[thingstodo]

On my week down in Phoenix, I scribbled out a few ideas for testing. I can work a 'simulated' accelerator, brake, ebrake switch, inertia switch, ... etc ... but it is really not reasonable to expect that I will check absolutely EVERYTHING after each small change that I make to the control programming in my PLC5. I take changes seriously, but I am also familiar with unintended side effects ... collateral damage. I test a lot. AND I'm a bit PARANOID.

So after a few ideas, a bit of code, a couple of compromises ... there is a plan.

The inputs to the PLC and the outputs from the PLC are compared to what they were the last time the program executed. Anything that changes is logged. The data is stored in the format:
- YMMDD for the last digit of the year, 2 digit month and 2 digit day
- HHMM for the 24 hour digit hour, MM for the minute
- SSTho for 3 digit seconds and 2 digit hundredths of a second
- LogType, integer - an indication of what type of data has changed
- Number, integer - the value of the data that changed
- Status, integer - future
- Alarm, integer - future
- Value, float - floating point for future use

20401, 17452201, 1, 16, -32768, -32768, -32768, -32768

This logs 2012 04 01, april 1, at the time 17:45:22.01, data type 1 or digital input, value 16 or only input 4 on

The -32768 values are place-holders for 'not used for this line'. 0 is valid data, so I used the most negative (smallest?) number I have as 'no data'.

The logs will keep track of the results (inputs versus control outputs) for my initial tests with potentiometers for accelerator and brake, some switches for selected safety inputs, and a drill for a motor output. When I am happy with those results, the next step begins.

Create a list of things that the truck should do, so that it works as expected. List every boundary condition - transitions from positive to negative and back to positive. Check for impossible inputs, like Park and Reverse and Drive at the same time. The safest one should win - in this case Park. Enforce a sequence, if that's what a normal car does - like pressing on the brake before shifting from Park to Reverse. Check what is done with an Emergency Brake input while driving at 60 mph. Does the brake input always REDUCE the absolute value of the speed, bringing you closer to a stop? How about the inertia switch input?

Define what the truck is expected to do in every case. It should be the safest choice.

Run through the list of test cases and record all of the logs. This will be the standard that will be compared.

Keep the logs for each revision of the PLC program. Compare each revision to the standard. Ensure that the the differences are intended. Update the standard (there is a standard for each non-trivial PLC revision).

As the control system is upgraded, before the truck is running, and even after ... any control program changes MUST pass this safety test, to make sure that I don't hurt myself or anyone else with collateral damage.

The PLC5 programming for the actual control of the truck is not going as quickly as I had hoped. I keep getting side-tracked with these small projects ... but it is good to measure and bench-mark ... and make sure things are right.