Safety Standard For Grippers in Robotics

[Mandel314159]

After some interesting conversation regarding the safety of emergency stops, I saw some posts talking about the safety standard conversation sparking up that I wanted to ask about, particularly the safety standards with releasing items from grippers with the event of an e-stop. nfpa, OSHA, astm? I'm new to the world of PLC and programming as a controls engineer, so this conversation is really interesting when conversation with customers and others about what to do in regards to robotic work looks like.

 

[joseph_e2]

I'm not entirely sure where to quote a standard, but I know that the safety function isn't allowed to create more hazards, which is logical. The risk assessment would tell you if keeping from dropping items from the grippers is primarily a process/product protection or a personnel protection function. It's a lot easier/simpler if it's a process/product protection function. If it's personnel protection, you need to figure out the potential severity of the injury and figure out a "proper" mitigation of that hazard.

In other words, if the gripper is holding a small widget, it's no big hazard to people. If it's holding a VW bug, however, it becomes way more important to handle it correctly.

In our facility, we have robots that handle mufflers and their components. Opening the doors (or hitting an e-stop) will dump air from the system but the grippers have piloted flow controls that trap air to hold the grippers closed until air pressure is applied to the "open" side of the cylinder. I've seen that used in other settings as well when there's a suspended load, but those were very small loads. The flow controls did leak by but it was very slow and the vertical cylinder would drift slowly down (not noticeable unless it was stopped for an extended time).

 

[Mandel314159]

I'm not entirely sure where to quote a standard, but I know that the safety function isn't allowed to create more hazards, which is logical. The risk assessment would tell you if keeping from dropping items from the grippers is primarily a process/product protection or a personnel protection function. It's a lot easier/simpler if it's a process/product protection function. If it's personnel protection, you need to figure out the potential severity of the injury and figure out a "proper" mitigation of that hazard.

In other words, if the gripper is holding a small widget, it's no big hazard to people. If it's holding a VW bug, however, it becomes way more important to handle it correctly.

In our facility, we have robots that handle mufflers and their components. Opening the doors (or hitting an e-stop) will dump air from the system but the grippers have piloted flow controls that trap air to hold the grippers closed until air pressure is applied to the "open" side of the cylinder. I've seen that used in other settings as well when there's a suspended load, but those were very small loads. The flow controls did leak by but it was very slow and the vertical cylinder would drift slowly down (not noticeable unless it was stopped for an extended time).

how would you approach conversation with someone who wanted to de-energize the system as their internal safety strategy mandates when the energization is necessary to continue holding a potentially dangerous object?

 

[joseph_e2]

Just a few thoughts, certainly not comprehensive...

Start by presenting the competing hazards to help them see which is the most dangerous and strongly suggest they do the opposite. It's pretty standard to drop all power/air as a default method but it needs to be done intelligently after considering other risks. That's why drives often can use Safe-Torque-Off and Safe-Speed options.

If that isn't enough, look at OSHA 1910.212. It's specific to machine guarding not creating additional hazards, but it's a good rule for all safety measures. I'd also look at NFPA79 9.3.3.2. It specifically speaks of damage to the machine due to non-operation of auxiliary functions but that philosophy should also be applied to personnel protection (where non-operation can cause harm to people).

 

[Cheeseface]

how would you approach conversation with someone who wanted to de-energize the system as their internal safety strategy mandates when the energization is necessary to continue holding a potentially dangerous object?

Is the current plan to simply drop the item during a power outage?

 

[jstolaruk]

The topic of grippers (robotic or gantry or etc) is a tough nut. I routinely grip parts that are several hundred Kg in mass with pneumatic grippers and each customer has their ideas on how to handle a loss of air. Rod locks on the motion device is the most common method even though rod-locks are no longer considered safety devices. But with a robot flinging around a part at 1000sMM/sec, its better than the alternative.

I'm very interested to see where this conversation goes.

 

[Mandel314159]

Is the current plan to simply drop the item during a power outage?

Their safety team has taught them that an emergency stop is supposed to remove stored energy in the system to prevent extra hazard, this of course doesn't account for the obvious problem there where sometimes there's stored energy that is a good thing, like a gripper having the ability to grip something.
The specific use case we're looking at just has grippers that aren't suspending a part, but I argued that releasing the grippers altogether was a bad move, but I get the argument that they can pinch or hurt someone and you'd want that someone to be released when hitting an e-stop.

I find it weird though that there's not really a standard of expectations to follow, obviously building a standard is hard with having so many design specific cases, but we were able to design a system that removes the variable of a person's hand being in the way of the gripper should it start trying to grip something with light curtains and other traditional safety measures like that, making their argument of the grippers letting go all the more frustrating to me.

 

[Mandel314159]

The topic of grippers (robotic or gantry or etc) is a tough nut. I routinely grip parts that are several hundred Kg in mass with pneumatic grippers and each customer has their ideas on how to handle a loss of air. Rod locks on the motion device is the most common method even though rod-locks are no longer considered safety devices. But with a robot flinging around a part at 1000sMM/sec, its better than the alternative.

I'm very interested to see where this conversation goes.

see and that the thing, on our end we've got 250lb objects being moved around rather quickly, I don't want someone to be able to hit an e-stop, causing the parts to be let go mid motion and flinging that 250lb object across the room...

 

[joseph_e2]

If they decide that dropping a 250lb object is the safest option, then I would have the e-stop first stop the robot with its safety signals and then, once it's stopped, drop the air to the grippers. I would also make sure that everything that the robot passes over is very heavily reinforced. Once you start introducing time delays into your interlocks, you may also need locking guard switches that keep the doors closed until robot motion has stopped and the 250lb loads have finished bouncing...

Sorry, that sounds snarkier than I try to be...

 

[plvlce]

Saying 'an emergency stop is supposed to remove stored energy' is like saying 'water is supposed to put out fire'. As a general statement it's largely true, but to extend the analogy dropping the energy holding up or moving a heavy load is like pouring water on a grease fire -- a clear situation where blindly applying the general rule ends in disaster.

The purpose of the estop is not to release stored energy, but to get the machine into a safe state. Stored energy is a hazard of its own in that it could unexpectedly be released, but if releasing it makes the situation more hazardous, then our safety devices are anything but.

Rather than starting from 'we need to release stored energy', start from 'what do we need to do to make things safe?' Ideally you end with releasing remaining stored energy to eliminate that hazard.

Can you sequence your shutoff so that motion is stopped and then the grippers release a moment later so there won't be inertia carrying the part further? If the motion is an lockable enclosure you may have additional options when you can guarantee operators are not inside at time of stop.

 

[padees]

Oh, you guy's are just fun. I'm a ME and this is an ME issue. Tell controls how to deal with it.

Look into load locking strategies. It will most likely be mechanical or non-compressible fluids. With air, mechanical retention...

Look at something positive that will suit the application.

It was mentioned rod locks on cylinders. Oh, don't do that. What it really is, is a collet that clamps around a round object, much like a collet that holds tools in a CNC machining Center. Except, these are static when you set them, no motion. On a rod lock, while in motion, they will destroy the rod over time.

Many more things to consider, but this is a PLC site.

If anything I mentioned helps...

 

[mk42]

Their safety team has taught them that an emergency stop is supposed to remove stored energy in the system to prevent extra hazard,

I've seen a lot of people (especially old school) combine Estop and Lock out Tag Out. At the surface it starts as a similar idea (lets make it so nothing happens), but for different definitions of "nothing" and "happens". To be fair, there may have been a time that that idea may have been considered a best practice 50 years ago, but it doesn't make it correct (then or now).

Personally, if the estop DOESN'T release the gripper, you probably want a separate mechanism to do that, even if it's mechanical.

 

[joseph_e2]

Building on what @padees said about rod locks. There may be other versions out there, but the only ones I've seen have been for vertical rods where the weight of the load makes the rod lock tighten and it takes positive action (compressed air) to release. One application I saw also required "bumping" the servo axis up to release the lock which worked great until the servo was bumped all the way to its travel limit ("Wait, that can NEVER happen!"). That type of rod lock would not work if the rod was inverted or horizontal like it very well may be on a robot end effector.

 

[Mandel314159]

Oh, you guy's are just fun. I'm a ME and this is an ME issue. Tell controls how to deal with it.

Look into load locking strategies. It will most likely be mechanical or non-compressible fluids. With air, mechanical retention...

Look at something positive that will suit the application.

It was mentioned rod locks on cylinders. Oh, don't do that. What it really is, is a collet that clamps around a round object, much like a collet that holds tools in a CNC machining Center. Except, these are static when you set them, no motion. On a rod lock, while in motion, they will destroy the rod over time.

Many more things to consider, but this is a PLC site.

If anything I mentioned helps...

I'm a graduated ME but have been hired into a controls position at my company, I liked reading this

 

[Mandel314159]

If they decide that dropping a 250lb object is the safest option, then I would have the e-stop first stop the robot with its safety signals and then, once it's stopped, drop the air to the grippers. I would also make sure that everything that the robot passes over is very heavily reinforced. Once you start introducing time delays into your interlocks, you may also need locking guard switches that keep the doors closed until robot motion has stopped and the 250lb loads have finished bouncing...

Sorry, that sounds snarkier than I try to be...

Saying 'an emergency stop is supposed to remove stored energy' is like saying 'water is supposed to put out fire'. As a general statement it's largely true, but to extend the analogy dropping the energy holding up or moving a heavy load is like pouring water on a grease fire -- a clear situation where blindly applying the general rule ends in disaster.

The purpose of the estop is not to release stored energy, but to get the machine into a safe state. Stored energy is a hazard of its own in that it could unexpectedly be released, but if releasing it makes the situation more hazardous, then our safety devices are anything but.

Rather than starting from 'we need to release stored energy', start from 'what do we need to do to make things safe?' Ideally you end with releasing remaining stored energy to eliminate that hazard.

Can you sequence your shutoff so that motion is stopped and then the grippers release a moment later so there won't be inertia carrying the part further? If the motion is an lockable enclosure you may have additional options when you can guarantee operators are not inside at time of stop.

both of these are excellent, I'm 100% using the fire analogy to talk about this in future instances, and it's a valuable perspective to know how to best communicate why moving a 250lb object and not having it finish its motion before disengaging grips is a probably a bad thing.

The solution that my team's going with seems to be creating enough redundancy in the safety measures that it makes it physically impossible for anyone to come close to the grips without a freak accident which lets us keep the grips engaged during e-stop shutdown, with manual overrides on the machine's HMI should it come down to that. afterall, it's far far better to have motion stop in place for this machine and not drop something because if you're hitting e-stop mid motion with this machine it's probably because there's something in the way of its motion and the grippers disengaging would just be making that situation worse