The present invention relates to equipment for monitoring changes and signals, particularly for self-checking control systems which are used in protecting personnel and/or machinery.
When machine control systems operate improperly, dangerous movement(s) and/or dangerous conditions can occur. Such dangerous conditions or machine movement(s) might occur because of one or more changes in a machine control signal (or signals) at a peripheral input (or inputs) of an associated machine, and in order to prevent the latter, relatively reliable surveillance circuits are utilized with such machines/machinery. Such surveillance circuits are designed to preclude unexpected or unintended situations, such as self-starts of one or more machines or machine parts, collisions between machine parts, etc. This is particularly the case in a wide field of machinery which perform dangerous motions from which personnel must be kept away or, if personnel are adjacent thereto, normally "safe" space between such machines can become dangerous if one or more machines self-starts. Thus, machines of this type can only be activated in the area of working personnel when it is reliably assured that the machinery will not be unintentionally started.
Conventional surveillance circuits attempt to solve the aforesaid problems through so-called safety components, such as safety limit-switches, which attempt to preclude all, most of, or at least certain fractions of erroneous machinery malfunctions, such as unintentional start-up. Such safety components are, however, only partly successful because of inherent though subtle errors created at hook-up lines and terminals which are not or cannot be detected by the safety components. This means that machinery input signals which are generated solely by such safety components may themselves nevertheless be erroneous.
As a rule, signals from ambient, periphery or safety equipment are required for accident protection/prevention, and these signals must be essentially error free to reliably detect any errors in so called redundant or automatic machine controls, and to transfer a recognized dangerous machine control signal into a safe state.
For the sake of clarity, two typical applications of the present invention will be described hereinafter relating to hydraulic presses, but other applications will be readily apparent to persons skilled in the art and are within the scope of the present invention.
Hydraulic presses include a number of switches used for selecting particular modes of operation, such as speed or power adjustment, stroke adjustment, single stroke operation, two-hand operation, single foot operation, etc. However, in the case of a hydraulic press which is operated by a single-stroke foot control, a command/signal may never be carded out. If, for example, an associated selection switch of the hydraulic press must be moved to a single-stroke foot operation position, but is not so moved, the foot operation single-stroke mode is not selected and even if the foot pedal is depressed, the command/signal will not be generated.
As another example, hydraulic presses are predominantly fitted with spring operated restoring multi-position valves. These multi-position or multi-way valves are generally mounted in series for redundancy to create a safety hydraulic system, and the valve plungers thereof can be appropriately scanned with respect to their blocking positions. As a rule, two such multi-way valves are provided. A break of the plunger return-spring in one of the two valves might allow the valve plunger to move from its blocking position and at least partially let hydraulic fluid flow therethrough. Therefore, even in spite of series valve redundancy, the latter defect would not be initially noted so long as the second valve is operating properly. However, should the plunger return spring of the second valve break, there would be an uncontrolled flow of hydraulic fluid which would no longer be shut-off completely and reliably because both safety valves are essentially inoperative. This could cause dangerous motion of the hydraulic press, yet in such conventional safety systems the associated electrical safety circuit is operative only when the valve plungers of both valves have totally left their blocking positions, not any interim position. This might cause displaceable protective screens or doors associated with hydraulic presses to be inoperative and a person could thereby be severely damaged should a press move in the absence of the protective screen/door preventing access to the work area of the press.