Author: John Hatcliff Last revised: 08/29/2015 ================================== Lecture Pre-conditions ================================== * (none) ================================== Important Concepts ================================== * One of the most important steps in designing a safety critical system is determining the boundary between the "system" to be implemented (this is the "engineered space" that we have control over) and the "environment" * The functional architecture of most safety critical systems can be described in terms of one or more "control loops". * A control loop consists of (see diagram in figure 3.2 on page 66 of Engineering a Safer World) Four main elements: Controller, actuator(s), controlled process, sensor(s). Additional elements: Control algorithms, set points, controlled variables, process inputs, disturbances, process outputs, measured variables * A sensor is a component that observes the state of the controlled process (which could be either the system or environment) Examples: * Aviation -- Airspeed: Pitot tube * Medical -- Isolette: Temperature sensor * Automotive -- wheel speed sensor * A actuator is a component that can affect the state of the controlled process (system or environment) Examples: * Medical: -- PCA Pump: pump pushing * Airspeed: Jet engine * Medical -- Isolette: Heater * A controller is the component which evaluates the state of the controlled process (e.g., by examining sensor data), considers the current goals of the system (e.g., as reflected in the set points), makes decisions about if/how the controlled process needs to acted on (controlled) by the system, and sends control commands to actuators for the purpose of ensuring that the controlled process stays within desired states. Examples: * Automotive: Cruise control algorithm * Airspeed: Autopilot * Isolette: Thermostat * A disturbance is a change to the controlled process originating from the environment, rather than controlled variables. Sometimes the system's control algorithm can respond to the disturbance and still keep the control process within desired states. Examples: * Airspeed: Turbulence * Isolette: External temperature changes * Automotive: For cruise control, e.g., strong head winds, car going up a hill (causing deceleration, which cruise control must correct), car going down a hill (causing excess acceleration, which cruise control must correct) In other cases, the disturbances in the environment may be too great for the system to overcome. This system may be able to notify an operator through some sort of an alarm in such a case. Examples: * Isolette: The isolette could fail to heat the air inside due to environmental conditions it causes (eg, the isolette's exhaust vent could be next to the room's thermostat, and so it is unable to sufficiently heat itself as the room's air conditioner is turned on) * Set points are... the predefined limits (goals), perhaps configured by a human operator, that controlled variables should be kept within. Examples: * Automotive Cruise Control: Target speed of 70 MPH * PCA Interlock: 12 - 20 breaths / min * Airspeed: 300 - 310 knots * Isolette: 98.5-99.0 degrees Fahrenheit * Control loops can be present, not only in the engineered system, but in the environment/context in which the system operates. Examples: * Automotive Cruise Control: For example, an automobile may be operating in the context of a country road with a posted speed limit of 55 MPH, which leads the driver to set the cruise control speed target at 57 MPH. Then the automobile enters an Interstate Highway where the speed limit is 75 MPH which leads to the driver to set the cruise control target speed at 77 MPH (our driver always likes to exceed the speed limit a bit). In this case, the "controller" is the driver (along with the driver's general desire to obey the traffic laws), the "controlled process" is the car's cruise control function, the "sensor" is the driver's vision of the speed limit signs and road conditions, and the "actuator" is the driver's body (hands, fingers) used to operate the user interface for the cruise control. * Reasoning about control loops can form the basis for system safety assessments (i.e., hazard analyses). ================================== Lecture Post-conditions ================================== * Be able to define and give examples of the following terms: - sensor - actuator - controller - controlled process - disturbance - set points * Be able to draw a diagram representing the structure of a conventional control loop. * Be able to identify the components of the control loop(s) from the Isolette.