SYSTEM DESIGN NOTE

SDN0002.14 - Mechanism Positioning and Control

 
 
 

Prepared by	Date	Approved by	Date	Rev.	Rev Date
J Elias	5/27/99	Neil Gaughan	6/1/99

1. Introduction

This document should be read in conjunction with SDN002.01 (Mechanism Requirements), SDN002.10 (Mechanism Positioning) and SDN002.13 (GNIRS Motor and Mechanism Data). SDN009 (Software Requirements) and SDN012 (Electronics Requirements) should also be consistent with this document.

The purpose of this SDN is to discuss in some detail the requirements on control of positioning of mechanisms, including failure modes and diagnosis. The primary requirement regarding failures is that no single-point failure should permit damage to the mechanism; it is assumed for these purposes that software does not by itself provide the required redundant protection. A goal rather than a requirement is to permit continued operation after a hardware failure; the specifics are discussed under individual items.

2. Positioning

In general terms, mechanisms are positioned using a stepper motor, where position is set by specifying the number of steps. Positions are reckoned from a "home" or "datum" position (terms used interchangeably), which is used to establish (and recover) zero-point. Mechanisms which have limited travel (all but the filter wheels) are also provided with limit switches.

2.1 Basic Positioning Algorithm

Although several of the mechanisms have provisions for reduction of backlash (e.g., pre-load springs or split gears) it is in all cases desirable to make the final motion to the desired position in the same direction.

Specifically, if for a given mechanism the preferred direction is increasing step number, and the number of steps required to remove backlash is 100:
 

• A motion from step 4000 to 7000 would consist of a motion from 4000 to 7000.
• A motion from step 7000 to 4000 would consist of a motion from 7000 to 3900, followed by a motion from 3900 to 4000.

Note that this algorithm could be viewed specifying that a motion to step N is carried out in two parts: a motion to step N-100, followed by a motion to step N.

2.1.1 Discrete Mechanisms

For all mechanisms but the grating turret and the detector focus, there are a limited number of valid positions. Thus it is reasonable to have a table of position names and associated step number for each of the discrete mechanisms. Note that for the filter wheels, each filter name actually defines the position of both wheels. For engineering purposes it should be possible to move the filter wheels independently, but the ordinary user will not need this capability.

Since the position table should contain only legal mechanism positions, the software should never attempt to position the mechanism beyond its limits. Nevertheless, the software should always verify that a requested position is within the limits (which might occur if there were a typing error in a table entry). Such an error should be flagged as a request to position the mechanism beyond its limits. (This needs to be distinct from a request for an invalid position, which is a position name which is not found in the table.)

2.1.2 Continuous Mechanisms

The grating mechanism can be positioned (in theory) to any step within the allowable range. However, the step number is always determined absolutely. Specifically, the user will specify a grating, a wavelength, and an order. (The user interface will usually specify a default for the order for a given wavelength.) The software then converts this is a tilt for the given grating, and then converts the combination of grating selection and grating tilt to step position, rounded to the nearest whole step.
This procedure should always result in a legal position, but the software should always verify that the requested position is within the limits. This could result either from a typing error in the parameter table for the wavelength to step conversions, or from a sufficiently ruthless override of defaults at the user or engineering interface. (In general, the user interface should be more restrictive in this regard; it should not be possible, for example, to specify wavelengths outside the operating range of the spectrometer or orders which differ by more than 1 from the default order.)

The focus mechanism can also be positioned to any step within the allowable range. The user will not have direct, arbitrary control of focus, but should be able to reset focus zero-point through an appropriate focus procedure using the pupil masks in the filter wheel (probably restricted access). The focus position will be a sum of several components – a zero-point + camera focus offset + temperature offset + prism defocus offset + grating defocus offset. With ideal alignment and temperature control of the optical bench, all of these terms will be zero, but the software must make provision for them. Because the focus setting is the sum of several terms, it is possible in theory for the net focus position to be out of range (aside from table entry errors); the software must therefore check that requested positions are within the limits. Requests for positions outside limits should be reported as errors.

2.1.3 Failures

Failures can occur at several levels. One of the external electronic components may fail, and as possible this should be detected by diagnostics on the boards. There can be failures in the wiring between the electronics and the motors (both internal and external cables; both shorts and open circuits). Can this be detected through available board-level diagnostics?
The motor itself may fail, or the mechanism may jam or a shaft may loosen or break. These failures are not likely to be detected directly, and will manifest themselves as discrepant configurations. The diagnostic procedures outlined below will detect these unambiguously.

2.1.4 Additional Commands

Abort. It is desirable to be able to abort a motion in progress if the user has second thoughts. This is mainly interesting for the longer motions, such as a turret or IFU change. If implemented, the abort must be graceful – the indexer cannot lose track of step count (this probably implies deceleration rather than an instant halt).

Jog. This is an engineering command that allows one to adjust the mechanism positions by a specified number of steps. It can be used to verify function or to adjust zero points in an emergency. This is not a command that would be used by normal users. The jog command should have the option of resetting the zero point or not. In the former case, the zero point is adjusted by the cumulative number of steps jogged, while in the latter case it is not. Specifically, if the filter wheels are positioned to the H filter, and a jog command is issued without reset, a new command to move to H would move to the original position. If the reset was issued, a new command to move to H would move to the current position. (It may be easier to make the reset command separate.)

2.2 Datum Position

The datum or home position is defined by a microswitch activated by a cam follower or analogous mechanical arrangement. The datum position is defined by the transition between the high and low point on the mechanism cam. The direction of transition must also be specified, and for the filter wheels (where there are two transitions – see below) the specific transition must be specified. The choice is arbitrary but should be consistent for all mechanisms and direction of datum location should be in the direction of motion used for backlash removal (2.1).

The datum position would normally be located at the preferred storage or "park" position; if there is none, at the approximate midpoint of mechanism travel.

2.2.1 Basic Datum Algorithm

The datum should always be approached in the same sense as the standard direction of positioning of the mechanism. The cam should be set up so that for all mechanisms the transition (on to off or vice versa) is always in the same sense. The details of the home algorithm depend somewhat on the workings of the indexer board; the following approach is indicative of what is needed to define the datum position properly.
 

• Move mechanism in positive or negative direction according to sense of home switch.

 
• When home changes sense, move in the direction for removal of backlash by the amount specified for removal of backlash in that mechanism (e.g., 100 steps for the example in 2.1).

Step mechanism one step at a time until datum sense changes; this position is the datum position.

The low-level "home" functions on the OMS indexer board are not consistent¹ with this algorithm for datum location; this means that the implementation will have to be through higher level software which reads the "home" switches through an I/O board.

For mechanisms with limited travel, the home will always be "on" on one side of the mechanism and "off" on the other; the algorithms described above will ensure that the process of locating the datum position will never drive into a limit. Since the software does not necessarily know the correct mechanism position, it is not possible to use the software to provide redundant protection against reaching a limit. Hardware limit switches wired (at least) to the indexer board are therefore required (2.3). Driving the mechanism into a hardware limit when locating the datum position should be an error condition, since this can only occur if there is a software error or a failure of the datum sense switch (or some other failure not foreseen here).

For the filter wheels, there must be two transitions between "on" and "off"; the algorithm described above will always drive the mechanism toward the correct transition. The second transition should be located roughly 180 degrees from the datum position.
Since the mechanism can never move more than its full range of travel, the datum finding routine should return an error if the datum is not found after moving the number of steps corresponding to the full range of the mechanism (or one full turn of the filter wheels).

2.2.2 Diagnostics

An essential diagnostic is the ability to check the datum. The datum check would position the mechanism to just short of the datum (on the correct side), then approach it slowly and verify where the sense transition occurred. In principle, the transition would always occur at the exact same step. In practice, a datum that is slightly less accurate than this is allowable, because the repeatability requirements on the mechanisms are short-term rather than long-term.

Specifically, suppose the datum is accurate to ±1 step. Then a mechanism that lost on average a step every 10 motions (which is actually within requirements for the baseline scenario) would show a detectable error in 30 motions (if the error was systematic) or 100 motions (if the error was random). A datum which is accurate to <1 step is obviously preferable, and an error significantly >1 step is obviously not acceptable.

The datum check would not reset the zero point. A decision to reset the zero-point would only be justified if some momentary loss of function had caused a loss (or gain) of motor steps; in this case one would use the datum-finding command (2.2.1). Alternatively, one could use the reset command (or generalization thereof) outlined in 2.1.4.

2.2.3 Redundancy

The ability to check the datum is critical in determining whether the mechanisms are functioning. While some substitute procedures are possible, e.g. looking at comparison spectra on the science detector, the datum provides a simple and unambiguous (mostly) diagnostic. For this reason, some level of redundancy is highly desirable to permit the user to determine whether it is the datum sensor or the mechanism itself that has failed, and in the former case, to continue operation.
The ideal situation would be one in which the two switches are coupled to the mechanism cam through separate linkages; there is also separate wiring out to the dewar connector. It should be possible to switch between the two positions using a relay or some other means that can be controlled through the software. Since the indexer "home" functions are not generally suitable for the datum procedures outlined here, two inputs through an I/O board that can be selected in software may be the solution; the exact implementation is, however, an engineering decision.

Since the mechanical linkage is fairly robust, an arrangement in which two switches are mounted on a common linkage is acceptable (but less desirable). Note that no matter what the arrangement, there will be some offset between the two datum positions, which should be calibrated in the lab and stored in a look-up table.

The following commands are needed to support the redundant datum:
 

• Switch to back-up datum (all datum commands now use this datum; all mechanism positioning commands apply the appropriate offset).

 
• Switch to primary datum.

 
• Check datum offset. This does a datum check on the current datum, switches to the other, does a datum check on that, compares the difference with the table entry and reports both, and switches back to the initial datum. This can be viewed as a means of checking that both datums are functioning as much as a check on the mechanism function.

2.3 Limit Switches

The procedures outlined above should ensure that no mechanism ever approaches a mechanical limit. But the risk of damage if it does (for whatever reason) is so high that a hardware limit is justified. The limit switch would be wired to the appropriate limit input on the indexer board (normally closed).

Under normal operation, the limit switches would never be used. For most operations, the software provides redundant protection, so the most likely mode in which the limit switch is activated is through a datum failure and a find datum operation. (This assumes – perhaps incorrectly – that there no hardware failures that will produce runaway motions.) Since limit switches will not be activated during normal operation, any activation of a limit switch should be an error condition (except for diagnostic procedures).

2.3.1 Diagnostics

Since limit switches are not normally activated, a limit switch could have a failure (frozen closed) which was not detected. The limit switch would then not work when needed (another failure) and mechanism damage would result.

The ability to test the limit switches is therefore needed. The limit test command would move the mechanism to the known limit switch position, and would return an error if the switch does not activate within a specified number of steps of the nominal limit position. Note that since limit switches do not require the precision of the datum switches, the allowable position error can be greater. A limit switch that triggers too soon should be an error condition, as well as one that trigger too late or not at all.
It is not a requirement that limit switches operate without loss of steps. Normally, activation of the limit switch would require a datum locate (or at least a datum check and reset). In addition, some attempt should be made to understand the cause for the limit activation. Frequent activation of limit switches is an indication of an error in hardware or software design and is not acceptable.

A command to check limit switch status would also be useful – this would indicate whether any switches were activated (and which ones). This command would also include interlocks (2.4), if any.

2.3.2 Redundancy

It could be argued that the level of redundancy provided (software limits + hardware limits + limit switch tests) is sufficient. But the risk to the instrument from instrument damage – potentially several weeks of down time – is sufficiently great that additional protection is probably justified. It should be noted, too, that it is possible to set the indexer boards to ignore the limit switch inputs through software, though they default to limit switches active. It is also unclear whether there are "runaway" modes in the indexer in which the limit inputs do not activate.

At least two approaches are possible:
 

• A second limit switch in parallel to the first (analogous to the redundant datum). Switching between the two is done in software. One could switch between them and test them individually. This approach allows one to continue operation with a failed limit switch detected during test, but does not protect against a switch failure at exactly the wrong time (after test but before another failure), and also does not protect against a command to override the limit switches issued to the indexer board.

 
• Alternatively, the second switch comes after the first, and is wired to the driver or even directly to the motor to cut power. This provides the best level of protection to the mechanism, but it will also disable the mechanism if the switch itself fails open. The indexer board would not sense this switch’s operation, so it should also provide an input to the I/O board used for the datum switches; the software would have to check this input on (nominally) completing a motion. Note that there are a total of four limit switches in the mechanism, and that if any one of them fails open the mechanism is disabled. Since such a failure effectively takes the instrument out of service for a week or more, the probability of failure has to be kept very low. A switch or jumper on the appropriate board could provide an override of the second limit switch, just as software could override the first limit switch. It would seem reasonable to implement both override features. However, they should not be used (at least not together) until enough experience with the instrument accumulates to show that temporary use of the overrides poses negligible risk to the mechanism. If this is not the case, the overrides should not be used.

2.4 Interlocks

At the present time, there is a possibility of interference between the prism turret and acquisition mirror, in that they cannot both be in motion at the same time. If this continues to be the case as the design solidifies, an interlock should be provided at two levels:
 

• Software. The software should not permit motion of both mechanisms simultaneously. It should not permit motion of the prism turret when the acquisition mirror is "in".

 
• Hardware. In addition, switches should be wired to the motor drivers (similar to the back-up limit switches) with the following functionality:

 
• When the acquisition mirror is anywhere but in its "out" position, both directions of motion of the prism turret are disabled.

 
• When the prism turret is not in one of its four defined positions, only motion of the acquisition mirror to its "out" position is permitted (other direction disabled). This permits recovery from a situation in which both mechanisms trip the interlocks simultaneously.

3 Diagnostics

The diagnostics described above allow checking for degraded mechanism performance (via the datum check and the datum offset check). They also allow one to verify proper functioning of datum and limit switches. There are a couple of additional procedures that would be useful in anticipating failure modes or in diagnosis. These exclude essentially manual procedures, such as measuring continuity or resistance between pins on a dewar connector.

3.1 Mechanism Drive Current

It would be desirable to be able to set the limiting motor current via software. Any procedures to do so would not, obviously, be accessible to the normal user. This would have two purposes:
 

• If the mechanism was temporarily stuck (a phenomenon seen occasionally), additional current might help break it loose. This procedure should be used with caution, or perhaps not at all on the mechanisms with the greatest gear reductions.

 
• Conversely, there should be a minimum current value, below which the mechanism will not work reliably. It is likely to be hard to determine this precisely, but any significant increase in this value would be a sign that inspection and maintenance were needed. This procedure might provide early warning of incipient mechanism failures and minimize down time on the telescope (and damage to mechanisms). This test would consist of setting a motor limit current, doing a datum, moving the mechanism a few times, then doing a datum check (or a datum offset check). This test would inevitably result in a loss of the datum setting so it would not be something to do in between observations.

¹  The available functions either halt the motion abruptly, leading to possible loss of steps, or move past “home” and simultaneously reset the zero-point. The former function could be used to find the datum initially but is not appropriate for checking the datum position, where precision is required.
 
 
 

---

---

If you have any questions or suggestions regarding this website, please contact Melissa Bowersock.

NOAO Intranet Services

NOAO Copyright  Statement