HEIDENHAIN Functional Safet Technical Manual
Technical Manual
Functional Safety (FS)
NC software iTNC 530 HSCI
606 420-02
606 421-02
NC software TNC 640
340 590-01
340 591-01
April 2012
Contents
1 Update Information
1.1 General information............................................................................7
1 Update Information No. 02 – Functional Safety
1.1 Overview..............................................................................................9
1.1.1 Released service packs ............................................................9
1.2 NC Software 606 42x-01 SP 06 ........................................................10
1.2.1 Important notes......................................................................10
1 Update Information No. 03 – Functional Safety
1.1 Overview............................................................................................13
1.1.1 Released service packs ..........................................................13
1.2 NC Software 606 42x-02...................................................................14
1.2.1 Important notes......................................................................14
1.2.2 New splcapimarker.def definition file.....................................15
1.3 New Safety Functions ......................................................................17
1.4 (S)PLC.................................................................................................21
1 Update Information No. 04 – functional safety
1.1 Overview............................................................................................25
1.1.1 Service packs released for the iTNC 530 HSCI.......................25
1.1.2 NC software versions released for the TNC 640....................25
1.2 Notes..................................................................................................26
1.2.1 NC software 340 59x-01, 606 42x-02 SP 02...........................26
1.2.2 General information................................................................26
1.3 NC software 340 59x-01 (TNC 640)..................................................27
1.3.1 Notes......................................................................................27
2Introduction
2.1 Meaning of the symbols used in this manual ................................29
2.2 Warnings............................................................................................30
2.3 Proper and intended operation........................................................33
2.4 Trained personnel .............................................................................33
2.5 General information..........................................................................34
2.6 Overview of FS components............................................................40
2.6.1 List of approved control components.....................................41
2.6.2 List of approved inverter components....................................44
2.6.3 Differences between systems with and without
functional safety (FS) ..............................................................46
April 2012 3
3 Directives and standards
3.1 Applicable directives.........................................................................49
3.2 Basis for testing ................................................................................50
3.3 Requirements on safety integrity....................................................53
3.4 SIL and target failure measures.......................................................53
3.5 Storage and operating temperatures .............................................53
3.6 Limit values for EM noise immunity...............................................53
3.7 Mission time......................................................................................53
4 Realization and safety functions
4.1 Glossary .............................................................................................55
4.2 Realization of the HEIDENHAIN safety system..............................59
4.3 Activation of functional safety (FS).................................................59
4.4 (S)PLC programs ...............................................................................60
4.5 SPLC ...................................................................................................61
4.6 SKERN................................................................................................63
4.7 Cross comparison .............................................................................66
4.8 Description of the safety/monitoring functions ............................67
4.8.1 Overview of the safety functions ...........................................67
4.8.2 Overview of monitoring functions ..........................................69
4.8.3 Safe stop 0 (SS0)....................................................................70
4.8.4 Safe stop 1 (SS1) – Fastest possible stopping .......................71
4.8.5 Safe stop 1D (SS1D) – Delayed SS1.......................................74
4.8.6 Safe stop 1F (SS1F) – Fastest possible stopping ...................74
4.8.7 Safe stop 2 (SS2) – Controlled stopping.................................75
4.8.8 Summary of the stop reactions ..............................................79
4.8.9 Safe torque off (STO)..............................................................81
4.8.10 Safe operating stop (SOS) ......................................................83
4.8.11 Safely limited speed (SLS)......................................................84
4.8.12 Safely limited position (SLP)...................................................85
4.8.13 Safe brake control (SBC).........................................................88
4.8.14 Safely limited increment (SLI).................................................89
4.8.15 Nominal-actual value comparison...........................................89
4.8.16 Nominal-actual value comparison with position values ..........90
4.8.17 Nominal-actual value comparison with speed values .............90
4.8.18 Protection against unexpected start-up..................................91
4.8.19 dv/dt monitoring of the braking processes.............................92
4.8.20 Response times, definitions, demand rates...........................93
4.8.21 Safe status bits.......................................................................98
4.8.22 Fault reaction to safe status bits ..........................................101
4.8.23 Behavior when a fault is detected........................................103
4.8.24 Stop reactions depending on the fault situations .................105
4.9 Special features of various software versions.............................112
4.10 Requirements the application must meet....................................116
4.11 Remaining risks...............................................................................118
4 HEIDENHAIN Technical Manual Functional Safety (FS)
5 Safety-related MPs and signals
5.1 Safety-related machine parameters (SMPs).................................119
5.2 SMP commissioning.......................................................................142
5.3 Acceptance test...............................................................................149
5.4 Safety-related hardware signals....................................................150
5.5 Further settings...............................................................................154
6 Safety-related operating modes and
interfaces
6.1 Operating modes (SOM Safe Operating Modes).........................157
6.1.1 Operating mode 1 (SOM_1)..................................................158
6.1.2 Operating mode 2 (SOM_2)..................................................159
6.1.3 Operating mode 3 (SOM_3)..................................................161
6.1.4 Operating mode 4 (SOM_4)..................................................163
6.1.5 Operating mode – restricted spindle operation (SOM_S).....165
6.1.6 Operating mode selection – inputs.......................................166
6.1.7 Configuration of axis groups.................................................168
6.1.8 Magazine axes......................................................................170
6.1.9 Non-safe axes and spindles..................................................171
6.1.10 Electronic handwheel ...........................................................172
6.1.11 Use of several operating units..............................................175
6.2 Safety-related hardware interfaces...............................................176
6.2.1 Interfaces of the SPL............................................................176
6.2.2 Interfaces of the SMOP........................................................186
6.2.2.1 Interfaces of the handwheel (HR).........................................189
7 Safety-Related Tests and Forced
Dynamic Sampling
7.1 Safety Self-Test...............................................................................191
7.2 Self-Test Sequence .........................................................................194
7.3 Test of the cut-out channels ..........................................................197
7.4 Test of machine control voltage....................................................198
7.5 Test of the chain of normally closed contacts .............................198
7.6 Test of the guard doors..................................................................198
7.7 Test of the motor brake control ....................................................199
7.8 Motor Brake Test ............................................................................202
7.8.1 Brake test of the iTNC 530 for synchronized axes ...............204
7.8.2 Brake test of the TNC 6xx for synchronized axes.................211
7.8.3 Brake test with PLC module 9143........................................215
7.9 Test of the machine configuration ................................................217
7.10 Test of the machine keys and permissive buttons/keys.............217
7.11 Test of the emergency-stop circuit ...............................................217
April 2012 5
8 SPLC – safety-related PLC
8.1 General information........................................................................219
8.2 Safe software structure..................................................................220
8.3 Software structure of PLC / SPLC .................................................220
8.4 Glossary ...........................................................................................221
8.5 SPLC development tool..................................................................223
8.6 PLC and SPLC programs.................................................................224
8.7 Safety of the SPLC program ..........................................................226
8.8 Requirements to be met by the SPLC program...........................227
8.8.1 Axis groups / working spaces for an example
milling machine.....................................................................227
8.8.2 Moving the axes with open guard doors..............................228
8.9 Interfaces of the SPLC ....................................................................229
8.9.1 The splcapimarker.def definition file.....................................229
8.9.2 Safety-related inputs, FS inputs............................................231
8.9.3 Safety-related outputs, FS outputs.......................................232
8.9.4 SKERN --> SPLC programming interface..............................234
8.9.5 SPLC --> SKERN programming interface..............................237
8.9.6 PLC --> SPLC programming interface...................................238
8.9.7 SPLC --> PLC programming interface...................................240
8.9.8 Diagnosis of the SPLC operands..........................................241
8.10 Tasks of the SPLC program............................................................242
8.10.1 Operation with open guard door...........................................242
8.10.2 Selecting a safety-related operating mode (SOM)................243
8.10.3 Requirements to be met by SPLC outputs...........................243
8.10.4 Requirements on the data of the ApiToSafety structure......246
8.10.5 Filtering of inputs..................................................................265
8.11 Sample cases...................................................................................267
8.11.1 Movement of NC axes and spindle ......................................267
8.11.2 Movement of the axes of the tool magazine........................274
6 HEIDENHAIN Technical Manual Functional Safety (FS)
1 Update Information
1.1 General information
Update Information for the Functional Safety Technical Manual appears at
irregular intervals, often as part of a new software version. This is preliminary
information in PDF format, containing brief descriptions of new software
functions as well as new hardware components. After the Update Information
has been published, the new items are included in the Functional Safety
Technical Manual.
The Technical Manual and each Update Information are saved in the
HEIDENHAIN HESIS-Web including Filebase on the Internet, where
registered users can access them at http://portal.heidenhain.de.
Registered users of the HEIDENHAIN HESIS-Web including Filebase on the
Internet receive an e-mail notification when a new Update Information
appears.
This version of the Technical Manual includes all Update Information
documents up to and including number 04, meaning that the contents of this
Technical Manual correspond to the scope of functions of software version
606 42x-02 for the iTNC 530 HSCI or 340 59x-01 for TNC 640.
April 2012 1.1 General information 7
8 HEIDENHAIN Technical Manual Functional Safety
1 Update Information No. 02 – Functional Safety
1.1 Overview
1.1.1 Released service packs
The following service packs were released for 606 42x-01:
Service pack 01: August 2010
Service pack 02: December 2010
Service pack 03: February 2011
Service pack 04: March 2011 (not for functional safety)
Service pack 05: May 2011 (approved for functional safety)
Service pack 06: October 2011
(approved for functional safety)
October 2011 1.1 Overview 9
1.2 NC Software 606 42x-01 SP 06
1.2.1 Important notes
SS1D when MP549 = 2 leads to SS2 with subsequent SOS of the axis
group
In case of an SS1D for an axis group (e.g., for the spindle when releasing the
permissive key while the door is open) the system until now waited until all
interlinked axis groups (SMP610.x) had terminated an active SS2 or SS1D.
Then all drives of the affected axis group (e.g., the spindle) were stopped
with an SS1. Until now this always led to removal of power from the axis
group (STO) for which the SS1D had been initiated.
As of service pack 06, if SMP549.x = 2 is set, the axis group (e.g., the
spindle) for which an SS1D was initiated is braked with an SS2 after the
interlinked axis groups have been braked. At standstill SOS becomes active
for this axis group instead of STO. This means that in case of an SS1D or
SS2 at standstill, SMP549.x = 2 leads to the SOS state.
Please note that upon SS1D this function now initiates an SS2 stop reaction
for the affected axis group, and not an SS1 as previously.
SMP (iTNC 530): SMP549.x
Description: Axis-group-specific configuration defining whether
Input: 0: Default (spindle in STO, axes in SOS)
the axis group is to be switched to SOS instead of
STO upon an initiated SS1D or SS2 (e.g., spindle)
(used for lathes).
1: Axis group in STO upon SS1D or SS2
2: Axis group in SOS upon SS1D or SS2
Default value: 0
10 HEIDENHAIN Technical Manual Functional Safety
Display of the installed NC software and SKERN software
If you press the MOD key in any operating mode, the ID numbers and
versions of the installed software packages are displayed:
NC : software number: NC software with date
PLC : software number: PLC program
SG: SKERN software of the MC
DSPx: DSP software of CC number x
DSPSGx: SKERN software of CC number x
ICTLx: Current controller of CC number x
October 2011 1.2 NC Software 606 42x-01 SP 06 11
12 HEIDENHAIN Technical Manual Functional Safety
1 Update Information No. 03 – Functional Safety
1.1 Overview
1.1.1 Released service packs
The following service packs were released for 606 42x-01:
Service pack 01: August 2010
Service pack 02: December 2010
Service pack 03: February 2011
Service pack 04: March 2011 (not for functional safety)
Service pack 05: May 2011 (approved for functional safety)
Service pack 06: September 2011
(approved for functional safety)
The following software versions were released for applications with integrated
functional safety (FS):
606 42x-02: December 2011
March 2012 1.1 Overview 13
1.2 NC Software 606 42x-02
Note
1.2.1 Important notes
Release of software
for FS applications
Until now you received a HEIDENHAIN Filebase Info when a new NC software
version or service pack was released for applications with integrated
functional safety (FS). The software could then be downloaded from the usual
directories for your control via HESIS-Web including Filebase (e.g. Controls/
iTNC 530/Software EXLREQ).
In order to improve the overview of which software versions have been
released for applications with integrated functional safety (FS), new directories
were created in HESIS-Web including Filebase. These directories have the
additional code "FS" in their name (e.g. Controls/iTNC 530/
Software FS EXLREQ). Once HEIDENHAIN has released the respective NC
software for applications with integrated functional safety, the NC software
will be stored in these new directories. Every software version that you find in
these FS directories has been released for applications with integrated
functional safety (FS). You will continue to be informed about released
software via HEIDENHAIN Filebase Infos. When downloading NC software
from one of the existing standard directories, you will be informed that these
software versions are not approved for use with integrated functional safety
(FS).
Controls using integrated functional safety (FS) from HEIDENHAIN are to
be operated only with software versions found in the HESIS-Web including
Filebase directories with FS in their names.
The same applies to Technical Manuals and Update Information documents
for functional safety. Starting immediately, these will also be in directories
identified with "FS" (e.g. Controls/iTNC 530/Documentation FS OEM).
PLC outputs Single-channel outputs (standard PLC outputs) configured as output type 3
(switch-off upon EMERGENCY STOP) with IOconfig until now were not
switched off automatically upon an emergency stop. The PLC program had to
switch the outputs off. With software version 02 these single-channel PLC
outputs will be switched off automatically when an external or internal
emergency stop is initiated. The outputs remain switched off until the
emergency-stop is rescinded and the control voltage has been switched back
on. Just rescinding the emergency-stop situation does not suffice to switch
these outputs back on.
14 HEIDENHAIN Technical Manual Functional Safety
1.2.2 New splcapimarker.def definition file
Software version 606 42x-02 contains a slightly modified splcapimarker.def
definition file (version 56). However, the modifications are only preparatory
measures for future enhancements. In software version 02 they do not result
in any direct improvements of any functions. The number of possible axes was
raised from 18 to 22, which shifts the spindle index to 22. This change results
in a new memory layout of the SPLC run-time system, which necessitates a
new acceptance test. Version 55 of splcapimarker.def must be replaced by
version 56 after the software update.
Proceed as follows:
Replace the splcapimarker.def file:
During the update of the NC software, a new version of splcapimarker.def
was automatically copied to the PLC partition of the control.
Switch to the Programming and Editing operating mode.
Enter the MOD code number 807667 to switch to the PLC Programming
mode of operation.
Press the PGM MGT key to open the file manager.
Switch to the PLC:\proto\plc directory.
Copy splcapimarker.def to the program directory of your SPLC program.
Overwrite the existing splcapimarker.def file.
Change the entry in SMP693 for the new SPLC-API version to 56.
Put the change in SMP693 into effect after rebooting the control by using
the OEM password
Check and compile the SPLC program with the new splcapimarker.def file.
The following message than appears, since the intermediate and binary
code of the SPLC program has changed:
March 2012 1.2 NC Software 606 42x-02 15
Included in the message, under the heading "Additional information," are the
Note
Danger
new CRC checksums for the intermediate code, binary code MC and binary
code CC. Enter these values in SMPs 691.0, 691.1 and 691.2.
Put the changes in SMP691.x into effect after rebooting the control by using
the OEM password.
Please also copy the splcapimarker.def file to your PC as well, and add it to
the PLCdesignNT project. Otherwise, during the next transfer of SPLC
project files to the control, the file might be overwritten by the old version.
The SPLC-API programming interface can also be included in the standard PLC
program (INCLUDE). If this is the case, the data from ApiFromSafety and
ApiToSafety are copied to the double-word range of the PLC. This data can
then be used for additional interrogations or diagnostic purposes in the PLC
program.
Since the number of possible axes was raised from 18 to 22 (indexes 0 to 21),
the index of the first spindle is shifted to 22. Please take this into account in
your SPLC program, and make any necessary adjustments. So that you don't
always have to modify the SPLC program when there are such changes in the
future, HEIDENHAIN recommends using the constant FIRST_SPINDLE for the
spindle in the SPLC program.
You must subject the machine to a new acceptance test, as a consequence
of the changed SPLC-API version.
16 HEIDENHAIN Technical Manual Functional Safety
1.3 New Safety Functions
Extended SPLC diagnostics
• A predefined watch list is available for the static diagnosis of the SPLC
markers defined in splcapimarker.def. It can be called from the PLC
diagnostics via the WATCH LIST soft key and the program manager
(PGM MGT key). The file can be found at: PLC:\DEBUG\SPLCAPI.WLT
• Under the DIAGNOSIS soft key in the PLC operating mode there is
another soft key: GENERATE TRACE FILES. Pressing it triggers the
generation of HSCI and SPLC trace files. These files (xxx.trace and
xxx.sco) are stored in the folder PLC:\DEBUG\.
Display of the installed NC software and SKERN software
If you press the MOD key in any operating mode, the ID numbers and
versions of the installed software packages are displayed:
NC : software number: NC software with date
PLC : software number: PLC program
SG: SKERN software of the MC
DSPx: DSP software of CC number x
DSPSGx: SKERN software of CC number x
ICTLx: Current controller of CC number x
Standstill monitoring in SOS state
If, however, the maximum permissible path defined in SMP545.x (limit
value for standstill monitoring in [mm] or [°]) was exceeded while adhering
to the limit values for the spindle speed and axis feed rate in SOS, the SS0
safety function was initiated globally for all axes, and SS1 for the spindles.
Now an SS0 reaction is initiated for the affected drive (axis or spindle), and
an SS1F reaction for all other drives.
March 2012 1.3 New Safety Functions 17
Standstill monitoring of the spindle with SS2
The new machine parameters SMP556, SMP557 and SMP558 can be used
to specify a maximum value for standstill monitoring of the spindle upon on
SS2 reaction. If the permitted number of spindle revolutions are exceeded
during the SS2 reaction, an SS1 reaction is initiated.
• SMP556 - Maximum value for standstill monitoring during SS2 of
spindle in SOM_2
Input: 1 to 100 [revolutions]
Default value = 2
• SMP557 - Maximum value for standstill monitoring during SS2 of
spindle in SOM_3
Input: 1 to 100 [revolutions]
Default value = 5
• SMP558 - Maximum value for standstill monitoring during SS2 of
spindle in SOM_4
Input: 1 to 100 [revolutions]
MP1310.x – Sequence for approaching the test positions
The axis sequence of the soft keys for approaching the test positions can
now be configured with MP1310. As previously, the operator can change
the sequence by selecting the soft keys. The parameter index determines
the position of the soft key in the soft-key row. The value of the parameter
defines the axis to be displayed in the soft-key image in reference to MP100.
All parameters after a programmed value 0 are not taken into consideration.
The remaining safe axes is shown in the same sequence as in MP100. If a
negative value is entered, the axis is shown in gray, and only becomes active
once the axes with positive entries have been moved to the reference point
or the operator selects the axis.
Example:
MP100: CBAaZYX
MP1310.0: 7
MP1310.1: 6
MP1310.2: -4
MP1310.3: 0
Soft-key row: C B a X Y Z A a=gray
Default value = 5
Input in MP1310.x:
1 to 18 [number indicating the axis' position in the test sequence]
0 = Not active
Displaying the distance-to-go during axis check
During the automatic movement of an axis in the "Check axis position" mode
to the test position, the distance-to-go display showed the distance
remaining to the software limit switch instead of the distance remaining to
the test position. Now, for approaching the test position and for incremental
jog, the distance remaining to the target is displayed.
Analog axes via CMA-H
As of software version 606 42x-02, analog axes can be configured and
operated via the CMA-H module. The integrated functional safety from
HEIDENHAIN does not monitor analog axes. Monitoring, switch-off, etc.
must occur through suitable external circuitry.
18 HEIDENHAIN Technical Manual Functional Safety
SS1D when MP549 = 2 leads to SS2 with subsequent SOS of the axis
group
In case of an SS1D for an axis group (e.g., for the spindle when releasing the
permissive key while the door is open) the system until now waited until all
interlinked axis groups (SMP610.x) had terminated an active SS2 or SS1D.
Then all drives of the affected axis group (e.g., the spindle) were stopped
with an SS1. Until now this always led to removal of power from the axis
group (STO) for which the SS1D had been initiated.
As of NC software version 606 42x-01 SP 06, if SMP549.x = 2 is set, the axis
group (e.g., the spindle) for which an SS1D was initiated is braked with an
SS2 after the interlinked axis groups have been braked. At standstill SOS
becomes active for this axis group instead of STO. This means that in case
of an SS1D or SS2 at standstill, SMP549.x = 2 leads to the SOS state.
Please note that upon SS1D this function now initiates an SS2 stop reaction
for the affected axis group, and not an SS1 as previously.
SMP (iTNC 530): SMP549.x
Description: Axis-group-specific configuration defining whether
the axis group is to be switched to SOS instead of
STO upon an initiated SS1D or SS2 (e.g., spindle)
(used for lathes).
Input: 0: Default (spindle in STO, axes in SOS)
1: Axis group in STO upon SS1D or SS2
2: Axis group in SOS upon SS1D or SS2
Default value: 0
Protection against unexpected movement with SMP 549.x = 2
If SMP549.x = 2 for the axis group (including spindles), the axis group now
remains in the SOS state or under control in the following cases even while
at standstill. This means that there is no automatic transition to STO:
• if the permissive key or button is not pressed at standstill or while in the
SOS state.
• if the override potentiometers are at 0% when guard doors are opened.
• if M19 is active when guard doors are open (only for spindle axis group).
March 2012 1.3 New Safety Functions 19
Diagnosis of the SPLC inputs and outputs
In the PLC programming mode (code number 807667) the last soft-key row
under the table function (TABLE soft key) has a soft-key called S-PLC
DIAGNOSIS. There you will find a list of all FS inputs and FS outputs, along
with their current state. The regular FS outputs as well as the "special"
outputs, such as TEST.A, TEST.B, STO.A.G and STOS.A.G, are also shown.
The table shows the operand address, the state of the A and B channel
inputs, and the symbolic name.
Fault reaction to safe status bits
Until now, if –PF.PS.DC was active, the watchdogs of the MC were not
retriggered. The other HSCI participants therefore detected the MC as being
defective, and it was not possible to switch off the DC-link voltage without
an error message. Until now the CC initiated an SS1 reaction. The SKERN
MC and CC now no longer evaluate the -PF.PS.DC status bit, and there is no
longer a reaction by the SKERN.
20 HEIDENHAIN Technical Manual Functional Safety
1.4 (S)PLC
The PLC Module 9143 for triggering the brake test can now also be used in
systems with functional safety. The brake test during the safety self-test is not
affected by this, and continues to test the motor holding brake. It is now
possible, via this module and the (S)PLC program, regardless of the self-test,
to test the motor holding brakes at any time for specific axes, and even for
specific brakes of an axis. The module only tests the holding torque of the
brake, but not the dual-channel controllability of the brake. The dual-channel
controllability is still part of the self-test. The procedure for testing two brakes
of an axis via Module 9143 could be as follows:
The SPLC program controls the opening and closing of the brake
simultaneously for the motor holding brake and the supplementary brake
The SPLC program controls the opening and closing of the brake only for the
motor holding brake
The supplementary brake is opened
PLC Module 9143 performs the brake test for the motor holding brake
The SPLC program controls the opening and closing of the brake
simultaneously for the motor holding brake and the supplementary brake
The SPLC program controls the opening and closing of the brake only for the
supplementary brake
The motor holding brake is opened
PLC Module 9143 performs the brake test for the supplementary brake
The SPLC program controls the opening and closing of the brake
simultaneously for the motor holding brake and the supplementary brake
Module 9143 Activate the brake test
With this module an axis-specific brake test with the configuration from the
machine parameters or with other values for MPs 2230 and 2232 can be
started. Refer also to the information in the Technical Manual of your control.
Constraints:
Synchronized axes
For synchronized axes, only the brake test of the master can be configured
and requested via the PLC module. If a brake test for an associated slave
drive of the synchronized axis is configured via MP2230.x, then the slaves
are automatically tested together with the master. The settings in the
machine parameters are used for the brake test of the slave drives.
In order to start the brake test of synchronized axes via PLC Module 9143,
all drives of a synchronized axis must be switched on via the PLC program
before the brake test can be performed. If a servo drive involved is not
switched on, the brake test is canceled with the error message 8330 Brake
test was canceled.
Programming it in a submit job blocks other submit jobs until the test is
completed.
The PLC module automatically passes the processing time to other spawn
and submit processes.
March 2012 1.4 (S)PLC 21
Call:
PS K/B/W/D <>Axis number>
0 = 1st axis, 1 = 2nd axis, etc.
PS K/B/W/D <>Multiplier for motor stall current>
Value in 1/1000 or
0: Default MP2230 (factor of nominal current)
PS K/B/W/D <>Permissible traverse path>
Value in 0.1 [um] or
0: Default MP2232
CM 9143
PL B/W/D <>Status/Error>
0: Brake OK
1: Brake defective
2: Invalid axis or negative values for rated current or traverse
path
3: Call during running NC program or during other PLC jobs
4: Call was made from a cyclic PLC program
5: Error during data exchange
6: Not allowed for safe control
7: Drive not ready
8: Brake test was canceled (e.g. by emergency stop)
Error recognition:
Marker Val ue Meaning
M4203 0 No error
1 Error code in W1022
W1022 2 Invalid axis programmed (invalid axis number, not a
closed-loop axis, axis currently open-loop axis or slave
axis) or negative values for the traverse path or current
are programmed
8 Module is not allowed for control with functional
safety
20 Module was not called in a spawn job or submit job
21 Call during program run or during other active PLC jobs
for the programmed axis
40 Drive not ready
45 Canceled due to error during data exchange or due to
external influences (e.g. emergency stop)
22 HEIDENHAIN Technical Manual Functional Safety
Module 9037 Read FS status information
PLC Module 9037 determines safety-oriented information. The number of the
desired information, and possibly another number (for certain information)
must be programmed in the module.
Constraints:
Only for HSCI-based systems with SPLC can the time until the next self-test
be interrogated via number 4.
The causes for the stop reactions (number 7) are not stored statically. The
values are only set for the time in which the stop reaction occurs.
Call:
PS B/W/D/K/S<>Number of the status information>
0 to 3: Reserved
4: Time until the next self-test
5: Spindle speed at open guard door
6: Axis feed rate with open guard door
7: Stop reaction of axis group
PS B/W/D/K <>Number of the additional information>
For info 5: Spindle number starting with 0
For info 6: Axis number starting with 0
For info 7: Axis-group number starting with 0
CM 9037
PL B/W/D <>Type of operand>
0: Error
Response from the status information
For info 4: Time until the next self-test in seconds
For info 5: Spindle speed at open guard door in 0.001 [1/min]
For info 6: Feed rate with open guard door in 0.001 [mm/
min] or [°/min]
For info 7: Stop reaction of axis group
(0 = no stop reaction, 1 = SS2, 2 = SS1D, 3 = SS1,
4=SS1F, 5=SS0)
Error recognition:
Marker Valu e Meaning
M4203 0 No error
1 Error code in W1022 (also see return values of the
module)
W1022 1 Invalid number of the status information
2 Invalid number of the axis group, axis or spindle
43 The module was called in a control without integrated
functional safety
51 This status information is not supported by this
system
March 2012 1.4 (S)PLC 23
24 HEIDENHAIN Technical Manual Functional Safety
1 Update Information No. 04 – Functional Safety
Hinweis
1.1 Overview
1.1.1 Service packs released for the iTNC 530 HSCI
The following service packs for software version 606 42x-01 will be released
for applications with integrated functional safety (FS):
Service pack 02: April 2012
NC software 606 42x-02 service pack 01 was not approved for applications
with integrated functional safety (FS).
1.1.2 NC software versions released for the TNC 640
The following software versions were released for applications with integrated
functional safety (FS):
340 59x-01: April 2012
Controls using integrated functional safety (FS) from HEIDENHAIN are to
be operated only with software versions that are identified by FS in their
names in the HESIS-Web including Filebase directories of your control.
Software versions that are not identified by FS in their names in the HESISWeb including Filebase directories of your control are not approved for use
in applications with integrated functional safety (FS).
April 2012 1.1 Overview 25
1.2 Notes
1.2.1 NC software 340 59x-01, 606 42x-02 SP 02
Protection against unexpected start-up
Up to now, the protection against unexpected start-up was disabled by
pressing a valid permissive button/key, which sets the interface signal
pp_AxGrpPB to 1. With software versions 340 59x-01 and 606 42x02 SP 02, the same behavior is enabled for the interface signal
pp_AxGrpActivate, which disables the activation of the protection against
unexpected startup if it is set to 1. As a result, the automatic transition to
SOS/STO state (transition from SLS --> SOS) is also prevented at feed rates
< 50 mm/min by merely pressing an axis key (pp_AxGrpActivate = 1).
SMP549.x is effective only for the axis group of the spindles
The setting in SMP549.x is effective only for the axis group of the spindles.
SMP549.x does not take effect for axis groups of NC or PLC axes.
SMP (iTNC 530): SMP549.x
Description: Axis-group-specific configuration defining whether
the axis group of the spindle is to be switched to SOS
instead of STO after SS1D or SS2 has been triggered
(used for lathes).
Input: 0: Default (spindle in STO, axes in SOS)
1: Axis group of the spindle in STO upon SS1D or SS2
2: Axis group of the spindle in SOS upon SS1D or SS2
Default value: 0
1.2.2 General information
Use of non-HEIDENHAIN encoders for safe axes/spindles for
Basic circuit diagram – leading main-switch contact
HEIDENHAIN control systems with functional safety (FS)
HEIDENHAIN cannot make any statement regarding the use of nonHEIDENHAIN encoders for the safe monitoring of axes/spindles in control
systems with functional safety (FS). Your contact person at HEIDENHAIN
will be glad to assist you in finding suitable HEIDENHAIN encoders for your
safe applications.
The leading main-switch contact that is proposed in the present
HEIDENHAIN basic circuit diagram is only intended for electrical protection
of the machine's main switch. The leading contact opens the main contactor
in the UV(R) before the main switch separates the connection to the power
line. This means that the main switch always separates the connection
while the system is not under power, even if the user accidentally switches
off the machine via the main switch while the drives are still in closed-loop
control. When using a leading contact, please keep in mind the associated
residual risks described in Chapter 4.11 of the Functional Safety (FS)
Technical Manual.
HEIDENHAIN merely wanted to point out that there is the possibility of
using a leading contact. However, you need not use a leading contact. It will
be omitted from the future versions of the basic circuit diagram. Without
this contact, the control behaves in the same way as during a power failure
when it is switched off via the main switch, i.e. the drives are decelerated
at the limit of current upon switch-off.
26 HEIDENHAIN Technical Manual Functional Safety (FS)
1.3 NC software 340 59x-01 (TNC 640)
1.3.1 Notes
Missing functions The following functional safety (FS) functions are not contained in software
version 340 59x-01 of the TNC 640 in comparison with software version
606 42x-02 of the iTNC 530:
New "SPlcApiMarker.def version 56" definition file
The TNC 640 with software version 01 is still using SPlcApiMarker.def
version 55.
Standstill monitoring of the spindle upon SS2 (SMP556, SMP557,
SMP558)
Operating-mode-specific monitoring of the SS2 reaction of the spindle is not
yet possible with the TNC 640. In every SOM_x operating mode, the
TNC 640 uses the entry in SMP distLimitStop2 for SS2 monitoring of the
spindle.
Sequence for approaching the test positions
On the iTNC 530, the axis sequence of the soft keys for approaching the
test positions can be configured using MP1310. This is not yet possible on
the TNC 640 with software version 01.
Handwheels
The HR 5xx handwheels with display are not yet supported by software
version 01 of the TNC 6xx.
Software version 340 59x-01 of the TNC 640 is identical to software version
606 42x-02 of the iTNC 530 HSCI in all other functional safety (FS) functions.
SPLC program Please note that an SPLC program of the iTNC 530 needs to be modified for
use on the TNC 640. In particular, the spindle index in the SPLC program is
different. With the iTNC 530, the spindle is always assigned to the last index
(this is index 22 in SPlcApiMarker.def version 56). With the TNC 640, the
spindle is assigned to the index defined via axisList.
Documentation The previous Functional Safety (FS) Technical Manual for the iTNC 530 HSCI
was enhanced with regard to the TNC 640. This Technical Manual covers both
controls. Differences that need to be kept in mind are indicated in this Update
Information and in the Technical Manual (e.g. machine parameters of the
TNC 640 are identified by "NCK-SMP:".)
April 2012 1.3 NC software 340 59x-01 (TNC 640) 27
28 HEIDENHAIN Technical Manual Functional Safety (FS)
2 Introduction
Danger
Attention
Note
2.1 Meaning of the symbols used in this manual
Failure to comply with this information could result in most serious or fatal
injuries, and/or in substantial material damage.
Failure to comply with this information could result in injuries and
interruptions of operation, including material damage.
Tips and tricks for operation as well as important information, for example
about standards and regulations as well as for better understanding of the
document.
April 2012 2.1 Meaning of the symbols used in this manual 29
2.2 Warnings
Danger
The functional safety as provided by HEIDENHAIN only handles the safety
functions stated and described in this manual. Functional safety can reduce
the inherent risks of machine tools. However, it is impossible to implement
safety measures that ensure that nothing will ever go wrong with a
machine tool.
In order for functional safety to take effect, the machine manufacturer must
do the following:
Verify the theoretical and actual setup of the machine tool, the necessary
(S)PLC programs and the machine-parameter settings with a thoroughly
documented acceptance test. This acceptance test must be performed
by qualified personnel.
Thoroughly understand the information contained in this manual and
other documentation for the control and other electronic components
being used (such as inverters and motors), as well as understand and
enforce the safety instructions, constraints and relevant standards.
Draw up a risk analysis, as required by the EC machinery directive.
implement all measures deemed necessary based on the risk analysis of
the machine. These measures may be implemented as a part of
functional safety, or with other suitable equipment or procedures. All
measures must be validated.
30 HEIDENHAIN Technical Manual Functional Safety (FS)
Loading...