CIF tools perform both controllable and uncontrollable events in any order.
This issue has been superseded by issue #970.
Introduction
In #627 (closed) the problem was posed that under the assumption that generated PLC code does not perform uncontrollable events, system failure could happen with CIF models that don't take that into account.
Fortunately I was proven wrong by @jverbakel in showing that uncontrollable events do get executed in the generated controllers created with cifplc
, the temporary plcgen0
branch, and the future plcgen
programs.
They do so in the normal event processing loop, and thus can perform both controllable and uncontrollable events in any order until blocked.
That seems however in conflict with the theory that controllers only use controllable events to compute their response, and block on uncontrollable events waiting for a response from the plant. As such, it may be useful to look into this issue more closely and consider what a good solution would be. This may also affect other theories, for example the confluence and finite response properties.
Decision and tasks
Decision: In a single PLC cycle, first loop over uncontrollable events until blocked, then over controllable events until blocked.
This needs:
-
PLCgen (!857 (merged)) -
Split events in uncontrollable and controllable events. -
Generate separate transition loops for both kinds of event.
-
-
Update checkers for as far as needed (see also #892): -
Update other tools: -
CIF code generator, similar to how we do it in PLCgen -
CIF simulator: have an option to give priority to uncontrollables over controllables -
CIF explorer: have an option to give priority to uncontrollables over controllables
-
Addresses #679