When I was wet behind the ears I worked on a release mechanism that dropped an anchor and recovered scientific instruments from the bottom of the ocean. It had a gearmotor driving a chain with some limit switches. One day as the department head was watching I tested the drive and the switch failed so the gearmotor stripped the teeh off a gear. The department head told me we should have a fuse in the motor lead to prevent that. I hesitantly told him I didn't think that was a good idea, I would rather just get the limit switch to work. But he insisted we needed a fuse and started leading me by the nose through calculating safety margins for fuses.
This attracted the attention of my immediate boss who asked whose bright idea it was to put a fuse in the motor drive. The department head described how a bad limit switch setting had shredded a $20 motor and disabled the product. But my boss explained that we want that motor to drive that chain or die trying. If the fuse blows it saves a $20 motor, but it leaves $100,000 of the customer's instruments stranded on the ocean floor. But if the motor drops the anchor, even if it is a smoking twisted mess when it is though, the mission is a success and the customer will be happy.
Backin 1974 I had components quality and reliability responsibilty for a number of products including one of the first 8" diskette drives. A four-position (90 degree) stepper motor drove a Geneva drive which drove a lead screw. Each step corresponded to a successive track.
The diskettes had 77 tracks. Upon startup, the programmer issued 80 steps towards the outside track to initialize the head position. This meant that the motor and drive would deliberately take between 3 and 80 impacts against the stop. Suddenly we began receiving a storm of field returns of motors with the explanation that they would no longer "calibrate." It turned out that a manufacturing change by the motor manufacturer resulted in a less solid attachment between the alnico magnet rotor and its shaft. The impacts were allowing the rotor to shift on the shaft and track positions were off correspondingly.
The solution, taken in consulation with the manufacturer, was to use a different manufacturing process which provided a stronger connection between magnet and shaft.
I still have one of those rotors, cross-sections, in use holding notes to my refrigerater door. Alnico magnets have now been superseded by Neodymium but for their time their strength was very impressive.
I saw a very exciting crash in a blow molding machine when the electrician working with me misadjusted the limit switch that stopped the two mold halves at the open position. So the large (4-inch) hydraulic cylinder drove the parts another inch past the end of the gear rack, which pulverized 6te teeth off of a two-inch wide gear. That made quite a bit of noise, and sent fragments in a number of directions. Fortunately the safety guard doors were closed, and the fragments were contained. After the excitement was over they asked me for a suggestion on how to prevent the failure happening again. The isuggestion that they adopted was to cut two more gear teeth into the reck, so that the additional travel would not cause any damage. They kept the limit switch to shorten the stroke and speed production, but now when it fails no damage is done. Not a bad save for an EE.
I was working on Advance Tactical Fighter it became the F22. We used the 1st 757 as a flying laboratory. We need a target for the systems. The guys were working on a van that contained sources. Two of the sources used antennas. Since the van was used over the road the antennas needed to fold down for travel and be erected for use. They had a winch for each. First I noticed there was no lever arm to raise them just a straight pull. Like raising the mast on a sail boat use the boom. Then I was concerned that someone would power into the erecting stop. So I put in limit switches. So you could not just lay on the switch. However if the person was diligent the antenna would not get to vertical before the limit switch cut off the power. So then I put in a bypass to nudge it into place.
I worked for Exxon Enterprises Star Systems 79-82 on a read/write optical storage system. Using 12" glass plattens and air bearing mounted optical head. We just used rubber baby buggy bumpers for those unintended excrusions to the end of travel.
As the comment tells us, it is absolutely vital that a processor crash not put the motion system in motion. We had, long ago, a test stand that used a micro controller and a wide ribbon cable as an I/O backplane. But all of the I/O were latching, so all kinds of damage would happen if the controller started something and then "wandered off", which was more common than hard crashing in this case.So I added an external watchdog timer to the system that had to be reset by the controller updating the I/O. If an update pulse was omitted the timer timed out and did a hard reset on all of the outputs. That feature served us very well.
Back in the late 70's I designed a coil winder for up to 12 Gauge wire - it had a servo drive setup, and a 25 pound wire guide that could slew up to 6 inches/sec and position to 1/100 inch. It was Z80 based, and the micro monitored the end stops and home position switch. During developement, the micro crashed, the servo sped against an end plate of 1/2 thick Al, and snapped it at a 1" wide point. Thereafter I put diodes and switches in series with the servo motor drive signal that interrupted the power when it hit an end stop switch, but the diode across each switch would let the servo back itself off the end stop. I also modifed the servo error circuit so that the micro added a displacement count into an error position counter so that other than the micro updating the desired position count, it positioned itself without micro intervention to the desired point.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.