Connect with us

PC-Controlled System: In a crash?

Discussion in 'Electronic Design' started by Steve Lieberman, Aug 6, 2003.

Scroll to continue with content
  1. Hi all,

    I'm building a system that will control the flow of several gasses,
    some flammable. One requirement is that it be controlled by a Windows
    95 system through DAQ card outputs. Theoretically, there is a
    possibility that this Win95 system could crash for no good reason,
    right?

    Thus, I'm worried about what to do in that situation. I know I could
    build some external digital logic circuits that would be pulsed
    periodically by the PC and shut the system down if they stopped
    receiving a pulse. However, I really don't have equipment here to
    build boards -- are there any ready-made products out there for this
    purpose? If not, perhaps a very simple way of doing it with
    electronics?

    Thanks,
    Steve
     
  2. Zak

    Zak Guest

    Even then, some more intrinsic safety is a good thing to have.

    For example two gases that shoudl neverbe mixed: short the drive signal
    of one or the other to ground.

    Or connect the power supply of the valves (I assume the close when
    without power) to some simple circuit that detects is the control system
    is alive. Or to an overtemperature system, gas detector, whatever.


    Thomas
     
  3. scada

    scada Guest

    Not a question of could! More a question of when! You can't leave win95, or
    98 run day after day in an aplication like that. I would not consider
    anything less than Win 2K, even better Linux! And then you need to design
    in, raid, & redundancy!
     
  4. Actually, running a single application, W9x, can be quite reliable. However
    you _must_ have the IDE patch for 49+ days (otherwise the system will crash
    at this point), and really for a 'continuous' application, the outputs
    should all be designed to 'fail safe' (switching to a default 'safe' state
    if the system does not re-trigger a pin at regular intervals), and there
    should also be a hardware watchdog. Combine this with a flash disk (instead
    of mechanical drives), and the result will be similar to the units used in
    quite a few industrial applications (you may be suprised at how many!...).
    Look at a 'embedded PC', rather than a normal motherboard. The big
    difference, is that most of these will offer a hardware watchdog. You also
    need to reprogram the boot, so that in the event of a disk error being
    detected, scandisk is performed automatically, without needing user
    intervention. The code should allways just open the file, write, and close,
    having the files open for as little time as possible. You shouldn't need
    much external logic, just interwire the controls so that each solenoid, is
    dependant on the others, and add a single 555 timer, with one wire pulsed
    from the PC. Lacking the pulse, the timer drops out, altering the state of
    the relays to the 'safe' condition.

    Best Wishes
     
  5. I'm building a system that will control the flow of several gasses,
    Have connect the DAQ outputs to transformers, and drive them with varying
    inputs. If the PC crashes the inputs will no longer vary, and the outputs
    will drop to zero.

    - Owen -
     
  6. How 'bout a time-delay relay which will shut off the gases if not
    periodically reset by the computer?
     
  7. dan williams

    dan williams Guest

    you REALLY shouldn't use windows, at all, for anything. I only use it
    when I HAVE to.

    anyhow, if those are your paramiters...
    Set up a "Missing event timer" (forrest mimms books, and circuits
    everywhere, otherwise known as a monostable) that winodws needs to
    continously reset. If a pulse(or two or whatever) is missed, have it
    trip out the OE of a 74xx244, make sure that all your control signals
    are pulled up or down as is safe.

    Dan


    --
    Dan Williams, Owner
    Electronic Device Services
    (604) 741 8431
    RR8 855 Oshea rd
    Gibsons BC Canada
    V0N 1V8
     
  8. Paul Burke

    Paul Burke Guest


    Almost a certainty.

    Someone else suggested using a transformer to couple an output to a
    switch, say a solid state relay- that's a good idea, you could use a
    capacitor instead. It's not completely failsafe, but you don't say what
    level of integrity you need.

    But whatever you do, DON'T put the watchdog in a separate thread,
    tempting though this might seem (it's going to be a pain working out
    when you need to hit the watchdog). The control thread could easily
    stop, leaving the watchdog happily and fruitlessly keeping the flow alive...

    Paul Burke
     
  9. Tell 'em all the reasons listed in this thread, if they still want it done
    with 95, tell 'em to get fucked and walk. Better than having a dangourous
    design come back on your shoulder when something goes wrong.
     
  10. Pat Ford

    Pat Ford Guest

    There is NO way to ensure that any os will crash in a manner that leaves a
    system in a sane state, thats why industrial computers have a watchdog
    timer. If you are forced to do the w95 and labview for this look a getting a
    watchdog timer card that can force a reboot, and use dos mode to attemp to
    speed up the booting process, interface to that box with labview.
    A few months ago a group of salesdroids came in to my work trying to sell
    us a windows based control system, they even had a nice demo with hardware
    ( inverted pendulum). I left the room and came back with an unformated disk
    poped it into their system and the pendulum crashed. In the application I'm
    working on that would be the loss of a multi million dollar model or the
    death of one of my coworkers.
    Remember that the managers never take the heat for a safety critical system
    failure, it all rolls down hill to the workers
    Pat
     
  11. Ian Stirling

    Ian Stirling Guest

    Do not use DMA.
    Some sorts of crashes can lead to the card looping through the
    data it's got in the DMA buffer.
    For example, you may have heard this if you were playing a sound when a
    windows system crashes.
     
  12. Fred Bloggs

    Fred Bloggs Guest

    You can use anything at all for the computation and controller as long
    as you have the appropriate sensors to initiate an autonomous, orderly
    and latched shutdown (requiring manual restart) in the event of
    malfunction. It is just as likely that the control program goes awry for
    any number of reasons as it is for Windows or any other system to fail.
    Therefore, the best approach, regardless, is to define the appropriate
    fault sensor subsystem and give it priority for shutdown. You would want
    this even if you were allowed to use an embedded controller. Then you
    can go ahead and take advantage of all that advanced tools like LabView
    have to offer. It sounds like the project is the on the right track to
    me. These other comments about using much more primitive PC-resident
    control are out of touch with reality- and a watchdog timer is another
    joke approach. NEVER listen to a software person when it comes to
    hardware system design.
     
  13. Tim Shoppa

    Tim Shoppa Guest

    You already said "flammable gasses". Note that just because they are
    flammable doesn't mean that there aren't safety concerns associated with
    gas handling (of non-flammable kinds) that come into play too. You have
    to worry about building up concentrations of vapors and whether they affect
    human breathing even if the gasses are not flammable. And oxidizing gasses
    (oxygen, fluorine, chlorine) can be even more hazardous than simple
    flammable vapors.

    I don't know the particulars of your system, but just comparing to other
    flammable gas systems:

    1. Pilot lights on natural gas appliances. These have hardware
    that will shut off gas flow if the gas isn't being burned. The hardware
    is often mechanical, not even electrical.

    2. Small instrumentation systems, where there is an exhaust fan that
    reduces the concentration of flammable gas in the instrument. The fan
    is sized to remove the max flow rate of gas and the gas flow is shut down
    if the fan isn't producing the required exhaust rate. (Note that the
    fan itself may be turning but if the exhaust port is blocked or plugged
    up you still have to shut down the flow). Again, this is done outside
    the realm of software.

    I can say all sorts of bad things about Windows, but the point is that
    the safety aspects almost always have to be done outside the realm of
    software of any kind. And they usually require design and approval of
    real certified and licensed chemical/electrical/environmental/safety engineers.

    Tim.
     
  14. That sounds like what this system is. I'm not really sure how unsafe a
    control failure would be, but I'll find that out in the next day or two.
    However, this made me realize I was barking up the wrong tree in one
    aspect -- I can hook the fan output up in a circuit without using the PC at
    all, since it seems I will definitely need some external circuitry at this
    point.

    And those keywords "watchdog timer" led me to find some ICs I could use in
    the event I learn that gasses flowing even with the fan working could
    present a danger. But that may not even be the case.

    Thanks everyone for all the help.

    Steve
     
  15. This sounds like an interesting concept -- I've really only been involved in
    digital electronics -- is there a website that explains AC coupling? I
    couldn't find one on Google.
     
  16. Zak () wrote:
    : wrote:

    : > I would think long and hard about using Win95 in a safety-critical
    : > application. What about embedded Linux?

    : Even then, some more intrinsic safety is a good thing to have.

    I would agree. Some people talk about the legendary stability of Linux,
    but I had a crash in a remote system that was 1500 miles away which
    turned into a nightmare.

    There has to be a simple hardware failsafe. A watchdog is not enough,
    even for non-life hazardous applications. The failsafe must be simple
    enough so that it can be drawn on the back of a business card, and does
    not rely on external functionality. Otherwise, you will end up testing
    it in the field, which may not be pleasant. I have seen some pretty
    nasty pictures involving loss of property and blood after an embedded
    system crashed. Good learning experience for the junior engineer who
    designed it.
     
  17. Whoa.
    The 'point' about the watchdog timer, is to restart to computer, if it has
    stopped running the code. However this functionality, should be _seperate_
    from the inherently 'fail safe' nature of the system being controlled. You
    should start by looking at the actual things being controlled, and work out
    which ones are 'critical'. Then when you know this, look at arranging the
    relays/solenoids, so that the whole system goes to a 'safe' state with no
    power. Then add a circuit so that the application of power to this part of
    the system, is totally dependant on a signal, not only being 'present', but
    also repeating at a reasonably precise interval. This way, the system will
    'start safe', and also be safe when recovering from a watchdog failure,
    without the code having to do anything.

    Best Wishes
     
  18. Yes, I realized that...the watchdog would be entirely separate, I was
    actually looking at an IC (external to the PC) the keywords "watchdog timer"
    just helped me find it. It would just be another (secondary) layer of
    protection.

    Thanks,
    Steve
     
  19. R.Legg

    R.Legg Guest

    Ok. DC restoration is no problem, though? The mind boggles.

    Try quotation marks around the grouped words "AC coupling", or try
    "basic electronics tutorial"

    Any advice on use of DMA should probably be followed. This might
    conflict with Labview, or your cards, sufficiently enough to make the
    earlier suggestion ineffective.

    You ARE pulling my leg?

    RL
     
  20. Tim Shoppa

    Tim Shoppa Guest

    I'm not sure at what stage the overall instrument design is, or what
    role you originally thought you would be playing in it. I personally
    think that considering your newness to the field, you are trying to take
    too big a bite out of the safety end.

    I only know of a very few cases where gas safety is handled by
    a computer. I don't think it's something to be taken on by a newbie.
    If there are other engineers at your company who have built similar
    (but not-computer-controlled) instruments before, I highly recommend that
    you leave it up to them to deal with the safety side. That doesn't
    mean that you should forget about it, watch what they do and ask lots
    of questions. Your questions will probably be really good ones.

    Tim.
     
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day

-