I am having quite a complex system involving one Raspberry Pi, one Mega 2560, one Uno and 4 ATtiny13's all networked together, controlling a vehicle that have some weird moving patterns. In order to prevent the system from going haywire, I need an Emergency Stop button.
The vehicle have 4 power rails:
12V main traction rail from lead-acid batteries;
5V direction controlling servo rail from a DC-DC converter derived from the 12V rail;
Secondary 5V main computation rail from a DC-DC converter derived from the 12V rail;
A common ground rail that is also connected to the frame of the vehicle.
The Pi and Mega 2560 both running on the Secondary 5V rail, the Uno and ATtiny13's on the first 5V rail, and the main motor on the 12V rail through the Arduino Motor Shield.
The Pi I used have a Reset header P6, exposing a pin RUN which resets the processor when tied to ground.
I am thinking if I can safely use a SPST emergency switch and several N-channel MOSFETs: Q1 source pin at ground rail and drain pin at Pi RUN pin, Q2 source pin at ground rail and drain at Mega 2560 RESET pin, Q3 source pin at ground rail and drain pin at Uno RESET pin, where RESET pins of the ATtiny13's are all also tied to, and Q4 source pin at Break pin of the motor shield and drain pin at the servo 5V rail, and all MOSFETs' gate pins tied together to the emergency stop button, which is in turn connected to the 12V rail. I am hoping that when the button is pressed, all microcontrollers are arrested in reset and the motor is brake at maximum possible acceleration.
The only effective emergency stop is a contactor switch in the 12V traction supply,
then you aren't depending on the correctness of your software or hardware to fail-safe,
you only depend on the contactor switch.
You may want to talk with Atmel. Last two sentences from the disclaimer at the bottom of the last page of the ATmega328P (et al.) datasheet:
Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life.
MarkT:
The only effective emergency stop is a contactor switch in the 12V traction supply,
then you aren't depending on the correctness of your software or hardware to fail-safe,
you only depend on the contactor switch.
I need to put the motor at full break when the button is pressed. The vehicle is too small to fit friction pads to.
MarkT:
The only effective emergency stop is a contactor switch in the 12V traction supply,
then you aren't depending on the correctness of your software or hardware to fail-safe,
you only depend on the contactor switch.
I need to put the motor at full break when the button is pressed. The vehicle is too small to fit friction pads to.
By full brake do you mean shorting the motor terminals or controlled current-limited
deceleration (motor in full reverse drive till it stops turning)?
The former will only work in smaller motors and drivers, for large motors it risks
blowing up the driver transistors! The latter cannot brake any harder than the
acceleration performance of the vehicle, which may not be enough.
The latter is a controlled stop, not an emergency cut-out, and isn't enough to
protect against malfunction. Perhaps you should have defined "emergency"
more carefully - I was assuming a way to prevent run-away behaviour on malfunction.
I mean shorting out the terminals. I can use a sufficiently large SSR for that, bypassing all current limiting mechanisms and dissipate all energy on the resistance of the SSR which is somewhere between 1k and 3k ohms. At the emergency stop all microcontrollers and the controlling Pi are all arrested in reset.