Do No Harm

In the care and keeping of other people and their stuff, this has long been a maxim to be followed DonaldNoyes.20121120

We have carried this maxim into the computing world in the field of robotics and automation. When we create automatic devices, they have within them safety mechanisms which safegard those who approach them, or who are approached by them. This is carefully followed in the automobile plants where I worked as a Controls Engineer in the physical design of manufacturing cells or stations in which there may from time to time involve humans working in proximity to robots or machinery which has been automated.

The concerns first involve fencing the area of danger thereby disallowing the approach of a person into an area where harm might occur. The robots can then go about their business without an accidental incursion into their space.

Secondly, safeguards are put in place to protect those who maintain the equipment and robots, or are involved in an interface with a mix of human and machine interactions. The fences are equipped with entry points which are locked and which include electrical interlocks which disable the automation in the case of a maintenance worker unlocking and opening the gate at the entry point. In the case of the stations where humans interact with robots, a combination of light screens, floor-mats and physical stops which limit automatic motions from entry into the safe working zone of the human. This is necessary because modern robots have extensive reach and very quick motions, some reaching speeds of 40 to 60 mph within fractions of seconds.

There are several levels of protection provided by the system. The machine and/or mechanical operators have no programmed movements which will reach into the safe area. In the buffer area, where man and machine may both operate, electrical interlocks prevent the machine from entering the buffer area when a light screen or floor mat has indicated a human present. When hands are involved in an operation and clearance must be assured, the presence of two push buttons spaced far enough apart as to require the use of both hands to depress them serve as an additional indication that hands are clear and the mechanical motion can take place. Should the operator take hands off of the buttons, or another part of their body break a light shield, the operation or robot come to an immediate safe stop.

From the manufacturing pattern above, I have gathered and instituted practices when I create a piece of software, particularly when it involves automatic or iterative processes. The rule: DoNoHarm. No action the process carries out should harm or interfere with a process carried out by others. When processes involve iterations, checks and limits must be in place to avoid or terminate endless or prolonged looping. When a resource used by more than one process is limited in magnitude, scope or channels, usage of the resource needs to be rationed in such a way as to allow the greatest efficiency and output. When I program I sometimes encounter this problem. Programming and management of programs must receive sufficient attention as to ensure that a shortcoming in one does not adversely affect the other.

Nicely stated, Donald. This is how all control systems must be designed from the ground up. Whether you are talking about the mechanical, electromechanical, electronic, or software portions of the system, everything must be designed with this level of autonomy, atomicity, and auto-protection in mind.

CategorySafety