Fuel Economy, Hypermiling, EcoModding News and Forum - EcoModder.com - View Single Post

thingstodo · 02-17-2012, 01:07 PM

Safety, Safety, Safety ... and cheap

Safety is a big concern for me. I work, and drive, by myself for the most part, so there is no one around to assist. When you are on your own, you SHOULD pay more attention to doing things safely.

I am likely planning to go a bit overboard on Safety, but that's just some healthy paranoia on my part.

Safety Inputs:
- forward/backward inertia switch
- side to side inertia switch
- emergency stop slap button

These inputs will be wired to two different input cards, so if one card fails, the other will report correctly. This is a bit paranoid.

The inputs will be wired so that they are normally 'ON' or have voltage present. If a cable is damaged, they go 'OFF' and the system behaves as if they were activated. This is pretty standard.

The safety inputs will also wired to remove the output power from the PLC outputs. This means that it does not really matter if the PLC turns off the outputs, their power supply turns off anyway. This is a bit paranoid, similar to the safety systems on petroleum plants.

There are a couple of analog inputs that will be quite important, but more so for equipment damage. There will be two encoders, both connected in about the same place. They are different resolutions and will connect to different input cards, so that I always know what the speed of the motor is. This is a bit paranoid. The accelerator and brake positions both have two position sensors, and they will be connected to different analog cards to ensure that they match, and that I always have one working (card failures are rare, but they happen). The battery and motor currents are too numerous to duplicate. So are the various temperatures for the VFD, motor, batteries, DC/DC converters, and PLC. The VFD will shut itself down on high temperature or high current, but the high current is what the electronics can take, not what the motor can take. In order to get acceptable acceleration from the system, the VFD settings for the motor are about double what they should be. This relates to equipment damage only, not safety. I'm relying on the mass of the iron in the motor to absorb some punishment, like 2 - 3 times the rated current for about 40 seconds on acceleration. This is one of the things that I'm planning to test.

The redundant inputs are the same channels on adjacent cards, so if a card fails or a sensor fails, switching the wiring arms between the cards isolates the problem quickly. This has worked well for me in the past on many systems.

There will be an output from the PLC that enables the VFD. When that signal is lost, the VFD goes to a 'safe' state. That is, it decelerates at it's programmed maximum safe rate (will not lock up the rear wheels and skid) and dumps the generated energy from slowing down a 5000 lb vehicle into a large heater connected to the DC brake resistor connections. Loss of the same enable signal from the PLC will also drop the high voltage power to the VFD, so that it cannot continue to supply power to the wheels.

There may be a large e-brake handle mounted between the driver and passenger that pulls a load-brake on the high voltage to the VFD. I have a breaker that is rated to break 1000 amps at 700 VDC. This is one of the things that I've seen on other EV builds. I am keeping this option open.

The important gauges will be driven directly by the sensors or via the PLC. The aim is to drive the truck comfortably with NO extra displays and NO additional computers, even an arduino. The arduino, the extra gauges and displays, the communications, will give more information, and it will be prettier, and make troubleshooting easier, but they are NOT REQUIRED to run the truck. PERIOD. Nothing with a hard drive, or a command line prompt, or a display controller will cause a failure and make the vehicle undrivable.

02-17-2012, 01:07 PM	#71 (permalink)
thingstodo Master EcoModder Join Date: Sep 2010 Location: Saskatoon, canada Posts: 1,488 Ford Prefect - '18 Ford F150 XLT XTR Tess - '22 Tesla Y LR Thanks: 746 Thanked 565 Times in 447 Posts	More about the PLC - what it is and what it does Safety, Safety, Safety ... and cheap Safety is a big concern for me. I work, and drive, by myself for the most part, so there is no one around to assist. When you are on your own, you SHOULD pay more attention to doing things safely. I am likely planning to go a bit overboard on Safety, but that's just some healthy paranoia on my part. Safety Inputs: - forward/backward inertia switch - side to side inertia switch - emergency stop slap button These inputs will be wired to two different input cards, so if one card fails, the other will report correctly. This is a bit paranoid. The inputs will be wired so that they are normally 'ON' or have voltage present. If a cable is damaged, they go 'OFF' and the system behaves as if they were activated. This is pretty standard. The safety inputs will also wired to remove the output power from the PLC outputs. This means that it does not really matter if the PLC turns off the outputs, their power supply turns off anyway. This is a bit paranoid, similar to the safety systems on petroleum plants. There are a couple of analog inputs that will be quite important, but more so for equipment damage. There will be two encoders, both connected in about the same place. They are different resolutions and will connect to different input cards, so that I always know what the speed of the motor is. This is a bit paranoid. The accelerator and brake positions both have two position sensors, and they will be connected to different analog cards to ensure that they match, and that I always have one working (card failures are rare, but they happen). The battery and motor currents are too numerous to duplicate. So are the various temperatures for the VFD, motor, batteries, DC/DC converters, and PLC. The VFD will shut itself down on high temperature or high current, but the high current is what the electronics can take, not what the motor can take. In order to get acceptable acceleration from the system, the VFD settings for the motor are about double what they should be. This relates to equipment damage only, not safety. I'm relying on the mass of the iron in the motor to absorb some punishment, like 2 - 3 times the rated current for about 40 seconds on acceleration. This is one of the things that I'm planning to test. The redundant inputs are the same channels on adjacent cards, so if a card fails or a sensor fails, switching the wiring arms between the cards isolates the problem quickly. This has worked well for me in the past on many systems. There will be an output from the PLC that enables the VFD. When that signal is lost, the VFD goes to a 'safe' state. That is, it decelerates at it's programmed maximum safe rate (will not lock up the rear wheels and skid) and dumps the generated energy from slowing down a 5000 lb vehicle into a large heater connected to the DC brake resistor connections. Loss of the same enable signal from the PLC will also drop the high voltage power to the VFD, so that it cannot continue to supply power to the wheels. There may be a large e-brake handle mounted between the driver and passenger that pulls a load-brake on the high voltage to the VFD. I have a breaker that is rated to break 1000 amps at 700 VDC. This is one of the things that I've seen on other EV builds. I am keeping this option open. The important gauges will be driven directly by the sensors or via the PLC. The aim is to drive the truck comfortably with NO extra displays and NO additional computers, even an arduino. The arduino, the extra gauges and displays, the communications, will give more information, and it will be prettier, and make troubleshooting easier, but they are NOT REQUIRED to run the truck. PERIOD. Nothing with a hard drive, or a command line prompt, or a display controller will cause a failure and make the vehicle undrivable.