Found a crash when testing deployment bits in Debug_w_Flag in Mission.
Crash was caused by WD falling silent then, a few seconds later, booting Init->EnteringMission->Mission with the message: Reason for last reset: WDTIFG watchdog timeout (PUC)
Might not be an issue in flight post-deployment since battery latch exists, but that assumes that following this boot path won't cause LB to pulse while BE is low. blimp_normalBoot() is designed to prevent this.
Crash could be replicated fairly consistently by spamming these commands (either in direct Mission or when booted into Mission):
st-ack
ReportStatus
deploy
deploy-wd-only
ReportStatus
usually would have crashed by now
Most crashes were observed with Radio off. Could just be a coincidence.
Crashes were also observed by simpler means:
Boot into Mission, power-off-radio, wait ~10mins
Boot into Mission, power-off-radio, wait a few minutes, ReportStatus.
Crashes like this weren't observed during extensive testing before several hours earlier in Herc_Radio_Programming mode. So, cause was either:
Being in Debug_w_Flag instead of Herc_Radio_Programming mode (not likely since this only changes a few variable defaults which have been tested via command anyway).
Some of the few untested convenience changes that happened since the last test.
(2.) was assumed and some convenience print statements were rolled back. WD was reflashed into Debug_w_Flag. Seems to have worked...
WD was spammed with commands above without crashing.
WD was left to sit for >10mins with Radio off without crashing.
WD Safety Timer was tested at 5m cutoff (after spamming st-dec to get it there) without crashing...
... seems like that maybe caused a stack overflow, used up too much memory, or just caused something to block a little bit too long before WD could get back to acking the WD WD (unlikely since it was unresponsive and emitted no data at all after a crash)...
…ng a lockup in the WD leading to a PUC.
Init->EnteringMission->Missionwith the message:Reason for last reset: WDTIFG watchdog timeout (PUC)LBto pulse whileBEis low.blimp_normalBoot()is designed to prevent this.st-ackReportStatusdeploydeploy-wd-onlyReportStatuspower-off-radio, wait ~10minspower-off-radio, wait a few minutes,ReportStatus.(2.) was assumed and some convenience print statements were rolled back. WD was reflashed into Debug_w_Flag. Seems to have worked...
st-decto get it there) without crashing... ... seems like that maybe caused a stack overflow, used up too much memory, or just caused something to block a little bit too long before WD could get back to acking the WD WD (unlikely since it was unresponsive and emitted no data at all after a crash)...