This invention relates to the field of machine operation control. More specifically, this invention relates to a methodology for implementing a control reliable safety system for machine operation.
Safety control modules are used for the safeguarding of personnel around points and areas of hazardous machine operation. Examples of hazardous machines include punch presses, press brakes, automation work cells (including robot cells), molding presses, and the like. Often times the machine and/or cell application requires multiple safety controls to guard and control the machine safely. Multiple light curtains, E-Stop switches, gate switches, safety mats etc. are used with the machine safety control circuit to provide safe and efficient machine operation. Typically, many of the safety controls are functionally connected in series to form safety control signals to various parts of the machine control circuit. Interconnection of these safety controls often introduces wiring faults that can lead to the loss of the safety control signals.
xe2x80x9cControl Reliabilityxe2x80x9d is a method of ensuring the integrity of performance of control systems, including guards and safeguarding devices that interface with the control system. In order to be control reliable, an interconnection methodology cannot allow the loss of any safety control signal when any single fault of any part of the machine safety control system occurs, including the wiring. Furthermore, the interconnection methodology cannot allow the loss of any safety control signal due to single faults that are undetected and combined with additional faults. In the past, unique solutions have been developed for each specific functional safety control. Solutions for multiple safety light curtains were different compared to multiple E-Stop switches, gate switches, safety mats, etc. Often times, these different methods produced different levels of safety integrity (i.e. not all methods were control reliable). The inconsistency of wiring solutions also has resulted in confusion, poor field reliability, excessive circuit wiring, special dedicated control components and high system costs. An approach is needed that provides a consistent, control reliable, simplified, low system cost solution using standard safety control modules.
Currently, safety control modules are designed and sold individually and without knowledge of the machine safety control circuit. This limits the safety control module engineers in their ability to provide products that form a control reliable machine safety control system when connected together. Simply using control reliable safety control modules is not enough. The machine safety control system must be interconnected in a control reliable manner so that wiring faults of the system result in control reliable machine operation. Machine safety control systems are developed and modified by different people at different times over the life of the machine. The manufacturer may develop an initial machine safety control system that is modified by the installer of the machine at the customer site. Over the life of the machine the setup of the machine changes to accommodate various production assignments. Machines may be sold, recommissioned or rebuilt to perform other production tasks. This presents many opportunities for the machine safety control system to be modified.
Because each safety control module has been independently designed (often times by different manufacturers) without taking into account the overall control reliability of the machine safety control circuit, there is a lack of overall system designs including a hybrid of safetycontrol modules. For example, safety light curtains have addressed connecting multiple safety light curtains by the following methods:
independent safety light curtain systems with isolated output contacts connected to the machine control circuit. Monitoring and detecting wiring faults is very difficult to achieve due to signals that are not unique.
special safety control modules that operate more than one safety light curtain sensor pair. These systems are limited in how many sensor pairs can be connected (see, e.g., the Banner Multi-Screen System Dual Safety Light Screen System control box MUSC-1).
special systems that break up the sensors into pieces that are connected by special cables that allow the control unit to treat the pieces as one sensor pair, as described in U.S. Pat. No. 5,198,661. Response time for these systems is increased because all of the sensor pairs are in series and treated as one sensor. Ordering and stocking of the special sensors (first segment, middle segment, end segment), and the special interconnecting cables are cumbersome and undesirable. The individual segments cannot be used alone. They must be pieced together to make a working system. The diagnostics are combined so it is more difficult to determine which segment or cable is faulty and in need of replacement.
mechanically configured sensors such as hinged or fixed special (T or L) shaped units.
E-stop switch controls and gate switch controls have utilized series connections of the switches with or without safety monitoring control modules. Because of the direct series arrangement, this leads to masking (undetected) wire and/or switch faults when more than one switch is open at the same time.
The above scenarios illustrate that the control reliability of the machine safety control system is difficult to design into the system and maintain. Also, having safety control modules designed without a concerted effort toward system integration only makes the problem worse. Failure analysis of the machine safety control circuit is not always conducted correctly to account for failures such as wiring faults between safety control modules.
In accordance with the present invention, the above and other problems are solved by providing a methodology for implementing the interconnection of safety control modules in a control reliable manner. The methodology includes one or more safety control modules connected together so that the safety control modules communicate with each other using actively diverse safety control signals. The safety control modules are also connected to the machine safety control circuit so that the safety control modules can stop machine operation when one or more safety control modules are activated. The use of actively diverse safety control signals provides a control reliable system.
These and various other features as well as advantages, which characterize the present invention, will be apparent from a reading of the following detailed description and a review of the associated drawings.