Standards-compliant system description - SDEA
📄 Standards-compliant system description: Selmo automaton (extended deterministic state machine)
1. Basic model
The control system is based on an extended deterministic finite automaton (DFA) according to the principle of a Moore machine. This means:
The control is state-based.
All outputs are defined exclusively by the active state.
State transitions occur deterministic, i.e. uniquely and fully traceable.
Each state describes a logically self-contained step in the machine's behavior.
2. Functional components of the automaton
The automaton is defined by the 8-tuple:
S=(Z,Σ,Γ,δ,λ,z0,B,M)
Z
Finite set of modeled states
Σ
Input set from sensors, buttons, feedback signals
Γ
Output set to actuators (e.g. valves, motors)
δ
State transition function taking inputs and memory into account
λ
State output function according to Moore
z0
start state
B
Bit control matrix with signal behavior per state and zone
M
Set of mem-zones (internal state memory)
3. Bit control matrix (system layer)
The bit control matrix defines the behavior of each zone in the respective state:
0: No requirement ("Don't care")S: Sequence check → expected action or reactionI: Interlock → safety-relevant monitoring requirement with stopM: Monitoring → safety-relevant monitoring requirement with documentation
A transition to the subsequent state is only permitted if:
all
S-zones are fulfilledno
I-zone reports a deviationno errors exist in higher-level Constantly Monitoring Zones (CMZ)
4. Zone structure
Each zone is uniquely typed:
Input zone: Monitoring input signals
Output zone: Actuation of outputs = actuators without feedback
In-out zone: Combination of control and feedback
Mem zone: Internal state memory for controlling dependent sequences
The zones are connected to the states via a systematic matrix (bit control). This creates a complete behavioral model of the machine.
5. Memory function (mem-zones)
Mem-zones serve as internal memory function:
They are explicitly set or reset in a state with
S.They can be used in transition conditions and logic paths.
Their status is deterministically included in the sequence model.
Used for synchronous sequence control to ensure the sequence occurred or to prevent incorrect state
6. Error detection and state monitoring
The system detects deviating signal states automatically:
I-zones monitor safety-relevant signals → lead to automatic stop with fault diagnosis in case of deviationS-zones display operator guidance in the HMI → state waits actively until all conditions are metError messages are generated automatically, localized and displayed in the HMI
7. Advanced safety functions (standard Selmo)
In addition to the base logic, the following standard functions are integrated in the model:
CMZ (Constantly Monitoring Zone): permanent signal monitoring, independent of state
MXIC (Manual Cross Interlock): safe release conditions for manual movements in manual operation
Parameter layer: modeled, parameterizable values (e.g. times, counts, thresholds)
8. Normative classification
The deterministic, formalized structure of the Selmo automaton supports a traceable and risk-minimized machine control in accordance with:
EN ISO 13849-1 (Safety-related parts of control systems)
Function monitoring (e.g. interlock, CMZ)
Fault detection and defined reactions
IEC 61508 / IEC 62061 (Functional safety)
State modeling for safe control sequences
Determinism, testability and verifiability
IEC 61131-3 (Programming standard)
Separation of control (state) and monitoring (bit control)
Machinery Regulation (EU) / CE conformity:
Traceable, testable control behavior
Automatically producible documentation through formal modeling
9. Advantage of formalization
The complete formal definition enables:
Automatic code generation
Automatic validation and simulation
Complete technical documentation
Reduction of human programming errors
Increased traceability in terms of product liability
Last updated
Was this helpful?