14 Error Handling
PHLOX - Ignition Control System 217
14.5 Boot loader
The HEINZMANN digital controls include what is known as a boot loader. This program
section is stored at a specific location of the read-only memory and, once programmed at
the factory; the boot loader cannot be erased.
Upon starting the control program by powering it up or a reset, the boot loader programme
is the first thing to be executed This program performs various relevant tests which indi-
cate whether the actual control programme is operable or not. Based on these tests the boot
loader decides whether the control program can carry out the execution or whether execu-
tion must remain confined to the boot loader to remove any risk of personal injury or dam-
age to the engine. As long as the program is in boot loader mode the engine cannot be
started.
All boot loader tests and the subsequent initialisation of the main programme
will take about. 150-200 ms.
14.5.1 Boot loader start tests
The following section describes which tests are performed by the boot loader and which
measures may have to be taken. There is no communication with the device as long as
these tests are running, especially when the program is caught in an infinite loop due to
a fatal error.
Test of internal watchdog
This is to check whether the watchdog integrated into the processor is operable. This
is to ensure that in case of some undefined program execution, that the control pro-
gram goes into a safe state after a pre-defined time.
If the test is not interrupted by the internal watchdog, the error message 3012
ErrBootloader (MissingInternWatchdog) is triggered.
If both watchdog tests yield a negative result (internal and external watchdog
double fault), the boot loader program remains in an endless loop for safety reasons
and no communication with DcDesk 2000 is possible.
Test of external watchdog
This test checks whether the external watchdog situated on the printed circuit board
is functional. This is to ensure that in case of any undefined program execution the
control program goes into a safe state after a pre-defined time.
If the test is not interrupted by the external watchdog, the error message 3012
ErrBootloader (MissingExternWatchdog) is triggered.
If both watchdog tests yield a negative result (internal and external watchdog
double fault), the boot loader program remains in an endless loop for safety reasons
and no communication with DcDesk 2000 is possible.
To Next Page
Loading...
Need help?
General
