next topic »

[on:]

I've made a very simple heater controller with my Arduino and incorporated some hysteresis in software like so:

Code:

if (temperature < (setTemp - HYSTERESIS)) digitalWrite(TRIAC_PIN, HIGH);
if (temperature > (setTemp + HYSTERESIS)) digitalWrite(TRIAC_PIN, LOW);

That's the core of the temperature controller. It works fine. (Well, my simulation using the built-in LED works fine, but I haven't connected the heating element yet.) Anyway, I see that when we are in the no man's land between the high and low borders of the hysteresis loop, the state of the TRIAC_PIN stays whatever it was previously. When I think about it, I see no problem with this. The system will leave that area at some point and the controller will take charge again. But considering we're dealing with 120VAC and a heating element here, I want to make sure there is no logic error there that can allow some sort of runaway condition.

For that matter, can anyone refer me to some information on programming for safety? In my day job I do this sort of thing with relay logic all the time. But programming, though similar, is a different story. I'm not using pointers or passing arrays to functions, so I don't think I have to worry about memory leaks. What else should I look out for?

Thanks a lot for your help.

[Reply #1 on:]

can anyone refer me to some information on programming for safety?

There's MISRA

http://www.misra.org.uk
 
They have a set of coding practices used for code running in vehicles. (you have to buy it though, but it's cheap). MISRA is quite restrictive and a lot of people disagree with many rules, for example no // comments, only /**/

Next down is the "JPL Institutional Coding Standard for the C Programming Language", based on the Power of ten rules with a few things added.

and finally "Power of Ten" which IIRC is another JPL document. Google should find these.

For my money anything that is good enough for JPL is good enough for me and their rules are basically what I would consider "normal" coding practice anyway.
______
Rob

[Reply #2 on:]

Excellent. Thanks for the information.

[Reply #3 on:]

What happens if reading the temperature always fails with a low value?

[Reply #4 on:]

If I understand the question correctly, I guess it means that the heater could run indefinitely. So, I guess some sort of timeout might be good to implement some sort of timeout.

Now, I should also note that I've been looking around for a thermal fuse to shut the whole kit and kaboodle down if things get out of hand.

[Reply #5 on:]

When I first installed my arduino thermostats I hooked them up parallel to the old ones.  I ONLY ran the arduino ones when I was home and able to keep an eye on it.  I found things like having to smooth the temperature measurements much more than I expected, having to have a different hysteresis value for cooling vs heating, relay spikes on the power lines coming from the air pumps, etc.  There were things going on that I had no clue even existed.  Some things were caused by me, for example: I used the 24VAC supplied by the heat pump to power the arduino.  I had to take the rectified, filtered 24VAC that became 37VDC and reduce it to 9 volts for the arduino.  I used a nice little buck supply, but his created heat, not much, but enough to cause the temperature reading to mess up.

So, my recommendation is to parallel what ever you have now to run the system for long enough that you feel comfortable with it before you commit to the new device.

[Reply #6 on:]

So, my recommendation is to parallel what ever you have now to run the system for long enough that you feel comfortable with it before you commit to the new device.

From a safety perspective it would be better if the arduino controlling output contacts were wired in series with the existing thermostat contacts. That would act like a redundant safety override in the event that the arduino output was stuck on or invalid. Set the existing thermostat heating setpoint higher then the desired arduino setpoint for the heating mode and set it lower then the arduino for the cooling mode. The Arduino would then be free to control the heat/cooling commands within the two existing thermostat's setpoint settings.

Lefty

[Reply #7 on:]

Lefty, that is actually a good idea.  I didn't think of it, so I just had them parallel and turned off the one I wanted to use.  It was a couple of weeks before I trusted the new one enough to leave the old one off overnight.  But then, I don't use flame to heat my house and the heat pumps are outside.  So, one should act accordingly.