The present invention relates to safety relay circuit configurations and more particularly to a relay configuration including two 4-contact relays arranged to provide power to a device wherein, when any of the components or contacts fails, device power is cut off within one cycle period.
Many devices require electrical power to run. For instance, an exemplary factory often includes many motors which are linked to other devices (e.g. robots) for loading items to be assembled or machined onto an assembly line or machining line, moving items along a line, moving tools adjacent a line to assemble items and to machine items and to remove items from a line. While the inventive relay configuration is meant to be used with many device types, to simplify the present explanation the invention will be described in the context of, and with respect to, a simple motor linked to a metal milling machine.
To provide power to a motor, primitive systems simply included an on/off switch, power provided when the switch was closed and cut off when the switch was opened. While primitive on/off switches achieve desired control when they operate properly, unfortunately, under certain circumstances a system relying on such a primitive on/off switch to control power to a motor can become uncontrolled.
Uncontrolled circumstances have two general causes: (1) a failed witch and (2) an inadvertent hot wire. With respect to a failed switch, start switches have been known to fuse closed when a rated contact current is exceeded. Because many power sources are not well regulated, current surges are common and, therefore, fused start switches occur on occasion. Where a start switch fuses closed, there is no quick way to turn off the motor in an emergency situation and uncontrolled motor operation occurs.
With respect to inadvertent hot wires, in a complex industrial environment, sometimes an inadvertent wire may exist which either short circuits the start switch or provides power from another source to the motor by bypassing the switch. In this case, as in the case where the start switch is fused, there is no quick way to cut off motor power and uncontrolled motor operation occurs.
In any case, uncontrolled operation can be extremely dangerous. For example, a milling machine which cannot be turned off may damage itself, an item to be milled or tools or equipment within the vicinity of the machine. In addition, a machine which cannot be turned off may also injure or even kill a person within the path of a milling bit or, if the machine malfunctions, may injure or kill a person who is simply passing by the machine.
To avoid uncontrolled operation resulting from a fused start switch, the industry has developed various safety relay configurations. A relay is a device which includes at least one coil and an associated contact. A contact is essentially a two state switch having a normal state (i.e. open or closed) and an excited state (i.e. the opposite of the normal state). A contact having a normally closed state is referred to as an NC contact while a contact having a normally open sate is referred to as an NO contact. When current passes through the coil, the relay changes contact states. Thus, when the coil is excited, NC contacts open and NO contacts close. In many cases a relay will include more than a single contact. For example, a relay may include three NO contacts and one NC contact or five NO contacts and one NC contact. In a relay having three NO contacts and one NC contact, when the coil is excited, all three NO contacts close and the NC contact opens.
A safety relay configuration typically includes, among other things, one or more relays, one or more NC emergency stop (ES) switches, a start switch and a logic power source (i.e. a second power source in addition to the motor driving power source). Typical configurations include both a control circuit and at least one output. A control circuit is designed to effectively "determine" whether or not an operator wants power to be delivered to the motor based on a recent sequence of start and stop commands selected via the start and ES switches.
The output is designed to either provide power to, or cut power off from, the motor based on operation of the control circuit. To this end, an output typically includes one or more relay contacts (hereinafter "output contacts") in series between the driving source and the motor, each of the output contacts having to be closed to provide power to the motor.
The control circuit is designed such that, when the start switch is closed, the relay coils are excited causing the output contacts to close (thereby providing power to the motor).
The ES switches are arranged such that when the ES switches are opened, coil current is cut off and all properly operating contacts associated therewith change state (i.e. closed contacts open and open contacts close). Thus, when the ES switches are opened, the output contacts open and power to the motor is cut off. After power is cut off, assuming properly operating contacts, power can again be provided by closing the start switch. The process of cutting off power via ES switches and again providing power via the start switch is referred to as a cycle.
To avoid uncontrolled operation resulting form an inadvertent hot wire, one prevalent solution has been to provide more than one output between a driving source and the motor wherein the contacts in all outputs have to be closed to provide power to the motor. For example, a configuration including two outputs may include a first output having first and second NO contacts and a second output having third and fourth NO contacts. In this case power is only provided to the motor when all of the first through fourth contacts are closed. Here, while an inadvertent wire may short the contacts in the first output, although possible, it is unlikely that the inadvertent wire or another inadvertent wire would short the contacts in the second output. Thus, even if the first output contacts where shorted or bypassed, the second output would still facilitate control (i.e. by opening one of the second output contacts, power to the motor is cut). Clearly the number of outputs should be maximized for redundancy purposes and, in any event, at least two outputs should be provided.
There are uses for relay configurations which are relatively safe and other uses for relay configurations wherein the likelihood of injury to a person or damage to the system or other items within the vicinity of the system is relatively more likely. For this reason, the industry has developed a hierarchy of relay configuration safety categories, each category specifying configuration requirements for specific applications. For example, a first relatively low safety category may specify that a configuration must simply identify a contact which is fused closed so that an associated relay can be replaced or repaired to avoid subsequent system down time.
On the other hand, a second relatively high safety category may specify that a configuration must detect single component failure (i.e. a fused contact) within one cycle (i.e. power cut off and attempted reapplication) and, despite failure, must maintain ES switch operation and disable the start switch from reapplying power to the motor once power is cut off. Other categories between the first and second categories identified above are specified by the industry.
The inventive configuration has been designed to meet or exceed the second safety category described above. That is, the inventive configuration detects single component failure within one cycle and, despite failure, maintains operable ES switches and disables the start switch from reapplying power to the motor once power is cut off. Hereinafter, configurations generally which meet or exceed the requirements specified by the second category above are referred to as maximum safety configurations.
As well known in the controls art, while the costs of most devices (e.g. resistors, diodes, capacitors, etc.) in a relay configuration are minimal, relays are relatively expensive devices. This is particularly true where more than a single relay type is required to configure a relay configuration as more than one part type must be manufactured and stocked for initial construction and replacement. While many different maximum safety configurations (i.e. configurations which meet or exceed the second safety category specifications indicated above) have been designed and manufactured, most maximum safety configurations are relatively complex requiring a plurality (e.g. 3-4) of relays and often requiring more than one relay type. Thus, a maximum safety configuration's cost is closely related to the type and number of relays required to construct the configuration. For these reasons the industry is constantly searching for a maximum safety relay configuration which requires relatively inexpensive identical relays and which requires a minimal number of relays. In addition, to avoid uncontrolled operation caused by inadvertent hot wires, such a relay should have at least two outputs.