The design of is_faulted() has side effects, notably which calls important code that calls set(false) or set(true) but also processes commands from the .suppress and .override sub command fields.
In essence, it is important that is_faulted() is called on every single fault, every single control cycle. The result can even be thrown away. It is even okay to call is_faulted() multiple times per control cycle, despite its side effects. This is because, all of the side effects that do get repeated, set it back to the same state as if it was just called.
This causes two implications:
MainFaultHandler's early returns after executions of any given FaultHandlerMachine that return a fault condition are bad because, if the first FaultHandlerMachine returns a faulting condition, is_faulted() is not called on any other fault. Further, if a FaultHandlerMachine's execute() expected to be called, it may not because another Fault had already happened. This should be fixed.
MissionManager's check_adcs_faults() also short circuit evaluates, meaning that none of the other faults have their is_faulted() called.
The best thing to implement, is to simply have a loop in MissionManager that calls is_faulted() on every fault.
The design of
is_faulted()has side effects, notably which calls important code that callsset(false)orset(true)but also processes commands from the.suppressand.overridesub command fields.In essence, it is important that
is_faulted()is called on every single fault, every single control cycle. The result can even be thrown away. It is even okay to callis_faulted()multiple times per control cycle, despite its side effects. This is because, all of the side effects that do get repeated, set it back to the same state as if it was just called.This causes two implications:
MainFaultHandler's early returns after executions of any given FaultHandlerMachine that return a fault condition are bad because, if the first FaultHandlerMachine returns a faulting condition,
is_faulted()is not called on any other fault. Further, if a FaultHandlerMachine's execute() expected to be called, it may not because another Fault had already happened. This should be fixed.MissionManager's
check_adcs_faults()also short circuit evaluates, meaning that none of the other faults have theiris_faulted()called.The best thing to implement, is to simply have a loop in MissionManager that calls
is_faulted()on every fault.