Example model: Start button + cylinder (Selmo)

This example shows the complete transformation of a simple PTF into a Selmo model:

• Start button triggers a cycle

• Cylinder extends until the "extended" end position

• Plausibility (pair check) monitors contradictory end positions

• CMZ protects system-critical conditions

• MXIC allows safe manual movements in manual mode

Goal: A minimal but complete Selmo core that is deterministic, diagnosable and operable.

---

1) Structure (Plant → Hardware Zone → Sequence → Zone)

Plant

PLANT_01 – Entire plant (minimal for this example)

Plant tasks:

• plant-wide states (optional)

• plant-wide CMZ (optional)

For this example the plant is deliberately kept lean.

---

Hardware Zone

HWZ_01 – Station_01

Tasks:

• modes of operation (manual / automatic)

• automatic enable

• start coordination (central)

• HW-zone CMZs

---

Sequence

SEQ_01 – ExtendCylinder

Task:

• evaluate start button

• extend cylinder

• reach end position "extended"

• complete cycle (ready for next start)

---

2) Zones (technique & meaning)

Every relevant technique is described as a zone.

Z_01 – Start button

• Type: Input zone

• Signal(s):

  • I_Start (start pushbutton)

• HMI text: "Press start button"

---

Z_02 – Cylinder (extend)

• Type: In-out zone

• Signal(s):

  • Output: Q_Extend (valve: extend)

  • Input: I_Extended (end position extended)

  • Input: I_Retracted (end position retracted)

• HMI text (sequence guidance):

  • when extending: "Cylinder is extending"

  • Goal reached: "Cylinder extended"

Pair check (plausibility):

• Pair: (I_Extended, I_Retracted)

• Rule: both TRUE at the same time is physically impossible → diagnosis

---

Z_03 – AirPressureOK

• Type: Input zone

• Signal(s):

  • I_AirOK (compressed air ok)

• HMI text: "Compressed air ok"

This zone is used as HW-zone CMZs (see CMZ).

---

Z_04 – CycleDone (optional)

• Type: Mem zone

• Signal(s):

  • M_CycleDone

• HMI text: "Cycle completed"

---

3) Logic layer (state model)

The logic layer describes the sequence as a state machine.

States

• S0 – Idle / WaitStart Waits for start request

• S1 – ExtendCommand Extend cylinder (command + expectation)

• S2 – Done Cycle completed, ready for next start (or reset logic as needed)

Transitions (simplified)

• S0 → S1, when start request is fulfilled

• S1 → S2, when cylinder is extended

• S2 → S0, when start button is released (or reset/acknowledge, depending on style)

Note: The technical fulfillment is not described in the logic layer, but in the system layer via bit control.

---

4) System layer (bit control / cross table)

Operands:

• 0 = Don’t care

• S = Sequence check (expectation / guidance)

• i = Interlock (mandatory condition, if deviated automatic enable is withdrawn)

Bit control matrix

Zone \ State	S0 WaitStart	S1 ExtendCommand	S2 Done
Z_01 Start button (input)	S	0	0
Z_02 Cylinder (in-out)	0	S	0
Z_03 AirPressureOK (input)	i	i	i
Z_04 CycleDone (mem)	0	0	S

Interpretation:

• In S0 is Z_01 treated as S guided: the system expects a start request.

• In S1 is Z_02 treated as S guided: output is set (Q_Extend) and feedback I_Extended is expected.

• Z_03 is in all states i: if it fails I_AirOK automatic enable is withdrawn and the sequence stops.

• In S2 is Z_04 treated as S set (optional): the cycle marks itself as completed.

---

5) Parameter layer (optional, but clean)

Parameters change values, not logic.

• P_ExtendTimeout (timeout for extending, if needed)

• P_DoneHoldTime (display/hold time in Done, optional)

If you model a "timeout", the logic for it belongs in a timer state – the value comes from the parameter layer.

---

6) CMZ (constantly monitoring zone)

HW-zone CMZ: Z_03 AirPressureOK

• Level: Hardware Zone

• Rule: I_AirOK must always be present correctly

• Effect on error:

  • withdraw automatic enable

  • stop all sequences of the HW zone

  • no manual movement possible (CMZ rule)

This CMZ makes it clear: Without compressed air there is no safe operation – neither automatic nor manual.

---

7) Pair check (plausibility)

For Z_02 Cylinder

• Pair: (I_Extended, I_Retracted)

• Impossible: both TRUE at the same time

• Reaction:

  • automatic diagnosis "cylinder end positions contradictory"

  • Sequence cannot continue

The pair check is not a sequence block, but a plausibility monitor with a clear diagnosis.

---

8) MXIC (manual cross interlock) – manual operation

Goal:

• Manual movement only when it is conforming to the model and safe is

• In case of doubt: diagnosis instead of movement

Manual actions (buttons)

• BTN_Extend → controls zone Z_02 (extend)

• BTN_Retract → controls zone Z_02 (retract) (if retracting should be allowed in the example)

MXIC conditions (example rules)

• BTN_Extend is allowed when:

  • no CMZ error is active (AirPressureOK must be correct)

  • (optional) the current state is S0 or S1 (no arbitrary movement in Done)

• BTN_Retract is allowed when:

  • no CMZ error is active

  • (optional) the sequence is not in a critical state

If condition not met:

• movement is prevented

• Diagnosis: "Manual movement not allowed: "

---

9) HMI behavior (short, model-based)

• In S0:

  • Display Z_01 with S → "Press start button" (guidance)

• In S1:

  • Display Z_02 with S → "Cylinder is extending"

  • as soon as I_Extended fulfilled → transition to S2

• In case of ideviation (I_AirOK missing):

  • automatic enable withdrawn, stop, diagnosis on Z_03

• In case of pair check error:

  • diagnosis on Z_02 ("end positions contradictory")

Basic principle: Messages are generated where the model knows expectation and deviation (state + zone + operand).

---

10) Summary: What this model shows

This example is complete because it:

• defines structure (plant/hwz/sequence/zone)

• clearly describes the sequence (logic layer)

• formally specifies behavior (system layer/bit control)

• integrates safety/integrity (CMZ)

• automatically monitors plausibility (pair check)

• safely limits manual operation (MXIC)

• makes diagnosis/HMI derivable from the model

Thus this example is a minimal "Selmo standard case": small but complete.