1

I am using an Arduino ATMega as a controller and I have a few methods in mind to operate the emergency button (hardware and software). The device is a rehabilitative robot and emergency scenarios vary from being uncomfortable to being hurt physically.

Below are the strategy I was thinking:

  1. utilizing the interrupt button
  2. while loop, with a pull down button as the emergency button

Are these strategy safe to implement?

Update: I placed a manual emergency button directly to the power supply, and also added a smaller emergency button which is connected to the controller.

Julius
  • 73
  • 4
  • 5
    What do you mean by "Emergency button"? Explain what needs to be done when the button is pressed. What does "better" mean, we can only compare "better" and "worse" if we know your criteria. Suppose there is a solution that is "the best" but it costs $1000 to implement, is it then still "the best" or would a more affordable solution be "better"? – Bimpelrekkie Mar 06 '20 at 08:25
  • NMI interrupt would be the better option than normal interrupts – User323693 Mar 06 '20 at 08:41
  • 2
    Please explain the nature of the emergency. The most common situation where I have seen emergency buttons is in test equipment racks. The emergency button would remove power from the test station and the UUT. It would be used if there was a serious issue with either (like a fire). I would never trust an MCU to do this, it must be as fool-proof as possible, like a mechanical switch. – Mattman944 Mar 06 '20 at 09:12

2 Answers2

3

It depends what the "emergency button" does and what the emergency might be. If it is something that is deigned to halt a life threatening situation, like someone getting caught in power machinery then relying on software of any kind is a seriously bad idea. That is what Big Red Buttons that cut power directly are for. Levers and mechanical breakers are vastly more reliable than any computer or electronics. As any lawyer will likely tell you in court if your system fails.

Dirk Bruere
  • 13,425
  • 9
  • 53
  • 111
  • "It depends what the "emergency button" does and what the emergency might be" is true but the blanket statement "Levers and mechanical breakers are vastly more reliable than any computer or electronics" squarely isn't and depends very much on the application. Downvoting until clarified, I'm afraid. – TonyM Mar 06 '20 at 09:29
  • 1
    Upvote from me, since I agree with the main point. What is more important than being more reliable, is being *independent*. The OP seems to be using the same MCU for both normal operation and emergency shutdown, very bad idea. What if the MCU fails, how do you shut down the system. – Mattman944 Mar 06 '20 at 09:54
  • 5
    @TonyM Disagree. I have seen glitches and crashes in electronics caused by transients and (possibly) stray cosmic rays. I have never seen a steel bar glitch. – Dirk Bruere Mar 06 '20 at 09:54
  • You've simply chosen another highly subjective example to support your generalisation. I've worked on many different mechanical, electronic and electro-mechanical safety systems over a lot of years, including in transport and medical. It's vaster than these simplistic 'steel bar' and 'one lever' cases. How about four-channel redundant system compared to a multi-part mechanical transfer forced to use steel cable to go 100 metres. Or a dozen other examples in the big, wide world. – TonyM Mar 06 '20 at 10:04
  • @TonyM Why do you suppose all power machinery in industry comes with the red button which is conspicuously NOT triggered by s/w? – Dirk Bruere Mar 06 '20 at 10:17
  • 2
    I think there is also a huge bias that mechanical solutions are more safe. I think it is due to limitations of human kind. You cannot not *see* software and most people (think they) have knowledge how mechanical systems work, but most cannot *understand* software / electronics. – Huisman Mar 06 '20 at 10:24
  • 3
    @Huisman Simpler argument is from complexity. A microprocessor has millions of switching transistors, and if any one of the goes wrong it is FAIL. Compare that to a mechanical button. – Dirk Bruere Mar 06 '20 at 11:25
  • You keep going back to the same tiny little set of examples and I get those, probably far more than you imagine. Try branching out beyond that then re-read your blanket statement. It's a much deeper subject than that. – TonyM Mar 06 '20 at 12:14
  • @DirkBruere [Steel bar glitch](https://www.youtube.com/watch?v=GMbN9nb3qyk) (tongue-in-cheek) – user253751 Mar 06 '20 at 12:29
1

The Arduino platform and the microcontroller used in it are not safety rated components. They can not be used as primary safety in an e-stop circuit. You can certainly monitor the e-stop system with the Arduino and switch off outputs that will make the system safer but you always have to remember that your code can fail, a GPIO may fail high or low or oscillate.

For more, see my answers to the questions below. These discuss industrial safety design:

Transistor
  • 168,990
  • 12
  • 186
  • 385