.Buildings.Controls.OBC.CDL.Logical.Proof

Information

Block that compares a boolean set point u_s with a measured signal u_m and produces two outputs that may be used to raise alarms about malfunctioning equipment.

The block sets the output yLocFal = true if the set point is u_s = true but the measured signal is locked at false, i.e., u_m = false. Similarly, the block sets the output yLocTru = true if the set point is u_s = false but the measured signal is locked at true, i.e., u_m = true. Hence, any output being true indicates an operational problem.

To use this block, proceed as follows: Set the parameter feedbackDelay ≥ 0 to specify how long the feedback of the controlled device is allowed to take to report its measured operational signal u_s after a set point change u_m. Set the parameter debounce ≥ 0 to specify how long the measured signal u_m need to remain constant for it to be considered stable. Connect the inputs for the set point u_s and the measured signal u_m to the output signals that need to be checked. If either output is true, raise an alarm, such as by connecting instances of Buildings.Controls.OBC.CDL.Utilities.Assert to the outputs of this block.

Any output being true indicates a problem.

The block has two timers that each start whenever the corresponding input changes. One timer, called feedbackDelay+debounce timer, starts whenever the set point u_s change, and it runs for a time equal to feedbackDelay+debounce. The other timer, called debounce timer, starts whenever the measured signal u_m changes, and it runs for a time equal to debounce. The block starts verifying the inputs whenever the feedbackDelay+debounce timer lapsed, or the debounce timer lapsed, (and hence the measurement is stable,) whichever is first.

Both outputs being true indicates that the measured signal u_m is not stable within feedbackDelay+debounce time. Exactly one output being true indicates that the measured signal u_m is stable, but u_s ≠ u_m. In this case, the block sets yLocFal = true if u_s = true (the measured signal is locked at false), or it sets yLocTru = true if u_s = false (the measured signal is locked at true).

Therefore, exactly one output being true can be interpreted as follows: Suppose true means on and false means off.
Then, yLocTru = true indicates that an equipment is locked in operation mode but is commanded off; and similarly, yLocFal = true indicates that it is locked in off mode when it is commanded on.

Detailed description

The block works as follows. Any change in set point u_s starts the feedbackDelay+debounce timer, and any change in measured signal u_m starts the debounce timer.

As soon as the feedbackDelay+debounce timer or the debounce timer lapsed, whichever happens first, the controller continuously performs these checks:

1. Check for stable measured signal.
   If u_m is stable, then
       goto step 2.
   Else:
       Set yLocFal = yLocTru = true.
       (Equipment is commanded on but we cannot conclude it is running;
       set both true to flag an unstable measurement signal.)
   
2. Check for commanded and measured input to be equal.
   If u_s ≠ u_m, then
       goto step 3.
   Else,
       set yLocFal = false and yLocTru = false.
       (Equipment is operating as commanded, verified using stable input.)
3. Inputs differ.
   If u_s = true , then
       set yLocFal = true and yLocTru = false.
       (The equipment is commanded on, but it is off.)
   Else,
       set yLocFal = false and yLocTru = true.
       (The equipment is commanded off, but it is on.)
   

Revisions

• March 28, 2023, by Michael Wetter:
  Revised documentation.
• March 27, 2023, by Jianjun Hu:
  First implementation.