = 0u; return HAL_CAN_Start(&s_can); +} +#else +static uint32_t _read_esr(void) { return s_can.Instance->ESR; } +static HAL_StatusTypeDef _can_restart(void) { + HAL_CAN_Stop(&s_can); return HAL_CAN_Start(&s_can); +} +#endif void can_driver_init(void) { __HAL_RCC_CAN1_CLK_ENABLE(); __HAL_RCC_GPIOB_CLK_ENABLE(); - - /* PB8 = CAN1_RX, PB9 = CAN1_TX, AF9 (Issue #676) */ GPIO_InitTypeDef gpio = {0}; - gpio.Pin = GPIO_PIN_8 | GPIO_PIN_9; - gpio.Mode = GPIO_MODE_AF_PP; - gpio.Pull = GPIO_NOPULL; - gpio.Speed = GPIO_SPEED_FREQ_HIGH; - gpio.Alternate = GPIO_AF9_CAN1; + gpio.Pin = GPIO_PIN_8 | GPIO_PIN_9; + gpio.Mode = GPIO_MODE_AF_PP; gpio.Pull = GPIO_NOPULL; + gpio.Speed = GPIO_SPEED_FREQ_HIGH; gpio.Alternate = GPIO_AF9_CAN1; HAL_GPIO_Init(GPIOB, &gpio); - - /* 500 kbps @ APB1=54 MHz: PSC=6, BS1=13tq, BS2=4tq, SJW=1tq - * bit_time = 6 × (1+13+4) / 54000000 = 2 µs → 500 kbps - * sample point = (1+13)/18 = 77.8% */ - s_can.Instance = CAN1; - s_can.Init.Prescaler = CAN_PRESCALER; - s_can.Init.Mode = CAN_MODE_NORMAL; - s_can.Init.SyncJumpWidth = CAN_SJW_1TQ; - s_can.Init.TimeSeg1 = CAN_BS1_13TQ; - s_can.Init.TimeSeg2 = CAN_BS2_4TQ; - s_can.Init.TimeTriggeredMode = DISABLE; - s_can.Init.AutoBusOff = ENABLE; /* HW recovery after 128×11 bits */ - s_can.Init.AutoWakeUp = DISABLE; - s_can.Init.AutoRetransmission = ENABLE; - s_can.Init.ReceiveFifoLocked = DISABLE; + s_can.Instance = CAN1; + s_can.Init.Prescaler = CAN_PRESCALER; + s_can.Init.Mode = CAN_MODE_NORMAL; + s_can.Init.SyncJumpWidth = CAN_SJW_1TQ; + s_can.Init.TimeSeg1 = CAN_BS1_13TQ; + s_can.Init.TimeSeg2 = CAN_BS2_4TQ; + s_can.Init.TimeTriggeredMode = DISABLE; + s_can.Init.AutoBusOff = ENABLE; + s_can.Init.AutoWakeUp = DISABLE; + s_can.Init.AutoRetransmission = ENABLE; + s_can.Init.ReceiveFifoLocked = DISABLE; s_can.Init.TransmitFifoPriority = DISABLE; - - if (HAL_CAN_Init(&s_can) != HAL_OK) { - s_stats.bus_off = 1u; - return; - } - - /* Filter bank 0: 32-bit mask, FIFO0, accept ALL standard 11-bit frames. - * CAN1 is master (SlaveStartFilterBank=14). FilterIdHigh=0, MaskHigh=0 - * → mask=0 passes every standard ID. Orin std-frame commands land here. */ + if (HAL_CAN_Init(&s_can) != HAL_OK) { s_stats.bus_off = 1u; return; } CAN_FilterTypeDef flt = {0}; - flt.FilterBank = 0u; - flt.FilterMode = CAN_FILTERMODE_IDMASK; - flt.FilterScale = CAN_FILTERSCALE_32BIT; - flt.FilterIdHigh = 0u; - flt.FilterIdLow = 0u; - flt.FilterMaskIdHigh = 0u; - flt.FilterMaskIdLow = 0u; + flt.FilterBank = 0u; flt.FilterMode = CAN_FILTERMODE_IDMASK; + flt.FilterScale = CAN_FILTERSCALE_32BIT; flt.FilterFIFOAssignment = CAN_RX_FIFO0; - flt.FilterActivation = CAN_FILTER_ENABLE; + flt.FilterActivation = CAN_FILTER_ENABLE; flt.SlaveStartFilterBank = 14u; - - if (HAL_CAN_ConfigFilter(&s_can, &flt) != HAL_OK) { - s_stats.bus_off = 1u; - return; - } - - /* Filter bank 15: 32-bit mask, FIFO1, accept ALL extended 29-bit frames. - * For extended frames, the IDE bit sits at FilterIdLow[2]. - * FilterIdLow = 0x0004 (IDE=1) → match extended frames. - * FilterMaskIdLow = 0x0004 → only the IDE bit is checked; all ext IDs pass. - * This routes every VESC STATUS / STATUS_4 / STATUS_5 frame to FIFO1. */ + if (HAL_CAN_ConfigFilter(&s_can, &flt) != HAL_OK) { s_stats.bus_off = 1u; return; } CAN_FilterTypeDef flt2 = {0}; - flt2.FilterBank = 15u; - flt2.FilterMode = CAN_FILTERMODE_IDMASK; - flt2.FilterScale = CAN_FILTERSCALE_32BIT; - flt2.FilterIdHigh = 0u; - flt2.FilterIdLow = 0x0004u; /* IDE = 1 */ - flt2.FilterMaskIdHigh = 0u; - flt2.FilterMaskIdLow = 0x0004u; /* only check IDE bit */ + flt2.FilterBank = 15u; flt2.FilterMode = CAN_FILTERMODE_IDMASK; + flt2.FilterScale = CAN_FILTERSCALE_32BIT; + flt2.FilterIdLow = 0x0004u; flt2.FilterMaskIdLow = 0x0004u; flt2.FilterFIFOAssignment = CAN_RX_FIFO1; - flt2.FilterActivation = CAN_FILTER_ENABLE; + flt2.FilterActivation = CAN_FILTER_ENABLE; flt2.SlaveStartFilterBank = 14u; - - if (HAL_CAN_ConfigFilter(&s_can, &flt2) != HAL_OK) { - s_stats.bus_off = 1u; - return; - } - + if (HAL_CAN_ConfigFilter(&s_can, &flt2) != HAL_OK) { s_stats.bus_off = 1u; return; } HAL_CAN_Start(&s_can); - +#ifndef TEST_HOST + HAL_NVIC_SetPriority(CAN1_SCE_IRQn, 5u, 0u); + HAL_NVIC_EnableIRQ(CAN1_SCE_IRQn); + HAL_CAN_ActivateNotification(&s_can, CAN_IT_BUSOFF | CAN_IT_ERROR_PASSIVE | CAN_IT_ERROR_WARNING); +#endif memset((void *)s_feedback, 0, sizeof(s_feedback)); - memset((void *)&s_stats, 0, sizeof(s_stats)); + memset((void *)&s_stats, 0, sizeof(s_stats)); + memset((void *)&s_wdog, 0, sizeof(s_wdog)); } void can_driver_send_cmd(uint8_t node_id, const can_cmd_t *cmd) { - if (node_id >= CAN_NUM_MOTORS || s_stats.bus_off) { - return; - } - - /* Payload: [vel_lo, vel_hi, torque_lo, torque_hi] — little-endian */ + if (node_id >= CAN_NUM_MOTORS || s_stats.bus_off) return; uint8_t data[4]; data[0] = (uint8_t)((uint16_t)cmd->velocity_rpm & 0xFFu); data[1] = (uint8_t)((uint16_t)cmd->velocity_rpm >> 8u); - data[2] = (uint8_t)((uint16_t)cmd->torque_x100 & 0xFFu); - data[3] = (uint8_t)((uint16_t)cmd->torque_x100 >> 8u); - + data[2] = (uint8_t)((uint16_t)cmd->torque_x100 & 0xFFu); + data[3] = (uint8_t)((uint16_t)cmd->torque_x100 >> 8u); CAN_TxHeaderTypeDef hdr = {0}; hdr.StdId = CAN_ID_VEL_CMD_BASE + (uint32_t)node_id; - hdr.IDE = CAN_ID_STD; - hdr.RTR = CAN_RTR_DATA; - hdr.DLC = 4u; - + hdr.IDE = CAN_ID_STD; hdr.RTR = CAN_RTR_DATA; hdr.DLC = 4u; uint32_t mailbox; if (HAL_CAN_GetTxMailboxesFreeLevel(&s_can) > 0u) { - if (HAL_CAN_AddTxMessage(&s_can, &hdr, data, &mailbox) == HAL_OK) { + if (HAL_CAN_AddTxMessage(&s_can, &hdr, data, &mailbox) == HAL_OK) s_stats.tx_count++; - } else { - s_stats.err_count++; - } + else s_stats.err_count++; } } void can_driver_send_enable(uint8_t node_id, bool enable) { - if (node_id >= CAN_NUM_MOTORS || s_stats.bus_off) { - return; - } - + if (node_id >= CAN_NUM_MOTORS || s_stats.bus_off) return; uint8_t data[1] = { enable ? 1u : 0u }; - CAN_TxHeaderTypeDef hdr = {0}; hdr.StdId = CAN_ID_ENABLE_CMD_BASE + (uint32_t)node_id; - hdr.IDE = CAN_ID_STD; - hdr.RTR = CAN_RTR_DATA; - hdr.DLC = 1u; - + hdr.IDE = CAN_ID_STD; hdr.RTR = CAN_RTR_DATA; hdr.DLC = 1u; uint32_t mailbox; if (HAL_CAN_GetTxMailboxesFreeLevel(&s_can) > 0u) { - if (HAL_CAN_AddTxMessage(&s_can, &hdr, data, &mailbox) == HAL_OK) { + if (HAL_CAN_AddTxMessage(&s_can, &hdr, data, &mailbox) == HAL_OK) s_stats.tx_count++; - } else { - s_stats.err_count++; - } + else s_stats.err_count++; } } void can_driver_process(void) { - /* Check for bus-off */ - if (s_can.Instance->ESR & CAN_ESR_BOFF) { - s_stats.bus_off = 1u; - return; - } + if (_read_esr() & CAN_ESR_BOFF) { s_stats.bus_off = 1u; return; } s_stats.bus_off = 0u; - - /* Drain FIFO0 (standard-ID frames: Orin commands + legacy feedback) */ while (HAL_CAN_GetRxFifoFillLevel(&s_can, CAN_RX_FIFO0) > 0u) { - CAN_RxHeaderTypeDef rxhdr; - uint8_t rxdata[8]; - + CAN_RxHeaderTypeDef rxhdr; uint8_t rxdata[8]; if (HAL_CAN_GetRxMessage(&s_can, CAN_RX_FIFO0, &rxhdr, rxdata) != HAL_OK) { - s_stats.err_count++; - break; + s_stats.err_count++; break; } - - if (rxhdr.IDE != CAN_ID_STD || rxhdr.RTR != CAN_RTR_DATA) { - continue; - } - - /* Dispatch to registered standard-frame callback (Orin CAN protocol) */ - if (s_std_cb != NULL) { - s_std_cb((uint16_t)rxhdr.StdId, rxdata, (uint8_t)rxhdr.DLC); - } - - /* Legacy: decode feedback frames at 0x200-0x21F (Issue #597) */ + if (rxhdr.IDE != CAN_ID_STD || rxhdr.RTR != CAN_RTR_DATA) continue; + if (s_std_cb != NULL) s_std_cb((uint16_t)rxhdr.StdId, rxdata, (uint8_t)rxhdr.DLC); uint32_t nid_u = rxhdr.StdId - CAN_ID_FEEDBACK_BASE; if (nid_u < CAN_NUM_MOTORS && rxhdr.DLC >= 8u) { uint8_t nid = (uint8_t)nid_u; @@ -193,113 +127,127 @@ void can_driver_process(void) s_feedback[nid].fault = rxdata[7]; s_feedback[nid].last_rx_ms = HAL_GetTick(); } - s_stats.rx_count++; } - - /* Drain FIFO1 (extended-ID frames: VESC STATUS/STATUS_4/STATUS_5) */ while (HAL_CAN_GetRxFifoFillLevel(&s_can, CAN_RX_FIFO1) > 0u) { - CAN_RxHeaderTypeDef rxhdr; - uint8_t rxdata[8]; - + CAN_RxHeaderTypeDef rxhdr; uint8_t rxdata[8]; if (HAL_CAN_GetRxMessage(&s_can, CAN_RX_FIFO1, &rxhdr, rxdata) != HAL_OK) { - s_stats.err_count++; - break; + s_stats.err_count++; break; } - - if (rxhdr.IDE != CAN_ID_EXT || rxhdr.RTR != CAN_RTR_DATA) { - continue; - } - - if (s_ext_cb != NULL) { - s_ext_cb(rxhdr.ExtId, rxdata, (uint8_t)rxhdr.DLC); - } - + if (rxhdr.IDE != CAN_ID_EXT || rxhdr.RTR != CAN_RTR_DATA) continue; + if (s_ext_cb != NULL) s_ext_cb(rxhdr.ExtId, rxdata, (uint8_t)rxhdr.DLC); s_stats.rx_count++; } } -void can_driver_set_ext_cb(can_ext_frame_cb_t cb) -{ - s_ext_cb = cb; -} - -void can_driver_set_std_cb(can_std_frame_cb_t cb) -{ - s_std_cb = cb; -} +void can_driver_set_ext_cb(can_ext_frame_cb_t cb) { s_ext_cb = cb; } +void can_driver_set_std_cb(can_std_frame_cb_t cb) { s_std_cb = cb; } void can_driver_send_ext(uint32_t ext_id, const uint8_t *data, uint8_t len) { - if (s_stats.bus_off || len > 8u) { - return; - } - + if (s_stats.bus_off || len > 8u) return; CAN_TxHeaderTypeDef hdr = {0}; - hdr.ExtId = ext_id; - hdr.IDE = CAN_ID_EXT; - hdr.RTR = CAN_RTR_DATA; - hdr.DLC = len; - + hdr.ExtId = ext_id; hdr.IDE = CAN_ID_EXT; hdr.RTR = CAN_RTR_DATA; hdr.DLC = len; uint32_t mailbox; if (HAL_CAN_GetTxMailboxesFreeLevel(&s_can) > 0u) { - if (HAL_CAN_AddTxMessage(&s_can, &hdr, (uint8_t *)data, &mailbox) == HAL_OK) { + if (HAL_CAN_AddTxMessage(&s_can, &hdr, (uint8_t *)data, &mailbox) == HAL_OK) s_stats.tx_count++; - } else { - s_stats.err_count++; - } + else s_stats.err_count++; } } void can_driver_send_std(uint16_t std_id, const uint8_t *data, uint8_t len) { - if (s_stats.bus_off || len > 8u) { - return; - } - + if (s_stats.bus_off || len > 8u) return; CAN_TxHeaderTypeDef hdr = {0}; - hdr.StdId = std_id; - hdr.IDE = CAN_ID_STD; - hdr.RTR = CAN_RTR_DATA; - hdr.DLC = len; - + hdr.StdId = std_id; hdr.IDE = CAN_ID_STD; hdr.RTR = CAN_RTR_DATA; hdr.DLC = len; uint32_t mailbox; if (HAL_CAN_GetTxMailboxesFreeLevel(&s_can) > 0u) { - if (HAL_CAN_AddTxMessage(&s_can, &hdr, (uint8_t *)data, &mailbox) == HAL_OK) { + if (HAL_CAN_AddTxMessage(&s_can, &hdr, (uint8_t *)data, &mailbox) == HAL_OK) s_stats.tx_count++; - } else { - s_stats.err_count++; - } + else s_stats.err_count++; } } bool can_driver_get_feedback(uint8_t node_id, can_feedback_t *out) { - if (node_id >= CAN_NUM_MOTORS || out == NULL) { - return false; - } - if (s_feedback[node_id].last_rx_ms == 0u) { - return false; - } + if (node_id >= CAN_NUM_MOTORS || out == NULL) return false; + if (s_feedback[node_id].last_rx_ms == 0u) return false; memcpy(out, (const void *)&s_feedback[node_id], sizeof(can_feedback_t)); return true; } bool can_driver_is_alive(uint8_t node_id, uint32_t now_ms) { - if (node_id >= CAN_NUM_MOTORS) { - return false; - } - if (s_feedback[node_id].last_rx_ms == 0u) { - return false; - } + if (node_id >= CAN_NUM_MOTORS || s_feedback[node_id].last_rx_ms == 0u) return false; return (now_ms - s_feedback[node_id].last_rx_ms) < CAN_NODE_TIMEOUT_MS; } void can_driver_get_stats(can_stats_t *out) { - if (out == NULL) { - return; - } + if (out == NULL) return; memcpy(out, (const void *)&s_stats, sizeof(can_stats_t)); } + +/* SCE interrupt handler -- Issue #694 */ +#ifndef TEST_HOST +void CAN1_SCE_IRQHandler(void) +{ + uint32_t esr = s_can.Instance->ESR; + if (esr & CAN_ESR_BOFF) { + if (s_wdog.error_state != CAN_ERR_BUS_OFF) s_wdog.busoff_count++; + s_wdog.error_state = CAN_ERR_BUS_OFF; s_stats.bus_off = 1u; + } else if (esr & CAN_ESR_EPVF) { + if (s_wdog.error_state < CAN_ERR_ERROR_PASSIVE) { + s_wdog.errpassive_count++; s_wdog.error_state = CAN_ERR_ERROR_PASSIVE; + } + } else if (esr & CAN_ESR_EWGF) { + if (s_wdog.error_state < CAN_ERR_WARNING) { + s_wdog.errwarn_count++; s_wdog.error_state = CAN_ERR_WARNING; + } + } + __HAL_CAN_CLEAR_FLAG(&s_can, CAN_FLAG_ERRI); + HAL_CAN_IRQHandler(&s_can); +} +#endif + +/* Watchdog tick -- Issue #694 */ +can_error_state_t can_driver_watchdog_tick(uint32_t now_ms) +{ + uint32_t esr = _read_esr(); + if (esr & CAN_ESR_BOFF) { + if (s_wdog.error_state != CAN_ERR_BUS_OFF) { + s_wdog.busoff_count++; s_wdog.busoff_ms = now_ms; s_wdog.busoff_pending = 1u; + } + s_wdog.error_state = CAN_ERR_BUS_OFF; s_stats.bus_off = 1u; + } else if (esr & CAN_ESR_EPVF) { + if (s_wdog.error_state < CAN_ERR_ERROR_PASSIVE) { + s_wdog.errpassive_count++; s_wdog.error_state = CAN_ERR_ERROR_PASSIVE; + } + } else if (esr & CAN_ESR_EWGF) { + if (s_wdog.error_state < CAN_ERR_WARNING) { + s_wdog.errwarn_count++; s_wdog.error_state = CAN_ERR_WARNING; + } + } else { + if (s_wdog.error_state > CAN_ERR_NOMINAL && s_wdog.error_state < CAN_ERR_BUS_OFF) + s_wdog.error_state = CAN_ERR_NOMINAL; + } + if (s_wdog.busoff_pending && s_wdog.error_state == CAN_ERR_BUS_OFF && + (now_ms - s_wdog.busoff_ms) >= CAN_WDOG_RESTART_MS) { + if (_can_restart() == HAL_OK) { + s_wdog.restart_count++; s_wdog.error_state = CAN_ERR_NOMINAL; + s_wdog.busoff_pending = 0u; s_stats.bus_off = 0u; + } else { + s_wdog.busoff_ms = now_ms; + } + } + s_wdog.tec = (uint8_t)((esr >> CAN_ESR_TEC_Pos) & 0xFFu); + s_wdog.rec = (uint8_t)((esr >> CAN_ESR_REC_Pos) & 0xFFu); + return s_wdog.error_state; +} + +void can_driver_get_wdog(can_wdog_t *out) +{ + if (out == NULL) return; + memcpy(out, (const void *)&s_wdog, sizeof(can_wdog_t)); +} diff --git a/src/jlink.c b/src/jlink.c index d3ea139..48add99 100644 --- a/src/jlink.c +++ b/src/jlink.c @@ -712,3 +712,27 @@ void jlink_send_vesc_state_tlm(const jlink_tlm_vesc_state_t *tlm) jlink_tx_locked(frame, sizeof(frame)); } + +/* ---- jlink_send_can_wdog_tlm() -- Issue #694 ---- */ +void jlink_send_can_wdog_tlm(const jlink_tlm_can_wdog_t *tlm) +{ + /* + * Frame: [STX][LEN][0x8F][16 bytes CAN_WDOG][CRC_hi][CRC_lo][ETX] + * LEN = 1 (CMD) + 16 (payload) = 17; total frame = 22 bytes. + */ + static uint8_t frame[22]; + const uint8_t plen = (uint8_t)sizeof(jlink_tlm_can_wdog_t); /* 16 */ + const uint8_t len = 1u + plen; /* 17 */ + + frame[0] = JLINK_STX; + frame[1] = len; + frame[2] = JLINK_TLM_CAN_WDOG; + memcpy(&frame[3], tlm, plen); + + uint16_t crc = crc16_xmodem(&frame[2], len); + frame[3 + plen] = (uint8_t)(crc >> 8); + frame[3 + plen + 1] = (uint8_t)(crc & 0xFFu); + frame[3 + plen + 2] = JLINK_ETX; + + jlink_tx_locked(frame, sizeof(frame)); +} diff --git a/src/main.c b/src/main.c index b522b6d..7cf09ed 100644 --- a/src/main.c +++ b/src/main.c @@ -322,6 +322,7 @@ int main(void) { uint32_t pm_tlm_tick = 0; /* JLINK_TLM_POWER transmit timer */ uint32_t can_cmd_tick = 0; /* CAN velocity command TX timer (Issue #597) */ uint32_t can_tlm_tick = 0; /* JLINK_TLM_CAN_STATS transmit timer (Issue #597) */ + uint32_t wdog_tlm_tick = 0; /* JLINK_TLM_CAN_WDOG transmit timer (Issue #694) */ uint32_t lvc_tlm_tick = 0; /* JLINK_TLM_LVC transmit timer (Issue #613) */ uint32_t uart_status_tick = 0; /* UART protocol STATUS frame timer (Issue #629) */ uint8_t pm_pwm_phase = 0; /* Software PWM counter for sleep LED */ @@ -416,6 +417,9 @@ int main(void) { /* CAN bus RX: drain FIFO0 and parse feedback frames (Issue #597) */ can_driver_process(); + /* CAN watchdog: detect bus errors, auto-restart (Issue #694) */ + can_driver_watchdog_tick(now); + /* UART command protocol RX: parse Jetson frames (Issue #629) */ uart_protocol_process(); @@ -604,6 +608,23 @@ int main(void) { } } + /* CAN_WDOG: send watchdog telemetry at 1 Hz (Issue #694) */ + if (now - wdog_tlm_tick >= 1000u) { + wdog_tlm_tick = now; + can_wdog_t wd; + can_driver_get_wdog(&wd); + jlink_tlm_can_wdog_t wtlm; + memset(&wtlm, 0, sizeof(wtlm)); + wtlm.restart_count = wd.restart_count; + wtlm.busoff_count = wd.busoff_count; + wtlm.errpassive_count = wd.errpassive_count; + wtlm.errwarn_count = wd.errwarn_count; + wtlm.error_state = (uint8_t)wd.error_state; + wtlm.tec = wd.tec; + wtlm.rec = wd.rec; + jlink_send_can_wdog_tlm(&wtlm); + } + /* Power management: CRSF/JLink activity or armed state resets idle timer */ if ((crsf_state.last_rx_ms != 0 && (now - crsf_state.last_rx_ms) < 500) || jlink_is_active(now) || diff --git a/test/stubs/stm32f7xx_hal.h b/test/stubs/stm32f7xx_hal.h index 301898b..2b1a115 100644 --- a/test/stubs/stm32f7xx_hal.h +++ b/test/stubs/stm32f7xx_hal.h @@ -1,86 +1,40 @@ -/* test/stubs/stm32f7xx_hal.h — minimal HAL stub for host-side unit tests. - * - * Provides just enough types and functions so that the firmware source files - * compile on a host (Linux/macOS) with -DTEST_HOST. - * Each test file must define the actual behavior of HAL_GetTick() etc. - */ - +/* test/stubs/stm32f7xx_hal.h - minimal HAL stub for host-side unit tests. */ #ifndef STM32F7XX_HAL_H #define STM32F7XX_HAL_H - #include #include #include - -/* ---- Return codes ---- */ #define HAL_OK 0 #define HAL_ERROR 1 #define HAL_BUSY 2 #define HAL_TIMEOUT 3 typedef uint32_t HAL_StatusTypeDef; - -/* ---- Enable / Disable ---- */ #define ENABLE 1 #define DISABLE 0 - -/* ---- HAL_GetTick: each test declares its own implementation ---- */ uint32_t HAL_GetTick(void); - -/* ---- Minimal CAN types used by can_driver.c / vesc_can.c ---- */ -typedef struct { uint32_t dummy; } CAN_TypeDef; - +typedef struct { uint32_t dummy; uint32_t ESR; } CAN_TypeDef; typedef struct { - uint32_t Prescaler; - uint32_t Mode; - uint32_t SyncJumpWidth; - uint32_t TimeSeg1; - uint32_t TimeSeg2; - uint32_t TimeTriggeredMode; - uint32_t AutoBusOff; - uint32_t AutoWakeUp; - uint32_t AutoRetransmission; - uint32_t ReceiveFifoLocked; - uint32_t TransmitFifoPriority; + uint32_t Prescaler; uint32_t Mode; uint32_t SyncJumpWidth; + uint32_t TimeSeg1; uint32_t TimeSeg2; uint32_t TimeTriggeredMode; + uint32_t AutoBusOff; uint32_t AutoWakeUp; uint32_t AutoRetransmission; + uint32_t ReceiveFifoLocked; uint32_t TransmitFifoPriority; } CAN_InitTypeDef; - +typedef struct { CAN_TypeDef *Instance; CAN_InitTypeDef Init; } CAN_HandleTypeDef; typedef struct { - CAN_TypeDef *Instance; - CAN_InitTypeDef Init; - /* opaque HAL internals omitted */ -} CAN_HandleTypeDef; - -typedef struct { - uint32_t StdId; - uint32_t ExtId; - uint32_t IDE; - uint32_t RTR; - uint32_t DLC; - uint32_t Timestamp; - uint32_t FilterMatchIndex; + uint32_t StdId; uint32_t ExtId; uint32_t IDE; uint32_t RTR; + uint32_t DLC; uint32_t Timestamp; uint32_t FilterMatchIndex; } CAN_RxHeaderTypeDef; - typedef struct { - uint32_t StdId; - uint32_t ExtId; - uint32_t IDE; - uint32_t RTR; - uint32_t DLC; - uint32_t TransmitGlobalTime; + uint32_t StdId; uint32_t ExtId; uint32_t IDE; uint32_t RTR; + uint32_t DLC; uint32_t TransmitGlobalTime; } CAN_TxHeaderTypeDef; - typedef struct { - uint32_t FilterIdHigh; - uint32_t FilterIdLow; - uint32_t FilterMaskIdHigh; - uint32_t FilterMaskIdLow; - uint32_t FilterFIFOAssignment; - uint32_t FilterBank; - uint32_t FilterMode; - uint32_t FilterScale; - uint32_t FilterActivation; - uint32_t SlaveStartFilterBank; + uint32_t FilterIdHigh; uint32_t FilterIdLow; + uint32_t FilterMaskIdHigh; uint32_t FilterMaskIdLow; + uint32_t FilterFIFOAssignment; uint32_t FilterBank; + uint32_t FilterMode; uint32_t FilterScale; + uint32_t FilterActivation; uint32_t SlaveStartFilterBank; } CAN_FilterTypeDef; - #define CAN_ID_STD 0x00000000u #define CAN_ID_EXT 0x00000004u #define CAN_RTR_DATA 0x00000000u @@ -94,33 +48,54 @@ typedef struct { #define CAN_SJW_1TQ 0u #define CAN_BS1_13TQ 0u #define CAN_BS2_4TQ 0u +#define CAN_ESR_EWGF 0x00000001u +#define CAN_ESR_EPVF 0x00000002u #define CAN_ESR_BOFF 0x00000004u - +#define CAN_ESR_TEC_Pos 16u +#define CAN_ESR_REC_Pos 24u +#define CAN_IT_ERROR_WARNING 0x00000100u +#define CAN_IT_ERROR_PASSIVE 0x00000200u +#define CAN_IT_BUSOFF 0x00000400u +#define CAN_FLAG_ERRI 0x00060000u +typedef uint32_t IRQn_Type; +#define CAN1_SCE_IRQn ((IRQn_Type)22u) +static inline void HAL_NVIC_SetPriority(IRQn_Type i,uint32_t p,uint32_t s){(void)i;(void)p;(void)s;} +static inline void HAL_NVIC_EnableIRQ(IRQn_Type i){(void)i;} +#define CAN1 ((CAN_TypeDef *)0) static inline HAL_StatusTypeDef HAL_CAN_Init(CAN_HandleTypeDef *h){(void)h;return HAL_OK;} -static inline HAL_StatusTypeDef HAL_CAN_ConfigFilter(CAN_HandleTypeDef *h, CAN_FilterTypeDef *f){(void)h;(void)f;return HAL_OK;} +static inline HAL_StatusTypeDef HAL_CAN_ConfigFilter(CAN_HandleTypeDef *h,CAN_FilterTypeDef *f){(void)h;(void)f;return HAL_OK;} static inline HAL_StatusTypeDef HAL_CAN_Start(CAN_HandleTypeDef *h){(void)h;return HAL_OK;} +static inline HAL_StatusTypeDef HAL_CAN_Stop(CAN_HandleTypeDef *h){(void)h;return HAL_OK;} +static inline HAL_StatusTypeDef HAL_CAN_ActivateNotification(CAN_HandleTypeDef *h,uint32_t it){(void)h;(void)it;return HAL_OK;} +static inline void HAL_CAN_IRQHandler(CAN_HandleTypeDef *h){(void)h;} static inline uint32_t HAL_CAN_GetTxMailboxesFreeLevel(CAN_HandleTypeDef *h){(void)h;return 3u;} -static inline HAL_StatusTypeDef HAL_CAN_AddTxMessage(CAN_HandleTypeDef *h, CAN_TxHeaderTypeDef *hdr, uint8_t *d, uint32_t *mb){(void)h;(void)hdr;(void)d;(void)mb;return HAL_OK;} -static inline uint32_t HAL_CAN_GetRxFifoFillLevel(CAN_HandleTypeDef *h, uint32_t f){(void)h;(void)f;return 0u;} -static inline HAL_StatusTypeDef HAL_CAN_GetRxMessage(CAN_HandleTypeDef *h, uint32_t f, CAN_RxHeaderTypeDef *hdr, uint8_t *d){(void)h;(void)f;(void)hdr;(void)d;return HAL_OK;} - -/* ---- GPIO (minimal, for can_driver GPIO init) ---- */ +static inline HAL_StatusTypeDef HAL_CAN_AddTxMessage(CAN_HandleTypeDef *h,CAN_TxHeaderTypeDef *hdr,uint8_t *d,uint32_t *mb){(void)h;(void)hdr;(void)d;(void)mb;return HAL_OK;} +static inline uint32_t HAL_CAN_GetRxFifoFillLevel(CAN_HandleTypeDef *h,uint32_t f){(void)h;(void)f;return 0u;} +static inline HAL_StatusTypeDef HAL_CAN_GetRxMessage(CAN_HandleTypeDef *h,uint32_t f,CAN_RxHeaderTypeDef *hdr,uint8_t *d){(void)h;(void)f;(void)hdr;(void)d;return HAL_OK;} +#define __HAL_CAN_CLEAR_FLAG(h,f) ((void)(h),(void)(f)) typedef struct { uint32_t dummy; } GPIO_TypeDef; -typedef struct { - uint32_t Pin; uint32_t Mode; uint32_t Pull; uint32_t Speed; uint32_t Alternate; -} GPIO_InitTypeDef; -static inline void HAL_GPIO_Init(GPIO_TypeDef *p, GPIO_InitTypeDef *g){(void)p;(void)g;} +typedef struct { uint32_t Pin; uint32_t Mode; uint32_t Pull; uint32_t Speed; uint32_t Alternate; } GPIO_InitTypeDef; +typedef uint32_t GPIO_PinState; +#define GPIO_PIN_RESET 0u +#define GPIO_PIN_SET 1u +static inline void HAL_GPIO_Init(GPIO_TypeDef *p,GPIO_InitTypeDef *g){(void)p;(void)g;} +static inline GPIO_PinState HAL_GPIO_ReadPin(GPIO_TypeDef *p,uint32_t pin){(void)p;(void)pin;return GPIO_PIN_SET;} #define GPIOB ((GPIO_TypeDef *)0) +#define GPIOC ((GPIO_TypeDef *)0) +#define GPIO_PIN_2 (1u<<2) +#define GPIO_PIN_8 (1u<<8) +#define GPIO_PIN_9 (1u<<9) #define GPIO_PIN_12 (1u<<12) #define GPIO_PIN_13 (1u<<13) #define GPIO_MODE_AF_PP 0u +#define GPIO_MODE_INPUT 1u #define GPIO_NOPULL 0u +#define GPIO_PULLUP 1u #define GPIO_SPEED_FREQ_HIGH 0u +#define GPIO_AF9_CAN1 9u #define GPIO_AF9_CAN2 9u - -/* ---- RCC stubs ---- */ #define __HAL_RCC_CAN1_CLK_ENABLE() ((void)0) #define __HAL_RCC_CAN2_CLK_ENABLE() ((void)0) #define __HAL_RCC_GPIOB_CLK_ENABLE() ((void)0) - +#define __HAL_RCC_GPIOC_CLK_ENABLE() ((void)0) #endif /* STM32F7XX_HAL_H */ diff --git a/test/test_can_watchdog.c b/test/test_can_watchdog.c new file mode 100644 index 0000000..f5e31ae --- /dev/null +++ b/test/test_can_watchdog.c @@ -0,0 +1,224 @@ +/* + * test_can_watchdog.c — Unit tests for CAN bus watchdog and error recovery (Issue #694). + * + * Build (host, no hardware): + * gcc -I include -I test/stubs -DTEST_HOST \ + * -o /tmp/test_can_watchdog src/can_driver.c test/test_can_watchdog.c + * + * All timing driven through now_ms argument passed to can_driver_watchdog_tick(). + * ESR state injected via can_driver_inject_esr(). + */ + +/* Include implementation directly (pulls stm32 stub via -I test/stubs) */ +#include "../src/can_driver.c" + +/* ---- Test framework ---- */ +#include +#include + +static int g_pass = 0; +static int g_fail = 0; + +#define ASSERT(cond, msg) \ + do { \ + if (cond) { g_pass++; } \ + else { g_fail++; printf("FAIL [%s:%d] %s\n", __FILE__, __LINE__, msg); } \ + } while (0) + +/* HAL_GetTick stub */ +uint32_t HAL_GetTick(void) { return 0u; } + +/* Reset driver state between tests */ +static void _reset(void) +{ + can_driver_inject_esr(0u); + can_driver_init(); +} + +/* ---- Tests ---- */ + +static void test_nominal_no_errors(void) +{ + _reset(); + can_error_state_t st = can_driver_watchdog_tick(0u); + ASSERT(st == CAN_ERR_NOMINAL, "clean ESR: state is NOMINAL"); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.restart_count == 0u, "nominal: restart_count 0"); + ASSERT(wd.busoff_count == 0u, "nominal: busoff_count 0"); +} + +static void test_errwarn_detection(void) +{ + _reset(); + can_driver_inject_esr(CAN_ESR_EWGF); + can_error_state_t st = can_driver_watchdog_tick(1000u); + ASSERT(st == CAN_ERR_WARNING, "EWGF set: state is WARNING"); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.errwarn_count == 1u, "errwarn_count incremented"); +} + +static void test_errwarn_cleared_returns_nominal(void) +{ + _reset(); + /* Enter warning state */ + can_driver_inject_esr(CAN_ESR_EWGF); + can_driver_watchdog_tick(100u); + + /* Clear ESR - should de-escalate */ + can_driver_inject_esr(0u); + can_error_state_t st = can_driver_watchdog_tick(200u); + ASSERT(st == CAN_ERR_NOMINAL, "ESR cleared: de-escalate to NOMINAL"); +} + +static void test_errpassive_detection(void) +{ + _reset(); + can_driver_inject_esr(CAN_ESR_EPVF); + can_error_state_t st = can_driver_watchdog_tick(500u); + ASSERT(st == CAN_ERR_ERROR_PASSIVE, "EPVF set: state is ERROR_PASSIVE"); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.errpassive_count == 1u, "errpassive_count incremented"); +} + +static void test_busoff_detection(void) +{ + _reset(); + can_driver_inject_esr(CAN_ESR_BOFF); + can_error_state_t st = can_driver_watchdog_tick(1000u); + ASSERT(st == CAN_ERR_BUS_OFF, "BOFF set: state is BUS_OFF"); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.busoff_count == 1u, "busoff_count incremented"); + ASSERT(wd.busoff_ms == 1000u, "busoff_ms recorded"); +} + +static void test_busoff_sets_stats_bus_off(void) +{ + _reset(); + can_driver_inject_esr(CAN_ESR_BOFF); + can_driver_watchdog_tick(500u); + + can_stats_t cs; + can_driver_get_stats(&cs); + ASSERT(cs.bus_off == 1u, "bus-off: stats.bus_off = 1"); +} + +static void test_busoff_no_restart_before_timeout(void) +{ + _reset(); + can_driver_inject_esr(CAN_ESR_BOFF); + can_driver_watchdog_tick(0u); + + /* Call again just before CAN_WDOG_RESTART_MS */ + can_error_state_t st = can_driver_watchdog_tick(CAN_WDOG_RESTART_MS - 1u); + ASSERT(st == CAN_ERR_BUS_OFF, "before restart timeout: still BUS_OFF"); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.restart_count == 0u, "no restart yet"); +} + +static void test_busoff_auto_restart_after_timeout(void) +{ + _reset(); + /* Inject bus-off at t=0 */ + can_driver_inject_esr(CAN_ESR_BOFF); + can_driver_watchdog_tick(0u); + + /* After restart timeout, HAL_CAN_Stop/Start clears s_test_esr internally */ + can_error_state_t st = can_driver_watchdog_tick(CAN_WDOG_RESTART_MS); + ASSERT(st == CAN_ERR_NOMINAL, "after restart timeout: state is NOMINAL"); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.restart_count == 1u, "restart_count incremented to 1"); + ASSERT(wd.busoff_ms == 0u, "busoff_ms cleared after restart"); +} + +static void test_busoff_stats_cleared_after_restart(void) +{ + _reset(); + can_driver_inject_esr(CAN_ESR_BOFF); + can_driver_watchdog_tick(0u); + can_driver_watchdog_tick(CAN_WDOG_RESTART_MS); + + can_stats_t cs; + can_driver_get_stats(&cs); + ASSERT(cs.bus_off == 0u, "after restart: stats.bus_off cleared"); +} + +static void test_busoff_count_only_increments_once_per_event(void) +{ + _reset(); + can_driver_inject_esr(CAN_ESR_BOFF); + /* Call tick multiple times while still in bus-off */ + can_driver_watchdog_tick(0u); + can_driver_watchdog_tick(10u); + can_driver_watchdog_tick(50u); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.busoff_count == 1u, "repeated BOFF ticks: count stays 1"); +} + +static void test_multiple_restart_cycles(void) +{ + _reset(); + /* Cycle 1 */ + can_driver_inject_esr(CAN_ESR_BOFF); + can_driver_watchdog_tick(0u); + can_driver_watchdog_tick(CAN_WDOG_RESTART_MS); /* restart */ + + /* Cycle 2: inject bus-off again */ + can_driver_inject_esr(CAN_ESR_BOFF); + can_driver_watchdog_tick(CAN_WDOG_RESTART_MS + 1u); + can_driver_watchdog_tick(CAN_WDOG_RESTART_MS * 2u + 1u); /* restart */ + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.restart_count == 2u, "two restart cycles: restart_count = 2"); + ASSERT(wd.busoff_count == 2u, "two restart cycles: busoff_count = 2"); +} + +static void test_tec_rec_extracted(void) +{ + _reset(); + /* Inject ESR with TEC=0xAB (bits 23:16) and REC=0xCD (bits 31:24) */ + uint32_t fake_esr = (0xABu << 16) | (0xCDu << 24); + can_driver_inject_esr(fake_esr); + can_driver_watchdog_tick(100u); + + can_wdog_t wd; + can_driver_get_wdog(&wd); + ASSERT(wd.tec == 0xABu, "TEC extracted from ESR correctly"); + ASSERT(wd.rec == 0xCDu, "REC extracted from ESR correctly"); +} + +/* ---- main ---- */ +int main(void) +{ + printf("=== test_can_watchdog ===\n"); + + test_nominal_no_errors(); + test_errwarn_detection(); + test_errwarn_cleared_returns_nominal(); + test_errpassive_detection(); + test_busoff_detection(); + test_busoff_sets_stats_bus_off(); + test_busoff_no_restart_before_timeout(); + test_busoff_auto_restart_after_timeout(); + test_busoff_stats_cleared_after_restart(); + test_busoff_count_only_increments_once_per_event(); + test_multiple_restart_cycles(); + test_tec_rec_extracted(); + + printf("\nResults: %d passed, %d failed\n", g_pass, g_fail); + return g_fail ? 1 : 0; +}