Dynomotion

Group: DynoMotion Message: 7082 From: daves3891 Date: 3/21/2013
Subject: Software Watchdog
I have been working on my own HMI using C# to control a large CNC drill with a Kflop / Kanalog / Click PLC and the testing and programming has been going good so far.

I have a question regarding software crash situations.

Is there anything implemented to disable the system if the control software on the PC crashes or is exited?

Right now I am using the PLC for most of the I/O and the PLC is programmed that if it doesn't see communication with the kflop for a half second it disables the I/O and this is working good.

But I would like to add something that would disable the kflop axis and modbus communication and basically anything running on the machine if the PC crashes or is exited.


Any ideas would be appreciated.


Dave
Group: DynoMotion Message: 7084 From: Neil Date: 3/21/2013
Subject: Re: Software Watchdog
I am not using Kflop (yet - just Mach3 and my own BOB) but I implement a watchdog both directions.
Machine dies? Mach3 detects it and issues estop, ... safety relay drops out.
PC dies. BOB drops safety relay.
Machine hits limit(s)? Safety relay drops out.
Here's almost the simplest way to detect a PC dying, or at least Mach3 not producing w-dog pulses, or the cable falling out.
http://i399.photobucket.com/albums/pp79/neilw20_2008/jrelay.jpg
I am sure you can implement that sort of logic in Kflop, given the in depth of control over the control system.
Just make sure all parts of your software set their own individual safety bits in a single variable to ensure the main parts of the program are executing in a timely manner.
In the background, have a timer check the safety variable, and unless all the required bits are set it does not clear the variable and then send out a pulse. After a number of retries at checking the bits, ESTOP is issued to the hardware to drop the safety relay.
One of the routines that sets it's safety bit is the reception of a pulse from your control hardware. If this is missing, then no cigar!

--- In DynoMotion@yahoogroups.com, "daves3891" <fahque99@...> wrote:
>
> I have been working on my own HMI using C# to control a large CNC drill with a Kflop / Kanalog / Click PLC and the testing and programming has been going good so far.
>
> I have a question regarding software crash situations.
>
> Is there anything implemented to disable the system if the control software on the PC crashes or is exited?
>
> Right now I am using the PLC for most of the I/O and the PLC is programmed that if it doesn't see communication with the kflop for a half second it disables the I/O and this is working good.
>
> But I would like to add something that would disable the kflop axis and modbus communication and basically anything running on the machine if the PC crashes or is exited.
>
>
> Any ideas would be appreciated.
>
>
> Dave
>
Group: DynoMotion Message: 7095 From: daves3891 Date: 3/22/2013
Subject: Re: Software Watchdog
OK, well I have something working but I don't know if its really the correct way.

I have a C program running with the following

for (;;) // repeat forever
{
WaitNextTimeSlice(); // execute one loop per time slice

// Check for a bit change from the PC within a time period
if(ReadBit(1099) == 0 && change == 0)
{
change = 1;
oldTime = Time_sec();
// Reset Timer
}

else if (ReadBit(1099) == 1 && change == 1)
{
change = 0;
oldTime = Time_sec();
// Reset Timer
}

// Timer has incremented too long
if((Time_sec() - oldTime > 1) && disabled == 0)
{
// Disable PLC Thread
PauseThread(2);
disabled = 1;
printf("SHUT DOWN \n");
}
if(Time_sec() - checkTime > 2)
{
disabled = 0;
checkTime = Time_sec();
}

}



And then in my C# program I just alternate between 1 and 0 on bit 1099 on the timer tick




Dave

--- In DynoMotion@yahoogroups.com, "Neil" <neilw20@...> wrote:
>
> I am not using Kflop (yet - just Mach3 and my own BOB) but I implement a watchdog both directions.
> Machine dies? Mach3 detects it and issues estop, ... safety relay drops out.
> PC dies. BOB drops safety relay.
> Machine hits limit(s)? Safety relay drops out.
> Here's almost the simplest way to detect a PC dying, or at least Mach3 not producing w-dog pulses, or the cable falling out.
> http://i399.photobucket.com/albums/pp79/neilw20_2008/jrelay.jpg
> I am sure you can implement that sort of logic in Kflop, given the in depth of control over the control system.
> Just make sure all parts of your software set their own individual safety bits in a single variable to ensure the main parts of the program are executing in a timely manner.
> In the background, have a timer check the safety variable, and unless all the required bits are set it does not clear the variable and then send out a pulse. After a number of retries at checking the bits, ESTOP is issued to the hardware to drop the safety relay.
> One of the routines that sets it's safety bit is the reception of a pulse from your control hardware. If this is missing, then no cigar!
>
> --- In DynoMotion@yahoogroups.com, "daves3891" <fahque99@> wrote:
> >
> > I have been working on my own HMI using C# to control a large CNC drill with a Kflop / Kanalog / Click PLC and the testing and programming has been going good so far.
> >
> > I have a question regarding software crash situations.
> >
> > Is there anything implemented to disable the system if the control software on the PC crashes or is exited?
> >
> > Right now I am using the PLC for most of the I/O and the PLC is programmed that if it doesn't see communication with the kflop for a half second it disables the I/O and this is working good.
> >
> > But I would like to add something that would disable the kflop axis and modbus communication and basically anything running on the machine if the PC crashes or is exited.
> >
> >
> > Any ideas would be appreciated.
> >
> >
> > Dave
> >
>
Group: DynoMotion Message: 7098 From: Tom Kerekes Date: 3/22/2013
Subject: Re: Software Watchdog
Hi Dave,

I don't think a PC/Windows/App watchdog will be very useful.  The whole idea behind KFLOP is to relieve the PC/Windows/App from real-time response.  So we should expect no response from the PC for several seconds.  So we would need to set the watchdog timeout for longer that.  By that time any crash might well have already happened.  

Regards
TK

Group: DynoMotion Message: 7100 From: daves3891 Date: 3/22/2013
Subject: Re: Software Watchdog
But the problem with the lack of a watchdog from the PC is that if you are running a high horsepower spindle / large machine and the computer/software crashes you want some safety protocol to detect that and properly shut down the machine.

Other wise (if you are at the machine) you have the option of rebooting while the spindle is still running or hitting the estop and rebooting everything.

I am not expecting the computer to do real time response but if it is not working for more then a few seconds when the only task it has is a HMI for the CNC, then I would want it to properly shut off the spindle/coolant/motion and give me a error code.

Other situations could be loss of connection with the USB cable.




Dave


--- In DynoMotion@yahoogroups.com, Tom Kerekes <tk@...> wrote:
>
> Hi Dave,
>
> I don't think a PC/Windows/App watchdog will be very useful.  The whole idea behind KFLOP is to relieve the PC/Windows/App from real-time response.  So we should expect no response from the PC for several seconds.  So we would need to set the watchdog timeout for longer that.  By that time any crash might well have already happened.  
>
> Regards
> TK
>
>
>
> ________________________________
> From: daves3891 <fahque99@...>
> To: DynoMotion@yahoogroups.com
> Sent: Friday, March 22, 2013 12:38 PM
> Subject: [DynoMotion] Re: Software Watchdog
>
>
>  
>
>
> OK, well I have something working but I don't know if its really the correct way.
>
> I have a C program running with the following
>
> for (;;) // repeat forever
> {
> WaitNextTimeSlice(); // execute one loop per time slice
>
> // Check for a bit change from the PC within a time period
> if(ReadBit(1099) == 0 && change == 0)
> {
> change = 1;
> oldTime = Time_sec();
> // Reset Timer
> }
>
> else if (ReadBit(1099) == 1 && change == 1)
> {
> change = 0;
> oldTime = Time_sec();
> // Reset Timer
> }
>
> // Timer has incremented too long
> if((Time_sec() - oldTime > 1) && disabled == 0)
> {
> // Disable PLC Thread
> PauseThread(2);
> disabled = 1;
> printf("SHUT DOWN \n");
> }
> if(Time_sec() - checkTime > 2)
> {
> disabled = 0;
> checkTime = Time_sec();
> }
>
> }
>
> And then in my C# program I just alternate between 1 and 0 on bit 1099 on the timer tick
>
> Dave
>
> --- In DynoMotion@yahoogroups.com, "Neil" <neilw20@> wrote:
> >
> > I am not using Kflop (yet - just Mach3 and my own BOB) but I implement a watchdog both directions.
> > Machine dies? Mach3 detects it and issues estop, ... safety relay drops out.
> > PC dies. BOB drops safety relay.
> > Machine hits limit(s)? Safety relay drops out.
> > Here's almost the simplest way to detect a PC dying, or at least Mach3 not producing w-dog pulses, or the cable falling out.
> > http://i399.photobucket.com/albums/pp79/neilw20_2008/jrelay.jpg
> > I am sure you can implement that sort of logic in Kflop, given the in depth of control over the control system.
> > Just make sure all parts of your software set their own individual safety bits in a single variable to ensure the main parts of the program are executing in a timely manner.
> > In the background, have a timer check the safety variable, and unless all the required bits are set it does not clear the variable and then send out a pulse. After a number of retries at checking the bits, ESTOP is issued to the hardware to drop the safety relay.
> > One of the routines that sets it's safety bit is the reception of a pulse from your control hardware. If this is missing, then no cigar!
> >
> > --- In DynoMotion@yahoogroups.com, "daves3891" <fahque99@> wrote:
> > >
> > > I have been working on my own HMI using C# to control a large CNC drill with a Kflop / Kanalog / Click PLC and the testing and programming has been going good so far.
> > >
> > > I have a question regarding software crash situations.
> > >
> > > Is there anything implemented to disable the system if the control software on the PC crashes or is exited?
> > >
> > > Right now I am using the PLC for most of the I/O and the PLC is programmed that if it doesn't see communication with the kflop for a half second it disables the I/O and this is working good.
> > >
> > > But I would like to add something that would disable the kflop axis and modbus communication and basically anything running on the machine if the PC crashes or is exited.
> > >
> > >
> > > Any ideas would be appreciated.
> > >
> > >
> > > Dave
> > >
> >
>
Group: DynoMotion Message: 7102 From: himykabibble Date: 3/23/2013
Subject: Re: Software Watchdog
The problem there is, there are countless ways the PC could completely lose its mind, but continue sending the "ok" signal as if everything was fine. That's exactly why the Mach3 "charge pump" should never be considered a safety feature. It's simply not reliable. Software is not simply an on/off kind of thing. There are many ways for part of it to remain alive and healthy, long after other parts have gone wonky.

Regards,
Ray L.

--- In DynoMotion@yahoogroups.com, "daves3891" <fahque99@...> wrote:
>
> But the problem with the lack of a watchdog from the PC is that if you are running a high horsepower spindle / large machine and the computer/software crashes you want some safety protocol to detect that and properly shut down the machine.
>
> Other wise (if you are at the machine) you have the option of rebooting while the spindle is still running or hitting the estop and rebooting everything.
>
> I am not expecting the computer to do real time response but if it is not working for more then a few seconds when the only task it has is a HMI for the CNC, then I would want it to properly shut off the spindle/coolant/motion and give me a error code.
>
> Other situations could be loss of connection with the USB cable.
>
>
>
>
> Dave
>
>
> --- In DynoMotion@yahoogroups.com, Tom Kerekes <tk@> wrote:
> >
> > Hi Dave,
> >
> > I don't think a PC/Windows/App watchdog will be very useful.  The whole idea behind KFLOP is to relieve the PC/Windows/App from real-time response.  So we should expect no response from the PC for several seconds.  So we would need to set the watchdog timeout for longer that.  By that time any crash might well have already happened.  
> >
> > Regards
> > TK
> >
> >
> >
> > ________________________________
> > From: daves3891 <fahque99@>
> > To: DynoMotion@yahoogroups.com
> > Sent: Friday, March 22, 2013 12:38 PM
> > Subject: [DynoMotion] Re: Software Watchdog
> >
> >
> >  
> >
> >
> > OK, well I have something working but I don't know if its really the correct way.
> >
> > I have a C program running with the following
> >
> > for (;;) // repeat forever
> > {
> > WaitNextTimeSlice(); // execute one loop per time slice
> >
> > // Check for a bit change from the PC within a time period
> > if(ReadBit(1099) == 0 && change == 0)
> > {
> > change = 1;
> > oldTime = Time_sec();
> > // Reset Timer
> > }
> >
> > else if (ReadBit(1099) == 1 && change == 1)
> > {
> > change = 0;
> > oldTime = Time_sec();
> > // Reset Timer
> > }
> >
> > // Timer has incremented too long
> > if((Time_sec() - oldTime > 1) && disabled == 0)
> > {
> > // Disable PLC Thread
> > PauseThread(2);
> > disabled = 1;
> > printf("SHUT DOWN \n");
> > }
> > if(Time_sec() - checkTime > 2)
> > {
> > disabled = 0;
> > checkTime = Time_sec();
> > }
> >
> > }
> >
> > And then in my C# program I just alternate between 1 and 0 on bit 1099 on the timer tick
> >
> > Dave
> >
> > --- In DynoMotion@yahoogroups.com, "Neil" <neilw20@> wrote:
> > >
> > > I am not using Kflop (yet - just Mach3 and my own BOB) but I implement a watchdog both directions.
> > > Machine dies? Mach3 detects it and issues estop, ... safety relay drops out.
> > > PC dies. BOB drops safety relay.
> > > Machine hits limit(s)? Safety relay drops out.
> > > Here's almost the simplest way to detect a PC dying, or at least Mach3 not producing w-dog pulses, or the cable falling out.
> > > http://i399.photobucket.com/albums/pp79/neilw20_2008/jrelay.jpg
> > > I am sure you can implement that sort of logic in Kflop, given the in depth of control over the control system.
> > > Just make sure all parts of your software set their own individual safety bits in a single variable to ensure the main parts of the program are executing in a timely manner.
> > > In the background, have a timer check the safety variable, and unless all the required bits are set it does not clear the variable and then send out a pulse. After a number of retries at checking the bits, ESTOP is issued to the hardware to drop the safety relay.
> > > One of the routines that sets it's safety bit is the reception of a pulse from your control hardware. If this is missing, then no cigar!
> > >
> > > --- In DynoMotion@yahoogroups.com, "daves3891" <fahque99@> wrote:
> > > >
> > > > I have been working on my own HMI using C# to control a large CNC drill with a Kflop / Kanalog / Click PLC and the testing and programming has been going good so far.
> > > >
> > > > I have a question regarding software crash situations.
> > > >
> > > > Is there anything implemented to disable the system if the control software on the PC crashes or is exited?
> > > >
> > > > Right now I am using the PLC for most of the I/O and the PLC is programmed that if it doesn't see communication with the kflop for a half second it disables the I/O and this is working good.
> > > >
> > > > But I would like to add something that would disable the kflop axis and modbus communication and basically anything running on the machine if the PC crashes or is exited.
> > > >
> > > >
> > > > Any ideas would be appreciated.
> > > >
> > > >
> > > > Dave
> > > >
> > >
> >
>