FANUC Series 30*-MODEL B
FANUC Series 31*-MODEL B
FANUC Series 32*-MODEL B
Dual Check Safety
CONNECTION MANUAL
B-64483EN-2/01
•No part of this manual may be reproduced in any form.
•All specifications and designs are subject to change without notice.
The products in this manual are controlled based on Japan’s “Foreign Exchange and Foreign Trade Law”. The export from Japan may be subject to an export license by the government of Japan.
Further, re-export to another country may be subject to the license of the government of the country from where the product is re-exported. Furthermore, the product may also be controlled by re-export regulations of the United States government.
Should you wish to export or re-export these products, please contact FANUC for advice.
In this manual we have tried as much as possible to describe all the various matters. However, we cannot describe all the matters which must not be done, or which cannot be done, because there are so many possibilities.
Therefore, matters which are not especially described as possible in this manual should be regarded as ”impossible”.
This manual contains the program names or device names of other companies, some of which are registered trademarks of respective owners. However, these names are not followed by ® or ™ in the main body.
B-64483EN-2/01 |
DEFINITION OF WARNING, CAUTION, AND NOTE |
DEFINITION OF WARNING, CAUTION, AND NOTE
This manual includes safety precautions for protecting the user and preventing damage to the machine. Precautions are classified into Warning and Caution according to their bearing on safety. Also, supplementary information is described as a Note. Read the Warning, Caution, and Note thoroughly before attempting to use the machine.
WARNING
Applied when there is a danger of the user being injured or when there is a danger of both the user being injured and the equipment being damaged if the approved procedure is not observed.
CAUTION
Applied when there is a danger of the equipment being damaged, if the approved procedure is not observed.
NOTE
The Note is used to indicate supplementary information other than Warning and
Caution.
•Read this manual carefully, and store it in a safe place.
s-1
B-64483EN-2/01 |
PREFACE |
PREFACE
Description of this manual
The manual consists of the following chapters:
Chapter 1, "OVERVIEW"
Chapter 2, "SYSTEM CONFIGURATION"
Chapter 3, "SAFETY FUNCTIONS"
Chapter 4, "INSTALLATION"
Chapter 5, "I/O SIGNALS"
Chapter 6, "PARAMETERS"
Chapter 7, "START-UP"
Chapter 8, "ALARM MESSAGE"
Chapter 9, "DIAGNOSIS"
Chapter 10, "SAMPLE SYSTEM CONFIGURATION"
Chapter 11, "APPLICATION OF OTHER FUNCTIONS"
Chapter 12, "COMPONENTS LIST"
Appendix A CONNECTION OF TWO MCCS
Appendix B, "DIRECTIVES, STANDARDS AND TECHNICAL CONDITIONS FOR 3RD PARTY
SERVO / SPINDLE MOTORS & ENCODERS WHEN APPLYING FANUC / GE FANUC
DUAL-CHECK SAFETY"
Applicable models
This manual can be used with the following models. The abbreviated names may be used.
Model name |
|
Abbreviation |
|
FANUC Series 30i–B |
30i –B |
|
Series 30i |
FANUC Series 31i–B |
31i –B |
|
Series 31i |
FANUC Series 31i–B5 |
31i –B5 |
|
|
|
|
||
FANUC Series 32i–B |
32i –B |
|
Series 32i |
Related manuals of Series 30i- MODEL B Series 31i- MODEL B Series 32i- MODEL B
The following table lists the manuals related to Series 30i-B, Series 31i-B, Series 32i-B. This manual is indicated by an asterisk(*).
Table 1 Related manuals of Series 30i- MODEL B, Series 31i- MODEL B, Series 32i- MODEL B
Manual name |
Specification number |
|
DESCRIPTIONS |
B-64482EN |
|
CONNECTION MANUAL (HARDWARE) |
B-64483EN |
|
CONNECTION MANUAL (FUNCTION) |
B-64483EN-1 |
|
OPERATOR’S MANUAL (Common to Lathe System/Machining Center System) |
B-64484EN |
|
OPERATOR’S MANUAL (For Lathe System) |
B-64484EN-1 |
|
OPERATOR’S MANUAL (For Machining Center System) |
B-64484EN-2 |
|
MAINTENANCE MANUAL |
B-64485EN |
|
PARAMETER MANUAL |
B-64490EN |
|
Programming
Macro Executor PROGRAMMING MANUAL
Macro Compiler PROGRAMMING MANUAL
C Language Executor PROGRAMMING MANUAL
B-63943EN-2 B-66263EN B-63943EN-3
p-1
PREFACE |
|
B-64483EN-2/01 |
||
|
|
|
|
|
|
Manual name |
Specification number |
|
|
|
PMC |
|
|
|
|
PMC PROGRAMMING MANUAL |
B-64513EN |
|
|
|
Network |
|
|
|
|
PROFIBUS-DP Board CONNECTION MANUAL |
B-63993EN |
|
|
|
Fast Ethernet / Fast Data Server OPERATOR’S MANUAL |
B-64014EN |
|
|
|
DeviceNet Board CONNECTION MANUAL |
B-64043EN |
|
|
|
FL-net Board CONNECTION MANUAL |
B-64163EN |
|
|
|
CC-Link Board CONNECTION MANUAL |
B-64463EN |
|
|
|
Operation guidance function |
|
|
|
|
MANUAL GUIDE i |
B-63874EN |
|
|
|
(Common to Lathe System/Machining Center System) OPERATOR’S MANUAL |
|
|
|
|
MANUAL GUIDE i (For Machining Center System) OPERATOR’S MANUAL |
B-63874EN-2 |
|
|
|
MANUAL GUIDE i (Set-up Guidance Functions) |
B-63874EN-1 |
|
|
|
OPERATOR’S MANUAL |
|
|
|
|
Dual Check Safety |
|
|
|
|
Dual Check Safety CONNECTION MANUAL |
B-64483EN-2 |
|
* |
Related manuals of SERVO MOTOR αi/βi series |
|
|
|
|
The following table lists the manuals related to SERVO MOTOR αi/βi series |
|
|
|
|
|
Table 2 Related manuals |
|
|
|
|
Manual name |
Specification number |
||
|
FANUC AC SERVO MOTOR αi series DESCRIPTIONS |
B-65262EN |
|
|
|
FANUC AC SERVO MOTOR αi series / FANUC AC SERVO MOTOR βi series / |
|
|
|
|
FANUC LINEAR MOTOR LiS series / |
B-65270EN |
|
|
|
FANUC SYNCHRONOUS BUILT-IN SERVO MOTOR DiS series |
|
|
|
|
|
|
|
|
|
PARAMETER MANUAL |
|
|
|
|
FANUC AC SPINDLE MOTOR αi series DESCRIPTIONS |
B-65272EN |
|
|
|
FANUC AC SPINDLE MOTOR αi/βi series, BUILT-IN SPINDLE MOTOR Bi series |
B-65280EN |
|
|
|
PARAMETER MANUAL |
|
|
|
|
|
|
|
|
|
FANUC SERVO AMPLIFIER αi series DESCRIPTIONS |
B-65282EN |
|
|
|
FANUC AC SERVO MOTOR αi series / FANUC AC SPINDLE MOTOR αi series / |
B-65285EN |
|
|
|
FANUC SERVO AMPLIFIER αi series MAINTENANCE MANUAL |
|
|
|
|
|
|
|
|
CNCs that are described in this manual can be connected to following servo motors and spindle motors. Note that motors of the αi SV series, αi SP series, αi PS series, and βi SV series can be connected only when they are compatible with 30i-B.
This manual mainly assumes that the FANUC SERVO MOTOR αi series of servo motor is used. For servo motor and spindle information, refer to the manuals for the servo motor and spindle that are actually connected.
p-2
|
B-64483EN-2/01 |
|
|
TABLE OF CONTENTS |
|||
|
TABLE OF CONTENTS |
|
|
||||
|
DEFINITION OF WARNING, CAUTION, AND NOTE ................................. |
s-1 |
|||||
|
PREFACE |
.................................................................................................... |
|
|
p-1 |
||
|
1 |
OVERVIEW ............................................................................................. |
|
|
1 |
|
|
|
|
1.1 |
DIRECTIVE AND STANDARDS .................................................................... |
1 |
|
||
|
|
|
1.1.1 |
Directives.................................................................................................................. |
1 |
|
|
|
|
|
1.1.2 |
Related Safety Standards.......................................................................................... |
1 |
|
|
|
|
|
1.1.3 Risk Analysis and Evaluation ................................................................................... |
2 |
|
||
|
|
1.2 |
DEFINITION OF TERMS ............................................................................... |
2 |
|
||
|
|
|
1.2.1 General Definition of Terms .................................................................................... |
2 |
|
||
|
|
|
1.2.2 Definition of Terms Related to the Safety Function ................................................. |
2 |
|
||
|
|
1.3 |
BASIC PRINCIPLE OF DUAL CHECK SAFETY ........................................... |
3 |
|
||
|
|
|
1.3.1 Features of Dual Check Safety ................................................................................. |
3 |
|
||
|
|
|
1.3.2 Compliance with the Safety Standard (ISO13849 - 1, Category 3, PL d) .................. |
3 |
|
||
|
|
|
|
1.3.2.1 Latent error detection and cross-check ................................................................ |
5 |
|
|
|
|
|
|
1.3.2.2 Safety monitoring cycle and cross-check cycle ................................................... |
5 |
|
|
|
|
|
|
1.3.2.3 |
Error analysis....................................................................................................... |
5 |
|
|
|
|
|
1.3.2.4 |
Remaining risks ................................................................................................... |
6 |
|
|
|
1.4 |
GENERAL INFORMATION ........................................................................... |
7 |
|
||
|
|
1.5 |
SAFETY FUNCTION BY FL - net .................................................................... |
8 |
|
||
|
2 |
SYSTEM CONFIGURATION................................................................... |
9 |
|
|||
|
3 |
SAFETY ...........................................................................FUNCTIONS |
10 |
|
|||
|
|
3.1 ............................................................................... |
APPLICATION RANGE |
10 |
|
||
|
|
3.2 ............................................... |
BEFORE USING THE SAFETY FUNCTION |
11 |
|
||
|
|
................................ |
3.2.1 Important Items to Check Before Using the Safety Function |
11 |
|
||
|
|
................................................................ |
3.2.2 MCC off Test of the Safe Stop Function |
12 |
|
||
|
|
3.3 ........................................................................................................... |
STOP |
|
|
12 |
|
|
|
................................................................................... |
3.3.1 Stopping the Spindle Motor |
12 |
|
||
|
|
...................................................................................... |
3.3.2 Stopping the Servo Motor |
12 |
|
||
|
|
.............................................................................................................. |
3.3.3 |
Stop States |
13 |
|
|
|
|
3.4 ......................................... |
SAFETY - RELATED I/O SIGNAL MONITORING |
13 |
|
||
|
|
3.5 ................................................................................... |
EMERGENCY STOP |
20 |
|
||
|
|
3.6 ...................................................................... |
SAFE SPEED MONITORING |
21 |
|
||
|
|
3.7 ............................................... |
SAFE MACHINE POSITION MONITORING |
22 |
|
||
|
|
3.8 .......................................................................................... |
MCC OFF TEST |
23 |
|
||
|
|
3.9 .................................................. |
SAFETY POSITION SWITCH FUNCTION |
25 |
|
||
|
|
3.10 ........................... |
SAFETY RELATED PARAMETERS CHECK FUNCTION |
27 |
|
||
|
|
3.11 ................................................................ |
PARAMETER LOCK FUNCTION |
27 |
|
||
|
|
3.12 ........................... |
SEFETY POSITION ERROR MONITORING FUNCTION |
27 |
|
||
|
|
3.13 ....................................... |
AMPLIFIER CIRCUIT MONITORING FUNCTION |
28 |
|
||
|
|
3.14 ........................................ |
SAFETY BRAKE SIGNAL OUTPUT FUNCTION |
28 |
|
||
|
|
3.15 ...................................................................... |
CPU SELF TEST FUNCTION |
29 |
|
||
|
|
3.16 ............................................................................ |
RAM CHECK FUNCTION |
29 |
|
||
|
|
3.17 ............................................................................ |
CRC CHECK FUNCTION |
30 |
|
||
|
|
3.18 ........................................................................ |
SAFE STOP MONITORING |
30 |
|
||
c-1
TABLE OF CONTENTS |
B-64483EN-2/01 |
|||
|
3.19 |
BRAKE TEST .............................................................................................. |
31 |
|
4 |
INSTALLATION .................................................................................... |
36 |
||
|
4.1 |
OVERALL CONNECTION DIAGRAM ......................................................... |
37 |
|
|
|
4.1.1 In case of using the I/O Link .................................................................................. |
37 |
|
|
|
4.1.2 In case of using the I/O Link i ................................................................................ |
38 |
|
|
|
4.1.3 In case of using PROFIBUS-DP on the DCS PMC side........................................ |
39 |
|
5 |
I/O SIGNALS |
......................................................................................... |
40 |
|
|
5.1 |
OVERVIEW ................................................................................................. |
40 |
|
|
5.2 |
SIGNAL ADDRESS ..................................................................................... |
41 |
|
|
5.3 |
SIGNALS ..................................................................................................... |
47 |
|
|
5.4 |
PROGRAMMABLE SAFETY I/O SIGNAL ................................................... |
62 |
|
|
5.5 |
NOTE ON MULTI PATH CONTROL............................................................ |
63 |
|
|
|
5.5.1 Machine Group And Multi Path Control................................................................ |
63 |
|
6 |
PARAMETERS...................................................................................... |
64 |
||
|
6.1 |
OVERVIEW ................................................................................................. |
64 |
|
|
6.2 |
DATA TYPE................................................................................................. |
64 |
|
|
6.3 |
REPRESENTATION OF PARAMETERS .................................................... |
65 |
|
|
6.4 |
STANDARD PARAMETER SETTING TABLES........................................... |
66 |
|
|
6.5 |
PARAMETERS............................................................................................ |
67 |
|
|
6.6 |
PROFIBUS-DP PARAMETER SETTINGS .................................................. |
94 |
|
7 |
START-UP............................................................................................. |
|
96 |
|
|
7.1 |
START-UP OPERATION............................................................................. |
96 |
|
|
|
7.1.1 Acceptance Test and Report for Safety Functions ................................................. |
96 |
|
|
7.2 |
START-UP OF THE SAFETY FUNCTION .................................................. |
97 |
|
|
|
7.2.1 |
Initial Start-up......................................................................................................... |
97 |
|
|
7.2.2 Series (2nd and Subsequent Machines) Startup ..................................................... |
99 |
|
|
|
7.2.3 |
Troubleshooting ..................................................................................................... |
99 |
8 |
ALARM MESSAGE............................................................................. |
100 |
||
9 |
DIAGNOSIS......................................................................................... |
|
108 |
|
|
9.1 |
MCC OFF TEST STATUS SCREEN ......................................................... |
108 |
|
|
9.2 |
CROSS CHECK DATA SCREEN .............................................................. |
109 |
|
|
9.3 |
BRAKE TEST SCREEN............................................................................. |
115 |
|
|
9.4 |
FLOW MONITORING SCREEN ................................................................ |
115 |
|
|
9.5 |
FEED LIMIT MONITORING SCREEN....................................................... |
116 |
|
|
9.6 |
SAFE MACHINE POSITIONING MONITORING SCREEN ....................... |
119 |
|
|
9.7 |
SAFETY POSITION ERROR MONITORING SCREEN............................. |
119 |
|
|
9.8 |
DIAGNOSIS SCREEN............................................................................... |
120 |
|
10 |
SAMPLE SYSTEM CONFIGURATION............................................... |
123 |
||
|
10.1 |
SAMPLE CONFIGURATION ..................................................................... |
123 |
|
|
|
10.1.1 Sample Configuration for One Machine Group (1).............................................. |
123 |
|
10.1.2Sample Configuration for One Machine Group (2: when Multiple MCCs are
Used) .................................................................................................................... |
124 |
10.2 SAMPLE CONNECTIONS......................................................................... |
125 |
10.2.1 Emergency Stop Signal (*ESP)............................................................................ |
125 |
c-2
B-64483EN-2/01 |
TABLE OF CONTENTS |
10.2.2 Guard Open Request Signal (ORQ) |
.....................................................................126 |
10.2.3 Test Mode Signal (OPT) ...................................................................................... |
126 |
10.2.4Guard Open Inhibit Signal (*OPIHB), Monitoring Result Signal (RSVx,RSPx),
|
Safety check Request Signal (*VLDVx,*VLDPs)............................................... |
127 |
10.2.5 |
MCC Off Signal (*MCF,*MCFVx,*MCFPs,*DCALM), |
|
|
MCC Contact State Signal (*SMC) ..................................................................... |
130 |
10.3 EXAMPLE OF APPLICATION ................................................................... |
131 |
|
10.3.1 |
Rotating the Spindle Manually in the Emergency Stop State .............................. |
131 |
11 APPLICATION OF OTHER FUNCTIONS ........................................... |
132 |
|||
11.1 |
OVERVIEW ............................................................................................... |
|
132 |
|
11.2 |
EXTERNAL DECELERATION ................................................................... |
132 |
||
|
11.2.1 |
Overview .............................................................................................................. |
132 |
|
|
11.2.2 |
Specifications ....................................................................................................... |
133 |
|
|
11.2.3 |
Signals .................................................................................................................. |
|
134 |
|
|
11.2.3.1 |
Details on signals............................................................................................. |
134 |
|
|
11.2.3.2 |
Signal address .................................................................................................. |
135 |
|
11.2.4 |
Parameters ............................................................................................................ |
135 |
|
11.3 SPINDLE OUTPUT CONTROL BY THE PMC .......................................... |
137 |
|||
|
11.3.1 |
Overview .............................................................................................................. |
137 |
|
|
11.3.2 |
Specifications ....................................................................................................... |
138 |
|
|
11.3.3 |
Signals .................................................................................................................. |
|
138 |
|
|
11.3.3.1 |
Details on signals............................................................................................. |
138 |
|
|
11.3.3.2 |
Signal address .................................................................................................. |
139 |
|
11.3.4 |
Parameters ............................................................................................................ |
140 |
|
11.4 |
SPINDLE POSITIONING........................................................................... |
140 |
||
|
11.4.1 |
Overview .............................................................................................................. |
140 |
|
|
11.4.2 |
Specifications ....................................................................................................... |
140 |
|
|
11.4.3 |
Signals .................................................................................................................. |
|
142 |
|
|
11.4.3.1 |
Details on signals............................................................................................. |
142 |
|
|
11.4.3.2 |
Signal address .................................................................................................. |
143 |
|
11.4.4 |
Parameters ............................................................................................................ |
143 |
|
11.5 |
Cs CONTOUR CONTROL......................................................................... |
149 |
||
|
11.5.1 |
Overview .............................................................................................................. |
149 |
|
|
11.5.2 |
Specifications ....................................................................................................... |
149 |
|
|
11.5.3 |
Signals .................................................................................................................. |
|
150 |
|
|
11.5.3.1 |
Details on signals............................................................................................. |
150 |
|
|
11.5.3.2 |
Signal address .................................................................................................. |
151 |
|
11.5.4 |
Parameters ............................................................................................................ |
151 |
|
11.6 |
SPINDLE ORIENTATION.......................................................................... |
154 |
||
|
11.6.1 |
Overview .............................................................................................................. |
154 |
|
|
11.6.2 |
Specifications ....................................................................................................... |
155 |
|
|
11.6.3 |
Signals .................................................................................................................. |
|
155 |
|
|
11.6.3.1 |
Details on signals............................................................................................. |
155 |
|
|
11.6.3.2 |
Signal address .................................................................................................. |
157 |
|
11.6.4 |
Parameters ............................................................................................................ |
157 |
|
|
11.6.5 |
Sequence............................................................................................................... |
|
159 |
11.7 SAFETY STOPPING FUNCTION AT OPENING PROTECTION DOOR... |
161 |
|||
|
11.7.1 |
Overview .............................................................................................................. |
161 |
|
|
11.7.2 |
Safety Function .................................................................................................... |
161 |
|
|
|
11.7.2.1 |
Scope ............................................................................................................... |
161 |
|
|
11.7.2.2 Monitoring the Excitation off signals of the αi SP.......................................... |
162 |
|
|
11.7.3 |
Connection ........................................................................................................... |
165 |
|
c-3
TABLE OF CONTENTS |
|
B-64483EN-2/01 |
||
|
|
11.7.3.1 Connection from connector JX4 on the αi SP series to an I/O unit |
|
|
|
|
|
(on the DCS PMC side) ................................................................................... |
166 |
|
11.7.4 |
Parameter.............................................................................................................. |
166 |
|
|
|
11.7.4.1 Safe Speed Selection signal ............................................................................. |
166 |
|
|
|
11.7.4.2 Programmable Safety I/O signals .................................................................... |
167 |
|
11.8 |
CONTROLLED AXIS DETACH ................................................................. |
167 |
||
|
11.8.1 |
Overview .............................................................................................................. |
167 |
|
|
11.8.2 |
Signal Sequence ................................................................................................... |
168 |
|
|
11.8.3 |
Specification......................................................................................................... |
169 |
|
|
11.8.4 Replacing a Spindle Head .................................................................................... |
170 |
||
|
11.8.5 |
Signal Sequence ................................................................................................... |
171 |
|
|
11.8.6 |
Specification......................................................................................................... |
172 |
|
|
11.8.7 |
Signal.................................................................................................................... |
|
172 |
|
|
11.8.7.1 |
Details of signals.............................................................................................. |
172 |
|
|
11.8.7.2 |
Signal address .................................................................................................. |
173 |
|
11.8.8 |
Parameter.............................................................................................................. |
173 |
|
|
11.8.9 |
Alarm message ..................................................................................................... |
174 |
|
APPENDIX |
|
|
|
|
A CONNECTION OF TWO MCCS.......................................................... |
177 |
|||
A.1 |
Overview.................................................................................................... |
|
177 |
|
A.2 |
CONFIGURATIONS .................................................................................. |
177 |
||
A.3 |
DISABLING MCC OFF TEST .................................................................... |
180 |
||
BDirectives, Standards and Technical Conditions for 3rd Party Servo / Spindle Motors & Encoders when Applying FANUC
Dual-check Safety.............................................................................. |
181 |
|
B.1 |
GENERAL ................................................................................................. |
181 |
B.2 |
MANDATORY STANDARDS AND DIRECTIVES...................................... |
181 |
B.3 |
SPINDLES................................................................................................. |
182 |
|
B.3.1 Spindle Motors – Driven by FANUC Spindle Amplifier..................................... |
182 |
|
B.3.2 Spindle Encoder – Speed / Position Feedback Sensor Embedded in Motor ........ |
182 |
B.4 |
SERVO ...................................................................................................... |
182 |
|
B.4.1 Servo Motors – Driven by FANUC Servo Amplifier........................................... |
182 |
|
B.4.2 Servo Encoder – Speed / Position Feedback Sensor Embedded in Motor ........... |
183 |
|
B.4.2.1 Encoder with FANUC Serial Interface............................................................ |
183 |
|
B.4.2.2 A/B-Phase Sine-wave Interface Connected to FANUC Interpolation Circuit. 183 |
|
c-4
B-64483EN-2/01 |
1.OVERVIEW |
1 OVERVIEW
Setup for machining, which includes attaching and detaching a workpiece to be machined, and moving it to the machining start point while viewing it, is performed with the protection door opened. The dual check safety function provides a means for ensuring a high level of safety with the protection door opened.
The simplest method of ensuring safety when the protection door is open is to shut off power to the motor drive circuit by configuring a safety circuit with a safety relay module. In this case, however, no movements can be made on a move axis (rotation axis). Moreover, since the power is shut off, some time is required before machining can be restarted. This drawback can be corrected by adding a motor speed detector to ensure safety. However, the addition of an external detector may pose a response problem, and the use of many safety relay modules results in a large and complicated power magnetic cabinet circuit.
With the dual check safety function, two independent CPUs built into the CNC monitor the speed and position of motors in dual mode. An error in speed and position is detected at high speed, and power to the motor is shut off via two independent paths. Processing and data related to safety is cross-checked by two CPUs. To prevent an accumulation of failure, a safety-related hardware and software test must be conducted at certain intervals time.
The dual check safety system need not have an external detector added. Instead, only a detector built into a servo motor or spindle motor is used. This configuration can be implemented only when those motors, detectors built into motors, and amplifiers that are specified by FANUC are used.
The dual check safety function ensures safety with the power turned on, so that an operator can open the protection door to work without turning off the power. A major feature of the dual check safety function is that the required time is very short from the detection of an abnormality until the power is shut off. A cost advantage of the dual check safety function is that external detectors and safety relays can be eliminated or simplified.
If a position or speed mismatch is detected by a cross-check using two CPUs, the safety function of the Dual Check Safety works the power to be shut off (MCC off) to the motor drive circuit.
IMPORTANT
The dual check safety function cannot monitor the stop state of the motors.
1.1 DIRECTIVE AND STANDARDS
1.1.1 Directives
Machine tools and their components must satisfy the EC directives listed below.
The FANUC CNC systems with the dual check safety function are compatible with all of these directives.
Directive
Directive 2006/42/EC |
2006 Safety of machinery |
|
Directive 2004/108/EC |
2004 |
Electromagnetic compatibility |
Directive 2006/95/EC |
2006 |
Low Voltage Requirement |
1.1.2 Related Safety Standards
To be compatible with the directives, especially the machine directive, the international standards and European standards need to be observed.
- 1 -
1.OVERVIEW B-64483EN-2/01
Important safety standards
ISO 12100 -1/2 |
Safety of machinery – Basic concepts, general principle for design |
|
- Part 1: Basic terminology, methodology |
|
- Part 2: Technical principles for design |
EN954-1 1997 |
Safety of machinery – Safety related parts of control systems – |
|
Part 1: General principles for design |
IEC 61508 |
Functional safety of electrical / electronic / programmable electronic |
|
safety-related systems |
ISO 13849-1 |
Safety of machinery – Safety-related parts of control systems – |
|
Part 1 : General principles for design |
ISO 14121–1 |
Safety of machinery – Principles for risk assessment |
EN60204-1 2006 |
Safety of machinery – Electrical equipment of machine |
|
Part 1 : General requirements |
IEC 62061 |
Safety of machinery Functional safety, safety–related electrical, electronic |
|
and programmable electronic control systems |
1.1.3 Risk Analysis and Evaluation
According to the machine directive, the manufacturer of a machine or machine components and a responsible person who supplies a machine or machine components to the market must conduct risk evaluation to identify all risks that can arise in connection with the machine or machine components. Based on such risk analysis and evaluation, a machine and machine components must be designed and manufactured. Risk evaluation must reveal all remaining risks and must be documented.
1.2 DEFINITION OF TERMS
1.2.1 General Definition of Terms
Reliability and safety
Reliability and safety are defined by EN292-1 as follows:
Term |
Definition |
Reliability |
Capability of a machine, machine component, or equipment to perform its required function |
|
under a specified condition for a specified period |
Safety |
Capability of a machine to perform its function without injuring the health under a condition of |
|
use for an intended purpose specified in the operator's manual and allow its transportation, |
|
installation, adjustment, maintenance, disassembly, and disposal |
1.2.2 Definition of Terms Related to the Safety Function
Safety-related I/O signal
Safety-related I/O signals are input/output signals monitored by two systems. These signals are valid for each feed axis and spindle with a built-in safety function, and are used with each monitoring system. Example: Protection door state signal
Safety stop
When a safety stop occurs, power to the drive section is shut off. The drive section can generate neither a torque nor dangerous operation. The following are measures for incorporating the safety stop feature: Contactor between the line and drive system (line contactor)
Contactor between the power section and drive motor (motor contactor)
If an external force is applied (such as a force applied onto a vertical axis), an additional measure (such as a mechanical brake) must be securely implemented to protect against such a force.
- 2 -
B-64483EN-2/01 |
1.OVERVIEW |
Safety limitation speed
When the drive system has reached a specified limitation speed, a transition is made to the safe stop state. A measure must be implemented to prevent a set limitation speed from being changed by an unauthorized person.
Safety machine position
When the drive system has reached a specified positional limit, a transition is made to the safety stop state. When a positional limit is set, a maximum move distance traveled until a stop occurs must be considered. A measure must be implemented to prevent a set positional limit from being changed by an unauthorized person.
1.3 BASIC PRINCIPLE OF DUAL CHECK SAFETY
1.3.1 Features of Dual Check Safety
Dual Check Safety function has the following features.
-Two-channel configuration with two or more independent CPUs
-Cross-check function for detecting latent errors
Detection
A servo motor detector signal is sent via the servo amplifier and is applied to the CNC through the FSSB interface. Then, it is fed to two CPUs: a CNC CPU and a Servo CPU.
A spindle motor detector signal is sent via the spindle amplifier and is applied to the CNC connected through the FSSB interface or serial interface. Then, it is fed to two CPUs: a CNC CPU and a CPU built into the spindle amplifier.
The safety related signal such as guard signal is sent via the independent I/O unit and is applied to the CNC through the I/O Link or I/O Link i interface. Then, it is fed to two CPUs: a CNC CPU and a PMC CPU.
Evaluation
The safety function is monitored independently by a CNC CPU and servo CPU or by a CNC CPU and spindle CPU. Each CPU cross-checks data and results at certain intervals.
Response
If the monitoring function detects an error, the CNC CPU and the servo/spindle CPU switch off the MCC via independent paths to shut off the power to the feed axis and spindle.
1.3.2 Compliance with the Safety Standard (ISO13849-1, Category 3, PL d)
The Dual Check Safety function complies with the requirements of the safety standard ISO13849-1, Category 3, Performance Level (PL) d.
NOTE
The Dual Check Safety function is not meant to guarantee that the PL d requirements are met across the entire system. The PL value of the system as a whole is determined by the PL values of all its subsystems; therefore, the PL of the entire system needs to be evaluated by the machine tool builder. The PL value of the CNC, which is one of the subsystems, becomes d when the Dual Check Safety function is used.
- 3 -
1.OVERVIEW |
B-64483EN-2/01 |
Category 3 requires the following:
-The safety function of a safety-related portion must not degrade when a single failure occurs.
-Single errors must be detected at all times when natural execution is possible.
To satisfy these requirements, the dual check safety function is implemented using the two-channel configuration shown below.
|
|
CNC |
|
Shut off power |
||
|
|
|
||||
|
|
CPU |
|
|
|
|
|
|
|
|
|
|
|
Motor detector |
|
|
|
Magnetic |
|
|
Cross-check |
|
|
||||
signal |
|
|
||||
|
|
|
|
|
||
|
|
of data and |
|
contactor |
|
|
|
|
results |
|
|
||
|
|
|
|
|
|
|
Servo
PMC
Spindle Shut off power
CPU
CPU
Door switch signal
Monitoring of servo motor and spindle motor movement
Data output from the detector built into each motor is transferred to the CNC through the amplifier. The safety of this path is ensured by using motors and amplifiers specified by FANUC.
Cross-monitoring using 2 CPUs
Two CPUs built into the CNC are used to cross-monitor the safety function. Each CPU is periodically checked for errors. If one system fails, the servo and spindle can be stopped safely.
Power shutoff via two paths
If an error is detected, the power is shut off via two power shutoff paths. The paths need to be tested for built-up failures within a certain time.
Input signal safety
Safety-related input signals such as the protection door lock/unlock signal are monitored in redundant mode. If a mismatch between the two occurrences of a signal is detected, the power to the motor drive circuit is shut off. This cross-check is constantly made.
Output signal safety
A signal is output (via two paths) to the relay used to shut off the power to the motor drive circuit. An error is detected by a MCC off Test. To detect an accumulation of failure, a MCC off Test needs to be conducted at certain intervals. This MCC off Test is not mandatory when machining is performed with the protection door closed. (The MCC off Test should be performed, before the protection door is open after the certain intervals.)
- 4 -
B-64483EN-2/01 |
1.OVERVIEW |
1.3.2.1Latent error detection and cross-check
Detection of latent errors
This detection function can detect latent software and hardware errors in a system that has a two-channel configuration. So, the safety-related portions of the two channels need to be tested at least once within an allowable period of time for latent errors.
An error in one monitoring channel causes a mismatch of results, so that a cross-check detects the error.
CAUTION
Forced detection of a latent error on the MCC shutoff path must be performed by the user through a MCC off Test (after power-on and at intervals of a specified time (within normally 24 hours)). When the system is operating in the automatic mode (when the protection door is closed), this detection processing is not requested as mandatory. But, before the protection door opens after the specified time, the detection processing is required mandatory. If this has not been performed, lock for the protection door should not be released.
Cross-check
A latent safety-related error associated with two-channel monitoring can be detected as a result of cross-checking.
NOTE
An error detected as the result of forced latent error detection or cross-checking leads to a safety stop state. (See Subsec. 3.3.3).
1.3.2.2Safety monitoring cycle and cross-check cycle
The safety function is subject to periodical monitoring in a monitoring cycle.
The following functions are monitored at every 8ms.
-Safe speed monitoring (servo motor)
-Safe machine position monitoring (servo motor)
-Safe position error monitoring (servo motor)
The cross-check cycle represents a cycle at which all I/O data subject to cross-checking is compared. Cross-check cycle: 8 ms
1.3.2.3Error analysis
Error analysis
The table below indicates the results of system error analysis controlled by the dual check safety function.
Error analysis when the protection door is open
Error |
Cause |
Action |
Excessive speed for |
Amplifier or CNC control unit failure, |
Safety limitation speed monitoring function |
Spindle axis |
operation error, etc. |
EN60204-1 Category 1/0 stop |
Excessive speed for |
Amplifier or CNC control unit failure, |
Safety limitation speed monitoring function |
feed axis |
operation error, etc. |
EN60204-1 Category 1/0 stop |
Feed axis safety |
Amplifier or CNC control unit failure, |
Safety machine position monitoring function |
machine position |
operation error, etc. |
EN60204-1 Category 1/0 stop |
error |
|
|
Input/output signal |
Wiring error, CNC control unit failure, etc. |
Safe-related I/O signal monitoring function |
error |
|
EN60204-1 Category 1/0 stop |
- 5 -
1.OVERVIEW |
|
B-64483EN-2/01 |
|
|
Error analysis when the protection door is closed |
|
|
|
Error |
Cause |
Action |
|
Input/output signal |
Wiring error, CNC control unit failure, etc. |
Safe-related I/O signal monitoring function |
|
error |
|
EN60204-1 Category 1/0 stop |
1.3.2.4Remaining risks
The machine tool builder is to make a failure analysis in connection with the control system and determine the remaining risks of the machine.
The dual check safety system has the following remaining risks:
a)The safety function is not active until the CNC control unit and drive system have fully powered up. The safety function cannot be activated if any one of the components of the CNC control unit or drive is not powered on.
b)Interchanged phases of motor connections, reversal in the signal of encoder and reversal mounting of encoder can cause an increase in the spindle speed or acceleration of axis motion. If abnormal speed detected, system controlled to brake to zero speed, but no effective for above error. MCC off is not activated until the delay time set by parameter has expired. Electrical faults (component failure etc.) may also result in the response described above.
c)Faults in the absolute encoder can cause incorrect operation of the safety machine position monitoring function.
d)With a 1-encoder system, encoder faults are detected in a single channel, but by various HW and SW monitoring functions. The parameter related to encoder must be set carefully. Depending on the error type, a category 0 or category 1 stop function according to EN60204-1 is activated.
e)The simultaneous failure of two power transistors in the inverter may cause the axis to briefly (motion depend on number of pole pairs of motor)
Example:
An 8-pole synchronous motor can cause the axis to move by a maximum of 45 degrees. With a ball-screw that is directly driven by, e.g.16mm per revolution, this corresponds to a maximum linear motion of approximately 2.0mm.
f)When a limit value is violated, the speed may exceed the set value briefly or the axis/spindle overshoot the set point position to a greater or lesser degree during the period between error detection and system reaction depending on the dynamic response of the drive and the parameter settings (see Section Safety-Functions)
g)The category 0 stop function according to EN60204-1 means that the spindles/axes are not braked to zero speed, but coast to a stop (this may take a very long time depending on the level of kinetic energy involved). This must be noted, for example, when the protective door locking mechanism is opened.
h)Amplifiers (drive power modules) and motors must always be replaced by the same equipment type or else the parameters will no longer match the actual configuration and cause Dual check Safety to respond incorrectly.
i)Dual check Safety is not capable of detecting errors in parameterization and programming made by the machine tool builder. The required level of safety can only be assured by thorough and careful acceptance.
j)There is a parameter that MCC off test is not to be made in the self test mode at power-on as in the case of machine adjustment. This parameter is protected, only changed by authorized person. IF MCC off test is not conducted, MCC may not be off at stop response is measured.
k)Safety machine position monitoring function does not apply to the spindle axis.
l)During machine adjustment, an exact motion may be executed incorrectly until the safety functions setup correctly and confirm test is completely.
-6 -
B-64483EN-2/01 |
1.OVERVIEW |
m)Before the reference point return is performed and the MCC off test is performed, it may be dangerous because the correct operation does not be guaranteed. So, the careful operations are required when the machine is operated in the status that the protection door opens.
n)The delay timer is prepared for the cross-checking of the safety related I/O. When the inconsistency exists between the signal from the 2 paths, system will recognize this failure, after this time is passed. The system will start the sequence of MCC shut-off, when this time is passed after the inconsistency is detected.
o)Even if <Signal State via PMC> does not match <Signal State via DCSPMC> for the time specified by parameter No. 13810 after the CNC starts, no alarm occurs.
1.4 GENERAL INFORMATION
The following requirements must be fulfilled for the Dual-Check System:
-All conditions of the certification report have to be respected.
-Before shipping the machine, the machine tool builder has to do tests for insulation and protective bonding.
-The procedures for the changes in the System (either HW or SW) should be referred to Maintenance Manual (B-64485EN). When safety related components are exchanged, confirmation test regarding safety functions can be performed according to Chapter 8.
-Programming in ladder logic should be referred to PMC Programming Manual (B-64513EN).
Training
FANUC Training Center provides versatile training course for the person who is concerned with hardware installation, maintenance and operation. FANUC recommend studying and learning in the training center how efficiently operate FANUC products.
There are 5 CNC training course.
[ CNC GENERAL COURSE ]
Provides basics of CNC functions, operation and programming. The course is recommended before taking more specialized training courses to gain best effects.
MAIN ITEMS OF TRAINING
-Configuration of CNC
-Basic function and programming of CNC
-Operation of CNC
-Function and programming of turning machine
-Function and programming of milling machine
-Configuration and function of servo system
More information and course registration
Yamanakako-mura, Yamanashi Prefecture : 401-0501, JAPAN Phone : 81-555-84-6030
Fax : 81-555-84-5540 Internet: www.fanuc.co.jp/eschool
- 7 -
1.OVERVIEW |
B-64483EN-2/01 |
1.5 SAFETY FUNCTION BY FL-net
In a machine system such as a transfer line, each of its multiple stations has an operator's panel equipped with an emergency stop button. The safety circuit of the entire system needs to be configured so that the emergency stop signal is sent to all CNCs when the emergency stop button of any of these stations is pressed. To allow such a safety circuit to be built among multiple CNCs, a Safety function by FL-net is provided that uses FL-net communication.
By running this Safety function by FL-net under the Dual Check Safety function, it is possible to provide all connected CNCs with a safety signal of up to 7 bits. For details, refer to the FL-net Board CONNECTION MANUAL (B-64163EN).
- 8 -
B-64483EN-2/01 |
2.SYSTEM CONFIGURATION |
2 SYSTEM CONFIGURATION
The dual check safety function has the following components.
Applicable CNC
FANUC Series 30i-B
FANUC Series 31i-B5
FANUC Series 31i-B
FANUC Series 32i-B
Amplifier, Motor and I/O
For details on applicable amplifiers, motors, and I/O units, see Chapter 12, "COMPONENTS LIST".
NOTE
The servo amplifiers and servo motors connected to the CNC via the I/O Link interface do not support the dual check safety function.
- 9 -
3.SAFETY FUNCTIONS |
B-64483EN-2/01 |
3 SAFETY FUNCTIONS
3.1 APPLICATION RANGE
The dual check safety function assumes the following configuration:
A)At least, one protective door is provided.
B)If protective door is closed, safety is assured.
When the operator makes a request to open the protective door, the safety functions are enabled, and the protective door can be unlocked. While the protective door is open, the active safety functions assure safety. When the request to open the protective door is canceled, the protective door is locked, and the safety functions are disabled.
The dual check safety function provides these safety functions while the protective door is open, as described above. Some of the safety functions continue working while the protective door is closed.
WARNING
The machine tool builder is responsible for the followings.
-To secure the safety by the sequence to make safety function effective according to the status of the protective door
-To secure the safety while the protective door is closed
-To secure the safety related to the other moving components and so on than FANUC servo motors and spindle motors controlled by the dual check safety function, while the protective door is open
Safety function
The dual check safety function has the following safety functions:
•Safety-related I/O signal dual monitoring
Emergency stop input, protective door open/close state, safety-related signals like MCC contact state Output signal for shutting off the power (MCC off signal)
To detect the latent cause of an abnormal state of this output, a MCC off Test must be made.
•Spindle motor
Safe speed monitoring
•Servo motor
Safe speed monitoring
Safe machine position monitoring Safe position error monitoring
CAUTION
This safety function is enabled while the protective door is open after a request to open the protective door is made. If the request to open the protective door is canceled and if the protective door is closed, this safety function is disabled. The input check of the safety-related I/O signal monitoring function in redundant mode and the emergency stop function are always active, regardless of whether the protective door is opened or closed.
- 10 -
B-64483EN-2/01 |
|
|
|
|
3.SAFETY FUNCTIONS |
|
|
|
|
|
|
|
The CNC and the |
|
|
|
|
|
|
spindle check the safe |
|
|
|
|
|
|
speed of the spindle |
Dual monitoring of |
CNC |
|
|
|
motor in redundant |
|
|
|
|
mode. |
|||
|
|
|
|
|||
emergency stop signal |
|
|
|
|
||
Emergency |
|
|
|
|
Spindle |
|
stop |
|
|
|
|
|
|
|
|
CNC |
Cross |
software |
Spindle |
|
|
|
|
||||
|
|
|
|
check |
|
|
|
|
|
|
|
motor |
|
|
|
|
|
|
Spindle |
|
Safety related |
|
|
|
|
|
|
|
|
|
|
amplifier |
|
|
signal is checked |
|
|
|
|
|
|
|
|
|
|
|
|
|
by the CNC(DCS |
|
|
|
|
|
Safe speed monitoring |
PMC) and the |
|
|
DCS |
|
|
|
|
|
|
|
|
||
PMC in redundant |
|
|
|
|
||
|
PMC |
|
|
|
||
mode |
|
|
|
|
Servo |
|
|
|
|
|
Servo |
||
|
|
|
|
|
||
|
|
|
|
|
motor |
|
Safe speed of |
|
|
|
|
amplifier |
|
|
|
|
|
|
||
|
|
|
|
|
|
|
servo motor and |
|
|
Cross |
|
|
|
machine position |
|
|
check |
|
|
Safe speed monitoring. |
are checked by |
|
|
|
|
|
|
the CNC and the |
|
|
|
|
common |
Safe machine position |
Servo in |
|
|
Servo |
|
power |
monitoring. |
redundant mode |
|
|
|
|
supply |
Safe position error |
|
|
|
|
|
Dual monitoring |
monitoring. |
|
|
|
Power down command |
|
of MCC |
|
|
|
|
|
Power |
|
|
|
|
|
|
|
|
|
Protective |
|
|
|
|
down |
|
door |
|
|
PMC |
|
(MCC) |
|
|
|
Protective door lock |
|
Power down |
|
|
|
|
|
|
|
|
|
|
|
signal |
|
|
Dual monitoring of MCC |
|
Door lock |
Dual monitoring of |
|
|
Dual power down |
||
|
|
Detection of latent cause |
||||
open/close |
protective door state |
|
|
|||
|
|
of error by MCC off test |
||||
monitoring |
|
|
|
|
||
|
|
|
|
|
|
|
3.2 BEFORE USING THE SAFETY FUNCTION
3.2.1 Important Items to Check Before Using the Safety Function
When using the safety function for the first time upon assembly of the machine, replacing a part, or changing a safety parameter (such as a safe speed limit or safe range as described in Chapter 6), the user must check that all safety parameters are correct and that all safety functions are working normally. A return reference position must be made on each axis. The user must also check the absolute position of the machine. For details, see Chapter 7, “START UP.”
- 11 -
3.SAFETY FUNCTIONS |
B-64483EN-2/01 |
3.2.2 MCC off Test of the Safe Stop Function
An MCC off Test of the safe stop function monitors the contact state of the electromagnetic contactor (MCC), compares the state with a command to the electromagnetic contactor, and checks that the safe stop function works normally. The user of the machine must carry out the test. This test must be carried out when the CNC is turned on or when 24 hours have elapsed after the previous test is completed. If the CNC is turned on or if 24 hours have elapsed after the previous test is completed, a guard open request (protective door open request) should not be accepted until the test is performed. A machine tool builder must make the ladder program to realize this sequence.
3.3 STOP
3.3.1 Stopping the Spindle Motor
Because the spindle motor is an induction type motor, power-down during rotation causes the motor to continue rotating for a certain amount of time. From a safety standpoint, the motor may have to be stopped immediately. If an error is detected and the spindle is judged to be controlled, it is possible to stop spindle motor by the ladder program. In case of emergency stop and abnormal condition of safety related I/O, it is necessary to design the ladder program to shut off the power after waiting the specified time elapses.
To speed down and stop the spindle, the machine must input the spindle Emergency Stop signals (*ESPA<G71.1>, *ESPB<G75.1>, and so on) in PMC. When this signal is input, the spindle slows down and stops. (A Ladder program must be created for inputting this signal in case of alarm.) The input of *EMG emergency stop input (connector CX4) of the common power supply also has the same effect. If the Emergency Stop signal is connected to emergency stop input (connector CX4) of the PSM, the spindle slows down and stops in the emergency stop state. If the spindle does not stop in spite of the stop command, the MCC is shut off.
If this processing is not performed, power-down causes the spindle motor to continue rotating at the speed prior to power-down (and eventually stopping in the end).
CAUTION
1When the servo alarm or spindle alarm related to the communication error or position detector is caused, MCC off signal corresponding to the servo or spindle is output. Shut off the MCC after executing appropriate procedure such as spindle stop operation. According to the setting value of the parameter, MCC off signals of all axes, which belong to the same path of the spindle that causes an alarm, are output. Shut off the MCC after executing appropriate procedure such as spindle stop operation.
2A controlled stop can be made based on parameter settings on occurrence of a safe speed over alarm.
3Since the synchronous spindle motor is a synchronous motor, not an induction motor, power interruption causes a dynamic break stop depending on the system configuration.
3.3.2 Stopping the Servo Motor
Because the servo motor is a synchronous motor, power-down results in a dynamic brake stop. The dynamic brake stop is electric braking in which the excited rotor is isolated from the power source and the generated electric energy is used up in the winding. An internal resistor provides additional braking. Unlike an induction motor, the servo motor does not coast because of this structure.
- 12 -
B-64483EN-2/01 |
3.SAFETY FUNCTIONS |
If the input of the Emergency Stop signal or an error of a safety-related signal or speed monitoring is detected, the CNC automatically specifies a command to zero the speed and reduces the speed to zero (controlled stop). After the motor slows down and stops, the power is turned off, and the motor is brought into the dynamic brake stop state. To slow down and stop the motor, some parameters must be specified in the CNC. If those parameters are not specified, the motor is immediately brought into the dynamic brake stop state. If the controlled stop cannot be done, the motor is brought into the dynamic brake stop state.
When abnormal state is detected in monitoring safety speed or so on, a dynamic brake stop is made.
3.3.3 Stop States
The following stop states are possible.
Safe stop state
The power to the motor is shut off (MCC off state) in this state. If the spindle motor can be controlled, the ladder program must shut off the power after the spindle motor is slowed down to a stop. If the spindle motor cannot be controlled, the power is immediately shut off.
If the servo motor can be controlled, the motor is slowed down to a stop and then brought into the dynamic brake stop state. If the motor cannot be controlled, the motor is immediately brought into the dynamic brake stop state.
If the power is shut off immediately, the spindle motor continues at the same speed prior to the abnormal event and eventually comes to a stop. If the spindle motor can be slowed down to a stop, the operation is performed as instructed by the PMC and then the power is shut off. For the synchronous spindle motor, immediate power interruption causes a dynamic break stop depending on the system configuration.
Controlled stop state
The power to the motor is not shut off. The servo motor and the spindle motor are controlled to stop.
In the controlled stop state of either motor, the safety function is active if the condition for enabling the safety function is satisfied (the door is open). If a further abnormal event occurs, the motor is brought into the safe stop state by the ladder program.
WARNING
1The machine tool builder must design the machine so that the machine is kept in the stop state if the power to the servo motor driving circuit is shut off.
Example) Brake mechanism that would not drop the vertical axis after the power is shut off
2If the power to the spindle motor driving circuit is shut off, the spindle motor continues rotating at the speed before the power-down and eventually comes to a stop. A measure must be taken so that this coasting does not affect safety.
3.4SAFETY-RELATED I/O SIGNAL MONITORING
The Dual Check Safety function uses two-channel I/O configuration.
A pair of safety-related I/O signals are provided via separate paths to two I/O modules that are respectively connected to one of the two channels. The two independent CPUs individually check the input signals. If a mismatch between two corresponding signals is found, the system enters the safe stop state. The following safety-related I/O signals are monitored or output in redundant mode:
•Emergency stop signal
•Protective door state input signal (Request to monitor for each axis)
- 13 -
3.SAFETY FUNCTIONS |
B-64483EN-2/01 |
•Input signal for selecting safety speed monitoring and safety position monitoring
•MCC contact state signal
•MCC off signal (power-down)
•Brake signal
•Safety position switch signal
•Programmable safety I/O signal
To build a dual monitoring system, the machine tool builder needs to connect one of each pair of these signals to the I/O module connected to the DCS PMC side (Note 1) and the other to that connected to the PMC side (Note 2).
CNC |
I/O |
Machine side |
|
|
MODULE |
|
|
CNC |
|
DI |
|
I/O Link |
|
||
(DCS PMC) |
DO |
||
|
|||
(Note 1) |
|
|
|
Cross-check |
I/O |
|
|
MODULE |
|
||
|
|
DI |
|
PMC |
I/O Link |
DO |
|
(Note 2) |
|
Shown at left is an example in which the signals are connected using two-channel I/O Links. For details about connections, see Chapter 4, "INSTALLATION".
NOTE
1Dual Check Safety PMC (DCS PMC)
2First PMC to fifth PMC
Refer to PMC PROGRAMMING MANUAL (B-64513EN).
IMPORTANT
When the Emergency Stop signal or the other safety input signal is connected to the I/O module, it is necessary to do an enough check about ladder program which defines a one-to-one relationship between the actual input (X) and the input to the CNC (G).
The duplicated signals are always checked for a mismatch, regardless of whether the safety function is active or not. When a signal state changes, the pair of signals may not match for some period because of a difference in response. The dual check safety function checks whether a mismatch between the two signals continues for a certain period of time, so that an error resulting from the difference in response can be avoided. The check period must be specified as a safety parameter.
Parameter number |
Name |
1945 |
Safety-related I/O check timer |
The following signals are not defined as safety-related I/O signals and are not duplicated. The signals, however, are necessary for the system.
-Input signal for making a protective door open request
-Input signal for starting the test mode
-Output signal for requesting a MCC off Test
- 14 -
B-64483EN-2/01 |
3.SAFETY FUNCTIONS |
This section briefly describes the signals. For details, see Chapter 5, “I/O SIGNALS”. For specific connections, see the sample system configuration in Chapter 4, “INSTALLATION” and Chapter 10, “SAMPLE SYSTEM CONFIGURATION”.
I/O related with Dual Check Safety Function
PMC(n=path(0-9)) DCS PMC (m=path(0-9) x20)
|
Symbol |
Signal name |
I/O address |
|
|
1 |
*ESP |
Emergency Stop signal |
<X0008.4,0,1> (PMC) |
Dual input |
|
<X0008.4,0,1>(DCS PMC) |
monitoring |
||||
|
|
|
|||
2 |
*SGOPN |
Guard State signal |
Machine side signal |
Dual input |
|
|
*VLDVx |
Safety Check Request signal |
<Gn750.0-.7> (PMC) |
Dual input |
|
|
(Servo) |
<G(002+m).0-.7>(DCS PMC) |
monitoring |
||
3 |
|
||||
*VLDPs |
Safety Check Request signal |
<Gn751.0-.3>(PMC) |
Dual input |
||
|
|||||
|
(Spindle) |
<G(003+m).0-.3>(DCS PMC ) |
monitoring |
||
|
|
||||
|
SVAn/ |
Safety Speed / Safety Position |
<Gn752/Gn753>(PMC) |
Dual input |
|
4 |
SVBn |
Selection signal (Servo) |
<G(004+m)/G(005+m)>(DCS PMC) |
monitoring |
|
SPAn/ |
Safety Speed Selection signal |
<Gn754>(PMC) |
Dual input |
||
|
|||||
|
SPBn |
(Spindle) |
<G(006+m)>(DCS PMC) |
monitoring |
|
5 |
*SMC |
MCC Contact State signal |
<Gn748.6>(PMC) |
Dual input |
|
<G(000+m).6>(DCS PMC) |
monitoring |
||||
|
|
|
|||
|
*DCALM |
MCC Off signal |
<F0748.7>(PMC) |
Dual output |
|
|
(for all system) |
<F000.7>(DCS PMC) |
|||
|
|
|
|||
|
*MCF |
MCC Off signal |
<Fn748.1>(PMC) |
Dual output |
|
|
(for each machine group) |
<F(000+m).1>(DCS PMC) |
|||
6 |
|
|
|||
*MCFVx |
MCC Off signal |
<Fn752.0-.7>(PMC) |
Dual output |
||
|
|||||
|
(for each servo axis) |
<F(004+m).0-.7>(DCS PMC) |
|||
|
|
|
|||
|
*MCFPs |
MCC Off signal |
<Fn753.0-.3>(PMC) |
Dual output |
|
|
(for each spindle) |
<F(005+m).0-.3>(DCS PMC) |
|||
|
|
|
|||
7 |
BRKx |
Safety Brake signal |
<Fn754.0-.7>(PMC) |
Dual output |
|
<F(006+m).0-.7>(DCS PMC) |
|||||
|
|
|
|
||
8 |
SPS |
Safety Position Switch signal |
<Fn755-Fn758>(PMC) |
Dual output |
|
<F(007+m)-F(010+m)>(DCS PMC) |
|||||
|
|
|
|
||
|
|
Programmable Safety I/O |
|
Dual input |
|
9 |
|
|
monitoring |
||
|
signals |
|
|||
|
|
|
Dual output |
||
|
|
|
|
||
10 |
*OPIHB |
Guard Open Inhibit signal |
<Fn191.0>(PMC) |
Dual output |
|
<F(019+m).0>(DCS PMC) |
|||||
|
|
|
|
||
|
RSVx |
Monitoring result signal (Servo) |
<Fn750>(PMC) |
Dual output |
|
|
<F(002+m) >(DCS PMC) |
||||
11 |
|
|
|
||
RSPs |
Monitoring result signal (Spindle) |
<Fn751.0-3>(PMC) |
Dual output |
||
|
|||||
|
<F(003+m).0-3>(DCS PMC) |
||||
|
|
|
|
||
12 |
POSEx |
Position Information Effect signal |
<Fn766>(PMC) |
Dual output |
|
<F(018+m) >(DCS PMC) |
|||||
|
|
|
|
||
13 |
ORQ |
Guard Open Request signal |
<Gn191.3>(PMC) |
Input |
|
14 |
OPT |
Test Mode signal |
<Gn191.2>(PMC) |
Input |
|
15 |
RQT |
MCC Off Test Execution |
<Fn191.2>(PMC) |
Output |
|
Request signal |
|||||
|
|
|
|
||
16 |
STBT |
Brake Test Start signal |
<Gn193.2>(PMC) |
Input |
|
17 |
RQBT |
Brake Test Execution Request |
<Fn191.3>(PMC) |
Output |
|
signal |
|||||
|
|
|
|
Safety-related I/O
1. *ESP Emergency Stop signal (input)
This signal is Emergency Stop signal and is monitored in redundant mode.
- 15 -
3.SAFETY FUNCTIONS |
B-64483EN-2/01 |
The signal is connected to the *ESP input of the servo amplifier as well.
2. *SGOPN Guard State signal (Machine side input signal)
The signal is provided for dual monitoring of the protective door state. The signal is connected so that it is normally set to 1 while the protective door is closed and locked (door closed) and set to 0 otherwise (door opened). These states are implemented by the combination of the safety door and safety relays. The PMC ladder for safety check must check the state of axes by asserting the Safety Request signal, when a protective door is open.
3. *VLDVx, *VLDPs Safety Check Request signal (input)
These signals are monitored in redundant mode. These signals request safety check when a protective door is open. These signals are prepared for each axis and each spindle.
CNC monitors these signals. If safe speed range of a servo motor is exceeded in the door open state, the system enters the controlled stop state. If an axis is still not stopped, the system enters the safe stop state. If safe speed range of a spindle motor is exceeded in the door open state, the spindle motor enters free run state. (The spindle motor can also enter the controlled stop state when the safe speed range is exceeded, depending on the parameter setting.)
If the spindle motor is not decelerated, the system enters the safe stop state.
4. SVAx/SVBx,SPAs/SPBs Safety Speed / Safety Position Selection signal (input)
These signals are monitored in redundant mode. SVA/SVB are the signals to select safety speed / safety position for each servo axis.
SPA/SPB are the signals to select safety speed for each spindle. (The values of safety speed / safety position are given by the parameters.)
5. *SMC MCC Contact State signal (input)
The MCC contact state is monitored in redundant mode. In normal operation, the MCC is closed, therefore whether the contact of a relay is in an abnormally closed state cannot be detected. In the test mode, it can be detected whether the contact of relay is abnormally closed.
6. *DCALM, *MCF, *MCFVx, *MCFPs MCC Off signal (output)
With these signals, the MCC is shut off by 2 channels I/O when either one of these signals state is “0”. *DCALM is to allow turning off MCC of all system when I/O cross check alarm or some problems of safety check function are found.
*MCF is to allow turning on MCC of each machine group according to emergency stop or MCC off Test. *MCFVx is to allow turning on MCC of each axis according to monitor safety speed or machine position or position error of servo axis. *MCFPs is to allow turning on MCC of each spindle according to the result of monitoring safety speed of spindle.
These signals are assigned on both PMC and DCS PMC. Machine tool builder must output the signal to shut off MCC when either one of these signal is “0”.
7. BRKx Safety Brake signal (output)
These signals are output to control the brake of each servo axis.
8. SPS1 to SPS32 (SPS33 to SPS64 in case of 2 or more path) Safety Position Switch (output)
These signals show whether the machine position of each axis is stayed within the range specified by the parameters or not.
- 16 -
B-64483EN-2/01 |
3.SAFETY FUNCTIONS |
9. Programmable Safety I/O signals (input/output)
The 8 bytes (64 bit) programmable safe I/Os can be freely defined as the different address from the above safety-related I/Os. Each byte of 8 byte programmable safe I/Os can be assigned on either address of X/ Y/R/D or K by parameter. Each byte of the programmable safe I/O between the PMC and DCS PMC is cross-checked by the CNC and PMC. The combinations of cross-checking these signals are defined by using Safety parameters as follows.
Signal type |
Combination No. |
DCS PMC |
PMC |
input |
1 |
No.11950 |
No.11970 |
|
2 |
No.11951 |
No.11971 |
|
3 |
No.11952 |
No.11972 |
|
4 |
No.11953 |
No.11973 |
|
5 |
No.11954 |
No.11974 |
|
6 |
No.11955 |
No.11975 |
|
7 |
No.11956 |
No.11976 |
|
8 |
No.11957 |
No.11977 |
output |
1 |
No.11960 |
No.11980 |
|
2 |
No.11961 |
No.11981 |
|
3 |
No.11962 |
No.11982 |
|
4 |
No.11963 |
No.11983 |
|
5 |
No.11964 |
No.11984 |
|
6 |
No.11965 |
No.11985 |
|
7 |
No.11966 |
No.11986 |
|
8 |
No.11967 |
No.11987 |
Signals other than safety-related I/O
The following signals are not safety-related signals (are not checked in redundant mode) but are important signals in the dual check safety system. The machine tool builder must create an appropriate Ladder program with these signals.
IMPORTANT
The error of ladder program cannot be checked by safety function itself. Please make sure to check safety function (see Chapter 7).
10. *OPIHB Guard Open Inhibit signal (output)
When the Guard Open Request signal (ORQ) is input to “1”, the CNC sets this signal. The machine tool builder must design the PMC ladder logic by this signal. The ladder must confirm safety machine position and safety speed. If the result of confirmation is judged safe, the ladder turns on the signal to release guard lock and outputs the signal to open the actual protective door.
If the protective door is unlocked (*SGOPN becomes “0”) while the signal is set to 0, the ladder must notify alarm occurrence to an operator by lighting a lamp or so on and bring the motor into the safe stop state.
NOTE
This signal is not output while MCC off Test is executing.
11. RSVx, RSPs Monitoring Result signal (output)
These signals show the result of monitoring safety machine position and safety speed of each axis and the result of monitoring safety speed of each spindle. When Guard Open Inhibit signal (*OPIHB) is set to “1”, a machine tool builder can judge whether the machine is in the safety state or not according to these signals. If safety is confirmed as a result, turn on the signal to unlock the guard lock and output the signal to open the actual protective door.
- 17 -
3.SAFETY FUNCTIONS |
B-64483EN-2/01 |
12. POSEx Position Information Effect signal (output) |
|
This signal is output when Dual Check Safety Function is effective and the reference point is established. When the reference point is not established, the machine system is in danger state because Safety Machine Position Monitoring and Safety Position Error Monitoring are not active. If this signal is “0”, Machine Tool Builder has to control not to open the protective door.
13. ORQ Guard Open Request signal (input)
When this signal is input, the CNC set the Guard Open Inhibit signal (*OPIHB) to “1” (Guard open accept). The PMC ladder program of a machine tool builder confirms the safety machine position and the safety speed. If both machine position and speed are judged within safe range according to the result of confirmation, the guard unlock signal is set to 1 (guard unlock enabled). The machine tool builder must provide an output signal that opens the actual protective door through the PMC.
14. OPT Test Mode signal (input)
When the signal is input, a MCC off Test is executed. The MCC off Test checks whether the contact of the MCC is abnormally closed. When carrying out the MCC off Test manually, input this signal after the preparation of a MCC off Test is completed.
15. RQT MCC Off Test Execution Request signal (output)
If the execution of a MCC off Test is required, this signal is output. At power-on, this signal is always output. If this signal is output, a MCC off Test must be executed.
16. STBT Brake Test Start signal
This signal is used to start or resume a brake test. When the brake test is completed successfully, the Brake Test Execution Request signal RQBT is set to "0", causing the state of this signal to change from "1" to "0" as well.
Changing the state of this signal from "1" to "0" during the brake test causes the test to be interrupted. In that case, the test ends as soon as the test sequence being executed is completed when the signal is set to "0".
17. RQBT Brake Test Execution Request signal
This signal is used to request a brake test. If the signal is set to "1", please execute the brake test. Even if this request signal is set to "1", the operation is allowed to continue until the current stage of machining is completed. To ensure safety, however, when the current stage of machining is completed, be sure to start a brake test by setting the Brake Test Start signal STBT to "1".
Guard Open Request signal and Guard Unlock signal
CNC(PMC)
Door open request
24V
X |
G |
Protective door |
|
Ladder |
ORQ |
|
|
ORQ-I |
|
||
|
|
||
*OPIHB |
F |
Y |
|
Ladder |
|||
|
|||
RSVx |
F |
Protective |
|
door lock |
|||
RSPx |
|
||
F |
|
||
POSEx |
|
||
|
|
The figure shows a sample connection of the protective door open request switch and the guard unlock signal. In the normal state, the door lock state is changed as follows before the safety monitoring state is established.
- 18 -
B-64483EN-2/01 3.SAFETY FUNCTIONS
Door lock state transition
|
|
|
*OPIH |
RSVx |
|
Protective |
|
|
|
ORQ-I |
ORQ |
POSEx |
door lock |
|
|
||
|
B |
RSPs |
|
|
||||
|
|
|
|
|
|
(*SGOPN) |
|
|
A |
0 |
0 |
0 |
|
|
Locked |
A protective door open request is not |
Normal |
|
|
|
|
|
|
|
made, and the door is locked. |
operating state |
B |
1 |
0 |
0 |
|
|
Locked |
A guard open request is made. |
|
C1 |
1 |
1 |
0 |
|
|
Locked |
The request is transferred to the CNC. |
|
C2 |
1 |
1 |
1 |
|
|
Locked |
The CNC receives the request. |
|
D |
1 |
1 |
1 |
1 |
1 |
Locked |
Reference point is established and a safe |
|
|
|
|
|
|
|
|
speed check, a machine position check |
|
|
|
|
|
|
|
|
and a position error check prove that there |
|
|
|
|
|
|
|
|
is no failure and that the CNC can enter |
|
|
|
|
|
|
|
|
the safe state. |
|
E |
1 |
1 |
1 |
1 |
1 |
Unlocked |
The actual safety door is unlocked. |
Safety function |
|
|
|
|
|
|
(*SGOPN=0) |
Operations can be performed with the |
is enabled. |
|
|
|
|
|
|
|
door open. |
|
D |
1 |
1 |
1 |
1 |
1 |
Locked |
The door is closed and locked again. |
|
F |
0 |
1 |
1 |
1 |
1 |
Locked |
The guard open request is canceled. |
|
G |
0 |
0 |
1 |
1 |
1 |
Locked |
The CNC is notified of the release of the |
|
|
|
|
|
|
|
|
above request. |
|
A |
0 |
0 |
0 |
|
|
Locked |
The CNC receives the release of the |
|
|
|
|
|
|
|
|
above request. |
|
NOTE
The PMC ladder must be designed to monitor whether the protective door is open (*SGOPN is set to 0) while ORQ is set to 0. If the door open is detected, the PMC ladder judges that an abnormal event has occurred and enters the safe stop state. This can occur, for instance, when the door happens to open (or to be unlocked) while machining is in progress with the protective door closed.
Timing diagram from door close state to door open state
The following diagram shows the timings at which the door is opened and closed again.
ORQ_P
ORQ
*OPIHB
RSVx
RSPs
POSEx
Actual door unlock signal
*SGOPN (Safety related I/O signal)
Door closed |
Door opened |
Door closed |
|
|
Actual door unlock signal
(1) |
(2) |
(3) |
(4) |
(5) |
- 19 -
3.SAFETY FUNCTIONS |
B-64483EN-2/01 |
(1)When the Guard Open Request signal (ORQ) is input, the CNC returns the answer signal (*OPIHB) to PMC.
(2)The PMC ladder program checks that the machine position, speed and position error are within safe
ranges by the Monitoring Result signal (RSVx/RSPs) and the reference point is established by the Position Information Effect signal (POSEx). Then, it turns on the guard unlock signal. (Caution)
This example assumes that the protective door has an electromagnetic lock mechanism. While the door is open, the unlock signal is turned off.
(3)The door is open.
(4)The protective door is closed and locked. After this, the Guard Open Request signal (ORQ) must be turned off. (Caution)
(5)When the Guard Open Request signal (ORQ) is turned off, the CNC turned off the answer signal (*OPIHB).
CAUTION
1The RSVx and RSPs are redundant and output to both PMCs (PMC and
DCSPMC). Since the RSVx and RSPs signals, the monitoring results of two independent circuits, are output to two PMCs, the output states of the results may not match temporarily (when, for example, the spindle speed is close to the safe speed). Therefore, keep the following in mind when only RSVx and RSPs are used as conditions for releasing a guard lock. Confirm that RSVx and RSPs of the PMCs (PMC and DCSPMC) are both placed in the safe state before releasing a guard lock. When RSVx and RSPs of one PMC are used as conditions for releasing a guard lock, keep in mind that, before releasing a guard lock, wait until the speed becomes low enough after RSVx and RSPs enter the safe state.
When the protective door is assumed to be open if RSVx and RSPs of only one PMC enter the safe state, a safe speed limit monitoring alarm may occur depending on the result of the other monitoring state.
2Ensure a time of 100 ms or longer (“t” in the figure) from when the door is closed
(locked) until the Guard Open Request signal (ORQ) goes off. If this time requirement is not satisfied, an alarm may be raised when the door is closed (locked).
Design an operator panel to inform an operator that Guard Open Request signal
(ORQ) is turned on by lighting a lamp.
3.5EMERGENCY STOP
The Emergency Stop signal is monitored in redundant mode. When the emergency stop is input, the servo motor slows down to a stop (Caution) and enters the dynamic brake stop. The spindle slows down to a stop (Caution) as instructed by the PMC (Ladder program), and then the power is shut off.
CAUTION
To enable the function to slow down and stop the servo motor, the corresponding parameter must be specified. If the parameter is not specified, the motor immediately enters the dynamic brake stop state.
The spindle motor slows down and stops as instructed by the PMC (Ladder program). If the PMC does not instruct this, the motor maintains the high speed prior to the power-down and coasts. If an illegal speed is specified because of a failure on the PMC side while the safety function is active (the protective door is open), the CNC enters the safe stop state.
- 20 -
Loading...