|
Background: I'm a reasonably experienced software developer that has gotten the task of writing control software for real hardware, with some rather powerful (150W) electrical motors. Getting this right from day one is obviously more important than what happens the first time I run a desktop application or web site I just wrote. We've got a mechanical engineer that has constructed most of the parts, but he doesn't know much about motor control, and I don't either, a.t.m.. Problem: I'm a bit unsure on how much safety/protection is needed, and how it's usually done. (I'd like to avoid re-inventing the wheel, as it's likely to come out square in the first version... ;) Mainly, I'm thinking about stuff that our motor control board (Maxon EPOS2 24/5) provides, such as mechanical stops, hardware limit switches, position limits matched with checking things in software (such as max speed near limits, etc). (Software is a regular C++ app running on Windows XPE). My plan is to use every safety feature there is, but not allowing anything in hardware to trigger unless it's really wrong, i.e. if the position should be no more than 200mm positive on one axis, set the control card's limit to 205, and an hardware switch triggering quickstop at 220 mm (depending on mechanical limits, of course.) So, while the above strategy seems sound and reasonable, I'm worried that I'll miss some basics here and there, and if (when) something breaks it'd be "duh, didn't you know you always do XYZ here" from somewhere. Question: So, are there any good resources for this kind of stuff available on the net? (or in books, but those take time & money to acquire, so they'd better be good.) General advice is also glady accepted. :) |
|
Generally when programming software limits, the values should (obviously) fall outside of the motion range. If the motion is constant point to point motion then this is easy to handle. If the axis is jogging, of if the motion position is editable by an operator, your code should handle these exceptions before the software overtravel actually gets hit. For example, if jogging and the soft OT is hit (or even a programmed limit), display a message to the user indicating the limit reached. In the software I use, you can disable OT checking in one direction, reset the fault, and then allow jogging in the opposite direction only until the axis is out of the trouble zone, then re-enable the software OT checking (I can also do this with the hardware OT as well). For editing position data, you should validate that the position entered falls within your limits, including a tolerance, just in case you overshoot the position on decel. The use of programmed travel limits, software OT limits and Hardware OT limits, all come down to evaluating the risk of machine safety, and protecting the equipment from breaking itself. 1
Ok! It sounds like I'm on the right track then, as I had planned to do, more or less, like this (and Scott's answer). We have a simulated system now (different implementations of the same interface), where we compute deceleration distances when running via user-position control. I should apply the same checks to user-velocity control in the simulation, and then apply that when running with the real system too. So, if I read you right, no magic, just common sense, rigourous planning and make sure you cover all bases. :)
(Dec 23 '09 at 08:38)
Marcus Lindblom
|
|
I don't think you're using the term "safety" the way we generally use it in the industry. Safety refers specifically to Machine Safeguarding. This is a field unto itself, and as you can imagine there are a lot of rules and regulations. It also varies by region. For instance, in Canada, when we install new equipment we have to get a Professional Engineer to create a Pre-start Health and Safety Review, and they have to certify the design as safe before we can even turn it on. Our US offices have different local regulations they have to follow. From that perspective, safety has more to do with how you guard the machine (so people don't have access to moving parts, etc., and "safety devices" like light curtains, door switches, zero speed sensors, etc., which all stop the machine when an operator enters the dangerous area. I think what you're talking about is how to prevent the machine from damaging itself if something goes wrong during operation. This falls into the same category as choosing the right size of wire, right size of circuit breakers, and sizing all of the equipment appropriately, which falls into the domain of engineering. Now in your case, you are kind of re-inventing the wheel. In the industry we would typically just purchase a servo motion controller. I have used Galil before (see the link) and you can actually wire limit switches to indicate end-of-travel right into the controller and it already has the functionality to stop if either of those switches are hit. You can also just have a PLC that controls the servo drive, and wire your limit switches into the PLC. In most cases there are 3 sets of limit:
If you're looking for more information (and you're in North America), I suggest contacting a local member of the Control System Integrators Association. Putting together a system like this is the kind of service that they typically offer. Thanks for the input! We have a servo motor controller (should've listed that). It supports both hard limits (via wired limit switches) and hard stops (detectable via current limitation). So, I just need to figure out how to code the soft limits best to avoid frustrating users. (I'm based in Europe, btw.)
(Dec 22 '09 at 13:35)
Marcus Lindblom
|
When you say "PC software", what operating system are you using? Is it a real-time OS like QNX, or just Windows?
What is the application? Servo or 3 Phase? And what type of feedback are you using to close the loop?
@Scott: C++, Windows XP Embedded. @Jeremy: 2-pole DC for now. There are regulators and all on the control card(s).