I am working on a Java based ceramic kiln controller. I have a proto roughed out that works through an Arduino and a solid state relay. I have implemented control logic but I could use some input on how to make it pretty “fail safe”. By this I mean it turns off the kiln is things go wrong and try's to compensate for variation in temperature tracking.
So far, I have put a check in the Arduino software to turn the kiln off permanently if the temperature measured is greater than 1200 C. This is close to the limit of a K type thermocouple. There is also a check to see if the Arduino is still getting commands from the computer. If it doesn't get a command in one minute it shuts off the kiln.
On the Java side, I also have a check that aborts the run if the temperature reading is greater than 150% of what the program is looking for at any given time. I extend the run time if the maximum temperature designated is not reached by the end of the run until it does.
The complications I run into is that there may be a complex up and down temperature gradient programmed, with temperature hold times between ramps. This is fine if the temperature tracks the gradient, but if it is slow, I'm not sure what would be the best approach to compensate. No problem with too fast... all I can do is turn it off. Anyway, usually cool down rate can be controlled easier than heat up, except maybe for glass.
You are working on the wrong side of "fail safe". You want to turn the kiln on and keep it on only if all parameters are "go". By looking for possible failures, you will drive your self and the program crazy.
I'd split the temperature profiles into ramp and hold steps, and let the Arduino control the heater accordingly. At the end of each step it shuts the heater off (fail safe), notifies the controlling program and waits for the next step parameters.
You can implement an PID or other control algorithm for the ramps. Adaptive or predictive control may work better, WRT the slow (delayed) temperature response of the kiln.
You are working on the wrong side of "fail safe". You want to turn the kiln on and keep it on only if all parameters are "go". By looking for possible failures, you will drive your self and the program crazy.
Paul
Seems like either way you must take periodic checks for the same problems. How would the code differ from what I am doing?
You can implement an PID or other control algorithm for the ramps. Adaptive or predictive control may work better, WRT the slow (delayed) temperature response of the kiln.
I reset the target temp only every minute. The kiln has so much mass, that even that may be too fine grained. At the higher end of the temperature, Most kilns duty cycle ON is over 90%. Not sure smarter code would help much... maybe in the early part of the cycle. Glaze quality has to do with what you might call "heat work". How hot it got and for how long. Nothing like a precise melting point. Some glazes you take them up to melting, then come down a few hundred degrees and hold them there to get crystal formation. Sort of like trying to improve 15 century alchemy with 21 century tools.
If the plan is to run the Arduino while connected to the PC I would keep the Arduino code as simple as possible.
I presume it needs to read the temperature and send the value to the PC.
And take an instruction from the PC to turn the heat on or off.
In addition to that I would put code in the Arduino to switch off the heater if the PC stops communicating or if the temperature exceeds some threshold.
However I would prefer a completely independent over-temperature switch that does not rely on any computer.
You are not considering the Arduino rebooting after a 2 second power fail. The Kiln has been in heat mode and then the power fails and the Arduino reboots. The Kiln has overheated during the power failure because of the time for the mass to heat up.
Would you just turn the heater back on and then check to see if all is ok? Or would you check to see if all is ok and then turn the heat back on.
Paul_KD7HB:
The Kiln has overheated during the power failure because of the time for the mass to heat up.
Would you just turn the heater back on and then check to see if all is ok? Or would you check to see if all is ok and then turn the heat back on.
I agree completely with the second paragraph.
But I think the logic of the first paragraph is incorrect. If there was a power failure the Kiln could not have overheated any more than if the Arduino had remained in control and had switched it off.
fail safe is not digital or electronic, it should be mechanical.
get a metal that melts at 1,200 F and make a loop. connect it to a spring.
the spring holds the switch closed so power can be fed.
if the kiln reaches 1,200, the metal melts, the switch opens
fail safe.
I do not belive you can have an electronical fail safe.
what happens if static turns on the FET ?
what can you do to open the FET if the FET cannot see a control signal?
what if the wire burnt, no signal
what if the pin went high and failed high ?
'fail safe' is that last ditch, overall device that cannot fail.
if you heat your metal to 1,200 and pour the link, well, then, you know it is molten at 1,200.
use a weight if you think the spring could be ineffective.
Paul, I think I have most of the issues covered. If the power fails and the Arduino reboots, it will not be getting a input signal from the computer and the script turns off the solid state relay after sixty seconds without a response from the computer.
Since a ceramics firing in an electric kiln can always be restarted and re-run with a potential satisfactory glaze outcome, all my logic is just to turn it off and not try to do any automatic re-start. The operator can always re-program the ramp from where it let off. I put logic in to trigger a buzzer if a problem is detected, as well as shut off the power to the kiln.
and Robin2... you are right. the best way to have a fail safe backup to the electronics is to have something melt at the correct temperature and turn off the kiln. Most kilns have such a thing called a "kiln sitter" It is a ceramic bar that is set inside the kiln. when it melts it allows a lever to drop a weight against an outside kill switch. But as you know, even mechanical devices can get hung and fail. I always back up my run with a bar that melts slightly higher than the max temp I am looking for. This allows me to have a hold time at the high temperature, and maybe a slow cool down, neither of which could be done with just a kiln sitter turning off the kiln.
On power fail, and after reboot of the Arduino, the entire environment should enter an safe state (here heater SSR OFF). This is good design practice.
Short losses of power, as the mentioned 2 second delay, will not really affect the kiln temperature. But as the Arduino doesn't know about the aborted step, the controlling program should re-transmit the missing portion of the last step.
Robin2:
I agree completely with the second paragraph.
But I think the logic of the first paragraph is incorrect. If there was a power failure the Kiln could not have overheated any more than if the Arduino had remained in control and had switched it off.
...R
My limited experience with kilns is the heating element is protected from damage by some insulation material. This material would allow some overshoot/undershoot on heating and cooling because the heat must pass though that insulating material. Perhaps my understanding of this kiln is incorrect.
Paul_KD7HB:
Perhaps my understanding of this kiln is incorrect.
I suspect you are correct. I was not trying to comment on the overshoot/undershoot itself, only on the impact of a power outage vs an ordered switch off. In both cases there may be over/undershoot.
Changing temperature on a ceramics kiln is like turning a ship. A power fail of even a few minutes would have not much of an effect. The Arduino script checks for loss of computer control and turns off the kiln, if it is on. It also would probably be off if there was an all out power failure.
RPCoyle:
Changing temperature on a ceramics kiln is like turning a ship. A power fail of even a few minutes would have not much of an effect. The Arduino script checks for loss of computer control and turns off the kiln, if it is on. It also would probably be off if there was an all out power failure.
when you turn an Arduino ON, it does a simple POST and toggles the outputs when testing to see what is connected.
for an SSR connected to a heater, the 1-2 seconds would not amount to a small handful of beans.
once it is running, things would come under control rapidly. however, all inputs and conditions and states would be lost.
I would offer that a simple battery backup would allow a 5 to 10 minute power glitch to go by without any hickup or any glitch. any power failure of a longer duration, well first off, should not happen. secondly, you might want user intervention.
I'm using a network connected Arduino as a temperature controller for my glass annealing kiln. I have a GUI on my PCs that is used to select which program to run and display set point and process value as well as some other configuration options but the Arduino runs the kiln independently of the PC. I prefer this to complete control from the PC because it allows me to turn off my computer while the kiln is running and it's more reliable to run the code on the Arduino. I write the current program, program step, and approximate location in the program step to EEPROM so that it can recover from power outages. After a power outage the Arduino checks how much the process value has dropped from the setpoint and then decides whether it should turn off, continue after reaching the set point, or restart the program. Error events are logged and can also trigger other alerts such as indicator LED, onscreen notification, verbal notification, or buzzer.