Skip to content

Main State Machine (FSM)

The main part is build from a state machine, defining the use case environment for the BMS.

Firmware FSM In-/Outputs (Context)

Inputs to the firmware FSM come from:

  • Hardware Classes (e.g. state of the Latches, SCP, button, etc.)
  • Analog Thread (e.g. ADC, GPIO, other sensors, periodically samples)
  • Cyphal Receive Classes (e.g. Heartbeat and data messages from other battery packs)

Outputs of the firmware FSM are:

  • Latch Control (e.g. voltage on pack side enabled by BMS internal latches)
  • LEDs (e.g. 5 RGB LEDs on top of the BMS)
  • Cyphal Messages (e.g. Heartbeat, data messages, logs, ...)
  • Flash storage partition data (e.g. statistic data)

FSM Diagram

Hold "Alt" / "Option" to enable pan & zoom 
stateDiagram-v2
    state state_machine {
        [*] --> Init: wake-up
        Init --> Idle: timeout | latch_off
        Init --> SoCFeedback: unconnected + button press
        Init --> Copter: in copter && latch_on
        Init --> ChargerCHG_DSG: in charger && latch_on

        Idle --> Shutdown: timeout
        Idle --> SoCFeedback: button
        Idle --> HotSwapCharge: engage && in copter
        Idle --> Error: on error detect
        Idle --> ChargerIdle: in charger

        SoCFeedback --> Idle: timeout || long button
        SoCFeedback --> Error: on error detect

        HotSwapCharge --> Idle: in open
        HotSwapCharge --> Copter: hs_voltage_ok && in copter && pin closed
        HotSwapCharge --> ChargerHS: hs_voltage_ok && in charger && pin closed
        HotSwapCharge --> Error: on error detect

        Copter --> Idle: in open && pin open

        ChargerIdle --> ChargerWaiting: vbus ok
        ChargerIdle --> Shutdown: vbus off
        ChargerIdle --> ChargerHS: engage
        ChargerIdle --> Idle: in open
        ChargerIdle --> Error: on error detect

        ChargerWaiting --> Shutdown: vbus off
        ChargerWaiting --> ChargerHS: engage || this set begin
        ChargerWaiting --> Idle: in open
        ChargerWaiting --> Error: on error detect

        ChargerHS --> Shutdown: timeout
        ChargerHS --> Error: on error detect
        ChargerHS --> Idle: in open
        ChargerHS --> ChargerWaiting: other set should begin || incomplete
        ChargerHS --> ChargerCHG_DSG: voltage ok

        ChargerCHG_DSG --> Error: on error detect
        ChargerCHG_DSG --> Idle: in open
        ChargerCHG_DSG --> ChargerWaiting: other set should begin && no charging || incomplete

        Error --> Idle: error resolve && in open

        Shutdown --> [*]
    }
State Description
Init Initial state after wake-up. Identifies the latch states to enable exceptional restart of the state machine.
Idle System is waiting for events or user input. Turns off after 1s.
Shutdown Shuts down the BMS safely, disabling outputs and power-off.
SoCFeedback Displays the State of Charge (SoC) for a short period (e.g., 1 second).
HotSwapCharge Hot Swap (Precharge) is active, allowing limited current to output for safe connection/disconnection.
Copter Latches for output current are active (flight mode). All protection features are disabled for operation.
ChargerIdle Charger is connected, waiting for further action. Automatic wakeup lands here. Switch to Wait when vbus is ok.
ChargerWaiting Charger is connected, waiting for further action. After engage or when vbus is ok.
ChargerHS Charger with Hot Swap to safely enable current. Stays if external charge is out of operational range.
ChargerCHG_DSG Charger with full operations. Latches are enabled.
Error An error was encountered (e.g., short circuit, overvoltage, overtemperature).