3.3 Self-Test and State Machine

The self-test and state machine call is responsible for clearing the WDT, performing self-checks, and managing the application’s state machine. The WDT is cleared immediately before running the self-tests since some tests are lengthy to execute, and it is important to enter the fault state loop rather than resetting the microcontroller, which could suppress the fault alarm. Except for the memory scan test (see the Main Loop section), the periodic self-tests are performed in this function call, as shown in Figure 3-3.

A simplified state diagram for the state machine is shown below in Figure 3-4. The large circles are for actions handled by the state machine in the function call, while the small circles are transient states that occur in the middle of a process but must never be encountered by the state machine. For instance, if a software malfunction in the middle of the Analog Comparator (AC) self-test caused the test to end unexpectedly, the state would still be SYS_SELF_TEST when the main handler runs. When the main handler sees this state, it is considered a system fault. To simplify the diagram, the conditions that lead to errors are not shown, but every state can enter that state.