E- Stop and The New FRC Control System

Please, some one tell me I’m wrong, that I’m just paranoid, but I watched the NI joy stick control in 10 minutes video several times and I did not see a disable or E-Stop switch hooked to the operator interface. The NI guy had no problem writing a VI that apparently ignored the lack of a kill switch. Trying to click on the stop execution tab with a mouse while a drive chain is chewing up a student is not acceptable. How is a total compact rio shut down handled? I have not seen any thing yet that leads me to believe that this issue is well handled. Please NI and beta teams tell me I have nothing to worry about.

Also note that there does not appear to be any fuse between the battery and the victors in the video. Sloppy.

This issue is handled through the competition port on the DS(Drivers Station)
There are 2 commands that disable the robot. the Disable command and the E-stop.
when the cRio receives the disable command, the outputs are temporarily disabled, and can be re-enabled again.

When the cRio receives the E-Stop command, all the outputs are disabled until the cRio is rebooted.

Yes, I Know there are provisions for a diable and e-stop. How ever it appears that these are easily by passed and are not intrinsic to the operation.

The coding doesn’t require the e-stop to be connected to operate. the E-Stop will still be on the driver station as a means to diable the robot.

-Mike

The enable/disable works the same way as the IFI system. You do not have to have any code to use it. You do have access to the enable/disable state in the code, but if you set an output in the code while disabled, it does not get passed on. Unlike the IFI system, the switch is provided.

What specifically in the video made you think it was easily bypassed?

Just to ask, is there also an “autonomous” pin to hook
to a switch as in the competition port on the prior control
system?

Eugene

There’s an autonomous/teleop switch on the OI. You have to move a jumper around to run auton at this point in time.

In the video, for a spit second it appears that the OI competition port is bare. Nothing plugged in and the system is functioning. Shouldn’t the system be disabled if nothing is in the port? The reason I’m especially concerned with the disable is that last week we started up the 2008 robot and it became instantly apparent just how important a functioning easily engaged disable button is.

Without something connected to the competition port, with either the new system or the old IFI system, it will operate just fine. It is recommended to have one for safety purposes, but it has never been a requirement for the system to work properly “at home,” i.e not at an event.

1 Like

The thing that may cause confusion was the disabling of the user watchdog.

The system has two watchdogs, the system or intrinsic – controlled by the driver station and DS switches, and the user watchdog – optional and controlled by the cRIO running the user’s code.

If the intrinsic watchdog loses communications or is told to disable or e-stop, the FPGA shuts down I/O. Period.

The user watchdog is ANDed with the intrinsic can request a disable as well. In the movie, the watchdog was simply disabled and wasn’t used.

Another usage would be to leave it enabled, and stroke the watchdog in a loop that verified conditions of the robot or joystick. It can be used to ensure that a core loop is executing every cycle and isn’t hung or crashed. It can be used to implement a robot enable button on the joystick during early development.

Greg McKaskle

Actually, with the new Driver Station, the robot defaults to disabled unless the “competition port” is connected. (With the prior IFI system, the default was to enable the robot if nothing is connected to the competition port.)

I think this answers GDeaver’s question. I can probably speak to the mindset behind his question though. I imagine his concern is that the IFI disable switch was nowhere close to actual E-Stop functionality. That is, the disable was a normally open connection, so it could completely fail to stop the robot if it, say, were unplugged by a rampaging robot or had some lint on the switch contact. True E-Stops should rely on a normally closed connection. Preferably two in series. That way, if the E_Stop circuit is unplugged, the wires are cut, or a solder joint comes loose, the robot will refuse to operate. Two NC switches also means that both have to fail to open for the E-Stop to fail, which is rather unlikely.

So, if the new DS always disables the robot without a (preferably normally closed) switch connected to the competition port, then all is well with the functioning of the new system. It can obviously still be jumpered around with a soldering iron, etc., but it generally makes it much more difficult to kill yourself.

That is exactly the behavior of the competition port on the Driver Station. You’ve also done an excellent job explaining the rationale behind the reason to change to a “normally closed” switch (for enable) from the prior behavior with the IFI operator interface. Thanks!

This does mean, however, that a team always has to have their switch on hand in order to enable the robot.

Which is the entire point. Can’t operate safely without a safety switch and all that.

An additional good safety system, if not necessarily for FRC robots, is the deadman switch. It’s (usually) a 3-position switch that’s only closed when squeezed half way. Released or gripped tightly, the switch is open and the robot should cease operation. The reasoning being that humans are likely to release something OR grip something tightly in a panic situation, but likely won’t maintain a calm, light grip on something. Probably annoying to have an over excited driver kill your robot in the middle of a match with a death-grip… but it might make a good training tool for encouraging the drivers to stay calm in practices. :smiley:

Seems to me like a switch that requires a light grip would be more of a pain in the neck than a safety feature. If you aren’t trained to “click the button if something bad happens” and are incredibly likely to panic in the event of an emergency, you probably shouldn’t be the one holding the e-stop switch.

I do like the fact the new behavior of the e-stop this year (NC). I’ve nearly been run over a couple of times due to the lack of an e-stop button.

Well, deadman switches aren’t just a backup for E-Stops. They’re often there specifically as enable switches for manual controls. So you have to active the switch before you can start moving around a large and dangerous robot, and you can’t easily accidentally operate it.

Plus, how much use is an E-Stop button going to be if the machine you’re operating electrocutes you, knocks you unconscious, or bores you to sleep? All of these situations leave the E-Stop button unpressed and the machine merrily humming away. Deadman switches don’t just protect against machine operating dangers, they also protect against operator inattention.