1. Field of the Invention
The present invention relates to a device for emergency-stopping a servomotor provided in a robot system, a machine tool controlled by a numerical controller, etc.
2. Description of Related Art
An emergency-stop device including a CPU (central processing unit) is widely used in a robot system or a machine tool controlled by a numerical controller. In this connection, it is a known technique to dualize a emergency stop circuit, considering possible failure of the emergency stop circuit. FIG. 1 shows a typical example of a conventional device including dualized emergency stop circuit. As shown in this drawing, the device includes two CPU's #1, #2, which are connected to an emergency stop switch by separate emergency stop circuits.
When the normally-closed emergency stop switch is depressed, an emergency stop signal (indicating that a contact is open) is supplied to the CPU's #1, #2 through their respective input circuits (hereinafter referred to also as “emergency stop input circuits”). The CPU's #1, #2 always monitor the emergency stop signal (check whether or not the emergency stop signal is supplied, in every processing cycle). When the emergency stop signal is supplied, the CPU's #1, #2 open switches SW#1, SW#2 connected in series in a servo-amplifier power supply line to shut off supply of power to a servo amplifier, so that a servomotor (generally, a plurality of servomotors) M emergency-stops.
Here, it is arranged such that when one of the two parts constituting the dualized emergency stop circuit is out of order so that the emergency stop signal is supplied to the CPU #1 (or the CPU #2) but not supplied to the CPU #2 (or the CPU #1), the failure of the emergency stop circuit can be detected by the two CPU's #1, #2 comparing data. Also in this case, emergency stop is carried out since the switches SW1, SW2 are connected in series in the power supply line. When the failure is notified, a step such as prohibiting restart is normally taken to avoid a great danger which can be caused if also the other part of the dualized emergency stop circuit goes out of order afterwards.
Since switches used in the emergency stop circuit like this and relays for opening and closing them require high reliability, switches having a forcible switching mechanism and safety relays having a failure detection function are used. However, it is not enough to enhance the reliability of switches and relays, since the input circuit through which the emergency stop signal is supplied to the CPU uses semiconductor devices and the safety thereof is not ensured.
Even if the input circuit for one of the two CPU's goes out of order, when the emergency stop signal is supplied to the other CPU, it is recognized that the input circuit is in the off-state (not operative), from comparison of data by the two CPU's, and therefore the failure can be detected. However, in the case of a controller requiring long continuous operation, supply of an emergency stop input is rare and detection of failure cannot be carried out for a long time. In the case of a controller like this, even if it is dualized, there is a risk that the two input circuits go out of order successively, before failure is detected. Certainly, it is generally possible to stop the controller and check the input circuits. However, stopping the controller every time checking is performed is not desirable, since it lowers the working efficiency. There is no published document disclosing a technique for easily solving problems like this.