Information Technology Reference
In-Depth Information
malized as
safe
de
=
2
`<
)
R
leak
3
;
6
<
);
true
)and
R
(
R
de
=
de
=
where
2
;
true
). Using the
available sensors, leakage | or indeed a sucient approximation of leakage |
is detected through observing the flame sensor when the gas valve is open: gas
is deemed to be leaking i the flame sensor senses that the flame is not burning
while the gas valve is open.
:
(
true
;(
:
P<k
:
P
=
k
leak
de
=
gas
^:
fl
:
Requirement
safe
alone is easily satised: as leaks can only occur when the
gas valve is open, a controller permanently setting control line
gas
to false and
thus keeping the gas valve closed will satisfy
safe
. However, a customer will not be
satised with a gas-burner never delivering service. Therefore, some requirements
concerning controllability of the system through
hr
are added. First, we require
that
:
hr
will shut the gas supply within one second:
stop
de
=(
d:
hr
e^`
=1)
;
d:
gas
e ;
de
=
where
;
true
). Furthermore, we would like to re-
quire that
hr
leads to heat supply within a reasonable time span. However, this
demand can only be realized if gas does not fail to ignite after opening the valve.
Therefore, the startup requirement is relative to an environment assumption
which formalizes the normal ignition behaviour. The normal ignition behaviour
is that gas ignites soon after opening the valve such that the flame sensor re-
ports a burning flame within 2 seconds. Whenever this is the case, heat should
be supplied after at most 8 seconds of continuous heat request:
dPe
:
(
true
;
;
d:Pe
start
de
=
flame ok
)
((
d
hr
e^`
=8)
;
d
fl
e
)
;
flame ok
de
=(
d
gas
e^`
=2)
;
d
fl
e :
The requirement to be guaranteed by the embedded controller is the con-
junction of above three requirements:
GBReq
=
safe
^
stop
^
start
:
Furthermore, the design has to respect the signature imposed by the application,
namely that
hr
and
fl
are inputs to the controller and that
gas
is an output.
The control problem to be solved thus is (
GBReq
).
The synthesis procedure outlined in Theorem 15 has successfully been applied
to this control problem. As the control problem is underconstrained (sometimes
it allows free choice between switching
gas
on or o in a certain time instant),
this yields a non-deterministic control strategy with respect to the controlled out-
put
gas
. Adding a simple heuristics for resolving this nondeterminism, namely
;f
hr
;
fl
g
Search WWH ::
Custom Search