: As large scale computerized industrial systems such as chemical plants, factory automations and automated building construction systems are being used in many industrial fields, comprehensive safety measures for these systems have become great concern for industrial safety. The specific research on "The Development of Comprehensive Safety Control Measures for Production and Construction Systems" was conducted from 1997 to 2001 for this reason.
    This research aimed mainly at establishing systematic hazard evaluation methods, safety control measures and safety validation methods for many automated and computerized industrial systems.
Following research subjects were conducted in this specific research:

1. Survey of actual conditions and specifications for industrial systems
2. Establishment of hazard evaluation methods for chemical plants
3. Establishment of hazard evaluation methods for large scale construction systems
4. Development of a human-error prediction estimator
5. Development of safety control systems for construction robots
6. Development of safety control systems for factory automations

    This "Third Report" deals with research subjects about (6), as the "First Report" published in 1999 and the "Second Report" published in 2000 described results of research subjects (1)-(5).
    Chapter 2 is related to safety control methods by programmable electronic equipment. The triple diverse and redundant CPUs with self-checking function was required to achieve the accident occurrence rate less than 10^-11/hour.
    Chapter 3 and Chapter 4 are related to discriminating devices between products and human bodies. The purpose of Chapter 3 was to propose a new blanking system which can distinguish the human body from the object with the solid shape. It permitted the machine actuation only when specified light beams of photo-electric safety sensor were obstructed by products. The triple redundant and diverse controller with self-checking function was used for this system. The purpose of Chapter 4 was to propose a new floating system which can distinguish the human body from the object with the plane shape. It permitted the machine actuation only when the blinded light beam number was less than the set number.
    Chapter 5 and Chapter 6 are related to safety confirmation devices for large scale working areas.
The purpose of Chapter 5 was to propose a new laser sensor that has fail-safe characteristics and can detect the object located in a long way at least 30 m. The purpose of Chapter 6 was to propose a new safety control system for work area where many operators cooperate with the moving machines.
    Chapter 7 and Chapter 8 are related to runaway protection systems for industrial robots. The turning angle monitor and the stop-hold monitor sensor using power reed magnetic switches were developed.
    The purpose of Chapter 9 was to develop a new safety control system for logistic machinery considering not only safety but also life cycle cost. The concept of the "distributed and safety-bus control" was proposed for replacing conventional safety control.

Keywords; Safety control, Factory automation, Safety device, Safety evaluation, Programmable controller

: In the safety system using programmable electronic equipment, labor accidents may arise due to program bugs, troubles of electronic equipment, electro-magnetic noise effects, etc.. Therefore, countermeasures such as dualization of CPUs and installation of the self checking mechanism have recently been proposed in the industrial field. However, the safety of such control systems greatly depends on independence, redundancy, existence of the self checking mechanism and check intervals for elements of the safety system. The accident occurrence rate was quantitatively examined according to the degree of redundancy and diversity, and the intervals of self checking for the programmable safety system. The allowable accident occurrence rate was assumed under 10^-11/hour.
    Following results were obtained in this study:

1. The allowable accident occurrence rate could not be achieved when the self checking mechanism for the sensor and the signal processing unit of programmable safety system had not been established, even if they had redundant and diverse CPUs. The self-checking mechanism was indispensable to the programmable safety system.
2. The allowable accident occurrence rate could be achieved if the sensor and signal processing unit had triple redundant and diverse CPUs with the self checking mechanism. However, it was necessary that the self checking interval was about half an hour or less, and the non-reliability of these safety elements were less than 10-3/hour to achieve the allowable accident occurrence rate.
3. It was necessary to shorten the self checking interval within one minute when the safety system was composed by dual redundant and diverse sensors and signal processing units. However, the check interval of the memory within one minute might be difficult.
4. The allowable accident occurrence rate could not be achieved when the non-reliability of pro grammable safety system was less than assumed value. As a result, the improvement of the reliability was indispensable to the realization of the high level safety system.

Keywords; safety control, Programmable electronic equipment, Redundancy, Diversity, Self checking

: This report proposes a new safety system for distinguishing between human bodies and objects with the solid shape. Common photo-electric safety devices are not available for this system because the object obstructs some light beams. In order to solve this problem, a blanking system with the fail-safe teaching function was developed in this study.
    The machine actuation is permitted only when specified light beams are obstructed by the object and the others reach to optical detectors. On the other hand, the machine has to stop when the human body blinds the light beam axes of this device. This system is called the "blanking system".
    The "blanking" is the terminology which means a part of invalidity of the light beam axes, By the development of such a system, following results were obtained in this study:

1. The fail-safe blanking system was realized by the programmable logic controller with triple redundancy, diversity and the self checking mechanism.
2. When the object was a square bar, the smallest detection diameter was larger than the physical resolution of the photo-electric safety device as the reflection of light beams occurred on the surface of the square bar. The smallest detection diameter became worst when there was the clearance of 1 or 2 mm between the human body and the square bar.
3. When the object was a round bar, a triangular rod or a square bar with overhang, the smallest detection diameter was also larger than the physical resolution, because of the blind area in detecting the human body. Therefore, the smallest detection diameter had to be evaluated in the mathematical expression (8), (12) or (16) described in this report.
4. The human body detection was impossible when the shape of the human body was intentionally taught, or the shape of human body and the object were simultaneously taught by mistake.

Keywords; Safety control, Photo-electric safety device, Fail-safe, Blanking, Diversity, Redundancy, Self checking, Programable controlle

: This report proposes a new safety system for distinguishing between human bodies and objects with the plane shape. An operator of a rollermill often carries out supplies of sheets and cleaning of the roll continuing actuating the roll. Safety measures by fences or enclosures are difficult to use for such works, because the operator approaches the rollermill very closely. The new safety system was developed to solve these problems.
    The developed safety system was called the "floating system". It permits the actuation of the roll only when the blinded light beam number of the photo-electric safety device is less than the set number, otherwise stops the roll. By the development of such a system, following results were obtained in this study:

1. The fail-safe floating system was realized by a programmable logic controller with triple, redundancy, diversity and the self checking mechanism.
2. The developed safety system could be applied for not only the automatic operation of the rollermill but the supply of the sheet or the cleaning of the roll.
3. The fail-safe rotational speed monitor and the safety distance monitor were realized by this programmable safety controller.
4. The smallest detection diameter M was expressed in M = bF + φ_M, where F is the floating optic axis number, b is the optic axis interval and φ_M is the physical resolution(14 mm) of the photo-electric safety device.
5. The detection of the human body was possible when the sheet was bent, because the sheet was supported by the operator and the optic axis was obstructed by the human body. The detection of the human body was also possible when the human body was hidden in the blind area of a hand tool, because the blinded optic axis number by the hand tool was larger than the blinded optic axis of the human body.

Keywords; Safety control, Photo-electric safety device, Floating, Rollermill, Fail-safe, Redundancy, Diversity, Self checking, Programmable controller

: This report proposes a laser sensor using new pattern matching methods to confirm safety and normality. The searching area of this sensor was divided into three portions, that is a safe confirmation area, a normal confirmation area and an unidentified area.
    The safe confirmation area was installed for the purpose of monitoring the absence of human in the moving area of the machine. The normality confirmation area was installed for the purpose of monitoring the malfunction of laser scanning. The unidentified area was installed for the purpose of changing the direction of laser scanning. The pattern matching was executed by getting laser beams from recurrent reflectors having special patterns (white and black stripes) located in each area.
    By the development of this system, following results were obtained in this study:

1. The recurrent type laser sensor could detect the human body(for example, human fingers with at least 20 mm width) located over 30 meters apart from the detector, because the recurrent reflectors had a high reflectivity for the laser beam. On the other hand, the direct detection type laser sensor could not detect the human body only about 5 meters apart from the detector, because the human body had a low reflectivity for the laser beam.
2. The redundancy and incompatible detection was required for the signal processing circuit, and the triple redundancy and diversity with the self checking mechanism were desirable. On the other hand, the scanning unit could be the single channel, because the machine stopped immediately according to the logical formula (1) described in this report when any elements of the scanning unit broke down.
3. The machine also stopped immediately when the position moving of recurrent reflectors or the change of light environment (solar light condition, etc.) occurred in the optical system.

Keywords; Safety control, Laser sensor, Fail-safe, Self checking, Safe confirmation, Human detection system

: This report proposes a new safety system for counting the number of operators in the moving area of the machine. It was very difficult to create such a system because the operator could enter into the machine moving area without pulling out of the interlocking key, and there were not only nominated operators but also non-nominated operators, passers-by, or observers in the actual field. Therefore, the system which can recognize the presence position of operators by the movement of interlocking keys was developed in this study.
    This system had next features:

1. The behavior of the operator was divided into 3 types, that is normal action, hazardous side error and safe side error. The hazardous side error means that the machine can not stop in spite of the presence of the operator in the machine moving area. For example, it arised when the operator did not extract the interlocking key as he entered into this area. In order to prevent such an error, the machine operation should be permitted only when the certain action pattern of the operator (the order of pulling the interlocking key, stepping safety mat switches. etc.) was normal.
   On the other hand, the safe side error means that the machine stops in spite of the absence oil the operator in the machine moving area. For example, it arised when the operator did not extract the interlocking key as he went out from this area. The restart of the machine was required in this case because the safety problem Caused.
   The optimum safe confirmation systems corresponding to each case were developed in this study.
2. The system considering not only nominated operators but also the behavior of the work director, non-nominated operators, passers-by or observers was developed. The restart system for the work director was also developed in this study.
3. The fail-safe system was realized by the programmable logic controller with triple redundancy, diversity and the self checking mechanism. The memory checking function was also very important for this system.

Keywords; Safety control, Fail-safe, Diversity, Redundancy, Self checking, Programable controller, Safe confirmation, Human detection system

: This report proposes a new turning angle monitor for the purpose of its application to industrial robots. The conventional robot systems sometimes use limit switches to detect the position of the robot. However, it was difficult to detect the accurate angle of the robot because the limit switch could not detect any angles. The new turning angle monitor which can generate the analog output voltage in proportion to the turning angle of the robot was developed for the purpose.
    The new angle monitor used power reed switches installed in the round shape around the robot, and these switches were operated by the permanent or electronic magnet. Features of this equipment were described as follows:

1. The accurate turning angle of the robot could be simply confirmed, because the output voltage was generated in proportion to the turning angle of the robot.
2. The fault part could be clarified by measuring the output voltage, because the different output voltages were generated depending on the normal and abnormal conditions.
3. The fail-safe system was realized by the programmable logic controller with triple redundancy, diversity and self checking mechanism.
4. The electro-magnetic noise would not affect this system, since the noise energy is too low to drive power reed switches.
5. The excellent reliability and safety could be realized, because the failure rate of power reed switches was very low (for example, less than 0.7 fit).
6. As a tamper-proof countermeasure, the method applying the enclosure of the sensor was surpassed than the method of periodically demagnetizing the magnetic field.

    As this study is under execution at present, the reliability test of power reed switches to switch over two hundred million times will be carried out, and the safe performance under the actual environment will be confirmed.

Keywords; Safety control, Safety device, Turning angle monitor, Fail-safe, Tamper proof, Power reed switch, Industrial robot

: This report proposes a new stop-hold monitor for the purpose of its application to industrial robots. The operator sometimes makes the robot stop-hold state, and carries out the maintenance or trouble shooting by approaching the robot very closely. These cases may cause an accident if the robot becomes runaway due to noise or malfunction.
    The emergency stop equipment in such cases was developed in this study. Such equipment was called the "stop-hold monitor". It could cut off the power and stopped the robot immediately when the robot under stop-hold state started the runaway. Features of this equipment were described as follows:

1. This equipment could be applied to not only the industrial robot but also any other various machines with rotating parts.
2. The conventional stop-hold monitor had the shaft combining the driving motor and the stop hold monitor. This kind of mechanism was very heavy. On the other hand, the new stop-hold monitor used power reed switches that can run over hundred billion times. The lightning of the stop-hold monitor could be realized as the result.
3. The fail-safe system was realized by the programmable logic controller with triple redundancy, diversity and self checking mechanism.
4. The electro-magnetic noise would not affect this system, since the noise energy is too low to drive power reed switches.
5. The excellent reliability and safety could be realized, because the failure rate of power reed switches was very low (for example, less than 0.7 fit).

    As this study is under execution at present, the reliability test of power reed switches to switch over two hundred billion times will be carried out, and the safe performance under the actual environment will be confirmed.

Keywords; Safety control, Safety device, Stop-hold monitor, Fail-safe, Redundancy, Diversity, Self checking, Power reed switch, Industrial robot

: This report proposes a new safety bus system for logistic machineries considering high level safety and life cycle cost. The cost reduction for safety control systems is a very important problem in the industrial engineering, especially design process, manufacturing process, maintenance or remodeling. In addition, the high level safety is required for logistic machineries because they sometimes cooperate with the human. The comprehensive solution of these problems was tried by the proposal of the "distributed and safety bus control".
    The developed system had following features:

1. The programming on the safety control was facilitated by changing the conventional relay system into the safety-bus controller.
2. The high level safety was realized by safety-bus controller with triple redundancy, diversity and the self checking mechanism, including a periodical automated inspection for the bus line.
3. The exclusive bus line was established between safety devices and the safety controller, and the wire saving was attempted for this system.
4. It would be able to install safety devices easily by using the bus line with open specification such as OSI(Open System Interconnection).

    As this study is under execution at present, the quantitative evaluation method for the life cycle cost will be developed, and the safe performance under the actual environment will be examined.

Keywords; Safety control, Safety device, Safety bus, Diversity, Redundancy, Self checking, Logistic machnery

: This specific research report proposed the new safety control technology using the programmable electronic equipment with triple redundancy, diversity and the self checking mechanism.
    Systems applied to this technology were also developed and evaluated in this research. Results obtained from this research are summarized as follows:

1. The examination of safety control theory
       It was generally considered that only the hard wired safety equipment could be applied to the high risk machinery till quite recently. However, it was clarified that the programmable electronic equipment is possible to use, if it has triple redundancy, diversity and the self checking mechanism, when the allowable accident occurrence rate was assumed under 10^-11/hour.
2. The development of the safety control system
       Various safety systems based on the theory described in chapter 2 were developed. As the result, it was proven that these systems are indispensable for the confirmation of large scale working area, the distinguishing between human bodies and objects, or the operation close by dangerous parts of the machine. Moreover, it was proven that the programmable electronic equipment is effective for not only the improvement of safety but also the cost reduction for design process, manufacturing process, maintenance or remodeling. The new concept of the "distributed and safety bus control" was also proposed.
3. The total evaluation of the developed system
       There was a request on the urgent practical application of the developed systems, especially the blanking system for the power press, the floating system for the rollermill and the safety bus system for the factory automation. There was also the indication that the laser sensor system could be applied to the port cargo or railway system. On the other hand, there were some indications about not only the improvement of safety performance but also the validity as a production system.
4. The contribution to standards
       The draft of the Japanese comprehensive safety standard for machineries was proposed based on the result of this research. The proposals for IEC62046 and other international safety standards were also discussed.