In my continuing regression testing of an existing two-contactor system (Charge Bus and Load Bus) that has been upgraded to FW 2.9.2-2, I have uncovered the following error:
I was trying to test the low voltage disconnect, but the pack was almost fully charged. Instead of waiting hours to discharge the pack, I tried setting the minimum voltage setting above the current voltage.
And it worked! The Load contactor promptly dropped out.
But two seconds later, the entire BMS crashed! And I mean hard crash. All the relays and optos turned off, and all activity ceased on the red & green status lights! The only way to recover was to "reboot" with the hibernate switch. Further, after rebooting, the SOC showed 0% instead of 85%, but that's understandable after the way i "lied" to it. The SOC self-corrected when I brought the pack back the little way back to full charge.
Now, I fully admit that this setting was an invalid thing to do, and is inconsistent with the other settings, but it seems that an invalid user input should NEVER be able to crash the FW. And the FW should have some "sanity checks" on the inputs it receives from either the WiFi adapter or the PC software, and issue either an "Ack" or a "Nak" with an error code.
Hope this provides enough info to track it down.
