Differences

This shows you the differences between two versions of the page.

--- eeros_architecture:safety_system:properties [2017/02/27 15:12] – [Critical Inputs and Outputs] graf
+++ eeros_architecture:safety_system:properties [2023/02/25 07:30] (current) – [Safety Events] ursgraf
@@ Line 9: / Line 9: @@
 Define critical output signals, get references to them from the HAL and assign them.
 <code c>
-  eeros::hal::SystemOutput<bool>* watchdog;
+  eeros::hal::Output<bool>* watchdog;
-  eeros::hal::SystemOutput<bool>* enable0;
+  eeros::hal::Output<bool>* enable0;
   HAL& hal = HAL::instance();
-  watchdog = hal.getLogicSystemOutput("watchdog");
+  watchdog = hal.getLogicOutput("watchdog");
-  enable0 = hal.getLogicSystemOutput("enable0");
+  enable0 = hal.getLogicOutput("enable0");
   ...
   criticalOutputs = {watchdog, enable0, ...};
@@ Line 22: / Line 22: @@
 Define critical input signals, get references to them from the HAL and assign them.
 <code c>
-  eeros::hal::SystemInput<double>* q0;
+  eeros::hal::Input<double>* q0;
-  eeros::hal::SystemInput<bool>* runButton;
+  eeros::hal::Input<bool>* runButton;
-  q0 = hal.getRealSystemInput("q0");
+  q0 = hal.getScalableInput("q0");
-  limitSwitchQ0p = hal.getLogicSystemInput("runButton");
+  limitSwitchQ0p = hal.getLogicInput("runButton");
   ...
   criticalInputs = {q0, runButton, ...};
@@ Line 32: / Line 32: @@
 ===== Safety Levels =====
-  * Define safety levels. Each level has a unique number and a description. After this the levels have to be added. The order of adding the levels is highly important and determines their logical ordering. Add the lowest safety level first. If you forget to add some levels the safety system will not check its critical inputs and will therefore not run correctly!
+Define safety levels. Each level has a unique number and a description. After this the levels have to be added. The order of adding the levels is highly important and determines their logical ordering. Add the lowest safety level first. If you forget to add some levels the safety system will not check its critical inputs and will therefore not run correctly!
 <code c>
   SafetyLevel slOff("off");
-  SafetyLevel slIinitializing("initialize";
+  SafetyLevel slIinitializing("initialize");
   SafetyLevel slRunning("running");
@@ Line 57: / Line 57: @@
 Each event must be defined **kPublicEvent** or **kPrivateEvent**. Private events can only be fired by the safety system itself whereas public events could also be caused by the //Control System// or the //Sequencer//.\\
-It is also possible to add an event to many levels. In the following example we add from the level //slPowerOn// until the level //slMoving// the event //seDoEmergency//, which causes a transition to the level //emergency// and is a public event.
+It is also possible to add an event to many levels. In the following example we add to all levels from //slPowerOn// onwards the event //seDoEmergency//, which causes a transition to the level //emergency// and which is a public event.
 <code c>
- // Add events to multiple levels
+  // Add events to multiple levels
-  addEventToLevelAndAbove(slPowerOn, slMoving, seDoEmergency, kPublicEvent);
+  addEventToLevelAndAbove(slPowerOn, seDoEmergency, slEmergency, kPublicEvent);
 </code>
+Two more functions serve a similar purpose.
+<code c>
+  // Add events to all levels equal or smaller than srcLevel
+  addEventToLevelAndBelow(srcLevel, event, destLevel, kPublicEvent);
+  // Add events to all levels in between lowerLevel and upperLevel (including lowerLevel and upperLevel)
+  addEventToAllLevelsBetween(lowerLevel, upperLevel, event, destLevel, kPublicEvent);
+</code>
 ===== Input and Output Actions =====
-  * Add input and output actions to the safety levels. Each safety level has to specify what is done with all the safety critical inputs and how all the safety critical outputs have to be driven. How this is achieved is described in [[.:io_actions|Input / Output Actions]]
+Add input and output actions to the safety levels. Each safety level has to specify what is done with all the safety critical inputs and how all the safety critical outputs have to be driven. How this is achieved is described in [[.:io_actions|Input / Output Actions]]
 ===== Level Actions =====
-  * Define actions for the safety levels. Each level can cause no or one action.
+Define actions for the safety levels. Each level can cause no or one action.
-<code c>
+<code cpp>
-  slOff.setLevelAction([&](SafetyContext* privateContext) {
+  slOff.setLevelAction([this](SafetyContext* privateContext) {
     privateContext->triggerEvent(seDoSwInit);
   });
-  ...
 </code>
 The method //setLevelAction// accepts a function, which is used solely here and can be defined without giving it a name. In this example the function is a so called lambda function meaning that it can be passed as a parameter without prior declaration. It must take a parameter itself of type ''SafetyContext''. This ensures that the level function can trigger a private event.
+=== Counter ===
+Each time that the safety system runs in a certain level a counter named ''nofActivations'' is incremented. Whenever the safety level changes due to an event this counter will be reset to 0. This allows for measuring the time the system will run in a given safety level. The following example demonstrates this.
+<code cpp>
+  slRunning.setLevelAction([this,period](SafetyContext* privateContext) {
+    if (slRunning.getNofActivations() * period >= 60.0)
+      privateContext->triggerEvent(seStop);
+  });
+</code>
+The system will stay for 60 seconds in safety level ''slRunning''. After this time has elapsed it will trigger a ''seStop'' event.
+===== Entry Level =====
 As a last point, you have to specify with which level the system has to start.
 <code c>