fanuc 30iB, 31i B, 32i- B Connection Manual

FANUC Series 30*-MODEL B FANUC Series 31*-MODEL B FANUC Series 32*-MODEL B

Dual Check Safety

CONNECTION MANUAL

B-64483EN-2/01

• No part of this manual may be reproduced in any form.

• All specifications and designs are subject to change without notice.

The products in this manual are controlled based on Japan’s “Foreign Exchange and Foreign Trade Law”. The export from Japan may be subject to an export license by the government of Japan. Further, re-export to another country may be subject to the license of the government of the country from where the product is re-exported. Furthermore, the product may also be controlled by re-export regulations of the United States government. Should you wish to export or re-export these products, please contact FANUC for advice.

In this manual we have tried as much as possible to describe all the various matters. However, we cannot describe all the matters which must not be done, or which cannot be done, because there are so many possibilities. Therefore, matters which are not especially described as possible in this manual should be regarded as ”impossible”.

This manual contains the program names or device names of other companies, some of which are registered trademarks of respective owners. However, these names are not followed by ® or ™ in the main body.

B-64483EN-2/01 DEFINITION OF WARNING, CAUTION, AND NOTE

DEFINITION OF WARNING, CAUTION, AND NOTE

This manual includes safety precautions for protecting the user and preventing damage to the machine. Precautions are classified into Warning and Caution according to their bearing on safety. Also, supplementary information is described as a Note. Read the Warning, Caution, and Note thoroughly before attempting to use the machine.

WARNING

Applied when there is a danger of the user being injured or when there is a

danger of both the user being injured and the equipment being damaged if the approved procedure is not observed.

CAUTION

Applied when there is a danger of the equipment being damaged, if the

approved procedure is not observed.

NOTE

The Note is used to indicate supplementary information other than Warning and

Caution.

• Read this manual carefully, and store it in a safe place.

s-1

B-64483EN-2/01 PREFACE

PREFACE

Description of this manual

The manual consists of the following chapters:

Chapter 1, "OVERVIEW" Chapter 2, "SYSTEM CONFIGURATION" Chapter 3, "SAFETY FUNCTIONS" Chapter 4, "INSTALLATION" Chapter 5, "I/O SIGNALS" Chapter 6, "PARAMETERS" Chapter 7, "START-UP" Chapter 8, "ALARM MESSAGE" Chapter 9, "DIAGNOSIS" Chapter 10, "SAMPLE SYSTEM CONFIGURATION" Chapter 11, "APPLICATION OF OTHER FUNCTIONS" Chapter 12, "COMPONENTS LIST" Appendix A CONNECTION OF TWO MCCS Appendix B, "DIRECTIVES, STANDARDS AND TECHNICAL CONDITIONS FOR 3RD PARTY SERVO / SPINDLE MOTORS & ENCODERS WHEN APPLYING FANUC / GE FANUC DUAL-CHECK SAFETY"

Applicable models

This manual can be used with the following models. The abbreviated names may be used.

Model name Abbreviation

FANUC Series 30i–B 30i –B Series 30i FANUC Series 31i–B 31i –B

FANUC Series 31i–B5 31i –B5 FANUC Series 32i–B 32i –B Series 32i

Related manuals of Series 30i- MODEL B Series 31i- MODEL B Series 32i- MODEL B

The following table lists the manuals related to Series 30i-B, Series 31i-B, Series 32i-B. This manual is indicated by an asterisk(*).

Table 1 Related manuals of Series 30i- MODEL B, Series 31i- MODEL B, Series 32i- MODEL B

Manual name Specification number

DESCRIPTIONS B-64482EN CONNECTION MANUAL (HARDWARE) B-64483EN CONNECTION MANUAL (FUNCTION) B-64483EN-1 OPERATOR’S MANUAL (Common to Lathe System/Machining Center System) B-64484EN OPERATOR’S MANUAL (For Lathe System) B-64484EN-1 OPERATOR’S MANUAL (For Machining Center System) B-64484EN-2 MAINTENANCE MANUAL B-64485EN PARAMETER MANUAL B-64490EN Programming Macro Executor PROGRAMMING MANUAL B-63943EN-2 Macro Compiler PROGRAMMING MANUAL B-66263EN C Language Executor PROGRAMMING MANUAL B-63943EN-3

p-1

Series 31i

PREFACE B-64483EN-2/01

Manual name Specification number

PMC

PMC PROGRAMMING MANUAL B-64513EN Network PROFIBUS-DP Board CONNECTION MANUAL B-63993EN Fast Ethernet / Fast Data Server OPERATOR’S MANUAL B-64014EN DeviceNet Board CONNECTION MANUAL B-64043EN FL-net Board CONNECTION MANUAL B-64163EN CC-Link Board CONNECTION MANUAL B-64463EN Operation guidance function

MANUAL GUIDE i (Common to Lathe System/Machining Center System) OPERATOR’S MANUAL MANUAL GUIDE i (For Machining Center System) OPERATOR’S MANUAL MANUAL GUIDE i (Set-up Guidance Functions) OPERATOR’S MANUAL

Dual Check Safety

Dual Check Safety CONNECTION MANUAL B-64483EN-2 *

B-63874EN

B-63874EN-2 B-63874EN-1

Related manuals of SERVO MOTOR αi/βi series

The following table lists the manuals related to SERVO MOTOR αi/βi series

Table 2 Related manuals

Manual name Specification number

FANUC AC SERVO MOTOR αi series DESCRIPTIONS FANUC AC SERVO MOTOR αi series / FANUC AC SERVO MOTOR βi series / FANUC LINEAR MOTOR LiS series / FANUC SYNCHRONOUS BUILT-IN SERVO MOTOR DiS series PARAMETER MANUAL FANUC AC SPINDLE MOTOR αi series DESCRIPTIONS FANUC AC SPINDLE MOTOR αi/βi series, BUILT-IN SPINDLE MOTOR Bi series PARAMETER MANUAL FANUC SERVO AMPLIFIER αi series DESCRIPTIONS FANUC AC SERVO MOTOR αi series / FANUC AC SPINDLE MOTOR αi series / FANUC SERVO AMPLIFIER αi series MAINTENANCE MANUAL

CNCs that are described in this manual can be connected to following servo motors and spindle motors. Note that motors of the αi SV series, αi SP series, αi PS series, and βi SV series can be connected only when they are compatible with 30i-B. This manual mainly assumes that the FANUC SERVO MOTOR αi series of servo motor is used. For servo motor and spindle information, refer to the manuals for the servo motor and spindle that are actually connected.

B-65262EN

B-65270EN

B-65272EN B-65280EN B-65282EN B-65285EN

p-2

B-64483EN-2/01 TABLE OF CONTENTS

DEFINITION OF WARNING, CAUTION, AND NOTE................................. s-1

PREFACE....................................................................................................p-1

1 OVERVIEW .............................................................................................1

1.1 DIRECTIVE AND STANDARDS....................................................................1

1.1.1 Directives..................................................................................................................1

1.1.2 Related Safety Standards..........................................................................................1

1.1.3 Risk Analysis and Evaluation...................................................................................2

1.2 DEFINITION OF TERMS...............................................................................2

1.2.1 General Definition of Terms ....................................................................................2

1.2.2 Definition of Terms Related to the Safety Function.................................................2

1.3 BASIC PRINCIPLE OF DUAL CHECK SAFETY...........................................3

1.3.1 Features of Dual Check Safety.................................................................................3

1.3.2 Compliance with the Safety Standard (ISO13849-1, Category 3, PL d)..................3

1.3.2.1 Latent error detection and cross-check................................................................ 5

1.3.2.2 Safety monitoring cycle and cross-check cycle...................................................5

1.3.2.3 Error analysis.......................................................................................................5

1.3.2.4 Remaining risks...................................................................................................6

1.4 GENERAL INFORMATION ...........................................................................7

1.5 SAFETY FUNCTION BY FL-net....................................................................8

2 SYSTEM CONFIGURATION...................................................................9

3 SAFETY FUNCTIONS ...........................................................................10

3.1 APPLICATION RANGE...............................................................................10

3.2 BEFORE USING THE SAFETY FUNCTION...............................................11

3.2.1 Important Items to Check Before Using the Safety Function ................................11

3.2.2 MCC off Test of the Safe Stop Function ................................................................12

3.3 STOP...........................................................................................................12

3.3.1 Stopping the Spindle Motor ...................................................................................12

3.3.2 Stopping the Servo Motor ......................................................................................12

3.3.3 Stop States..............................................................................................................13

3.4 SAFETY-RELATED I/O SIGNAL MONITORING.........................................13

3.5 EMERGENCY STOP...................................................................................20

3.6 SAFE SPEED MONITORING......................................................................21

3.7 SAFE MACHINE POSITION MONITORING ...............................................22

3.8 MCC OFF TEST..........................................................................................23

3.9 SAFETY POSITION SWITCH FUNCTION..................................................25

3.10 SAFETY RELATED PARAMETERS CHECK FUNCTION...........................27

3.11 PARAMETER LOCK FUNCTION................................................................27

3.12 SEFETY POSITION ERROR MONITORING FUNCTION...........................27

3.13 AMPLIFIER CIRCUIT MONITORING FUNCTION.......................................28

3.14 SAFETY BRAKE SIGNAL OUTPUT FUNCTION ........................................28

3.15 CPU SELF TEST FUNCTION......................................................................29

3.16 RAM CHECK FUNCTION............................................................................29

3.17 CRC CHECK FUNCTION............................................................................30

3.18 SAFE STOP MONITORING ........................................................................30

c-1

TABLE OF CONTENTS B-64483EN-2/01

3.19 BRAKE TEST ..............................................................................................31

4 INSTALLATION ....................................................................................36

4.1 OVERALL CONNECTION DIAGRAM .........................................................37

4.1.1 In case of using the I/O Link..................................................................................37

4.1.2 In case of using the I/O Link i ................................................................................38

4.1.3 In case of using PROFIBUS-DP on the DCS PMC side........................................39

5 I/O SIGNALS.........................................................................................40

5.1 OVERVIEW .................................................................................................40

5.2 SIGNAL ADDRESS.....................................................................................41

5.3 SIGNALS.....................................................................................................47

5.4 PROGRAMMABLE SAFETY I/O SIGNAL...................................................62

5.5 NOTE ON MULTI PATH CONTROL............................................................63

5.5.1 Machine Group And Multi Path Control................................................................63

6 PARAMETERS......................................................................................64

6.1 OVERVIEW .................................................................................................64

6.2 DATA TYPE.................................................................................................64

6.3 REPRESENTATION OF PARAMETERS ....................................................65

6.4 STANDARD PARAMETER SETTING TABLES...........................................66

6.5 PARAMETERS............................................................................................67

6.6 PROFIBUS-DP PARAMETER SETTINGS..................................................94

7 START-UP.............................................................................................96

7.1 START-UP OPERATION.............................................................................96

7.1.1 Acceptance Test and Report for Safety Functions .................................................96

7.2 START-UP OF THE SAFETY FUNCTION ..................................................97

7.2.1 Initial Start-up.........................................................................................................97

7.2.2 Series (2nd and Subsequent Machines) Startup .....................................................99

7.2.3 Troubleshooting .....................................................................................................99

8 ALARM MESSAGE.............................................................................100

9 DIAGNOSIS.........................................................................................108

9.1 MCC OFF TEST STATUS SCREEN.........................................................108

9.2 CROSS CHECK DATA SCREEN..............................................................109

9.3 BRAKE TEST SCREEN.............................................................................115

9.4 FLOW MONITORING SCREEN................................................................115

9.5 FEED LIMIT MONITORING SCREEN.......................................................116

9.6 SAFE MACHINE POSITIONING MONITORING SCREEN.......................119

9.7 SAFETY POSITION ERROR MONITORING SCREEN.............................119

9.8 DIAGNOSIS SCREEN...............................................................................120

10 SAMPLE SYSTEM CONFIGURATION...............................................123

10.1 SAMPLE CONFIGURATION.....................................................................123

10.1.1 Sample Configuration for One Machine Group (1)..............................................123

10.1.2 Sample Configuration for One Machine Group (2: when Multiple MCCs are

Used) ....................................................................................................................124

10.2 SAMPLE CONNECTIONS.........................................................................125

10.2.1 Emergency Stop Signal (*ESP)............................................................................125

c-2

B-64483EN-2/01 TABLE OF CONTENTS

10.2.2 Guard Open Request Signal (ORQ).....................................................................126

10.2.3 Test Mode Signal (OPT) ......................................................................................126

10.2.4 Guard Open Inhibit Signal (*OPIHB), Monitoring Result Signal (RSVx,RSPx),

Safety check Request Signal (*VLDVx,*VLDPs) ...............................................127

10.2.5 MCC Off Signal (*MCF,*MCFVx,*MCFPs,*DCALM),

MCC Contact State Signal (*SMC) .....................................................................130

10.3 EXAMPLE OF APPLICATION...................................................................131

10.3.1 Rotating the Spindle Manually in the Emergency Stop State ..............................131

11 APPLICATION OF OTHER FUNCTIONS...........................................132

11.1 OVERVIEW ...............................................................................................132

11.2 EXTERNAL DECELERATION...................................................................132

11.2.1 Overview..............................................................................................................132

11.2.2 Specifications .......................................................................................................133

11.2.3 Signals..................................................................................................................134

11.2.3.1 Details on signals.............................................................................................134

11.2.3.2 Signal address.................................................................................................. 135

11.2.4 Parameters............................................................................................................135

11.3 SPINDLE OUTPUT CONTROL BY THE PMC ..........................................137

11.3.1 Overview..............................................................................................................137

11.3.2 Specifications .......................................................................................................138

11.3.3 Signals..................................................................................................................138

11.3.3.1 Details on signals.............................................................................................138

11.3.3.2 Signal address.................................................................................................. 139

11.3.4 Parameters............................................................................................................140

11.4 SPINDLE POSITIONING...........................................................................140

11.4.1 Overview..............................................................................................................140

11.4.2 Specifications .......................................................................................................140

11.4.3 Signals..................................................................................................................142

11.4.3.1 Details on signals.............................................................................................142

11.4.3.2 Signal address.................................................................................................. 143

11.4.4 Parameters............................................................................................................143

11.5 Cs CONTOUR CONTROL.........................................................................149

11.5.1 Overview..............................................................................................................149

11.5.2 Specifications .......................................................................................................149

11.5.3 Signals..................................................................................................................150

11.5.3.1 Details on signals.............................................................................................150

11.5.3.2 Signal address.................................................................................................. 151

11.5.4 Parameters............................................................................................................151

11.6 SPINDLE ORIENTATION..........................................................................154

11.6.1 Overview..............................................................................................................154

11.6.2 Specifications .......................................................................................................155

11.6.3 Signals..................................................................................................................155

11.6.3.1 Details on signals.............................................................................................155

11.6.3.2 Signal address.................................................................................................. 157

11.6.4 Parameters............................................................................................................157

11.6.5 Sequence...............................................................................................................159

11.7 SAFETY STOPPING FUNCTION AT OPENING PROTECTION DOOR...161

11.7.1 Overview..............................................................................................................161

11.7.2 Safety Function ....................................................................................................161

11.7.2.1 Scope ............................................................................................................... 161

11.7.2.2 Monitoring the Excitation off signals of the α

11.7.3 Connection ...........................................................................................................165

i SP.......................................... 162

c-3

TABLE OF CONTENTS B-64483EN-2/01

11.7.3.1 Connection from connector JX4 on the α

(on the DCS PMC side)................................................................................... 166

11.7.4 Parameter..............................................................................................................166

11.7.4.1 Safe Speed Selection signal............................................................................. 166

11.7.4.2 Programmable Safety I/O signals....................................................................167

i SP series to an I/O unit

11.8 CONTROLLED AXIS DETACH .................................................................167

11.8.1 Overview..............................................................................................................167

11.8.2 Signal Sequence ...................................................................................................168

11.8.3 Specification.........................................................................................................169

11.8.4 Replacing a Spindle Head ....................................................................................170

11.8.5 Signal Sequence ...................................................................................................171

11.8.6 Specification.........................................................................................................172

11.8.7 Signal....................................................................................................................172

11.8.7.1 Details of signals..............................................................................................172

11.8.7.2 Signal address.................................................................................................. 173

11.8.8 Parameter..............................................................................................................173

11.8.9 Alarm message .....................................................................................................174

APPENDIX

A CONNECTION OF TWO MCCS..........................................................177

A.1 Overview....................................................................................................177

A.2 CONFIGURATIONS..................................................................................177

A.3 DISABLING MCC OFF TEST....................................................................180

B Directives, Standards and Technical Conditions for 3rd Party

Servo / Spindle Motors & Encoders when Applying FANUC

Dual-check Safety..............................................................................181

B.1 GENERAL .................................................................................................181

B.2 MANDATORY STANDARDS AND DIRECTIVES......................................181

B.3 SPINDLES.................................................................................................182

B.3.1 Spindle Motors – Driven by FANUC Spindle Amplifier.....................................182

B.3.2 Spindle Encoder – Speed / Position Feedback Sensor Embedded in Motor........182

B.4 SERVO......................................................................................................182

B.4.1 Servo Motors – Driven by FANUC Servo Amplifier...........................................182

B.4.2 Servo Encoder – Speed / Position Feedback Sensor Embedded in Motor...........183

B.4.2.1 Encoder with FANUC Serial Interface............................................................ 183

B.4.2.2 A/B-Phase Sine-wave Interface Connected to FANUC Interpolation Circuit.183

c-4

B-64483EN-2/01 1.OVERVIEW

1 OVERVIEW

Setup for machining, which includes attaching and detaching a workpiece to be machined, and moving it to the machining start point while viewing it, is performed with the protection door opened. The dual check safety function provides a means for ensuring a high level of safety with the protection door opened.

The simplest method of ensuring safety when the protection door is open is to shut off power to the motor drive circuit by configuring a safety circuit with a safety relay module. In this case, however, no movements can be made on a move axis (rotation axis). Moreover, since the power is shut off, some time is required before machining can be restarted. This drawback can be corrected by adding a motor speed detector to ensure safety. However, the addition of an external detector may pose a response problem, and the use of many safety relay modules results in a large and complicated power magnetic cabinet circuit.

With the dual check safety function, two independent CPUs built into the CNC monitor the speed and position of motors in dual mode. An error in speed and position is detected at high speed, and power to the motor is shut off via two independent paths. Processing and data related to safety is cross-checked by two CPUs. To prevent an accumulation of failure, a safety-related hardware and software test must be conducted at certain intervals time.

The dual check safety system need not have an external detector added. Instead, only a detector built into a servo motor or spindle motor is used. This configuration can be implemented only when those motors, detectors built into motors, and amplifiers that are specified by FANUC are used.

The dual check safety function ensures safety with the power turned on, so that an operator can open the protection door to work without turning off the power. A major feature of the dual check safety function is that the required time is very short from the detection of an abnormality until the power is shut off. A cost advantage of the dual check safety function is that external detectors and safety relays can be eliminated or simplified.

If a position or speed mismatch is detected by a cross-check using two CPUs, the safety function of the Dual Check Safety works the power to be shut off (MCC off) to the motor drive circuit.

IMPORTANT

The dual check safety function cannot monitor the stop state of the motors.

1.1 DIRECTIVE AND STANDARDS

1.1.1 Directives

Machine tools and their components must satisfy the EC directives listed below. The FANUC CNC systems with the dual check safety function are compatible with all of these directives.

Directive

Directive 2006/42/EC 2006 Safety of machinery Directive 2004/108/EC 2004 Electromagnetic compatibility Directive 2006/95/EC 2006 Low Voltage Requirement

1.1.2 Related Safety Standards

To be compatible with the directives, especially the machine directive, the international standards and European standards need to be observed.

- 1 -

1.OVERVIEW B-64483EN-2/01

Important safety standards

ISO 12100 -1/2 Safety of machinery – Basic concepts, general principle for design

- Part 1: Basic terminology, methodology

- Part 2: Technical principles for design

EN954-1 1997 Safety of machinery – Safety related parts of control systems –

Part 1: General principles for design

IEC 61508 Functional safety of electrical / electronic / programmable electronic

safety-related systems

ISO 13849-1 Safety of machinery – Safety-related parts of control systems –

Part 1 : General principles for design ISO 14121–1 Safety of machinery – Principles for risk assessment EN60204-1 2006 Safety of machinery – Electrical equipment of machine

Part 1 : General requirements IEC 62061 Safety of machinery Functional safety, safety–related electrical, electronic

and programmable electronic control systems

1.1.3 Risk Analysis and Evaluation

According to the machine directive, the manufacturer of a machine or machine components and a responsible person who supplies a machine or machine components to the market must conduct risk evaluation to identify all risks that can arise in connection with the machine or machine components. Based on such risk analysis and evaluation, a machine and machine components must be designed and manufactured. Risk evaluation must reveal all remaining risks and must be documented.

1.2 DEFINITION OF TERMS

1.2.1 General Definition of Terms

Reliability and safety Reliability and safety are defined by EN292-1 as follows:

Term Definition

Reliability Capability of a machine, machine component, or equipment to perform its required function

under a specified condition for a specified period

Safety Capability of a machine to perform its function without injuring the health under a condition of

use for an intended purpose specified in the operator's manual and allow its transportation, installation, adjustment, maintenance, disassembly, and disposal

1.2.2 Definition of Terms Related to the Safety Function

Safety-related I/O signal

Safety-related I/O signals are input/output signals monitored by two systems. These signals are valid for each feed axis and spindle with a built-in safety function, and are used with each monitoring system. Example: Protection door state signal

Safety stop

When a safety stop occurs, power to the drive section is shut off. The drive section can generate neither a torque nor dangerous operation. The following are measures for incorporating the safety stop feature: Contactor between the line and drive system (line contactor) Contactor between the power section and drive motor (motor contactor) If an external force is applied (such as a force applied onto a vertical axis), an additional measure (such as a mechanical brake) must be securely implemented to protect against such a force.

- 2 -

B-64483EN-2/01 1.OVERVIEW

Safety limitation speed

When the drive system has reached a specified limitation speed, a transition is made to the safe stop state. A measure must be implemented to prevent a set limitation speed from being changed by an unauthorized person.

Safety machine position

When the drive system has reached a specified positional limit, a transition is made to the safety stop state. When a positional limit is set, a maximum move distance traveled until a stop occurs must be considered. A measure must be implemented to prevent a set positional limit from being changed by an unauthorized person.

1.3 BASIC PRINCIPLE OF DUAL CHECK SAFETY

1.3.1 Features of Dual Check Safety

Dual Check Safety function has the following features.

- Two-channel configuration with two or more independent CPUs

- Cross-check function for detecting latent errors

Detection

A servo motor detector signal is sent via the servo amplifier and is applied to the CNC through the FSSB interface. Then, it is fed to two CPUs: a CNC CPU and a Servo CPU. A spindle motor detector signal is sent via the spindle amplifier and is applied to the CNC connected through the FSSB interface or serial interface. Then, it is fed to two CPUs: a CNC CPU and a CPU built into the spindle amplifier. The safety related signal such as guard signal is sent via the independent I/O unit and is applied to the CNC through the I/O Link or I/O Link i interface. Then, it is fed to two CPUs: a CNC CPU and a PMC CPU.

Evaluation

The safety function is monitored independently by a CNC CPU and servo CPU or by a CNC CPU and spindle CPU. Each CPU cross-checks data and results at certain intervals.

Response

If the monitoring function detects an error, the CNC CPU and the servo/spindle CPU switch off the MCC via independent paths to shut off the power to the feed axis and spindle.

1.3.2 Compliance with the Safety Standard (ISO13849-1, Category 3,

PL d)

The Dual Check Safety function complies with the requirements of the safety standard ISO13849-1, Category 3, Performance Level (PL) d.

NOTE

The Dual Check Safety function is not meant to guarantee that the PL d

requirements are met across the entire system. The PL value of the system as a whole is determined by the PL values of all its subsystems; therefore, the PL of the entire system needs to be evaluated by the machine tool builder. The PL value of the CNC, which is one of the subsystems, becomes d when the Dual Check Safety function is used.

- 3 -

1.OVERVIEW B-64483EN-2/01

Category 3 requires the following:

- The safety function of a safety-related portion must not degrade when a single failure occurs.

- Single errors must be detected at all times when natural execution is possible.

To satisfy these requirements, the dual check safety function is implemented using the two-channel configuration shown below.

Shut off power

Magn e tic contactor

Shut off power

Motor detector signal

Cross-check of data and results

Servo

Spindle

CPU

CNC

CNC CPU

CPU

Door switch signal

PMC CPU

Monitoring of servo motor and spindle motor movement

Data output from the detector built into each motor is transferred to the CNC through the amplifier. The safety of this path is ensured by using motors and amplifiers specified by FANUC.

Cross-monitoring using 2 CPUs

Two CPUs built into the CNC are used to cross-monitor the safety function. Each CPU is periodically checked for errors. If one system fails, the servo and spindle can be stopped safely.

Power shutoff via two paths

If an error is detected, the power is shut off via two power shutoff paths. The paths need to be tested for built-up failures within a certain time.

Input signal safety

Safety-related input signals such as the protection door lock/unlock signal are monitored in redundant mode. If a mismatch between the two occurrences of a signal is detected, the power to the motor drive circuit is shut off. This cross-check is constantly made.

Output signal safety

A signal is output (via two paths) to the relay used to shut off the power to the motor drive circuit. An error is detected by a MCC off Test. To detect an accumulation of failure, a MCC off Test needs to be conducted at certain intervals. This MCC off Test is not mandatory when machining is performed with the protection door closed. (The MCC off Test should be performed, before the protection door is open after the certain intervals.)

- 4 -

B-64483EN-2/01 1.OVERVIEW

1.3.2.1 Latent error detection and cross-check

Detection of latent errors

This detection function can detect latent software and hardware errors in a system that has a two-channel configuration. So, the safety-related portions of the two channels need to be tested at least once within an allowable period of time for latent errors. An error in one monitoring channel causes a mismatch of results, so that a cross-check detects the error.

CAUTION

Forced detection of a latent error on the MCC shutoff path must be performed by

the user through a MCC off Test (after power-on and at intervals of a specified time (within normally 24 hours)). When the system is operating in the automatic mode (when the protection door is closed), this detection processing is not requested as mandatory. But, before the protection door opens after the specified time, the detection processing is required mandatory. If this has not been performed, lock for the protection door should not be released.

Cross-check

A latent safety-related error associated with two-channel monitoring can be detected as a result of cross-checking.

NOTE

An error detected as the result of forced latent error detection or cross-checking

leads to a safety stop state. (See Subsec. 3.3.3).

1.3.2.2 Safety monitoring cycle and cross-check cycle

The safety function is subject to periodical monitoring in a monitoring cycle. The following functions are monitored at every 8ms.

- Safe speed monitoring (servo motor)

- Safe machine position monitoring (servo motor)

- Safe position error monitoring (servo motor)

The cross-check cycle represents a cycle at which all I/O data subject to cross-checking is compared. Cross-check cycle: 8 ms

1.3.2.3 Error analysis

Error analysis The table below indicates the results of system error analysis controlled by the dual check safety function.

Error analysis when the protection door is open

Error Cause Action

Excessive speed for Spindle axis Excessive speed for feed axis Feed axis safety machine position error Input/output signal error

Amplifier or CNC control unit failure, operation error, etc. Amplifier or CNC control unit failure, operation error, etc. Amplifier or CNC control unit failure, operation error, etc.

Wiring error, CNC control unit failure, etc. Safe-related I/O signal monitoring function

Safety limitation speed monitoring function EN60204-1 Category 1/0 stop Safety limitation speed monitoring function EN60204-1 Category 1/0 stop Safety machine position monitoring function EN60204-1 Category 1/0 stop

EN60204-1 Category 1/0 stop

- 5 -

1.OVERVIEW B-64483EN-2/01

Error analysis when the protection door is closed

Error Cause Action

Input/output signal error

Wiring error, CNC control unit failure, etc. Safe-related I/O signal monitoring function

EN60204-1 Category 1/0 stop

1.3.2.4 Remaining risks

The machine tool builder is to make a failure analysis in connection with the control system and determine the remaining risks of the machine.

The dual check safety system has the following remaining risks:

a) The safety function is not active until the CNC control unit and drive system have fully powered up.

The safety function cannot be activated if any one of the components of the CNC control unit or drive is not powered on.

b) Interchanged phases of motor connections, reversal in the signal of encoder and reversal mounting of

encoder can cause an increase in the spindle speed or acceleration of axis motion. If abnormal speed detected, system controlled to brake to zero speed, but no effective for above error. MCC off is not activated until the delay time set by parameter has expired. Electrical faults (component failure etc.) may also result in the response described above.

c) Faults in the absolute encoder can cause incorrect operation of the safety machine position

monitoring function.

d) With a 1-encoder system, encoder faults are detected in a single channel, but by various HW and

SW monitoring functions. The parameter related to encoder must be set carefully. Depending on the error type, a category 0 or category 1 stop function according to EN60204-1 is activated.

e) The simultaneous failure of two power transistors in the inverter may cause the axis to briefly

(motion depend on number of pole pairs of motor) Example: An 8-pole synchronous motor can cause the axis to move by a maximum of 45 degrees. With a

ball-screw that is directly driven by, e.g.16mm per revolution, this corresponds to a maximum linear motion of approximately 2.0mm.

f) When a limit value is violated, the speed may exceed the set value briefly or the axis/spindle

overshoot the set point position to a greater or lesser degree during the period between error detection and system reaction depending on the dynamic response of the drive and the parameter settings (see Section Safety-Functions)

g) The category 0 stop function according to EN60204-1 means that the spindles/axes are not braked to

zero speed, but coast to a stop (this may take a very long time depending on the level of kinetic energy involved). This must be noted, for example, when the protective door locking mechanism is opened.

h) Amplifiers (drive power modules) and motors must always be replaced by the same equipment type

or else the parameters will no longer match the actual configuration and cause Dual check Safety to respond incorrectly.

i) Dual check Safety is not capable of detecting errors in parameterization and programming made by

the machine tool builder. The required level of safety can only be assured by thorough and careful acceptance.

j) There is a parameter that MCC off test is not to be made in the self test mode at power-on as in the

case of machine adjustment. This parameter is protected, only changed by authorized person. IF

MCC off test is not conducted, MCC may not be off at stop response is measured. k) Safety machine position monitoring function does not apply to the spindle axis. l) During machine adjustment, an exact motion may be executed incorrectly until the safety functions

setup correctly and confirm test is completely.

- 6 -

B-64483EN-2/01 1.OVERVIEW

m) Before the reference point return is performed and the MCC off test is performed, it may be

dangerous because the correct operation does not be guaranteed. So, the careful operations are

required when the machine is operated in the status that the protection door opens. n) The delay timer is prepared for the cross-checking of the safety related I/O. When the inconsistency

exists between the signal from the 2 paths, system will recognize this failure, after this time is passed.

The system will start the sequence of MCC shut-off, when this time is passed after the inconsistency

is detected. o) Even if <Signal State via PMC> does not match <Signal State via DCSPMC> for the time specified

by parameter No. 13810 after the CNC starts, no alarm occurs.

1.4 GENERAL INFORMATION

The following requirements must be fulfilled for the Dual-Check System:

- All conditions of the certification report have to be respected.

- Before shipping the machine, the machine tool builder has to do tests for insulation and protective

bonding.

- The procedures for the changes in the System (either HW or SW) should be referred to Maintenance

Manual (B-64485EN). When safety related components are exchanged, confirmation test regarding

safety functions can be performed according to Chapter 8.

- Programming in ladder logic should be referred to PMC Programming Manual (B-64513EN).

Training

FANUC Training Center provides versatile training course for the person who is concerned with hardware installation, maintenance and operation. FANUC recommend studying and learning in the training center how efficiently operate FANUC products. There are 5 CNC training course.

[ CNC GENERAL COURSE ] Provides basics of CNC functions, operation and programming. The course is recommended before taking more specialized training courses to gain best effects.

MAIN ITEMS OF TRAINING

- Configuration of CNC

- Basic function and programming of CNC

- Operation of CNC

- Function and programming of turning machine

- Function and programming of milling machine

- Configuration and function of servo system

More information and course registration Yamanakako-mura, Yamanashi Prefecture : 401-0501, JAPAN Phone : 81-555-84-6030 Fax : 81-555-84-5540 Internet: www.fanuc.co.jp/eschool

- 7 -

1.OVERVIEW B-64483EN-2/01

1.5 SAFETY FUNCTION BY FL-net

In a machine system such as a transfer line, each of its multiple stations has an operator's panel equipped with an emergency stop button. The safety circuit of the entire system needs to be configured so that the emergency stop signal is sent to all CNCs when the emergency stop button of any of these stations is pressed. To allow such a safety circuit to be built among multiple CNCs, a Safety function by FL-net is provided that uses FL-net communication. By running this Safety function by FL-net under the Dual Check Safety function, it is possible to provide all connected CNCs with a safety signal of up to 7 bits. For details, refer to the FL-net Board CONNECTION MANUAL (B-64163EN).

- 8 -

B-64483EN-2/01 2.SYSTEM CONFIGURATION

2 SYSTEM CONFIGURATION

The dual check safety function has the following components.

Applicable CNC

FANUC Series 30i-B FANUC Series 31i-B5 FANUC Series 31i-B FANUC Series 32i-B

Amplifier, Motor and I/O

For details on applicable amplifiers, motors, and I/O units, see Chapter 12, "COMPONENTS LIST".

NOTE

The servo amplifiers and servo motors connected to the CNC via the I/O Link

interface do not support the dual check safety function.

- 9 -

3.SAFETY FUNCTIONS B-64483EN-2/01

3 SAFETY FUNCTIONS

3.1 APPLICATION RANGE

The dual check safety function assumes the following configuration:

A) At least, one protective door is provided. B) If protective door is closed, safety is assured.

When the operator makes a request to open the protective door, the safety functions are enabled, and the protective door can be unlocked. While the protective door is open, the active safety functions assure safety. When the request to open the protective door is canceled, the protective door is locked, and the safety functions are disabled.

The dual check safety function provides these safety functions while the protective door is open, as described above. Some of the safety functions continue working while the protective door is closed.

WARNING

The machine tool builder is responsible for the followings.

- To secure the safety by the sequence to make safety function effective according to the status of the protective door

- To secure the safety while the protective door is closed

- To secure the safety related to the other moving components and so on than FANUC servo motors and spindle motors controlled by the dual check safety function, while the protective door is open

Safety function

The dual check safety function has the following safety functions:

• Safety-related I/O signal dual monitoring Emergency stop input, protective door open/close state, safety-related signals like MCC contact state Output signal for shutting off the power (MCC off signal) To detect the latent cause of an abnormal state of this output, a MCC off Test must be made.

• Spindle motor Safe speed monitoring

• Servo motor Safe speed monitoring Safe machine position monitoring Safe position error monitoring

CAUTION

This safety function is enabled while the protective door is open after a request

to open the protective door is made. If the request to open the protective door is canceled and if the protective door is closed, this safety function is disabled. The input check of the safety-related I/O signal monitoring function in redundant mode and the emergency stop function are always active, regardless of whether the protective door is opened or closed.

- 10 -

B-64483EN-2/01 3.SAFETY FUNCTIONS

Dual monitoring of emergency stop signal

Emergency stop

Safety related signal is checked by the CNC(DCS PMC) and the PMC in redundant mode

Safe speed of servo motor and machine position are checked by the CNC and the Servo in redundant mode

Protective door

Door lock open/close monitoring

CNC

Protective door lock signal

Dual monitoring of protective door state

CNC

DCS PMC

Cross check

Servo

Power down command

PMC

Cross check

Power down

Spindle software

Spindle amplifier

Servo amplifier

common power supply

Dual monitoring of MCC

Power

(MCC)

Dual monitoring of MCC Dual power down Detection of latent cause of error by MCC off test

The CNC and the spindle check the safe speed of the spindle motor in redundant mode.

Spindle motor

Safe speed monitoring

Servo motor

Safe speed monitoring. Safe machine position monitoring. Safe position error monitoring.

down

3.2 BEFORE USING THE SAFETY FUNCTION

3.2.1 Important Items to Check Before Using the Safety Function

When using the safety function for the first time upon assembly of the machine, replacing a part, or changing a safety parameter (such as a safe speed limit or safe range as described in Chapter 6), the user must check that all safety parameters are correct and that all safety functions are working normally. A return reference position must be made on each axis. The user must also check the absolute position of the machine. For details, see Chapter 7, “START UP.”

- 11 -

3.SAFETY FUNCTIONS B-64483EN-2/01

3.2.2 MCC off Test of the Safe Stop Function

An MCC off Test of the safe stop function monitors the contact state of the electromagnetic contactor (MCC), compares the state with a command to the electromagnetic contactor, and checks that the safe stop function works normally. The user of the machine must carry out the test. This test must be carried out when the CNC is turned on or when 24 hours have elapsed after the previous test is completed. If the CNC is turned on or if 24 hours have elapsed after the previous test is completed, a guard open request (protective door open request) should not be accepted until the test is performed. A machine tool builder must make the ladder program to realize this sequence.

3.3 STOP

3.3.1 Stopping the Spindle Motor

Because the spindle motor is an induction type motor, power-down during rotation causes the motor to continue rotating for a certain amount of time. From a safety standpoint, the motor may have to be stopped immediately. If an error is detected and the spindle is judged to be controlled, it is possible to stop spindle motor by the ladder program. In case of emergency stop and abnormal condition of safety related I/O, it is necessary to design the ladder program to shut off the power after waiting the specified time elapses.

To speed down and stop the spindle, the machine must input the spindle Emergency Stop signals (*ESPA<G71.1>, *ESPB<G75.1>, and so on) in PMC. When this signal is input, the spindle slows down and stops. (A Ladder program must be created for inputting this signal in case of alarm.) The input of *EMG emergency stop input (connector CX4) of the common power supply also has the same effect. If the Emergency Stop signal is connected to emergency stop input (connector CX4) of the PSM, the spindle slows down and stops in the emergency stop state. If the spindle does not stop in spite of the stop command, the MCC is shut off.

If this processing is not performed, power-down causes the spindle motor to continue rotating at the speed prior to power-down (and eventually stopping in the end).

CAUTION

1 When the servo alarm or spindle alarm related to the communication error or

position detector is caused, MCC off signal corresponding to the servo or spindle is output. Shut off the MCC after executing appropriate procedure such as spindle stop operation. According to the setting value of the parameter, MCC off signals of all axes, which belong to the same path of the spindle that causes an alarm, are output. Shut off the MCC after executing appropriate procedure such as spindle stop operation.

2 A controlled stop can be made based on parameter settings on occurrence of a

safe speed over alarm.

3 Since the synchronous spindle motor is a synchronous motor, not an induction

motor, power interruption causes a dynamic break stop depending on the system configuration.

3.3.2 Stopping the Servo Motor

Because the servo motor is a synchronous motor, power-down results in a dynamic brake stop. The dynamic brake stop is electric braking in which the excited rotor is isolated from the power source and the generated electric energy is used up in the winding. An internal resistor provides additional braking. Unlike an induction motor, the servo motor does not coast because of this structure.

- 12 -

B-64483EN-2/01 3.SAFETY FUNCTIONS

If the input of the Emergency Stop signal or an error of a safety-related signal or speed monitoring is detected, the CNC automatically specifies a command to zero the speed and reduces the speed to zero (controlled stop). After the motor slows down and stops, the power is turned off, and the motor is brought into the dynamic brake stop state. To slow down and stop the motor, some parameters must be specified in the CNC. If those parameters are not specified, the motor is immediately brought into the dynamic brake stop state. If the controlled stop cannot be done, the motor is brought into the dynamic brake stop state. When abnormal state is detected in monitoring safety speed or so on, a dynamic brake stop is made.

3.3.3 Stop States

The following stop states are possible.

Safe stop state

The power to the motor is shut off (MCC off state) in this state. If the spindle motor can be controlled, the ladder program must shut off the power after the spindle motor is slowed down to a stop. If the spindle motor cannot be controlled, the power is immediately shut off.

If the servo motor can be controlled, the motor is slowed down to a stop and then brought into the dynamic brake stop state. If the motor cannot be controlled, the motor is immediately brought into the dynamic brake stop state. If the power is shut off immediately, the spindle motor continues at the same speed prior to the abnormal event and eventually comes to a stop. If the spindle motor can be slowed down to a stop, the operation is performed as instructed by the PMC and then the power is shut off. For the synchronous spindle motor, immediate power interruption causes a dynamic break stop depending on the system configuration.

Controlled stop state

The power to the motor is not shut off. The servo motor and the spindle motor are controlled to stop.

In the controlled stop state of either motor, the safety function is active if the condition for enabling the safety function is satisfied (the door is open). If a further abnormal event occurs, the motor is brought into the safe stop state by the ladder program.

WARNING

1 The machine tool builder must design the machine so that the machine is kept in

the stop state if the power to the servo motor driving circuit is shut off. Example) Brake mechanism that would not drop the vertical axis after the power is shut off

2 If the power to the spindle motor driving circuit is shut off, the spindle motor

continues rotating at the speed before the power-down and eventually comes to a stop. A measure must be taken so that this coasting does not affect safety.

3.4 SAFETY-RELATED I/O SIGNAL MONITORING

The Dual Check Safety function uses two-channel I/O configuration. A pair of safety-related I/O signals are provided via separate paths to two I/O modules that are respectively connected to one of the two channels. The two independent CPUs individually check the input signals. If a mismatch between two corresponding signals is found, the system enters the safe stop state. The following safety-related I/O signals are monitored or output in redundant mode:

• Emergency stop signal

• Protective door state input signal (Request to monitor for each axis)

- 13 -

3.SAFETY FUNCTIONS B-64483EN-2/01

• Input signal for selecting safety speed monitoring and safety position monitoring

• MCC contact state signal

• MCC off signal (power-down)

• Brake signal

• Safety position switch signal

• Programmable safety I/O signal

To build a dual monitoring system, the machine tool builder needs to connect one of each pair of these signals to the I/O module connected to the DCS PMC side (Note 1) and the other to that connected to the PMC side (Note 2).

CNC

(DCS PMC)

(Note 1)

I/O Link

Cross-check

PMC

(Note 2)

I/O Link

I/O MODULE

DI DO

Machine side

Shown at left is an example in which the signals are connected using two-channel I/O Links. For details about connections, see Chapter 4, "INSTALLATION".

NOTE

1 Dual Check Safety PMC (DCS PMC) 2 First PMC to fifth PMC Refer to PMC PROGRAMMING MANUAL (B-64513EN).

IMPORTANT

When the Emergency Stop signal or the other safety input signal is connected to

the I/O module, it is necessary to do an enough check about ladder program which defines a one-to-one relationship between the actual input (X) and the input to the CNC (G).

The duplicated signals are always checked for a mismatch, regardless of whether the safety function is active or not. When a signal state changes, the pair of signals may not match for some period because of a difference in response. The dual check safety function checks whether a mismatch between the two signals continues for a certain period of time, so that an error resulting from the difference in response can be avoided. The check period must be specified as a safety parameter.

Parameter number Name

1945 Safety-related I/O check timer

The following signals are not defined as safety-related I/O signals and are not duplicated. The signals, however, are necessary for the system.

- Input signal for making a protective door open request

- Input signal for starting the test mode

- Output signal for requesting a MCC off Test

- 14 -

B-64483EN-2/01 3.SAFETY FUNCTIONS

This section briefly describes the signals. For details, see Chapter 5, “I/O SIGNALS”. For specific

connections, see the sample system configuration in Chapter 4, “INSTALLATION” and Chapter 10, “SAMPLE SYSTEM CONFIGURATION”.

I/O related with Dual Check Safety Function PMC(n=path(0-9)) DCS PMC (m=path(0-9) x20)

Symbol Signal name I/O address

1 *ESP Emergency Stop signal 2 *SGOPN Guard State signal Machine side signal Dual input

*VLDVx

*VLDPs

SVAn/

5 *SMC MCC Contact State signal

7 BRKx Safety Brake signal

8 SPS Safety Position Switch signal

10 *OPIHB Guard Open Inhibit signal

12 POSEx Position Information Effect signal 13 ORQ Guard Open Request signal <Gn191.3>(PMC) Input

14 OPT Test Mode signal <Gn191.2>(PMC) Input 15 RQT 16 STBT Brake Test Start signal <Gn193.2>(PMC) Input 17 RQBT

SVBn

SPAn/

SPBn

*DCALM

*MCF

*MCFVx

*MCFPs

RSVx Monitoring result signal (Servo)

RSPs Monitoring result signal (Spindle)

Safety Check Request signal

(Servo)

Safety Check Request signal

(Spindle)

Safety Speed / Safety Position

Selection signal (Servo)

Safety Speed Selection signal

(Spindle)

MCC Off signal

(for all system)

MCC Off signal

(for each machine group)

MCC Off signal

(for each servo axis)

MCC Off signal

(for each spindle)

Programmable Safety I/O

signals

MCC Off Test Execution

Request signal

Brake Test Execution Request

signal

<X0008.4,0,1> (PMC)

<X0008.4,0,1>(DCS PMC)

<Gn750.0-.7> (PMC)

<G(002+m).0-.7>(DCS PMC)

<Gn751.0-.3>(PMC)

<G(003+m).0-.3>(DCS PMC )

<Gn752/Gn753>(PMC)

<G(004+m)/G(005+m)>(DCS PMC)

<Gn754>(PMC)

<G(006+m)>(DCS PMC)

<Gn748.6>(PMC)

<G(000+m).6>(DCS PMC)

<F0748.7>(PMC)

<F000.7>(DCS PMC)

<Fn748.1>(PMC)

<F(000+m).1>(DCS PMC)

<Fn752.0-.7>(PMC)

<F(004+m).0-.7>(DCS PMC)

<Fn753.0-.3>(PMC)

<F(005+m).0-.3>(DCS PMC)

<Fn754.0-.7>(PMC)

<F(006+m).0-.7>(DCS PMC)

<Fn755-Fn758>(PMC)

<F(007+m)-F(010+m)>(DCS PMC)

<Fn191.0>(PMC)

<F(019+m).0>(DCS PMC)

<Fn750>(PMC)

<F(002+m) >(DCS PMC)

<Fn751.0-3>(PMC)

<F(003+m).0-3>(DCS PMC)

<Fn766>(PMC)

<F(018+m) >(DCS PMC)

<Fn191.2>(PMC) Output

<Fn191.3>(PMC) Output

Dual input

monitoring

Dual input

monitoring

Dual input

monitoring

Dual input

monitoring

Dual input

monitoring

Dual input

monitoring

Dual output

Dual input

monitoring

Dual output Dual output

Dual output

Safety-related I/O

1. *ESP Emergency Stop signal (input)

This signal is Emergency Stop signal and is monitored in redundant mode.

- 15 -

3.SAFETY FUNCTIONS B-64483EN-2/01

The signal is connected to the *ESP input of the servo amplifier as well.

2. *SGOPN Guard State signal (Machine side input signal)

The signal is provided for dual monitoring of the protective door state. The signal is connected so that it is normally set to 1 while the protective door is closed and locked (door closed) and set to 0 otherwise (door opened). These states are implemented by the combination of the safety door and safety relays. The PMC ladder for safety check must check the state of axes by asserting the Safety Request signal, when a protective door is open.

3. *VLDVx, *VLDPs Safety Check Request signal (input)

These signals are monitored in redundant mode. These signals request safety check when a protective door is open. These signals are prepared for each axis and each spindle. CNC monitors these signals. If safe speed range of a servo motor is exceeded in the door open state, the system enters the controlled stop state. If an axis is still not stopped, the system enters the safe stop state. If safe speed range of a spindle motor is exceeded in the door open state, the spindle motor enters free run state. (The spindle motor can also enter the controlled stop state when the safe speed range is exceeded, depending on the parameter setting.) If the spindle motor is not decelerated, the system enters the safe stop state.

4. SVAx/SVBx,SPAs/SPBs Safety Speed / Safety Position Selection signal (input)

These signals are monitored in redundant mode. SVA/SVB are the signals to select safety speed / safety position for each servo axis. SPA/SPB are the signals to select safety speed for each spindle. (The values of safety speed / safety position are given by the parameters.)

5. *SMC MCC Contact State signal (input)

The MCC contact state is monitored in redundant mode. In normal operation, the MCC is closed, therefore whether the contact of a relay is in an abnormally closed state cannot be detected. In the test mode, it can be detected whether the contact of relay is abnormally closed.

6. *DCALM, *MCF, *MCFVx, *MCFPs MCC Off signal (output)

With these signals, the MCC is shut off by 2 channels I/O when either one of these signals state is “0”. *DCALM is to allow turning off MCC of all system when I/O cross check alarm or some problems of safety check function are found. *MCF is to allow turning on MCC of each machine group according to emergency stop or MCC off Test. *MCFVx is to allow turning on MCC of each axis according to monitor safety speed or machine position or position error of servo axis. *MCFPs is to allow turning on MCC of each spindle according to the result of monitoring safety speed of spindle. These signals are assigned on both PMC and DCS PMC. Machine tool builder must output the signal to shut off MCC when either one of these signal is “0”.

7. BRKx Safety Brake signal (output)

These signals are output to control the brake of each servo axis.

8. SPS1 to SPS32 (SPS33 to SPS64 in case of 2 or more path) Safety Position Switch (output)

These signals show whether the machine position of each axis is stayed within the range specified by the parameters or not.

- 16 -

B-64483EN-2/01 3.SAFETY FUNCTIONS

9. Programmable Safety I/O signals (input/output)

The 8 bytes (64 bit) programmable safe I/Os can be freely defined as the different address from the above safety-related I/Os. Each byte of 8 byte programmable safe I/Os can be assigned on either address of X/ Y/R/D or K by parameter. Each byte of the programmable safe I/O between the PMC and DCS PMC is cross-checked by the CNC and PMC. The combinations of cross-checking these signals are defined by using Safety parameters as follows.

Signal type Combination No. DCS PMC PMC

input

output

1 No.11950 No.11970 2 No.11951 No.11971 3 No.11952 No.11972 4 No.11953 No.11973 5 No.11954 No.11974 6 No.11955 No.11975 7 No.11956 No.11976 8 No.11957 No.11977 1 No.11960 No.11980 2 No.11961 No.11981 3 No.11962 No.11982 4 No.11963 No.11983 5 No.11964 No.11984 6 No.11965 No.11985 7 No.11966 No.11986 8 No.11967 No.11987

Signals other than safety-related I/O

The following signals are not safety-related signals (are not checked in redundant mode) but are important signals in the dual check safety system. The machine tool builder must create an appropriate Ladder program with these signals.

IMPORTANT

The error of ladder program cannot be checked by safety function itself. Please

make sure to check safety function (see Chapter 7).

10. *OPIHB Guard Open Inhibit signal (output)

When the Guard Open Request signal (ORQ) is input to “1”, the CNC sets this signal. The machine tool builder must design the PMC ladder logic by this signal. The ladder must confirm safety machine position and safety speed. If the result of confirmation is judged safe, the ladder turns on the signal to release guard lock and outputs the signal to open the actual protective door. If the protective door is unlocked (*SGOPN becomes “0”) while the signal is set to 0, the ladder must notify alarm occurrence to an operator by lighting a lamp or so on and bring the motor into the safe stop state.

NOTE

This signal is not output while MCC off Test is executing.

11. RSVx, RSPs Monitoring Result signal (output)

These signals show the result of monitoring safety machine position and safety speed of each axis and the result of monitoring safety speed of each spindle. When Guard Open Inhibit signal (*OPIHB) is set to “1”, a machine tool builder can judge whether the machine is in the safety state or not according to these signals. If safety is confirmed as a result, turn on the signal to unlock the guard lock and output the signal to open the actual protective door.

- 17 -

3.SAFETY FUNCTIONS B-64483EN-2/01

12. POSEx Position Information Effect signal (output)

This signal is output when Dual Check Safety Function is effective and the reference point is established. When the reference point is not established, the machine system is in danger state because Safety Machine Position Monitoring and Safety Position Error Monitoring are not active. If this signal is “0”, Machine Tool Builder has to control not to open the protective door.

13. ORQ Guard Open Request signal (input)

When this signal is input, the CNC set the Guard Open Inhibit signal (*OPIHB) to “1” (Guard open accept). The PMC ladder program of a machine tool builder confirms the safety machine position and the safety speed. If both machine position and speed are judged within safe range according to the result of confirmation, the guard unlock signal is set to 1 (guard unlock enabled). The machine tool builder must provide an output signal that opens the actual protective door through the PMC.

14. OPT Test Mode signal (input)

When the signal is input, a MCC off Test is executed. The MCC off Test checks whether the contact of the MCC is abnormally closed. When carrying out the MCC off Test manually, input this signal after the preparation of a MCC off Test is completed.

15. RQT MCC Off Test Execution Request signal (output)

If the execution of a MCC off Test is required, this signal is output. At power-on, this signal is always output. If this signal is output, a MCC off Test must be executed.

16. STBT Brake Test Start signal

This signal is used to start or resume a brake test. When the brake test is completed successfully, the Brake Test Execution Request signal RQBT is set to "0", causing the state of this signal to change from "1" to "0" as well. Changing the state of this signal from "1" to "0" during the brake test causes the test to be interrupted. In that case, the test ends as soon as the test sequence being executed is completed when the signal is set to "0".

17. RQBT Brake Test Execution Request signal

This signal is used to request a brake test. If the signal is set to "1", please execute the brake test. Even if this request signal is set to "1", the operation is allowed to continue until the current stage of machining is completed. To ensure safety, however, when the current stage of machining is completed, be sure to start a brake test by setting the Brake Test Start signal STBT to "1".

Guard Open Request signal and Guard Unlock signal

Door open request

24V

ORQ-I

The figure shows a sample connection of the protective door open request switch and the guard unlock signal. In the normal state, the door lock state is changed as follows before the safety monitoring state is established.

Ladder

CNC(PMC)

*OPIHB

RSVx RSPx

POSEx

F F

G ORQ

Ladder

Protective door lock

Protective door

- 18 -

B-64483EN-2/01 3.SAFETY FUNCTIONS

Door lock state transition

ORQ-I ORQ

0 0 0 Locked A protective door open request is not

1 0 0 Locked A guard open request is made.

1 1 0 Locked The request is transferred to the CNC.

1 1 1 Locked The CNC receives the request.

1 1 1 1 1 Locked Reference point is established and a safe

1 1 1 1 1 Unlocked

1 1 1 1 1 Locked The door is closed and locked again.

0 1 1 1 1 Locked The guard open request is canceled.

0 0 1 1 1 Locked The CNC is notified of the release of the

0 0 0 Locked The CNC receives the release of the

*OPIHB RSVx

RSPs

POSEx

NOTE

The PMC ladder must be designed to monitor whether the protective door is

open (*SGOPN is set to 0) while ORQ is set to 0. If the door open is detected, the PMC ladder judges that an abnormal event has occurred and enters the safe stop state. This can occur, for instance, when the door happens to open (or to be unlocked) while machining is in progress with the protective door closed.

Protective

door lock

(*SGOPN)

(*SGOPN=0)

made, and the door is locked.

speed check, a machine position check and a position error check prove that there is no failure and that the CNC can enter the safe state. The actual safety door is unlocked. Operations can be performed with the door open.

above request.

Normal operating state

Safety function is enabled.

Timing diagram from door close state to door open state

The following diagram shows the timings at which the door is opened and closed again.

ORQ_P

ORQ

*OPIHB

RSVx RSPs

POSEx

ctual door unlock signal

*SGOP N (Safety related I/O signal)

ctual door unlock signal

Door closed

Door opened

(1) (2) (3) (4)

ｔ

Door closed

(5)

- 19 -

3.SAFETY FUNCTIONS B-64483EN-2/01

(1) When the Guard Open Request signal (ORQ) is input, the CNC returns the answer signal (*OPIHB)

to PMC.

(2) The PMC ladder program checks that the machine position, speed and position error are within safe

ranges by the Monitoring Result signal (RSVx/RSPs) and the reference point is established by the Position Information Effect signal (POSEx). Then, it turns on the guard unlock signal.

This example assumes that the protective door has an electromagnetic lock mechanism. While the

door is open, the unlock signal is turned off. (3) The door is open. (4) The protective door is closed and locked. After this, the Guard Open Request signal (ORQ) must be

turned off. (5) When the Guard Open Request signal (ORQ) is turned off, the CNC turned off the answer signal

(*OPIHB).

(Caution)

CAUTION

1 The RSVx and RSPs are redundant and output to both PMCs (PMC and

DCSPMC). Since the RSVx and RSPs signals, the monitoring results of two independent circuits, are output to two PMCs, the output states of the results may not match temporarily (when, for example, the spindle speed is close to the safe speed). Therefore, keep the following in mind when only RSVx and RSPs are used as conditions for releasing a guard lock. Confirm that RSVx and RSPs of the PMCs (PMC and DCSPMC) are both placed in the safe state before releasing a guard lock. When RSVx and RSPs of one PMC are used as conditions for releasing a guard lock, keep in mind that, before releasing a guard lock, wait until the speed becomes low enough after RSVx and RSPs enter the safe state.

When the protective door is assumed to be open if RSVx and RSPs of only one

PMC enter the safe state, a safe speed limit monitoring alarm may occur depending on the result of the other monitoring state.

2 Ensure a time of 100 ms or longer (“t” in the figure) from when the door is closed

(locked) until the Guard Open Request signal (ORQ) goes off. If this time requirement is not satisfied, an alarm may be raised when the door is closed (locked). Design an operator panel to inform an operator that Guard Open Request signal (ORQ) is turned on by lighting a lamp.

3.5 EMERGENCY STOP

The Emergency Stop signal is monitored in redundant mode. When the emergency stop is input, the servo motor slows down to a stop

(Caution)

as instructed by the PMC (Ladder program), and then the power is shut off.

CAUTION

To enable the function to slow down and stop the servo motor, the

corresponding parameter must be specified. If the parameter is not specified, the motor immediately enters the dynamic brake stop state.

The spindle motor slows down and stops as instructed by the PMC (Ladder

program). If the PMC does not instruct this, the motor maintains the high speed prior to the power-down and coasts. If an illegal speed is specified because of a failure on the PMC side while the safety function is active (the protective door is open), the CNC enters the safe stop state.

(Caution)

and enters the dynamic brake stop. The spindle slows down to a stop

- 20 -

+ 170 hidden pages