[evla-sw-discuss] Monitorable Control Point Requirement

[Kevin Ryan]

I would like to follow up the discussion about un-monitorable 
control points from the EVLA Coordination meeting.  It was 
decided that we simply identify and handle each on a case-by-
case basis.

After thinking it over, I believe that we must insist that a 
method be made to verify each and every control point.

The reason for Software's requirement (that every control point 
has a corresponding monitor point) is to ensure that the state 
of the system is that to which it was last commanded.

Under a hardware failure the actual state will not necessarily 
be the commanded state; if we can't read the actual state, we 
will not see this.  The ability to know hardware status will 
enhance data flagging and problem diagnosis.

Given that we will have some control points that are impossible 
to monitor, I propose that other methods be used to ascertain if 
the last command was instituted.  For instance, in the case of an 
un-monitorable switch, can the actual position of the switch be 
determined by looking at some other signal or test point in the 
circuit?

This issue needs to be addressed before we become too entrenched 
in our designs.  If anyone believes it is not founded, please 
contact me and I will set up a meeting for further discussion.  
If not, then we would like to assume that everyone involved with
EVLA hardware design will ensure that our requirement goes unbroken
for all but the utmost difficult/expensive/impossible case.

The alternative to monitorable control points (which was actually 
suggested) - "we'll just have to send each command several times 
to make sure it got there" - is quite unsatisfactory.


Respectfully,

Kevin Ryan