Differences

This shows you the differences between two versions of the page.

--- getting_started:tutorials:safetysystem2 [2017/02/27 15:49] – created graf
+++ getting_started:tutorials:safetysystem2 [2017/04/06 19:21] – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
 In the EEROS library you will find a directory with examples. Open a shell in the build directory of your EEROS library and run ''examples/safety/SafetySystemTest2''. \\
-The example comprises a safety system with only two safety levels and two safety events.
+The example comprises a safety system with only two safety levels and two safety events. The system will start in the safety level ''slStart''. It will stay there for three seconds after which a safety event is triggered which causes a level change to ''slRampingUp''. The control system for this example consists of three block as shown below: [{{ .:safetysystemtest2.png?500 | //Control system of the example//}}]
-The levels and events are defined in the safety properties. The properties further include one critical input and one critical output.
+When the system changes into ''slRampingUp'' the integrator is enabled. The output of the integrator starts to ramp up. As soon as the signal reaches the upper limit of the signal checker block the safety event ''seReset'' is triggered by this block. This causes a restart of the whole sequence. \\
+Pay attention to the following points:
-The following events are defined and used in the example:
+  * The time domain of the control system is run by a periodic object. A lambda function serves as monitor function of this periodic. It outputs the integrator signal once every second.
-^name^description^registered for safety level^type^when triggered^
+  * The safety properties and the control system are defined in separate classes. The safety system needs a reference to the control system in order to start the integrator or to reset the signal checker. On the other side the control system uses a reference to the safety system to allow its signal checker to trigger a safety event. The two classes have to be carefully designed to allow for this reciprocal referencing. One of the references has to be a pointer which must be assigned after the two objects are defined. Further, the definition of the constructor of the safety system must be placed only after the declaration of both classes. And last, a forward declaration of the control system is necessary at the beginning.
-|e1|start initializing|slOff|public event|triggered by the main program immediately after initialization of the safety system|
-|e2|initialization done|slIinitializing|public event|triggered by a periodic 5 seconds after the executor started|
-|e3|start running|slInitialized|private event|triggered by checking the critical input, this could be an enable button|
-|e4|start shutting down|slRunning, slInitialized, slIinitializing|public event|triggered by pressing Ctrl-C|
-|e5|stop running|slRunning|private event|triggered by checking the critical input, this could be an enable button|
-|e6|switching off|slShuttingDown|private event|triggered by a level action|
-The example shows a typical use of safety levels and safety events. In order to demonstrate how the system works in a very limited example the following assumptions have been taken:
-  * The end of the initialization phase is triggered by a periodic which is run by the executor. In general this would be signalled by the sequencer after a initializing sequence has finished or by the control system as soon as a certain condition arises.
-  * To start and stop running might be triggered by pressing or releasing a button connected to the critical input. In our simple example we do not have real hardware. Hence we simply start and never stop, because the state of the hypothetical input is always ''true''.
-  * When pressing ''Ctrl-C'' the system falls into level ''slShuttingDown''. A level action for this safety level causes the system to automatically switch to level ''slOff'' which then terminates the program. Here again, this would be signalled by the sequencer after a shutting down sequence has finished or by the control system as soon as a certain safe condition is reached.
-===== How to shut down =====
-The example demonstrates how the system should be stopped in a well controlled manner, see [[getting_started:tutorials:stoppingsystem|]].