Machsupport Forum
Third party software and hardware support forums. => SmoothStepper USB => Topic started by: gumbyrulesyou on December 09, 2008, 03:12:30 PM
-
:D :D
So I tried to report the fact that a smoothstepper will continue to output a pulse train on the charge pump even in the event of an error in Mach...even in the event of a serious system crash, even in the event that I tear the power cord from the computer. Not only that, it will also continue to jog the machine into oblivion if you happen to be jogging when this happens - Power failure, cord ripped out, the extremely unlikely scenario of windows crashing, etc.
I reported this on the Warp9 forum, and all I get is flack.
As you can see, my machine isn't a sherline with stepper motors scavenged out of floppy drives. If I had not set up the limit switches directly in to the servo amp, which by the way folks, don't EVER forget to do this if you can, but if I had not, it would have slammed 1KW/3KW peak of power in to pure bashing, crushing excitement.
With a working charge pump, this would never have happened. If I had powered the smoothstepper from the PC, true, in the event of a power failure, this would never have happened either. but then again, with all the other boards, MPGs, analog spindle controls, etc, I have to use an external 5V supply for them all, so no smartie pants telling me that USB power is the solution to my problem.
My system is set up seriously. All my amps have and use "Servo Enable" inputs from one line out of Mach. They have logic and motor power input. Logic is always on. On top of servo enable, the motor power input wires, all three phases, go through a contactor on yet another enable line. The spindle has a contactor AND a VFD, each on their own I/O lines, and all of this goes through my E-stops AND charge pump enable. The servo fault lines and spindle fault lines all go in to an external e-stop input on the PLC. This is a big, dangerous machine, and I can't afford to drop $10K on a new Fagor controller.
-
Ooh! That is BAD! The SS should be getting some kind of "heartbeat" from the PC that acts as a deadman to protect against exactly that situation. A trivial thing to implement, since it's using USB communications, it's got the perfect timebase for this functionality. I find it hard to believe Greg would've designed it that way. More likely it's just not working in the release you're using. Was this with the latest plugin?
Regards,
Ray L.
-
If my reply was seen as flack I apologise, it was not meant as such. I may be wrong and I will know tomorrow when I test and I will admit if I am wrong ;)
I am thinking that if the SS loses communications my lathe will stop. If it doesn't then yes you are correct it needs to be addressed but as I never relied on the chargepump when I had the parallel port I am thinking it will act the same way.
Hood
-
Some people sell milk for a living. I make my living from these robots. I may not have spent my entire life building industrial automation, but certainly more than a few years. People are free to question my judgement, call me an idiot, a liar, spit on me, ignore me, etc, etc, etc, but please have some courtesy and don't do it automatically and immediately. I feel like I'm a hippie trying to convince the president that going to war in Iraq is a bad idea with the feedback I'm getting!
"Very good, now set up your enables like they should be and your fault signals like they should be "
and other stuff like
Dont understand this, if you are meaning the SmoothStepper could develop a fault and then send an axis or two or three going wildly out of control then please tell me how the chargepump would stop this happening?"
and better yet
Please give an example of where the chargepump would come into effect with regards mach and then why this would not be the case with the SmoothStepper.
Trust me when I say I've been on Warp9's web site and downloaded the absolute latest version of everything I could after I discovered this problem, only to discover that I already had the latest version of everything.
As far as implementing a dead man switch, watchdog timer, charge pump, whatever, I KNOW it can be done. There's a little blinky LED on the Smoothstepper that's just blinking like mad when it's happy.
I firmly believe that any charge pump and safety circuit should be totally independent of all other boards, and totally analog, and barely keeping its head above water in regards to remaining turned on from the pulse train. Safety is important, and if you think you can ignore it even on your little piss-ant nema-23 hobby mill or CNC dremel built out of MDF, think again. On top of it all, you have to have those hard, non-computerized stops built in too. Put guards around things and places that can pinch, poke, or crush to a pulp, keep your hands out of the way, use two-hand logic on machines, wear your safety glasses, don't work on stuff when it's live, and don't stick your fingers in places that they shouldn't go. The Mach3 manual preaches about it, and so will I. When you ignore these things, you'll end up like the last guys I saw - One machine, a nice, cheap Chinese tube filling and sealing machine. Granted, the guys on the production floor are idiots, but this machine chopped off two fingers in one week, and the following Tuesday, chopped off a third. I should give credit where credit is due, and note that this wasn't the same person getting more and more fingers cut off. The problem finally got tracked down - no interlocks, badly placed sensors, and generally a poorly thought out or poorly implemented safety system.
(http://i170.photobucket.com/albums/u272/marcozna/image004.jpg)
-
That first one was my very last response after all your flowery language so I fail to see how that was a lot of flack. If you see the rest of the questions you quoted as flack then I am sorry, I was enquiring to see the situations that things could happen. Maybe I speak a different way from you, well so be it but it was not intended as flack. I will type no more in case you get offended by it and see it as an attack.
Hood
-
Hi,
Any sort of safety feature is a bonus and should be added if at all possible.
As an example, the ModIO I designed has a charge pump feature. As soon (configurable delay) as a Modbus master stops sending requests to the ModIO, the ModIO will disable the outputs.
To me this is just common sense.
I would expect that if you pulled out the USB cable of the Smoothstepper, all the outputs, including the spindle control would be disabled. It probably does this but I haven't checked.
It would also be useful for the Smoothstepper to have a chargepump output similar to the parallel port functionality (maybe it does). It would then retrofit well with breakoutboards that require such a signal. This chargepump signal would be removed if the SmoothStepper detected that Mach was not communicating with it, or if the SmoothStepper detected a fault with itself.
As an example of poor safety functionality, I was developing a motherboard for the ncPod. While testing the spindle control functionality, I accidentally pulled out the USB cable to the ncPod. The ncPod did not seem to detect the problem and continued to output the spindle PWM signal. The ncPod has sat on the shelf since that moment.
And in the end make sure you have a proper Emergency Stop circuit as gumbyrulesyou has stated. It make me shudder every time I see someone write that they have their EStop feeding into Mach3. The purpose of that input is not so that Mach3 can perform an EStop. It is there to politely notify Mach3 that an Estop has occurred and been handled by the appropriate Estop circuitry. After all the EStop buttons are sometimes hid because Mach3 is doing something wrong. In fact ArtSoft should probably replace the EStop input with something more appropriatly labelled, in both the software and manuals.
Cheers,
Peter.
-
Your safety message is recieved, Gumbyrulesyou, and you did well as I just had to stop and think.
Safety is part of our culture at work and ingrained that we take it home with us. So hat's off
to you.
As we all know, combined words have a tone. We all cover a lot of territory in here and quick concise questions or
reponses can be construed differently on the recieving end. Enough said!
A cutter cuts whatever it touches and it dosn't matter if it's skin or paper.
RICH
-
Hi all,
I have replied to this in the Warp9TD forum. It is a problem that I will address tomorrow. If the SS loses communications with the PC it should stop jogging, but it doesn't. Even if it doesn't lose communications, the current implementation could be a problem if a jog-off command were swallowed. Motion from gcode and step jogs will stop as soon as the SS runs out of data, but continuous jog movement is generated on-board.
Thanks,
Greg
-
you can't preach too much safety ! ,
one rule NEVER Trust software , and alway have safety circuits ( and ones that work and are tested from time to time ).
and yes i have seen a person seriously injured , through a machine , it changes your perspective very quickly .
congrats for finding a problem , and letting everyone know , safety should always be top of the list .
Dave
-
JUST one thing to add, Your ESTOP should NOT rely on any input or control from the computer or other logic based device to SHUT DOWN THE POWER TO THE MACHINE to stop machine movement as fast as possible in the event of a runnaway or other emergency. THe Estop should have shut down the power regaurdless of what any thing else does.
I noticed your story does not mention you useing the ESTOP????
Just a thought, (;-) TP
-
Hi all,
I have replied to this in the Warp9TD forum. It is a problem that I will address tomorrow. If the SS loses communications with the PC it should stop jogging, but it doesn't. Even if it doesn't lose communications, the current implementation could be a problem if a jog-off command were swallowed. Motion from gcode and step jogs will stop as soon as the SS runs out of data, but continuous jog movement is generated on-board.
Thanks,
Greg
Greg,
Can I suggest that as soon as the SS detets a problem with the USB comms that it disables all outputs and enters a safe state.
Cheers,
Peter.
-
Each machine will have a different requirement to be safe in case of an Estop
When using inverters and AC motors on the spindle, the last thing you want to do is "switching off" the inverted as it will have no means to brake
Sending it a stop signal while keeping it energized is far better.
A lot of commercial kit Estops in sequence, where after a short while they also switch of the power to the drives
On heavy gantries with free running ball screws the same counts, (think punching machines), taking power away from the drive will allow nature to take over (inertia).
It is striking to see the changes in the EU machinery directive over the last few years where the safety schemes have changed from prescriptive to functional as the editors understood that each machine design has its particular challenges, and what works for one may actually be unsafe for another.
I have to agree that only relying on the charge pump is a bad thing, the Estop when pressed by the user should override all, and bring all moving parts to a stop in the fastest way possible without causing a danger in doing so (think of machine becoming unstable due to braking)
The above does not take away that SS bug should be repaired as they said they wood
machinery safety... I find it one of the most fascinating things to think of as there are so many conflicting issues, a real puzzle
-
Each machine will have a different requirement to be safe in case of an Estop
When using inverters and AC motors on the spindle, the last thing you want to do is "switching off" the inverted as it will have no means to brake
Sending it a stop signal while keeping it energized is far better.
A lot of commercial kit Estops in sequence, where after a short while they also switch of the power to the drives
On heavy gantries with free running ball screws the same counts, (think punching machines), taking power away from the drive will allow nature to take over (inertia).
It is striking to see the changes in the EU machinery directive over the last few years where the safety schemes have changed from prescriptive to functional as the editors understood that each machine design has its particular challenges, and what works for one may actually be unsafe for another.
I have to agree that only relying on the charge pump is a bad thing, the Estop when pressed by the user should override all, and bring all moving parts to a stop in the fastest way possible without causing a danger in doing so (think of machine becoming unstable due to braking)
The above does not take away that SS bug should be repaired as they said they wood
machinery safety... I find it one of the most fascinating things to think of as there are so many conflicting issues, a real puzzle
I have to disagree here. To rely on power to apply a brake during an EStop is not going to pass a safety inspection. Well not mine anyway. In my mind, if a system needs a brake to stop a gantry, or a ball screw Z axis, then the system needs to be designed so that the brake requires power to release it, not apply it. All machine safety brakes I know of work this way.
In your system when a truck wipes out the power pole to a factory, all the ball screw Z-axes will drop, and the gantry will move under its momentum. In my system, all the machine brakes will be applied. :)
I may be wrong, but there is probably no system that cannot be made safe when power is removed. Keep in mind that some Large machines will blow servo drives and break mechanical components when the EStop is pressed. This is accepted as OK as after all it is an "Emergency" stop.
Cheers,
Peter.
-
If I had not set up the limit switches directly in to the servo amp
Which is stupid, but I have seen a few commercial machine set up this way.
The servo fault lines and spindle fault lines all go in to an external e-stop input on the PLC.
While controls should participate in enabling a drive they should should not be relied upon for disabling it in an EStop. The estop chain should disable the drives in the proper manner and as a side effect tell your controls there has been an external EStop. In addition an EStop may be able to initiate an EStop but triggering an external safety relay, but the EStop chain should not be routed through the electronics. With a properly functioning EStop chain anytime you hit an EStop button the machine will stop period, no matter how brain dead your controls are at the moment. The controls should be smart enough to sense the EStop and set their own EStop outputs so the controls have to be reset as well as the EStop switch reset to restore power to the machine. This allows you to, for instance, more a robot arm out of the way before allowing a rotating fixture table to reset and rotate into position. Ensuring the proper order of resetting things is also very important.
It seems as though you have made a good attempt to wire things up properly but are still missing the mark a bit.
so no smartie pants telling me that USB power is the solution to my problem.
Well, if you act like an A$$ all you'll get is sh^t. Most of these folks responding to you have loads more experience actually building machines than you do, it would be wise to swallow your pride and listen to their advise. Greg also said (soon after you post on the Warp forum BTW) that he was looking into the problem on the SS end immediately. Please, check you attitude at the door...
-
I would like to reinforce what Jeff has just said - I couldn't have put it better myself.
Tweakie.
-
it has been sorted in the latest plugin as far as I know although I have not tested it.
Hood
-
I am verry happy to stumble on this post. I am a machine retailer with mach3 soft controller and was thinking of using the smoothstepper board untill I have seen this post. I think we will still keep on using the trusted pdmx-122 board with the charge pump circuit untill this bug is out of the smoothstepper board. When machining safty is the most important thing to keep in mind. I would not be happy if a customer stops by my door telling me he lost one or more body parts becouse of a wire someone tripped over. We often install machines when the machines are on a different powerbreaker then the pc is on. It would be easy possible the fuse of the pc is down and the machine is still hot.
You may be fooling your self if you assume all is well if the charge pump is present. If you look back through the Mach yahoo archive or mabe the Master5 (The original CNC software Art wrote) group, you will see that the charge pump ois not there for as an emergency stop feature.
The purpose of the charge pump signal is to cater for the twidling of the the parallel port outputs during the PC power up, and to detect the the Mach software is running.
When the PC powers up, there can be some twiddling of the parallel port outputs, presumable as the bios checks whats there and sets up the port mode. This can cause the steppers to move a couple of steps, changing the axis position. This is annoiying if you shut the machine down at a known position and expect it to be in that position at a restart.
Thesecondary purpose is that the chargepump informs the BOB that Mach is running. It DOES NOT mean that Mach is running correctly. Yes you can configure Mach to remove the chargepump when you press the ESTOP button on the Mach3 screen. But to rely on this is fooling yourself. I've had an axis runaway, and had to hit the "Real" ESTOP button, removing power from the controller.
Cheers,
Peter.
-
I would like to ask the moderators to remove this thread. Even its title is blatantly false and inflammatory. It accomplishes nothing but besmirching a good product and company. The OP's main issue was that he did not know how to wire up a proper Emergency stop circuit and refused to listen to anyone who tried to help him. He did however have a good point about the SS continuing to run even with a loss of communication, a problem which I believe was swiftly rectified by Greg.
As others have stated the chargepump and com drop shutdown are great features but they should not be confused with proper safety measures.
-
I am in full agreement with Jeff here. I have had the SS for some time and it is an excellent product. OK I use the E-Stop function but my real Emergency Stop disconnects power to all functions of the machine instantly. SS has not killed a man as the thread title states (in the event that I am wrong then prove it !).
Tweakie.
-
Jeff and Tweakie,
I hear ya. It took a shocking statement for someone to get attention about a concern of which i will not pass judgement on. Now that there seems to be some closure on this thread, I would like Gum?????? to consider changing the thread title. Maybe call it "E Stop Concern". As a thread there is some valid discussion points in here worth keeping ("I" need to re-read). Personally don't like what the title insinuates. I need to do a Google and see if this thread pops up outside of the forum ( i think it does ).
Any other opinions out there?
RICH
-
It did not take 'shocking' statement (OK, really the title was a flat out blatant, slanderous lie.). He asked about it on the Warp9 forum and Greg responded promptly, located the problem and took steps to correct it. While I agree the advice given to the OP was valuable, the title and other misinformation given is at the very least misleading.
All that being said, one should never rely on ANY piece of HW, like the SS or a Gecko stepper driver, or Mach III, or etc. to keep them safe. What do you think happens when you loose an encoder on a servo drive? It runs away! A proper, operation E-Stop circuit is a must.
-
I just can't resist putting my spoke in again on this thread.
No matter how unlikely, sudden and unexpected, power outages will and do occur at the most inappropriate moments. The design of all machines must be able to handle a sudden power disconnection in a controlled and safe manner. The ultimate and effective emergency stop will disconnect all power to the machine instantly. In other words - if for some unlikely reason the software polled e-stop has no effect on a runaway machine then pull the power.
Tweakie.
-
Hi All,
In design of industrial facilities most sites go through what we call Hazards Review and What If ( just a few of the buzz words ) thinking around what will be built, operated and maintained. The discussions are intense in review of each and every component that can cause personal or physical injury or damage. These reviews are well led, documented and provide basis for control by responsible individuals. As the complexity of machine systems increase, even at the amateur
level, it behoves us to stop and pull back and go through a thought process and address any and all hazards which are
identified. An e-stop is just one component of the system. In the big picture the dollars spent are appropriate for pre-defined base guidelines as they relate to investment. Safety on the other hand is defiined as goal of "0" ZERO incident and appropriate safeguards, procedures, training, supervisory controls etc are implemented to achieve the goal.
RICH