There are many ways to design a circuit or a PLC program. Many peoplebelieve that if the design works, then it's ok. Perhaps this is truebut why not do it with failures in mind. After all, we want the machine operators, us, and even the boss to be proud of our work, don'twe? (I hope your thinking -yes- , even about the boss being proud, butthey probably won't say anything!)
Ok, let's consider a conveyor running through our monster-sized factory with multiple detection sensors looking for various product defects. If any one of the sensors is activated, the conveying systemshould shut-down so we can examine the manufacturing fault. (after allbad product is worse than no product... unless you're M**rosoft...justkidding!)
If you think quickly, it would seem simple. Just use multiple normallyopen sensors wired in parallel with each other. The plc ladder logic program would look like this:
sensor A conveyor off output
---- ----------------( )---
sensor B
---- ----
sensor C
---- ----
sensor D
---- ----
Here we can see that if any of the sensors should detect a defectthe sensor will turn on its output and the plc input should close, the conveyor off output will turn on and disable the conveyor. We can addmore sensors if we wanted to. It's basically an OR ladder. In otherwords, if sensor a -OR- b -OR- c -OR- d should turn-on, the conveyoroutput coil will energize and disable the conveyor. Seems ok, little chance of a problem... right? Wrong! You're probably thinking "What, is he CRAZY?" I might be, but not in this case. Read on.
What happens if we get a cable failure? (not like cable tv going out again but rather a broken wire) Believe it or not, -open circuit-failures are the most common problems that happen. Examples of opencircuit failures include-- blown fuses, broken wire connections, loosewires, failed switches, failed sensors, fried relay contacts... andthe list goes on.
Now that we understand the theory, let's redesign to be more on-guardfor such things. Suppose sensor B (in the example above) fails open.If a bad product appears we want its output to close(turn on) but nothing would happen and the conveyor would continue on its merry way.(Does that explain buggy software??) How about if a wire connectingsensor C to the PLC input terminal breaks? Then sensor C is of no usesince it won't stop the conveyor! Ideally, the system is tested regularly during routine maintenance and the problem would be discovered... but what if maintenance is missed??(never happens in thereal world, right?!?)
Here's a -better- solution. Lets replace the normally open sensorswith normally closed types. (i.e. their output is ON unless there's aproblem) Here's our modified plc ladder program to reflect a change:
sensor A conveyor off output
---- ----------------( )---
sensor B
---- ----
sensor C
---- ----
sensor D
---- ----
Now, if we get a cable break or another -open circuit- fault, theconveyor off output will energize and the conveyor will stop. Here, wemight get false "conveyor offs" because of a broken wire, but it'sbetter than not being able to turn the conveyor off in a bad productsituation.
Before you say that it should be a series ladder rung (for you expertsout there), remember that the physical sensors are normally closed.So, when there's no fault, they are making the ladder false.
Although the conveyor example might not be too realistic for most ofus, it shows the general theory of smart design. Of course it'sstill possible to get a failure but it's statistically smarter than itwas before. When doing your design or programming, try to think aboutthe application as much as possible (sounds obvious). Eliminate thebest chances of failure and everyone will be happy in the end!So, do I still seem crazy? Maybe so...
And remember, this example is not intended for HUMAN safety! For thatyou want to design differently.
No comments:
Post a Comment