Example with a More Complex Safety System
This example shows how to use the safety system. It further uses two inputs and two outputs. For this reason we will use the simulator again, see Simulator.
In the EEROS library you will find a directory with examples. For this example see SystemTest2.cpp.
Open a shell in the build directory of your EEROS library and run
$ ./examples/system/systemTest2 -c examples/system/SystemTest2Config.json
The example comprises a safety system with five different safety levels and six safety events.
The levels and events are defined in the safety properties. The properties further include one critical input in1 and one critical output out1. In order to test and drive them, the configuration file specifies one more input inTest and one more output outTest.
The following events are defined and used in the example:
| name | description | registered for safety level | type | when triggered |
|---|---|---|---|---|
| seInitializingDone | initialization done | slIinitializing | public event | triggered by a periodic 5 seconds after the executor started |
| seStartRunning | start running | slInitialized | private event | triggered by checking the critical input, this could be an enable button |
| seShutDown | start shutting down | slRunning, slInitialized, slIinitializing | public event | triggered by pressing Ctrl-C |
| seStopRunning | stop running | slRunning | private event | triggered by checking the critical input, this could be an enable button |
| seSwitchingOff | switching off | slShuttingDown | private event | triggered by a level action |
The example shows a typical use of safety levels and safety events. The system works as follows:
- The end of the initialization phase is triggered by a periodic which is run by the executor. In general this would be signalled by the sequencer after a initializing sequence has finished or by the control system as soon as a certain condition arises. A periodic would usually be used for running a time domain in the control system. As we do not have such a control system here, we simply use the periodic to trigger safety events.
- To start and stop running might be triggered by pressing or releasing a button connected to the critical input. In our simple example we do not have real hardware. We therefore use the simulator which connects the output named
outTestwith the critical input. After 5 seconds the state on this output pin changes alternately, which causes the safety level to alternate betweenslRunningandslInitialized. - When pressing
Ctrl-Cthe system falls into levelslShuttingDown. A level action for this safety level causes the system to automatically switch to levelslOffwhich then terminates the program. Here again, this would be signalled by the sequencer after a shutting down sequence has finished or by the control system as soon as a certain safe condition is reached.
How to shut down
The example demonstrates how the system should be stopped in a well controlled manner, see Shutting down a System Properly.