fault: add optional fault insertion module

This module and its associated settings uavo can be used
to test various fault conditions during initialization.

To enable the module, add the TEST_FAULTS=YES to your make
command line:
  make fw_coptercontrol TEST_FAULTS=YES

Once this module is part of your firmware load, you can
enable it in the hwsettings uavo and then select the
type of fault to insert by editing the faultsettings uavo.
On the next reset, the configured fault will be inserted
into the init sequence to allow you to test the boot fault
recovery code.

With a fault inserted, you should see 3 failed boot attempts
followed by a successful (recovery) boot.  You will see the
BootFault alarm set to Critical, and the RAM version of your
hwsettings will be reset to defaults.  Since the defaults have
all optional modules disabled, the fault module will be out of
the way during the recovery boot.

You can then "Load" the flash version of the hwsettings uavo
in the object browser, disable the Fault module and then "Save"
the hwsettings module back to the board.  The next reset will
boot normally without the fault inserted.

flight/CopterControl/Makefile

@@ -70,6 +70,10 @@ ifeq ($(USE_GPS), YES)
 OPTMODULES += GPS
 endif
 
+ifeq ($(TEST_FAULTS), YES)
+OPTMODULES += Fault
+endif
+
 MODULES = Attitude Stabilization Actuator ManualControl FirmwareIAP
 # Telemetry must be last to grab the optional modules (why?)
 MODULES += Telemetry
@@ -151,6 +155,7 @@ SRC += $(OPUAVSYNTHDIR)/accessorydesired.c
 SRC += $(OPUAVSYNTHDIR)/objectpersistence.c
 SRC += $(OPUAVSYNTHDIR)/gcstelemetrystats.c
 SRC += $(OPUAVSYNTHDIR)/flighttelemetrystats.c
+SRC += $(OPUAVSYNTHDIR)/faultsettings.c
 SRC += $(OPUAVSYNTHDIR)/flightstatus.c
 SRC += $(OPUAVSYNTHDIR)/systemstats.c
 SRC += $(OPUAVSYNTHDIR)/systemalarms.c

flight/Modules/Fault/Fault.c

@@ -0,0 +1,131 @@
+/**
+ ******************************************************************************
+ * @addtogroup OpenPilotModules OpenPilot Modules
+ * @{ 
+ * @addtogroup FaultModule Fault Module
+ * @brief Insert various fault conditions for testing
+ * @{ 
+ *
+ * @file       FaultInsertion.c
+ * @author     The OpenPilot Team, http://www.openpilot.org Copyright (C) 2010.
+ * @brief      Fault module, inserts faults for testing
+ * @see        The GNU Public License (GPL) Version 3
+ *
+ *****************************************************************************/
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+// ****************
+
+#include "openpilot.h"
+#include <stdbool.h>
+#include "hwsettings.h"
+#include "faultsettings.h"
+
+static bool module_enabled;
+static uint8_t active_fault;
+
+static int32_t fault_initialize(void)
+{
+	HwSettingsInitialize();
+	uint8_t optionalModules[HWSETTINGS_OPTIONALMODULES_NUMELEM];
+
+	HwSettingsOptionalModulesGet(optionalModules);
+
+	if (optionalModules[HWSETTINGS_OPTIONALMODULES_FAULT] == HWSETTINGS_OPTIONALMODULES_ENABLED) {
+		module_enabled = true;
+	} else {
+		module_enabled = false;
+	}
+
+	/* Do this outside the module_enabled test so that it
+	 * can be changed even when the module has been disabled.
+	 * This is important so we can remove faults even when
+	 * we've booted in BootFault recovery mode with all optional
+	 * modules disabled.
+	 */
+	FaultSettingsInitialize();
+
+	if (module_enabled) {
+		FaultSettingsActivateFaultGet(&active_fault);
+
+		switch (active_fault) {
+		case FAULTSETTINGS_ACTIVATEFAULT_MODULEINITASSERT:
+			/* Simulate an assert during module init */
+			PIOS_Assert(0);
+			break;
+		case FAULTSETTINGS_ACTIVATEFAULT_INITOUTOFMEMORY:
+			/* Leak all available memory */
+			while (pvPortMalloc(10)) ;
+			break;
+		case FAULTSETTINGS_ACTIVATEFAULT_INITBUSERROR:
+			{
+				/* Force a bad access */
+				uint32_t * bad_ptr = (uint32_t *)0xFFFFFFFF;
+				*bad_ptr = 0xAA55AA55;
+			}
+			break;
+		}
+	}
+
+	return 0;
+}
+
+static void fault_task(void *parameters);
+
+static int32_t fault_start(void)
+{
+	xTaskHandle fault_task_handle;
+
+	if (module_enabled) {
+		switch (active_fault) {
+		case FAULTSETTINGS_ACTIVATEFAULT_RUNAWAYTASK:
+		case FAULTSETTINGS_ACTIVATEFAULT_TASKOUTOFMEMORY:
+			xTaskCreate(fault_task,
+				(signed char *)"Fault",
+				configMINIMAL_STACK_SIZE,
+				NULL,
+				configMAX_PRIORITIES-1,
+				&fault_task_handle);
+			return 0;
+			break;
+		}
+	}
+	return -1;
+}
+MODULE_INITCALL(fault_initialize, fault_start)
+
+static void fault_task(void *parameters)
+{
+	switch (active_fault) {
+	case FAULTSETTINGS_ACTIVATEFAULT_RUNAWAYTASK:
+		/* Consume all realtime, not letting the systemtask run */
+		while(1);
+		break;
+	case FAULTSETTINGS_ACTIVATEFAULT_TASKOUTOFMEMORY:
+		/* Leak all available memory and then sleep */
+		while (pvPortMalloc(10)) ;
+		while (1) {
+			vTaskDelay(1000);
+		}
+		break;
+	}
+}
+
+/** 
+  * @}
+  * @}
+  */

ground/openpilotgcs/src/plugins/uavobjects/uavobjects.pro

@@ -72,7 +72,8 @@ HEADERS += $$UAVOBJECT_SYNTHETICS/accessorydesired.h \
     $$UAVOBJECT_SYNTHETICS/gcsreceiver.h \
     $$UAVOBJECT_SYNTHETICS/receiveractivity.h \
     $$UAVOBJECT_SYNTHETICS/attitudesettings.h \
-    $$UAVOBJECT_SYNTHETICS/cameradesired.h
+    $$UAVOBJECT_SYNTHETICS/cameradesired.h \
+    $$UAVOBJECT_SYNTHETICS/faultsettings.h
 
 SOURCES += $$UAVOBJECT_SYNTHETICS/accessorydesired.cpp \
     $$UAVOBJECT_SYNTHETICS/ahrsstatus.cpp \
@@ -124,4 +125,5 @@ SOURCES += $$UAVOBJECT_SYNTHETICS/accessorydesired.cpp \
     $$UAVOBJECT_SYNTHETICS/gcsreceiver.cpp \
     $$UAVOBJECT_SYNTHETICS/receiveractivity.cpp \
     $$UAVOBJECT_SYNTHETICS/attitudesettings.cpp \
-    $$UAVOBJECT_SYNTHETICS/cameradesired.cpp
+    $$UAVOBJECT_SYNTHETICS/cameradesired.cpp \
+    $$UAVOBJECT_SYNTHETICS/faultsettings.cpp

shared/uavobjectdefinition/faultsettings.xml

@@ -0,0 +1,12 @@
+<xml>
+	<object name="FaultSettings" singleinstance="true" settings="true">
+		<description>Allows testers to simulate various fault scenarios.</description>
+
+		<field name="ActivateFault" units="fault" type="enum" elements="1" options="NoFault,ModuleInitAssert,InitOutOfMemory,InitBusError,RunawayTask,TaskOutOfMemory" defaultvalue="NoFault"/>
+
+		<access gcs="readwrite" flight="readwrite"/>
+		<telemetrygcs acked="true" updatemode="onchange" period="0"/>
+		<telemetryflight acked="true" updatemode="onchange" period="0"/>
+		<logging updatemode="never" period="0"/>
+    </object>
+</xml>

shared/uavobjectdefinition/hwsettings.xml

@@ -15,7 +15,7 @@
 		<field name="USB_HIDPort" units="function" type="enum" elements="1" options="USBTelemetry,Disabled" defaultvalue="USBTelemetry"/>
 		<field name="USB_VCPPort" units="function" type="enum" elements="1" options="USBTelemetry,ComBridge,Disabled" defaultvalue="Disabled"/>
 
-		<field name="OptionalModules" units="" type="enum" elementnames="CameraStab,GPS,ComUsbBridge" options="Disabled,Enabled" defaultvalue="Disabled"/>
+		<field name="OptionalModules" units="" type="enum" elementnames="CameraStab,GPS,ComUsbBridge,Fault" options="Disabled,Enabled" defaultvalue="Disabled"/>
 		<field name="DSMxBind" units=""  type="uint8"  elements="1" defaultvalue="0"/>
 
 		<access gcs="readwrite" flight="readwrite"/>