.. _fsd230:

FSD230: SimpleCAN Implementation
================================


Description
***********

This document describes the implementation of the SimpleCAN protocol in Safety Simplifier.


Motivations
***********


.. motivation:: Title
   :id: MOTIVATION_230_001
   :tags: fsd230
   :status: PASS

   Safety simplifier operates in high demand continuous mode.

.. motivation:: Title
   :id: MOTIVATION_230_002
   :tags: fsd230
   :status: PASS

   See FSD350 SimpleCAN specification calculations.

.. motivation:: Title
   :id: MOTIVATION_230_003
   :tags: fsd230
   :status: PASS

   In simplecan_common.h, when data is received, the age is calculated.
   Before every logic tick, in canradio_update_age_timers, the age is checked.
   If the age is greater than the maximum age, the data is set to 0.

.. motivation:: Title
   :id: MOTIVATION_230_004
   :tags: fsd230
   :status: PASS

   Simplifier is compliant with 61508.

.. motivation:: Title
   :id: MOTIVATION_230_005
   :tags: fsd230
   :status: PASS

   see :need:`CERT_0003`

.. motivation:: Title
   :id: MOTIVATION_230_006
   :tags: fsd230
   :status: PASS

   Safety data is independent from non-safety data:
   safety checksum is calculated only on safety data.


.. motivation:: Title
   :id: MOTIVATION_230_007
   :tags: fsd230
   :status: PASS

   No acknowledgement used.

.. motivation:: Title
   :id: MOTIVATION_230_008
   :tags: fsd230
   :status: PASS

   Model A used for transmission and reception.

.. motivation:: Title
   :id: MOTIVATION_230_009
   :tags: fsd230, manual
   :status: PASS

   The manual specifies how to use SimpleCAN with EN 11989-1.

.. motivation:: Title
   :id: MOTIVATION_230_010
   :tags: fsd230
   :status: PASS

   16 entries used in the SDD in Simplifier.
   These are mapped to 16 TX or RX IDs.

.. motivation:: Title
   :id: MOTIVATION_230_011
   :tags: fsd230
   :status: PASS

   Fatal errors are triggered directly from the SimpleCAN software implementation.


.. motivation:: Title
   :id: MOTIVATION_230_012
   :tags: fsd230
   :status: PASS

   16 node hashes are used to calculate the corresponding checksum for each TX/RX packet.


.. motivation:: Title
   :id: MOTIVATION_230_013
   :tags: fsd230
   :status: PASS

   The structure MM_CanConfig contains the safety configuration.
   It contains:

   - baud rate
   - mode
   - cycle time
   - tx slot index
   - number of tx packets
   - number of rx packets
   - which IDs to TX and RX

   The node hashes are in MM_SimpleCAN_NetworkConfig.

.. motivation:: Title
   :id: MOTIVATION_230_014
   :tags: fsd230
   :status: PASS

   Hardware CRC with polynomial 04c11db7h is used.

.. motivation:: Title
   :id: MOTIVATION_230_015
   :tags: fsd230
   :status: PASS

   TX slot index determines when to transmit data.

.. motivation:: Title
   :id: MOTIVATION_230_016
   :tags: fsd230
   :status: PASS

   In simplecan_common.h, when data is received, the age is calculated.
   Before every logic tick, in canradio_update_age_timers, the age is checked.
   If the age is greater than the maximum age, the data is set to 0.

.. motivation:: Title
   :id: MOTIVATION_230_017
   :tags: fsd230
   :status: PASS

   PC software ensures the configuration contains two empty slots at the end of the cycle.


.. motivation:: Title
   :id: MOTIVATION_230_018
   :tags: fsd230
   :status: PASS

   Sync packets are sent the next cycle 200ms after last sync packet.


.. motivation:: Title
   :id: MOTIVATION_230_019
   :tags: fsd230
   :status: PASS

   simplecan_cfg_abort_sync_if_failed handles the abort of sync packets if failed.

.. motivation:: Title
   :id: MOTIVATION_230_020
   :tags: fsd230
   :status: PASS

   CPU1 forwards packets to CPU2 in model A.


.. motivation:: Title
   :id: MOTIVATION_230_021
   :tags: fsd230
   :status: PASS

   CPU1 handles the master determination.
   If a master with lower ID is heard, the current master is demoted to slave.
   If no master with lower ID is heard for 2000ms, the node takes over as master.

.. motivation:: Title
   :id: MOTIVATION_230_022
   :tags: fsd230
   :status: PASS

   If a node is master and hears a master with higher ID for 2000ms, it triggers fatal error.


.. motivation:: Title
   :id: MOTIVATION_230_023
   :tags: fsd230
   :status: PASS

   If a node can act as master it waits 200ms + 10*its lowest ID before sending the first time sync packet.
   If a lower ID is heard it switches to slave mode.


.. motivation:: Title
   :id: MOTIVATION_230_024
   :tags: fsd230
   :status: PASS

   If a node tried to send a sync packet and it fails it will back off and try again.

.. motivation:: Title
   :id: MOTIVATION_230_025
   :tags: fsd230
   :status: PASS

   All nodes start in unsynced state.

.. motivation:: Title
   :id: MOTIVATION_230_026
   :tags: fsd230
   :status: PASS

   Two time sync packets from the same master are required to enter synced state.

.. motivation:: Title
   :id: MOTIVATION_230_027
   :tags: fsd230
   :status: PASS

   12MHz 50ppm crystal is used.


.. motivation:: Title
   :id: MOTIVATION_230_028
   :tags: fsd230
   :status: PASS

   time_since_good_sync_ms checks this.


.. motivation:: Title
   :id: MOTIVATION_230_029
   :tags: fsd230
   :status: PASS

   CAN buffers are checked every ms.
   Max buffer time = 1ms.

.. motivation:: Title
   :id: MOTIVATION_230_030
   :tags: fsd230
   :status: PASS

   check_simplecan_config_or_fatal verifies configuration at startup.

.. motivation:: Title
   :id: MOTIVATION_230_031
   :tags: fsd230
   :status: PASS

   Configuration tool performs configuration download to SR devices in the network.


.. motivation:: Title
   :id: MOTIVATION_230_032
   :tags: fsd230
   :status: PASS

   Configuration tool reads back the configuration after download.


.. motivation:: Title
   :id: MOTIVATION_230_033
   :tags: fsd230
   :status: PASS

   Manual describes how to address SR devices on the network.


.. motivation:: Title
   :id: MOTIVATION_230_034
   :tags: fsd230
   :status: PASS

   Manual describes how to address SR devices on the network.


.. motivation:: Title
   :id: MOTIVATION_230_035
   :tags: fsd230
   :status: PASS

   Safety Simplfier can only be configured in configuration mode.


.. motivation:: Title
   :id: MOTIVATION_230_036
   :tags: fsd230
   :status: PASS

   SimpleCAN is not initialized in safe state.


.. motivation:: Title
   :id: MOTIVATION_230_037
   :tags: fsd230
   :status: PASS

   SimpleCAN is only initialized at normal mode startup.

.. motivation:: Title
   :id: MOTIVATION_230_038
   :tags: fsd230
   :status: PASS

   bad_rx_pkts_counter checks the number of packets with incorrect CRC per hour.

.. motivation:: Title
   :id: MOTIVATION_230_039
   :tags: fsd230
   :status: PASS

   Unauthorized access is checked for configuration via radio.
   Configuration directly via USB/CAN is not protected.

.. motivation:: Title
   :id: MOTIVATION_230_040
   :tags: fsd230
   :status: PASS

   Manual describes this in the SimpleCAN section.


.. motivation:: Title
   :id: MOTIVATION_230_041
   :tags: fsd230
   :status: PASS

   The age of all data is calculated and checked before every logic tick.
   The safety reaction time is configured for the SimpleCAN network by the user in the configuration tool.

.. motivation:: Title
   :id: MOTIVATION_230_042
   :tags: fsd230
   :status: PASS

   Manual describes this in the SimpleCAN section.