remote control air regulator

[Alan Anderson]

You're doing a reasonable job of considering some failure modes, but you seem to be dismissing what I think are the likely failures, and you definitely haven't addressed the worst case ones.

Quote:

Originally Posted by wireties

...an open ground connection results in no controlling voltage and the minimum output pressure.

That assumes that the ground connection fails in the "right" place to remove it from the regulator as well as from the resistive divider. By proper design of the actual wire routing, that particular behavior on a loss of ground can be assured, but it requires more thought than just the obvious pair of resistors.

Quote:

Still the worst fanciful failure imaginable gets you ~70PSI, not 120PSI, as the highest possible potential in the passive control circuit is 5VDC.

Oh, I can imagine quite a bit more fancy than that. I don't even have to imagine battery voltage ending up on the analog signal -- I have actually seen it happen. A small addition to the divider circuit can address that, by putting a zener diode in parallel with the bottom resistor, but one must still recognize the potential for something like that to happen. Making a safety-critical part of the robot fail-safe takes real effort to get it right.

You can't just invoke the laws of physics and say nothing will go wrong. You have to see where the laws take you when your assumptions are violated. The robot rules regarding pneumatic systems are very specific, and they do a good job keeping pressures at the appropriate levels unless many things go wrong at once. I don't see an electronically-controlled primary regulator managing to fit in that framework, because it can let full pressure through with just a single failure.

[wireties]

Quote:

Originally Posted by Alan Anderson

That assumes that the ground connection fails in the "right" place to remove it from the regulator as well as from the resistive divider. By proper design of the actual wire routing, that particular behavior on a loss of ground can be assured, but it requires more thought than just the obvious pair of resistors.

How does a connection to the reference voltage fail other than by opening up? A zener clamping the voltage in the control circuit would be a feel good addition - can't hurt.

Quote:

Originally Posted by Alan Anderson

Oh, I can imagine quite a bit more fancy than that. I don't even have to imagine battery voltage ending up on the analog signal -- I have actually seen it happen..

One can imagine wild failure modes with most parts of the fail-safe circuitry on the robot. I remind you the biggest fail-safe mechanism we have is implemented in software!

Recently I had the top come off breakers exposing the fuse. We can go back and forth all day and night about extraordinary failure modes. But one has to pick a prudent affordable safe approach.

Quote:

Originally Posted by Alan Anderson

You can't just invoke the laws of physics and say nothing will go wrong. You have to see where the laws take you when your assumptions are violated. The robot rules regarding pneumatic systems are very specific, and they do a good job keeping pressures at the appropriate levels unless many things go wrong at once. I don't see an electronically-controlled primary regulator managing to fit in that framework, because it can let full pressure through with just a single failure.

I can indeed "invoke the laws of physics" and assert that the control circuit meets criteria for a fail-safe circuit in this application. I'm not ready to go there, just wanted some opinions. And I appreciate your opinion.

With respect the lack of specificity in the rules is the genesis of this thread. Where does it say the adjustment is mechanical? Did I miss that? There have been a few good pneumatic-related Q&As this season that resulted in corrections to the manual.