The Failure Monitor started out as a single Calc/Logic block named BLOCK1. Click this block and select Expression from the context menu.
The initial failure logic for BLOCK1 in the AGITATE phase is shown in the following figure. (This is the default failure logic for all phase classes.)
The expression checks the state of the Watchdog parameter and, if it is Failed, sets the FAIL_INDEX. It also checks to see if the primary controller has switched to the backup. If neither condition is detected, the FAIL_INDEX remains 0 (that is, no failure).
Recall that when the FAIL_INDEX changes from 0 to any other value, the phase abandons the running logic and begins to execute the holding logic.
Now we will modify the expression by adding an IF/THEN statement to check the OUT_D parameter of the BFI block. If OUT_D is true (1), then a failure condition has been detected and we will need to copy FAIL_MESSAGE/OUT1 to the FAIL_INDEX parameter. (The value of FAIL_MESSAGE/OUT1 is based on the first failure condition that is detected by the BFI block.)
We will also add a check to each IF/THEN statement to see if a failure has already been detected. As long as the FAIL_INDEX is 0, we can check for any new failure condition. Adding this logic will protect against overwriting an active failure condition message.