STM32 FreeRTOS Cooling Control System
Real-time embedded cooling system demonstrating FreeRTOS multitasking, state machine control, and industrial-grade safety mechanisms
Project Overview
This project is a teaching demonstration of industrial-grade cooling control architecture using FreeRTOS on the STM32F767ZI microcontroller. The goal was to build a production-grade real-time control system from scratch using only low-level STM32 HAL/LL drivers and FreeRTOS — without CubeMX-generated boilerplate. The system simulates a thermal management controller with simulated temperature monitoring, state machine transitions, LED status indicators, and a command interface — designed to showcase core real-time embedded systems concepts and production-ready architectural patterns.
Learning Objectives
The main objectives were to understand RTOS fundamentals through practical implementation, master concurrent task management with proper synchronization primitives, design a multi-state system architecture, and demonstrate production-grade safety mechanisms including task health monitoring and DMA-optimized I/O patterns used in real industrial systems.
Hardware Setup
- STM32F767ZI microcontroller (ARM Cortex-M7)
- NUCLEO-F767ZI development board
- 3 × LED indicators for system state visualization (Green LD1, Blue LD2, Red LD3)
- 1 × User button (B1) for emergency signal simulation
- USART3 (PD8/PD9) for logging to host @ 115200 baud
- USART6 (PG14/PG9) for command-line interface simulation @ 115200 baud
- Independent watchdog (IWDG) timer for detecting task failures
The hardware setup is intentionally simple to focus on embedded software architecture. LEDs demonstrate state transitions, while UART interfaces show typical logging and control patterns found in production systems. DMA1 Stream3 accelerates UART transmission to demonstrate efficient I/O techniques.
Real-Time Architecture
The firmware is built around 8 concurrent FreeRTOS tasks with carefully designed priorities and synchronization:
- WatchdogTask (Priority 4) — Monitors critical task heartbeats, triggers reset on failure
- UserButtonTask (Priority 3) — Emergency sensor simulation, high responsiveness
- ControllerTask (Priority 2) — Core state machine and LED control logic
- FanControlTask (Priority 2) — Actuator control (simulated fan via LED)
- AnalysisTask (Priority 1) — Temperature monitoring and data processing
- BlueLEDTask (Priority 1) — State-dependent LED pattern updates
- LoggerTask (Priority 0) — DMA-based UART logging
- CommandTask (Priority 0) — UART command parsing and execution
All inter-task communication uses queues and mutexes with finite timeouts to prevent deadlocks. The watchdog monitors the 4 most critical tasks (Controller, Analysis, Logger, Command) and resets the system if any fail to report within 1500 ms.
Task Hierarchy & Communication
The task architecture demonstrates hierarchical real-time design with clear data flow and priority-based scheduling:
┌─────────────────────────────────────────────────────────────┐
│ FreeRTOS Scheduler │
└─────────────────────────────────────────────────────────────┘
▲
│
┌───────────────────────┼───────────────────────┐
│ │ │
┌───▼────┐ ┌────▼─────┐ ┌────▼──────┐
│Watchdog│ │UserButton│ │Controller │
│Task │ │ Task │ │Task │
│(Pri 4) │ │ (Pri 3) │ │(Pri 2) │
└────────┘ └──────────┘ └───────────┘
│ │ │
│ │ │
│ Emergency Signal State Machine
│ (High Priority) & LED Control
│ │ │
│ ▼ │
├───────────────────────┼───────────────────────┤
│ │ │
┌───▼────┐ ┌────▼─────┐ ┌────▼──────┐
│FanCtrl │ │ Analysis │ │ BlueLED │
│Task │ │ Task │ │ Task │
│(Pri 2) │ │ (Pri 1) │ │(Pri 1) │
└────────┘ └──────────┘ └───────────┘
│ ▲ │
│ │ │
Actuator Temp Queue Indication
Control (10 items) │
│ │ │
└───────────────────────┼───────────────────────┘
│
▼
┌────────────────┐
│ Logger Task │────► USART3 (DMA)
│ (Pri 0) │
└────────────────┘
▲
│
Log Queue
(20 msgs)
▲
│
┌────────────────┐
│ Command Task │◄─── USART6 (ISR)
│ (Pri 0) │
└────────────────┘
▲
│
Cmd Queue
(64 chars)This hierarchical structure separates concerns: high-priority tasks handle safety (watchdog, emergency), mid-priority tasks implement control logic (state machine, actuation), and low-priority tasks handle I/O (logging, command parsing). Inter-task communication uses bounded queues (temperature, commands, logs) to prevent race conditions.
Thermal Controller State Machine
The system implements a 5-state machine based on simulated temperature ranges. This architecture demonstrates typical industrial control patterns:
IDLE (Startup)
↓
MONITORING (0°C - 19°C) — Cool zone, no active cooling
↓
COOLING (20°C - 79°C) — Operating zone, cooling proportional to temperature
↓
CRITICAL (80°C+) — High-risk zone, maximum cooling activation
↓
ALARM (Emergency) — Safety state after emergency trigger, requires manual resetStatus Indication via LEDs
- Green LED (LD1) — Actuator/cooling status: off in IDLE/MONITORING, variable blinking in COOLING, solid in CRITICAL
- Blue LED (LD2) — System state: slow blink (IDLE), fast blink (MONITORING/COOLING), double blink (CRITICAL), S.O.S blink (ALARM)
- Red LED (LD3) — Safety alert: active only during ALARM state
Synchronization & Safety
The system implements robust synchronization primitives:
- xLogQueue — 20 × 128-byte copy-by-value log message queue
- xTempQueue — 10-item temperature data queue for inter-task communication
- xCmdQueue — 64-character command input buffer from USART6
- xTempMutex — Protects currentTemperature global variable
- xEmergencyMutex — Protects emergencySignal flag from race conditions
All mutex operations use 1000 ms timeouts, and queue operations use 100–1000 ms timeouts. This timeout-based approach prevents deadlocks that are critical in embedded systems.
Operator Interface
The system provides a UART-based command interface (USART6 @ 115200 baud) for system control and diagnostics. In a real system, this would connect to sensors, actuators, or a supervisory control interface:
temp <0-100> — Inject simulated temperature value (0–100°C)
status — Display current state and simulated temperature
emergency — Simulate emergency condition
reset — Return to IDLE state, clear emergency flag
perf — Show real-time task performance metrics
help — Display command listExample Session
$ temp 25
Temp set to 25C
$ status
State: COOLING | Temp: 25C | Emerg: 0
$ temp 85
Temp set to 85C
$ emergency
EMERGENCY TRIGGERED! System entering ALARM state.
$ reset
System reset to IDLE state. Temp=0C, Emergency cleared.Performance & Resource Usage
The system is highly efficient, using minimal resources on the STM32F767ZI:
- Flash Memory: ~27 KB / 2048 KB (1.3%)
- RAM Usage: ~71 KB / 512 KB (13.5%)
- CPU Load: ~4% (96% idle capacity)
- Task Execution Time: 0–51 ms depending on task complexity
- Stack High-Water Marks: > 60 words per task (no overflow risk)
The DMA-based logger offloads UART transmission, keeping CPU overhead below 2% for logging alone. The real-time `perf` command provides live WCET (Worst-Case Execution Time) analysis of all 8 tasks.
Watchdog & Task Health Monitoring
The WatchdogTask implements a two-layer safety mechanism, demonstrating patterns used in industrial systems where task failure detection is critical:
- Task-Level Monitoring: 4 critical tasks (Controller, Analysis, Logger, Command) report heartbeat signatures
- Timeout Detection: 1500 ms watchdog timeout — any task failing to report triggers system reset
- Hardware Safety: Independent Watchdog (IWDG) timer (~2000 ms) as secondary layer protecting against software deadlock
- Diagnostic Logging: Reset reason recorded on next boot for post-failure analysis
This redundant watchdog architecture ensures the system cannot silently hang — a core requirement in embedded safety systems. It demonstrates the defensive programming patterns essential in production control systems.
DMA-Optimized Logging
The logger uses DMA1 Stream3 for efficient UART transmission:
- 512-byte DMA buffer for bulk transfers
- CPU freed during transmission (no polling overhead)
- Transfer-complete interrupt driven for seamless operation
- Fallback to polling if DMA is busy — no data loss
- Reduces logger task CPU overhead to ~2%
This DMA approach allows other tasks to execute during I/O, maximizing overall system responsiveness.
Core Concepts Demonstrated
- RTOS Task Design: Priority-based task scheduling with meaningful real-time constraints
- Synchronization Primitives: Queues and mutexes with timeout-based deadlock prevention
- State Machine Architecture: Clean, maintainable state transitions for control systems
- Watchdog & Safety: Multi-layer task health monitoring and system reset on failure detection
- DMA-Based I/O: Offloading peripheral I/O to reduce CPU load, typical in production systems
- Performance Profiling: Real-time measurement of task execution times for system analysis
- Modular Architecture: Clean separation between control logic, I/O, and safety monitoring
This simulation demonstrates industrial-grade embedded software architecture. The task-based design pattern extends directly to real applications — replacing simulated temperature input with actual sensor data and LED indicators with real cooling actuators requires only module substitution, not architectural changes. This modularity is key to production-ready embedded systems.
Source Code & Documentation
The project includes comprehensive documentation covering architecture decisions, task synchronization patterns, watchdog design rationale, and operation procedures. Doxygen-generated API documentation and troubleshooting guides are included for understanding the embedded control patterns demonstrated.