Table of Contents Previous Chapter ACIS

29.0 Fatal Error

29.1 Purpose

The Fatal Error class provides notification that an irrecoverable condition exists and controls an expeditious watchdog CPU reset.

29.2 Uses

Any of the processes or functions may use Fatal Error. Normally, requests for this service are a result of some function encountering a illegal value or condition.

Specifically it provides the following features:

  1. Initiates a panic message which identifies the fault encountered

  2. Forces a system reset.

29.3 Organization

Figure 1 illustrates the relationship between the classes used by Fatal Error.

FIGURE 129. Fatal Error Class Relationships

Fatal Error uses Devices, TlmFatal, and, Protocol, class categories.

IntrGuard - This class is used to prevent interrupts from interfering with FatalErrors activities.

TlmFatal - This class is responsible for insertion of the data into the packet and for initiating delivery of the panic message.

Watchdog - The Devices::Watchdog is responsible for resetting the hardware watchdog timer.

29.4 Scenarios

The FatalError.report() 1: may be called by any active process. It is delivered a value identifying the error encountered, and a second argument which provides further information. A call to FatalError.report() never returns.

FIGURE 130. Fatal Error Scenario

29.4.1 Use 1: Deliver Panic Message

      FatalError.report() invokes IntrGuard 2: which disables interrupts. 
      Failure to complete the following steps will result in the watchdog reseting when its regular interval completes since the disabled interrupts will keep the taskMonitor() from touching() the watchdog.

report() 3: then delivers the information to the TlmFatal form using its' sendMessage() function which installs the arguments provided by the client, and hands it off to TlmManager.sendPanic() for delivery. sendPanic() must return for this procedure to continue.

It is TBD how the Fatal Error data is to be stored through CPU reset for echoing during the CPU start-up.

29.4.2 Use 2: Handle Watchdog

The Watchdog.forceReset() 4: is used to reset that device to a short interval, and then busy loops until the CPU is reset.

29.5 Class Fatal Error

Documentation
FatalError provides the ability to issue a fatal error telemetry report, then lets the hardware watchdog reset the system.
Export Control: Public
Cardinality: 1
Hierarchy
Superclasses:     none
Public Interface
Operations:

report()
Concurrency: Synchronous
Persistence: Transient

29.5.1 report()

Public member of:
FatalError
Return Class:
Void

Arguments:
unsigned errorNum
unsigned opInfo
Documentation
report() provides the means to control interrupts, deliver a panic message and set a short Watchdog interval to quickly reset the CPU.
Semantics
When a client activates report(), it disables interrupts, initiates installation of the arguments provided into the packet using TlmFatal.sendMessage() which hands it off to the Telemetry Manager for delivery. report() invokes Watchdog.forceReset() which sets a very short delay before the CPU is reset.
Postconditions
This function Never returns.
Concurrency: Sequential



 



Table of Contents
Next Chapter