ACIS Users Guide -- Starting Up

ACIS Users Guide, Rev. A

3.0 Instrument Maintenance Activities

This section describes the various activities used to maintain the ACIS instrument software.

3.1 Starting the Software

This section describes how the ACIS instrument software is started.

3.1.1 Back End Processor Power-On

This section describes how to power-on the ACIS Digital Processor Assembly (DPA) Back End Processors (BEP). An ACIS BEP must be powered for the instrument software to run.

Description

On ACIS, there are two Back End Processors, a Side-A processor and a Side-B processor. The Side-A processor is powered by the Side-A DPA Power Supply and Mechanism Controller (PSMC), whereas the Side-B Back End Processor is powered by the Side-B DPA PSMC. Each BEP is powered by issuing an enable PSMC command to the appropriate side, followed by a power-on command to that side. When powered, the BEP hardware and software will perform a power-on boot (see Section 3.1.3.1).

Since the Side-A PSMC also supplies power to three of the Front End Processors (FEPs 0,1 and 2) and the Side-B PSMC supplies power to the remaining three FEPs (3, 4 and 5), both BEP processors are normally powered at the same time. However, only one BEP may be "active" at a time. At power-on, the Side-A BEP is the "active" BEP, while the Side-B BEP's processor is held in a reset state and its external I/O logic is inactive. See Section 3.1.2 for a description on how to switch which is the active BEP and for warnings concerning FEP power when switching between BEPs.

NOTE: If BEP B is powered up, and BEP A is not already powered, BEP B will not be the selected BEP, and the serial digital telemetry and bi-level telemetry from the DPA will float. Lab experience has shown that the floating lines tend to a logical `1'. See Section 3.1.2 for the procedure to activate BEP B.

Commands

The following are the commands issued to power-on the BEPs. See Section 3.2 for commands to power-off the DPA's BEPs. Also, see Section 3.3.3 for commands needed to enable and power on and off the Detector Electronics Assembly.

Table 3. Power On Command Sequence
Command
Mnemonic* Command Type Description

Power Up Side-A BEP

1DPPSAEN Pulse to PSMC Side-A Enable (but don't power on) the PSMC DPA Side-A

1DPPSAON Pulse to PSMC Side-A Power-On the PSMC DPA Side-A Power

Power Up Side-B BEP

1DPPSBEN Pulse to PSMC Side-B Enable (but don't power on) the PSMC DPA Side-B

1DPPSBON Pulse to PSMC Side-B Power-On the PSMC DPA Side-B Power

* Hardware command mnemonics are described in the ACIS Instrument Protocol and Command List (MIT-CSR 36-01410)

**Table 3. Power On Command Sequence**
Command Mnemonic*	Command Type	Description
Power Up Side-A BEP
1DPPSAEN	Pulse to PSMC Side-A	Enable (but don't power on) the PSMC DPA Side-A
1DPPSAON	Pulse to PSMC Side-A	Power-On the PSMC DPA Side-A Power
Power Up Side-B BEP
1DPPSBEN	Pulse to PSMC Side-B	Enable (but don't power on) the PSMC DPA Side-B
1DPPSBON	Pulse to PSMC Side-B	Power-On the PSMC DPA Side-B Power

Engineering Telemetry

The following telemetry items in the engineering portion of the telemetry stream indicate when power is applied to the BEPs. The following assume that BEP A is being powered first.

Table 4. Power On Engineering Telemetry
Telemetry
Mnemonic* Telemetry Type Value Description

While the BEPs are off and PSMC disabled

1DPPSAEN Serial Digital 0 Verifies that the DPA A-side Power Supply is disabled.

1DPPSBEN Serial Digital 0 Verifies that the DPA B-side Power Supply is disabled.

1DPPSAON Serial Digital 0 Verifies that the DPA A-side Power Supply is off.

1DPPSBON Serial Digital 0 Verifies that the DPA B-side Power Supply is off.

1TSERXT SW Serial Digital undefined The software serial digital telemetry out of a BEP while powered off is undefined, however lab experience shows the interface almost always floats to 1's, giving 8-bit data values of 0xff

1STAT[0..7]ST HW Bi-level undefined The bi-level telemetry of the BEP when powered off is undefined, however, lab experience shows the interface almost always floats to 1's.

After a pair of PSMC DPA Enable commands have been issued

1DPPSAEN Serial Digital 1 Verifies that the DPA A-side Power Supply has been enabled

1DPPSBEN Serial Digital 1 Verifies that the DPA B-side Power Supply has been enabled

After a pair of PSMC DPA Power-On commands have been issued

1DPPSAON Serial Digital 1 Verifies that the DPA A-side Power Supply has been turned on.

1DPPSBON Serial Digital 1 Verifies that the DPA B-side Power Supply has been turned on.

1TSERXT SW Serial Digital fill = 0xb7 Once a BEP is powered and enabled (side-A defaults to enabled), the hardware places a fill pattern into the software serial telemetry stream. This fill pattern appears whenever the software is not transmitting telemetry packets.

1STAT0ST Bi-level:
"LED" bits 0-3
Vary When the BEP is first powered, the software sets the LED bi-levels to 0xf. As the system boots, it walks the LEDs through a series of values so that if the instrument gets "stuck", the ground can tell where. The LED value sequence is described in more detail in Section 3.1.3 and Section 3.1.4. Once running, the Flight Software's Housekeeping Task updates these bits to indicate the current state of the instrument.

1STAT1ST Vary

1STAT2ST Vary

1STAT3ST Vary

1STAT4ST Bi-level: BEP Id 0 (BEP A) If BEP A is powered on first, it will be, by default, the selected BEP and drive the bi-level to 0.

1STAT5ST Bi-level: CPU Not Reset 1 Since, by default, BEP A is not held in a reset state when first powered, the BEP will drive this bi-level to a 1.

1STAT6ST Bi-level: FIFO Not Full 1 After a power-on, the BEP's command FIFO is reset by the hardware, and therefore will not be full, but instead is empty.

1STAT7ST Bi-level: FIFO Not Empty 0

* Engineering telemetry mnemonics are described in the ACIS Instrument Protocol and Command List (MIT-CSR 36-01410)

**Table 4. Power On Engineering Telemetry**
Telemetry Mnemonic*	Telemetry Type	Value	Description
While the BEPs are off and PSMC disabled
1DPPSAEN	Serial Digital	0	Verifies that the DPA A-side Power Supply is disabled.
1DPPSBEN	Serial Digital	0	Verifies that the DPA B-side Power Supply is disabled.
1DPPSAON	Serial Digital	0	Verifies that the DPA A-side Power Supply is off.
1DPPSBON	Serial Digital	0	Verifies that the DPA B-side Power Supply is off.
1TSERXT	SW Serial Digital	undefined	The software serial digital telemetry out of a BEP while powered off is undefined, however lab experience shows the interface almost always floats to 1's, giving 8-bit data values of 0xff
1STAT[0..7]ST	HW Bi-level	undefined	The bi-level telemetry of the BEP when powered off is undefined, however, lab experience shows the interface almost always floats to 1's.
After a pair of PSMC DPA Enable commands have been issued
1DPPSAEN	Serial Digital	1	Verifies that the DPA A-side Power Supply has been enabled
1DPPSBEN	Serial Digital	1	Verifies that the DPA B-side Power Supply has been enabled
After a pair of PSMC DPA Power-On commands have been issued
1DPPSAON	Serial Digital	1	Verifies that the DPA A-side Power Supply has been turned on.
1DPPSBON	Serial Digital	1	Verifies that the DPA B-side Power Supply has been turned on.
1TSERXT	SW Serial Digital	fill = 0xb7	Once a BEP is powered and enabled (side-A defaults to enabled), the hardware places a fill pattern into the software serial telemetry stream. This fill pattern appears whenever the software is not transmitting telemetry packets.
1STAT0ST	Bi-level: "LED" bits 0-3	Vary	When the BEP is first powered, the software sets the LED bi-levels to 0xf. As the system boots, it walks the LEDs through a series of values so that if the instrument gets "stuck", the ground can tell where. The LED value sequence is described in more detail in Section 3.1.3 and Section 3.1.4. Once running, the Flight Software's Housekeeping Task updates these bits to indicate the current state of the instrument.
1STAT1ST	Vary
1STAT2ST	Vary
1STAT3ST	Vary
1STAT4ST	Bi-level: BEP Id	0 (BEP A)	If BEP A is powered on first, it will be, by default, the selected BEP and drive the bi-level to 0.
1STAT5ST	Bi-level: CPU Not Reset	1	Since, by default, BEP A is not held in a reset state when first powered, the BEP will drive this bi-level to a 1.
1STAT6ST	Bi-level: FIFO Not Full	1	After a power-on, the BEP's command FIFO is reset by the hardware, and therefore will not be full, but instead is empty.
1STAT7ST	Bi-level: FIFO Not Empty	0

Science Telemetry

When a BEP has power, and the software is not transmitting any telemetry packets, the hardware supplies a single-byte fill pattern, 0xb7 (hexadecimal). Once the software is initialized after a power-on, it outputs a BEP Startup Message telemetry packet, and then approximately once every 64 seconds outputs a BEP Software Housekeeping telemetry packet. The Startup Message packet is described in more detail in Section 3.1.3. The Software Housekeeping packet is described in more detail in Section 3.4.3.

Table 5. Power On Science Telemetry
Tag Field Value Description

After the PSMC DPA Power-On command has been issued
(NOTE: If BEP B, a select command must also be issued (see Section 3.1.2)

TTAG_STARTUP - - After the BEP software is initialized, it issues a BEP Startup Message packet.

TTAG_SW_HOUSE - - Once running, the flight software emits 1 software housekeeping packet every 64 seconds or so.

**Table 5. Power On Science Telemetry**
Tag	Field	Value	Description
After the PSMC DPA Power-On command has been issued (NOTE: If BEP B, a select command must also be issued (see Section 3.1.2)
TTAG_STARTUP	-	-	After the BEP software is initialized, it issues a BEP Startup Message packet.
TTAG_SW_HOUSE	-	-	Once running, the flight software emits 1 software housekeeping packet every 64 seconds or so.

Warnings

Power Reset of Tables
A power-on will reset the state of the all hardware within ACIS, and reset all internal software structures. Any code, tables and data loaded into RAM will be lost.
Power Reset of Uplink Flag
If the instrument was in a "load-from-uplink" state prior to being powered-off, the state of "load-from-uplink" flag will be lost. When the instrument is subsequently powered on, it will load code from its EEPROMs and execute the loaded code.
BEP Select Confusion
If BEP B is powered on and selected while BEP A is off, and then BEP A is powered on, both BEPs will be selected and will attempt to drive the telemetry interface. This will not hurt the hardware, but will make software telemetry impossible to understand. A "Select BEP" command to choose either A or B at this point will solve the problem.

3.1.2 Selecting which BEP is active

This section describes how to select which BEP should be active, and drive the interface hardware.

Description

By default, after a power-on, both BEP A and BEP B will assume that the active BEP is BEP A. To select BEP B, one must explicitly issue a hardware serial digital command to select it. In order to avoid confusion, and reduce the possibility of problems, it is recommended, that a select command be issued whenever one or both BEPs are first powered on (NOTE: see Warnings concerning FEP power when selecting BEPs). Whenever a BEP is de-selected, its processor is held in a reset state and the software on the BEP is halted. If the BEP is then selected, the reset is released, and the BEP software will proceed to boot and run.

Commands

The following are the commands issued to select a particular BEPs.

Table 6. BEP Selection Commands
Command
Mnemonic Command Type Value Description

Select BEP A

1BSELICL HW Serial Digital v=0 Select BEP A by issuing the Select BEP command with data bit 0 (v) set to 0.

Select BEP B

1BSELICL HW Serial Digital v=1 Select BEP B by issuing the Select BEP command with data bit 0 (v) set to 1.

**Table 6. BEP Selection Commands**
Command Mnemonic	Command Type	Value	Description
Select BEP A
1BSELICL	HW Serial Digital	v=0	Select BEP A by issuing the Select BEP command with data bit 0 (v) set to 0.
Select BEP B
1BSELICL	HW Serial Digital	v=1	Select BEP B by issuing the Select BEP command with data bit 0 (v) set to 1.

Engineering Telemetry

The currently selected BEP is indicated by a bi-level in the engineering telemetry.

Table 7. Selected BEP in Engineering Telemetry
Telemetry
Mnemonic Telemetry Type Value Description

When BEP A is the selected BEP:

1STAT4ST Bi-level: BEP Id 0 If BEP A is selected, this bi-level will have a value of 0.

When BEP B is the selected BEP:

1STAT4ST Bi-level: BEP Id 1 If BEP B is selected, this bi-level will have a value of 1. NOTE: If the selected BEP is powered off, then the bi-level will float, usually to a '1'. This may lead to confusion under some conditions

**Table 7. Selected BEP in Engineering Telemetry**
Telemetry Mnemonic	Telemetry Type	Value	Description
When BEP A is the selected BEP:
1STAT4ST	Bi-level: BEP Id	0	If BEP A is selected, this bi-level will have a value of 0.
When BEP B is the selected BEP:
1STAT4ST	Bi-level: BEP Id	1	If BEP B is selected, this bi-level will have a value of 1. NOTE: If the selected BEP is powered off, then the bi-level will float, usually to a '1'. This may lead to confusion under some conditions

Science Telemetry

If the chosen BEP is not already selected, then the select command releases the BEP's reset line, causing the instrument software to load and run. Depending on the state of the BEP's Boot Modifier Flag at the time of the select command is received, the instrument software's bootstrap loader will either (a) load code from EEPROM (see Section 3.1.3) and will produce its standard Startup Message telemetry packet, and subsequent Software Housekeeping telemetry packets, or (b) will load code from a series of software serial command packets (Section 3.1.4 ) which may or may not produce any science telemetry, depending on what code is loaded and run.

Warnings

BEP already selected
If the BEP is already selected, it will not be re-booted.
BEP not already selected
If the BEP is not currently the selected BEP, it will be held in a reset state. Once selected, the BEP will re-boot.
Both BEP A and B are selected
If BEP A is powered on, or power-cycled while BEP B is selected, BEP A will assume that it is selected. This will cause contention and confusion on the telemetry interface. To correct the problem, re-issue the most recent select command after powering on BEP A. To avoid the problem, issue a Select BEP A command prior to powering on BEP A, or ensure that BEP B is un-powered when BEP A is turned on.
Neither BEP A nor B are selected
If BEP A is powered on while BEP B is powered off, and is then told that BEP B is selected, no BEP will be driving the interfaces.
FEPs may be held "on"
The Side-A and Side-B BEPs can both be commanded to enable and disable power to the FEPs. If both BEPs are powered and the previously selected BEP has power enabled to some of the FEPs, the currently selected BEP will not be able to power-off those FEPs. See Section 3.3.2 for more detail.

3.1.3 Loading from EEPROM

Each ACIS Back End Processor is capable of loading its software from its Read-Only-Memory, or from its uplink channel. This section describes the former.

3.1.3.1 Power-On Boot

Description

When a Back-End Processor (BEP) is powered on and selected, it executes a bootstrap loader residing within its Read-Only Memory (ROM) (prior to launch, this is Electrically Erasable and Programmable Read-Only Memory, EEPROM). This loader copies the bulk of the instrument software from the ROM into the BEPs RAM, and transfers control to the loaded code. The loaded code detects that the instrument has been started by a power on and as a result takes the following actions:

Copies the bulk of code and initialized data from ROM into I-cache and D-cache RAM

Resets the Patch List to "empty"

Copies Parameter Blocks (Te, Cc, 2d, 1d, Dea) from ROM into RAM

Copies Bad Pixel and Column Maps from ROM into RAM

Copies Huffman Tables from ROM into RAM

Copies System Configuration Settings from ROM into RAM

Issues a Startup Message telemetry packet

All DEA Video boards will be powered off (as per the default ROM System Configuration Table settings)

All Front End Processors (FEP) will be powered off, unless held on by the other BEP (as per the default ROM System Configuration Table settings)

Focal Plane temperature will be reset to its default ROM System Configuration Table value

Commands

To power on and run Side-A BEP:

1DPPSAEN       Enable Side-A DPA Power Supply
1DPPSAON       Power-On Side-A DPA Power Supply
1BSELICL(v=0)  Select Side-A BEP to ensure no contention with BEP B.

To power on and run Side-B BEP:

1DPPSBEN       Enable Side-B DPA Power Supply
1DPPSBON       Power-On Side-B DPA Power Supply
1BSELICL(v=1)  Select Side-B BEP

Engineering Telemetry

Command Verifiers
1DPPSAEN  Verifies DPA Power Supply A is enabled
1DPPSAON  Verifies DPA Power Supply A is on
1DPPSBEN  Verifies DPA Power Supply B is enabled
1DPPSBON  Verifies DPA Power Supply B is on
1STAT4ST  0 - indicates BEP A is selected,
          1 - indicates BEP B is selected
(NOTE: See Warnings in Section 3.1.2)
Boot LED Sequence
LED values are listed as: (1STAT3ST, 1STAT2ST, 1STAT1ST, 1STAT0ST)
LED_BOOT_RESET    (1,1,1,1) - BEP has just reset
LED_RUN_PATCH     (1,0,0,1) - Resetting patch list
LED_RUN_STARTUP   (1,0,0,0) - Starting the multi-tasking executive
(see Warnings)
After an initial 64 second wait, the BEP's Software Housekeeping task will alternate the LEDs between two values every 64 seconds indicating whether or not a science run is in progress, and that the BEP was not restarted due to a watchdog reset. If a science run is not in progress, the LEDs will alternate between:
LED_RUN_IDLE_A    (0,1,1,0)
LED_RUN_IDLE_B    (0,1,1,1)
If a science run is activated, the LEDs will change to:
LED_RUN_SCIENCE_A    (0,1,0,0)
LED_RUN_SCIENCE_B    (0,1,0,1)

Science Telemetry

Startup Message from Power On Boot

bepStartupMessage: TTAG_STARTUP
{
  bepTickCounter   < 10 (if not, SEU or hardware error)
  version          = 11 (if not, SEU or hardware error)
  lastFatalCode    = random
  lastFatalValue   = random
  watchdogFlag     = 0 (if 1, SEU or hardware error)
  patchValidFlag   = 0 (if 1, SEU or hardware error)
  configFlag       = 0 (if 1, SEU or hardware error)
  parametersFlag   = 0 (if 1, SEU or hardware error)
  warmBootFlag     = 0 (if 1, was a Warm-Boot, SEU or hardware error)
}

Software Housekeeping

swHousekeeping: TTAG_SW_HOUSE
{
  startingBepTickCounter = varying
  endingBepTickCounter   = startingBepTickCounter + 640
  statistics[] =
  {
    swStatisticId        = SWSTAT_VERSION
    count                = 1
    value                = 11
  }
  {
    swStatisticId        = SWSTAT_TIMERCB_INVOKE
    count                = 1
    value               ~= 640 (~10 timer ticks/second)
  }
}

Warnings

Power-On Boot is always a Cold-Boot
A power-on boot resets the BEPs hardware flags, such as the Warm Boot flag, and the Load-from-Uplink flag, making it impossible to perform a Warm Boot or Load-from- Uplink Boot using just a power-on command sequence. See Section 3.1.4 for a description of how to perform a Load-from-Uplink Boot, and Section 3.1.3.3 for a description of a Warm-Boot.
"As-launched" settings (including temperature control)
All Patches are lost and all Parameter Blocks, System Configuration Settings, and Huffman Compression Tables will be reset to their "as-launched" values. Note: This affects power-consumption of the instrument and the focal-plane temperature control set-point.
Memory Decay
Don't count on any unused portions of BEP or FEP memory remaining intact. The powered-off memory will "decay" over time.
See Warnings in Section 3.1.1 and Section 3.1.2
"Stuck" LED Values
The initial boot LED sequence will change faster than the sample rate of the telemetry system. Unless something goes wrong, don't expect to see every code in the sequence as the instrument comes up. However, if the LED values "stick" to the following values for more than one science telemetry frame, or codes persist which are not listed, there is probably a problem with the instrument or command sequence to the instrument:
```
LED_BOOT_RESET    (1,1,1,1) - BEP has just reset
LED_RUN_PATCH     (1,0,0,1) - Copying patches or resetting patch list
```
If the following LED code "sticks" for more than 64 seconds, there may also be a problem:
```
LED_RUN_STARTUP   (1,0,0,0) - Starting the multi-tasking executive
```

3.1.3.2 Cold Boot

Description

Cold-Boots are performed in order to reset and re-initialize a BEP into an "as-launched" state, without resorting to cycling the power. In order to perform a cold- boot, the desired BEP must be powered-on, and selected, with its Load-from- Uplink flag cleared (default condition after power-on), and its Warmboot flag cleared (default condition after power-on). It then must receive a BEP Halt command, followed by a BEP Run command. This will cause the BEP CPU to reset and start executing the loader in its ROM. From then on, the boot process of the BEP appears just as a power-on boot. The loader and startup software will reset the Patch List, and reload the default tables from ROM.

Copies the bulk of code and initialized data from ROM into I-cache and D-cache RAM

Resets the Patch List to "empty"

Copies Parameter Blocks (Te, Cc, 2d, 1d, Dea) from ROM into RAM

Copies Bad Pixel and Column Maps from ROM into RAM

Copies Huffman Tables from ROM into RAM

Copies System Configuration Settings from ROM into RAM

Issues a Startup Message telemetry packet

All DEA Video boards and Front End Processors will be powered off (as per the default ROM System Configuration Table settings)

All Front End Processors (FEP) will be powered off, as per the default ROM System Configuration Table settings, unless held on by the other BEP (see Section 3.3.2)

Focal Plane temperature will be reset to its default ROM System Configuration Table value

Commands

1BMODIBM (v=0) Set BootModifier Off
1WRMBTSB (v=0) Set Warmboot Off
1RSETIRT (v=1) Halt BEP
1RSETIRT (v=0) Run BEP

Engineering Telemetry

Boot LED Sequence (for detail, refer to Engineering Telemetry in Section 3.1.3.1)
LED_BOOT_RESET
LED_RUN_PATCH
LED_RUN_STARTUP
LED_RUN_IDLE_A
LED_RUN_IDLE_B
LED_RUN_SCIENCE_A
LED_RUN_SCIENCE_B
	

Science Telemetry

Startup Message

bepStartupMessage: TTAG_STARTUP
{
  bepTickCounter   < 10 (if not, SEU or hardware error)
  version          = 11 (if not, SEU or hardware error)
  lastFatalCode    = random
  lastFatalValue   = random
  watchdogFlag     = 0 (if 1, SEU or hardware error)
  patchValidFlag   = 0 (if 1, SEU or hardware error)
  configFlag       = 0 (if 1, SEU or hardware error)
  parametersFlag   = 0 (if 1, SEU or hardware error)
  warmBootFlag     = 0 (if 1, was a Warm-Boot, SEU or hardware error)
}

Software Housekeeping

swHousekeeping: TTAG_SW_HOUSE
{
  startingBepTickCounter = varying
  endingBepTickCounter   = startingBepTickCounter + 640
  statistics[] =
  {
    swStatisticId        = SWSTAT_VERSION
    count                = 1
    value                = 11
  }
  {
    swStatisticId        = SWSTAT_TIMERCB_INVOKE
    count                = 1
    value               ~= 640 (~10 timer ticks/second)
  }
}

Warnings

A Cold Reset is initiated upon receipt of a BEP Select Command
If an un-selected BEP is selected, and its Load-from-Uplink and Warmboot flags are de-asserted, the BEP will perform a cold-boot, losing any previously stored Patch List, Parameter Blocks, etc.
"As-launched" settings (including temperature control)
All Patches, Parameter Blocks, System Configuration Settings, and Huffman Compression Tables will be reset to their "as-launched" values. Note: This affects power-consumption of the instrument and the focal-plane temperature control set- point.
Preserved Memory
Unused portions of BEP memory will remain intact.
"Stuck" LED Values
The initial boot LED sequence will change faster than the sample rate of the telemetry system. Unless something goes wrong, don't expect to see every code in the sequence as the instrument comes up. However, if the LED values "stick" to the following values for more than one science telemetry frame, or codes persist which are not listed, there is probably a problem with the instrument or command sequence to the instrument:
```
LED_BOOT_RESET    (1,1,1,1) - BEP has just reset
LED_RUN_PATCH     (1,0,0,1) - Copying patches or resetting patch list
```
If the following LED code "sticks" for more than 64 seconds, there may also be a problem:
```
LED_RUN_STARTUP   (1,0,0,0) - Starting the multi-tasking executive
```

3.1.3.3 Warm Boot

Description

A Warm-Boot is used to reset a BEP's hardware, re-load its code and data from ROM and install its patch list while attempting to maintain the already loaded configuration tables and parameter blocks. A Warm-Boot retains the BEPs Patch List, Parameter Blocks, etc. To issue a Warm-Boot, the BEP must be powered on and selected, with its Load-from-Uplink flag de-asserted, but its Warmboot flag in an asserted state. Upon receipt of a Halt BEP command followed by a Run BEP command, the BEP hardware will reset and invoke the loader software in its ROM. This loader copies the bulk of the instrument software from the ROM into the BEPs RAM, and transfers control to the loaded code. The loaded code detects that the instrument Warmboot flag is asserted, and installs the Patch List nodes, overwriting the code and data areas specified by the nodes with the data stored in the patch nodes. The startup software then issues a Startup Message telemetry packet.

A Warmboot of the BEP:

Copies the bulk of code and initialized data from ROM into I-cache and D-cache RAM.

Installs the patches, overwriting code and data specified by the nodes in the Patch List with the data contained in the Patch List nodes.

Issues a Startup Message telemetry packet, indicating the integrity of the patch list, parameter blocks and system configuration table. NOTE: Since the system configuration table controls the focal-plane temperature and FEP and DEA power settings, if the table has been corrupted, the startup code will restore the default system configuration table from ROM into RAM, overwriting the corrupted copy.

The initialization code for the DEA will reset the DEA Interface Controller board. This will have the effect of powering off the video boards. Within a few seconds, however, the System Configuration Task will restore power to those boards indicated in the preserved system configuration table (i.e. those boards which were on prior to the warm-boot, will be re-powered).

The hardware reset of the BEP will cause a reset of the Front End Processors (FEP), but won't reset the FEP power settings. FEPs which were powered prior to the reset will remain powered, but will be held in reset state until a science run is started, or until they are powered off via subsequent cold boots or "Change System Configuration" commands (see Section 3.3.2).

Commands

1BMODIBM (v=0) Set BootModifier Off
1WRMBTSB (v=1) Set Warmboot On
1RSETIRT (v=1) Halt BEP
1RSETIRT (v=0) Run BEP

Engineering Telemetry

Boot LED Sequence (for detail, refer to Engineering Telemetry in Section 3.1.3.1)
LED_BOOT_RESET
LED_RUN_PATCH
LED_RUN_STARTUP
LED_RUN_IDLE_A
LED_RUN_IDLE_B
LED_RUN_SCIENCE_A
LED_RUN_SCIENCE_B

Science Telemetry

Startup Message

bepStartupMessage: TTAG_STARTUP
{
  bepTickCounter   < 10 (if not, SEU or hardware error)
  version          = 11 (if not, System Patched, SEU or hardware)
  lastFatalCode    = random
  lastFatalValue   = random
  watchdogFlag     = 0 (if 1, Watchdog boot, SEU or hardware error)
  patchValidFlag   = 0 (if 1, Patch List corrupted)
  configFlag       = 0 (if 1, System Configuration corrupted)
  parametersFlag   = 0 (if 1, Parameter Blocks corrupted)
  warmBootFlag     = 1 (if 0, Cold Boot, SEU or hardware error)
}

Software Housekeeping

swHousekeeping: TTAG_SW_HOUSE
{
  startingBepTickCounter = varying
  endingBepTickCounter   = startingBepTickCounter + 640
  statistics[] =
  {
    swStatisticId        = SWSTAT_VERSION
    count                = 1
    value                = 11 (if not, System Patched, SEU or hardware)
  }
  {
    swStatisticId        = SWSTAT_TIMERCB_INVOKE
    count                = 1
    value               ~= 640 (~10 timer ticks/second)
  }

NOTE: if an error is encountered restoring DEA video board power then add:

{
    swStatisticId        = SWSTAT_DEABOARD_ERROR
    count                = variable
    value                = (deaslot << 16) | internal DEA error code
  }
}

Warnings

Warm Reset via the BEP Select command
If an un-selected BEP is selected, its Load-from-Uplink is de-asserted, but its Warmboot flag is asserted, the BEP will perform a warm-boot.
Retained Parameter Blocks
All Patches, Parameter Blocks, and Huffman Compression Tables are retained.
Retained/Corrupted System Configuration
The System Configuration Table will be retained if its checksum is intact. If corrupted, however, the System Configuration Table will be overwritten by the default contained in ROM.
Power-cycled DEA Video Boards
If the System Configuration Table is intact, the DEA Video boards which were powered prior to the reset, will be power-cycled.
Cycled Focal Plane Temperature Control
If the System Configuration Table is intact, the DEA focal-plane temperature control set-point will be set to 0 (due to the interface board reset), and then to the value it had prior to the reset.
Reset FEPs
If the System Configuration Table is intact, FEP boards which were powered prior to the reset will remain powered, but will be held in a reset state.
Preserved Memory
Unused portions of BEP memory will remain intact.
"Stuck" LED Values
The initial boot LED sequence will change faster than the sample rate of the telemetry system. Unless something goes wrong, don't expect to see every code in the sequence as the instrument comes up. However, if the LED values "stick" to the following values for more than one science telemetry frame, or codes persist which are not listed, there is probably a problem with the instrument or command sequence to the instrument:
```
LED_BOOT_RESET    (1,1,1,1) - BEP has just reset
LED_RUN_PATCH     (1,0,0,1) - Copying patches or resetting patch list
```
If the following LED code "sticks" for more than 64 seconds, there may also be a problem:
```
LED_RUN_STARTUP   (1,0,0,0) - Starting the multi-tasking executive
```

3.1.3.4 Watchdog Reset

Description

When a BEP's watchdog timer expires, the hardware sets a watchdog-reboot flag and issues a hardware reset. This may be caused by a task lockup in the BEP, or by a trapped fatal error condition, in which the recovery code uses the watchdog timer to reset the BEP. Once the BEP reboots, the loader in the BEPs ROM is invoked. If the Load-from-Uplink flag is de-asserted, the loader copies code and data from ROM into RAM, and invokes the loaded startup software. The startup software checks the state of the Warmboot flag, and if asserted, it performs a warm-reboot sequence, except that it skips the step which installs the patches. If the Warmboot flag is de-asserted, the boot-sequence is identical to that of a cold-reboot (see Section 3.1.3.2 ). The ground can detect the occurrence of a Watchdog reboot via the Startup Message telemetry packet, and via the bi-level "LED" telemetry items.

A Warm Watchdog Reset of the BEP:

Copies the bulk of code and initialized data from ROM into I-cache and D-cache RAM.

Skips the installation of the patches (NOTE: Although the patches aren't applied to the code and data in RAM, the patch list will remain intact).

Issues a Startup Message telemetry packet, indicating that there was a watchdog reboot, and indicating the integrity of the patch list, parameter blocks and system configuration table. NOTE: Since the system configuration table controls the focal-plane temperature and FEP and DEA power settings, if the table has been corrupted, the startup code will restore the default system configuration table from ROM into RAM, overwriting the corrupted copy.

The initialization code for the DEA will reset the DEA Interface Controller board. This will have the effect of powering off the video boards. Within a few seconds, however, the System Configuration Task will restore power to those boards indicated in the preserved system configuration table (i.e. those boards which were on prior to the warm-boot, will be re-powered).

The hardware reset of the BEP will cause a reset of the of the Front End Processors (FEP), but won't reset the FEP power settings. FEPs which were powered prior to the reset will remain powered, but will be held in reset state until a science run is started, or until they are power-cycled via a pair of "Change System Configuration" commands (see Section 3.3.2).

Commands

None (although the crash may be as a result of an earlier command).

Engineering Telemetry

Boot LED Sequence
LED values are listed as: (1STAT3ST, 1STAT2ST, 1STAT1ST, 1STAT0ST)
LED_BOOT_RESET     (1,1,1,1) - BEP has just reset
LED_RUN_PATCH      (1,0,0,1) - Copying patches
LED_RUN_STARTUP    (1,0,0,0) - Starting the multi-tasking executive
After an initial 64 second wait, the BEP's Software Housekeeping task will alternate the LEDs between two values every 64 seconds indicating that no science runs are in progress, and that the BEP was restarted due to a watchdog reset:
LED_WD_IDLE_A      (0,0,1,0)
LED_WD_IDLE_B      (0,0,1,1)
If a science run is activated, the LEDs will change to:
LED_WD_SCIENCE_A   (0,0,0,0)
LED_WD_SCIENCE_B   (0,0,0,1)

Science Telemetry

If the Watchdog expiration is due to a caught Fatal Error, the BEP will do a "best-effort" attempt to issue a Fatal Error Message telemetry packet, prior to forcing a watchdog timer expiration:

Fatal Message
fatalMessage: TTAG_FATAL
{
  bepTickCounter     = BEP tick on detection of error
  fatalCode          = enum FatalCode
  fatalValue         = depends on FatalCode
}
Startup Message
bepStartupMessage: TTAG_STARTUP
{
  bepTickCounter     < 10 (if not, SEU or hardware error)
  version            = 11 (if not, SEU or hardware error)
  lastFatalCode      = enum FatalCode (or random if uncontrolled*)
  lastFatalValue     = depends on FatalCode (or random)
  watchdogFlag       = 1 (if 0, SEU or hardware error, or not watchdog)
  patchValidFlag     = 0 (if 1, Patch List corrupted)
  configFlag         = 0 (if 1, System Configuration corrupted)
  parametersFlag     = 0 (if 1, Parameter Blocks corrupted)
  warmBootFlag       = 0/1
}
* Due to a problem in the latest version of the instrument software, the lastFatalCode field in the startup message contains the BEP tick counter of the most recent Fatal Error message. The lastFatalValue field con tains the fatal error code. This information is more useful from a diagnostic point of view, and is being left as-is in the instrument software.

Software Housekeeping
swHousekeeping: TTAG_SW_HOUSE
{
  startingBepTickCounter = varying
  endingBepTickCounter   = startingBepTickCounter + 640
  statistics[] =
  {
    swStatisticId        = SWSTAT_VERSION
    count                = 1
    value                = 11 (if not, System Patched, SEU or hardware)
  }
  {
    swStatisticId        = SWSTAT_TIMERCB_INVOKE
    count                = 1
    value               ~= 640 (~10 timer ticks/second)
  }
NOTE: if an error is encountered restoring DEA video board power then add:
  {
    swStatisticId        = SWSTAT_DEABOARD_ERROR
    count                = variable
    value                = (deaslot << 16) | internal DEA error code
  }
}

Warnings

Cold Watchdog Boot
If the Warmboot flag is de-asserted when the watchdog timer expires, the system will perform a cold-boot, resetting the patch list, parameter blocks, bad pixel maps, etc. See Warnings in Section 3.1.3.2
Warm Watchdog Boot with No Patches
If the Warmboot flag is asserted when the watchdog timer expires, the system will perform a warm-boot, except the patch list will not be installed. This could possibly raise compatibility issues with the retained tables, if format changes were introduced which relied on the patches being installed, or worse, a hardware problem work-around not being installed. Also, consider Warnings in Section 3.1.3.3
Power off in-use FEP
The most common causes of Watchdog resets in the lab have been (a) bad patches, and (b) FATAL_INTR_FEP_BUS_ERROR fatal errors due to accessing a FEP when its power is off. This can happen if one powers off a FEP while it is being used in a science run.
Startup Message Info
In the Startup Message of the current version of the instrument software, the lastFatalCode field contains the BEP tick counter of the most recent Fatal Error Message, and the lastFatalValue contains the corresponding fatal error message code.
Recovery from Watchdog Boot
To recover from a Watchdog reset, assuming the Patch List is not the cause, issue a Halt BEP/Run BEP command sequence to cause a normal Warmboot of the BEP.
No looping Watchdogs
The hardware prevents looping Watchdog resets from locking up the instrument. After an initial Watchdog reset, the hardware prevents subsequent watchdog timer expirations, including those caused by a software Fatal Error, from resetting the BEP. An intervening commanded reset (or power-on reset), is required to re-enable watchdog resets.

3.1.4 Loading from Uplink

Description

The Load-from-Uplink feature of ACIS allows a maintainer to load arbitrary software into a Back End Processor (BEP) using the software serial-digital command channel. In order to load the BEP, one must first assert the Load-from- Uplink flag, and then reset the BEP (Halt BEP/Run BEP). The hardware transfers control to the loader software in the BEP's ROM. The loader detects that the Load- from-Uplink flag is asserted, and waits for a "Start Upload" command packet followed by zero or more "Continue Upload" command packets. Once the entire load is copied from the uplinked packets into the BEPs RAM, the loader invokes the loaded software. Once running, the loaded code has control of the instrument, and is responsible for all subsequent software command processing (if any) and telemetry production (if any).

If the loader receives an unrecognized command packet, it will discard the packet, and restart the load, waiting for an initial "Start Upload" command packet.

If the loader receives a new "Start Upload" command packet in the middle of an existing load, the loader will stop the current load (leaving what was already copied into RAM intact) and start the new load. This behavior can be used to perform scatter loads into RAM (see Section 5.9).

Commands

1BMODIBM (v=1) Set BootModifier On
1RSETIRT (v=1) Halt BEP
1RSETIRT (v=0) Run BEP

Start Upload

startUpload: CMDOP_START_UPLOAD
{
  loadAddress       = user-defined - Starting address of load
  totalCount        = user-defined - Total 32-bit words in the load
  executeAddress    = user-defined - Execution address
  initialData[]     = user-defined - Array of 32-bit word data to load
}

Continue Upload

continueUpload: CMDOP_CONTINUE_UPLOAD
{
  continuationData[] = user-defined - More 32-bit data to load
}

Once the program has been loaded and started, it is responsible for processing subsequent software serial commands (if any).

Engineering Telemetry

Boot LED Sequence

LED values are listed as: (1STAT3ST, 1STAT2ST, 1STAT1ST, 1STAT0ST)
LED_BOOT_RESET           (1,1,1,1) - BEP has just reset
LED_BOOT_UPLINK_WAIT     (1,1,0,0) - Waiting for "Start Upload" packet
LED_BOOT_UPLINK_COPY     (1,0,1,1) - Waiting for "Continue Upload" pkts
LED_BOOT_UPLINK_EXECUTE	 (1,0,1,0) - Calling loaded program
It is up to the loaded program

Science Telemetry

Once the program has been loaded and started, it is responsible for all science telemetry (if any).

Warnings

Uses of Load-from-Uplink
Although Load-from-Uplink is a useful diagnostic feature, building loads requires detailed knowledge of the instrument, DPA hardware, and the ACIS software development environment. Transmission of load-from-uplink commands does not require much knowledge beyond that described in this document, but act of building and understanding the effects of programs which use the Load-from-Uplink feature requires knowledge beyond the scope of this document. It is expected that only the ACIS software maintenance team will build programs which use this feature. However, it is possible that this team may request routine uplink loads to perform some types of ACIS maintenance activities.
State of Instrument after a Load-from-Uplink
The state of any on-board stored parameter blocks, tables, etc., is completely up to the loaded program(s). Some programs may corrupt the state of the instrument, whereas others may leave the instrument in the previous state.
Watchdog Timer Maintenance
Once a program is loaded from the uplink channel and begins execution, it has up to 3 seconds to reset the BEP's watchdog timer. Once running, it is the loaded program's responsibility to maintain the timer (NOTE: If the watchdog timer expires, it will reset the BEP. It will not reset the BEP a second time until the BEP receives either a commanded reset (Halt BEP/Run BEP) or power-on reset).

James E. Francis

Last modified: Wed Jan 12 13:59:17 EST