commit 3f0f7bc35831d467d912698dc5dbd9dcf9ad10f3
author Josh Lehan <krellan@google.com> Mon Feb 13 01:45:29 2023 -0800
committer Josh Lehan <krellan@google.com> Mon Oct 23 17:47:17 2023 -0700
tree 6a6043d18298f6eae7abf087a1efa051ab510d53
parent 31058fd3fcc5b8b2d09282d89cef64a18e20b5da

Add MissingIsAcceptable feature to avoid failsafe

This is a partial implementation of the ideas here:
https://github.com/openbmc/phosphor-pid-control/issues/31

A new configuration item is supported in the PID object, named
"MissingIsAcceptable" (for D-Bus) or "missingIsAcceptable" (for the old
config.json). The value is an array of strings. If these strings match
sensor names, those sensors will be flagged as "missing is acceptable",
that is, they can go missing and the zone will not be thrown into
failsafe mode as a result.

This can be handy for sensors that are not always available on your
particular machine. It is independent of the existing Availability
interface, because the decision to go into failsafe mode or not is a
property of the PID loop, not of the sensor itself.

If a PID loop consists of all sensors that are missing, the output
will be deemed to be the setpoint, thus essentially making the PID
loop a no-op. Now initializing sensor values to NaN, not zero, as zero
is not a good default if PID loop is margin, undoing a bug I made:
https://gerrit.openbmc.org/c/openbmc/phosphor-pid-control/+/38228

Tested: It worked for me. Also, added a unit test case.

Change-Id: Idc7978ab06fcc9ed8c6c9df9483101376e5df4d1
Signed-off-by: Josh Lehan <krellan@google.com>

test/pid_zone_unittest.cpp

diff --git a/test/pid_zone_unittest.cpp b/test/pid_zone_unittest.cpp
index f0b96b1..6c570cc 100644
--- a/test/pid_zone_unittest.cpp
+++ b/test/pid_zone_unittest.cpp
@@ -376,8 +376,8 @@
     EXPECT_EQ(mgr.getSensor(name2), sensor_ptr2);
 
     // Now that the sensors exist, add them to the zone.
-    zone->addThermalInput(name1);
-    zone->addThermalInput(name2);
+    zone->addThermalInput(name1, false);
+    zone->addThermalInput(name2, false);
 
     // Initialize Zone
     zone->initializeCache();
@@ -428,8 +428,8 @@
     EXPECT_EQ(mgr.getSensor(name2), sensor_ptr2);
 
     // Now that the sensors exist, add them to the zone.
-    zone->addFanInput(name1);
-    zone->addFanInput(name2);
+    zone->addFanInput(name1, false);
+    zone->addFanInput(name2, false);
 
     // Initialize Zone
     zone->initializeCache();
@@ -475,8 +475,8 @@
     mgr.addSensor(type, name2, std::move(sensor2));
     EXPECT_EQ(mgr.getSensor(name2), sensor_ptr2);
 
-    zone->addThermalInput(name1);
-    zone->addThermalInput(name2);
+    zone->addThermalInput(name1, false);
+    zone->addThermalInput(name2, false);
 
     // Initialize Zone
     zone->initializeCache();
@@ -512,6 +512,105 @@
     EXPECT_TRUE(zone->getFailSafeMode());
 }
 
+TEST_F(PidZoneTest, ThermalInput_MissingIsAcceptableNoFailSafe)
+{
+    // This is similar to the above test, but because missingIsAcceptable
+    // is set for sensor1, the zone should not enter failsafe mode when
+    // only sensor1 goes missing.
+    // However, sensor2 going missing should still trigger failsafe mode.
+
+    int64_t timeout = 1;
+
+    std::string name1 = "temp1";
+    std::unique_ptr<Sensor> sensor1 = std::make_unique<SensorMock>(name1,
+                                                                   timeout);
+    SensorMock* sensor_ptr1 = reinterpret_cast<SensorMock*>(sensor1.get());
+
+    std::string name2 = "temp2";
+    std::unique_ptr<Sensor> sensor2 = std::make_unique<SensorMock>(name2,
+                                                                   timeout);
+    SensorMock* sensor_ptr2 = reinterpret_cast<SensorMock*>(sensor2.get());
+
+    std::string type = "unchecked";
+    mgr.addSensor(type, name1, std::move(sensor1));
+    EXPECT_EQ(mgr.getSensor(name1), sensor_ptr1);
+    mgr.addSensor(type, name2, std::move(sensor2));
+    EXPECT_EQ(mgr.getSensor(name2), sensor_ptr2);
+
+    // Only sensor1 has MissingIsAcceptable enabled for it
+    zone->addThermalInput(name1, true);
+    zone->addThermalInput(name2, false);
+
+    // Initialize Zone
+    zone->initializeCache();
+
+    // As sensors are not initialized, zone should be in failsafe mode
+    EXPECT_TRUE(zone->getFailSafeMode());
+
+    // r1 not populated here, intentionally, to simulate a sensor that
+    // is not available yet, perhaps takes a long time to start up.
+    ReadReturn r1;
+    EXPECT_CALL(*sensor_ptr1, read()).WillOnce(Return(r1));
+
+    ReadReturn r2;
+    r2.value = 11.0;
+    r2.updated = std::chrono::high_resolution_clock::now();
+    EXPECT_CALL(*sensor_ptr2, read()).WillOnce(Return(r2));
+
+    zone->updateSensors();
+
+    // Only sensor2 has been initialized here. Failsafe should be false,
+    // because sensor1 MissingIsAcceptable so it is OK for it to go missing.
+    EXPECT_FALSE(zone->getFailSafeMode());
+
+    r1.value = 10.0;
+    r1.updated = std::chrono::high_resolution_clock::now();
+
+    EXPECT_CALL(*sensor_ptr1, read()).WillOnce(Return(r1));
+    EXPECT_CALL(*sensor_ptr2, read()).WillOnce(Return(r2));
+    zone->updateSensors();
+
+    // Both sensors are now properly initialized
+    EXPECT_FALSE(zone->getFailSafeMode());
+
+    // Ok, so we're not in failsafe mode, so let's set updated to the past.
+    // sensor1 will have an updated field older than its timeout value, but
+    // sensor2 will be fine. :D
+    r1.updated -= std::chrono::seconds(3);
+    r2.updated = std::chrono::high_resolution_clock::now();
+
+    EXPECT_CALL(*sensor_ptr1, read()).WillOnce(Return(r1));
+    EXPECT_CALL(*sensor_ptr2, read()).WillOnce(Return(r2));
+    zone->updateSensors();
+
+    // MissingIsAcceptable is true for sensor1, so the zone should not be
+    // thrown into failsafe mode.
+    EXPECT_FALSE(zone->getFailSafeMode());
+
+    // Do the same thing, but for the opposite sensors: r1 is good,
+    // but r2 is set to some time in the past.
+    r1.updated = std::chrono::high_resolution_clock::now();
+    r2.updated -= std::chrono::seconds(3);
+
+    EXPECT_CALL(*sensor_ptr1, read()).WillOnce(Return(r1));
+    EXPECT_CALL(*sensor_ptr2, read()).WillOnce(Return(r2));
+    zone->updateSensors();
+
+    // Now, the zone should be in failsafe mode, because sensor2 does not
+    // have MissingIsAcceptable set true, it is still subject to failsafe.
+    EXPECT_TRUE(zone->getFailSafeMode());
+
+    r1.updated = std::chrono::high_resolution_clock::now();
+    r2.updated = std::chrono::high_resolution_clock::now();
+
+    EXPECT_CALL(*sensor_ptr1, read()).WillOnce(Return(r1));
+    EXPECT_CALL(*sensor_ptr2, read()).WillOnce(Return(r2));
+    zone->updateSensors();
+
+    // The failsafe mode should cease, as both sensors are good again.
+    EXPECT_FALSE(zone->getFailSafeMode());
+}
+
 TEST_F(PidZoneTest, FanInputTest_FailsafeToValid_ReadsSensors)
 {
     // This will add a couple fan inputs, and verify the values are cached.
@@ -535,8 +634,8 @@
     EXPECT_EQ(mgr.getSensor(name2), sensor_ptr2);
 
     // Now that the sensors exist, add them to the zone.
-    zone->addFanInput(name1);
-    zone->addFanInput(name2);
+    zone->addFanInput(name1, false);
+    zone->addFanInput(name2, false);
 
     // Initialize Zone
     zone->initializeCache();
@@ -588,8 +687,8 @@
     EXPECT_EQ(mgr.getSensor(name2), sensor_ptr2);
 
     // Now that the sensors exist, add them to the zone.
-    zone->addFanInput(name1);
-    zone->addFanInput(name2);
+    zone->addFanInput(name1, false);
+    zone->addFanInput(name2, false);
 
     // Initialize Zone
     zone->initializeCache();
@@ -639,7 +738,7 @@
     mgr.addSensor(type, name1, std::move(sensor1));
     EXPECT_EQ(mgr.getSensor(name1), sensor_ptr1);
 
-    zone->addThermalInput(name1);
+    zone->addThermalInput(name1, false);
 
     // Verify method under test returns the pointer we expect.
     EXPECT_EQ(mgr.getSensor(name1), zone->getSensor(name1));