.. _fsd150: FSD150: Validation tests of modes, power supply, and configuration ################################################################## .. list-table:: Header :header-rows: 0 * - Title - FSD150: Validation tests of modes, power supply, and configuration * - Products - Safety Simplifier * - Requirements - * - Purpose - * - Input - FSD120 * - Output - Test specifications Table of contents *********************** .. contents:: Description ============ This document describes the validation tests of modes, power supply, and configuration for the Safety Simplifier, as identified from FSD120. Tests ****** .. test:: Configuration mode and reconfiguration :id: TEST_150_001 :derived: RESULT_150_001 :tags: FSD150, test, configuration Configure a unit with at least one active output running in normal mode. Activate the configuration mode via USB and verify that all active outputs turn off. .. result:: Configuration mode and reconfiguration :id: RESULT_150_001 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration Activated configuration mode via USB, all active outputs turned off as expected. .. test:: Configuration tool connection without activation :id: TEST_150_002 :derived: RESULT_150_002 :tags: FSD150, test, configuration Connect configuration tool to unit without activating configuration state. Attempt reconfiguration commands via USB and radio. Verify unit rejects reconfiguration attempts and continues normal operation. .. result:: Configuration tool connection without activation :id: RESULT_150_002 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration Unit replied NOK to USB reconfiguration commands and no response to radio commands. Unit continued normal operation as expected. .. test:: Loss of power results in safe state :id: TEST_150_003 :derived: RESULT_150_003 :tags: FSD150, test, power Configure system with two nodes. Control outputs on node 2 using a global memory from node 1. Remove power supply to node 1 while monitoring outputs on both units. Verify all outputs go to safe state (0V) when power is lost. .. result:: Loss of power results in safe state :id: RESULT_150_003 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, power When power to node 1 was removed, outputs on node 1 fell instantly. Outputs on node 2 fell after timeout (100ms) as expected. .. test:: Undervoltage results in safe state :id: TEST_150_004 :derived: RESULT_150_004 :tags: FSD150, test, power Configure lower voltage limits to 7V, 22V, and 30V. Slowly lower power supply voltage below each set limit. Verify unit enters safe state (fatal error) and all outputs go to 0V. .. result:: Undervoltage results in safe state :id: RESULT_150_004 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, power Unit correctly entered safe state for all tested voltage limits (7V, 22V, 30V). All outputs went to 0V and display indicated fatal error as expected. .. test:: Overvoltage results in safe state :id: TEST_150_005 :derived: RESULT_150_005 :tags: FSD150, test, power Configure upper voltage limits to 10V, 26V, and 33V. Slowly raise power supply voltage above each set limit. Verify unit enters safe state (fatal error) and all outputs go to 0V. .. result:: Overvoltage results in safe state :id: RESULT_150_005 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, power Unit correctly entered safe state for all tested voltage limits (10V, 26V, 33V). All outputs went to 0V as expected when voltage exceeded limits. .. test:: Firmware mismatch prevents communication :id: TEST_150_006 :derived: RESULT_150_006 :tags: FSD150, test, firmware Configure two units with same firmware versions in same system. Flash one unit with different firmware version (CPU1 and CPU2). Verify no communication occurs between units with different firmware versions. .. result:: Firmware mismatch prevents communication :id: RESULT_150_006 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, firmware When firmware versions differed between units, no communication occurred. Node with different firmware showed no radio communication on display. .. test:: Wrong serial numbers prevent communication :id: TEST_150_007 :derived: RESULT_150_007 :tags: FSD150, test, serialnumber Set up system with 16 nodes communicating normally via radio and CAN. Change serial number settings for node 1, then restore and change node 2. Verify communication stops when serial numbers don't match across system. .. result:: Wrong serial numbers prevent communication :id: RESULT_150_007 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, serialnumber When serial numbers were changed on node 1, all system communication stopped. When serial numbers were changed on node 2, that node lost connection to system. All outputs went to 0V as expected. .. test:: Maximum reaction time is selectable :id: TEST_150_008 :derived: RESULT_150_008 :tags: FSD150, test, timing Verify that maximum reaction time from detecting stop condition until outputs turn off is selectable. Test covers input signal reaction time, input filter, logic calculation interval, communication reaction time, and output reaction time parameters. .. result:: Maximum reaction time is selectable :id: RESULT_150_008 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, timing Maximum reaction time parameters are selectable and function as specified. All timing components tested in referenced test documents. .. test:: Configuration protected with CRC :id: TEST_150_009 :derived: RESULT_150_009 :tags: FSD150, test, configuration Create valid configuration and modify one byte of data. Attempt to download corrupted configuration to unit. Verify unit rejects configuration with invalid CRC. .. result:: Configuration protected with CRC :id: RESULT_150_009 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration Unit correctly rejected reconfiguration attempt with invalid CRC data. Configuration integrity protection functioning as expected. .. test:: Fatal error turns off all outputs :id: TEST_150_010 :derived: RESULT_150_010 :tags: FSD150, test, fatalerror Set up system with 16 nodes communicating normally. Trigger fatal error on node 1 using fatal error trigger function block. Repeat test with different node and verify all system outputs turn off. .. result:: Fatal error turns off all outputs :id: RESULT_150_010 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, fatalerror When node 1 entered fatal error, all system outputs turned off. When node 16 entered fatal error, all system outputs turned off. Fatal error propagation functioning correctly across entire system. .. test:: Configuration tool connection during operation :id: TEST_150_011 :derived: RESULT_150_011 :tags: FSD150, test, configuration Connect PC configuration tool to unit during normal operation. Verify unit continues operating normally without entering safe state. Confirm connection alone does not affect operation. .. result:: Configuration tool connection during operation :id: RESULT_150_011 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration Unit continued normal operation when configuration tool was connected. No disruption to normal function occurred from tool connection alone. .. test:: Wrong configuration prevents communication :id: TEST_150_012 :derived: RESULT_150_012 :tags: FSD150, test, configuration Set up system with 16 nodes operating normally. Change configuration in node 1, then restore and change configuration in another node. Verify no communication occurs when configurations don't match. .. result:: Wrong configuration prevents communication :id: RESULT_150_012 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration When node 1 configuration was changed, no units had connection to node 1. When node 9 configuration was changed, that node lost system connection. Configuration matching requirement functioning correctly. .. test:: Overheating shut off :id: TEST_150_013 :derived: RESULT_150_013 :tags: FSD150, test Configure a single unit with any logic. Blow on it with a heat gun to heat up the unit. Verify with MemmapRead that when the temperature reaches 85 degrees the unit enters safe state. .. result:: Overheating shut off :id: RESULT_150_013 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result When the temperature reached 85 degrees, the unit entered safe state. .. test:: Wrong password prevents configuration :id: TEST_150_014 :derived: RESULT_150_014 :tags: FSD150, test, password Set up a unit with a password 123. Attempt to change the configuration without entering the password. Verify that the unit rejects the configuration change and continues normal operation. .. result:: Wrong password prevents configuration :id: RESULT_150_014 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result Unit correctly rejected configuration change without correct password via both USB and radio. .. test:: Configure via USB, radio, and CAN :id: TEST_150_015 :derived: RESULT_150_015 :tags: FSD150, test, configuration Configure a unit via USB, radio, and CAN. Verify that the unit accepts the configuration via all interfaces. .. result:: Configure via USB, radio, and CAN :id: RESULT_150_015 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration Unit accepted configuration via USB, radio, and CAN as expected. .. test:: Configuration correct addressing :id: TEST_150_016 :derived: RESULT_150_016 :tags: FSD150, test, configuration Create a project and enter some ID numbers of units to be programmed. Verify that the GUI prompts the user to verify the entered ID numbers. .. result:: Configuration correct addressing :id: RESULT_150_016 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration A dialog box shows when entering or changing ID numbers, prompting the user to verify the entered ID numbers. .. test:: addressing via radio :id: TEST_150_017 :derived: RESULT_150_017 :tags: FSD150, test, addressing Activate the special LED link in a unit via radio. Verify that the LED display is clearly illuminated in a special way that is easily distinguishable from normal operation/config mode. .. result:: addressing via radio :id: RESULT_150_017 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, addressing Radio: the LED display was illuminated and the GUI shows which node it is. .. test:: Configuration success or failure :id: TEST_150_018 :derived: RESULT_150_018 :tags: FSD150, test, configuration Download a configuration to a unit and verify that the GUI indicates the download was successful. Download again and power down the unit before the download completes. Verify that the GUI indicates a failure and the unit does not accept the configuration. .. result:: Configuration success or failure :id: RESULT_150_018 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, configuration The GUI indicated success for the first download and failure for the second download. The unit did not accept the configuration after the failure. .. test:: No direct user interface for unit setup :id: TEST_150_019 :derived: RESULT_150_019 :tags: FSD150, test, userinterface Verify that there is no direct user interface for unit setup or replacement. All configuration must be done via the GUI or memory card. .. result:: No direct user interface for unit setup :id: RESULT_150_019 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, userinterface The unit does not have any direct user interface for setup or replacement. All components are enclosed in the sealed housing and can only be accessed by either unscrewing the top and connecting USB and reconfiguring via the GUI. Configuration in this case is protected by a password. Via radio the configuration is protected by the password. .. test:: Memory card replacement :id: TEST_150_020 :derived: RESULT_150_020 :tags: FSD150, test, memorycard :status: N/A This is not implemented yet. Verify that the memory card can be replaced without affecting the unit's operation. The unit should continue to operate normally after replacing the memory card. .. result:: Memory card replacement :id: RESULT_150_020 :status: N/A :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, memorycard The memory card replacement is not implemented yet, so this test is not applicable at this time. .. test:: Communication timeout :id: TEST_150_021 :derived: RESULT_150_021 :tags: FSD150, test, communication Configure a system of two units with a communication timeout of 10, 100, 10000 ms. Power down one unit and verify that the other unit detects the communication loss after the respective timeout period. .. result:: Communication timeout :id: RESULT_150_021 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, communication 10: The unit detected the communication loss after 10 ms. 100: The unit detected the communication loss after 100 ms. 10000: The unit detected the communication loss after 10000 ms. All units behaved as expected and outputs turned off after the respective timeout period. .. test:: Voltage threshold configuration :id: TEST_150_022 :derived: RESULT_150_022 :tags: FSD150, test, voltage Configure the voltage thresholds for undervoltage and overvoltage to 7V, 22V, and 30V. Verify that the unit enters safe state when the voltage goes below or above these thresholds. .. result:: Voltage threshold configuration :id: RESULT_150_022 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, voltage The unit entered safe state when the voltage went below 7V, above 22V, and above 30V. .. test:: Global memory startup test :id: TEST_150_023 :derived: RESULT_150_023 :tags: FSD150, test, globalmemory Configure a system of 2 units, where one sends a global memory with "start-up" = true. Power down the unit that sends the global memory and power it up again. Verify that the reference in the receiver does not turn on until the sender sends an active 0 and then 1. .. result:: Global memory startup test :id: RESULT_150_023 :status: PASS :verifyer: WF :date: 2025-08-04 :tags: FSD150, result, globalmemory At power down, the reference to the GM turned off. At power up, the reference to the GM did not turn on until the sender sent an active 0 and then 1.