Documentation

Map Fault Conditions to Actions in Truth Tables

You can use truth tables in Stateflow® to map fault conditions of a system directly to their consequent actions. Truth tables implement logic design based on conditions, decisions, and actions. For more information, see What Is a Truth Table?.

This example shows how the model sf_aircraft maps the fault conditions and actions using a truth table. For details on this model, see Fault Detection Control Logic in an Aircraft Elevator Control System.

The fault detection system for the aircraft elevator control system has these requirements.

ConditionAction

Hydraulic pressure 1 failure

While there are no other failures, turn off the left outer actuator.

Hydraulic pressure 2 failure

While there are no other failures, turn off the left inner actuator and the right inner actuator.

Hydraulic pressure 3 failure

While there are no other failures, turn off the right outer actuator.

Actuator position failure

While there are no other failures, isolate that specific actuator.

Hydraulic pressure 1 and left outer actuator failures

While there are no other failures, turn off the left outer actuator

Hydraulic pressure 2 and left inner actuator failures

While there are no other failures, turn off the left inner actuator.

Hydraulic pressure 3 and right outer actuator failures

While there are no other failures, turn off the right outer actuator

Multiple failures on left hydraulics and actuators

Isolate the left outer actuator and the left inner actuator.

Multiple failures on right hydraulics and actuators

Isolate the right outer actuator and the right inner actuator.

Intermittent actuator failures

If an actuator has been switched on and off five times during operation, isolate that specific actuator.

Logic to satisfy these requirements is constructed using two truth tables in the chart Mode Logic; one for the right elevator (R_switch), and one for the left elevator (L_switch). This truth table is for the left elevator.

The first requirement indicates that if a failure is only detected in the hydraulic pressure 1 system, turn off the left outer actuator. This requirement is represented in the decision D1 in the truth table. If there is low pressure in the hydraulic system 1, then D1 specifies that action 2 is performed. Action 2 sends an event go_off to the left actuator, Actuators.LO.

Similarly, the other requirements are mapped to the appropriate actions in the truth table. For example, if the left outer actuator fails, D3 causes action 3. Action 3 sends the event go_isolated to Actuators.LO to isolate the left actuator.

The truth tables are called at entry(en) and during(du) actions for the chart so that fault checks execute at each time step.

Was this topic helpful?