Limbs Safety Switch Library for ESP32 (Arduino) v1.0.1
A library that provides a class that models a Limbs Safety Switch for physical dangerous devices or industrial production machines.
|
This is an ESP32-Arduino library that includes the class, data structures and functions required to model a Limbs Safety Activation Switch for Launch and Forget Cycle Machines and Devices (LimbsSftyLnFSwtch). The switches implemented through the proper use of the tools provided in this library lets the developer generate ISO 13849-1 (2023) compliant secure machine required activation controls (please read the corresponding normative documentation at the ISO Online Browsing Platform).
The provided API gives access to enough tools included to extend this control into the center of a real-time productivity control, data logger, data analysis and IoT node.
The definition above imposes the need to detail the requirements and limitations both to the logic development and to the range of machines it might be connected to.
The software must model a device that enforces conditioned activation of several sensors to ensure limbs security when the equipment controlled is activated. This enforced conditions include sequenced activation order and timings as main parameters. The most basic configuration requires each hand to be positioned in a certain monitored location to ensure their safety, to enable a release signal generator device. The signal generated then will activate the start of the production cycle. The most simple and usual devices employed are two pushbuttons for the hands position monitor, which enables a foot switch. The enabled foot switch, when pressed, activates the machine production cycle.
The software is specifically designed to be applied in the activation of "launch and forget" cycle machines, although it might be applied to other kind of machines, previous security fitness analysis and testing required, not only as a complete solution for the specified security requirement, but also as part of a more complex security solution depending on the machine controlled.
The "launch and forget" cycle machines specific type the software is developed for have the following characteristics:
The switches modeled by this class ensures the required enforced security practices, while letting some aspects to be configured for specific production tasks on the machine, or to adapt the switch to machines with different security needs.
Once the physical security of the operator is ensured, having a programmable device installed and connected to the actionable mechanisms of the machine opens the door to the multiple benefits the modern controlled machines offer:
Are machines that perform a series of mechanical operations in a repeating sequence: the production cycle. The machine's mechanical power source (usually electric motor) is activated in advance and a release mechanism -trigger- starts a sequence of actions for the production that ends with the machine in the same state and position it started from. Many of these machines have no way of stopping it's production cycle before reaching the end/restart point.
The LimbsSftyLnFSwtch class models a switch for safely activate "launch and forget" cycle machines and devices, which originally provides no other mechanism than a latch release mechanical trigger. This means that once activated the machine will complete a production cycle, return to the starting point and wait for a new Start|**Release** signal. As such, the minimum security primitive is to ensure no limbs are placed inside any dangerous machine zone before releasing the cycle trigger. The software development will consider then that the physical action needed to release the latch or trigger is replaced with a device such as a electromagnetic pull, an electrovalve commanded pneumatic actuator or similar device with the ability to be temporarily activated by an electric signal. Once the production cycle is started the limbs security will be the same as the one provided by the machine before the electronic upgrade.
The library must model a switch that ensures the hands positioned in a secure place and a foot to be used to activate the release mechanism, so it must include three inputs and one output in this most basic configuration:
Modeling such devices that demand strict compliance to certain rules to ensure the security of the operator and being flexible enough to apply them to a diverse universe of machines demands it to be configurable to adapt to large range of possible scenarios.
So the configuration of the LimbsSafetySw library objects must be understood as separated by areas or categories, strongly related to:
The parameters for each category will have to be provided by different sources and be available for use at different points of execution of the control firmware using the LimbsSftyLnFSwtch. Also considering the security provided by the final instantiated model will depend on the right configuration of it, and as specifically required by the ISO 13849-1 (2023), the access to some parameters configuration must be granted to be protected and limited to administration clearance level operators.
So to make a general description of the parameters required by each category, it's source and execution stage at which they are required:
Must be provided by the hardware implementation documentation, ahead of the solution implementation. If the hardware design gives some grade of liberty, a hardware implementation source of information must be given in the form of dip switches, non-volatile memory registers or other, information set and granted by the hardware design team, including the switch selected and connection to the MCU characteristics. So this category must include the following information configuration parameters: For the hands switches:
For the class to present the behavior described in the requirements the DbncdMPBttn subclasses components' attributes must be configured ideally at LimbsSftySnglShtSw object constructor. If not possible it must be done before the LimbsSftyLnFSwtch .begin()
method is invoked by the use of the corresponding "setters" methods. It's important to note that default values are provided in the corresponding constructors to enable the instantiation of the required objects adjusted to standard values that guarantees the security, but are not optimized for productivity performance per se.
The information must be provided by the security policy administrator, depending on his evaluation of the controlled machine characteristics, the standard operator expected behavior and productivity policies. The parameters might be changed by Security Administrator level user.
Being the LimbsSftyLnFSwtch class objects designed for machines with the characteristics already described, the following parameters must be set depending on the controlled machine's individual characteristics. The parameters might be changed by a Security Administrator or a Production Administrator level user. The "Release Latch time" parameter is related to the time needed by the release mechanism to effectively start the production cycle. A too short time will leave the machine locked, a too long time will risk the possibility of letting the machine start a new production cycle without any security policies enforced, and without any warning. The "Production Cycle time" is expected to be set to the total time a complete production cycle takes to complete. As the machine has no sensors to indicate the cycle end, a time based parameter is included to replace it. The time set must be enough to cover the real time the production cycle takes since the moment the Release latch starts to be activated, and until the cycle is completed. Giving a shortest time parameter risks security, giving a longer time parameter compromises the productivity. So setting a longer time than needed is a safe bet. The time might be adjusted by a setter execution, according to the development implemented mechanisms.
Users Levels: