EMU configuration
The robot is equipped with an Emergency Management Unit (EMU). It is a system that takes control of the robot's components as well as its power in crisis situations. It is indispensable in cases when work is carried out on the software of the device, and therefore it is not yet stable enough.
Please take this document seriously. Inadequate and irresponsible setting of the unit may cause damage to the device, the workplace and people in the vicinity.
The EMU can stop the robot's movement, turn off the power of the user's device, or even turn off the entire robot, if so configured. Switches placed on PCB inside the robot allows you to adjust the robot's behavior to meet the relevant requirements.
Always perform a test of the settings (try to trigger the E-BTN/E-STOP manually and then reset to normal operation) to check if the chosen configuration works as you expected, before you will be forced to test them in case of the real, hazardous scenario.
E-stop signal and the latch
The EMU consists of a series of inputs (Triggers and Resetters), several outputs (Actions), a latch coupled to the reset circuit and switches for configuration. In the document below you will find a simplified structure, description of operation and instructions on how to proceed in specific situations.
The EMU operation due to the appearance of the appropriate trigger, we are calling the activation and latching of E-stop signal - the most important signal for this unit. The configuration of the unit allows for some changes in the way this signal is activated, the effects it brings and the method of resetting the latch of this signal. The default setting of the switches can be found in the chapter Switches at a glance
Structure
The operation of the unit is presented in the diagram below. The individual segments of the scheme are discussed later.
Triggers
CPU watchdog
The internal computer, which transmits commands and information between the motors controllers and the rest of the system, constantly communicates with the EMU as well. When this communication is interrupted, the EMU will take some actions:
- Motors drivers will be stopped immediately
- E-stop will be activated and latched (this feature can be disabled with switch SW1-01).
Internal SBC E-stop signal
The process responsible for communicating with the EMU may stop broadcasting on request. Triggering E-stop from rosservice call /panther/hardware/e_stop_trigger or WebUI works this way.
Switching the physical state of the robot using ROS commands is possible only when SW1-01 is ON.
Driver Fault
The BLDC motor controllers in the robot are high-power devices that have an extensive operation management system. The controller can be programmed to detect sudden spikes in torque, fluctuating control signal, limit current etc. and send an error signal to the EMU which will cause activation and latching of the E-stop signal.
Emergency button press
Pressing the Emergency button (E-btn) on the rear robot's panel activates E-stop immediately.
Additionally, another action can be performed, which is immediate power off the robot, if switch SW1-04 is turned ON.
This functionality may be required, but it also has undesirable effects. Remember, you will no longer have control of the robot that loses its power completely before rebooting it and resetting the E-stop signal will be no longer possible with Emergency button, so consider enabling SW1-03 or putting SW2 to B or C position.
User E-stop trigger input
The connector inside the robot can be used to trigger and latch the E-stop signal. Read more about in chapter User E-stop trigger input.
Resetters
The algorithm for resetting the robot's E-stop is described below. You will need a maximum two steps to deactivate the E-stop signal. Note that the order does matter. Both conditions can be modified with switch SW2 and SW1-03.
First condition - E-btn condition
This step is unnecessary by default due to SW2 in B position.
Chronologically, the first condition to turn off the latched E-stop signal is to reset the Emergency button (E-btn) on the robot. If the E-stop was triggered in another way than with E-btn, and E-btn is already reset, press it and reset it again.
Alternative to first condition - User E-stop input reset
This feature is disabled by default due to SW1-3 in OFF position.
The same function that reset the latch can be performed by User E-stop input, but only when switch SW1-3 is on. Switching the User E-stop trigger input on and off will act as a first condition.
Second condition - internal computer command
After the first condition is met, or switch SW2 is in position B, the EMU waits for a command to reset the latch. This signal is sent from the internal computer only on request. It can be called from a rosservice call /e-stop_resset or from the WebUI. If the attempt to reset the latch by internal computer fails, e.g. due to the E-stop trigger signal presence or failure to meet the first condition, the computer will inform about it with an appropriate message depending on the attempt channel.
No conditions - Automatic E-stop reset
Conditions can be disabled by putting SW2 to C position. In this case, EMU will reset the E-stop latch as soon as the problem that caused E-stop condition has ceased to occur or immediately after releasing the E-BTN.
Actions
Turn Off Robot
Triggered only by pressing the Emergency button on the robot. Function activated with switch SW1-04. If you want to use this function on your robot with SW2 in A position, please consider turning on SW1-03 to allow the latch to be reset by other means. Otherwise, the only way to get your robot back up from E-stop is to restart it.
Turn Off AuxPwr
The E-stop signal can disable AuxPwr high voltage power supply. To activate this functionality, turn on switch SW1-02.
Wheel braking
By activating the E-stop signal, the motors will brake the robot.
SPDT relay
The User Safety Interface of the robot also contains the relay outputs with the Operating Open and Operating Close terminals, where the operating state is defined when the robot is working properly. Turning off the robot or activating the E-stop signal in the robot switches the relay. Read more about in chapter SPDT relay output
EMU configuration
The EMU is configurable to provide the user with a balance of security and convenience when working on a project using the Panther platform. The following part describes how to set up the EMU responsibly and according to user's preferences.
Access to DIP switches
To access the EMU configuration switches, remove the rear deck. Read more how to.
On the left side of uncovered space is placed the Safety Board with two switches on top surface:
- 4-channel DIP switch named SW1 (poles are numbered from left to right, therefore SW1-02 is second slider from left on this element)
- 3-position slide switch named SW1 (position A is on the left, B is in the middle and C is on the right side)
Switches at a glance
SW1 DIP switch:
| DIP SW | Activated feature | Default |
|---|---|---|
| 01 | Activates triggering e-stop latch due to CPU crash. | on |
| 02 | Activates Aux power dependency on E-stop. | off |
| 03 | Activates the User E-stop input as an "E-btn condition". Usable in SW2-A mode only. | off |
| 04 | Activates immediate powering off due to E-btn hit. | off |
SW2 slide switch:
| Position | E-stop latch resetting method | Default |
|---|---|---|
| A | The E-btn condition and internal computer command are needed to reset E-stop latch. | |
| B | Only the internal computer command is needed to reset e-stop latch. | Default |
| C | E-stop latch resets automatically. Robot can operate just after disactivation of all triggers, including relasing the E-BTN - no additional action is needed. This is the least safe config. |
User Safety Interface (USI)
The SP1312/S9 socket, accessible from the user space side, is an electrical hardware interface for EMU.
It performs 3 basic functions:
- You can use it to put the robot into the E-stop state.
- You can use it to make other devices mounted on the robot go to the E-stop state at the same time as the robot.
- You can use it to start and stop the robot remotely.
The schematic diagram of the electrical connection is presented in the graphic below.
User E-stop trigger input
Hardware input triggered by applying a voltage in the range of 3V to 12V to terminals 5 (+) and 6 (-) of the USI connector. It activates and latch the E-stop state on the robot.
SPDT relay output
The EMU is equipped with a mechanical contactor that changes its outputs depending on the E-stop state of the robot.
On the connector it has the form of physical 4 pins, the diagram of which is shown above. The maximum rating for these terminals is 1A @ 24V DC / 0.5A @ 125V AC.
A table below describes states of the outputs depending on the state of the robot.
| State | Operating Open | Operating Close |
|---|---|---|
| Robot off | Connected to Common | Open |
| Robot on, operating normally | Open | Connected to Common |
| Robot on, E-stop active | Connected to Common | Open |
Remote On/Off input
Trigger this input by applying a voltage in the range of 3V to 12V to terminals 7 (+) and 8 (-) of the USI connector.
- When the robot is off, putting voltage to this input for 1 second will start the robot.
- When the robot is on, putting voltage to this input for 1 second will start the shutdown procedure.