This requires the use of smart sensors which stop the dangerous motion of a machine in the event of danger.
Nevertheless, it still must be possible to suppress the sensors for certain purposes although this also still requires a satisfactory level of safety.
Personnel protection
Every science fiction fan knows the three Robot Laws of the best seller “I, Robot” by Isaac Asimov:
1. A robot may not injure a human being, or, through inaction, allow a human being to come to harm.
2. A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
Whilst teaching a machine to protect itself still sounds like fiction, the first two laws have already been implemented in applications for a long time, even if we might not have been aware of it. They have been implemented in accordance with harmonised European standards, the so-called Machinery Directive EN 945- 1, and in national legislation such as the German Equipment and Product Safety Act (GPGS) in order to simplify the free transfer of goods within the EU on the basis of a prescribed minimum level of safety.
This law applies both to the private use of products as well as to industrial applications. A typical example of this is the protection of automated processes in industry, in which non-contact safety devices are capable of distinguishing between the movements of persons from those of transported production goods in order to prevent accidents. Special sensors, combined with diverse and redundant safety engineering provide the solution here. In no application is reliability and safe operation of such critical importance as in the field of personnel protection. This includes self-monitoring for example.
This requires the architecture of the system to be redundant, in which the system is made safe by the multiple implementation of components. A safety light curtain that initiates the shutdown of a dangerous machine when persons are detected too close to the hazardous area is an example that illustrates the operating requirements involved. The hardware and the firmware of the control unit are tested thoroughly by means of stringent FMEA (failure mode and effects analysis) procedures in order to ensure that no individual system component causes a failure that may result in a hazardous situation.
This is only possible by using two differently designed processors with different firmware that test each other cyclically. In this way, any random failure of similar components due to the same fault is excluded. These kinds of systems also offer exceptional diagnostics options due to their self-testing capabilities. These can consist of the output of an error code which is described at a suitable location such as in the operating instructions or on the device, or by means of a visual indication using a connected PC...
The author:
Dipl.-Phys. Ing. Markus Bregulla
is product specialist for photoelectric and ultrasonic sensors
within the product management team of
Hans Turck GmbH & Co., Mülheim a.d. Ruhr.
Download full size editorial:
|
