Description of Functions 11.03 Edition sinumerik & simodrive SINUMERIK Safety Integrated SINUMERIK 840D SIMODRIVE 611 digital SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated Short description 1 General Information about Integrated Safety Systems 2 Safety-Related Functions 3 Data Description 4 Commissioning 5 Alarms 6 Engineering Examples 7 Application Examples 8 Appendix A Description of Functions Valid for Index Control Software version SINUMERIK 840D/SIMODRIVE 611 digital 6.4 Edition 11.03 I SINUMERIK(R) Documentation Printing history Brief details of this edition and previous editions are listed below. The status of each edition is indicated by the code in the "Remarks" columns. Status code in the "Remarks" column: A .... B .... C .... New documentation. Unrevised reprint with new Order No. Revised edition with new status. If factual changes have been made on the page since the last edition, this is indicated by a new edition coding in the header on that page. Edition 04.96 08.97 04.99 05.00 07.02 11.03 Order No. 6FC5 297-0AB80 - 0BP0 6FC5 297-0AB80 - 0BP1 6FC5 297-5AB80 - 0BP0 6FC5 297-5AB80 - 0BP0 6FC5 297-6AB80 - 0BP1 6FC5297-6AB80 - 0BP2 Remarks A C C C C C This manual is also included in the documentation on CD-ROM (DOCONCD) Edition 10.03 Order No. 6FC5 298-6CA00-0BG4 Remarks C Trademarks SIMATIC(R), SIMATIC HMI(R), SIMATIC NET(R), SIROTEC(R), SINUMERIK(R) and SIMODRIVE(R) are registered trademarks of Siemens AG. Other names in this publication might be trademarks whose use by a third party for his own purposes may violate the rights of the registered holder. More information is available on the Internet at: http://www.ad.siemens.com/sinumerik Other functions not described in this documentation might be executable in the control. This does not, however, represent an obligation to supply such functions with a new control or when servicing. This publication was produced with WinWord V8.0 and Designer V7.0 and the documentation tool AutWinDoc. We have checked that the contents of this document correspond to the hardware and software described. Nevertheless, differences might exist and therefore we cannot guarantee that they are completely identical. The information given in this publication is reviewed at regular intervals and any corrections that might be necessary are made in subsequent editions. We welcome all recommendations and suggestions. The reproduction, transmission or use of this document or its contents is not permitted without express written authority. Offenders will be liable for damages. All rights, including rights created by patent grant or registration or a utility model or design, are reserved. Subject to change without prior notice (c) Siemens AG 2003. All rights reserved. Order No. 6FC5297-6AB80-0BP2 Printed in the Federal Republic of Germany Siemens-Aktiengesellschaft. 11.03 Foreword Foreword Structure of the Documentation The SINUMERIK documentation is organized in 3 parts: * General Documentation * User Documentation * Manufacturer/Service documentation You can obtain more detailed information and documentation about SINUMERIK 840D/810D as well as documentation for all SINUMERIK controls from your local SIEMENS office. Target group This documentation is intended for manufacturers/end users of machine tools and production machines who use SINUMERIK 840D and SIMODRIVE 611 digital and integrated safety functions (SINUMERIK Safety Integrated). Hotline If you have any questions, please contact our hotline: A&D Technical Support Phone.: +49 (0) 180 / 5050 - 222 Fax: +49 (0) 180 / 5050 - 223 E-mail: ad.support@siemens.com Please send any queries about the documentation (suggestions or corrections) to the following fax number or email address: Fax: +49 (0) 9131 / 98 -2176 E-mail: motioncontrol.docu@erlf.siemens.de Fax form: Refer to the reply form at the end of the document. SINUMERIK Internet Address http://www.ad.siemens.com/sinumerik SINUMERIK 840D powerline From 09/2001 * SINUMERIK 840D powerline and * SINUMERIK 840DE powerline will be available with improved performance. The following hardware description contains a list of the available powerline modules: References: /PHD/ SINUMERIK 840D Configuration Manual Objective This Description of Functions provides all of the information about the safety functions integrated in the SINUMERIK 840D and SIMODRIVE 611 digital that may be relevant for start-up and configuration. Standard scope The main areas covered by this Description of Functions are as follows: * General information about integrated safety systems (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 v Foreword 11.03 * Description of safety functions * Lists and description of all signals and data * Start-up * Description of alarms * One example configuration. User-oriented activities such as the creation of parts programs and control operating procedures are described in detail in separate documents. Separate descriptions are likewise provided for the tasks to be performed by the tool manufacturer such as configuring, installation and PLC programming. Notes on how to use this manual The following reference guides are provided in this Description of Functions: * Overall table of contents * Table of contents for each chapter * Appendix with list of abbreviations and references * Index If you need information about a certain term, please look in the Appendix of the Chapter Index for the particular term. Both the chapter number and the page number where you will find the information you need are listed in this chapter. Documentation with Edition date 08.97 Note Documentation with Edition date 08.97 describes the scope of functions of the following products and SW versions: SINUMERIK 840D/611 digital with software version 4.2 SINUMERIK 840C/611 digital with software version 6.1 The following functions added since 04.96 Edition are described in 08.97 Edition for SINUMERIK 840D/611 digital Table 0-1 New functions described in 08.97 Edition Serial no. New functions in SINUMERIK 840D/611 digital, SW 4.2 and higher 1 Override for safely reduced velocity 2 Safe braking ramp 3 Safe speed oriented stop responses 4 Safe speed oriented setpoint limits 5 Safe cams for endlessly turning rotary axes 6 Modulo display of safe actual value for rotary axes 7 Synchronization of cam SGAs 8 SGA "n < nx" 9 SGA "SBH active" 10 SGA "SG active" 1) 11 Deletion of zero speed position for SBH/SG axes 1) 12 Encoder limit frequency 300 kHz 13 Acceptance report (not a function) Notes: 1) available from SW 3.6 Documentation with Edition date 04.99 vi Note (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Foreword Documentation with Edition date 04/99 describes the scope of functions of the following products and SW versions: SINUMERIK 840D/611 digital with software version 4.4.18 The following table lists the main functions for SINUMERIK 840D/611 digital added since 08.97 Edition: Table 0-2 Serial no. 1 2 Documentation with Edition date 05.00 New functions described in 04/99 Edition New functions in SINUMERIK 840D/611 digital, SW 4.4.18 and higher External STOPs Safe programmable logic (SPL) Note The documentation with Edition date 05.00 describes the scope of functions of the following products and software version: SINUMERIK 840D with software version 5.3 SIMODRIVE 611 digital with software version 5.1 The following functions added since 04.99 Edition are described in 05.00 Edition for SINUMERIK 840D/611 digital: Table 0-3 Serial No. 1 2 3 4 5 Documentation with Edition date 03.01 New functions described in 05.00 Edition New functions in SINUMERIK 840D/611 digital SPL expansions (Chapter 3) Drive systems with slip (Chapter 3) Setpoint velocity limiting (Chapter 3) Engineering examples (Chapter 7), extended Application examples (Chapter 8), extended Note The documentation with Edition date 03.01 describes the scope of functions of the following products and software version: SINUMERIK 840D with software version 6.1 SIMODRIVE 611 digital with software version 5.1.10 The following functions added since the 04.99 Edition are described in the 03.01 Edition for SINUMERIK 840D/611 digital: Table 0-4 Serial No. 1 2 3 4 5 New functions described in 03.01 Edition New functions in SINUMERIK 840D/611 digital SPL start without axial safety enable (Chapter 3) New system variables (Chapter 3) Actual value crosswise data comparison error (Chapter 3) Additional machine data (Chapter 4) Additional alarms (Chapter 6) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 vii Foreword 11.03 Documentation with Edition date 04/02 Note The documentation with Edition date 07.02 describes the scope of functions of the following products and software version: SINUMERIK 840D with software version 6.3.21 SIMODRIVE 611 digital with software version 5.1.14 The following functions added since the 03.01Edition are described in the 07.02 Edition for SINUMERIK 840D/611 digital: Table 0-5 Serial No. 1 2 3 4 5 6 Documentation with Edition date 11/03 New functions described in 07.02 Edition New functions in SINUMERIK 840D/611 digital NCU onboard I/Os (Chapter 3) NC internal pulse disable (Chapter 3) SPL module brake test, safe brake test (Chapter 8) Disable SPL module (SW relay) (Chapter 3) Improved diagnostics (Chapter 5) PROFIsafe (Chapter 3) Note The documentation with Edition date 11.03 describes the scope of functions of the following products and software version: SINUMERIK 840D with software version 6.4 The following functions added since the 07.02 Edition are described in the 11.03 Edition for SINUMERIK 840D/611 digital: Table 0-6 Serial No. 1 2 3 4 New functions described in 11.03 Edition New functions in SINUMERIK 840D/611 digital ProgEvent (Chapter 3.10.10) STOP E (Chapter 3) Acceptance test support (Chapter 5.4) Drive bus failure (Chapter 3.13) Ordering data option In this documentation you will find the symbol shown on the left with a reference to an ordering data option. The function described will only be able to be used if the control contains the designated option. Danger and warning concept ! viii The following danger and warning symbols are used in this document. Explanation of symbols used: Danger This symbol indicates that death, severe personal injury or substantial property damage will result if proper precautions are not taken. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Foreword ! Warning ! Caution This symbol indicates that death, severe personal injury or substantial property damage may result if proper precautions are not taken. This symbol (with a warning triangle) indicates that minor injury or damage to property may result if proper precautions are not taken. Caution This symbol (without a warning triangle) indicates that damage to property may result if proper precautions are not taken. Notice This symbol indicates that an undesirable result or state may result if proper precautions are not taken. Other Information ! Important This notice indicates important facts that must be taken into consideration. Note Always appears in this document where further, explanatory information is provided. Technical Information Trademarks IBM is a registered trademark of the International Business Corporation. MS-DOS and WINDOWSTM are registered trademarks of the Microsoft Corporation. Type-examination certificate sign A type-examination certificate from the German Institute for Occupational Safety (BIA) has been granted to the SINUMERIK 840D/DE with Safety Integrated. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 ix Foreword 11.03 Fig. 0-1 x Type-examination certificate symbol for SINUMERIK 840D/611 digital (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Foreword Type-examination certificate for SINUMERIK 840D/ 611 digital Fig. 0-2 Type-examination certificate for SINUMERIK 840D and 840DE with SIMODRIVE 611 digital SINUMERIK(R) Safety Integrated The appendices to the type-examination certificate are not included in this document. If you require any data from this Appendix, please contact the department named on the Corrections/Suggestions sheet (last page). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 xi Foreword xii 11.03 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Contents Contents 1 Short Description.................................................................................................... 1-19 2 General Information about Integrated Safety Systems........................................ 2-23 2.1 Drives and CNC controls with integrated safety .......................................... 2-25 2.1.1 Standards and Directives...................................................................... 2-26 2.1.2 Requirements from the EC Directives................................................... 2-27 2.1.3 Relevant Safety Standards ................................................................... 2-28 2.1.4 Hazard analysis and risk assessment................................................... 2-28 2.1.5 EC-type examination according to the Machinery Directive .................. 2-29 2.1.6 Product liability law ............................................................................... 2-29 2.2 Test, certification......................................................................................... 2-30 2.3 Terminology from EN 292-1........................................................................ 2-30 2.4 Position paper of the working group (WG) 226.03 in the German Electrotechnical Commission (DKE) ........................................................... 2-31 2.5 Technical Bulletin about vertical axes from the German Trade Association 2-31 2.6 Basics of SINUMERIK Safety Integrated .................................................... 2-32 2.6.1 Control category 3 ................................................................................ 2-32 2.6.2 Basic features of SINUMERIK Safety Integrated .................................. 2-33 2.6.3 Forced checking procedure .................................................................. 2-33 2.6.4 Monitoring clock cycle and crosswise data comparison clock cycle...... 2-35 2.6.5 User agreement .................................................................................... 2-35 2.7 Increasing the availability using integrated safety technology ..................... 2-38 2.8 Overview of the safety-related functions ..................................................... 2-39 2.9 System prerequisites .................................................................................. 2-40 2.9.1 Order numbers .................................................................................... 2-41 2.10 Customer Support..................................................................................... 2-43 2.11 Powering the control up and down............................................................ 2-45 2.12 Error analysis............................................................................................ 2-46 2.13 Others....................................................................................................... 2-51 2.13.1 Applications 2-51 2.13.2 Information for OEM users.................................................................... 2-52 2.13.3 Overtemperature .................................................................................. 2-53 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition xiii Contents 11.03 3 Safety-Related Functions....................................................................................... 3-55 3.1 Basic mechanisms of SI functions .............................................................. 3-57 3.1.1 Safe standstill - disconnecting the energy feed .................................... 3-57 3.1.2 Shutdown paths .................................................................................... 3-58 3.1.3 Testing the shutdown paths.................................................................. 3-61 3.1.4 Overview of the machine data for the shutdown paths ......................... 3-67 3.1.5 Stop responses .................................................................................... 3-67 3.1.6 Overview of the machine data for stop responses ................................ 3-76 3.2 External STOPs .......................................................................................... 3-77 3.2.1 Test stop for external STOPs................................................................ 3-80 3.2.2 Overview of the machine data for the "external STOPs" function ......... 3-84 3.3 Safe standstill (SH) ..................................................................................... 3-85 3.3.1 Overview of the machine data for the SH function ................................ 3-86 3.4 Safe operating stop (SBH) .......................................................................... 3-86 3.4.1 Selecting/de-selecting safe operating stop ........................................... 3-87 3.4.2 Effects when the limit is exceeded for SBH .......................................... 3-90 3.4.3 Overview of the machine data for the SBH function.............................. 3-91 3.5 Safely-reduced speed (SG) ........................................................................ 3-92 3.5.1 Selecting/de-selecting the safely-reduced speed.................................. 3-94 3.5.2 Limiting the setpoint speed ................................................................... 3-96 3.5.3 Safely-reduced speed when using selector gearboxes......................... 3-97 3.5.4 Effects when the limit value is exceeded for SG ................................... 3-98 3.5.5 SG-specific stop responses .................................................................. 3-99 3.5.6 Override for safely-reduced speed........................................................ 3-100 3.5.7 Example: Override for safely-reduced speed........................................ 3-102 3.5.8 Application examples for SG ................................................................ 3-103 3.5.9 Examples for safe input of ratios........................................................... 3-103 3.5.10 Overview of the machine data for the function SG................................ 3-110 3.6 Safe software limit switches (SE)................................................................ 3-111 3.6.1 Effects when an SE responds............................................................... 3-112 3.6.2 Overview of the machine data for the SE function ................................ 3-114 3.7 Safe software cams (SN) ............................................................................ 3-115 3.7.1 Effects when SN reponds ..................................................................... 3-119 3.7.2 Application example for "safe software cams" ...................................... 3-120 3.7.3 Overview of machine data for the SN function...................................... 3-123 3.8 Safe braking ramp (SBR) (840D from SW 4.2) ........................................... 3-124 3.8.1 Overview of the machine data for SBR ................................................. 3-126 3.9 Safety-related input/output signals (SGE/SGA) .......................................... 3-127 3.9.1 Signal processing for the NCK monitoring channel............................... 3-132 3.9.2 Signal processing in the drive monitoring channel ................................ 3-134 3.9.3 Overview of the machine data for SGE/SGA ........................................ 3-135 3.10 Safe programable logic (SPL) (840D SW 4.4.18)...................................... 3-136 3.10.1 NCK-SPL program................................................................................ 3-139 3.10.2 Starting the NCK-SPL using the PROG_EVENT mechanism (from SW 6.4.15) .................................................................................. 3-141 xiv (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition 11.03 Contents 3.10.3 3.10.4 3.10.5 3.10.6 3.10.7 3.10.8 3.10.9 3.10.10 Starting the NCK-SPL from the PLC user program............................... 3-144 Linking the NCK-SPL to the I/O and monitoring channel ...................... 3-145 Diagnostics/commissioning .................................................................. 3-147 Safe software relay (from SW 6.3.30) ................................................... 3-148 System variables for SINUMERIK 840D ............................................... 3-153 Behavior after POWER ON/operating mode change/reset ................... 3-155 SPL data on the PLC side .................................................................... 3-156 Direct communications between the NCK and PLC-SPL (from SW 6.3.30) .................................................................................. 3-158 3.10.11 PLC data block (DB 18) ........................................................................ 3-160 3.10.12 Forced checking procedure of SPL signals........................................... 3-164 3.11 Encoder mounting arrangements.............................................................. 3-168 3.11.1 Encoder types 3-168 3.11.2 Adjustment, calibration, axis states and historical data......................... 3-170 3.11.3 Overview of the data for mounting encoders ........................................ 3-174 3.11.4 Actual value synchronization (slip for 2-encoder systems with SW 5.2 and higher)........................................................................ 3-175 3.11.5 Application: Spindle with two encoders and drive with slip (SW 5.2 and lower) ................................................................................ 3-176 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) ............................................................................. 3-179 3.12.1 Description of functions ........................................................................ 3-179 3.12.2 Available fail-safe modules ................................................................... 3-180 3.12.3 System prerequisites ............................................................................ 3-181 3.12.4 System structure................................................................................... 3-182 3.12.5 Configuring and parameterizing the ET 200S F-I/O .............................. 3-183 3.12.6 Parameterizing SINUMERIK 840D NCK............................................... 3-188 3.12.7 Parameterizing the SINUMERIK 840D PLC ......................................... 3-195 3.12.8 Response times .................................................................................... 3-196 3.12.9 Functional limitations ............................................................................ 3-196 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) . 3-198 3.13.1 Behavior of the axial NCK monitoring channel...................................... 3-198 3.13.2 Behavior without NCK-SPL................................................................... 3-199 3.13.3 Behavior with NCK-SPL........................................................................ 3-199 3.13.4 Behavior of the drive monitoring channel.............................................. 3-200 3.13.5 SGE/SGA processing in the PLC.......................................................... 3-201 3.13.6 Limitations .................................................................................... 3-201 3.13.7 Examples .................................................................................... 3-201 4 Data Descriptions ................................................................................................... 4-205 4.1 Machine data .............................................................................................. 4-206 4.1.1 Overview of the machine data .............................................................. 4-206 4.1.2 Description of the machine data ........................................................... 4-208 4.2 Machine data for SIMODRIVE 611 digital ................................................... 4-240 4.2.1 Overview of the machine data .............................................................. 4-240 4.2.2 Description of the machine data ........................................................... 4-242 4.3 Interface signals.......................................................................................... 4-255 4.3.1 Interface signals for SINUMERIK 840D ................................................ 4-255 4.3.2 Description of the interface signals ....................................................... 4-256 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition xv Contents 11.03 4.4 System variable .......................................................................................... 4-263 4.4.1 System variable for SINUMERIK 840D................................................. 4-263 4.4.2 Description of the system variables ...................................................... 4-266 5 Commissioning....................................................................................................... 5-273 5.1 Commissioning SINUMERIK 840D ............................................................. 5-275 5.1.1 Commissioning procedure .................................................................... 5-275 5.1.2 First commissioning .............................................................................. 5-276 5.1.3 Series commissioning........................................................................... 5-279 5.1.4 Upgrading software .............................................................................. 5-280 5.1.5 Changing data .................................................................................... 5-280 5.2 Acceptance report....................................................................................... 5-282 5.3 Conventional acceptance test ..................................................................... 5-286 5.4 NCK acceptance test support ..................................................................... 5-288 5.4.1 Scope of the test list ............................................................................. 5-289 5.4.2 Internal mechanisms to support the test procedure .............................. 5-290 5.4.3 Trace techniques .................................................................................. 5-292 5.4.4 Basic operating information and instructions ........................................ 5-293 5.5 Diagnostics ................................................................................................. 5-294 5.5.1 Troubleshooting procedure................................................................... 5-294 5.5.2 Diagnostics support by configuring your own extended alarm text........ 5-298 5.5.3 Servo trace bit graphics for Safety Integrated ....................................... 5-301 5.5.4 Bit graphics for SI signals in the servo trace ......................................... 5-304 6 Alarms ..................................................................................................................... 6-309 6.1 Alarms for SINUMERIK 840digital .............................................................. 6-310 6.2 Alarms from SIMODRIVE 611 digital .......................................................... 6-343 6.3 Alarm suppression ...................................................................................... 6-355 7 Configuring example .............................................................................................. 7-359 7.1 General information on engineering............................................................ 7-360 7.2 Circuit examples ......................................................................................... 7-361 7.2.1 Control and drive components .............................................................. 7-362 7.2.2 Engineering .................................................................................... 7-363 7.3 Safety Integrated with SPL ......................................................................... 7-365 7.3.1 Start configuration in the OB100........................................................... 7-367 7.3.2 Starting the NCK-SPL and PLC-SPL .................................................... 7-368 7.3.3 Declaring variables ............................................................................... 7-371 7.3.4 Connecting-up the drives...................................................................... 7-379 7.3.6 Test stop .................................................................................... 7-388 7.3.7 Protective door interlocking .................................................................. 7-397 7.3.8 De-selecting SBH via the key-operated switch ..................................... 7-398 7.3.9 SG changeover .................................................................................... 7-400 xvi (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition 11.03 Contents 7.3.10 NCK-SPL 7.3.11 PLC blocks 7.3.12 Appendix .................................................................................... 7-401 .................................................................................... 7-403 .................................................................................... 7-410 7.4 Safety Integrated without SPL .................................................................... 7-413 7.4.1 Connecting-up the drives...................................................................... 7-413 7.4.2 EMERGENCY STOP and connecting-up the I/R module...................... 7-414 7.4.3 Test stop .................................................................................... 7-416 7.4.4 Protective door interlocking .................................................................. 7-417 7.4.5 De-selecting SBH using the key-operated switch/SG changeover using the door safety contactor ............................................................. 7-418 7.5 External STOPs .......................................................................................... 7-420 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP ..................... 7-424 7.6.1 Functional scope of the application....................................................... 7-424 7.6.2 Connecting-up the sensors and actuators ............................................ 7-424 7.6.3 Individual application functions ............................................................. 7-428 7.6.4 Configuring and connecting-up the ET200S I/O.................................... 7-429 7.6.5 Parameterizing the Sinumerik 840D NCK............................................. 7-434 7.6.6 Programming the NCK-SPL.................................................................. 7-435 7.6.7 Programming the PLC-SPL .................................................................. 7-438 7.6.8 Modified limitations with PROFIsafe ..................................................... 7-441 8 Application examples ............................................................................................. 8-443 8.1 Conventional brake control (single-channel from the PLC) ......................... 8-444 8.2 Two-channel brake control with SI (SPL) .................................................... 8-445 8.3 Testing the function of the brake mechanical system.................................. 8-450 8.3.1 Applications .................................................................................... 8-450 8.3.2 Parameterization .................................................................................. 8-450 8.3.3 Sequence .................................................................................... 8-452 8.3.4 Limitations .................................................................................... 8-455 8.3.5 Activating .................................................................................... 8-455 8.3.6 Examples .................................................................................... 8-456 8.4 Safe cams at the modulo limit ..................................................................... 8-457 8.5 SPL functionality without real drives ........................................................... 8-464 8.6 Direction detection when retracting from SE ............................................... 8-466 8.7 Replacing a motor or encoder..................................................................... 8-469 8.8 Example for combining SI with ESR ........................................................... 8-473 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition xvii Contents 11.03 A Appendix................................................................................................................. A-477 A.1 Index of abbreviations ................................................................................ A-477 A.2 List of References. ..................................................................................... A-483 A.2.1 List of references, general .................................................................... A-483 A.2.2 List of references for SINUMERIK 840D............................................... A-484 A.2.3 List of References for SIMODRIVE 611................................................ A-485 I Index ......................................................................................................................... I-487 I.1 Keyword index ............................................................................................. I-487 xviii (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition 11.03 1 Short Description 1 Short Description 1 SINUMERIK Safety Integrated(R) provides safety functions that have been certified in an EC type examination. These functions can be used to implement practical and highly effective protective measures for operating personnel and machinery. With the exception of the brake test (control Category 2, refer to Chapter 8.3 "Function test of the mechanical braking system"), all of the safety functions fulfill the requirements of control Category 3 according to EN 954-1 and are a fixed component of the basic system. No additional sensors or evaluation units are needed. This means less installation time and costs at the machine and a more transparent electrical cabinet. Included in the scope of functions are: * Functions for safe monitoring of speed, zero speed and position and * Functions for safe logical combination of signals. Direct connection of two-channel I/O signals It is now possible to connect sensors and actuators, for example EMERGENCY STOP buttons, light barriers, valves and brakes, directly to the two-channel I/Os. Logic operations and responses are performed internally using safetyrelated technology. Highly effective safety concept Fully-digital systems now make it possible to implement safety-relayed technology in which electronics and software play the major role. Full integration into the control and drive technology means that the safety functions are now an inseparable part of the basic system. They provide a previously unknown, intelligent and direct link right through the system to the electric drives and measuring system. Reliable operation, fast response and wide acceptance mean that this certified safety concept is extremely effective. Redundant configuration of the safety function A two-channel, diverse system structure has been formed on the basis of the existing multi-processor structure. The safety functions have been configured redundantly in the NC, drive and internal PLC. The process variables and safety-relevant system data are subject to crosswise data monitoring. Safety-relevant software and hardware functions are checked by an automatic forced checking procedure at defined intervals. The special feature of this safety concept: Using SINUMERIK Safety Integrated(R), with only one measuring system - the standard motor measuring system - control Category 3 according to EN 954-1 (SIL2) (IEC 61508) can be implemented. A second sensor is not necessary but can be added as an additional, direct measuring system (e.g. linear scale). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 1-19 1 Short Description 11.03 Acquisition Evaluation Bus I/O Reaction PLC computer Type 3 Cross-check of data and results Feedback singals Bus I/O NC computer Type 1 Cross-check of data and results Signal incremental encoder or absolute Mastering extreme conditions professionally Drive computer Type 2 Pulse disable paths Drive power section Feedback singals All safety-relevant errors in the system always cause potentially hazardous movement to be brought to a standstill or the motor to be disconnected from the power supply. The necessary disconnection of the converter from the motor is contactless and can be initiated on an axis-for-axis basis with a very short response time. The drive DC link does not have to be discharged. The drives are brought to a standstill in the optimum way, adapted to the operating conditions of the machine. For example, each axis can be brought to a standstill separately in the setting-up mode when the protective door is open. This means a high degree of protection for the personnel during set-up and additional protection of the machine, tool and workpiece in the automatic mode. Activation of external braking mechanisms supplements the integrated functions and results in the shortest possible braking distance with safe standstill. External braking mechanisms might be: * An external mechanical brake A holding or operational brake * An external electrical brake Armature short-circuiting or eddy-current brake. Scope of functions The safety functions are available in all modes and can communicate with the process using safety-related input/output signals. 1-20 * Safe standstill A monitoring function or sensor (e.g. light barrier) responds and brings a moving drive to a standstill. * Safe operating stop (SBH) Monitors the drives during standstill within a settable tolerance window. The drives remain fully functional in closed-loop position control. * Safe standstill (SH) Drive pulses are cancelled so that the energy feed is safely and electronically disconnected. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 1 Short Description * Safely-reduced speed (SG) Configured speed limits are monitored, e.g. when setting-up without agreement button * Safe software limit switch (SE) Variable traversing range limits, can be configured on an axis-for-axis basis * Safe software cam range detection (SN) * Safety input/output signals, interface to process * Safe programmable logic (SPL) All of the safety-relevant signals and internal logic are directly connected * SG-specific setpoint limitation * Safe brake management (SBM) Two-channel brake control and cyclic brake test * Safety-relevant communication via standard bus connection of distributed I/Os for process and safety signals via PROFIBUS using the PROFIsafe protocol * Safety-relevant software relay (SI relay) This is designed for requirements of an EMERGENCY STOP with safe programmable logic and similar requirements. Note The function "safe software limit switch" SE is also called "safe limit position" and the function "safe software cams" (SN) is also called "safe cams". Innovative safety technology setting new standards SINUMERIK Safety Integrated(R) has already been implemented successfully in many thousands of machines of many different types - also outside Europe. National product liability laws and standardized concepts of companies operating worldwide mean that the requirements of the EC Machinery Directive can also be fulfilled for the world market. It has been proven that new practical machine operation concepts can be implemented with this innovative safety technology. The result is a new standard for machines which makes them safer and more flexible to use and which increases the availability of the entire plant. Effective cooperation and competent partners The new safety concept is the result of close cooperation between the "Iron and Metal II" Technical Committee of the German Employer's Liability Assurance Association in Mainz, the German Institute for Occupational Safety in St. Augustin and Siemens AG in Erlangen, Germany. The advantages at a glance Highly effective and practical operator and machine protection with SINUMERIK Safety Integrated(R). This innovative safety technology enables: * Higher efficiency * Higher economic efficiency * Higher flexibility (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 1-21 1 Short Description 11.03 * 1-22 Higher plant availability. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety 2 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety .......................................... 2-25 2.1.1 Standards and Directives...................................................................... 2-26 2.1.2 Requirements from the EC Directives................................................... 2-27 2.1.3 Relevant Safety Standards ................................................................... 2-28 2.1.4 Hazard analysis and risk assessment................................................... 2-28 2.1.5 EC-type examination according to the Machinery Directive .................. 2-29 2.1.6 Product liability law ............................................................................... 2-29 2.2 Test, certification......................................................................................... 2-30 2.3 Terminology from EN 292-1........................................................................ 2-30 2.4 Position paper of the working group (WG) 226.03 in the German Electrotechnical Commission (DKE) ........................................................... 2-31 2.5 Technical Bulletin about vertical axes from the German Trade Association 2-31 2.6 Basics of SINUMERIK Safety Integrated .................................................... 2-32 2.6.1 Control category 3 ................................................................................ 2-32 2.6.2 Basic features of SINUMERIK Safety Integrated .................................. 2-33 2.6.3 Forced checking procedure .................................................................. 2-33 2.6.4 Monitoring clock cycle and crosswise data comparison clock cycle...... 2-35 2.6.5 User agreement .................................................................................... 2-35 2.6.6 Enabling safety-related functions.......................................................... 2-36 2.7 Increasing the availability using integrated safety technology ..................... 2-38 2.8 Overview of the safety-related functions ..................................................... 2-39 2.9 System prerequisites ......................................................................... 2-40 2.9.1 Order numbers .................................................................................... 2-41 2.10 Customer Support ......................................................................... 2-43 2.11 Powering the control up and down............................................................ 2-45 2.12 Error analysis ......................................................................... 2-46 2.13 Others ......................................................................... 2-51 2.13.1 Applications .................................................................................... 2-51 2.13.2 Information for OEM users.................................................................... 2-52 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-23 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety 11.03 2.13.3 Overtemperature .................................................................................. 2-53 2-24 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety 2.1 Drives and CNC controls with integrated safety Extract from /6/ "...For the protection of persons from hazardous motion, safety measures must be implemented on machines. They are intended to prevent hazardous machine motion while the protective devices are open. These functions include monitoring positions, e.g. final positions, monitoring velocities and standstill, or stopping in hazardous situations. For the technical implementation of safety measures up until now, mainly external equipment and devices have been used. These include contactors, switches, cams, and monitoring devices. If a hazardous situation is detected, these devices generally initiate a contact switching operation in the power circuit thus causing the motion to stop (Fig. 2-1). With the integration of safety functions, drive systems and CNC controls perform safety functions in addition to their functional tasks. Very short response times can be achieved because of the short data paths from acquisition of the safety-relevant information, e.g. speed or position, to evaluation. The systems with integrated safety technology generally respond very quickly when the permissible limit values are violated, e.g. position and velocity limit values. They can be of decisive importance for the required monitoring result. The integrated safety technology can directly access the power semiconductors in the drive controller without the use of electromechanical switching devices in the power circuit. This helps reduce the susceptibility to faults - and integration also reduces cabling..." External safety technology Drive control Drive control CNC Integrated safety technology External safety technology M M EXT_INT.DSF Fig. 2-1 External safety technology, integrated switching technology (taken from /6/) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-25 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety 2.1.1 11.03 Standards and Directives Extract from /6/ "...The European Machinery Directive applies to all machines /1/. The minimum requirements are defined in Appendix I of the Directive. These are defined more precisely by the European harmonized standards. However, Standards have not been drawn-up for all types of machines. For machine tools for metal working, robots, and automatic manufacturing systems, some Draft Standards and final Standards do exist (Table 2-1). In many cases, Category 3 acc. to EN 954-1 is defined in these Standards for the safety-related controls. /4/ contains a comparison for implementation of various control categories according to EN 954-1 using different technologies. The basic requirement of this category is: Single-fault fail-safety with partial fault recognition. As regards the electronics in general and electric drives in particular, EN 954-1 does not contain any special requirements. A working group of the German Electrotechnical Commission has therefore drawn-up a position document that describes the most important safety functions of electric drive systems in machines and defined the requirements to implement the various Categories according to EN 954-1 /2/. This position document is to be transformed into a draft Standard..." The description of the most important safety functions of electrical drive systems in machines is contained in Chapter 4, "Function description". "...The electrical drive system includes hardware and software components that influence the movement of the machine. Possible components are e.g.: electronic controls, closed-loop control components, drive motors, power and data cables and parts. They can also be part of the CNC control..." Table 2-1 Overview of safety-relevant controls in C Standards EN 12417 EN 12415 Machining centers Turning centers Agreement button Category 3 Category 3 Speed reduction incl. Category 3 Category 3 protection against unexpected start-up Category B and (n=0) agreement button Interlocking of Category 3 Category 3 protective devices and equipment Limitation of endstops Emergency Stop acc. to EN 60204 Category 3 2-26 EN 775 Industrial robots Category 3 Category 3 Category 3 Category 3 Category 3 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2.1.2 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety Requirements from the EC Directives The "EC Machinery Directive" and the "EC Individual Directive - Use of equipment" define the basic protective goals. With their demands that are laid down in national laws they commit the manufacturer and the machine user to abide by these protective goals. With the CE mark and the declaration of conformity, machine manufacturers show that they have implemented all EC Directives relevant for their machines valid at this time. Standards provide support and provide guidelines for implementation but unlike EC Directives are not binding. If applied consistently, this provides a degree of flexibility for innovative safety concepts. Standards generally reflect state-ofthe-art technology. However, on the other hand, innovative technical concepts reflect the state of science and state-of-the-art technology. The state-of-the-art and technology is then included in updated standards. When implementing EC Directives, it is possible to deviate from the standards if the same degree of safety can be achieved by another method. It is important to provide proof of the achieved level of quality. This can be provided, for example, in the form of an EC-type examination certificate. Article 100 / 100a EC contract (internal market) Machine protection Article 118 / 118a EC contract (social security) Outline proposal Safety and health protection of employees /89/391/EEC) Machinery directive (98/37/EEC) any other applicable guidelines Separate directive Use of equipement (89/655/EEC) Harmonized European standards Manufacturer Any other separate directives National legal requirements User MASCHUTZ.DSF Fig. 2-2 Requirements of the EC Directives (extract from /7/) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-27 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety 2.1.3 11.03 Relevant Safety Standards Safety standards A selection of safety standards is listed in the table below: Table 2-2 Important Safety Standards Standard Description DIN EN 292-1 Safety of Machinery, Parts 1 and 2 DIN EN 292-2/A1 Basic Terminology, General Principles for Design EN 775 (ISO 10218) Industrial Robots; Safety EN 954-1 Safety-related parts of control systems EN 1050 Risk assessment EN 60204-1 Electrical equipment of machines EN 418 Emergency stop equipment, functional aspects - design guidelines DIN V VDE 0801 Rules concerning use of computers in systems with safety tasks IEC 61508 Functional safety of electrical and electronic systems IEC 61800-5 Adjustable speed of electrical power drive systems Note As far as the EMC and Low-Voltage Directives, there is a list of the relevant standards in the Declarations of Conformance. 2.1.4 Hazard analysis and risk assessment General According to the Machinery Directive 98/37/EC, the manufacturer of a machine or a safety component or the person or persons responsible for placing such equipment on the market is legally obliged to carry out a risk analysis in order to determine all of the risks that may arise in connection with the machine or safety component concerned. He must design and construct the machine or safety component on the basis of this analysis. A risk assessment must indicate all residual risks that need to be documented. Error analysis on SINUMERIK Safety Integrated 2-28 SINUMERIK Safety Integrated and its error analysis (refer to Chapter 2.12, "Error analysis") provides the machine manufacturer with information about the measures integrated in the control and drive for dealing with errors arising as the result of internal or external disturbances. He can incorporate this information directly into his risk analysis that is based on the EC Machinery Directive, Appendix 1. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2.1.5 2 General Information about Integrated Safety Systems 2.1 Drives and CNC controls with integrated safety EC-type examination according to the Machinery Directive Certification of SINUMERIK Safety Integrated SINUMERIK Safety Integrated is certified by an accredited test laboratory according to the EC Machinery Directive. SINUMERIK Safety Integrated complies with control Category 3 according to EN 954-1. SINUMERIK Safety Integrated can therefore be used on all machine tools and production machines. The machine tool manufacturer can verify his machines himself with SINUMERIK Safety Integrated regardless of whether harmonized Standards exist or not. A machine must, however, pass an acceptance test successfully (refer to Chapter 5, "Acceptance test" and "Acceptance report"). Verification is greatly simplified even for machines that are covered by Appendix IV of the EC Machinery Directive for which no harmonized standards yet exist. The machine manufacturer should indicate that his machine has a typeexamination certificate for SINUMERIK Safety Integrated in his documentation or declaration of conformity. 2.1.6 Product liability law Product liability law Damage resulting from defective products and absolute proof of the fault cause are the prerequisites for product liability. The only effective protection against such liability are measures that can prevent the occurrence or the effects of faults or errors that impair or endanger the proper operation of machinery. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-29 2 General Information about Integrated Safety Systems 2.2 Test, certification 11.03 2.2 Test, certification "...There is no general testing requirement for drive systems with integrated safety. This applies to applications in machine tools, robots, automated manufacturing systems, foodstuffs machines etc. Extract from /6/ On certain machines that are listed under Appendix IV of the Machinery Directive (e.g. presses, woodworking machines) there may be a test requirement for the machine from which a test requirement for the drive systems can be derived. Whether this is the case or not, tests can be conducted on a voluntary basis. Generally, users and the machine manufacturers request that these components be tested by an independent body, even if there is no test requirement. The reason for that is, above all, the complexity of the drive systems with integrated safety. The users themselves are unable to judge whether the systems meet the protection objectives of the Machinery Directive and the Standards. Testing such complex systems must always be conducted in parallel with development, i.e. already starting in the conceptual phase. In that way, it is possible to avoid mistakes in the development phase and reduce the test effort. The certificates that are acceptable for tests by the test and certification system of the German professional association are EC-type examination certificates in compliance with EC Directives according to ZH1/419 /5/ in conjunction with the appropriate test symbol..." 2.3 Terminology from EN 292-1 Reliability and safety The terms "Reliability" and "Safety" are defined in EN 292-1 as follows: Table 2-3 Term Reliability Safety 2-30 Reliability and safety Definition The ability of a product, a part or an apparatus to perform a required function under specific conditions and for a specified period of time without malfunction. The ability of a product to perform its function(s) and to be transported, erected, installed, maintained, disassembled and removed in compliance with the conditions of its intended use as defined by the manufacturer in the Operating Manual (and to which reference is made in some cases for certain periods in the Operating Instructions) without causing injury or ill-health. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.4 Position paper of the working group (WG) 226.03 in the German Electrotechnical Commission (DKE) 2.4 Position paper of the working group (WG) 226.03 in the German Electrotechnical Commission (DKE) In the position paper "Safety-relevant functions of electrical drive systems in machines" the subject of "functional safety" was agreed with German industry and given a general definition. Safety Integrated corresponds to the functions described in the position paper. Table 2-4 Translation of terms used Terms from position paper English drawn up by WG 226.03 in the DKE (German) Sicherer Halt Safe standstill Sicherer Betriebshalt Safe operating stop Sicher reduzierte Safely-reduced speed Geschwindigkeit Sicheres Stillsetzen Safe stopping process Sicher begrenzte Absolutlage Safely limited absolute position Sichere Software-Nocken Safe Cam Sichere Ein-/Ausgangssignale Safe input/output signals Term used in this documentation (abbreviation) Refer to Chapter SH SBH SG 3.3 3.4 3.5 SE SN SGEs/SGAs 3.2 3.6 3.7 3.9 2.5 Technical Bulletin about vertical axes from the German Trade Association This Technical Bulletin aims to summarize the knowledge and experience available with regard to improved safety at work for activities at or close to vertical axes. This is realized by applying practical control measures to prevent axes falling due to the force of gravity. The Technical Bulletin is based on the experience of manufacturers of industrial robots, including linear robots and handling systems, by drive and control systems manufacturers and by the users of those systems, particularly in automobile production and the German Trade Association. The Technical Bulletin shows typical hazardous situations with regard to vertical axes and gives suitable solutions for risk reduction by applying appropriate control measures. Other measures against preventing axes falling, which are not considered in this bulletin, remain unaffected. Consideration is given to vertical axes driven by electric motors as well as inclined axes with motor-integrated brake or external brake which could fall due to gravity in case of a brake failure. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-31 2 General Information about Integrated Safety Systems 2.6 Basics of SINUMERIK Safety Integrated 11.03 2.6 Basics of SINUMERIK Safety Integrated 2.6.1 Control category 3 General The safety-relevant components of the SINUMERIK 840D control with SIMODRIVE 611 digital correspond to Category 3 according to EN 954-1. Table 2-5 Categories of safety-relevant parts of control systems 1) Cate- Summary of requirements System response gory B 1 2 3 4 1): 2-32 Main principle for provision of safety The safety-relevant components of machine controls If a fault/error occurs, it can lead to loss of the safety functions. and/or their protective equipment and components must be designed, constructed, selected, assembled and combined in compliance with all applicable Selection of standards such as to be capable of withstanding all components potentially hazardous influences. The requirements of B must be fulfilled. Use of As described for category B, but components and principles that have proven to be with a greater safety-relevant effective in terms of safety. reliability of safety functions. The occurrence of a fault/error can The requirements of B must be fulfilled. Use of principles that have proven to be effective in terms of lead to a loss in safety functions in-between tests. safety. The loss of safety function(s) is The safety function(s) must be tested at appropriate detected in the course of testing. intervals by the machine control. Note: StructureThe suitability of the measure depends on the based application and type of the machine. The requirements of B must be fulfilled. Use of If the single fault/error occurs, the principles that have proven to be effective in terms of safety function always remains safety. operational. The controls must be designed such that: Some, but not all, faults/errors are a single fault/error in the control system does not detected. cause a loss of the safety function, and An accumulation of undetected if it can be implemented in an appropriate way, faults/errors can lead to a loss of the individual faults/errors can be detected. safety function(s). If faults/errors occur, the safety The requirements of B must be fulfilled. Use of principles that have proven to be effective in terms of function always remains operational. safety. A control system must be designed such that: Faults/errors are detected promptly Structurea single fault/error in the control system does not enough to prevent any loss of safety based cause a loss of the safety function(s), and functions. the single fault/error is detected before or as the safety function is required to take effect. If such a response cannot be implemented, then the accumulation of faults/errors must not result in a loss of the safety function(s). The risk assessment states whether the total or partial loss of the safety function(s) as a result of faults/errors is acceptable. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2.6.2 2 General Information about Integrated Safety Systems 2.6 Basics of SINUMERIK Safety Integrated Basic features of SINUMERIK Safety Integrated Characteristics of two-channel, diverse structure A two-channel, diverse structure is characterized by the following features: * Two-channel structure with at least two independent computers (i.e. computers with different hardware and software) * Crosswise result and data comparison with forced checking procedure for the purpose of detecting internal errors even in functions that are not often used (dormant errors). * Computers access data at common interfaces (e.g. actual value input) reaction-free with decoupling. Acquisition The actual values are acquired by the 611 digital closed-loop control module via the 1st actual value input (with a single-encoder system) or via the 1st and 2nd actual value inputs (with a 2-encoder system) and supplied to the control system and the drive via 2 separate actual value channels. Evaluation The safety-relevant functions are executed by the NCK-CPU and the drive CPU on a mutually independent basis. Both CPUs carry out a mutual comparison (crosswise data comparison) of their data and results in a specified cycle. A test that can be initiated by either of the CPUs can be carried out on the shutdown paths (forced checking procedure). Response When monitoring functions respond, the NCK and/or the drive can send control commands to the power section via shutdown paths, thus safely shutting down the axis or spindle. 2.6.3 Forced checking procedure General notes on the forced checking procedure (taken from /6/) "... The forced checking procedure must be performed for all static signals and data. The logic state must change from 1 to 0 or vice versa within the specified time (8 h). A state that has become static as the result of an error will be detected at the latest by comparison during this forced checking procedure. Forced checking procedure is required for components that are required to stop a process (e.g. contactors and power semiconductors), the shutdown path, and for the shutdown condition. It is generally not possible to test a shutdown condition, e.g. violation of a limit value criterion, using other methods, e.g. crosswise data comparison, when the machine is in an acceptable condition. This also applies to errors along the entire shutdown path including associated hardware and software and circuit-breakers. By integrating a test stop in eighthourly cycles with comparison and expected status, errors can also be detected when the machine is in an acceptable condition...." (Note: "Acceptable condition" means that there are no machine faults that are apparent to the operator) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-33 2 General Information about Integrated Safety Systems 2.6 Basics of SINUMERIK Safety Integrated Forced checking procedure with Safety Integrated 11.03 The forced checking procedure is used to detect errors in the software and hardware of the two monitoring channels. In order to do this, the safety-relevant parts in both channels must be processed in all safety-relevant branches at least once during a defined period. Any errors in the monitoring channel will cause deviations and will be detected by the crosswise data comparison. The forced checking procedure of the shutdown path (test stop) must be triggered by the user or integrated in the process as an automatic procedure, e.g.: * for stationary axes after the system has been powered-up * when the protective door is opened * in defined cycles (e.g. in 8-hour cycles) * in the automatic mode - dependent on the time and event. The forced checking procedure also includes testing the safety-relevant sensors and actuators. In this case, the entire circuit including the "safe programmable logic" (SPL) is tested for correct functioning. Note A defined 8-hour cycle is not mandatory in the automatic mode (when the protective door is closed). A forced checking procedure after an 8-hour period has elapsed can be combined with the next opening of the protective door. Error in the monitoring channel Any errors in the monitoring channel result in deviations and are detected by the crosswise data comparison. Crosswise data comparison Dormant errors in the safety-relevant data of the two monitoring channels are discovered in the course of the crosswise data comparison. In the case of "variable" data, there are tolerance values defined using machine data by which amount the results of the two channels may deviate from one another without initiating a response (e.g. tolerance for crosswise data comparison of actual positions). Note Errors that are discovered as a result of the forced checking procedure or crosswise data comparison lead to a STOP F response (refer to Chapter 3, "Stop responses") and initiate a further stop response when Safety Integrated is active. 2-34 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2.6.4 2 General Information about Integrated Safety Systems 2.6 Basics of SINUMERIK Safety Integrated Monitoring clock cycle and crosswise data comparison clock cycle Setting the monitoring cycle time The safety-relevant functions are monitored cyclically in the monitoring cycle that can be set jointly for all axes/spindles via the following machine data: Setting the monitoring cycle time For 840D MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO The specified clock cycle is checked and rounded to the next possible value when the control runs-up and every time the machine data changes. The resulting monitoring cycle is displayed via MD 10091: $MN_INFO_SAFETY_CYCLE_TIME (refer to Chapter 4, "Machine data for SINUMERIK 840D"). For 611 digital MD 1300: $MD_SAFETY_CYCLE_TIME (refer to Chapter 4, "Machine data for SIMODRIVE 611 digital") Warning ! The monitoring cycle determines the response time of the safety-relevant functions. It must therefore be selected to be 25 ms. The higher the monitoring cycle setting, the greater the amount by which the monitored limit value is violated in the event of an error and the more the drives overshoot. . Displaying the comparison clock cycle MD 10092: $MN_INFO_CROSSCHECK_CYCLE_TIME specifies the maximum crosswise comparison clock cycle in seconds. If the monitoring clock cycle is modified, then the crosswise comparison clock cycle is also changed. To be able to support the various functional configurations of the individual controls, the crosswise data comparison between the NCK and 611 digital monitoring channels has been extended on an axis-specific basis. An axial MD 36992: $MA_SAFE_CROSSCHECK_CYCLE has been introduced to display the current crosswise data comparison cycle time for each axis. 2.6.5 Description User agreement "User agreement" is the confirmation by an appropriately authorized person that the currently displayed SI actual position of an axis corresponds to the actual position on the machine. To check whether this is the case, the axis can be traversed, for example, to a known position (e.g. a visual mark) or measured and the SI actual position in the "User agreement" display compared with the measurement result. An axis/spindle with integrated safety functions can have the following status: User agreement = yes or User agreement = no The "User agreement" window always displays the following data for each axis/spindle with activated Safety Integrated: * Machine axis name (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-35 2 General Information about Integrated Safety Systems 2.6 Basics of SINUMERIK Safety Integrated 11.03 - SI position - User agreement. When does a user agreement need to be given? A user agreement is only required when "safe software limit switches" (SE) and/or " Safe software cams" (SN) are being monitored for an axis/spindle, i.e. When the axis/spindle is commissioned for the first time. When the user intends or needs to re-reference the axis/spindle reliably by hand. If the check of the standstill position against the current position after power on was not correct and the user agreement has been cancelled by the control system. After an axis/spindle has been parked (only if the change in position is greater than that defined using MD 36944: Tolerance actual value comparison (referencing)). Note An axis/spindle must have the status "User agreement = yes" before the functions SN and SE can be used. For further information about the user agreement function, please refer to Chapter 2, "Adjustment, measurement, axis states and previous history". Applicable to 840D with SW 3.6 and higher In the case of axes and spindles that do not have configured safety functions "SE" and "SN", the saved zero-speed position is not evaluated if a user agreement has not been given. ! User agreement interlock Warning If the drive is not reliably referenced and a user agreement has not been given, then the following applies: - The "safe software cams" are active, but not yet safe in the sense of control Class 3. - The "safe software limit switches" are not yet active Before a user agreement can be given, the protective interlock must be canceled: * Keyswitch position in position 3 "User agreement" can be given. The interlock must be re-activated (e.g. by removing the key) afterwards. 2.6.6 Enabling safety-related functions Global enable SINUMERIK Safety Integrated(R) (SI) with safety-relevant functions is enabled via a basic and axis option. The SH function is operative if at least one safety-relevant function is activated. The enabling command determines the number of axes/spindles for which SI can be activated. 2-36 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.6 Basics of SINUMERIK Safety Integrated Ordering data option SINUMERIK Safety Integrated, with one axis/spindle only, can only operate with an appropriate extension. Enabling safetyrelevant functions Which safety functions are to be effective can be selected for each axis individually with the following machine data: For 840D MD 36901: $MA_SAFE_FUNCTION_ENABLE (refer to Chapter 4, "Machine data for SINUMERIK 840D") For 611 digital MD 1301: $MD_SAFE_FUNCTION_ENABLE (refer to Chapter 4, "Machine data for SIMODRIVE 611 digital") In addition to other settings, the following functions can be individually enabled: * SBH/SG * SE * SN1+ , SN1 -, SN2 +, SN2 -, SN3 +, SN3 -, SN4 +, SN4- * SG override * Slip * External stop signals * Cam synchronization * EMERGENCY STOP (SW 6.4.15 and higher) Note * To ensure that SBH can always be selected in the event of an error, the function SBH/SG must be activated and correctly parameterized when the function SE and/or SN is enabled. * The axis-specific enabling data in the NCK must be identical to the data in the drive or else an error message will be output when data is crosschecked (crosswise data comparison). * An axis is treated as an axis in terms of the global option if at least one safety-relevant function is activated via the axis-specific enabling data. * The maximum number of axes that may operate using the safety functions is determined by the number that has been enabled by the basic and axis option. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-37 2 General Information about Integrated Safety Systems 2.7 Increasing the availability using integrated safety technology 11.03 2.7 Increasing the availability using integrated safety technology By combining the safety functions covered in Chapter 3.1 "Overview of safetyrelevant functions" it is possible to implement completely new concepts for operation on machines with different requirements. Intervention by the user, e.g. in the tool magazine or setup location can be performed parallel to production. The most important consideration, however, is always the best possible protection of the user while at the same time being able to use the machine for the intended purpose. Machine protection (machine, workpiece, tool, ...) can also profit to a large extent from the advantages of these new possibilities. Integrated safety technology now takes the emphasis away from purely hardware and electro-mechanical-based solutions to those based on software and electronics, thus gradually replacing technology that is subject to wear. Integrated safety technology by its very concept provides intelligent system control right down to the sensors and actuators. This results in a new diagnostics concept that offers preventive error detection. Even with errors that occur suddenly during production, the risk of injury to the operator and damage to the machine can be confined to a minimum by fast error detection and coordinated, safe shutdown. Integrated safety technology Effect Integrated safety technology allows * Optimized processes * Sub-processes to be able to operate in parallel * Simpler machine infrastructures * Practical machine handling concepts. The effect on the availability - Reduced error potential - Longer production times - Shorter downtimes When applied consistently, integrated safety technology offers considerable potential for increasing the availability. 2-38 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.8 Overview of the safety-related functions 2.8 Overview of the safety-related functions The safety-related functions are available in all modes and can communicate with the process using safe input/output signals. They can be implemented individually for each individual axis: * Safe standstill A monitoring function or sensor (e.g. light barrier) responds and brings a moving drive to a standstill. * Safe operating stop (SBH) Monitors the drives during standstill. The drives remain fully functional in the position controlled mode. * Safe standstill (SH) The drive pulses are cancelled. The energy feed is safely and electronically disconnected. * Safely-reduced speed (SG) Configured speed limits are monitored, e.g. when setting-up without using an agreement button. * Safe software limit switches (SE) Variable traversing range limits * Safe software cam (SN) Range detection * Safe input/output signals (SGE/SGA) Interface to the process * Safe programmable logic (SPL) All of the safe signals and internal logic are directly connected. * Safe brake management (SBM) Two-channel brake control and cyclic brake test * Safety-relevant communication via standard bus connection of distributed I/Os for process and safety signals via PROFIBUS using the PROFIsafe protocol * Safe software relay (SI relay) Designed to implement an EMERGENCY STOP with safe programmable logic and similar requirements. * Safe braking ramp (SBR) Monitors the speed characteristic. The actual speed must be reduced after stop request has been issued. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-39 2 General Information about Integrated Safety Systems 2.9 System prerequisites 11.03 2.9 System prerequisites General prerequisites Pulse cancellation via terminal 663 NC internal pulse cancellation Separate NC and PLC I/Os PROFIsafe Prerequisite for SE and SN Limitations when using the HT6 2-40 * SINUMERIK 840 D; all CPU versions may be used * Software option "SINUMERIK Safety Integrated" Basic function for up to 4 axes Additional function from the 5th axis (if required) Axis/spindle package for a further 13 axes (if required) * The measuring circuit cables must meet the specifications of the SIMODRIVE 611 digital * SIMODRIVE 611 digital drive converter Control modules with additional input for direct measuring system * SIMODRIVE 611 digital * SIMODRIVE 611 digital with Performance/High Performance or Standard 2 control/High Standard with an additional input for a direct measuring system * NCU terminal block with DMP modules for the NCK I/Os. * SIMODRIVE 611digital High Standard or High Performance with an additional input for a direct measuring system * SINUMERIK software release, at least 6.3.30 * NCU terminal block with DMP modules for the NCK I/Os. * Simple I/O module (instead of SIMATIC I/Os) * SIMATIC S7 I/O modules for the PLC. * SINUMERIK 840 D with NCU 561.4 / 571.4 / 5.72.4 / 573.4 (NCU 573.5 being prepared) * SINUMERIK software release, as a minimum 6.3.30 * Software option "I/O interface via PROFIBUS DP" * S7 - F configuring package * ET 200 S PROFIsafe * The axis may not be an axis with shift gearbox. * The function is not possible with the default configuration OP 030. User agreement is given via a PLC application program. * No drives subject to slip. * It is not possible to "Copy/Confirm" the safety machine data via the handheld unit HT6. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2.9.1 2 General Information about Integrated Safety Systems 2.9 System prerequisites Order numbers SINUMERIK 840D SIMODRIVE 611 digital Table 2-6 SINUMERIK 840D NCU modules NCU 561.4 NCU 571.4 NCU 572.4 NCU 573.4 NCU 573.5 Software option SINUMERIK Safety Integrated Basic function up to 4 axes/spindles Additional function from the 5th axis/spindle onwards Axis/spindle pack for additional 13 axes/ spindles NCK I/Os NCU terminal block DMP Compact 16A, 24V, DC DMP Compact 16A, 24V, DC, 0.5A DMP Compact 8A, 24V, DC, 2A Accessories Cable distributor Software option for I/O interface via PROFIBUS DP Simple I/O module Table 2-7 SIMODRIVE 611 digital Designation High-standard - 2 axis High-performance - 1 axis High-performance - 2 axis Order No.: 6FC5356-0BB12-0AE0 6FC5357-0BB12-0AE0 6FC5357-0BB23-0AE0 6FC5357-0BB34-0AE0 6FC5357-0BB35-0AE0 6FC5250-0AC10-0AA0 6FC5250-0AC11-0AA0 6FC5250-0AC12-0AA0 6FC5211-0AA00-0AA0 6FC5111-0CA01-0AA0 6FC5111-0CA02-0AA2 6FC5111-0CA03-0AA2 6FX2006-1BA02 6FC5252-0AD00-0AA0 6FC5411-0AA00-0AA0 Order No.: 6SN1118-0DM33-0AA0 6SN1118-0DJ23-0AA0 6SN1118-0DK23-0AA0 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-41 2 General Information about Integrated Safety Systems 2.9 System prerequisites 11.03 PLC (SIMATIC S7-300) Table 2-8 PLC (SIMATIC S7-300 Interfaces Interface IM 360 Interface IM 361 Interface IM 365 Interface IM 365 (extended temperature range) Digital input modules SM 321 16 inputs / 24 V DC 16 inputs / 24 V DC (extended temperature range) 16 inputs, 24 V, DC m - reading 32 inputs / 24 V DC 32 inputs / 24 V DC (extended temperature range) 16 inputs / 24 V DC, diagnostics capable 16 inputs / 24 V DC, diagnostics capable (extended temperature range) 16 inputs, 120 V, AC 32 inputs, 120 V, AC 8 inputs, 120/230 V, AC Digital output modules SM322 16 outputs, 24 V, DC, 0.5 A 16 outputs / 24 V DC 0.5 A (extended temperature range) 32 outputs, 24 V, DC, 0.5 A 8 outputs, 24 V, DC, 0.5 A diagnostics capable 16 outputs, 120 V, AC, 0.5 A 32 outputs, 120 V, AC, 1 A 8 outputs, 24 V, DC, 2 A 8 outputs, 120/230 V, AC, 1 A 8 outputs / 120/230 V AC 1 A (extended temperature range) 8 outputs, relay contacts 2 A 8 outputs, relay contacts 5 A 8 outputs, relay contacts 5 A (extended temperature range) 16 outputs, relay contacts 2 A Digital input/output modules SN323 8 inputs / 8 outputs 8 inputs / 8 outputs (extended temperature range) 16 inputs / 16 outputs Order No.: 6ES7360-3AA01-0AA0 6ES7361-3CA01-0AA0 6ES7365-0BA01-0AA0 6ES7365-0BA81-0AA0 6ES7321-1BH02-0AA0 6ES7321-1BH82-0AA0 6ES7321-1BH50-0AA0 6ES7321-1BL00-0AA0 6ES7321-1BL80-0AA0 6ES7321-7BH00-0AA0 6ES7321-7BH80-0AA0 6ES7321-1EH01-0AA0 6ES7321-1EL00-0AA0 6ES7321-1FF01-0AA0 6ES7322-1BH01-0AA0 6ES7322-1BH81-0AA0 6ES7322-1BL00-0AA0 6ES7322-8BF00-0AA0 6ES7322-1EH01-0AA0 6ES7322-1EL00-0AA0 6ES7322-1BF01-0AA0 6ES7322-1FF01-0AA0 6ES7322-1FF81-0AA0 6ES7322-1HF01-0AA0 6ES7322-1HF10-0AA0 6ES7322-1HF80-0AA0 6ES7322-1HH00-0AA0 6ES7323-1BH01-0AA0 6ES7323-1BH81-0AA0 6ES7323-1BL00-0AA0 Please refer to Catalog ST 70 for further SIMATIC components 2-42 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.10 Customer Support PROFIsafe ET 200 S Table 2-9 PROFIsafe ET 200 S Designation Interface IM 151 HF Electronic module 4/8 F - DI Electronic module 4/8 F - DO Terminal module for F - DI and F - DO With screw terminal With spring-loaded terminal With screw terminal With spring-loaded terminal Power module Standard 24 V DC Standard 24 V DC / 120/230 V AC Fail-safe 24 V DC Terminal module for fail-safe power module With screw terminal With spring-loaded terminal Terminal module for standard power module With screw terminal With spring-loaded terminal With screw terminal With spring-loaded terminal With screw terminal With spring-loaded terminal S7 F configuration pack (Distributed Safety) Order No.: 6ES7151-1BA00-0AB0 6ES7138-4FA00-0AB0 6ES7138-4FB00-0AB0 6ES7193-4CG20-0AA0 6ES7193-4CG30-0AA0 6ES7193-4CF40-0AA0 6ES7193-4CF50-0AA0 6ES7138-4CA00-0AA0 6ES7138-4CB10-0AB0 6ES7138-4CF00-0AB0 6ES7193-4CK20-0AA0 6ES7193-4CK30-0AA0 6ES7193-4CC20-0AA0 6ES7193-4CC30-0AA0 6ES7193-4CD20-0AA0 6ES7193-4CD30-0AA0 6ES7193-4CK20-0AA0 6ES7193-4CK30-0AA0 6ES7833-1FC00-0YX0 Please refer to Catalog ST 70 for further ET 200 S components 2.10 Customer Support The Centre of Competence Service (CoCS) - Sinumerik Safety Integrated(R) provides a range of services for users. Contact addresses Hotline: Order per: Table 2-10 Offer Phone: 0180-5050-222 Fax: 0180-5050-223 E-Mail: ad.support@siemens.com Inquiry, specifying 840D Safety Integrated Phone: +49 (0)9131 98 4386 Fax: +49 (0)9131 98 1359 Service spectrum (for machine manufacturers and end customers) Description of services Concept development Standard configuration The safety functions are adapted to the machine on the basis of the hazard analysis and the operating philosophy requested by the customer. This includes e.g.: * Planned operating modes * Safety functions when the protective doors are closed * Safety functions when the protective doors are open * EMERGENCY STOP concept * A study of the safety-relevant external signals and elements Based on the concept development the standard functions * Safe standstill (SH), safe operating stop (SBH) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-43 2 General Information about Integrated Safety Systems 2.10 Customer Support Offer SPL configuration Commissioning Acceptance report Approval procedure Workshop Hotline On-site service 2-44 11.03 Description of services * Safely-reduced speed (SG) * Safe software limit switch (SE), safe software cam (SN) are integrated into the circuit diagram of the machine. External safety elements (e.g. door locking, EMERGENCY STOP button, ...) are either configured conventionally or logically combined via the "safe programmable logic" (SPL) function. Based on the standard configuration the following objects are created for SPL: * Function diagram * Logic program for the PLC area * Logic program for the NC area * Required data modules (e.g. DB18) Linking these objects into the overall system On the basis of the configuration that has been created, the safety functions are commissioned. The customer provides the machine so that the drives can be traversed and the control cabinet is wired according to the configuration. On the basis of the submitted configuration documentation and commissioning, an acceptance report for the safety functions is drawnup. These include: * Description of the machine (name, type, ...) * Description of the safety and operating concepts * Description of the axis-specific safety functions * Testing of all safety functions including the SPL logic * Records of the test results The customer will receive the acceptance report as hardcopy and on an electronic data medium. Support with processing and line of argument for the approval procedure by certified bodies (e.g. regulatory bodies) or large end customers. Workshops on the subject of machine safety are adapted to customer's specific requirements and can take place on the customer's premises, if necessary. Possible contents: * Machinery Directive, Standards in general * C standards (machine-specific) * Hazard analysis, risk analysis * Control categories (to EN 954-1) * SINUMERIK Safety Integrated - function and system description * Configuration, machine data * Start-up * Acceptance report An expert for 'SINUMERIK Safety Integrated' can be reached at the hotline number should serious errors or problems occur during installation and commissioning. Experts analyze problems encountered on-site. The causes are eliminated or a remedy is drawn-up and implemented where necessary. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.11 Powering the control up and down 2.11 Powering the control up and down What to remember when powering-up the control ! The safety functions are only available and ready to be activated after the control system has completely run-up. We recommend that you select the "Safe operating stop" (SBH) function. Warning The safety functions are not active while the control system is running-up. The operator must remain outside the danger zone during this period. We recommend a complete forced checking procedure after powering-up (refer to Chapter 3, "Testing the shutdown paths"). What to remember when powering-down the control - The position at which axes with safety functions reach a standstill is saved in a non-volatile memory when safe operating stop (SBH) is selected. For axes configured with SE and SN, the position data is used for an internal position check when the system is powered-up again. - The following applies when SE/SN is active: The standstill position is also saved cyclically. For this reason, the user should only power-down the control when the axes/spindles with safety functions have stopped moving. Note If the axis is moved with the power supply disconnected, then the saved standstill position no longer matches the current position. For axes with safety functions SE and SN, when the control is powered-up again, a user agreement must again be given after the position has been checked. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-45 2 General Information about Integrated Safety Systems 2.12 Error analysis 11.03 2.12 Error analysis Monitoring The SINUMERIK 840D control with SIMODRIVE 611 digital is equipped with various monitoring functions that detect system errors and initiate the appropriate reactions (refer to the relevant documentation). These standard functions do not comply with safety Category 3 according to EN 954-1. The safety functions of SI that are based on crosswise data comparison and forced checking procedure are capable of detecting system errors and bringing the machine into a safe condition (refer to Chapter 3, "Safety Functions"). Fault analysis Table 2-11 Assumed error Spindle speed too high Based on the appropriate Directives and Standards, a detailed fault analysis is carried-out using SINUMERIK Safety Integrated. The subsequently listed brief summary lists the disturbing effects and system faults controlled by SINUMERIK Safety Integrated with an extremely low residual risk; whereby the basis was disturbing quantities that are already known. Error analysis in the set-up mode Error causes Error control Safe limitation of speed Defect in the drive or control or axis velocity with SG; configurable stop system, Encoder fault in functions according to Cat. 2 2-encoder operation, operator error etc. MDIR, Appendix Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.6 Axis speed too high Axis or spindle has inadmissibly moved away from standstill position Axes have inadmissibly exited operating range Response of machine control to incorrect position signal Error relating to the input/output of process data 1) Defect in the drive or control system, operator error etc. Defect in the drive or control system, operator error etc. Defect in the control operator error etc. Defective cable, incorrect information, or similar Safe standstill monitoring for position control with SBH; configurable stop function, Cat. 0/1 Safe standstill with SH, Stop function, Cat. 0 " Safe software limit switches" SE; configurable stop functions according to Cat. 2 "Safe software cams" SN; safe signal and position output Two-channel input/output of safety-relevant signals (SGE/SGA), crosswise data comparison; initiation of stop functions according to Cat. 1 Chapter 1.2.6 Chapter 1.2.7 Chapter 1.3.6 Chapter 1.4.2 Chapter 1.4.3 1) Comments According to currently applicable standards (TC143), the SG function is - depending on the technology - only permissible in combination with agreement, jog mode, start button and Emergency Stop According to currently applicable standards (TC143), the SG function is - depending on the technology - only permissible in combination with jog mode, start button and Emergency Stop Low-wear safe shutdown of the energy feed to the drive, this function does not replace the main machine breaker for electrical isolation Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.7 Chapter 1.3.8 Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.8 Chapter 1.4.2 Chapter 1.4.3 Chapter 1.2.5 Chapter 1.3.8 Chapter 1.4.2 Chapter 1.4.3 Is essentially used for machinery protection, can also be used to restrict working zones in conjunction with personnel protection Wear-free "safe software cams (SN) used to safely detect the position of axes. Can be used to isolate physical areas External two-channel inputs or further processing required if function is intended to protect operating personnel refer to: Appendix, References General /1/ 2-46 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Table 2-12 Assumed error Spindle speed too high 2 General Information about Integrated Safety Systems 2.12 Error analysis Error analysis in test mode Error causes Error control Defect in the drive or Safe limitation of speed control system, or axis velocity with SG; encoder fault in 2configurable stop encoder operation, functions according to operator error etc. Cat. 2 Axis speed too high or similar Axis or spindle has inadmissibly moved away from standstill position Defect in the drive or control system, operator error etc., part program error or similar Safe standstill monitoring for position control with SBH; configurable stop function acc. To Cat. 0/1 Axes have inadmissibly exited operating range Defect in the drive or control system, operator error etc., part program error or similar Safe standstill with SH, Stop function, Cat. 0 "Safe software limit switches" SE; configurable stop functions according to Cat. 2 Response of the machine control to incorrect position signal Defect in the control operator error, part program error or similar "Safe software cams" SN; safe signal and position data output Error relating to the input/output of process data Defective cable, incorrect information or similar Two-channel input/output of safetyrelevant signals (SGE/SGA), crosswise data comparison; initiation of stop functions according to Cat. 1 1) refer to: Appendix, References General /1/ MDIR, Appendix Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.6 Chapter 1.2.6 Chapter 1.2.7 Chapter 1.3.6 Chapter 1.4.2 Chapter 1.4.3 Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.7 Chapter 1.3.8 Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.8 Chapter 1.4.2 Chapter 1.4.3 Chapter 1.2.5 Chapter 1.3.8 Chapter 1.4.2 Chapter 1.4.3 1) Comments According to currently applicable standards (TC143), the SG function - depending on the technology - is only permissible in combination with agreement, jog mode, start button and Emergency Stop According to currently applicable standards (TC143), the function - depending on the technology - is only permissible in combination with JOG mode, start button and Emergency Stop No wear, safe disconnection of energy feed to drive to allow manual intervention in danger zone; function does not replace machine main switch with respect to electrical isolation Wear-free safe cams, are essentially used for machinery protection, can also be used to restrict working zones in conjunction with personnel protection Wear-free "safe software cams" used to safely detect the position of axes. Can be used to demarcate physical areas External two-channel inputs or further processing required if function is intended to protect operating personnel (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-47 2 General Information about Integrated Safety Systems 2.12 Error analysis Table 2-13 Error analysis in automatic mode Assumed error Error causes Error control Safe limitation of speed Spindle or axis Defect in the drive or axis velocity with SG; speed/velocity too or control system, configurable stop high encoder fault in functions according to 2-encoder Cat. 2 operation, operator error, part program error or similar Axis or spindle Defect in the drive Safe standstill has inadmissibly or control system, monitoring for position moved away from operator error, part control with SBH; standstill position program error, or configurable stop similar function, Cat. 0/1 11.03 MDIR, Appendix Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.6 1) Comments According to the status of the various Standards (TC143), the SG function is only permissible with effective protective devices and equipment (e.g. protective doors) Low-wear safe shutdown of the energy feed to the motor to allow manual interventions in the hazardous zone (safe location). This function does not replace the main machine breaker regarding electrical isolation Wear-free safe limit switch, Is essentially used for machinery protection, can also be used to restrict working zones in conjunction with personnel protection Wear-free, "safe software cams" for reliable detection of axis positions, can be used to demarcate physical areas External two-channel inputs or further processing required if function is intended to protect operating personnel 1) Comments Forced-checking procedure must be supported by the user depending on the process Chapter 1.2.6 Chapter 1.2.7 Chapter 1.3.6 Chapter 1.4.2 Chapter 1.4.3 Safe standstill with SH Stop function according to Category 0 Axes have inadmissibly exited operating range Defect in the drive or control system, operator error, part program error or similar "Safe software limit switches" SE; configurable stop functions according to Cat. 2 Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.7 Chapter 1.3.8 Response of the machine control to incorrect position signal Defect in the control, operator error, part program error or similar "Safe software cams" SN; safe signal and position data output Chapter 1.2.4 Chapter 1.2.7 Chapter 1.3.8 Chapter 1.4.2 Chapter 1.4.3 Error relating to the input/output of process data Defective cable, incorrect information, or similar Two-channel input/ output of safety-relevant signals (SGE/SGA), crosswise data comparison; initiation of stop functions according to Cat. 1 Chapter 1.2.5 Chapter 1.3.8 Chapter 1.4.2 Chapter 1.4.3 Table 2-14 General error analysis Assumed error Error causes Error has not Defect in the drive been detected or control system or because function similar is not active Incorrect safety machine data (MD) Incorrect absolute position of axis or spindle Incorrect information, operator error or similar Error control Time-controlled request or automatic forcedchecking procedure and crosswise data comparison, initiation of stop functions according to Cat. 0 Visual check with Accept softkeys, crosswise data comparison, checksum, initiation of stop functions according to Cat. 0/1 User agreement after referencing or after power-up Incorrect information, axis mechanically influenced or similar 1) refer to: Appendix, References General /1/ 2-48 MDIR, Appendix Chapter 1.2.7 Chapter 1.2.7 Must be confirmed using acceptance test during start-up Chapter 1.2.7 Chapter 1.3.8 The assignment to machine zero must be carried-out during startup (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.12 Error analysis Error control enables easy and cost-effective implementation of the requirements of Machinery Directive 98/37EC (MDIR column, Appendix 1). Topics or Chapter headings of MDIR, Appendix 1 1.2.41) Mode selector switch 1) Power supply fault 1) Control circuit fault 1) Risks relating to variations in tool speeds 1) Preventing risks relating to moving parts 1) Selecting protective equipment against risks relating to moving parts 1) Special requirements placed on isolating protective equipment 1) Special requirements placed on non-isolating protective equipment. 1.2.5 1.2.6 1.2.7 1.3.6 1.3.7 1.3.8 1.4.2 1.4.3 Residual risk Stopping, normal stopping and stopping in an emergency 1) Risk assessment enables the machine manufacturer to determine the residual risk for his machine with respect to the control. The following residual risks are defined: * SI is not active until the control system and drive have completely run-up. SI cannot be activated if any one of the control or drive components is not powered-up. * Faults in the absolute track (C-D track), cyclically interchanged phases of motor connections (V-W-U instead of U-V-W) and a reversal in the control direction can cause an increase in the spindle speed or axis motion. Category 1 and 2 Stop functions according to EN 60204-1 (defined as Stops B to E in Safety Integrated) that are provided are not effective due to the fault. Category 0 stop function according to EN 60204-1 (defined as Stop A in Safety Integrated) is not activated until the transition or delay time set via machine data has expired. When SBR is active, these errors are detected (STOP B/C) and the Category 0 stop function according to EN 60204-1 (STOP A in Safety Integrated system) is activated as early as possible irrespective of this delay (refer to Chapter 3.8, "Safe braking ramp"). Electrical faults (defective components etc.) can also result in the response described above. * When incremental encoders are used, the functions "safe software limit switch" (SE) and "safe software cam" (SN) are not guaranteed until referencing has been successfully completed. * When no user agreement has been given (refer to Chapter 2 "User agreement"), the safe software limit switches (SE) are not operative; the safe software cams (SN) are operative, but not safe as defined by Safety Integrated. * The simultaneous failure of two power transistors (one in the upper and the other offset in the lower inverter bridge) in the inverter may cause the axis to move briefly. Example: Synchronous motor: 1) Refer to: Appendix, References General /1/ (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-49 2 General Information about Integrated Safety Systems 2.12 Error analysis 11.03 For a 6-pole synchronous motor, the axis can move by a maximum of 30 degrees. With a ballscrew that is directly driven by, e.g. 20 mm per revolution, this corresponds to a maximum linear motion of approximately 1.6 mm. Example, synchronous linear motor: For a synchronous linear motor the movement must be no more than one pole width. This corresponds to the following distances: 1FN1-07 2 7 mm 1FN1-12/-18/-24 36 mm 1FN3 20 mm 2-50 * For a 1-encoder system, encoder faults are detected by various HW and SW monitoring functions. These monitoring functions may not be deactivated and must be parameterized carefully. Depending on the error type and which monitor responds, a Category 0 or Category 1 stop function according to EN 60204-1 (defined as STOP A or B in SINUMERIK Safety (R) Integrated ) is activated. * The Category 0 stop function according to EN 60204-1 (defined as STOP A in Safety Integrated) means that the spindles/axes are not braked to zero speed, but coast to a stop (this may take a very long time depending on the level of kinetic energy involved). This must be included in the protective door locking mechanism logic (e.g. with the logic operation n<nx. * When a limit value is violated, the speed may exceed the set value briefly or the axis/spindle may overshoot the setpoint position to a greater or lesser degree during the period between error detection and system response. This depends on the dynamic response of the drive and the parameter settings (refer to Chapter 3, "Safety-relevant functions"). * A position-controlled axis may be forced out of the safe operating stop state (SBH) by mechanical forces that are greater than the max. axis torque. In such cases, a safe standstill (SH) is activated. * SI is not capable of detecting parameterization and programming errors made by the machine manufacturer. The required level of safety can only be assured by thorough and careful acceptance testing. * Drive power modules and motors must always be replaced with the same equipment type or else the parameters will no longer match the actual configuration and cause SI to respond incorrectly. The axis involved must be re-commissioned if an encoder is replaced. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2 General Information about Integrated Safety Systems 2.13 Others 2.13 Others 2.13.1 Applications Parking an axis The pulse enable command must be cancelled via drive terminal 663 before the park state is activated (via interface signal "Park"). This can be done by means of the NCK-SGE "Test stop selection" (the message "Test stop active" is then displayed). The pulse enable signal may not be applied again until the park state has been deselected. Pulses are cancelled via SGA "Enable pulses". The pulses can be cancelled by selecting external stop A (corresponds to "Safe standstill"). Parking axes with absolute reference When the "parking" function is selected, actual value acquisition and the position measuring system monitoring are de-activated for an axis/spindle. The NCK actual value is frozen and mechanical actual value changes are no longer detected. This also applies to the actual value acquisition of the two safety monitoring channels NCK and 611 digital. The absolute reference of an axis can therefore no longer be reliably detected. The safety monitoring channels respond as follows: - Alarms 27000/300950 are displayed "Axis no longer safely referenced" - SGA "Axis safely referenced" cancelled on NCK and drive side. The user can align the actual value acquisition of the safety monitoring channels by referencing/synchronizing to the machine position. These alarms are only displayed for axes for which safety monitoring functions with absolute reference are activated, i.e. for SE and SN. They are not displayed for axes without these monitoring functions. Machine data SAFE_PARK_ALARM_SUPRESS can be used to suppress Alarms 27000/300950. Vertical axis: The machine manufacturer must take various measures (refer to Chapter 2, "System prerequisites") to prevent vertical axes from falling when the safe standstill function is activated (e.g. after STOP B/A). This means that the mechanical brake must be controlled as quickly as possible. From SW 6.3.21, a function check of the mechanical braking system is carriedout for all axes that must be held using a holding brake to prevent movement in the open-loop controlled mode (refer to Chapter 8.3). Measuring system changeover on 840D When the measuring systems are changed-over (selected) via interface signals "Position measuring system 1" (DB 31..., DBX1.5) "Position measuring system 2" (DB 31..., DBX1.6), the following applies: The encoder used by the position controller is changed over. Note SI continues to work with the configured encoder. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-51 2 General Information about Integrated Safety Systems 2.13 Others Gantry axes for 840D 11.03 Stop responses Stop A, B, C for gantry axes are initiated as fast as possible for all of the axes in the group. However, if unacceptable offsets result because of the differing braking behavior of the axes, then stop response Stop D should be configured. Note The user must ensure that terminal 663 is controlled simultaneously for all drive modules in a single gantry group. 2.13.2 Information for OEM users SINUMERIK 840D: Information for MMC-OEM users ! Information for NCK-OEM users If SINUMERIK Safety Integrated (SI) and OEM applications (for MMC) are used at the same time, the following points must be observed. Important 1. The PLC interface signals (DB31, ...) with safety-relevant drive inputs and outputs must not be written using the variable service of the NCDDE server. 2. Writing machine data using the variable service An acceptance test must be performed if SI machine data has been changed using the variable service of the NCDDE server. 3. Changing alarm priorities The alarm priorities selected for SI must be retained. 4. Changing alarm texts The alarm texts of the SI alarms can be modified: This must be clearly documented for the user. 5. "Carry-out acceptance test" message box The "Carry-out acceptance test" may not be modified! 6. User agreement Functions relating to the user agreement (e. g. call, protective mechanism) may not be altered. SINUMERIK Safety Integrated(R) can also be used for NCK-OEM applications. Note System memory change System memory changes caused by the OEM application result in Alarm 27003 "Checksum error occurred". 2-52 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 2.13.3 2 General Information about Integrated Safety Systems 2.13 Others Overtemperature Response to an overtemperature fault It must be ensured that overtemperatures in the Sinumerik/Simodrive group do not result in subsequent malfunctions - that in turn can cause safety-critical situations. Especially if the overtemperature condition simultaneously affects both monitoring channels (e.g. when the ambient temperature increases), the temperature alarm signals that are present must be evaluated in order to initiate a safety-related response in plenty of time. The following temperature monitoring functions are active and can be evaluated for the subsequent response. Temperature monitoring NCK When the associated temperature monitoring function responds, this is indicated using the interface signal DB10.DBX109.6 "Air-temperature alarm". When the interface signal is set, this is in conjunction with NCK Alarm 2110 "NCK temperature alarm" or Alarm 2120 "NCK fan alarm". If the temperature or fan monitoring responds, then it is sufficient if the PLC initiates the appropriate measures; it is not absolutely necessary that the measures are initiated using SPL logic. Safety-related response required: * All safety-related outputs (SGAs) should be brought into the safe state (logical "0") * The drives should be brought to a standstill and the pulses then cancelled It may make sense to derive an Emergency Stop request from the interface signal. Temperature monitoring, drive, motor temperature When the associated temperature monitoring responds, this is indicated using the axial interface signal DB<axis>.DBX94.0 "Motor-temperature pre-alarm". When the interface signal is set, this is associated with drive Alarm 300614 "Axis %1 Drive %2 time monitoring, motor temperature". It is not absolutely necessary to evaluate this signal as an appropriate response can be already activated using the associated machine data. If required, an evaluation can also be made as part of the SI functionality. Temperature monitoring, drive heatsink temperature When the associated temperature monitoring responds, this is indicated using the axial interface signal DB<axis>.DBX94.1 "Heatsink temperature". When the interface signal is set, this is in conjunction with drive Alarm 300515 "Axis %1 Drive %2 heatsink temperature power module exceeded". It is not absolutely necessary to evaluate this signal as an appropriate response can be already activated using the associated machine data. If required, an evaluation can also be made as part of the SI functionality. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-53 2 General Information about Integrated Safety Systems 2.13 Others 11.03 Notes 2-54 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions .............................................................. 3-57 3.1.1 Safe standstill - disconnecting the energy feed .................................... 3-57 3.1.2 Shutdown paths.................................................................................... 3-58 3.1.3 Testing the shutdown paths.................................................................. 3-61 3.1.4 Overview of the machine data for the shutdown paths ......................... 3-67 3.1.5 Stop responses..................................................................................... 3-67 3.1.6 Overview of the machine data for stop responses ................................ 3-76 3 3.2 External STOPs .......................................................................................... 3-77 3.2.1 Test stop for external STOPs................................................................ 3-80 3.2.2 Overview of the machine data for the "external STOPs" function ......... 3-84 3.3 Safe standstill (SH) ..................................................................................... 3-85 3.3.1 Overview of the machine data for the SH function ................................ 3-86 3.4 Safe operating stop (SBH) .......................................................................... 3-86 3.4.1 Selecting/de-selecting safe operating stop ........................................... 3-87 3.4.2 Effects when the limit is exceeded for SBH .......................................... 3-90 3.4.3 Overview of the machine data for the SBH function.............................. 3-91 3.5 Safely-reduced speed (SG) ........................................................................ 3-92 3.5.1 Selecting/de-selecting the safely-reduced speed.................................. 3-94 3.5.2 Limiting the setpoint speed ................................................................... 3-96 3.5.3 Safely-reduced speed when using selector gearboxes......................... 3-97 3.5.4 Effects when the limit value is exceeded for SG ................................... 3-98 3.5.5 SG-specific stop responses .................................................................. 3-99 3.5.6 Override for safely-reduced speed........................................................ 3-100 3.5.7 Example: Override for safely-reduced speed........................................ 3-102 3.5.8 Application examples for SG ................................................................ 3-103 3.5.9 Examples for safe input of ratios........................................................... 3-103 3.5.10 Overview of the machine data for the function SG................................ 3-110 3.6 Safe software limit switches (SE)................................................................ 3-111 3.6.1 Effects when an SE responds............................................................... 3-112 3.6.2 Overview of the machine data for the SE function ................................ 3-114 3.7 Safe software cams (SN) ............................................................................ 3-115 3.7.1 Effects when SN reponds ..................................................................... 3-119 3.7.2 Application example for "safe software cams" ...................................... 3-120 3.7.3 Overview of machine data for the SN function...................................... 3-123 3.8 Safe braking ramp (SBR) (840D from SW 4.2) ........................................... 3-124 3.8.1 Overview of the machine data for SBR ................................................. 3-126 3.9 Safety-related input/output signals (SGE/SGA) .......................................... 3-127 3.9.1 Signal processing for the NCK monitoring channel............................... 3-132 3.9.2 Signal processing in the drive monitoring channel ................................ 3-134 3.9.3 Overview of the machine data for SGE/SGA ........................................ 3-135 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-55 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18)...................................... 3-136 3.10.1 NCK-SPL program................................................................................ 3-139 3.10.2 Starting the NCK-SPL using the PROG_EVENT mechanism (from SW 6.4.15) .................................................................................. 3-141 3.10.3 Starting the NCK-SPL from the PLC user program............................... 3-144 3.10.4 Linking the NCK-SPL to the I/O and monitoring channel ...................... 3-145 3.10.5 Diagnostics/commissioning .................................................................. 3-147 3.10.6 Safe software relay (from SW 6.3.30) ................................................... 3-148 3.10.7 System variables for SINUMERIK 840D ............................................... 3-153 3.10.8 Behavior after POWER ON/operating mode change/reset ................... 3-155 3.10.9 SPL data on the PLC side .................................................................... 3-156 3.10.10 Direct communications between the NCK and PLC-SPL (from SW 6.3.30) .................................................................................. 3-158 3.10.11 PLC data block (DB 18) ........................................................................ 3-160 3.10.12 Forced checking procedure of SPL signals........................................... 3-164 3.11 Encoder mounting arrangements.............................................................. 3-168 3.11.1 Encoder types....................................................................................... 3-168 3.11.2 Adjustment, calibration, axis states and historical data......................... 3-170 3.11.3 Overview of the data for mounting encoders ........................................ 3-174 3.11.4 Actual value synchronization (slip for 2-encoder systems with SW 5.2 and higher) ....................................................................... 3-175 3.11.5 Application: Spindle with two encoders and drive with slip (SW 5.2 and lower)............................................................................... 3-176 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) ............................................................................. 3-179 3.12.1 Description of functions ........................................................................ 3-179 3.12.2 Available fail-safe modules ................................................................... 3-180 3.12.3 System prerequisites ............................................................................ 3-181 3.12.4 System structure................................................................................... 3-182 3.12.5 Configuring and parameterizing the ET 200S F-I/O .............................. 3-183 3.12.6 Parameterizing SINUMERIK 840D NCK............................................... 3-188 3.12.7 Parameterizing the SINUMERIK 840D PLC ......................................... 3-195 3.12.8 Response times.................................................................................... 3-196 3.12.9 Functional limitations ............................................................................ 3-196 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) . 3-198 3.13.1 Behavior of the axial NCK monitoring channel...................................... 3-198 3.13.2 Behavior without NCK-SPL................................................................... 3-199 3.13.3 Behavior with NCK-SPL........................................................................ 3-199 3.13.4 Behavior of the drive monitoring channel.............................................. 3-200 3.13.5 SGE/SGA processing in the PLC.......................................................... 3-201 3.13.6 Limitations ............................................................................................ 3-201 3.13.7 Examples.............................................................................................. 3-201 3-56 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions 3.1 Basic mechanisms of SI functions The safety functions are available in all modes and can communicate with the process using safety-related input/output signals. They fulfill the requirements of safety category 3 (to EN 954-1) and SIL 2 (acc. to IEC 61508). 3.1.1 Safe standstill - disconnecting the energy feed Input to network Drive 1 Drive 2 Centrally 1. Main switch 2. Line contactor 4 2 Axis-specifically 3. Control pulses 4. Control voltage 3 M M 1 Fig. 3-1 Safe standstill - disconnecting the energy feed Fig. 3-1 illustrates 4 basic possibilities of switching a motor into a no-torque condition. The mode of operation of these methods differ. Main breaker: Effect -> central Each machine must be equipped with at least one breaker. This allows the machine to be completely electrically isolated from the line supply. This is usually implemented using the main breaker. This measure provides protection against electric shock when working with live components. When powereddown, the breaker must be locked-out to prevent accidental re-closure. Integrated line contactor: Effect -> central The entire converter can be electrically isolated using the line contactor. As far as the converter is concerned, this measure also corresponds to a STOP A. In the past, for an EMERGENCY STOP, the converter/motor was brought into a no-torque condition using the integrated line contactor corresponding to a STOP B/C. However, electrical isolation is not absolutely necessary for an EMERGENCY STOP. AE Pulse cancellation in the gating unit Effect -> axis-specific The fastest way of switching a drive, axis-by-axis, into a no-torque condition is by canceling the pulses in the gating unit. However, this measure is still not a safety-related measure. This means that it is still not possible to electrically isolate the drive converter DC link (600V) from the motor. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-57 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions O Optocoupler control 11.03 Effect -> module-specific When the optocoupler control voltage is switched-out, this means that when a fault condition develops, the gating unit pulses are not converted in the power module of the drive into a torque. Electrical isolation between the drive converter DC link (600V) and the motor is therefore not possible. This is also not required for the "functional safety". Measure O can be controlled through two channels, physically de-coupled from the drive and the NC. This provides an effective and safe possibility of canceling the drive converter pulses on a module-for-module basis - and is incorporated in the cyclic tests (forced checking procedure). The requirements for EMERGENCY STOP are fulfilled. It is not always absolutely necessary to open the line contactor. Before working on live components (e.g. maintenance, service ...) it is always necessary to isolate the machine from the line supply. 3.1.2 Shutdown paths Shutdown paths to cancel pulses The drive pulses must be cancelled through two channels. The machine manufacturer needs to configure a shutdown path in the NCK monitoring channel and another in the drive monitoring channel.. (refer to Fig. 3-2, "Shutdown path of the drive CPU" and Fig. 3-3, "Shutdown path of the NCK CPU" via Terminal 663). For SI the shutdown paths are utilized by stop functions with the highest priority STOP A and STOP B. These stop functions can be initiated through any monitoring channel (for example, if an active STOP C, STOP D or STOP E function has not been able to shut down the drives). It is therefore absolutely essential to ensure that the shutdown paths operate properly and this must be checked at the specified intervals (e.g. after power ON). Shutdown path of drive CPU 3-58 The pulse cancellation test is initiated via the PLC-SGE "test stop selection" (it can also be initiated internally in the case of an error). The SGE can be supplied from an assigned PLC HW input or a signal (memory bit) from the PLC user program. The comparator in the drive CPU directly activates a pulse inhibit via the drive bus in the drive module (internal signal "cancel pulses"). The checkback signal is also output directly by the drive module via the drive bus (internal signal "pulses cancelled status"). No additional wiring is required. The comparator in the drive channel is supplied via a PLC interface data block (refer to Chapter 4, "Interface signals"). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions SGE "Test stop-selection" (via NCK/PLC interface) PLC SGA "Pulses are disabled status" Inputs/outputs AS1 AS2 Terminal 663 Drive closed-loop control Start "Disable pulses" signal Drive_IMP" relay Timer "Pulses disabled status" "Pulses are disabled status" signal 0V +5V Safety relay STOP A SW Fig. 3-2 HW 0V 0V ABSCH_03.DS4 Shutdown path of the drive CPU Shutdown path of NCK CPU Pulse cancellation via terminal 663 Two options are available from SW 6.3.30 onwards: 1. Via Terminal 663 2. Via internal pulse cancellation. Pulse cancellation is initiated via the NCK SGE "test stop selection" (can also be initiated internally in the case of an error). The comparator uses the SGA "enable pulses" to cancel the enabling command at module-specific terminal 663 on the 611 digital drive module. The cancelled state is signaled back to the comparator in the NCK CPU via terminals AS1/AS2 of the drive module and the SGE "pulses cancelled status". The SGEs/SGAs are assigned to the NCK HW inputs/outputs via machine data. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-59 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions 11.03 SGE Test stop selection (via NCKI/O devices) SGE "Pulses are disabled status" Start Inputs Enable SGA pulses +24V AS1 AS2 Terminal 663 Outputs Timer "Pulses disabled status" "Drive_IMP" relay +5V 0V Drive bus Safety relay STOP A 0V 0V Drive closed-loop control NCK CPU ABSCH_02.DS4 Fig. 3-3 Shutdown path of the NCK CPU via terminal 663 Note To set up the shutdown path for the NCK CPU, the machine manufacturer must provide external wiring for the axis-specific drive terminals 663 and AS1/AS2. From NCK software version 6.3.30 onwards, the pulse enable signal can be returned (terminal AS1/AS2) internally for all of the control modules. Safe internal pulse cancellation (SW 6.3.30 and higher) Internal pulse cancellation can only be used together with the 611 digital modules High Performance and High Standard. Terminal 663 must then be wired to the SGA "externally enable pulses". Whether or not the pulses were successfully cancelled can be returned internally. This considerably reduces the number of NCK I/Os required. Fig. 3-4 shows the sequence when canceling pulses. Internal pulse canceling is initiated via the NCK SGE "test stop selection" (can also be initiated internally as STOP A). The comparator internally cancels the pulses via the drive bus. The status is internally read back via the drive bus. If the pulses were not successfully cancelled, then the enable from module-specific terminal 663 at the 611 digital drive module is withdrawn using the SGA "externally enable pulses". The SGEs/SGAs are assigned to the NCK HW inputs/outputs via machine data. The local NCU inputs and outputs can be used to externally cancel the pulses (NC onboard-IOs, refer to Chapter 3.10.2). Terminals 663 of all of the drives or a group of drives would be controlled via such an output. 3-60 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions SGE Test stop selection (via NCK I/Os or SPL) SGE Test external pulse disabling Start & STOP A >= Timer "Pulse disabled status" Enable SGA pulses external Outputs Internal pulse suppression Pulses disabled status Fig. 3-4 +24V AS1 AS2 Terminal 663 >= Relay drive_IMP +5V 0V Drive bus Safety relay & NCK-CPU (via NCK I/Os or SPL) Inputs External pulse supression 0V 0V Drive closed-loop control Shutdown path of NCK CPU via internal pulse cancellation Activation is carried out by configuring the SGAs "enable pulses" and "enable pulses externally" and the SGE "test stop external shutdown". Activating If bit 30 is set in $MA_SAFE_PULSE_ENABLE_OUTPUT, the pulses are internally cancelled. In this case, MD $MA_SAFE_EXT_PULSE_ENAB_OUTPUT must also be configured so that the NCK has a further option for canceling pulses. However, this path is only used if the internal pulse cancellation fails. $MA_SAFE_PULSE_ENABLE_OUTPUT can still be configured on a hardware output or in the SPL (refer to Chapter 3.10). This can be used, for example, in order to initiate responses in the SPL while canceling the pulses, and not having to wait until the state "pulses are cancelled" has been detected. 3.1.3 Testing the shutdown paths Description The test stop carries out a test of the entire shutdown path plus external wiring for each monitoring channel. In the course of the test, the comparators and stop modules of the two monitoring channels that are responsible for the stop function are processed in succession. Also refer to Chapter 2.6.3 "Forced checking procedure". When must a test stop be carried out? The shutdown paths must be tested (forced checking procedure) at a suitable time after the machine has been powered-up and thereafter in set-up mode once every eight hours. It is advisable to carry out the test before the protective device is opened or (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-61 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions 11.03 operating personnel enter the dangerous zone (e.g. when the set-up mode is selected) if the shutdown paths had not been tested within the last eight hours. Note The time for the "shutdown path test" must be defined by the machine manufacturer in a "test block". Requirements for the test stop Which SGEs/SGAs are needed for the test stop? Signal * All of the drives on the drive module, on which the drive to be tested is configured, must be at a standstill. * The pulses must still be enabled at the start of the test. * The manufacturer must ensure that hanging (vertical) axes are securely locked and cannot drop. * When the test stop is selected, the "status pulses cancelled" signal may not be present at the PLC SGA or the "status pulses cancelled" signal at the NCK SGE, otherwise, stop response STOP F will be activated. The following SGEs/SGAs are needed in each monitoring channel and for each axis/spindle for the purpose of the test stop: * For a test stop in the NCK monitoring channel NCK SGE "test stop selection" NCK SGE "pulses cancelled status" NCK SGA "pulses enabled" * For a test stop in the drive monitoring channel PLC SGE "test stop selection" PLC SGA "pulses cancelled status" * For a test stop in the NCK monitoring channel for internal pulse disabling: NCK SGE "test external pulse cancellation" NCK SGE "externally enable pulses" The message "test stop in progress" is displayed on the screen while a "test stop" is being executed. Note To ensure that the shutdown paths have been tested correctly, the "test stop" must be executed twice, once for the drive and once for the NC. In this way, it can be ensured that each channel is operating correctly up to the point that the pulses are cancelled. For a 2-axis control module, the shutdown path must be tested for specific axes, i.e. for each axis on the module. Test stop sequence The test stop can be initiated by the hardware by pressing a button or from the PLC user program using a function block that has been created (refer to Chapter 7, "Engineering example"). Pulse cancellation is requested in the drive monitoring channel (refer to Fig. 3-2, "Shutdown path of drive CPU") via the PLC SGE "test stop selection". The timer "pulses cancelled status" is started and the message "test stop in progress" is displayed on the screen. The pulse cancellation signal remains 3-62 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions active until the timer has expired and the user cancels the "test stop selection" signal at the PLC SGE. The checkback signal is returned via the PLC SGA "pulses cancelled status". This checkback signal must have been made before the timer, started at the beginning, has expired. If this is not the case, then "STOP A" is initiated. The PLC is able to activate the test stop in the NCK monitoring channel if the checkback signal at the PLC SGA "pulses cancelled status" is appropriately programmed to a PLC output. Requirement: There is a connection between this PLC output and the NCK SGE "test stop selection". The pulses must be enabled again before the test stop in the NCK monitoring channel is selected. Pulse cancellation via terminal 663 is requested in the NCK monitoring channel (Refer to Fig. 3-3 "Shutdown path of NCK CPU") via the NCK SGE "test stop selection". The timer "pulses cancelled status" is started, the NCK SGA "enable pulses" output and the message "test stop in progress" is displayed on the screen. The checkback signal is returned via the NCK SGE "pulses cancelled status" (received via terminal AS1/AS2). This checkback signal must have been made before the timer, started at the beginning, has expired. If this is not the case, then "STOP A" is initiated. The internal pulse cancellation is also requested via the NCK-SGE "test stop selection" for the NCK monitoring channel, the NCK-SGA "enable pulses" is not connected to terminal 663 however (refer to Fig. 3-4 "Shutdown path of NCK-CPU via internal pulse cancellation"). The external pulse cancellation must also be tested via terminal 663. Testing the external pulse cancellation The external pulse cancellation test is started by setting the SGE "test stop external shutdown" on a single channel only for the NCK. The SGE must be assigned to either the NCK periphery or the SPL using machine data 36979: MA_SAFE_STOP_REQUEST_EXT_INPUT. A possible configuration for this is shown in Fig. 3.5. When the NCK-SPL is used, the specification for singlechannel SI-specific signals from the PLC described in Chapter 3.10.10 can be used. The external pulse cancellation only has to test that the wiring connected to terminals 663 is still correct for the configured drive modules. Furthermore, the test stop is required because internal pulse cancellation is now used as shown as an example in Fig. 3-5 for the first 2-axis module with axes X and Y. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-63 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions 11.03 Inputs SGE Test stop external disable axis Y Distribution among axis channels with same SGA assignment Outputs & SGA Enable pulses external Terminal 663 Terminal 663 Terminal 663 Terminal 663 X Axial SI channels Fig. 3-5 Y Z A B Drive bus C Internal pulse suppression e.g. for axis X and Y 2-axis module 2-axis module 1-axis module 1-axis module X, Y Z, A B C >= NCK-CPU Configuration, "test stop external shutdown" In order to make it easier for the user to configure a test stop and at the same time reduce the time required for a test stop, the external pulse cancellation test is initiated only for one axis per configured output. Axis Y is used in Fig. 3-5 as an example. Pulse cancellation is monitored, for all axes, whose SGA is configured at this output ($MA_SAFE_EXT_PULSE_ENAB_OUTPUT), in Fig. 3-4 this therefore means for all 6 axes X, Y, Z, A, B, C. Alarm 27006, "Axis %1 Test ext. pulse cancellation running" is displayed for all of these axes during the external pulse cancellation test. Note During "test stop external shutdown", no external stop may be present at the drive. If an external stop is present and the test stop is present for longer than $MA_SAFE_MODE_SWITCH_TIME, Alarm 27001 is generated, "fault in a monitoring channel" with information 58, active external stop request. Sequence: The sequence of the "test stop external shutdown" is comparable with the sequence for test stop of the NCK monitoring channel. After selecting of the "test stop external shutdown", the SGA "pulse enable external" is cancelled and a timer started with the value from MD $MA_SAFE_PULSE_DIS_CHECK_TIME. If the timer expires and a checkback signal confirming that pulses have been cancelled has not been received, Alarm 27001 with code number 1010 is issued. By initiating a STOP A for the drive, the pulses are cancelled via the internal shutdown path. The only way to exit this status is with a power on. 3-64 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions The state of the active monitoring function (SBH, SG, SE, SN) is not changed by "test stop external shutdown". Checkback signals, pulse cancellation (SW 6.3.21 and higher) Since the SGE "status pulses cancelled" is only used for checking pulse cancellation for test stop or for "test stop external shutdown", this signal can be configured according to the 3-terminal principle. In this way, the information for all 611 digital modules no longer has to be obtained by wiring the AS1/AS2 terminals to NCK I/Os. The 3-terminal principle is used in the form of a twochannel pulse-cancellation control with single-channel feedback. Activation The function is activated by configuring the SGE "status pulses cancelled". Up to now, the assignment to an I/O input or to the NCK-SPL had to be made via MD $MA_SAFE_PULSE_STATUS_INPUT. If this machine data is set to 0, the information on whether or not the pulses have been cancelled is retrieved from the SI interface of the 611 digital. Testing the shutdown paths for several axes without SPL The test stop is executed internally in the drive monitoring channel (via the NC/PLC interface). To implement the test stop for the NCK monitoring channel, the SGEs/SGAs must be appropriately connected-up for each axis. A large number of inputs and outputs are required in the NCK when there are several axes. It is possible to group or distribute signals using inputs/outputs assigned via machine data (refer to Chapter 4, "Data description"). To obtain the "test stop selection" signal of a certain axis, it must be possible to evaluate the checkback signal "pulses cancelled status" for the same axis in order to be able to detect if there are any errors. Testing the shutdown paths for a dual-axis module For a dual-axis module, there is only one terminal 663 and one AS1/AS2 for both axes. The shutdown path in the NCK and drive monitoring channels must still be tested in succession for both axes. The following example (refer to Fig. 3-6, "Testing the shutdown path") shows a circuit for testing the shutdown path of the NCK with four axes, axes 3 and 4 being provided by a dual-axis module. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-65 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions External circuitry 11.03 E (NCK) A (PLC) (Initiation via PLC user program) SGE Assignment and linking of machine data Test stop selection Axis 1 Test stop selection Axis 2 Test stop selection Axis 3 Test stop selection Axis 4 Test stop selection A (PLC) Comparator internal interface SGE assignment without SPL logic DPR variable M bzw. Bit (PLC) (Initiation via PLC user program) Assignment and linking of machine data SGE SGE assigned via OUTSI(P) variable Test stop selection Axis 1 Test stop selection Axis 2 Test stop selection Axis 3 Test stop selection Axis 4 Dual Port RAM or DB10 Test stop selection Comparator SGE assignment with SPL logic (reduced wiring effort) Internal interface External circuitry A (NCK) Terminal 663 Axis 1, module 1 Terminal 663 Axis 2, module 2 Terminal 663 Axis 3, axis 4 module 3 AND-linking via MDs External circuitry +24 V E (NCK) AS1 AS2 AS1 AS2 AS1 AS2 Terminals of SIMODRIVE 611 drive modules Fig. 3-6 3-66 Pulse disabling via terminal 663 & Checkback signals SGA Enable pulses Axis 1 Enable pulses Axis 2 Enable pulses Axis 3 Enable pulses Axis 4 SGE Pulses disabled status Axis 1 Pulses disabled status Axis 2 Pulses disabled status Axis 3 Pulses disabled status Axis 4 ZWDYN_05.DSF Testing the shutdown paths (NCK monitoring channel) for several axes (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions To test the shutdown path in the drive monitoring channel, it is possible to access the input and output signals of all axes from the PLC program via the PLC interface. 3.1.4 Overview of the machine data for the shutdown paths Overview of MD for 840D Table 3-1 Overview of machine data for 840D Number Name 36950 $MA_SAFE_MODE_SWITCH_TIME 36957 $MA_SAFE_PULSE_DIS_CHECK_TIME 36975 $MA_SAFE_STOP_REQUEST_INPUT 36976 $MA_SAFE_PULSE_STATUS_INPUT 36979 $MA_SAFE_STOP_REQUEST_EXT_INPUT 36984 $MA_SAFE_EXT_PULSE_ENAB_OUTPUT 36986 $MA_SAFE_PULSE_ENABLE_OUTPUT Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-2 Overview of machine data for 611 digital Number Name 1357 $MD_SAFE_PULSE_DIS_CHECK_TIME Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" Note The inputs and outputs of the SGEs/SGAs are assigned to the drive channel using data blocks in the PLC user program (refer to Chapter 4, "Interface signals"). 3.1.5 Stop responses A high degree of protection against faults/errors is afforded by the two-channel monitoring structure with its continuous crosswise data comparison. Alarms and stop responses are initiated when differences are detected between the two channels. The purpose of the stop responses is to shut down the drives in a controlled manner according to the actual conditions on the machine. There are stop responses STOP A, B, C, D, E, F as well as the test stop. The type of stop response that occurs in the event of a fault/error can either be predetermined by the system or configured by the machine manufacturer. Note Protection of operating personnel must be given top priority when stop responses are configured. The objective must be to stop the drives in a way that best suits the situation. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-67 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions Table 3-3 STOP A B C D 11.03 Overview of stop responses Action Pulses are immediately cancelled 0 speed setpoint is immediately entered + start timer tB tB =0 or nact < nshutdown: STOP A 0 speed setpoint is immediately entered + start timer tC tC =0: Activation of SBH Brake motor along acceleration limit + start timer tD tD =0: Activation of SBH E Causes stop and retract + start timer tD Activation of SBH tD =0: F Depending on situation: a) Safety function inactive: Saved message to operator b) Safety function active: Initiation of STOP B/A (configurable) c) Safety function active and initiation of STOP C, D or E: Saved message to operator Effect Initiated in response to SBR/SG SBH/SG Changes to SH SH POWER ON POWER ON Drive is braked along current limit SBH active SG/SE SBH RESET Drive is braked as part of a group along set traversing path SG/SE SBH RESET SG/SE SBH RESET Drive coasts to standstill Drive is braked along current limit transition to STOP A SBH active Drive is decelerated via the programmed retraction and stop motion (ESR). SBH active a) NC start and traversing interlock b) Transition to STOP B/A Alarm a) RESET Crosswise data comparison SH c) NC start and traversing interlock b) POWER ON c) RESET Note: The timers can be set using the machine data. Stop responses SBH and SH The following diagram shows the relationship between the stop responses and the safe operating stop (SBH) or the safe standstill (SH). STOP A STOP B Stop Input setpoint "0" STOP C Stop Input setpoint "0" STOP D Stop Path-relating in grouping STOP E STOP F Stop Retraction conditions SBH (Safe standstill under position control) (if a further error occurs) SH (Safe pulse disable) Fig. 3-7 3-68 STOPR_02.DSF Stop responses, safe operating stop (SBH), safe standstill (SH) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Configurable stop responses 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions The stop responses that occur when the limit values are violated can be selected by the machine manufacturer using the appropriate machine data. These limit values are defined using the corresponding machine data. Table 3-4 Configurable stop responses Safety-related functions Configurable stop responses SBH STOP B* (not configurable) SG STOP A, B, C, D, E SE STOP C, D, E SN No internal stop response. The user must appropriately configure safe responses via the SGAs SN1 - SN4. SBR STOP A (not configurable) Note: Stop response STOP F is the predefined system response to discrepancies detected by the crosswise data comparison. * Transition from STOP B to A immediately, if tB = 0 Assignment table for stop responses Table 3-5 Stop responses provided by SI acc. to EN 60204-1 Stop response provided by Stop function acc. to EN 60204-1 (R) SINUMERIK Safety Integrated STOP A Category 0 STOP B, STOP F 1) Category 1 STOP C, STOP D, STOP E Category 2 Note: 1): STOP F triggers STOP B if at least one safety-relevant function is active. Priority of stop responses Table 3-6 Priority level Highest priority ........ ....... ..... ... . Lowest priority Stop response priorities Stop response STOP A STOP B SGE test stop selection STOP C STOP D STOP E STOP F Note A stop response listed in Table 3-6 "Stop response priorities" can only be initiated if at least one safety-relevant function is active (except for STOP F). Once a stop response has occurred, the sequence of operations it involves will be completed, even if the cause of the stop no longer exists. It is possible to progress to stop responses that have a higher priority. It is not possible to progress to stop responses that have a lower priority. Please refer to Chapter 3.1.2, "Shutdown paths" for an explanation of how to use the SGE test stop selection. Stop response sequence If a stop response is initiated in the drive, a signal is sent to the NC that responds by initiating the same stop response (two-channel safety). Likewise, if a stop response is initiated in the NC, the drive is automatically signaled and responds by requesting the same stop response (exception: Test stop). This mechanism ensures that stop responses are managed with a high degree of safety. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-69 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions Description of STOP A 11.03 Action in the drive monitoring channel: Pulses are immediately cancelled using the internal signal "cancel pulses". In addition, the pulses in the gating unit are cancelled by a software function. Action in the drive monitoring channel: Pulses are cancelled via the SGA "enable pulses". * Effect: The drive coasts to a standstill if no external braking mechanism such as an armature short-circuit and/or holding brake is used. The axis-specific alarm results in a mode group stop, i.e. as the result of the error in one axis, all axes and spindles in a mode group are stopped. "Safe standstill" becomes operative at the end of STOP A. * Alarm message: The alarm message "STOP A triggered" is displayed. * Acknowledgement: An unintentional restart is prevented for STOP A. The error can only be acknowledged from the drive and control with power on. SGA STOP A/B is active This signal is used to indicate that STOP A/B is active. 0 signal: STOP A/B is not active 1 signal: STOP A/B is active Description of STOP B Action in the drive and NCK monitoring channels: The drive is braked along the current limit as the result of a 0 speed setpoint that is input instantaneously either directly or from the NCK via the drive bus. Action in the drive monitoring channel: If the speed actual value drops below the value set in $MD_SAFE_STANDSTILL_VELO_TOL or if the timer set in $MD_SAFE_PULSE_DISABLE_DELAY has expired, the stop mode changes automatically to STOP A. Action in the drive monitoring channel: Essentially the same as in the drive channel, the stop mode changes automatically to STOP A when the actual speed drops below the value in $MA_SAFE_STANDSTILL_VELO_TOL or after the timer set in $MA_SAFE_PULSE_DISABLE_DELAY has expired. * Effect: The drive is braked along the current limit under speed control and finally brought to a safe standstill. * Alarm message: The alarm message "STOP B triggered" is displayed. * Acknowledgement: An unintentional restart is prevented for STOP B. The error can only be acknowledged from the drive and control with power on. SGA STOP A/B is active This signal is used to indicate that STOP A/B is active. 0 signal: STOP A/B is not active 1 signal: STOP A/B is active 3-70 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions Note If the timer in machine data $MA_SAFE_PULSE_DISABLE_DELAY is set to zero, then there is an immediate transition from STOP B to STOP A. rev/min n ist b) a) Creep speed pulse disabling Delay time pulse disabling b) Creep speed is reached before delay time for pulse disabling expires a) Creep speed pulse disabling STOP A STOP B t Delay time pulse disabling a) b) Fig. 3-8 Description of STOP C STOP B STOPB_01.DS4 STOP A STOP B STOP A Transition from STOP B to STOP A Action in the drive monitoring channel: The drive is braked along the current limit in response to a zero speed setpoint while the timer set in $MD_SAFE_STOP_SWITCH_TIME_C is started in parallel. The SBH function is automatically activated after the timer expires. Action in the drive monitoring channel: Essentially the same as in the drive channel, the control specifies a zero speed setpoint and interface signal "position controller active" (DB 0, ... DBX 61.5) of the drive involved is set to zero. At the same time, the timer set in $MA_SAFE_STOP_SWITCH_TIME_C is started. The SBH function is automatically activated after the timer expires. * Effect: The drive is braked along the current limit under speed control and brought into SBH. * Alarm message: The alarm message "STOP C triggered" is displayed (refer to Chapter 6, "Alarms"). * Acknowledgement: An unintentional restart is prevented for STOP C. The error can be acknowledged using the NC-RESET key. SGA STOP C is active This signal indicates that STOP C is active. 0 signal: STOP C is not active 1 signal: STOP C is active (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-71 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions Description of STOP D 11.03 Action in the drive monitoring channel: The drive monitoring channel requests "path stop" or "brake along acceleration characteristic (NC-MD)". At the same time, the timer set in $MD_SAFE_STOP_SWITCH_TIME_D is started. The SBH function is automatically activated after the timer expires. Action in the NCK monitoring channel: Essentially the same as the drive channel, the control system monitoring channel requests "path stop" or "brake along acceleration characteristic (NC_MD)". At the same time, the timer set in $MA_SAFE_STOP_SWITCH_TIME_D is started. The SBH function is automatically activated after the timer expires. * Effect: The drive is braked in a group - including simultaneous axes - along the set traversing path. Endlessly rotating axes are braked at the acceleration limit. The SBH function is automatically activated after the timer expires. * Alarm message: The alarm message "STOP D triggered" is displayed. * Acknowledgement: An unintentional restart is prevented for STOP D. The error can be acknowledged using the NC-RESET key. SGA STOP D is active This signal indicates that STOP D is active. 0 signal: STOP D is not active 1 signal: STOP D is active Description of STOP E (SW 6.4.15 and higher) Action in the drive monitoring channel: The drive monitoring channel requests an extended stop and retract (ESR). At the same time, the timer set in $MD_SAFE_STOP_SWITCH_TIME_E is started. The SBH function is automatically activated after the timer expires. Action in the NCK monitoring channel: Essentially the same as the drive, ESR is requested by the control monitoring channel ESR . At the same time, the timer set in $MA_SAFE_STOP_SWITCH_TIME_E is started. The SBH function is automatically activated after the timer expires. * Effect: The extended stop and reset that have been configured are started. * Alarm message: The alarm message "STOP E triggered" is displayed. * Acknowledgement: An unintentional restart is prevented for STOP E. The error can be acknowledged using the NC-RESET key. SGA STOP E is active This signal indicates that STOP E is active. 0 signal: STOP E is not active 1 signal: STOP E is active The NC-controlled ESR is triggered by writing to the system variable $AC_ESR_TRIGGER=1 (also refer to /FB3/, M3 "Axis coupling and ESR"). 3-72 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions To obtain the criterion for triggering, the following SI system variables have been introduced: $VA_STOPSI: axial system variable that contains the current stop. In the case of value 4, a Stop E is active for this drive. $A_STOPESI: global system variable that displays a value not equal to 0 to indicate that a Stop E is active on one of the axes. This variable saves the user having to search through all of the axes. Note STOP E only produces a different response than STOP D if the user has configured the ESR function extended stop and retract and initiation of the ESR is programmed depending on $VA_STOPSI or $A_STOPESI. Kowever, if ESR is not active, STOP E behaves like a STOP D. If the ESR configuration is incorrect, there is a delay up to 2 IPO cycles compared to STOP D until the braking operation is initiated. Possible causes: * The initiation of the ESR as static synchronous action does not take into account the system variables $VA_STOPSI or $A_STOPESI. * ESR is neither parameterized nor enabled. For other incorrect ESR programming, a delay by the time $MC_ESR_DELAY_TIME1 and $MC_ESR_DELAY_TIME2 is possible. After these times have elapsed, braking is initiated at the current limit. The cause could be: * Description of STOP F The retraction position cannot be reached within the specified time. The STOP F response is permanently assigned to the crosswise data comparison function. Dormant errors in the drive and control systems are detected. * Effect: When a discrepancy is detected between the drive and NCK monitoring channels the responses are as follows: Response if no safety functions are active: Dormant errors are detected even if there is no safety function active. The saved message "defect in a monitoring channel" is output on both the drive and control sides and can only be acknowledged by means of the NC-RESET key. The message does not cause machinery to be interrupted. A system restart is prevented by an internal NC start/traversing inhibit. Response if one safety function is active: Dormant errors are detected. A STOP B/A response is initiated in the drive and control system (refer to description of STOP B). Exception: If a STOP C/D/E is already active. (refer to Table 3-4, "Configurable stop responses"). Using MD 36955 $MA_SAFE_STOP_SWITCH_TIME_F, a delay time can be parameterized to initiate a STOP B. Within this time, an NC controlled response can be initiated by the machinery construction OEM - e.g. ESR. After this time has expired, the axis involved is braked with STOP B, even if, in the meantime, a stop with a higher priority than STOP F (STOP E,D,C) is present. Using the system variables $VA_XFAULTSI and $A_XFAULTSI, bit 1, it can be identified whether a STOP F was initiated that then is followed by a STOP B. In the delay time up to a STOP B, an ESR or braking along the machined path can be initiated (e.g. by writing to $AC_ESR_TRIGGER or by initiating an external STOP D). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-73 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions * 11.03 Alarm message: The alarm "Defect in a monitoring channel" is displayed. An entry is made in the following machine data to decode errors in detail. Table 3-7 MD number - Machine data for detailed error coding, STOP F Control Meaning 840D For the 840D system, the error code is displayed when the alarm is output. 611 digital $MD_SAFE_STOP_F_DIAGNOSIS 1395 Note: The significance of the error codes can be found in Chapter 6, "Alarms for SINUMERIK 840D under Alarm 27001 "Defect in a monitoring channel". * Acknowledgement: The saved alarm can be reset with the NC-RESET key. An unintentional restart is prevented for STOP B/A. The fault can only be acknowledged with a power on for the drive and control. Example 1, delaying the transition from STOP F to STOP B: The speed characteristic of an axis for parameterized stopping is shown in the following diagram. In this case, the axis should continue 500 ms and then brake along the parameterized ramp. A delay time of 2.5 s is selected until STOP B is initiated ($MA_SAFE_STOP_SWITCH_TIME_F). Weiterfahren (ESR) v Bremsen an Rampe = Stillsetzen (ESR) t1 Fig. 3-9 t2 t3 t Speed characteristic of an SI axis when stopping with STOP F The following actions take place at the individual instants in time: t1: t2: t3: 3-74 STOP F occurs, ESR is started 500 ms after t1, braking starts along the parameterized ramp STOP B is initiated 2.5 s after t1. The axis is already stationary at this time. This means that pulses can be immediately cancelled. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions Example 2, delaying the transition from STOP F to STOP B The same parameterization as in example 1 is shown in the following diagram. However, when a STOP F occurs, no monitoring function is active. At instant in time t2, a monitoring function is activated. ESR is only started if there is a STOP F with active monitoring function. Weiterfahren (ESR) v Bremsen an Rampe = Stillsetzen (ESR) t1 Fig. 3-10 t2 t3 t4 Speed characteristic of an SI axis when stopping with STOP F The following actions take place at the individual instants in time: t1: t2: t3: t4: STOP F occurs, no response Any time after t1, a monitoring function is activated. At this instant in time, the transition time to a STOP B is started and bits 1 in $A_XFAULTSI and $VA_XFAULTSI of this axis are set. 500 ms after t2, braking starts along the parameterized ramp. STOP B is initiated 2.5 s after t2. The axis is already stationary at this time. This means that pulses can be immediately cancelled. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-75 3 Safety-Related Functions 3.1 Basic mechanisms of SI functions 3.1.6 Overview of the machine data for stop responses Overview of MD for 840D Table 3-8 Overview of machine data for 840D Number Name 36952 $MA_SAFE_STOP_SWITCH_TIME_C 36953 $MA_SAFE_STOP_SWITCH_TIME_D 36954 $MA_SAFE_STOP_SWITCH_TIME_E 36955 $MA_SAFE_STOP_SWITCH_TIME_F 36956 $MA_SAFE_PULSE_DISABLE_DELAY 36957 $MA_SAFE_PULSE_DIS_CHECK_TIME 36960 $MA_SAFE_STANDSTILL_VELO_TOL 36961 $MA_SAFE_VELO_STOP_MODE 36962 $MA_SAFE_POS_STOP_MODE 36963 $MA_SAFE_VELO_STOP_REACTION Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-9 Overview of machine data for 611 digital Number Name 1352 $MD_SAFE_STOP_SWITCH_TIME_C 1353 $MD_SAFE_STOP_SWITCH_TIME_D 1354 $MD_SAFE_STOP_SWITCH_TIME_E 1355 $MD_SAFE_STOP_SWITCH_TIME_F 1356 $MD_SAFE_PULSE_DISABLE_DELAY 1357 $MD_SAFE_PULSE_DIS_CHECK_TIME 1360 $MD_SAFE_STANDSTILL_VELO_TOL 1361 $MD_SAFE_VELO_STOP_MODE 1362 $MD_SAFE_POS_STOP_MODE 1363 $MD_SAFE_VELO_STOP_REACTION 1395 $MD_SAFE_STOP_F_DIAGNOSIS Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" 3-76 11.03 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.2 External STOPs 3.2 External STOPs Description With this function it is possible to bring the drive to a standstill via the SGEs. Sensors (e.g. protection mats, light barriers, ...) can be connected to the SGEs. Stopping the drives is then initiated depending on these connected sensors. The drives can be brought to a standstill in the following ways: * By canceling pulses SGE "de-select ext. STOP A" * Braking with nset = 0 SGE "de-select ext. STOP C" * Braking along the path SGE "de-select ext. STOP D" * Initiate ESR SGE "de-select ext. STOP E" (from SW 6.4.15) Note External STOPS only function in combination with "safe programmable logic" (SPL) because an external STOP A remains selected, for safety reasons, until SPL crosswise data comparison of the PLC and NCK is started. Enabling and activating the function The function "external STOPs" is enabled and activated via the following machine data: * Enabling the function MD 36901/1301: $MA_/$MD_SAFE_FUNCTION_ENABLE (enables safety-relevant functions) Bit 0: Enable SBH/SG (see note) Bit 6: Bit 4: Enable external STOPs Enable external STOP E Note * In addition to enabling of the function "external STOPs", function SBH/SG must also be enabled as a minimum requirement. * The external STOP E must be enabled with bit 4 = 1 in addition to bit 6 "enable external STOPs". Assigning to an input terminal and/or system variable In order to trigger a stop via the NCK monitoring channel an input terminal or a system variable must be assigned to the stop request. Assigning to the input terminals This assignment is configured using the following machine data: MD 36977: $MA_SAFE_EXT_STOP_INPUT[n]: (input assignment, external stop request) with n = 0, 1, 2, 3. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-77 3 Safety-Related Functions 3.2 External STOPs 11.03 Note * For stopping types that are not used, the assignment must be inverted by parameterizing MD 36977[n] accordingly. They are set to signal "1" and are permanently "inactive". Exception: * STOP E is interlocked by its own enable signal. A Stop E can also be initiated as an error response to a crosswise data comparison of NCK and PLC-SPL or for PROFIsafe errors, instead of a Stop D. Parameterization on the NCK side is carried-out via MD10097: $MN_SAFE_SPL_STOP_MODE=4, of the PLC side via DB18, DBX36.1=1. This parameterization is checked in the crosswise comparison between PLCSPL and NCK-SPL (refer to Chapter 3.10 "Safe programmable logic"). If the value 4 is parameterized in MD10097, without enabling the external Stop E in all axes with SI function enable, Alarm 27033 is output for all of these axes. SGEs to stop the drive The following SGEs are available to stop the drive: Table 3-10 SGEs to stop the drive SGE Stop type Priority De-selection ext. STOP A (= SH de-selection) Pulse cancellation High De-selection ext. STOP C Braking with nset = 0 ... De-selection ext. STOP D Braking along the path ... De-selection ext. STOP E ESR is initiated Low Notes: SGE "..." " = 1 Stopping is not triggered (de-selected) SGE "..." " = 0 Stopping is triggered (selected) If a stop request is selected via several SGEs simultaneously, the request with the highest priority is executed. If one of these SGEs is changed, the "tolerance time" for SGE switchover is activated (MD 36950/1350). Checkback signals: for SGE "de-select ext. STOP A": via SGA "status pulses cancelled" and SGA "STOP A active" for SGE "de-select ext. STOP C": via SGA "STOP C active" and SGE "de-select ext. STOP D": via SGA "STOP D active" and SGE "de-select ext. STOP E": via SGA "STOP E active" 3-78 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.2 External STOPs Differences between stopping via internal STOP A, C, D and external STOP A, C, D via SGEs The internal stop responses STOPS A (pulse cancellation), STOP C (braking with nset = 0) and STOP D (braking along a path) triggered by safe monitoring functions brake the drive accordingly and also trigger an alarm that must be acknowledged with power on or reset. When an external STOP is triggered, only STOP A or braking of the drive (STOP C or STOP D) is triggered and monitored through two channels. Other responses are only triggered if monitoring thresholds, that are still active, are violated. Note Acknowledging a stop request Effects of the stop responses on other axes/spindles * Alarms are not displayed for an external STOP, i.e., the user must configure his own message. * An external STOP E in contrast to the other external stops, results in Alarm 27020, which can only be acknowledged with a reset. The program cannot be directly continued, since the axis was retracted from the desired contour by the configured ESR. The reset required must also be considered during the test stop sequence. When a stop type has been requested it can be canceled by one of the following events via SGE: * De-selection of the stop request * Selection of a stop request via SGE with a higher priority * Receipt of a higher priority stop request (STOP A, B, C, or D) from the internal monitoring When a stop response is triggered, it has the following effect on all of the other axes in the same channel: STOP E: extended stop and retraction is initiated STOP D: braking along a path STOP C: IPO rapid stop (braking at the current limit) STOP A: IPO rapid stop (braking at the current limit) The effect on other axes in the channel can be influenced via the MD $MA_SAFE_IPO_STOP_GROUP. In this way the pulses of a spindle, for example, can be safely canceled (via external STOP A) so that the spindle can be manually turned and the axes moved while still being safely monitored. STOP C before SW 6.3.21 $MA_SAFE_IPO_STOP_GROUP = 0 All axes of the channel decelerate at the current limit. C from SW 6.3.21 Axes that interpolate with the affected axis brake at the current limit. All other axes brake along the parameterized braking ramp. Axes/spindles brake along the path or along the parameterized braking ramp. D $MA_SAFE_IPO_STOP_GROUP = 1 Axes that interpolate with the affected axis brake at the current limit. All other axes do not brake. Axes that interpolate with the affected axis brake at the current limit. All other axes do not brake. Axes that interpolate with the affected axis brake along the parameterized braking ramp. All other axes do not brake. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-79 3 Safety-Related Functions 3.2 External STOPs STOP E 3.2.1 11.03 $MA_SAFE_IPO_STOP_GROUP = 0 ESR enabled and active $MA_SAFE_IPO_STOP_GROUP = 1 ESR is initiated ESR neither active nor enabled After a maximum delay time of 2 interpolation cycles, the behavior as described for STOP D is initiated. Test stop for external STOPs Test stop for external STOPs The introduction of another method for activating STOP A, C, D and E via SGEs means that it is also necessary that this branch is subject to a forced checking procedure. The test stop of external STOPs is divided into the following phases: * Phase 1 The shutdown path is tested as usual (refer to Chapter 3.1.3, "Testing shutdown paths"). Correct functioning of safe pulse cancellation is tested. Successful completion of this phase is signaled as follows: - For the NCK monitoring channel: A positive checkback signal is returned in the form of a 0/1 edge from SGE "status pulses cancelled" - For the drive monitoring channel: Positive checkback is indicated by the SGA "status pulses cancelled" * Phase 2 Once the safe pulse cancellation has been checked for both channels in phase 1, in phase 2 it is sufficient to test the reliability of the SGE stop requests. The procedure is as follows: All externally wired/used stop SGEs are switched one after the other in each channel and the positive response evaluated via the associated SGA "STOP x is active". Note Phase 2 only has to be performed if the function "external STOPs" (via MD 36901/1301) is enabled. Only the enabled and activated external stop functions have to be tested. 3-80 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.2 External STOPs Phase 1 Phase 2 SGE "Deselect ext. STOP D" SGA "STOP A/B is active" SGE "Deselect ext. STOP C" SGA "STOP C is active" SGE "Deselect ext. STOP A" SGA "STOP A/B is active" EXT_01.DSF Fig. 3-11 Sequence, test stop for external STOPs Example: The external STOPs D, C and A are used Which SGEs/SGAs are required for the test stop of external STOPs? The following SGEs/SGAs can be used to perform the test stop for external STOPs: Table 3-11 NCK monitoring channel SGEs/SGAs for test stop, external STOPs Phase 1 Phase 2 NCK-SGE "test stop selection" NCK-SGE "de-select ext. STOP A" NCK-SGE "status pulses cancelled" NCK-SGA "STOP A/B is active" NCK-SGA "pulses enabled" NCK-SGE "de-select ext. STOP C" NCK-SGA "STOP C is active" NCK-SGE "de-select ext. STOP D" NCK-SGA "STOP D is active" Drive monitoring channel PLC-SGE "test stop selection" PLC-SGA "status pulses cancelled" NCK-SGE "de-select ext. STOP E" NCK-SGA "STOP E is active" PLC-SGE "de-select ext. STOP A" PLC-SGA "STOP A/B is active" PLC-SGE "de-select ext. STOP C" PLC-SGA "STOP C is active" PLC-SGE "de-select ext. STOP D" PLC-SGA "STOP D is active" PLC-SGE "de-select ext. STOP E" PLC-SGA "STOP E is active" SGE De-select ext. STOP A "Pulse cancellation" can be requested and executed via this SGE from both monitoring channels. The safe functions currently active (SG/SBH/SN/SE) are not influenced by this SGE. If one of the limits currently active is violated an alarm is triggered. The associated switch-off response cannot be activated because the pulses have already been cancelled. As soon as the stop request is canceled via SGE "deselect ext. STOP A" any queued stop responses become active. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-81 3 Safety-Related Functions 3.2 External STOPs 11.03 If a stop request is active, SGA "STOP A/B is active" is set in the same way as it would be for an internally triggered STOP A. 0 signal: 1 signal: SGE De-select ext. STOP C "Pulse cancellation" requested "Pulse cancellation" not requested This SGE requests "braking with nset = 0" (braking at the current limit). When this stopping type is triggered the safe braking ramp (SBR) is activated. In addition, the time set in MD36952/1352: $MA_/$MD_SAFE_STOP_SWITCH_TIME_C (transition time STOP C to safe operating stop) is started. When this time has elapsed the system automatically switches over to SBH. If a stop request is active, SGA "STOP C is active" is set in the same way as it would be for an internally triggered STOP C. 0 signal: 1 signal: "Braking with nset = 0" requested No request for "braking with nset = 0" Note Stopping with external STOP A (pulse cancellation) has a higher priority and can interrupt an external STOP C (braking at the current limit). SGE De-select ext. STOP D "Braking along a path" can be requested via this SGE. When ext. STOP D is triggered, the time set via MD 36953/1353 $MA_/ $MD_SAFE_STOP_SWITCH_TIME_D (transition time STOP D to safe operating stop) is started. When this time has elapsed the system automatically switches over to SBH. If a stop request is active, SGA "STOP D is active" is set in the same way as it would be for an internally triggered STOP D. 0 signal: 1 signal: "Braking along a path" is requested "Braking along a path" not requested Note Stopping with an ext. STOP A (pulse cancellation) and ext. STOP C (braking at the current limit) has a higher priority and can interrupt an ext. STOP D (braking along a path). SGE De-select ext. STOP E (SW 6.4.15 and higher) 3-82 STOP E only produces a different response than STOP D if the user has configured the ESR function (extended stop and retract) and initiation of the ESR is programmed depending on $VA_STOPSI or $A_STOPESI. If no ESR is active, the STOP E behaves like a STOP D. If the ESR configuration is incorrect however, there is a delay of up to 2 IPO cycles compared to STOP D until the braking operation is initiated. After these times have expired, braking is initiated at the current limit. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.2 External STOPs An external STOP E in contrast to the other external stops, results in Alarm 27020, which can only be acknowledged with a reset. The program cannot be directly continued, since retraction from the desired contour was executed by the configured ESR. The reset required must also be considered during the test stop sequence. SGA STOP A/B active This signal indicates that STOP A/B is active. The signal must be used for the forced checking procedure for external STOPs. 0 signal: 1 signal: SGA STOP C active This signal indicates that STOP C is active. The signal must be used for the forced checking procedure for external STOPs. 0 signal: 1 signal: SGA STOP D active STOP D is not active STOP D is active This signal indicates that STOP E is active. The signal must be used for the forced checking procedure for external STOPs. 0 signal: otherwise: Combinations for external STOPs STOP C is not active STOP C is active This signal indicates that STOP D is active. The signal must be used for the forced checking procedure for external STOPs. 0 signal: 1 signal: SGA STOP E active STOP A/B is not active STOP A/B is active STOP E is not active STOP E is active For SGEs "de-select ext. STOP A", "de-select ext. STOP C", "de-select ext. STOP D" and "de-select ext. STOP E" the following input bit combinations are possible: Table 3-12 Deselection ext. STOP E x x x 1 0 Input bit combinations SGE DeDeDeselection selection selection ext. ext. ext. STOP D STOP C STOP A x x 0 x 0 1 0 1 1 1 1 1 1 1 1 Description "Pulse cancellation" is triggered "Brake with nset=0" is triggered "Braking along a path" is triggered External STOPS are not selected "ESR" is initiated (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-83 3 Safety-Related Functions 3.2 External STOPs 3.2.2 11.03 Overview of the machine data for the "external STOPs" function Overview of MD for 840D Table 3-13 Number 36977 36901 36990 Overview of machine data for 840D Name $MA_SAFE_EXT_STOP_INPUT[n]; n = 0 ... 3 n = Associated stop 0 = "De-select ext. STOP A" (pulse cancellation) 1 = "De-select ext. STOP C" (braking along a current limit) 2 = "De-select ext. STOP D" (braking along a path) 3 = "De-select ext. STOP E" (ESR) $MA_SAFE_FUNCTION_ENABLE (enable safety-relevant functions) Bit 0: Enable SBH/SG Bit 3: Enable actual value synchronization Bit 4: Enable external ESR activation Bit 6: Enable external STOPs $MA_SAFE_ACT_STOP_OUTPUT[n]; n = 0 ... 3 n = Associated status (on level 1): 0 = "STOP A/B is active" 1 = "STOP C is active" 2 = "STOP D is active" 3 = "STOP E is active" Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-14 Number 1301 Overview of machine data for 611 digital Name $MD_SAFE_FUNCTION_ENABLE (enable safety-relevant functions) Bit 0: Enable SBH/SG Bit 3: Enable actual value synchronization Bit 4: Enable external ESR activation Bit 6: Enable external STOPs Note: Data is described in Chapter 4, "Machine data for SINUMERIK 611digital" 3-84 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.3 Safe standstill (SH) 3.3 Safe standstill (SH) Description The "safe standstill" function is based on the pulse cancellation function integrated in the drive modules of the SIMODRIVE 611A/D (start inhibit). References: /PJ1/, Planning Guide SIMODRIVE 611 A second pulse shutdown path has been added to the existing pulse cancellation function on the SIMODRIVE 611 digital Performance and Standard 2 closed-loop control. The safe standstill function safely disconnects the energy feed to the motor in the event of a fault or in connection with a machine function. A safe standstill is executed in two channels, i.e. by de-energizing an internal relay via a signal path of the drive bus on the one hand and by de-energizing terminal 663 on the drive module on the other. The two-channel checkback signal is also realized on one hand via the drive bus and on the other hand via the drive terminals AS1/AS2. From NCU software release 06.03.30, the pulse enable can also be read-back internally for all control modules. This means that it is not necessary to read back signals from terminal AS1/AS2. ! Function features Prerequisites Selecting/ de-selecting SH Caution The machine manufacturer must take all of the appropriate measures to prevent any motion after the energy feed to the motor has been disconnected (e.g. to prevent suspended/vertical axes from dropping). The main features of the safe standstill function are as follows: * The motor cannot be started unintentionally or by accident * The energy feed to the motor is safely disconnected * The motor is not electrically isolated from the drive module The safe standstill function requires the following SW and HW (refer to Chapter 2.9, "System prerequisites"): * 611 digital Performance control module * 611 digital Standard 2 control module * High Standard * High Performance * Software version with SI The "safe standstill" function corresponds to an external STOP A. This makes it possible to explicitly select SH not only via internal events (STOP A with limit value violation etc.), but also via SGE. * Safe standstill is activated after STOP A. * Safe standstill is automatically activated from each monitoring channel (via single channel) when testing the shutdown paths. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-85 3 Safety-Related Functions 3.4 Safe operating stop (SBH) Important ! 3.3.1 11.03 After the machine has been powered-up, the "safe standstill" function must always be tested with Safety Integrated for all axes/spindles by testing the shutdown path. Overview of the machine data for the SH function Overview of MD for 840D Table 3-15 Overview of machine data for 840D Number Name 36956 $MA_SAFE_PULSE_DISABLE_DELAY 36957 $MA_SAFE_PULSE_DIS_CHECK_TIME 36960 $MA_SAFE_STANDSTILL_VELO_TOL 36976 $MA_SAFE_PULSE_STATUS_INPUT 36986 $MA_SAFE_PULSE_ENABLE_OUTPUT Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-16 Overview of machine data for 611 digital Number Name 1356 $MD_SAFE_PULSE_DISABLE_DELAY 1357 $MD_SAFE_PULSE_DIS_CHECK_TIME 1360 $MD_SAFE_STANDSTILL_VELO_TOL Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" 3.4 Safe operating stop (SBH) Description The purpose of the SBH function is to safely monitor the standstill position of an axis/spindle operating in the closed-loop position or speed controlled mode. When SBH is active (SGA "SBH active" = 1), operating personnel can, for example, enter protected machine areas in the set-up mode without first having to power-down the machine. An incremental encoder is sufficient to implement the function. The axis/spindle is monitored for a change in the actual position value... Function features Standstill tolerance 3-86 The features of the SBH function are as follows: * The axis remains in closed-loop control * Parameterizable standstill tolerance window * Stop response after SBH has responded is STOP B. The standstill of the axis/spindle is monitored via a standstill tolerance window that is parameterized using the following machine data: For 840D MD 36930: $MA_SAFE_STANDSTILL_TOL For 611 digital MD 1330: $MD_SAFE_STANDSTILL_TOL (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.4 Safe operating stop (SBH) Note The size of the standstill tolerance window should be based on the standard standstill (zero speed) monitoring limit and should exceed it slightly in either direction. The standard monitoring functions in the control system are otherwise rendered ineffective. |v| Still_01.DS4 Standstill tolerance Fig. 3-12 Prerequisites 3.4.1 = = s (Actual value) Standstill tolerance The following prerequisites must be fulfilled (refer to Chapter 2.8, "System requirements"): * The option and the function enable in the axis-specific machine data must be present * The SGEs "SBH/SG de-selection" and "SBH de-selection" must be supplied in the NCK and drive monitoring channels. Selecting/de-selecting safe operating stop Selecting SBH The safe operating stop function is selected via the following SGEs: Table 3-17 Selecting/de-selecting SBH SGE SGA SBH/SG SBH SBH Meaning 1) de-selection de-selection active =1 x 0 SBH and SG are de-selected =0 =0 1 SBH is selected =0 =1 0 SG is selected (refer to Chapter 3, "Safelyreduced speed (SG)"), Note: 840D from SW4.2 x AE The signal state is as required 1) For SINUMERIK 840D, from SW4.2 onwards, the SG limit value SG2 and SG4 can be finely graduated using the SG override (refer to Chapter 3.5.6, "Override for safelyreduced speed". The active SG stage is displayed via SGA "SGA active bit 0" and "SGA active bit 1". (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-87 3 Safety-Related Functions 3.4 Safe operating stop (SBH) 11.03 Note If a "safely-reduced speed" was not active prior to the selection of SBH, any moving axis/spindle is stopped with STOP B/A. The actual status of the function is displayed via the SGA "SBH active". The SGEs and SGAs are described in Chapter 3.9, "Safety-relevant input/output signals (SGE/SGA)". Internal control request for SBH When the SG or SE responds (STOP C or D), the drive is switched to the safe operating stop state internally in the control. In such cases, the external circuit state of the SGEs (SBH/SG de-selection and SBH de-selection) is ignored and both are internally set to "0". Selecting SBH from SG The changeover from safely-reduced speed to the safe operating stop is initiated via the SGE "SBH de-selection". A delay time that is parameterized in the following machine data is simultaneously started with the changeover to SBH (signal "SBH de-selection"=0): For 840D MD 36951: $MA_SAFE_VELO_SWITCH_DELAY For 611 digital MD 1351: $MD_ SAFE_VELO_SWITCH_DELAY SBH is activated as soon as the delay time expires. Note If the SBH function is selected while an axis/spindle is moving, the machine manufacturer must initiate the braking process such that the axis/spindle is in position, i.e. stationary, after the delay time has expired. This can be performed automatically via the function "setpoint velocity limiting". If the axis moves out of the standstill tolerance window after the delay has expired, an alarm is generated (for 840D: 27010, for 611 digital: 300907) and STOP B/A initiated! 3-88 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.4 Safe operating stop (SBH) v SGn Vact a) a) Initiation of braking t SGE "SBH desel." SGn is active Delay time speed switchover SBH is active Braking time Timer running Fig. 3-13 De-selecting SBH SG_SBH.DS4 Timing when selecting SBH from SG The safe operating stop state can be de-selected with SGE "SBH/SG deselection" (="1" signal), resulting in general de-activation of SBH and SG. The SBH function is also de-selected when the SG function is selected via the SGE "SBH de-selection". Note The delay time must be selected as a function of the distance to the hazardous location. The speeds to be taken into account in this respect are stipulated in Standard DIN EN999. SGA "SBH active" If this SGA is set, then safe operating stop (SBH) is active, i.e. the axis is safely monitored for zero speed. This signal can be used, for example, to implement protective door interlocks. Configuring NCK SGAs NCK SGA "SBH active" is configured using the following machine data: For 840D MD 36981: $MA_SAFE_SS_STATUS_OUTPUT (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-89 3 Safety-Related Functions 3.4 Safe operating stop (SBH) 3.4.2 11.03 Effects when the limit is exceeded for SBH If the axis/spindle is being monitored (SGA "SBH active" = 1) and leaves, for example, the standstill tolerance window as the result of an external influence or an undefined setpoint input, the effects are as follows: Effects Time response when a limit value is violated * The axis switches to STOP A/B configured using the following MDs: For 840D 36956: $MA_SAFE_PULSE_DISABLE_DELAY for 611 digital 1356: $MD_SAFE_PULSE_DISABLE_DELAY and for 840D 36960: $MA_SAFE_STANDSTILL_VELO_TOL for 611 digital 1360: $MD_SAFE_STANDSTILL_VELO_TOL * An alarm is generated (for 840D: 27010, for 611 digital: 300907) The time response of the system is as follows if the limit value is violated when the safe operating stop function is active: n Creep speed c) Start of stop reaction sequence d) Transition from STOP B to STOP A (pulse disabling) STOP B Tolerance exceeded b) Error a) = = STOP A d) s Standstill tolerance not to scale t1 t t2 t3 t4 t6 t5 t7 t8 STILL_02.DS4 Fig. 3-14 3-90 t9 Timing when the limit value is exceeded with active SBH (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.4 Safe operating stop (SBH) Table 3-18 Time t1 t2 t3 t4 t5 t6 Explanations of Fig. 3-14 Explanation Position controller clock cycle defined by the following MDs: For 840D: MD 10050: $MN_SYSCLOCK_CYCLE_TIME MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO Monitoring clock cycle defined by the following MDs: For 840D: MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME Time until standstill tolerance value is violated Time until standstill tolerance value is detected (maximum 1 one monitoring clock cycle) Response time required to initiate the configured stop response (maximum 2 monitoring clock cycles) Time until the stop response sequence starts (time = 0, depends on configured stop response, refer to Chapter 2, "Stop responses") Time required to reach the shutdown speed with STOP B. Time required to stop the axis with STOP B. Time required to stop the axis with STOP A. t7 t8 t9 Note: Each axis must be measured during start-up to determine the distance it travels between violation of the limit value and coming to a standstill. 3.4.3 Overview of the machine data for the SBH function Overview for 840D Table 3-19 Overview of machine data for 840D Number Name 36901 $MA_SAFE_FUNCTION_ENABLE 36930 $MA_SAFE_STANDSTILL_TOL 36951 $MA_SAFE_VELO_SWITCH_DELAY 36956 $MA_SAFE_PULSE_DISABLE_DELAY 36960 $MA_SAFE_STANDSTILL_VELO_TOL 36970 $MA_SAFE_SVSS_DISABLE_INPUT 36971 $MA_SAFE_SS_DISABLE_INPUT 36980 $MA_SAFE_SVSS_STATUS_OUTPUT 36981 $MA_SAFE_SS_STATUS_OUTPUT (ab SW4.2) Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-20 Overview of machine data for 611 digital Number Name 1301 $MD_SAFE_FUNCTION_ENABLE 1330 $MD_SAFE_STANDSTILL_TOL 1351 $MD_SAFE_VELO_SWITCH_DELAY 1356 $MD_SAFE_PULSE_DISABLE_DELAY 1360 $MD_SAFE_STANDSTILL_VELO_TOL Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-91 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) 11.03 3.5 Safely-reduced speed (SG) The purpose of the SG function is to safely monitor the load-side speed of an axis or spindle. The actual speed of the axis/spindle is compared with the speed limit value selected via SGEs. The speed limit values are defined in the following machine data. Description For 840D MD 36931: $MA_SAFE_VELO_LIMIT[n] For 611 digital MD 1331: $MD_SAFE_VELO_LIMIT[n] The speed limit values for SG1, SG2, SG3 or SG4 allow various applications/operating states on the machine to be monitored. The safelyreduced speed function can therefore be used to implement protection for the operating personnel and machine in the setting-up mode or in automatic operation. Important ! The user must be careful to select the correct gear ratio for axes with selector gearbox. The features of the SG function are as follows: Features of the function * Safe monitoring of load-side speed limit values * Monitoring limit values are adapted to various operating states (e.g. test, setting-up, automatic modes) * Configurable stop response after the SG responds. The following prerequisites must be fulfilled (refer to Chapter 2.8, "System requirements"): Prerequisites Specifying velocities and speeds * Option and functions must be enabled in the axis-specific machine data * The SGEs "SBH/SG de-selection" and "SBH de-selection" must be configured. The requirements regarding speeds and velocities that are stipulated for individual processes (e.g. milling, turning, grinding, etc.) vary depending on standards (e.g. ISO 11161) or activities relating to standards (e.g. CEN TC 143). As an example, standards could be stipulated for the setting-up mode as follows: "Safely-reduced speed" at 2 m/min for feed drives or 50 rev/min for spindle drives or standstill within 2 revolutions. The machine manufacturer must parameterize SI in such a way as to ensure full compliance with the EC Machinery Directive. The relevant standards provide the necessary guidelines. Quantities that influence the parameterization include, e.g. the drive dynamic response, the set parameter with its delay times, electrical and mechanical ratios and all of the mechanical properties and characteristics. The interrelationships between the drive dynamic response and internal delay times of SI are shown in Fig. 3-7 "Timing when exceeding the limit value for SG". 3-92 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Speed monitoring, encoder limit frequency 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) When SBH/SG is active in a configuration with 1 encoder, the speed is monitored to ensure that it does not exceeded a maximum encoder limit frequency. An appropriate alarm is output when the limit is exceeded. Depending on the number of encoder pulses, the limit values are as follows for a ratio of e.g. motor : load = 1 : 1: Table 3-21 Encoder limit frequency and speed Encoder pulses/rev. Speed at maximum encoder limit frequency 200 kHz 300 kHz 420 kHz 2 048 5.800 rpm 8.700 rpm 12.300 rpm 1 024 11.600 rpm 17.400 rpm 24.600 rpm 512 22.200 rpm 34.800 rpm 49.200 rpm Note: 1) 840D SW 3.6 and higher Parameterizable encoder limit frequency (SW 6.3.30 and higher) Machine data 36926: $MA_SAFE_ENC_FREQ_LIMIT can be used to set a limit frequency. The maximum value is 420 kHz, the lower limit and default value is 300 kHz. This MD is set-up for each monitoring channel. MD 1326 is effective in the drive: $MD_SAFE_ENC_FREQ_LIMIT. The values in this MD are incorporated in the crosswise data comparison of the monitoring channels. Note Changes to this MD may only be made, carefully taking into account the prevailing conditions. This functionality is only supported by 611digital Performance 2 control modules, High Standard and High Performance. Changing the MD values for an axis with a Standard 2 or Performance 1 control module results in Alarm 27033 "Axis %1 Defect in a monitoring channel, Code %2, Values: NCK %3, Drive %4". The 300 kHz limit still applies for these axes. Limitations The following secondary conditions/limitations are specified: 1. Cables to be used: Siemens cable, Order No. [MLFB]: 6FX8002-2CA31-1CA0 2. Maximum permissible encoder cable length: 20 m 3. Encoder characteristics: "-3dB cutoff frequency" greater than or equal to 500 kHz Examples for encoder used: ERA 180 with 9000 pulses/rev and ERA 180 with 3600 pulses/rev from Heidenhain 4. The amplitude monitoring is active up to 420 kHz. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-93 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) 3.5.1 11.03 Selecting/de-selecting the safely-reduced speed The following SGEs are used to select SG: Selecting SG Table 3-22 Selecting/de-selecting SG SGE SBH/SG SBH Meaning de-selection de-selection =1 x SBH and SG are de-selected =0 =0 SBH is selected (refer to Chapter 3, "Safe operating stop (SBH)") =0 =1 SG is selected Note: x AE Any signal state Note The current status of the function is displayed using the SGA "SBH/SG active" and SGA "SBH active". Before the SG function is activated, it must be ensured that the speed of the axis/spindle is lower than the selected speed limit value. If it is higher, an alarm is generated that causes the drive to be shut down. The SGEs and SGAs are described in Chapter 3.9, "Safety-relevant input/output signals (SGE/SGA)". Selecting speed limit values The maximum permissible speed of an axis/spindle in the setting-up mode is defined for individual machine types in the C Standards (product standards). The machine manufacturer is responsible for ensuring that the correct speed limit value is selected as a function of operating mode and application. The required speed limit value is selected as follows by combining the following SGEs: Table 3-23 Selecting speed limit values for the SGs SGE SG selection SG selection Meaning Bit 1 Bit 0 =0 =0 Speed limit value for SG1 active 1) =0 =1 Speed limit value for SG2 active =1 =0 Speed limit value for SG3 active 1) =1 =1 Speed limit value for SG4 active Note: 1) For SINUMERIK 840D system with SW 4.2 and higher, the SG limit value SG2 and SG4 can be set in finer steps using the SG override (refer to Chapter 3.5.6, "Override for safely-reduced speed"). The active SG stage is displayed via SGA "SGA active bit 0" and "SGA active bit 1". Changing the speed limit values The changeover from a lower to a higher speed limit value takes effect without delay. When changing-over from a higher to a lower limit value, then a delay time is started that is parameterized using the machine data (refer to Fig. 3-6, "Timing when changing over from a higher to a lower speed limit value). 3-94 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) For 840D MD 36951: $MA_SAFE_VELO_SWITCH_DELAY For 611 digital MD 1351: $MD_SAFE_VELO_SWITCH_DELAY The axis/spindle must be braked sufficiently during the delay time so that it has reached the reduced speed that is below the new limit value when the delay time expires. However, if the actual speed is higher than the new limit value when the time has expired, an appropriate alarm is output with the configurable stop response. v SG1 V1 a) Initiation of braking SG2 V2 t SGEs for SG1 SGEs for SG2 Delay time speed switchover SG1 is active SG2 is active Braking time Timer running Fig. 3-15 De-selecting SG ! SGH_SGN.DS4 Timing when changing-over from a higher to a lower speed limit value The SG function can be de-selected at any speed by activating the SGE "SBH/SG de-selection". Warning The delay time must be selected as a function of the distance to the hazardous location. The speeds to be taken into account (speeds at which hands/arms are moved for arranging protective equipment) are stipulated in Safety Standard DIN EN999. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-95 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) 3.5.2 11.03 Limiting the setpoint speed In order to limit the setpoint speed as a function of the active safety monitoring, MD 36933: $MA_SAFE_DES_VELO_LIMIT is specified. This machine data is not included in the axial checksum MD 36998: $MA_SAFE_ACT_CHECKSUM, so that changes can be made to the MD for the acceptance test without having to change the checksum again. 3-96 MD = 0%: Setpoint limiting not active MD > 0%: Setpoint limiting = active SG limit multiplied by MD value For SBH setpoint limit = 0 MD = 100%: Setpoint limiting = active SG limit For SBH setpoint limit = 0 * The function is effective in one channel in the NCK interpolator. The safety monitoring channel provides a limit value which corresponds to the selected safety monitoring type. * The function influences both axes and spindles. * The active setpoint limit can be viewed in the safety service display: Display value = -1. corresponds to "setpoint limiting not active" Display value >= 0. corresponds to "setpoint limiting active" * The setpoint limit is changed over when the SGEs are changed over: SGE "SBH/SG de-selection" SGE "SBH de-selection" SGEs "Active SG stage, bit 0, 1" SGEs "SG override, bit 0, 1, 2, 3" Beyond that, internal changeover operations in SBH take effect as the result of a stop response (stop D, C, E) * When a changeover is made via SGEs, the states of both monitoring channels are viewed to take into account differences in the times. This results in the following rules: 1. Changing-over from non-safe operation in SG/SBH There is no delay (VELO_SWITCH_DELAY), so that this changeover must always be performed at zero speed or below the defined SG limit. 2. Changing-over from SGx to SGy a) SGx > SGy (braking): A lower setpoint is entered as soon as changeover is detected in one of the two channels. B) SGx < Sgy (acceleration): A higher setpoint is only entered if both channels have changed over. 3. Changing-over from SG to SBH (braking) A lower setpoint (= 0) is entered as soon as the changeover has been detected in one of the two channels. 4. Changing-over from SBH to SG (acceleration) A higher setpoint is only entered if both channels have changed over. 5. Changing over from SBH/SG into non-safe operation (acceleration) A higher setpoint is only entered if both channels have changed over. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) * Effect of the function in the NCK interpolator: Setpoint limiting is active in both AUTO and JOG modes. When changing over when traversing/moving to higher safely-reduced speeds, the position control loop should be set so that it does not overshoot, so that a sudden setpoint limit change does not cause the monitoring to respond on the actual value side. When transformation is active, safety setpoint limits, axially effective in the interpolator are reduced by the transformation itself depending on the actual position. Note There are no restrictions for motion from synchronous actions. 3.5.3 Safely-reduced speed when using selector gearboxes Using selector gearboxes The following points must be noted for spindles with selector gearboxes. * When a 1-encoder system is used, gear ratios (gear stage selection) must be selected via two channels (refer to Chapter 3, "Example of application for safe sensing of gear ratios"). * The user agreement (if set) is canceled during a gear change and the SGA "axis safely referenced" set to "0". When the gearbox stage is selected via PLC and/or by selecting a new ratio, a gear shift is detected using SGEs. * The spindle must be re-synchronized after a gear change. * The user must bring the spindle into the "axis safely referenced" state if the "safe cams" function is used. * The value for the actual value comparison tolerance (crosswise) must be set higher than the oscillation actual value when in the oscillation mode. For 840D MD 36942: $MA_SAFE_POS_TOL For 611 digital MD 1342: $MD_SAFE_POS_TOL * When changing over from a high to a lower speed limit value, a delay timer is started. While this timer is running, the speed is monitored for violation of the last valid speed limit value. When changing-over from a low to a high speed limit value, the higher limit becomes effective immediately. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-97 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) 11.03 Note Changing the gear ratio, parking an axis or making changes to the mounted equipment (e.g. replacing an encoder or motor) means decoupling the load and encoder. This cannot be detected by the NC and drive. The "axis safely referenced" state is then lost. The user is responsible for ensuring that the axis is returned to the "axis safely referenced" state if the functions "safe software limit switch" or "safe cams" are used. 3.5.4 Effects when the limit value is exceeded for SG When the selected speed limit is violated, a stop response configured in the following machine data is generated: Configurable stop response MD 36961: $MA_SAFE_VELO_STOP_MODE MD 36963: $MA_SAFE_VELO_STOP_REACTION[n] For 611 digital MD 1361: $MD_SAFE_VELO_STOP_MODE MD 1363: $MD_SAFE_VELO_STOP_REACTION[n] Note Timing when the limit value is violated 3-98 * An alarm is displayed (for 840D: 27011, for 611 digital: 300914). After the cause of the error has been eliminated, the alarm can be acknowledged with RESET. The monitoring function is then active again. * Depending on the selected monitoring clock cycle, the dynamic drives may cause a brief increase in speed on the monitored axis/spindle before the stop response sequence commences. * In traversing modes which use a transformation with singularity points (e.g. 5-axis transformation and TRANSMIT), relatively high axial speeds occur at these points. These speeds can initiate stop responses even though the Cartesian motion of the tool center point (TCP) is below the selected speed limit value. The monitoring functions provided by SI are basically axis-specific. This means that it is not possible to monitor the TCP directly. When the safely-reduced speed function is active, then the timing is as follows when the limit value is violated: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) c) Commencement of stop reaction n SG n act Limit value exceeded b) SG_03.DS4 Error a) t1 t t2 not to scale t3 t4 t6 t5 t7 Fig. 3-16 Timing when the limit value is exceeded with active SG Table 3-24 Explanations of the Fig. Time Explanation t1 Position control clock cycle defined by the following MDs: MD 10050: $MN_SYSCLOCK_CYCLE_TIME MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO t2 Monitoring clock cycle defined by the following MDs: MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME t3 Time between an error occurring and a limit value being violated t4 Time until the violation of a limit value is detected (maximum 1.5 monitoring clock cycles) t5 Response time required to initiate the configured stop response (maximum 2.5 monitoring clock cycles) t6 Time until the stop response sequence starts (time = 0, depends on configured stop response, refer to Chapter 2, "Stop responses") t7 Time required to bring the axis to standstill. This time period and thus the residual distance traveled by the axis is determined by the axis design (motor, mass, friction, ...) and the configured stop response (STOP C is faster than STOP D). Note: Each axis must be measured during start-up to determine the distance it travels between violation of the limit value and coming to a standstill. 3.5.5 SG-specific stop responses Configurable SG-specific stop responses Using the configurable SG-specific stop response, a suitable braking behavior can be set for every SG stage in-line with the application when the particular speed limit value is exceeded. Example of possible setting: Level SG2 is active with configured stop response STOP C in the setting-up mode and level SG4 is active with configured stop response STOP D in the automatic mode. Activating The function is active whenever MD 36961/1361: $MA_/$MD_SAFE_VELO_STOP_MODE = 5. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-99 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) SG-specific stop responses can be set using the following machine data: Setting the configurable SG-specific stop responses 3.5.6 11.03 For 840D MD 36963: $MA_SAFE_VELO_STOP_REACTION[n] (SG-specific stop response) For 611 digital MD 1363: $MD_SAFE_VELO_STOP_REACTION[n] Override for safely-reduced speed Using SGEs it is possible to specify 16 SG override stages for the limit values of safely-reduced speeds 2 and 4. This allows the limit values for SG2 and SG4 to be monitored in finer steps. An override stage can be assigned factors of between 1 and 100% using the following machine data: General For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n] (override factor safely-reduced speed) For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n] Application For grinding applications, the limit value for the safely-reduced speed can be adjusted to the variations in the grinding wheel peripheral speed by means of the SG override. Activating The following prerequisites must be fulfilled before the function can be used: Changing-over between SG overrides * Function is enabled via MD 36901(MD 1301): $MA($MD)_SAFE_FUNCTION_ENABLE, bit 5 * The "SBH/SG" monitoring function is enabled * The required SGEs "SG override selection, bits 3, 2, 1, 0" are fully or partially configured * SG override factors have been set in the corresponding machine data * Safely-reduced speed 2 or 4 is activated. SG override values are changed over subject to the same conditions as those applied to speed limit values. Table 3-25 Changing over SG override values Changeover Description from lower to higher Instantaneous from higher to lower A delay timer parameterized in MD 36951/MD 1351 is started. The axis/spindle must be braked within this delay time. Note: Refer to Chapter 3.5.1, "Selection/de-selection of safely-reduced speed" Note Changing between SGEs "SG override selection, bits 3, 2, 1, 0" continuously and quickly may initiate STOP F. 3-100 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) Selecting SG overrides Table 3-26 SG Selection Bit 1 =0 =0 The active speed limit value (SG 1, 2, 3 or 4) is selected via SGEs "SG selection bits 1 and 0". The desired override is selected by combining SGEs "Override selection bits 3, 2, 1 and 0". The override is only valid for the speed limit value for SG2 and SG4. Selecting SG override values for safely-reduced speeds SGE SG SG SG SG SG Selection Override Override Override Override Bit0 Selection Selection Selection Selection Bit 3 Bit 2 Bit 1 Bit 0 =0 x x x x =1 =0 =0 =0 =0 Meaning Speed limit value for SG1 active Speed limit value for SG2 active with override 0 -"=0 =0 =0 =1 ... with override 1 -"=0 =0 =1 =0 ... with override 2 -"=0 =0 =1 =1 ... with override 3 -"=0 =1 =0 =0 ... with override 4 -"=0 =1 =0 =1 ... with override 5 -"=0 =1 =1 =0 ... with override 6 -"=0 =1 =1 =1 ... with override 7 -"=1 =0 =0 =0 ... with override 8 -"=1 =0 =0 =1 ... with override 9 -"=1 =0 =1 =0 ... with override 10 -"=1 =0 =1 =1 ... with override 11 -"=1 =1 =0 =0 ... with override 12 -"=1 =1 =0 =1 ... with override 13 -"=1 =1 =1 =0 ... with override 14 -"=1 =1 =1 =1 ... with override 15 =1 =0 x x x x Speed limit value for SG3 active =1 =1 =0 =0 =0 =0 Speed limit value for SG4 active with override 0 -"=0 =0 =0 =1 ... with override 1 -"=0 =0 =1 =0 ... with override 2 -"=0 =0 =1 =1 ... with override 3 -"=0 =1 =0 =0 ... with override 4 -"=0 =1 =0 =1 ... with override 5 -"=0 =1 =1 =0 ... with override 6 -"=0 =1 =1 =1 ... with override 7 -"=1 =0 =0 =0 ... with override 8 -"=1 =0 =0 =1 ... with override 9 -"=1 =0 =1 =0 ... with override 10 -"=1 =0 =1 =1 ... with override 11 -"=1 =1 =0 =0 ... with override 12 -"=1 =1 =0 =1 ... with override 13 -"=1 =1 =1 =0 ... with override 14 -"=1 =1 =1 =1 ... with override 15 x: Signal status is optional since override values are not effective for SG1 and SG3 Configuring NCK SGEs NCK SGEs (override selection bits 3, 2, 1, 0) are configured using the following machine data: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-101 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) For 840D MD 36978: $MA_SAFE_OVR_INPUT[n] (input assignment for override selection) The SG override factors themselves (percentage values) are defined via the following machine data: Defining SG override factors 3.5.7 11.03 For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n] (override factor safely-reduced speed) For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n] Example: Override for safely-reduced speed When safely-reduced speeds are selected, the speed limit values must be set as follows. Task assignment Table 3-27 Example of how override values are used for safely-reduced speed SGE SG selection SGE override selection Effective speed limit value Bit 1 Bit 0 Bit 3 Bit 2 Bit 1 Bit 0 Assumptions for the example 1000 mm/min 100 % = 2000 mm/min 80 % = 1600 mm/min 50 % = 1000 mm/min 30 % = 600 mm/min 4000 mm/min 100 % = 5000 mm/min 80 % = 4000 mm/min 50 % = 2500 mm/min 30 % = 1500 mm/min 0 0 x x x x Limit value 1 0 1 0 0 0 0 Limit value 2 with override 0 -"0 0 0 1 Limit value 2 with override 1 -"0 0 1 0 Limit value 2 with override 2 -"0 0 1 1 Limit value 2 with override 3 1 0 x x x x Limit value 3 1 1 0 0 0 0 Limit value 4 with override 0 -"0 0 0 1 Limit value 4 with override 1 -"0 0 1 0 Limit value 4 with override 2 -"0 0 1 1 Limit value 4 with override 3 Notes: x: Signal status is optional since override values are not effective for SG1 and SG3 SGEs "SG override selection bits 3 and 2" are not needed to select an SG override, i.e. they do not need to be configured (they are set to "0" internally). Assumptions for the example * The example applies to the 1st axis on a SINUMERIK 840D/ SIMODRIVE 611 digital. * Definition of SGEs in the NCK monitoring channel Logical slot for the terminal block: Slot number of sub-module for SGEs: I/O number for signal "SG selection bit 1": I/O number for signal "SG selection bit 0": I/O number for signal "override selection bit 1": I/O number for signal "override selection bit 0": 3-102 6 4 2 1 4 3 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) Defining machine data Table 3-28 Limit value SG1 SG2 SG3 SG4 Supplying MDs for SGEs For 840D MD number Value 1000 36931[0] 2000 36931[1] 4000 36931[2] 5000 36931[3] Table 3-29 Supplying MDs for SGEs Signal Assignment SGE MD number SG select, bit 1 36972[1] SG select, bit 0 36972[0] SG override selection bit 3 36978[3] SG override selection bit 2 36978[2] SG override selection bit 1 36978[1] SG override selection bit 0 36978[0] Table 3-30 Override 0 1 2 3 3.5.8 For 611 digital MD number Value 1000 1331[0] 2000 1331[1] 4000 1331[2] 5000 1331[3] Value 01 06 04 02 01 06 04 01 00 00 00 00 00 00 00 00 01 06 04 04 01 06 04 03 Remarks Not configured Not configured Supplying MDs for override values For 840D For 611 digital MD number Value MD number 100 36932[0] 1332[0] 80 36932[1] 1332[1] 50 36932[2] 1332[2] 30 36932[3] 1332[3] Value 100 80 50 30 Application examples for SG Please refer to Chapter 7, "Configuring example" for an example of safelyreduced speed. 3.5.9 Examples for safe input of ratios Task assignment The gear ratio (encoder/load) must be safely sensed on a spindle with a fourstage gearbox. Two examples are given, one with a 2-encoder system (ex. 1, refer to Fig. 3-13 Spindle with a 2-encoder system) and one with a 1-encoder system (ex. 2, refer to Fig 3-14 Spindle with a 1-encoder system). Example 1: Spindle with a 2-encoder system The two channels are monitored by comparing the speed sensed by the second encoder with the speed of the motor encoder, taking the gear ratio into account. The ratio selection does not have to be safely monitored and only has to involve one channel. Assumptions for example 1 * The gear stage is selected from an NC program with an H function via the PLC user program. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-103 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) 11.03 * The second encoder system is connected to the "direct measuring system" input on the 611 digital closed-loop control module. * Enabled SI function SBH/SG. * If the safety functions SE and SN are used for the spindles, gear stage changeover must also be activated on the NCK channel (request signals E1/E2, refer to Fig. 3-13). This is done to ensure that both channels receive the status "axis not safely referenced" as a result of the gear change. The machine data assignment for the input assignment gear ratio selection (bits 0, 1, 2) for the NCK are described in Chapter 4, "Machine data for SINUMERIK 840D". * The PLC SGEs for selecting gear ratios are described in Chapter 4.3, "Interface signals". * The example should be applicable for the 1st drive. * The motor encoder system is parameterized in the drive machine data. The second encoder system is parameterized in the NCK machine data of the control system. Table 3-31 Overview of encoder data for 840D Number Name 36910 $MA_SAFE_ENC_SEGMENT_NR 36911 $MA_SAFE_ENC_MODULE_NR 36912 $MA_SAFE_ENC_INPUT_NR 36915 $MA_SAFE_ENC_TYPE 36916 $MA_SAFE_ENC_IS_LINEAR 36917 $MA_SAFE_ENC_GRID_POINT_DIST 36918 $MA_SAFE_ENC_RESOL 36920 $MA_SAFE_ENC_GEAR_PITCH 36921 $MA_SAFE_ENC_GEAR_DENOM[n] 36922 $MA_SAFE_ENC_GEAR_NUMERA[n] 36925 $MA_SAFE_ENC_POLARITY Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Table 3-32 Overview of encoder data for 611 digital Number Name 1316 $MD_SAFE_ENC_CONFIG 1317 $MI_SAFE_ENC_GRID_POINT_DIST 1318 $MI_SAFE_ENC_RESOL 1320 $MI_SAFE_ENC_GEAR_PITCH 1321 $MI_SAFE_ENC_GEAR_DENOM[n] 1322 $MI_SAFE_ENC_GEAR_NUMERA[n] Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" * 3-104 The tolerance for the actual value comparison of the two encoders is defined in the following machine data: For 840D MD 36942: $MA_SAFE_POS_TOL For 611 digital MD 1342: $MD_SAFE_POS_TOL (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) Note The SGEs/SGAs used in the NCK monitoring channel only have to be assigned by the machine manufacturer in the drive monitoring channel as the NCK monitoring system is directly mounted. This means that SGEs can be supplied through one channel when changing the gear ratio (no safety risk). An exception is the use of SN/SE (see above). Gear stage selection for Safety Integrated is not part of the crosswise data comparison between the two channels. NCK HW I/O Spindle I/O images Processing SGE SGA I Bit 0 ... Bit 1 ... Bit 2 ... Encoder 1 Gearbox 1PH6 motor ... I1 I2 O ... ... per axis/spindle IMS NC Result and data cross-check H function I Bit 0 ... Bit 1 ... Bit 2 ... O ... ... SG_02.DSF PLC HW I/O I/O images SBH/SG SE SN Monitoring comparators PLC user program ... Fig. 3-17 SBH/SG SE SN Monitoring comparators ... O1 O2 NCK monitoring channel per axis/spindle SGE SGA Drive monitoring channel Spindle with 2-encoder system Table 3-33 Assignment between active gear stage/gear ratio selection Selection and checkback of Assignment between ratio Spindle motor/ active gear stage selection for NCK and load PLC/drive SGE gear ratio selection Gear E1 E2 A1 A2 Bit 2 Bit 1 Bit 0 stage 1 0 0 0 0 0 0 0 4:1 2 0 1 0 1 0 0 1 2,5 : 1 3 1 0 1 0 0 1 0 1,6 : 1 4 1 1 1 1 0 1 1 1:1 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-105 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) Table3-34 Denominator of gearbox encoder/load Numerator of gearbox encoder/load 11.03 Entering gear ratios into machine data Stage 840D 611 digital MD No. Value MD No. Value 1 1 1321.0 250 36921[0] 2 1 1321.1 400 36921[1] 3 1 1321.2 625 36921[2] 4 1 1321.3 1000 36921[3] 1 1 1322.0 1000 36922[0] 2 1 1322.1 1000 36922[1] 3 1 1322.2 1000 36922[2] 4 1 1322.3 1000 36922[3] Note For SE/SN, the gear stage must also be changed-over on the NCK side. In this case, the gear must be changed-over at zero speed or the actual value synchronization function used. Note In the circuit above (Fig. 3-13), the request signals E1/E2 for gear change for the PLC and drive are supplied from the gear signal. For SE/SN, the gear stage must also be changed-over on the NCK side. Because only the pulses of the motor measuring system - and not those of the direct measuring system - are counted during motion of a motor while decoupled, this may result in an offset of the SI actual values. As this cannot be avoided, gear stage changeover without errors is only possible under the following conditions: 1. The gear stage is selected at zero speed, the time delay does not cause an offset of the two SI values. The gear stage is selected when the motor is moving (e.g. oscillating), i.e. the motor is moving although this cannot be detected at the direct measuring system. In this case, the following measures can be performed to avoid errors. a) MD 36942/or MD 1342 SAFE_POS_TOL must be parameterized as necessary and re-synchronization of the spindle (<axis DB>.DBX 16.6 or DBX 16.7: active measuring system) must be triggered after gear changeover (if this has not already been done) to re-align the SI actual values b) The actual value synchronization function must be used Example 2: Spindle with a 1-encoder system Assumptions for example 2 3-106 * The gear stage is selected from an NC program with an H function via the PLC user program. * Gear ratios are selected through 2 channels. * The encoder system is connected to the "direct measuring system" input on the 611 digital closed-loop control module. * The machine data for the "input assignment gear ratio selection (bits 0, 1, 2)" for the NCK are described in Chapter 4, "Machine data for SINUMERIK 840D". (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) * The PLC SGEs for selecting gear ratios are described in Chapter 4.3, "Interface signals". * The motor encoder system is parameterized the same in the drive machine data and in the NCK machine data. * The example should be applicable for the 1st drive. * Enabled SI function SBH/SG. Table 3-35 Encoder data overview for 840D Number Name 36910 $MA_SAFE_ENC_SEGMENT_NR 36911 $MA_SAFE_ENC_MODULE_NR 36912 $MA_SAFE_ENC_INPUT_NR 36915 $MA_SAFE_ENC_TYPE 36916 $MA_SAFE_ENC_IS_LINEAR 36917 $MA_SAFE_ENC_GRID_POINT_DIST 36918 $MA_SAFE_ENC_RESOL 36920 $MA_SAFE_ENC_GEAR_PITCH 36921 $MA_SAFE_ENC_GEAR_DENOM[n] 36922 $MA_SAFE_ENC_GEAR_NUMERA[n] 36925 $MA_SAFE_ENC_POLARITY Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Table3-36 Encoder data overview for 611 digital Number Name 1316 $MD_SAFE_ENC_CONFIG 1317 $MI_SAFE_ENC_GRID_POINT_DIST 1318 $MI_SAFE_ENC_RESOL 1320 $MI_SAFE_ENC_GEAR_PITCH 1321 $MI_SAFE_ENC_GEAR_DENOM[n] 1322 $MI_SAFE_ENC_GEAR_NUMERA[n] Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" * Definition of SGEs/SGAs in the NCK monitoring channel - for 840D Logical slot for the terminal block: Slot number of the sub-module for SGEs: I/O number for the signal "gear ratio selection bit 0": I/O number for the signal "gear ratio selection bit 1": 5 3 1 2 Note The SGEs/SGAs used in the NCK monitoring channel must also be supplied by the machine manufacturer in the drive monitoring channel. Parameter set changes via SGEs must be coupled to a parameter set change in the NC. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-107 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) 11.03 NCK HW I/O Spindle I7O images Processing SGE SGA I Bit 0 ... Bit 1 ... Bit 2 ... Gearbox SBH/SG SE SN O 1PHxx... I1 I2 NCK monitoring channel ... Monitoring comparators ... per axis/spindle ... O1 O2 NC Result and data cross-check H function I Bit 0 ... Bit 1 ... Bit 2 ... O ... Monitoring comparators PLC user program ... ... PLC HW I/O I/O images SBH/SG SE SN per axis/spindle SGE SGA Drive monitoring channel SG_02.DSF Fig. 3-18 Spindle with 1-encoder system Note The above circuit (Fig. 3-16) triggers the request signals E1/E2 for gear stage switchover for the NCK/PLC and drive simultaneously. There is usually a delay in the internal gear stage selection because of the different processing speeds of the two channels (due to the PLC cycle time, the NCK usually detects the signal change earlier than the PLC). As this cannot be avoided, gear stage changeover without errors is only possible under the following conditions: 1. The gear stage is selected at zero speed, the time delay does not cause an offset of the two SI values. The gear stage is selected when the motor is moving (e.g. oscillating), i.e. the time delay also cause an offset of the SI values. In this case, the following measures are possible: MD 36942 / or MD 1342 SAFE_POS_TOL must be parameterized as necessary and resynchronization of the spindle (<axis DB>.DBX 16.6: active measuring system) must be triggered after gear changeover (if this has not already been done) to re-align the SI actual values. 3-108 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) Table 3-37 Assignment between active gear stage/gear ratio selection Selection and checkback of Assignment between ratio Spindle active gear stage selection for NCK and motor/ PLC/drive load SGE gear ratio selection Gear E1 E2 A1 A2 Bit 2 Bit 1 Bit 0 stage 1 0 0 0 0 0 0 0 4:1 2 0 1 0 1 0 0 1 2,5 : 1 3 1 0 1 0 0 1 0 1,6 : 1 4 1 1 1 1 0 1 1 1:1 * Input assignment of gear ratio selection Table 3-38 Signal SGE/SGA SGE SGE Table 3-39 Denominator of gearbox encoder/load Numerator of gearbox encoder/load Supplying the machine data for the SGEs for 840D Assignment Name MD No. Value Gear ratio selection, bit 0 36974[0] 01 05 03 01 Gear ratio selection, bit 1 36974[1] 01 05 03 02 Entering gear ratios into machine data Setting 840D 611 digital MD No. Value MD No. 1 10 1321.0 36921[0] 2 10 1321.1 36921[1] 3 10 1321.2 36921[2] 4 10 1321.3 36921[3] 1 40 1322.0 36922[0] 2 25 1322.1 36922[1] 3 16 1322.2 36922[2] 4 10 1322.3 36922[3] (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 Value 10 10 10 10 40 25 16 10 3-109 3 Safety-Related Functions 3.5 Safely-reduced speed (SG) 3.5.10 11.03 Overview of the machine data for the function SG Overview of MD for 840D Table 3-40 Number 36901 36921 36910 36911 36912 36915 36916 36917 36918 36920 36921 36922 36925 36931 36932 36933 36951 36961 36963 36970 36972 36974 36980 36982 Overview of MD for 611 digital Table 3-41 Overview of machine data for 611 digital Number Name 1301 $MD_SAFE_FUNCTION_ENABLE 1316 $MD_SAFE_ENC_CONFIG 1317 $MD_SAFE_ENC_GRID_POINT_DIST 1318 $MD_SAFE_ENC_RESOL 1320 $MD_SAFE_ENC_GEAR_PITCH 1321 $MD_SAFE_ENC_GEAR_DENOM[n] 1322 $MD_SAFE_ENC_GEAR_NUMERA[n] 1331 $MD_SAFE_VELO_LIMIT[n] 1332 $MD_SAFE_VELO_OVR_FACTOR[n] 1351 $MD_SAFE_VELO_SWITCH_DELAY 1361 $MD_SAFE_VELO_STOP_MODE 1363 $MD_SAFE_VELO_STOP_REACTION[n] (840D ab SW4.2) Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" 3-110 Overview of machine data for 840D Name $MA_SAFE_FUNCTION_ENABLE $MA_SAFE_ENC_GEAR_DENOM[n] $MA_SAFE_ENC_SEGMENT_NR $MA_SAFE_ENC_MODULE_NR $MA_SAFE_ENC_INPUT_NR $MA_SAFE_ENC_TYPE $MA_SAFE_ENC_IS_LINEAR $MA_SAFE_ENC_GRID_POINT_DIST $MA_SAFE_ENC_RESOL $MA_SAFE_ENC_GEAR_PITCH $MA_SAFE_ENC_GEAR_DENOM[n] $MA_SAFE_GEAR_NUMERA[n] $MA_SAFE_ENC_POLARITY $MA_SAFE_VELO_LIMIT[n] $MA_SAFE_VELO_OVR_FACTOR[n] $MA_SAFE_DES_VELO_LIMIT $MA_SAFE_VELO_SWITCH_DELAY $MA_SAFE_VELO_STOP_MODE $MA_SAFE_VELO_STOP_REACTION[n] (SW4.2 and higher) $MA_SAFE_SVSS_DISABLE_INPUT $MA_SAFE VELO_SELECT_INPUT[n] $MA_SAFE_GEAR_SELECT_INPUT[n] $MA_SAFE_SVSS_STATUS_OUTPUT $MA_SAFE_VELO_STATUS_OUTPUT [n] (SW 4.2 and higher) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.6 Safe software limit switches (SE) 3.6 Safe software limit switches (SE) Description The "safe software limit switch" (SE) can be used to implement protective functions for operating personnel and machinery or limiting the working zone/protective zone for specific axes. For example, this function can replace hardware limit switches. Two safe software limit switches (SE1 and SE2) are available for each axis. If the "SE" function is active, limit switch position pair SE1 or SE2 can be selected as a function of SGE "SE selection". Defining upper and lower limit values The position limit values for limit switch position pairs 1 and 2 are defined in the following machine data: For 840D MD 36934: $MA_SAFE_POS_LIMIT_PLUS[n] MD 36935: $MA_SAFE_POS_LIMIT_MINUS[n] For 611 digital MD 1334: $MD_SAFE_POS_LIMIT_PLU[n] MD 1335: $MD_SAFE_POS_LIMIT_MINUS[n] Note The upper and lower position limit values must be selected so that when the axis is traversing in this direction the software limit switches that are used as standard are first reached. Function features The most important features include: Safe definition and evaluation of software limit switches as a software function Configurable stop response when software limit switches are actuated The stop response is implemented internally in the software (and is therefore faster than a hardware limit switch response) when software limit switches are passed (actuated). Prerequisites ! The "safe software limit switch" function is dependent on the following prerequisites being fulfilled (refer to Chapter 2.8, "System prerequisites"): * The "safe software limit switch" function must be enabled * The axis/axes must have been safely referenced (user agreement) * SGE "SE selection" must be provided (configured) in both channels. Warning The "safe software limit switches" are only effective if the user agreement has been given. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-111 3 Safety-Related Functions 3.6 Safe software limit switches (SE) 3.6.1 11.03 Effects when an SE responds Warning ! The SE function does not predictively monitor the SW limit switches, i.e. the axis stops after passing the limit position. The distance traveled after the SE is dependent on how the function is parameterized (monitoring clock cycle, stop response...), the current traversing speed and the design of the axis. When an axis passes a "safe software limit switch", a stop response configured in the following machine data is generated: Configurable stop responses For 840D MD 36962: $MA_SAFE_POS_STOP_MODE For 611 digital MD 1362: $MD_SAFE_POS_STOP_MODE The user can select either STOP C, D or STOP E. Effect Acknowledging and moving away Timing when "safe software limit switch" is actuated 3-112 * The configured stop response is initiated. * The relevant alarm is displayed. * Traverse the axis to a position in which the monitoring does not respond (refer to Description of Alarm "safe software limit switch passed" in Chapter 6, "Alarms"). The "user agreement" must be canceled (SE is then de-activated) or change over to the other "safe software limit switches". * Acknowledge the error message according to the configured stop response (refer to Chapter 2, "Safe response via shutdown paths and STOPs") If the "safe software limit switch" function is active, the system timing is as follows when the limit position is passed: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.6 Safe software limit switches (SE) n n act a) Axis crosses limit position SE_01.DSF t2 t1 t t5 not to scale t3 t4 t6 Fig. 3-19 Table 3-42 Time t1 t2 t3 t4 t5 t6 Timing when the software limit switch is passed Explanations of the diagram Explanation Position control clock cycle defined by the following MDs: For 840D: MD 10050: $MN_SYSCLOCK_CYCLE_TIME MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO Monitoring clock cycle defined by the following MDs: For 840D: MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME Time until passing limit position is detected (maximum 1 monitoring clock cycle) Delay until the configured stop response is output (maximum 2 monitoring clock cycles) Delay until the configured stop response takes effect (time = 0, depends on the configured stop response, refer to Chapter 2, "Stop responses") Time required to bring the axis to standstill. This time period and thus the residual distance traveled by the axis is determined by the axis design (motor, mass, friction, ...) and the configured stop response (STOP C is faster than STOP D). Note: Each axis must be measured during commissioning to determine the distance it travels between the limit value being violated and it coming to a standstill. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-113 3 Safety-Related Functions 3.6 Safe software limit switches (SE) 3.6.2 Overview of the machine data for the SE function Overview of MD for 840D Table 3-43 Overview of machine data for 840D Number Name 36901 $MA_SAFE_FUNCTION_ENABLE 36934 $MA_SAFE_POS_LIMIT_PLUS[n] 36935 $MA_SAFE_POS_LIMIT_MINUS[n] 36962 $MA_SAFE_POS_STOP_MODE 36973 $MA_SAFE_POS_SELECT_INPUT Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-44 Overview of machine data for 611 digital Number Name 1301 $MD_SAFE_FUNCTION_ENABLE 1334 $MD_SAFE_POS_LIMIT_PLUS[n] 1335 $MD_SAFE_POS_LIMIT_MINUS[n] 1362 $MD_SAFE_POS_STOP_MODE Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" 3-114 11.03 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.7 Safe software cams (SN) 3.7 Safe software cams (SN) Description The "safe software cams" function (SN) can be used to implement safe electronic cams, a safe range detection or limiting the working zone/protective zone for specific axes, thereby replacing the hardware solution. There are four pairs of cams (SN1, SN2, SN3, SN4) available for each axis. Each cam pair consists of a plus cam (SN1+, SN2+, SN3+, SN4+) and a minus cam (SN1-, SN2-, SN3-, SN4-). Each cam signal can be individually enabled and configured via machine data. The cam signals are output via SGAs. ! Function features Prerequisites Important The enabled cam signals are immediately output when the control system is pwered-up, but are only safe after safe referencing (signaled via the SGA "axis safely referenced"). For safe evaluation of the cam signals, the SGA "axis safely referenced" must be taken into account. The most important features include: * Safe definition and evaluation of cam positions as a software function * Definition of working ranges/zones The following prerequisites must be fulfilled for the "safe cams" function: The axis/axes must have been safely referenced (user agreement) * The safe cams must be configured: The required cams are enabled using MD $MA_SAFE_FUNCTION_ENABLE, bit 8...15 The cam positions are defined using MD $MA_SAFE_CAM_POS_PLUS[n] and $MA_SAFE_CAM_POS_MINUS[n] SGA assignment is defined using MD $MA_SAFE_CAM_PLUS_OUTPUT[n] and $MA_SAFE_CAM_MINUS_OUTPUT[n] (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-115 3 Safety-Related Functions 3.7 Safe software cams (SN) 11.03 Specifying cam positions The cam positions for SN1+, SN2+, SN3+, SN4+ and SN1-, SN2-, SN3-, SN4- are specified in the following machine data: For 840D MD 36936: $MA_SAFE_CAM_POS_PLUS[n] MD 36937: $MA_SAFE_CAM_POS_MINUS[n] For 611 digital MD 1336: $MD_SAFE_CAM_POS_PLUS[n] MD 1337: $MD_SAFE_CAM_POS_MINUS[n] Tolerance for SN Owing to variations in clock cycle and signal run times, the cam signals of the two monitoring channels do not switch simultaneously or not exactly at the same position. A tolerance bandwidth can therefore be specified for all cams using the following machine data. Within this bandwidth, the signal states for the same cam may be different in the two monitoring channels: For 840D MD 36940: $MA_SAFE_CAM_TOL For 611 digital MD 1340: $MD_SAFE_CAM_TOL Note The lowest possible tolerance bandwidth (less than 5-10 mm) must be selected for the safe cams. Special case of SN If the axis is being positioned exactly at the parameterized cam position, the cam signals may have different states owing to system-related variations in the actual values between the two monitoring channels. This must be taken into account in the further processing of the cam signals, e.g. by filtering the different signal states by means of a logic circuit (refer to "synchronization of cam signals"). Synchronization of cam signals (840D, SW 4.2 and higher) When cam signal synchronization is activated, the cam results calculated by one monitoring channel are ANDed with the cam results of the other monitoring channel before they are output. The cam signals in both channels therefore have the same signal status at standstill (after a transition period resulting from different run times) Cam signal synchronization is enabled by means of the following machine data: Hysteresis of cam SGAs For 840D MD 36901: $MA_SAFE_FUNCTION_ENABLE, bit 7 For 611 digital MD 1301: $MD_SAFE_FUNCTION_ENABLE, bit 7 When cam synchronization is activated, cam signals are output with a hysteresis that takes into account the direction of travel (refer to Fig. 3-20 "hysteresis of cam SGAs"). This helps to prevent the SGAs from "flickering" if the axis is positioned exactly on the cam. The magnitude of the hysteresis is determined by the following data: For 840D MD 36940: $MA_SAFE_CAM_TOL (tolerance for safe software cams) For 611 digital MD 1340: $MA_SAFE_CAM_TOL (tolerance for safe software cams) 3-116 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.7 Safe software cams (SN) 3 Safety-Related Functions Cam position s SGA = 1 SGA = 0 Tolerance for safe cams Fig. 3-20 SN_05.DSF Hysteresis of cam SGAs Note Dynamic deviations in the cam signals at I/O devices themselves still occur as a result of the different signal run times between the NCK and PLC I/O devices. These deviations must be taken into account. Output assignment for SN The status of the individual cams is indicated via SGAs SN1+, SN2+, SN3+, SN4+ and SN1-, SN2-, SN3-, SN4-. In the NCK monitoring channel, the NCK SGAs are assigned to output terminals via the following machine data: For 840D MD 36988: $MA_SAFE_CAM_PLUS_OUTPUT[n] MD 36989: $MA_SAFE_CAM_MINUS_OUTPUT[n] In the drive monitoring channel, the PLC SGAs are mapped in the NC/PLC interface (refer to Chapter 4, "Interface signals") and output via the PLC I/O by the PLC user program. Modulo display of safe actual value (840D, SW4.2 and higher) The modulo display of the safe actual value is selected and parameterized for rotary axes using the following machine data: Safe cams for endlessly turning rotary axes (840D, SW4.2 and higher) The modulo range (cam actual value range) for rotary axes with cam can be set using the following machine data: MD 30300: $MA_IS_ROT_AX MD 30320: $MA_DISPLAY_IS_MODULO MD 30330: $MA_MODULO_RANGE MD 36902/1302: $MA_/$MD_SAFE_IS_ROT_AX MD 36905/1305: $MA_/$MD_SAFE_MODULO_RANGE The size of the cam actual value range should be selected to match the modulo display of the safe actual value. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-117 3 Safety-Related Functions 3.7 Safe software cams (SN) 11.03 Note Restriction relating to cam positions When cam positions are parameterized, the following conditions must be observed in the vicinity of modulo limits: * When cam synchronization is not active: lower modulo value +POS_TOL cam position upper modulo value -POS_TOL > cam position * When cam synchronization is active: lower modulo value +POS_TOL cam position upper modulo value -POS_TOL-CAM_TOL >cam position Meanings: POS_TOL: Actual value tolerance (for 840D: MD 36942: $MA_/$MD_SAFE_POS_TOL for 611digital: MD 1342: $MA_/$MD_SAFE_POS_TOL) CAM_TOL: Cam tolerance (for 840D: MD 36940: $MA_/$MD_SAFE_CAM_TOL for 611digital: MD 1340: $MA_/$MD_SAFE_CAM_TOL) Lower/upper modulo value: MD 36905/1305: $MA_/$MD_SAFE_MODULO_RANGE Cam position: MD 36936/1336: $MA_/$MD_SAFE_CAM_POS_PLUS[n] MD 36937/1337: $MA_/$MD_SAFE_CAM_POS_MINUS[n] The parameter settings are checked in each monitoring channel at run-up. In the case of parameterization errors (condition is not fulfilled), a corresponding alarm is output after the control has run-up. 3-118 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.7 Safe software cams (SN) 3.7.1 3 Safety-Related Functions Effects when SN reponds Important ! The machine manufacturer must safely logically combine the SGAs SN1-, SN1+ to SN4-, SN4+ that are output via the NCK and PLC I/O devices in accordance with the Safety Integrated principle, i.e. in two channels. If a response to the cam signals is required, then the machine manufacturer must implement this function on the basis of SGA processing. The SGAs must be processed redundantly, i.e. in the NCK monitoring channel and drive monitoring channel (PLC). When defining cam positions, please note that the function only monitors the actual position, making "predictlve" sensing of cam signals impossible. Timing when cam position is passed If the "safe cams" function is active, the system timing is as follows when the cam position is passed: n t2 a) Axis crosses cam t1 a) t t3 t4 NCK SGA (I/Os) t5 611digital SGA (axis interface) Fig. 3-21 Table 3-45 Time t1 t2 t3 t4 t5 SN_03.DSF Timing when the cam position is passed Explanation of the diagram Explanation Position control clock cycle defined by the following MDs: For 840D: MD 10050: $MN_SYSCLOCK_CYCLE_TIME MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO Monitoring clock cycle defined by the following MDs: For 840D: MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME Time until it has been detected that the cam position has been passed (maximum 1 monitoring clock cycle) Conditioning time NCK monitoring channel (1 monitoring clock cycle plus a few microseconds) Processing time, 611 digital monitoring channel max. 1 monitoring clock cycle plus 3 IPO clock cycles plus 1 OB1 cycle; minimum 1 monitoring plus 3 IPO clock cycles Note: Each axis must be measured during commissioning to determine how long it takes for cam signals to be output to the I/O after the cam position has been passed. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-119 3 Safety-Related Functions 3.7 Safe software cams (SN) 3.7.2 Task 11.03 Application example for "safe software cams" The axis speed must be monitored for violation of various speed limit values based on position ranges 1, 2 and 3 of the axis, i.e. if the axis is in range 1, 2, 3, then its speed must be monitored for violation of speed limit value 1, 3, 4. The position ranges are defined using cam signals SN1- and SN1+. 2nd axis of SN1- Position value of SN1+ Machine zero 1 1st axis Signal chart of SN10 1 Signal chart of SN1+ 0 SN1SN1+ 0 0 1 0 1 1 Area 1 (SG1) 2 (SG3) 3 (SG4) Fig. 3-22 SN_01.DSF Signal characteristics, positioning and ranges Note In this example, cam synchronization must be enabled using the following machine data: For 840D MD 36901, bit 7: $MA_SAFE_FUNCTION_ENABLE For 611 digital MD 1301, bit 7: $MD_SAFE_FUNCTION_ENABLE Applicable from: SW 4.2 for 840D/611 digital 3-120 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.7 Safe software cams (SN) NCK HW I/O 3 Safety-Related Functions I/O images Processing SGE SGA NCK monitoring channel SBH/SG deselection 1 I 2 ... SBH deselection ... SG selection bit 0 SG selection bit 1 ... SBH/SG active O Axis safely referenced ... ... SN1+ ... SN1- SBH/SG SE SN Monitoring comparators per axis/spindle Result and data cross-check I I 1 I 2 ... SBH deselection ... SG selection bit 0 SBH/SG deselection PLC User program ... O SG selection bit 1 SBH/SG SE SN SBH/SG active ... Monitoring comparators Axis safely referenced ... SN1+ ... SN1- PLC HW I/O I/O images PLC User program SGE SGA per axis/spindle Drive monitoring channel SN_04.DSF Fig. 3-23 Interconnecting the required SGEs/SGAs (without SPL) Assumptions for the example The example is applicable for the 1st axis. Position values: SN1- = 300 mm, SN1+ = 600 mm Speed limit values: Area 1 = 1000 mm/min Area 2 = 2000 mm/min Area 3 = 4000 mm/min Definition of SGEs/SGAs in the NCK monitoring channel For 840D Logical slot for the terminal block: Slot number of the submodule with SGEs: Slot number of the submodule with SGAs: I/O number for the signal SN1+: I/O number for the signal SN1-: I/O number for the signal "axis safely referenced": I/O number for the signal "SBH/SG active": I/O number for the signal "SBH/SG de-selection": I/O number for the signal "SBH de-selection": 9 1 2 7 6 5 4 2 3 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-121 3 Safety-Related Functions 3.7 Safe software cams (SN) 11.03 I/O number for the signal "SG selection bit 1": I/O number for the signal "SG selection bit 0": 6 7 If the axis is positioned exactly at the parameterized cam position, the cam signals may have different states owing to variations in the actual values between the two monitoring channels. If the SGAs "SNx" were directly connected to the SGEs "SG selection", a crosswise data comparison would signal an error. When cam synchronization is activated, the cam signals are output with the same signal states in both channels when in the steady-state condition. Note Machine data for the safely-reduced speed function are described in Chapter 4. Defining machine data Table 3-46 SN1SN1+ Supplying MD for cam positions For 840D MD No. Value MD No. 36937 300 1337[0] 36936 600 1336[0] Supplying MD for speed limit values For 840D Limit value MD No. Value MD No. 1 1000 36931[0] 1331[0] 2 0 36931[1] 1331[1] 3 2000 36931[2] 1331[2] 4 4000 36931[3] 1331[3] For 611 digital Value 300 000 600 000 Table 3-47 For 611 digital Value 1000 0 2000 4000 Table 3-48 Assigning speed limit values to the zones Speed limit value Area Remarks SG selection 1 2 3 4 Table 3-49 Signal SGE/SGA SGA SGA SGA SGA SGE SGE SGE SGE 3-122 Bit 1 0 0 1 1 Bit 0 0 1 0 1 1 2 3 SG1 active Not used SG3 active SG4 active Supplying MD for SGEs/SGAs for 840D Assignment Name MD No. SN1+ 36988[0] SN136989[0] Axis safely referenced 36987 SBH/ SG active 36980 SBH/SG de-selection 36970 SBH de-selection 36971 SG selection, bit 1 36972[1] SG selection, bit 0 36972[0] Value 01 09 02 07 01 09 02 06 01 09 02 05 01 09 02 04 01 09 01 02 01 09 01 03 01 09 01 06 01 09 01 07 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.7 Safe software cams (SN) 3 Safety-Related Functions Note The appropriate signals should be accordingly processed by the PLC in the drive monitoring channel (refer to Chapter 3.9.2, "Signal processing for the drive monitoring channel"). For safe evaluation of the cam signals, the SGA "axis safely referenced" must be taken into account. The SGA "axis safely referenced" can be logically combined using the SGA "SBH/SG active" if the signal is used to enable a protective zone (refer to Chapter 7, "Circuit examples for Safety Integrated") Advantage: An AND logic operation in the NCK monitoring channel can then be implemented by means of machine data (refer to Chapter 4, "Machine data for SINUMERIK 840D"). 3.7.3 Overview of machine data for the SN function Overview of MD for 840D Table 3-50 Overview of machine data for 840D Number Name 36901 $MA_SAFE_FUNCTION_ENABLE 36905 $MA_SAFE_MODULO_RANGE (from SW4.2) 36936 $MA_SAFE_CAM_POS_PLUS[n] 36937 $MA_SAFE_CAM_POS_MINUS[n] 36940 $MA_SAFE_CAM_TOL 36988 $MA_SAFE_CAM_PLUS_OUTPUT[n] 36989 $MA_SAFE_CAM_MINUS_OUTPUT[n] Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-51 Overview of machine data for 611 digital Number Name 1301 $MD_SAFE_FUNCTION_ENABLE 1305 $MD_SAFE_MODULO_RANGE (840D from SW4.2) 1336 $MD_SAFE_CAM_POS_PLUS[n] 1337 $MD_SAFE_CAM_POS_MINUS[n] 1340 $MD_SAFE_CAM_TOL Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-123 3 Safety-Related Functions 3.8 Safe braking ramp (SBR) (840D from SW 4.2) 11.03 3.8 Safe braking ramp (SBR) (840D from SW 4.2) Description This function is based on the assumption that after a stop request the actual speed must decrease (monitors the speed characteristic). Note Regarding 840D/611 digital: The function exists in both monitoring channels and must also be parameterized in both channels. Function features The most important features include: Fastest possible detection if the axis starts to re-accelerate during the braking process SBR is automatically activated when a STOP B or C has been triggered STOP A is triggered when SBR responds Activating SBR When a stop request is triggered, the actual speed plus the speed tolerance defined in the machine data is activated as the speed limit. This limit is compared with the actual speed (must decrease or remain the same) and is cyclically corrected. If the axis starts to re-accelerate while braking, this is detected as quickly as possible. Machine data for SBR speed tolerance: For 840D For 611digital MD 36948: $MA_SAFE_STOP_VELO_TOL MD 1348: $MD_SAFE_STOP_VELO_TOL The speed limit value is corrected until the speed defined in the next machine data is undershot. After that, the speed limit value nx is frozen to the value in MD 36946/1346 plus the value in MD 36948/1348. 3-124 For 840D MD 36946: $MA_SAFE_VELO_X (speed limit nx) For 611 digital MD 1346: $MD_SAFE_VELO_X (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.8 Safe braking ramp (SBR) (840D from SW 4.2) 3 Safety-Related Functions n Speed tolerance Stopping limit value STOP B/C triggered nist nx t SBR_01.DSF Fig. 3-24 Calculating the SBR tolerance of the actual speed Characteristics of the stopping limit value for SBR The following applies when parameterizing the SBR tolerance: The possible speed increase after triggering STOP B/C is made up of the active acceleration a and the duration of the acceleration phase. The duration of the acceleration phase is one monitoring clock cycle UT (delay in detecting a STOP B/C until nset = 0): SBR tolerance Actual speed for SBR = acceleration * acceleration duration The following setting rules apply: For a linear axis: SBR tolerance [mm/min] = a [m/s2] * UT [s] * 1000 [mm/m] * 60 [s/min] For a rotary axis/spindle: SBR tolerance [rev./min] = a [rev./s2] * UT [s] * 60 [s/min] To determine the value, the maximum value of the acceleration values should be taken account from the following list that is also effective for the particular axis: MD 32300: MAX_AX_ACCEL MD 35200: GEAR_STEP_SPEEDCTRL_ACCEL MD 35210: GEAR_STEP_POSCTRL_ACCEL MD 35410: SPIND_OSCILL_ACCEL Recommendation: The value entered for the SBR tolerance should be approx. 20 % greater than the calculated value. ! Caution During "normal" operation, speed overshoot should not unintentionally trigger the SBR. Speed overshoot should therefore be checked by making the appropriate measurements. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-125 3 Safety-Related Functions 3.8 Safe braking ramp (SBR) (840D from SW 4.2) 3.8.1 Overview of the machine data for SBR Overview of MD for 840D Overview of MD for 611 digital 3-126 11.03 Table 3-52 Overview of machine data for 840D Number Name 36948 $MA_SAFE_STOP_VELO_TOL 32300 $MA_MA_AX_ACCEL 35200 $MA_GEAR_STEP_SPEEDCTRL_ACCEL 35210 $MA_STEP_POSCTRL_ACCEL 35410 $MA_SPIND_OSCILL_ACCEL Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Table 3-53 Overview of machine data for 611 digital Number Name 1348 $MD_SAFE_STOP_ VELO_TOL Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.9 Safety-related input/output signals (SGE/SGA) 3 Safety-Related Functions 3.9 Safety-related input/output signals (SGE/SGA) Description The safety-relevant input and output signals (SGEs and SGAs) are signals that are sent to or received by the system via two channels using: * Separate NCK and PLC I/Os Fig. 3-25 * SGE/SGA via separate PLC and NCK I/Os or via PROFIBUS with PROFIsafe protocol and S7 fail-safe modules Fig. 3-26 SGE/SGA via PROFIBUS with PROFIsafe protocol Using these signals, the following can be requested or signaled in each monitoring channel and for each axis/spindle with safety technology: Safety functions can be selected and de-selected Speed limit values can be selected and changed-over Position limit values can be selected and changed-over Feedback of status signals relating to safe operation Cam signals can be output Function features Processing in two channels for SGEs and SGAs Processing in the NCK monitoring channel (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-127 3 Safety-Related Functions 3.9 Safety-related input/output signals (SGE/SGA) 11.03 Processing in the drive monitoring channel Safety functions can be selected/de-selected independently of the NC operating mode Differences between the active SGEs in the monitoring channels are detected by the crosswise data comparison. Two-channel processing of I/O signals for NC and drive A two-channel structure (see Fig. 3-21 "NCK and drive monitoring channels") is provided for the input/output and processing of safety-relevant input/output signals. All requests and checkback signals relating to safety-relevant functions must be entered or retrieved through 2-channels via both monitoring channels. NCK NCK signalI/O devices processing HW inputs/ outputs NCK signal processing Interface NCK SGE/SGAs Comparator Data NCK monitoring channel Result and data cross-check Machine Drive monitoring channel HWInputs/ outputs PLC signal processing PLC PLC signal I/O devices processing Process Fig. 3-27 NC/PLC interface Axis/spindle DB Comparator Data Interface System SGESGA03.DSF NCK and drive monitoring channels For the NCK monitoring channel, the signals are input and output via the NCK I/O devices, processed by the NCK logic operations block and mapped in the SGE/SGA interface. The signals from the drive monitoring channel are input/output via the PLC I/O devices, processed by the PLC user program and transferred to the drive or the PLC via the NC/PLC interface. 3-128 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.9 Safety-related input/output signals (SGE/SGA) NCK HW I/O 3 Safety-Related Functions I/O images I1 I_Fig1 I2 I_Fig2 ... ... O1 I_Fign O_Fig1 O2 O_Fig2 In ... ... Processing SGE ... Multiple distribution SGE ... ... SGE ... per axis/spindle SBH/SG SE SN SGA ... Multiple assignment SGA ... ... Monitoring comparators SGA... O_Fign On NCK monitoring channel SGE SGA Result and data cross-check Machine I1 I_Fig1 I2 I_Fig2 ... ... In I_Fign O1 O_Fig1 O2 O_Fig2 ... ... On Fig. 3-28 I/O images SGE ... ... SGE ... PLC user program O_Fign PLC HW I/O Process SGE ... PLC user program per axis/spindle SBH/SG SE SN SGA ... SGA ... Monitoring comparators SGA... Processing SGE SGA Drive monitoring channel User System SGESGA01.DS4 Two-channel processing of I/O signals The data and results in the two mutually independent monitoring channels are subject to a crosswise data comparison. If any discrepancy is found, STOP F is activated. Note Owing to the two-channel structure of Safety Integrated, the machine manufacturer must supply the SGEs and SGAs in both the NCK monitoring channel and the drive monitoring channel. The actual signal status of the SGEs/SGAs is selected via the menu "Service display". The "Service SI" window displays information about Safety Integrated data together with the associated axis name and axis number. Basic principle of safe signal processing For a two-channel control structure, only a single-channel signal feedback via the PLC is needed. In contrast, when a single-channel control structure is used, a redundant, i.e. a two-channel feedback structure is required. What SGEs/SGAs are there? The following SGEs and SGAs are provided for each axis/spindle in each of the two monitoring channels: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-129 3 Safety-Related Functions 3.9 Safety-related input/output signals (SGE/SGA) SGEs SGAs 1) 2) 840D from SW4.2 840D from SW 4.4.18 Fig. 3-29 SBH/SG deselection SBH deselection SG selection, bit 1 SG selection, bit 0 SE selection Gear ratio selection, bit 2 Gear ratio selection, bit 1 Gear ratio selection, bit 0 Test stop selection Pulses disabled status (NCK) SG correction selection bit 3 1) SG correction selection bit 2 1) SG correction selection bit 1 1) SG correction selection bit 0 1) ext. STOP A deselection 2) ext. STOP C deselection 2) ext. STOP D deselection 2) 11.03 SBH/SG SE SN SBH/SG active Axis safely referenced SN1 SN2 SN3 SN4 SN1 + SN3 + SN2 + SN4 + n < nx 1) SG active bit 1 1) SG active bit 0 1) SBH active 1) Enable pulses (NCK) or Pulses are disabled status (drive) SGEs and SGAs in each monitoring channel for each axis/spindle Note The SGE/SGA signals are described in Chapter 4, "Description of Interface Signals". What is the minimum number of SGEs/SGAs that are needed? Only a subset of the maximum number of available SGEs/SGAs is required depending on the application. Note SGEs that are not needed must be set to a defined signal status. In the NCK monitoring channel: By presetting the assigned machine data to appropriate values (e.g. input is permanently set to 0 (default) or 1) In the drive monitoring channel: By appropriately programming the interface signals in the PLC user program. 3-130 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.9 Safety-related input/output signals (SGE/SGA) Table 3-54 Minimum SGE/SGA requirements Function Minimum SGE requirements Safe operating stop SBH/SG de-selection (SBH) Test stop selection Pulses cancelled status (NCK) Safely-reduced speed SBH/SG de-selection (SG) SBH de-selection SG selection, bit 1 (for SG changeover only) SG selection, bit 0 (for SG changeover only) Gear ratio selection, bit 2 (for ratio selection only) Gear ratio selection, bit 1 (for ratio selection only) Gear ratio selection, bit 0 (for ratio selection only) Test stop selection Pulses cancelled status (NCK) Safe software limit SE selection (for SE changeover only) switches (SE) Test stop selection Pulses cancelled status (NCK) SBH/SG de-selection (at least for test during start-up) Safe software cams Test stop selection (SN) Pulses cancelled status (NCK) SBH/SG de-selection (at least for test when commissioning) Different signal run times in channels 3 Safety-Related Functions Minimum SGA requirements SBH/ SG active Enable pulses (NCK) Pulses cancelled status (drive) SBH/ SG active Enable pulses (NCK) Pulses cancelled status (drive) Axis safely referenced Enable pulses (NCK) Pulses cancelled status (drive) Axis safely referenced SN1 -, SN2 -, SN3 -, SN4 (only if required) SN1 +, SN2 +, SN3 +, SN4 + (only if required) Enable pulses (NCK) Pulses cancelled status (drive) The signal timing characteristics in the two monitoring channels varies (the PLC cycle time takes up most of the available time in the drive monitoring channel). To prevent the crosswise data comparison function from being activated immediately after a signal change, a tolerance time is defined using the following machine data: For 840D MD 36950: $MA_SAFE_MODE_SWITCH_TIME For 611 digital MD 1350: $MD_SAFE_MODE_SWITCH_TIME This data specifies the time period for which different signals states may be tolerated after the SGEs have been changed over before an error message is output. Note System-dependent minimum tolerance time: 2 x PLC cycle times (maximum cycle) + 1 x IPO cycle time The variations in run times in the external circuitry (e.g. relay operating times) must also be taken into account. NCK SGEs/SGAs There are SGEs and SGAs for each axis/spindle (refer to Fig. 3-23 "SGEs and SGAs in each monitoring channel for each axis/spindle"). The signals are assigned to the NCK inputs and outputs via machine data. Only the NCK-SGEs are assigned to an NCK input that are also required for the particular application. For axes, where for example, the gear ratio does not change, the NCK SGEs "ratio selection bit 2 to 0" do not have to be assigned HW inputs. A value of 0 should be entered into the associated MD (i.e. the NCK-SGE does not have a hardware assignment and is set to 0). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-131 3 Safety-Related Functions 3.9 Safety-related input/output signals (SGE/SGA) PLC SGEs/SGAs 11.03 The NC/PLC interface (axis/spindle DB) acts as the SGE/SGA interface between the PLC and drive for the drive monitoring channel. The PLC user program must supply this interface with data. The standard PLC I/O devices must be used to input/output signals to/from the machine. The machine manufacturer defines, in the PLC user program, whether the SGEs/SGAs are processed via the PLC I/O devices or whether they are generated and evaluated internally in the software. His choice depends on the particular application. Note PLC-SGEs must only be processed if they are required for a specific application in the PLC user program. SGEs that are not used must be set to a value of 0. This does not apply for external STOPs that are not used (refer to Chapter 3.2). Refer to Chapter 3.2.2 for information about SGEs/SGAs for the test stop for external stops. 3.9.1 Signal processing for the NCK monitoring channel Note The SGEs/SGAs must be supplied by the machine manufacturer, both in the NCK monitoring channel and in the drive monitoring channel Digital NCK inputs/ outputs for 840D The number of inputs and outputs that can be connected increases when the SI safety function is used * up to 64 digital inputs and outputs for the function "Safe programmable logic" SPL * by additional digital inputs and outputs for safety axes. Further information: References: /FB/, A4, Digital and Analog NCK I/Os References: /HDB/, NCU Manual, SINUMERIK 840D Please note the following with regard to NCK I/O devices: * Two NCU terminal blocks and DMP compact modules are used for the NCK I/O devices. * In comparison to "normal" NCK inputs/outputs (refer to References: /FB/, A4, Digital and Analog NCK I/Os), other additional NCK inputs/outputs are used for Safety Integrated. * The "normal" NCK inputs and those for Safety Integrated may also be used for both purposes. An appropriate alarm is generated for NCK outputs that are assigned twice. Note The digital inputs/outputs are reserved byte-serially for SGEs/SGAs. If at least 1 input/output is used for SGEs/SGAs, then the remaining inputs/outputs of the byte concerned cannot be used for other functions. 3-132 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.9 Safety-related input/output signals (SGE/SGA) 3 Safety-Related Functions The machine manufacturer is responsible for ensuring that digital NCK outputs are not assigned twice (resulting in conflict) by configuring them correctly. For SINUMERIK 840D, the number of NCK SGEs/SGAs is only limited by the maximum available number of NCK I/O hardware devices that can be inserted. Processing NCK-SGEs for 840D (multiple distribution) Axis-specific/spindle-specific machine data is used to define which input is to be used for which function and which axis/spindle. Under the condition that certain axes/spindles belong to the same safety group, it is possible to implement multiple distribution (1 input is assigned, for example, to 3 axes with the same function). In addition, when an NCK input is selected via MD, it is also possible to define whether the inverted signal is to be processed. NCK HW I1 I2 Ix ... ... Multiple distribution NCK SGE/SGA interface ... SGE ... ... ... SGE ... .... .. ... ... ... Inversion Monitoring comparators ... yes/no for axis 1 ... ... yes/no for axis 2 ... ... ... SGE ... yes/no In ... ... ... for axis 3 SGESGA05.DSF Fig. 3-30 Example Multiple distribution of NCK inputs It must be possible to change over between the "safe software limit switches" 1 and 2 for axes 1, 2 and 3 as a group via an NCK input "x". The machine data must be parameterized as follows: Axis 1: MD 36973: $MA_SAFE_POS_SELECT_INPUT = input x Axis 2: MD 36973: $MA_SAFE_POS_SELECT_INPUT = input x Axis 3: MD 36973: $MA_SAFE_POS_SELECT_INPUT = input x (input x = ss mm xx nn, refer to Chapter 4, "Machine data for SINUMERIK 840D") Processing NCK SGAs for 840D (multiple assignment Axis-specific/spindle-specific machine data is used to define which SGA from which axis/spindle must be assigned to which NCK output. It is possible to implement a multiple assignment (SGAs from several axes, for example, are assigned to 1 output) provided that certain axes/spindles belong to the same safety group. The SGAs are then ANDed and the result output at the NCK output. In addition, when an NCK output is selected via an MD, it is also possible to define whether the signal is to be output in an inverted form before it is ANDed. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-133 3 Safety-Related Functions 3.9 Safety-related input/output signals (SGE/SGA) NCK HW Multiple assignment O1 ... ... ... ... On Fig. 3-31 Inversion ... O2 Ox ... 11.03 yes / no & NCK SGE/SGA interface ... SGA ... ... ... ... ... yes / no SGA ... ... ... ... ... yes / no ... ... Monitoring comparators SGA ... ... for axis 1 for axis 2 for axis 3 SGESGA06.DSF Multiple assignment for NCK outputs Axes 1, 2 and 3 belong to one safety zone. For these axes, the message "axes safely referenced" must be output at one NCK output (i.e. the message is output if the message is active for all 3 axes). The machine data must be parameterized as follows: Example Axis 1: MD 36987: $MA_SAFE_REFP_STATUS_OUTPUT = output x Axis 2: MD 36987: $MA_SAFE_REFP_STATUS_OUTPUT = output x Axis 3: MD 36987: $MA_SAFE_REFP_STATUS_OUTPUT = output x (output x = ss mm xx nn, refer to Chapter 4, "Machine data for SINUMERIK 840D") 3.9.2 Signal processing in the drive monitoring channel General The safety-relevant input and output signals (SGEs and SGAs) are signals that are sent to and received from the system via two channels: Via the NCK monitoring channel <--> NCK I/O devices <--> signal processing <--> NCK SGE/SGA interface <-> NCK-CPU Via the drive monitoring channel <--> PLC I/O devices <--> signal processing via PLC <--> NC/PLC interface <-->drive CPU Note The SGEs/SGAs must be supplied by the machine manufacturer in both the drive monitoring channel and the NCK monitoring channel. Digital PLC inputs/ outputs for 840D Digital PLC inputs and outputs are implemented on the SINUMERIK 840D using SIMATIC S7-300 I/O devices. References: /S7H/, SIMATIC S7-300 3-134 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.9 Safety-related input/output signals (SGE/SGA) Processing signals for 840D 3 Safety-Related Functions A PLC module that is compatible with the SIMATIC S7 315-2DP is used as the PLC in the SINUMERIK 840D. Signals are processed according to what has been programmed in the PLC user program (refer to Chapter 4, "Interface signals for SINUMERIK 840D"). References: /FB/, P3, "Basic PLC Program" PLC SGE/SGA interface for 840D The machine status is transferred to the monitoring comparators for specific axes/spindles via the PLC inputs and the PLC user program. The PLC SGE/SGA interface is mapped using the following axis/spindlespecific data blocks: DB 31... (assignment of data block, refer to Chapter 4 "Interface signals for SINUMERIK 840D") 3.9.3 Overview of the machine data for SGE/SGA Overview of MD for 840D Table 3-55 Overview of machine data for 840D Number Name 36950 $MA_SAFE_MODE_SWITCH_TIME 36970 $MA_SAFE_SVSS_DISABLE_INPUT 36971 $MA_SAFE_SS_DISABLE_INPUT 36972 $MA_SAFE_VELO_SELECT_INPUT[n] 36973 $MA_SAFE_POS_SELECT_INPUT 36974 $MA_SAFE_GEAR_SELECT_INPUT[n] 36975 $MA_SAFE_STOP_REQUEST_INPUT 36976 $MA_SAFE_PULSE_STATUS_INPUT 36977 $MA_SAFE_EXT_STOP_INPUT[n] 36978 $MA_SAFE_OVR_INPUT[n] 36979 $MA_SAFE_STOP_REQUEST_EXT_INPUT 36980 $MA_SAFE_SVSS_STATUS_OUTPUT 36981 $MA_SAFE_SS_STATUS_OUTPUT 36982 $MA_SAFE_VELO_STATUS_OUTPUT[n] 36984 $MA_SAFE_EXT_PULSE_ENAB_OUTPUT 36985 $MA_SAFE_VELO_X_STATUS_OUTPUT 36986 $MA_SAFE_PULSE_ENABLE_OUTPUT 36987 $MA_SAFE_REFP_STATUS_OUTPUT 36988 $MA_SAFE_CAM_PLUS_OUTPUT[n] 36989 $MA_SAFE_CAM_MINUS_OUTPUT[n] 36990 $MA_SAFE_ACT_STOP_OUTPUT[n] Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-135 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) Until now, safety-relevant signals were processed in external logic. Function SPL, which comprises NCK-SPL and PLC-SPL greatly reduces the amount of external wiring required. The logic used up until now has been replaced by a written program (SPL). Features: * Logic operations implemented by the user are cyclically processed * Instructions are effective in all operating modes * The instructions immediately start after the control system runs-up In order to check that the two SPLs (PLC and NCK) are functioning, a cyclic data comparison between the PLC and NCK is organized by the system program. Monitoring is performed both by the NCK-CPU and the PLC-CPU independently. This involves a crosswise data comparison of the signals that are input into the SPL and the safety-relevant signals generated by the SPL as well as internal states (markers). SGEs Direct connection of max. 64 safety-related sensors (e.g.: mode switch, light barrier, EMERGENCY OFF, ...) SGEs NCK combinational logic Event and data cross-checking PLC combinational logic SGAs Connection of max. 64 safety-related actuators (e.g.: protective door locking, motor brakes, ...) SGAs SPL_12.dsf Fig. 3-32 Logic operations up to and including SW 4.4.12 Safe programmable logic Drive monitoring channel: The SGEs/SGAs can be logically combined in different ways as defined in the PLC user program and the result output at the interface or PLC I/Os. NCK monitoring channel: The SGEs/SGAs are assigned via input and output assignments that can be parameterized via machine data. The input signals can be processed by multiple distribution (1 input is assigned to several axes) and the output signals by multiple assignment (signals of several axes are assigned to 1 output). Multiple distribution/assignment can also be parameterized via machine data. Signals in this channel cannot be subject to other logic operations. 3-136 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) Logic operations from SW 4.4.18 and higher 3 Safety-Related Functions Drive monitoring channel: As before, the PLC user program defines how signals are logically combined. NCK monitoring channel: Input and output assignments as well as multiple distribution and assignment apply as before. In addition, the signals can also be processed in an NCK-SPL program that must be written. This program is written as an asynchronous sub-routine using the CNC function "synchronous actions". The input/output signals can be combined with other signals and the result output at the internal interface or NCK I/Os. An SGA can also be converted back internally to an SGE (without using an external connection). Activating The NCK-SPL is active after the control has run-up if at least 1. the functions SBH/SG and "external STOPs" have been selected via $MA_/$MD_SAFE_FUNCTION_ENABLE for at least one axis, 2. one of the NCK-SPL interfaces is used, i.e. an axial SGE/SGA has been parameterized at one of the SPL interfaces via its assignment MD or the external SPL interfaces $A_OUTSE/$A_INSE have been parameterized via MD $MN_SAFE_OUT_HW_ASSIGN/$MN_SAFE_IN_HW_ASSIGN. When PROFIsafe I/Os are used (refer to Chapter 3.12) the MD $MN_PROFISAFE_IN/OUT_ADDRESS apply. In this case, the "external STOP A" must be parameterized at the SPL interface for all of the axes that use Safety Integrated. In addition, the following machine data must be set for an error-free asynchronous sub-routine start after the NCK and the PLC have run-up: 3. $MN_ASUP_START_MASK=7: Asynchronous sub-routine can be started in all operating states of the NC (RESET/JOG/not all axes referenced/read-in inhibit active). 4. $MN_ASUP_START_PRIO_LEVEL=1: Interrupt priority, from which MD $MN_ASUP_START_MASK becomes active. Other actions to be executed: 5. A PLC-SPL has to be created and integrated into the PLC user program 6. An NCK-SPL has to be created that is then loaded into directory /_N_CST_DIR into file /_N_SAFE_SPF (= MMC view standard cycles /SAFE.SPF) Note No alarms may be present for an asynchronous sub-routine start, e.g. alarm 3000 EMERGENCY STOP. SPL start without axial safety enable To improve the procedure when commissioning a machine, an SPL can be started without the axial safety function first being enabled. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-137 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 It is, therefore, possible to handle general machine functions in the SPL (hydraulics, EMERGENCY STOP) before the axis is commissioned. This is only possible in the commissioning state of the SPL ($MN_PREVENT_SYNACT_LOCK[0,1]==0 and DB18.DBX36.0==0. The state is displayed when the SPL starts using Alarm 27095 "%1 SPL protection not activated". If an attempt is made to start the SPL in the protective state (after commissioning has been completed) without the axial safety function having been activated, then Alarm 27096 is output. The SPL is started if the SPL crosswise data comparison is not activated. Crosswise data comparison Data is cyclically exchanged between the PLC and NCK to check the operation of the two SPLs (PLC and NCK). Just the same as the comparison between the NCK and the drive, it cross-checks the signals that arrive at the SPL, the safety-relevant signals generated by the SPL as well as internal markers. The monitoring clock cycle for the crosswise data comparison of SPL variables is permanently set to 1 s (or 10 s $A_CMDSI). The following signals are included in the crosswise data comparison between the NCK and the PLC: $A_INSE[1 ... 64] $A_OUTSE[1 ... 64] $A_INSI[1 ... 64] $A_OUTSI[1 ... 64] $A_MARKERSI[1 ... 64] To ensure that this crosswise data comparison functions correctly, the user must observe the following points: Limitations 3-138 Both channels (NCK/PLC) must execute the same logic. * Cleared SPL-SGAs are the safe state of SPL. * Do not implement any response sequences or sequence controllers that are controlled externally using short input pulses. This is because short pulses of this type may only be acquired and processed in one channel because of sampling effects. * Unused inputs/outputs/markers of the SPL must be given the default value = 0, single-channel use of individual bits for non-safety-relevant purposes is not permissible. An exception is the block $A_INSI(P) (only up to SW 4.4.29, 5.3.1). Such signals are assigned the value "1" by the software in order to make it easier to combine the signals of several axes. This function must be emulated by the user on the PLC side (default of the system variables $A_INSIPD[1,2] in DB 18 during run-up with "FFFFFFFF"(H). For SW 5.3.1 and higher, the system behavior with respect to $A_INSI is exactly the same as for other system variables (can be set using MD 10095: $MN_SAFE_MODE_MASK). * External STOPs must be enabled (are also used internally) and can be extracted from the SPL if required. The "external STOP A" must be parameterized at the SPL interface for all safety axes via MD $MA_SAFE_EXT_STOP_INPUT[0]. If this condition is not fulfilled, then Alarm 27033 is output. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions * Crosswise data comparison checks whether the "commissioning phase" has been completed. If errors are detected in the crosswise data comparison, a "STOP D/E" is triggered on the NCK/611 digital depending on this criterion. If the commissioning phase has not been completed, Alarm 27095 "SPL protection not activated" is displayed once after run-up and the commissioning status between NCK and PLC cross checked. * As far as the SPL-SGAs are concerned, if an error occurs for a crosswise data comparison, then a system response is not issued. In this case, the user must program his own response in the SPL. NCK I/Os HW inputs/ ouputs NCK signal processing NCK signal processing Interface Comparator NCK SGE/SGA signals Data NCK monitoring channel Result and data cross-check Result and data cross-check Machine Drive monitoring channel HW inputs/ outputs PLC I/Os Process PLC signal processing PLC signal processing NC/PLC interface: Axis/ spindle DB Comparator Data Interface System SPL033.DSF Fig. 3-33 3.10.1 Description Communications between the NCK-611 digital PLC components NCK-SPL program The NCK-SPL program is written as an NC program (synchronous sub-routine) with synchronized actions. References: /FBSY/ Features Description of Functions, Synchronized Actions The NCK-SPL program has the following features: * The program can be started manually with NC START during commissioning. * The following applies once the program has been started: - The synchronous actions assigned an ID No. are cyclically executed in the IPO clock cycles (modal) - The synchronous actions assigned the keyword IDS remain active even after an operating mode change or NC-STOP/NC RESET (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-139 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) Protective mechanisms 11.03 - In order to check the program the status of the active synchronous actions (operating area "Machine", soft key "Synchronous actions") can be displayed. - The program can be modified during commissioning. It must then be restarted. - The NCK-SPL program is stored in the NCK path _N_CST_DIR as subroutine "_N_SAFE_SPF" (MMC view: standard cycles/SAFE.SPF). Other sub-routine names are not permitted. - The NCK-SPL program must be started after commissioning. - The images of the PLC safety variables ($A_INSIP(D), $A_OUTSIP(D), $A_INSEP(D), $A_OUTSEP(D), $A_MARKERSIP(D) ) are required for the simulation (NC side) of an SPL. These can be used to develop the SPL step-by-step. They can only be read by the NCK. * The synchronous action IDs used for the NCK-SPL are protected from being influenced by the PLC or other programs using MD $MN_PREVENT_SYNACT_LOCK. It is then no longer possible to change these synchronous actions (CANCEL, LOCK have no effect) once _N_SAFE_SPF has been started. * The system variables $A_OUTSI, $A_OUTSID, $A_OUTSE, $A_OUTSED, $A_MARKERSI, $A_TIMERSI and $A_CMDSI are protected from being written to by programs other than the (/_N_CST_DIR/_N_SAFE_SPF). If an error occurs Alarm 17070 "Channel %1 block %2 data item writeprotected" is output. * A reference checksum is calculated at run-up by the NCK-SPL (/_N_CST_DIR/_N_SAFE_SPF) that is entered into the program as a comment: Example: ; SAFE_CHECKSUM = 000476bbH The checksum is then cyclically re-calculated and compared with the reference checksum. If a deviation is detected, Alarm 27093 "Checksum error NCK-SPL, %1, %2, %3" is output. * The system variables $A_INSIP(D), $A_OUTSIP(D), $A_INSEP(D), $A_OUTSEP(D) and $A_MARKERSIP(D) are only accessible during the commissioning phase. If NCK-SPL execution is interrupted for any reason or the SI system variables are changed by another program, then this is detected by the cyclic crosswise data comparison with the PLC. 3-140 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions Table 3-56 Event Responses to SPL errors MD 11500 $MN_PREVENT_SYNACT_ LOCK[m,n] = 0 Crosswise data comparison Alarm 27090 is triggered NCK-PLC identifies an error SPL program file to be changed No response (written, deleted, renamed, edited) ! MD 11500 $MN_PREVENT_SYNACT_ LOCK[m,n] not equal to 0 Alarm 27090 is triggered and STOP D/E is also triggered Alarm 27093 is triggered Caution The protective mechanisms that prevent changes to the NCK-SPL file and the NCK-SPL statements only take effect if MD $MN_PREVENT_SYNACT_LOCK[0,1] is not equal to 0 The machine manufacturer must ensure that the protective mechanisms are activated no later than after completion of the acceptance test and the values set in MD $MN_PREVENT_SYNACT_LOCK[0,1] have been documented in the acceptance report. After commissioning has been completed, the access rights to the SAFE.SPF file must be set to the correct access level for writing/reading/deleting access operations (manufacturer or service). As long as the protective mechanisms for the NCK-SPL have not been activated (MN_PREVENT_SYNACT_LOCK[0.1] equal to 0), Alarm 27095 is displayed when crosswise data comparison between the NCK and the PLC starts. This alarm can be acknowledged with NCK key so that the SPL can be commissioned. 3.10.2 Starting the NCK-SPL using the PROG_EVENT mechanism (from SW 6.4.15) From software release 6.4.15, the NCK-SPL can be started using the PROG_EVENT mechanism. The cycle PROG_EVENT.SPF (saved under manufacturer cycles ..\DH\CMA.DIR) is started when a specific event occurs (event-controlled program call). Using the machine MD 20108 $MC_PROG_EVENT_MASK for this PROG_EVENT mechanism, certain events are enabled on a specific channel basis which then initiate that the cycle is started. The following events can be activated as start condition: * * * * Start of program End of program Operator panel reset Power-up Bit0 == 1 Bit1 == 1 Bit2 == 1 Bit3 == 1 The start condition at run-up (bit 3 ==1) must be active in order to start the NCK SPL (SAFE.SPF) via PROG_EVENT.SPF. The ability to start the NCK SPL via this mechanism as replacement for the PLC controlled call via FB4/FC9 is available from NCU system software 6.4.15 onwards. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-141 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 Note When starting the NCK-SPL (SAFE.SPF) it is important that the PROG_EVENT mechanism was started via channel 1. This must be taken into account when parameterizing the channel-specific machine data MD 20108 $MC_PROG_EVENT_MASK. Using the system variable $P_PROG_EVENT, in PROG_EVENT.SPF it can be interrogated as to which event activated the call: * * * * Start of program End of program Operator panel reset Power-up $P_PROG_EVENT == 1 $P_PROG_EVENT == 2 $P_PROG_EVENT == 3 $P_PROG_EVENT == 4 The call using FB4/FC9 in the PLC program is replaced by calling SAFE.SPF in PROG_EVENT.SPF. For the PROG_EVENT.SPF cycle, MD 11602 $MN_ASUP_START_MASK (recommended setting = 7H) is taken into account; this can be used to ignore reasons for initiating a stop for the sequence. The setting in MD 11604 $MN_ASUP_START_PRIO_LEVEL is not relevant for PROG_EVENT.SPF. SPL status signals from SW 6.4.15 In conjunction with the call of SAFE.SPF via PROG_EVENT.SPF, there are additional bits in the SPL status that can be used for synchroniziing the NCKSPL execution and the start of the PLC-SPL. DB18.DBX137.0 (status bit 8) This bit is set if the NCK-SPL was started using the PROG_EVENT mechanism. Only the start is displayed and not that SAFE.SPF was successfully executed. DB18.DBX137.5 (status bit 13) This bit is set if the end of the SAFE.SPF program is identified. In conjunction with this, the end IDs M02, M17 or M30 are permissible for SAFE.SPF as end of program. If an error occurs while executing SAFE.SPF, and the end of the program is not reached (e.g. M17), then bit 13 is not set in the SPL status. This bit can be used in the PLC user program to start the PLC-SPL. This means that the PLC-SPL only starts if the NCK-SPL was completely executed. Example for PROG_EVENT.SPF ; -------------------------------------------------------; Event-controlled program call ; PROG_EVENT.SPF under ..\DH\CMA.DIR ; -------------------------------------------------------; In machine data MD 20108: PROG_EVENT_MASK, for each specific channel it can be set as to which of the following events will enable the user program: ; ( ) start of program --> bit0 == 1 ; ( ) end of program --> bit1 == 1 ; ( ) operator panel reset --> bit2 == 1 ; (x) run-up --> bit3 == 1 3-142 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions ; ------------------------------------------------------; System variable $P_PROG_EVENT can be used to ; interrogate as to which event activated the call: ; ( ) start of program --> $P_PROG_EVENT ; ( ) end of program --> $P_PROG_EVENT ; ( ) operator panel reset --> $P_PROG_EVENT ; (x) run-up --> $P_PROG_EVENT ; == == == == 1 2 3 4 ;-------------------- Cycle definition -----------------; Suppress single block, display ;-------------------------------------------------------N100 PROC PROG_EVENT SBLOF DISPLOF ; ; NCK-SPL start ; ------------------------------------------------------N200 N300 N400 N500 N600 N700 IF ($P_PROG_EVENT == 4); interrogate run-up CALL "/_N_CST_DIR/_N_SAFE_SPF" ENDIF ... ... M17 ; end of cycle The part program SAFE.SPF is called if the system variable check $P_PROG_EVENT indicated that the part program PROG_EVENT.SPF was called when the control system ran-up. Example for SAFE.SPF A simple example for SAFE.SPF will now be shown that is started via PROG_EVENT when the system runs-up and includes status synchronous actions. ; File: SAFE.SPF ============= ; Definitions DEFINE STOP_A_DISABLE AS $A_OUTSI[1] DEFINE STOP_C_DISABLE AS $A_OUTSI[2] DEFINE STOP_D_DISABLE AS $A_OUTSI[3] ; DEFINE STOP_A_EXT AS $A_INSE[6] DEFINE STOP_C_EXT AS $A_INSE[7] DEFINE STOP_D_EXT AS $A_INSE[8] DEFINE STOP_A_XT AS $A_INSE[9] ; ; Program section N10 IDS=01 DO STOP_A_DISABLE=STOP_A_EXT N20 IDS=02 DO $A_OUTSE[1]=NOT $A_OUTSE[1] N30 M17 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-143 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3.10.3 11.03 Starting the NCK-SPL from the PLC user program Program start The NCK-SPL can also be started by the PLC user program. As soon as the NCK-SPL is started, crosswise data comparison is activated in the system program (NCK and PLC basic program). The NCK-SPL program must be started as an asynchronous sub-routine. For this, the interrupt number and channel must first be assigned via FB4 using function ASUP (asynchronous subroutine), via parameter PIService="PI.ASUP". As soon as FB4 has been successfully completed (output parameter "Done"=TRUE) the program is executed via FC9 "ASUP". Starting the PLC-SPL The PLC-SPL has started in the PLC user program in conjunction with the start of the NCK-SPL via FB4/FC9 if the FC9 has signaled successful execution and identified that the end of SAFE.SPF has been reached via a signal in SAFE.SPF (e.g. $A_PLCSIOUT variable, M function or, from SW 6.4.15 onwards, SPL status bit 13 (DB18.DBX137.5)). SPL status signals There is an additional bit in the SPL status that can be used to synchronize NCK-SPL execution and the start of the PLC-SPL. DB18.DBX137.5 (status bit 13) (from SW 6.4.15) This bit is set if the end of the SAFE.SPF program is identified. In conjunction with this, the end IDs M02, M17 or M30 are permissible for SAFE.SPF as end of program. If an error occurs while executing SAFE.SPF, and the end of the program is not reached (e.g. M17), then bit 13 is not set in the SPL status. This bit can be used in the PLC user program to start the PLC-SPL. This means that the PLC-SPL only starts if the NCK-SPL was completely execution. Parameterizing FB 4 FB 4 may only be started in the cyclic mode (OB 1) Table 3-62 Signal Reg PIService Unit WVar1 WVar2 WVar3 WVar4 Addr1 Addr2 Parameterizing FB 4 Type Value range Meaning ANY INT INT INT INT INT STRING STRING Assign interrupt Channel Interrupt number Priority LIFTFAST BLSYNC NCK-SPL path name NCK-SPL program name PI.ASUP 1 to 10 [1] [1] [1] 0/1 [0] 0/1 [0] '/_N_CST_DIR/' '_N_SAFE_SPF' [values in brackets are default values for the call] Parameterizing FC 9 3-144 Table 3-63 Signal Start ChanNo IntNo Active Parameterizing FC 9 Type Value range I Bool I Int 1 to 10 [1] I Int 1 - 8 [1] O Bool Remarks No. of NC channel Interrupt no. 1 = active (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) Done Error O O 3 Safety-Related Functions Bool Bool 1 = ASUB terminated [values in brackets are default values for the call] 3.10.4 Linking the NCK-SPL to the I/O and monitoring channel Access to the I/O and the link to the NCK monitoring channel are illustrated in the diagram below. Description MD 10090: $MN_SAFE_IN_HW_ASSIGN[n], n = 0 ... 3 external I/Os internal I/Os I1 $A_INSE[1] $A_OUTSI[1] I2 ... ... $A_INSE[64] $A_OUTSI[64] HW I/Os ... In O1 O2 ... On $A_OUTSE[1] ... $A_OUTSE[32] $A_OUTSE[33] ... $A_OUTSE[64] internal SGE NCK SGA monitoring channel SGE... SGE... SGE... NCK-SPL $A_INSI[1] ... per axis/spindle SGE... SGA... SGA... SBH/SG SE SN Monitoring comparators SGA... $A_INSI[64] SGA... MD 10092: $MN_SAFE_OUT_HW_ASSIGN[n], n = 0 ... 7 Fig. 3-34 SPL_01.DSF Input/output variables for the NCK-SPL System variables The following system variables are available for binary and double-wordoriented access (32 bits) to the NCK-SPL interfaces: Table 3-57 System variables for the NCK-SPL System variables Description Binary Word-oriented $A_INSE[1 ... 64] $A_INSED[1..2] System variable for external inputs $A_OUTSE[1 ... 64] $A_OUTSED[1..2] System variable for external outputs $A_INSI[1 ... 64] $A_INSID[1..2] System variable for internal inputs $A_OUTSI[1 ... 64] $A_OUTSID[1..2] System variable for internal outputs Note: Reading/writing of wordwise (word-serial) variables is the same as access to the binary variables. The variables shown here and other variables are described later on in this section. Linking to the I/Os The following machine data is available for linking to the I/Os (external inputs/outputs) (cf. diagram above): (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-145 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 MD 10390: $MN_SAFE_IN_HW_ASSIGN[n] (assigning an input module to the external SPL inputs $A_INSE[1 ... 64]) MD 10392: $MN_SAFE_OUT_HW_ASSIGN[n] (assigning an output module to the external SPL outputs $A_OUTSE[1 ... 64]) Overview of MD for 840D Table 3-58 Overview of machine data for 840D Number Name 10390 $MN_SAFE_ IN_HW_ASSIGN[n] 10392 $MN_SAFE_OUT_HW_ASSIGN[n] 11500 $MN_PREVENT_SYNACT_LOCK[m,n] Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" NCU-local binary inputs/outputs (SW 6.3.21 and higher) The NCU-local binary I/O signals connected at the cable distributor of the NCU box (X121 interface) have only been available via the system variables $A_OUT[1...4] and $A_IN[1...4]. Now, both the SPL SGEs/SGAs and the axial SGEs/SGAs have been extended in the parameterization to allow local NCU connections to be used. Parameterization of the connections is carried out via the MD $MN_SAFE_IN/OUT_HW_ASSIGN for SPL SGEs/SGAs and the axial MD $MA_SAFE_<signal>_INPUT/OUTPUT. Here, a "0" must be entered as segment data for I/O modules on the 611 digital bus instead of a "1". Changing machine data 3-146 In MD $MN_SAFE_IN_HW_ASSIGN = i s mm xx nn, the distinction is made in the value s (segment number) between parameterization of a system variable and a hardware terminal. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3.10.5 3 Safety-Related Functions Diagnostics/commissioning The system variables $A_INSIP(D), $A_OUTSIP(D), $A_INSEP(D) and $A_OUTSEP(D), as well as $A_MARKERSIP(D) are used for diagnostics and to commission the NCK-SPL. These system variables represent the PLC-side input data for crosswise data comparison. They are updated every IPO cycle. They can also be used to access the crosswise data comparison on the PLC side from the NC. This helps when commissioning the SPL: * Temporarily bypass the crosswise data comparison function * Simulate NCK-SPL to the process and to the NCK monitoring channel. To do this, the relevant PLC images are written to the variables $A_OUTSED and $A_OUTSID while no NCK-SPL exists. This means that the NCK-SPL can be commissioned step-by-step. This data can only be accessed during the commissioning phase. In order to allow the SPL to be commissioned without the crosswise data comparison constantly responding, the following minimum NCK-SPL can be installed in this phase: ; Simulate external SPL interface IDS = 03 DO $A_OUTSED[1] = $A_OUTSEPD[1] IDS = 04 DO $A_OUTSED[2] = $A_OUTSEPD[2] ; Simulate internal SPL interface IDS = 07 DO $A_OUTSID[1] = $A_OUTSIPD[1] IDS = 08 DO $A_OUTSID[2] = $A_OUTSIPD[2] ; Emulate PLC markers (for all markers used in the PLC) IDS = 09 DO $A_MARKERSID[1] = $A_MARKERSIPD[1] IDS = 10 DO $A_MARKERSID[2] = $A_MARKERSIPD[2] ; End of program M17 These instructions simulate the output interfaces of the NCK-SPL and therefore "bypass" the crosswise data comparison. ! Warning The logic used in this phase has a single channel structure and is therefore not safe as defined in control Category 3! The described minimum NCK-SPL must be replaced by a full NCK-SPL without any access to $A_INSIP(D), ..., $A_MARKERSIP(D) when the PLC side is completed. Other diagnostic aids: * $A_STATSID: A value not equal to 0 means that an error has occurred in the crosswise data comparison. The error numbers are selected in the same way as on the PLC side (refer to Chapter 3, "PLC-SPL program"). * $A_CMDSI[n]: n=1: 10-fold change timer value for long forced checking procedure pulses and/or single-channel test stop logic. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-147 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 * $A_LEVELSID: indicates for how many signals different levels can currently be detected on the NCK and PLC side. * In addition, other NC variables or free R parameters can be written to monitor internal states of the SPL. The following applies to all system variables of the NCK-SPL outputs: They can be written from and read back to the SPL program. 3.10.6 Safe software relay (from SW 6.3.30) The standard SPL module "safe software relay" is designed to meet the requirements of an emergency stop function with safe programmable logic. However, it can also be used to implement other similar safety functions, e.g. control of a protective door. Parameter FirstRun must be switched to the value TRUE via a retentive data (memory bit, bit in data block) at the first run-through after the control has run-up. The data can be preset, e.g. in OB 100. The parameter is reset to FALSE when FB 10 is executed for the first time. Separate data must be used for parameter FirstRun for each call with separate instance. OR Q1 Q2 AND A0 AND TM1 CMP >= Timer1 E1 Zeitmessung fallende bis steigende Flanke AND t4 E2 E3 A1 t4i Timer2 A2 E_AND TI1 TI2 Timer3 A3 TI3 Fig. 3-35 3-148 Function chart of the "safety relay" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions The following circuit applies: Three disable inputs E1 to E3 Two acknowledgement inputs Q1 and Q2 Three timer initialization values TI1 to TI3 One timer value TM1 Four output values A0 to A3 Initialization in the part program If one of these inputs is set to 0, the direct output A0 is set to 0. Outputs A1 to A3 switch with the delay of timer 1.3. If one of these inputs is not used, then it is internally set to "1" as static signal. One of these inputs must also be used to initiate the test operation for the safety relay (forced checking procedure). Q1 must be supplied with the signal from the real acknowledgement. Q2 is only used to automatically acknowledge the safe software relay as part of the forced checking procedure. The software relay itself does not have to be subject to a forced checking procedure. However, if the Emergency Stop function is executed and if external actuators must be subject to a forced checking procedure, then if the relay drops-out during the Emergency Stop test then it can be acknowledged using Q2 (in a defined time window, refer to TM1). Also this input must be connected with a safety system variable (also if the signal is not used) - preferably with a $A_MARKERSI - in order to detect that this acknowledge signal is available as steady-state signal in the crosswise data comparison with the PLC. The associated comparison data in the PLC must have a steadystate 0 signal level (error detection using different states of the particular SPL marker for the PLC and NCK. The times after which outputs A1 to A3 are switched to 0 given a negative edge in output signal A0 are defined here. This limit value is used to define the maximum time that the shutdown inputs E1 to E3 (and their AND logic operation) may have been to a 0 signal level so that they can still be acknowledged using Q2. This therefore guarantees that Q2 can only be effective as automatic acknowledgement for the forced checking procedure within a defined time window after the relay has dropped-out (been de-energized). It is not permissible that Q2 is used to acknowledge a "real" shutdown. A0 supplies the result of ANDing E1 to E3 without delay. Outputs A1 to A3 supply the same result for positive edges of A0; for negative edges, the results are delayed by the timer initialization TI1 to TI3. A0 to A3 do not produce a result after startup until an acknowledgement has been received via Q1. On initialization, the connection is defined for the function block. The inputoutput variables of the function block are assigned to the required system variables ($A_MARKERSI, $A_INSE, $A_OUTSE,...). The following functions must be called: SIRELIN: This language command assigns the input variables Q1, Q2, E1, E2 and E3 to the safety relay x (x = 1..4). The return value contains the number of the first incorrect parameter; the value 0 indicates that the parameter assignment is correct. Syntax: SIRELIN(x,status,"Q1","Q2","E1","E2","E3") (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-149 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 The transfer parameters Q1 to E3 are strings and must therefore be placed in quotation marks (" "). The following system variables are permissible as input variables: $A_MARKERSI[ ] $A_INSE[ ] $A_INSI[ ] $A_OUTSE[ ] $A_OUTSI[ ] E2 and E3 are optional. If these parameters are not entered, the relevant inputs are set statically to "1". SIRELOUT: This language command assigns the output variables A0, A1, A2 and A3 to safety relay x (x = 1..4). The return value contains the number of the first incorrect parameter; the value 0 indicates that the parameter assignment is correct. Syntax: SIRELOUT(x,status,"A0","A1","A2","A3") The transfer parameters must be placed in quotation marks (" "). The following system variables are permissible as output quantities: $A_MARKERSI[ ] $A_OUTSE[ ] $A_OUTSI[ ] $A_PLCSIOUT[ ] A1 to A3 are optional. If these parameters are not specified, the corresponding outputs are not supplied. However, if A1 is specified, the initialization value for timer 1 (TI1) must also be parameterized via SIRELTIME. The same applies for A2 and timer 2 (TI2) and A3 and timer 3 (T!3). SIRELTIME: This language command assigns the times for the required timers to safety relay x (x = 1..4). These are the timer limit TM1 and the timer initialization values TI1, TI2 and TI3. The return value contains the number of the first incorrect parameter; the value 0 indicates that the parameter assignment is correct. Syntax: SIRELTIME(x,status,TM1,TI1,TI2,TI3) The transfer parameters TM1 to TI3 are REAL numbers (times in seconds). TI1 to TI3 are optional. If these parameters are not specified, the corresponding outputs A1 to A3 are not supplied. However, if TI1 is specified, output A1 must also be parameterized via SIRELOUT. The same applies for TI2 and A2, as well as TI3 and A3. Notes Cyclic sequence 3-150 * The initialization language commands must be included directly in the part program (e.g. SAFE.SPF); they may not be used in synchronized actions! If this condition is not adhered to, Alarm 12571, "Channel 1 Block %2 %3 not permitted in synchronized motion" is triggered. * As described above, there is an interdependency between the number of optional parameters for the language commands SIRELTIME and SIRELOUT. This interdependency is checked in the language command that comes later in the part program sequence. If, for example, A2 is no longer parameterized in SIRELOUT, but TI2 is specified in SIRELTIME, then this parameter is identified as being incorrect! The correctly timed call in the SPL is made using the language command SIRELAY. No calling parameter is required in the cyclic section except for the selection of the desired relay x (x = 1..4). Initialization must be carried out beforehand. If this is not done correctly, then this is indicated in the return value (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions of the language command SIRELAY. The cyclic section must be integrated in the synchronized actions of the SPL. Syntax: status = SIRELAY(x ) The following values are possible for status: Return value status 1 2 3 4 5 6 7 Meaning The input quantity of the safety relay is not parameterized or not correctly parameterized. Remedy: Call SIRELIN with correct parameterization The output quantities of the safety relay are not parameterized or not correctly parameterized. Remedy: Call SIRELOUT with correct parameterization The input and output quantities of the safety relay are not parameterized or not correctly parameterized. Remedy: Call SIRELIN and SIRELOUT with correct parameterization The timers of the safety relay are not parameterized or not correctly parameterized. Remedy: Call SIRELTIME with correct parameterization The input quantities and timers of the safety relay are not parameterized or not correctly parameterized Remedy: Call SIRELIN and SIRELTIME with correct parameterization The output quantities of the safety relay are not parameterized or not correctly parameterized Remedy: Call SIRELOUT and SIRELTIME with correct parameterization The initialization of the safety relay was not carried-out or not correctly carried-out. Remedy: Call SIRELIN, SIRELOUT and SIRELTIME with correct parameterization Notes on possible alarms Forced checking procedure 1. The SIRELAY call must be made in the NCK-SPL (program SAFE.SPF), since the allocation of the output variables corresponds to the write access operations to safety system variables. If the call comes from a different program, Alarm 17070 "Channel %1 Block %2 Data writeprotected" is triggered. 2. The SIRELAY call must be included in a synchronized action. If this condition is not satisfied, Alarm 12080 "Channel %1 Block %2 Syntax error for text SIRELAY" is triggered. 3. If Parameter x contains a value that lies outside the range 1 to 4, Alarm 20149 "Channel %1 Block %2 Motion synchronous action: Invalid index" is triggered. When the safety relay is tested, acknowledgement input Q2 and one of the three disable inputs (E1, E2 or E3) must be used. Q2 must be connected to a safety marker ($A_MARKERSI[ ]) and may only be set briefly (< 1s) to 1. One of the three inputs E1 to E3 can be used (e.g. from the PLC) with a short falling edge to check that the safety relay has dropped-out. The 0 signal level may not be present for longer that the time parameterized in TM1. The maximum value for TM1 is 1s, as otherwise the crosswise data comparison between NCK and PLC-SPL would detect an error. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-151 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 The acknowledgement input Q2 can only be used if the measured time t4 is shorter than TM1. This prevents a queued shutdown operation being acknowledged externally via the test acknowledgement input. If A0 is 1 at the time of the falling edge of E_AND (= ANDing of E1, E2 and E3), the time t4i is allocated the measured time t4. For further measurements, while A0 remains at 0, a t4i is only re-saved if the measured time t4 is greater than the old value of t4i. Limitations The language commands SIRELIN, SIRELOUT and SIRELTIME may not be used in synchronized actions. The language command SIRELAY may only be used in synchronized actions of the SPL (SAFE.SPF). The connection must be specified beforehand using the language commands SIRELIN, SIRELOUT and SIRELTIME. Example Example of an Emergency Stop implemented using NCK-SPL in SAFE.SPF: DEF INT RESULT_IN, RESULT_OUT, RESULT_TIME N10 DEFINE IE_NH_E AS $A_INSE[1] N20 DEFINE IE_NH_Q AS $A_INSE[2] N30 DEFINE MI_NH_Q AS $A_MARKERSI[1] N40 DEFINE MI_C_ABW AS $A_MARKERSI[2] N50 DEFINE MI_A_ABW_A AS $A_MARKERSI[3] N60 DEFINE MI_A_ABW_S AS $A_MARKERSI[4] N70 DEFINE M_STATUS_1 AS $AC_MARKER[1] ;------------------------------------------------------------------------------------------N200 SIRELIN(1,RESULT_IN,"IE_NH_Q","MI_NH_Q","IE_NH_E") N210 SIRELOUT(1,RESULT_OUT,"MI_C_ABW","MI_A_ABW_A","MI_A_ABW_S") N220 SIRELTIME(1,RESULT_TIME,0.4, 2.2, 3.5) ;--------------------------------------------------------------------------------------------N300 IDS=10 DO M_STATUS_! = SIRELAY(1) ;--------------Error handling------------------------------------------------------N310 IDS=11 EVERY M_STATUS_1 < > DO . . . . . . FUNCTION_BLOCK FB 10 Declaration of the function VAR_INPUT In1 : BOOL := True ; //Input 1 In2 : BOOL := True ; //Input 2 In3 : BOOL := True ; //Input 3 Quit1 : BOOL ; //Quit1 Signal Quit2 : BOOL ; //Quit2 Signal TimeValue1 : TIME := T#0ms ; //TimeValue for Output 1 TimeValue2 : TIME := T#0ms ; //TimeValue for Output 2 TimeValue3 : TIME := T#0ms ; //TimeValue for Output 3 END_VAR VAR_OUTPUT Out0 : BOOL ; //Output without Delay Out1 : BOOL ; //Delayed Output to False by Timer 1 Out2 : BOOL ; //Delayed Output to False by Timer 2 Out3 : BOOL ; //Delayed Output to False by Timer 3 END_VAR VAR_INOUT FirstRun: BOOL ; //True by User after 1. Start of SPL END_VAR 3-152 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions The following table shows all formal parameters of the SI relay function. Signal Type Remarks In1 I BOOL Input 1 In2 I BOOL Input 2 In3 I BOOL Input 3 Quit1 I BOOL AcknowledgeInput 1 Quit2 I BOOL AcknowledgeInput 2 TimeValue1 I TIME Time value 1 for switch-off delay TimeValue2 I TIME Time value 2 for switch-off delay TimeValue3 I TIME Time value 3 for switch-off delay Out0 O BOOL Output undelayed Out1 O BOOL Output delayed by TimeValue1 Out2 O BOOL Output delayed by TimeValue2 Out3 O BOOL Output delayed by TimeValue3 FirstRun I/O BOOL Activation of initial setting Note The block must be called cyclically by the user program when the PLC program is started. The user must provide an instance DB with any number for this purpose. The call is multi-instance-capable. 3.10.7 System variables for SINUMERIK 840D The following system variables can only be used in combination with (R) SINUMERIK Safety Integrated. They are used when programming the safe programmable logic (SPL). A detailed description of the system variables is provided in Chapter 4.4.2. . Table 3-59 Overview of system variables System variables Meaning Actual position $VA_IS[Axis] $AA_IM[Axis] $VA_IM[Axis] Value range Safe actual position for Safety Integrated Actual position for closed-loop control Encoder actual value in the machine coordinate system Error status $A_XFAULTSI The crosswise data comparison between NCK and 611D of any axis has detected an actual value error $VA_XFAULTSI[Axis The crosswise data comparison for name] this axis between NCK and 611D has detected an actual value error $VA_STOPSI Actual Safety Integrated Stop for the particular axis $A_STOPESI Actual Safety Integrated Stop E of any axis Internal SPL inputs/outputs $A_INSI[n] NCK input $A_INSID[n] NCK inputs n = 1, 2, ... 64 stands for No. of input n = 1, 2 Data type Possible access with Part Synchr. program action l s l s DOUBLE x x DOUBLE DOUBLE x x x x INT x x INT x x INT x x INT x x BOOL x x INT x x (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-153 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 System variables Meaning Value range Data type $A_INSIP[n] $A_INSIPD[n] $A_OUTSI[n] Image of the PLC input Image of the PLC inputs NCK output n = 1,2, ...64 n = 1, 2 n = 1, 2, ... 64 stands for No. of output n = 1, 2 n = 1, 2, ... 64 n = 1, 2 BOOL INT BOOL Possible access with Part Synchr. program action l s l s x x x x x x x x INT BOOL INT x x x n = 1, 2, ... 64 stands for No. of input n = 1, 2 n = 1, 2, ... 64 stands for No. of input n = 1, 2 n = 1, 2, ... 64 stands for No. of output n = 1, 2 n = 1, 2, ... 64 stands for No. of output n = 1, 2 BOOL x x INT BOOL x x x x INT BOOL x x INT BOOL x x INT x NCK outputs $A_OUTSID[n] Image of the PLC output $A_OUTSIP[n] Image of the PLC outputs $A_OUTSIPD[n] External SPL inputs/outputs NCK input $A_INSE[n] $A_INSED[n] $A_INSEP[n] NCK inputs Image of PLC input $A_INSEPD[n] $A_OUTSE[n] Image of PLC inputs NCK output $A_OUTSED[n] $A_OUTSEP[n] NCK outputs Image of a PLC output Image of the PLC outputs $A_OUTSEPD[n] SPL markers and timers Markers $A_MARKERSI[n] $A_MARKERSID[n] $A_MARKERSIP[n] $A_MARKERSIPD[n] $A_TIMERSI[n] Markers (SW 4.4.18 and higher) Image of the PLC markers Image of PLC the markers) (SW 4.4.18 and higher) Timers $A_STATSID Crosswise data comparison error triggered when value is not equal to 0 $A_CMDSI 10-fold change timer value for long forced checking procedure pulses and/or single-channel test stop logic. Crosswise data comparison stack level display: Number of signals for which NCK and PLC detect different signals $A_LEVELSID $A_PLCSIIN $A_PLCSIOUT Single-channel communication between NCK and PLC-SPL Single-channel communication between NCK and PLC-SPL x x x x x x x x x x x x x x n = 1, 2, ... 64 stands for No. of marker n = 1, 2 BOOL x x x x INT x x x x n = 1,2, ...64 n = 1, 2 BOOL INT x x n = 1, 2...16 stands for No. of timer n = 0 Error not triggered n = 1 Error triggered Bit 0 = 1 10-fold time active 0...320 REAL x INT x BOOL x INT x x BOOL x x BOOL x x x x x x x x x x x Note: l -> read, s -> write An implicit pre-run stop is generated Only permitted in the commissioning phase 3-154 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3.10.8 3 Safety-Related Functions Behavior after POWER ON/operating mode change/reset 1. After the system has run-up the following Safety Integrated system variables are assigned the value zero: $A_INSE(D), $A_OUTSE(D), $A_OUTSI(D), $A_MARKERSI(D), $A_INSEP(D), $A_OUTSEP(D), $A_OUTSIP(D), $A_MARKERSIP(D). 2. If logic combinations from the SGAs to the SPL interface $A_INSI(D) are parameterized using axial MDs, these system variables are pre-assigned the value "1" at run-up (up to SW 4.4.29, 5.31). The double-word values are: $A_INSI[1...32] uses $A_INSID[1] pre-assigned FFFF FFFF (H). $A_INSI[33...64] uses $A_INSID[2] pre-assigned FFFF FFFF (H). This behavior must be emulated in the PLC-SPL. With SW 4.4.29, 5.3.1 and higher, the system behavior with respect to $A_INSI is exactly the same as for other system variables. 3. Pre-assignments of other variables before cyclic processing of the NCKSPL starts can be programmed in the same part program as the NCK-SPL itself. To ensure that the pre-assignment instructions are only performed once, they must use the following syntax: IDS=<no> WHEN TRUE DO <run-up instructions> The events "operating mode change" and "reset" have no effect on the processing of the NCK-SPL with identifier IDS. 4. Several run-up instructions can be programmed in one block. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-155 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3.10.9 11.03 SPL data on the PLC side The safe programmable logic of the PLC (PLC-SPL) is a sub-function of the safety functions integrated in the SINUMERIK. The signals of the PLC-SPL are located in DB18 and are sub-divided into Signals Parameterization part 1. Parameterization part and 2. Data area/status. The link to the I/Os (external inputs/outputs) is implemented by parameterization data INSEP_ADDR[1...8] and OUTSEP_ADDr[1...8] in combination with the activation bits INSEP_VALID[1...8] and OUTSEP_VALID[1...8]. The data area INSEP[1...64]/OUTSEP[1...64] is assigned to the input/output image using this parameterization data. The data areas are assigned byte-by-byte (byte-serial) and in any order. INSEP_VALID / OUTSEP_VALID = TRUE: When activation bits INSEP_VALID[1...8] and OUTSEP_VALID[1...8] are set to TRUE the parameterized inputs/outputs are transferred to the relevant data area INSEP / OUTSEP by the basic program. INSEP_VALID / OUTSEP_VALID = FALSE: If an activation signal is FALSE, there is no transfer in the associated INSEP/OUTSEP data byte. In this case, the supply of this data byte can be organized by the user program. SPL_READY: The SPL_READY = TRUE signal indicates that the commissioning phase has been completed, i.e. if a crosswise data comparison error has occurred, the basic program sends a "STOP D/E" to all the axes. Data area/status SPL_DATA The useful (net) data for the PLC-SPL is contained in the SPL_DATA structure. The useful data area is sub-divided into internal inputs/outputs and marker areas and external inputs/outputs that correspond to the hardware I/Os. With appropriate parameterization and external inputs/outputs, the basic program transfers the input image of the I/Os to the external inputs in DB 18 and from the external outputs in DB 18 to the peripheral output. SPL_DELTA: The SPL_DELTA area is used for diagnostics. A signal with the status TRUE in this area means that the signal is different in the NCK and PLC at this bit position. CMDSI: Signal CMDSI can be used to extend the timeout value in the crosswise SPL data comparison by a factor of 10. This extension is used for long forced checking procedure pulses or single-channel test stop logic functions. STATSI: A crosswise data comparison error is indicated in STATSI. STATSI contains the number of the signal whose difference caused this error. The error number (1- 320) refers to SPL_DATA as an array with 5x64=320 signals. 3-156 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions LEVELSI: LEVELSI is used for diagnostics and indicates how many signals with different signal levels are present. PQB QB PIB IB Transfer via basic program DB18 parameterization part INSEP_Valid OUTSEP_Valid INSEP_ADDR OUTSEP_ADDR DB18 data area SPL_DATA.INSEP SPL_DATA.OUTSEP SPL_DATA.INSIP PLC-SPL SPL_DATA.OUTSIP Data cross check SPL_DATA.MARKERSIP PLC_SPL3.DSF Fig. 3-36 Mode of operation of the PLC-SPL program with DB 18 Configuring sensors Sensors with exclusive OR'ed output signals must be configured in such a way that in the safe state the 0 level is present on the NCK side and the 1 level on the PLC side. The PLC-SPL program must invert the sensor signal so that the same level appears in DB18 as is active on the NCK side. Otherwise the crosswise data comparison function would indicate an error. Transfer into the DB18 must be performed by the user program for such signals because the basic program can only copy but it cannot invert. Crosswise data comparison The crosswise data comparison between the PLC and NCK is performed cyclically. If a difference is detected, Alarm "error for crosswise data comparison NCK-PLC" is output. A STOP D/E is also triggered internally. The crosswise data comparison between the PLC and the NCK includes all signals that are received at the SPL, signals generated by the SPL and internal states of the SPL: SPL_DATA.INSEP[1...64] SPL_DATA.OUTSEP[1...64] SPL_DATA.INSIP[1...64] SPL_DATA.OUTSIP[1...64] SPL_DATA.MARKERSIP[1...64] Criterion "commissioning phase must have been completed" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-157 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 The criterion "commissioning phase must have been completed", is derived from the NCK MD $MN_PREVENT_SYNACT_LOCK[0,1] in the NCK. If one of the two field entries is not equal to 0, "commissioning phase completed" is set internally by the crosswise data comparison. On the PLC side, this criterion is entered using DB18.DBX36.0. If this bit is set to "1", then the commissioning phase is considered to have been completed. Any changes to data on the NCK and PLC side do not take effect until after power on. 3.10.10 Direct communications between the NCK and PLC-SPL (from SW 6.3.30) In SPL applications, a certain degree of single-channel communications between the two SPLs (NCK and PLC) is always required in addition to the two-channel connection of safety-relevant switching elements. The test stop and emergency stop acknowledgement are typical applications. There are various ways to do this today: 1. The NCK and PLC are connected via external wiring 2. Communications via simulated NCK I/Os ($A_OUT/$A_IN; DB10) 3. Communications via FC21 and NCK system variables $A_DBB etc. The availability of these communication paths depends on the functional scope of the machine. VDI-Nahtstelle PLC NCK $A_OUT $A_IN DB10.DBDxxx DB10.DBDxxx FC21 $A_DBB $A_DBW $A_DBD SPL $A_PLCSIOUT DB18.DBD128 $A_PLCSIIN DB18.DBD132 DMP-Peripherie Fig. 3-37 3-158 SPL PLC-Peripherie Communication paths NCK-PLC (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions In order to be able to exchange SI-specific signals between the NCK and PLC in a dedicated data area, a corresponding communication interface has been introduced for these components. This allows SI applications running on the NCK and PLC (SPL) to be able to communicate in separate data areas that cannot be occupied by other system functions. On the PLC side, this interface represents an extension of DB18; on the NCK side, new system variables have been introduced for this interface and these are available to the user. The meanings of the individual bits in this interface are defined by the user. NCK $A_PLCSIOUT[1...32] $A_PLCSIIN[1...32] PLC DB18.DBD128 DB18.DBD132 32 bits from NCK to PLC 32 bits from PLC to NCK For status queries on the PLC side, DB18 is supplemented by the SPL run-up status already displayed on the NCK in the SI service display NCK - Limitations PLC DB18.DBW136 Bit 16 run-up status System variables $A_PLCSIOUT[1...32] and $A_PLCSIIN[1...32] are protected against access from other programs, except the NCK-SPL program (SAFE.SPF). A corresponding programming command is rejected with the Alarm 17070 "Channel %1 Block %2 Data write-protected". (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-159 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 3.10.11 PLC data block (DB 18) Parameterization part DB18 Data block Byte DBB 0 Signals for Safety SPL Bit 1 Bit 0 6th input byte Interface PLC -----> PLC Bit 4 Bit 3 Bit 2 INSEP Valid (GultigBit) 5th input 4th input 3rd input byte byte byte 2nd input byte 1st input byte 6th output byte OUTSEP Valid (valid bit) 5th output 4th output 3rd output byte byte byte 2nd output byte 1st output byte Bit 7 Bit 6 Bit 5 8th input byte 7th input byte 8th output byte 7th output byte DBB 1 DBB 2 DBB 3 INSEP_ADDR (Address 1st input byte) DBW 4 INSEP_ADDR (Address 2nd input byte) DBW 6 INSEP_ADDR (Address 3rd input byte) DBW 8 INSEP_ADDR (Address 4th input byte) DBW 10 INSEP_ADDR (Address 5th input byte) DBW 12 INSEP_ADDR (Address 6th input byte) DBW 14 INSEP_ADDR (Address 7th input byte) DBW 16 INSEP_ADDR (Address 8th input byte) DBW 18 OUTSEP_ADDR (Address 1st output byte) DBW 20 OUTSEP_ADDR (Address 2nd output byte) DBW 22 OUTSEP_ADDR (Address 3rd output byte) DBW 24 OUTSEP_ADDR (Address 4th output byte) DBW 26 OUTSEP_ADDR (Address 5th output byte) DBW 28 OUTSEP_ADDR (Address 6th output byte) DBW 30 OUTSEP_ADDR (Address 7th output byte) DBW 32 OUTSEP_ADDR (Address 8th output byte) DBW 34 Stop E SPL_READY DBB 36 DBB 37 3-160 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions Data area/errors DB18 Data block Byte Signals for Safety SPL Interface PLC <---> NCK Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Data area of SPL inputs/outputs SPL_DATA.INSEP [1 .. 32] Bit 1 Bit 0 DBD 38 SPL_DATA.INSEP [33 .. 64] DBD 42 SPL_DATA.OUTSEP [1 .. 32] DBD 46 SPL_DATA.OUTSEP [33 .. 64] DBD 50 Data area for user SPL SPL_DATA.INSIP [1 .. 32] DBD 54 SPL_DATA.INSIP [33 .. 64] DBD 58 SPL_DATA.OUTSIP [1 .. 32] DBD 62 SPL_DATA.OUTSIP [33 .. 64] DBD 66 SPL_DATA.MARKERSIP [1 .. 32] DBD 70 SPL_DATA.MARKERSIP [33 .. 64] DBD 74 Difference in level NCK - PLC for diagnostics SPL_DELTA.INSEP [1 .. 32] DBD 78 SPL_DELTA.INSEP [33 .. 64] DBD 82 SPL_DELTA.OUTSEP [1 .. 32] DBD 86 SPL_DELTA.OUTSEP [33 .. 64] DBD 90 SPL_DELTA.INSIP [1 .. 32] DBD 94 SPL_DELTA.INSIP [33 .. 64] DBD 98 SPL_DELTA.OUTSIP [1 .. 32] DBD 102 SPL_DELTA.OUTSIP [33 .. 64] DBD 106 SPL_DELTA.MARKERSIP [1 .. 32] DBD 110 SPL_DELTA.MARKERSIP [33 .. 64] DBD 114 CMDSI DBB 118 DBB 119 DBD 120 DBD 124 Error number 0 = no error 1 - 320 = signal number starting from SPL_DATA.INSEP[1] Crosswise data comparison stack level display (Diagnostics capability: How many SPL signals currently have different levels) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-161 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 Additional data areas DB18 Data block Byte Signals for Safety SPL Bit 7 Bit 6 Bit 5 Interface PLC <---> NCK Bit 4 Bit 3 Bit 2 Data area of single-channel inputs/outputs $A_PLCSIOUT [1 .. 8] Bit 1 Bit 0 DBB 128 $A_PLCSIOUT [9 .. 16] DBB 129 $A_PLCSIOUT [17 .. 24] DBB 130 $A_PLCSIOUT [25 .. 32] DBB 131 $A_PLCSIIN [1 .. 8] DBB 132 $A_PLCSIIN [9 .. 16] DBB 133 $A_PLCSIIN [17 .. 24] DBB 134 $A_PLCSIIN [25 .. 32] DBB 135 SPL status DBW 136 DBB 138 8th input byte 7th input byte 6th input byte PROFIsafe module(s) for 5th input 4th input byte byte 3rd input byte 2nd input byte 1st input byte 8th output byte 7th output byte 6th output byte PROFIsafe module(s) for 5th output 4th output byte byte 3rd output byte 2nd output byte 1st output byte DBB 139 DBB 140 DBB 141 DBB 142 to DBB 149 DBB 150 DBB 157 DBB 158 to DBB 188 3-162 Test stop data (being prepared) Number of axes per test stop block 1 (NoOfAxisPerBlock[1]) Number of axes per test stop block 8 (NoOfAxisPerBlock[8]) Pointer to axis table 1 (BlockPointer[1]) Pointer to axis table 8 (BlockPointer[8]) Safety axis table (AxisTable[1]) 1st axis Safety axis table (AxisTable[31]) 31st axis (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions SPL status signals for DB18.DBW136 DB18.DBX136.0 DB18.DBX136.1 DB18.DBX136.2 DB18.DBX136.3 DB18.DBX136.4 DB18.DBX136.5 DB18.DBX136.6 DB18.DBX136.7 DB18.DBX137.0 DB18.DBX137.1 DB18.DBX137.2 DB18.DBX137.3 DB18.DBX137.4 DB18.DBX137.5 DB18.DBX137.6 DB18.DBX137.7 Table 3-61 DB18 Signal SPL_STATUS[1] SPL_STATUS[2] SPL_STATUS[3] SPL_STATUS[4] SPL_STATUS[5] SPL_STATUS[6] SPL_STATUS[7] SPL_STATUS[8] SPL_STATUS[9] SPL_STATUS[10] SPL_STATUS[11] SPL_STATUS[12] SPL_STATUS[13] SPL_STATUS[14] SPL_STATUS[15] SPL_STATUS[16] NCK-PLC interface parameterized NCK-PLC program file exists NCK waits until the PLC has run-up NCK-PLC in cyclic mode Call FB4 processing for SPL End FB4 processing on NCK Call FC9 processing for SPL End FC9 processing on NCK SPL started via PROG_EVENT mechanism (from SW 6.4.15) Crosswise data comparison NCK started Crosswise data comparison PLC started NCK-SPL checksum checking active All SPL protective mechanisms active (from SW 6.4.15) End of SPL program reached Not assigned Not assigned Overview of DB 18 signals r Read w-Write Type Parameterization part INSEP_VALID[1..8] r/w Bool OUTSEP_VALID[1..8] r/w Bool INSEP_ADDR[1..8] OUTSEP_ADDR[1..8] SPL_READY r/w r/w r/w Int Int Bool r r/w r r/w r/w Bool Bool Bool Bool Bool r r r r r r/w Bool Bool Bool Bool Bool Bool STOP E Data area/status SPL_DATA INSEP[1..64] OUTSEP[1..64] INSIP[1..64] OUTSIP[1..64] MARKERSIP[1..64] SPL_DELTA INSEP[1..64] OUTSEP[1..64] INSIP[1..64] OUTSIP[1..64] MARKERSIP[1..64] CMDSI Value range 1..EB Max 1..AB Max Remarks 0 = INSEP[1..8] No automatic transfer, can be supplied by the user program 1 = Transfer of input byte defined in INSEP_ADDR[1..8] to INSEP[1..8] by basic program 0 = OUTSEP[1..8] No automatic transfer, can be retrieved by the user program 1 = Transfer to output byte defined in OUTSEP[1..8] from OUTSET_ADDR[1..8] by the basic program Address input byte Address output byte 0 = Commissioning phase (no STOP D is triggered for crosswise data comparison error) 1 = Commissioning completed (STOP D/E is triggered for crosswise data comparison error) If DB18, DBX36.1 = 1 was set, and if a crosswise data comparison error is determined, then an external STOP E instead of an external STOP D is transferred to the drive Useful data: External PLC input for SPL External PLC output for SPL Internal PLC input for SPL Internal PLC output for SPL Marker for SPL Signal differences for diagnostics: External PLC input for SPL External PLC output for SPL Internal PLC input for SPL Internal PLC output for SPL Marker for SPL Timeout value in crosswise data comparison is extended by a factor of 10 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-163 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) STATSI r Dint 1 - 320 LEVELSI r Dint PLCSIIN r Bool 1 - 32 PLCSIOUT r/w Bool 1 - 32 11.03 Status: 0 - no error 1 - 320 errors No. corresponds to signal from SPL_DATA whose change in level caused the crosswise data comparison error Crosswise data comparison stack level display (Diagnostics capability: How many SPL signals currently have different levels) Signals can be written by the PLC and read by the NCK Signals can be written by the NCK and read by the NCK 3.10.12 Forced checking procedure of SPL signals SPL signals Test signals 3-164 The forced checking procedure of SPL signals is part of the SPL functionality. Once the external safety circuit has been wired, a two-channel SPL has been created and the relevant safety functions configured and checked with an acceptance test, the long-term reliability of this function, verified using an acceptance test, can be ensured: * External inputs/outputs The external inputs/outputs of the SPL ($A_INSE or $A_OUTSE) must be subject to a forced checking procedure to ensure that faults (e.g. wire breakage) do not accumulate over a period of time so that both monitoring channels could fail. * Internal inputs/outputs Internal inputs/outputs ($A_INSI, $A_OUTSI), markers ($A_MARKERSI) etc. ($A_TIMERSI) do not have to be subject to a forced checking procedure. It will always be possible to detect an error at these locations due to the differing two-channel responses of the external inputs/outputs or the NCK/611 digital monitoring channels; crosswise data comparison exists at both ends of the response chain for detecting errors. "3-terminal concept": * If an input signal ($A_INSE), for example, is evaluated through two channels, the associated test output signal can be implemented in one channel. It is decisive that the input signal can be forced/changed and checked in both channels. * In the same way, the assigned test input signal for two-channel output signals ($A_OUTSE) can be implemented in one channel if it is interconnected according to the following rules: The test input signal may only return an "OK" status ("1" level) if both output signals function (i.e. both monitoring channels have output a "0"). A simultaneous test in both channels allows the function to be tested in both channels using one checkback signal. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) Test A 3 Safety-Related Functions Triggering PLC-SPL E E A A NCK-SPL Test Test E Load 3KLEMMEN.DSF Fig. 3-38 3-terminal concept Explanation of the diagram Triggering/test * The forced checking procedure for the switch evaluated in two channels is triggered by setting the test output to "0", i.e. actuation of the switch is simulated. The NCK-SPL and PLC-SPL must respond to this signal change by setting their outputs to signal level "0". * If at least one of the two channels responds in this way, then the load is disconnected from the power supply. * Only if both channels respond in this way, will the test input indicate correct functioning of both channels with level "1". It this is not the case, there is a system fault and the test analysis ("test" block) must prevent the power supply being reconnected to the load. The timer or event controlled triggering of the test stop is activated in one channel by the PLC. The function itself is separately executed in both channels. Triggering and checking test signals for SPL input/output signals can also be completely executed in one channel in the PLC: 1. The PLC is optimized for these types of bit/logic operations and sequencing logic. 2. The machine adaptation is saved in the PLC user program when configuring and installing the machine. If errors are detected, the PLC user program should respond by triggering an external "STOP D/E". Notes avoiding errors 1. A "2 terminal concept" in which a single-channel useful signal is to be subjected to a forced checking procedure using a single-channel test signal is not permitted. In this case, the two-channel SPL structure would be worthless and the crosswise data comparison would have no effect. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-165 3 Safety-Related Functions 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 11.03 The following is permissible: 3-166 * A "full 4-terminal concept" (two-channel test signal for two-channel useful [net] signal), or * the "3-terminal concept" suggested above, or * a "2 terminal concept without test signals" if the two-channel useful (net) signal to be tested automatically changes its level dynamically as a result of the process and this can be verified using other useful signals. In this case, the useful signals assume the function of test signals. For example, a typical application could be a protective door evaluation function. 2. The signals "external STOPs" and "test stop" are handled differently internally: * In order to increase the probability that a requested "external STOP" takes effect, the STOPs between the two channels are exchanged internally. Failure of the stop control in one channel does not cause an error for these signals (in contrast to the operating mode switchover signals, e.g. "SG/SBH active") in the crosswise data comparison. Whereas other channels can be subjected to a forced checking procedure in both channels in parallel (and should be - in order to avoid errors being triggered by the data cross-check), the "external STOPs" and the "test stop" must be subjected to a checking procedure one after the other in both channels. As an alternative, simultaneous checking procedure of the external STOPs is also possible, but in this case, two-channel checkback signals must be used. * The test stop itself may not be subject to a forced checking procedure in both channels in parallel because there is only one common hardware response and checkback signal "pulse cancellation" for both channels (as before). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.10 Safe programable logic (SPL) (840D SW 4.4.18) 3 Safety-Related Functions Note An application example for an "integrated EMERGENCY STOP" is given in Chapter 7 "Configuring Example". Note An application example for a "door interlocking" is given in Chapter 7 "Configuring Example". Note An application example for a test stop for SI Level 2 is given in Chapter 7 "Configuring Example". (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-167 3 Safety-Related Functions 3.11 Encoder mounting arrangements 11.03 3.11 Encoder mounting arrangements 3.11.1 Encoder types The following basic types of encoder can be used on a drive module for the purpose of safe operation: Basic types * Incremental encoder with sinusoidal voltage signals A and B (signal A is in quadrature with signal B) and a reference signal R e.g.: ERN 1387, LS 186, SIZAG2 * Absolute encoder with EnDat interface and incremental, sinusoidal voltage signals A and B (signal A is in quadrature with signal B) e.g.: EQN 1325, LC 181 Various combinations can be derived from the basic types. Combinations of encoder types Table 3-64 Combinations of encoder types Incremental encoder Absolute encoder at the motor at the load at the motor at the load x x x x x x x x Note: x Encoder connection Comments 1-encoder system 1-encoder system 2-encoder system 2-encoder system 2-encoder system For a 1-encoder system, the incremental or absolute encoder at the motor is used for the actual values of the NC and drive. The 611 digital control module supplies one actual value to the NCK and drive via 2 separate actual value channels.. 1-encoder system Special feature for linear motors: For linear motors, the motor encoder (linear scale) is also the measuring system at the load. IMS and DMS are one measuring system. The connection is made at the IMS input of the 611 digital control module. G eber A n sc h lu de s M o to rg e b e rs (IM S ) G e tr i e b e M o to r (V S A ) M a s ch in e n tisc h L o se A n sc h lu d e s d ire kte n L a g e g e b e rs (D M S ) VSA Fig. 3-39 3-168 G E B E R _ 0 2 .D S F 1-encoder system for a feed drive (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.11 Encoder mounting arrangements 3 Safety-Related Functions Note For a 1-encoder system a direct position encoder (DMS) cannot be used for the measuring system of another axis. 2-encoder system With this type of system, two separate encoders are used to supply the actual values for one axis. In standard applications, the drive evaluates the motor encoder and the NC, for example, the measuring system connected to the 2nd actual value input. The 611digital control module transfers the two actual values to the NCK and drive via two separate actual value channels. Machine table Encoder Connection of motor encoder (IMS) Linear scale Gearbox Motor (FDD) Backlash Connection of direct position encoder (DMS) FDD Fig. 3-40 GEBER_03.DSF 2-encoder system for a feed drive Incremental encoder Connection of motor encoder (IMS) Motor (MSD) Shift gearbox Spindle Connection of direct position encoder (DMS) MSD Fig. 3-41 Incremental encoder GEBER_01.DSF 2-encoder system for a main spindle drive (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-169 3 Safety-Related Functions 3.11 Encoder mounting arrangements 11.03 Note SW 5.1 and higher If the ratio of the gear between the motor and load is not slip-free, the 1-encoder system must be selected. The 2nd spindle encoder is connected to another drive module via an actual-value input. SE and SN cannot be configured in such cases (refer to Chapter 3.11.5, "Application: Spindle with 2 encoders and drive with slip"). For SW 5.2 and higher, systems with slip are also possible (refer to Chapter 3.11.4). 3.11.2 Adjustment, calibration, axis states and historical data Motor encoder adjustment For 2-encoder systems, the built-in encoder is generally an integral component of the motor (the encoder is adjusted to match the motor). The information about distance, speed and rotor position (on synchronous drives) is obtained from one encoder. It is no longer possible to adjust the encoders in motor measuring systems in the conventional sense. Machine calibration The machine zero and encoder zero are calibrated purely on the basis of the offset value (the machine must be calibrated). This process must be carried out for both incremental and absolute encoders. Absoluter G eb eristw ert Verschie bewert G ebernullpunkt Fig. 3-42 Lageistwert M asch ine nnullpunkt Ein schaltposition/ Stillstandspo sitio n ABSOL_01.DSF Positions and actual values When calibrating the machine, a known or measured position is approached by means of a dial gauge, fixed stop, etc. and the offset value determined. This offset is then entered in the appropriate machine data. Calibration is always required for a position-controlled axis/spindle. References: /IAD/, SINUMERIK 840D Installation and Start-Up Guide /FBD/, SINUMERIK 840D, Descriptions of Functions R1,"Reference Point Approach" "Axis not referenced" state 3-170 The axis state "axis not referenced" is reached after the power supply has been connected and the drive and control system have completely run-up. This state is indicated using the axis-specific interface signal "reference point reached" as follows: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.11 Encoder mounting arrangements 3 Safety-Related Functions Interface signal "Reference point reached" = "1" Axis state "axis referenced" "Reference point reached" = "0" Axis state "axis not referenced" For 840D DB31-48, DBX60.4 / DBX60.5 The function SBH/SG can only be used when this state has been reached (after run-up has been completed) (refer to Fig. 3-36, "Axis states during referencing"). "Axis referenced" state For incremental encoders, the position actual value is lost when the NC is powered-down. When the NC is powered-up, a reference point approach must be carried out. If it is done correctly, then the axis is referenced and goes into the "axis referenced" state (refer to Fig. 3-36 "Axis states during referencing"). Unlike incremental encoders, absolute encoders do not require a reference point approach after the NC is powered-up. These encoders save the absolute position, e.g. using a mechanical gear, both when powered-up and powereddown. The absolute position is transmitted implicitly via a serial interface when the NC is powered-up. After the position data has been transmitted and the offset value has been taken into account, the axis is also in the "axis referenced" state (refer to Fig. 3-35, "Axis states during referencing"). The "axis referenced" state is displayed using the axis-specific interface signal "referenced point reached" as follows: Interface signal "Reference point reached" = "1" Axis state "axis referenced" "Reference point reached" = "0" Axis state "axis not referenced" For 840D DB31-48, DBX60.4 / DBX60.5 References: /IAD/, SINUMERIK 840D Installation & Start-Up Guide "Axis safely referenced" state To reach the axis state "axis safely referenced", the axis state "axis referenced" must have been reached and either * the user confirms the current position per user agreement or * a pre-history (saved and set user agreement and a saved stop position when the system is powered-down) must exist. The position of the prehistory must match the current position within a tolerance window. This is checked both in the drive and in the NC. The axis state "axis safely referenced" is displayed via the SGA "axis safely referenced". Only when this state is reached can a safe position evaluation be made for the functions SE and SN (refer to Fig. 3-36, "axis states during referencing"). User agreement The user agreement function (protected using a key-operated switch) allows the user to confirm that the current position at the machine corresponds to the position displayed in the NC. User agreement is confirmed using a soft key. Before this can be done, the axis state "axis referenced" must have been reached. If the axis is in this state and the user has confirmed the position by means of the agreement function, then the "axis safely referenced" state is also reached. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-171 3 Safety-Related Functions 3.11 Encoder mounting arrangements 11.03 If the user agreement has been set without the axis being in the "axis referenced" state, then Alarm "Defect in a monitoring channel" is output with error code 1004. The user agreement can only be set by an authorized user. The user agreement can be cancelled by the user or as the result of a function selection (e.g. new gear stage) or an erroneous status (e.g. an inconsistency in user agreement between NC and drive). When the user agreement is cancelled, the axis state "axis safely referenced" is always reset (refer to Fig. 3-36, "Axis states during referencing"). Saved user agreement The status of the user agreement function is saved in non-volatile memories. This agreement data constitutes the previous history in combination with the standstill position data that is also saved in a non-volatile fashion. Saved standstill position The saved standstill position data is combined with the permanently saved user agreement to form the previous history. The following must be noted when the standstill position is saved: 3-172 * The standstill position is saved when a safe operating stop (SBH) is selected via the SGE "SBH/SG de-selection". * The following applies when SE/SN is active: The standstill position is also cyclically saved. * If the axis is moved with the system powered-down, then the saved standstill position no longer matches the current position. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.11 Encoder mounting arrangements 3 Safety-Related Functions The previous history consists of the saved user agreement and the saved standstill position (refer to "Saved user agreement" and "Saved standstill position"). Previous history As described under "Axis safely referenced", a previous history can be used to obtain the axis state "axis safely referenced". The following conditions must be fulfilled: SBH/SG is reliable from this axis status * The saved user agreement must be available. * The difference between the "reference position" (power on position with absolute measuring systems or reference position with incremental measuring systems) and the saved standstill position (including traversing distance to reference point with ERN) must be within a tolerance window specified via machine data. Axis status Axis status is displayed via: Axis not referenced Interface signal "Reference point reaced" = "0" EQN: Read absolute value from encoder ERN: Approach reference point Axis status Axis referenced Previous history Interface signal "Reference point signal" = "1" no yes Check of position Internal check of previous history Check not OK JUST_01.DSF User agreement (softkey) Check OK SE/SN is reliable from this Axis status axis status Fig. 3-43 Axis safely referenced SGA "Axis safely referenced" Axis states during referencing (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-173 3 Safety-Related Functions 3.11 Encoder mounting arrangements Replacing encoders 11.03 For 1-encoder systems, it is advisable to replace the entire motor in the case of a defect in the motor measuring system (indirect measuring system). Warning ! After the measuring system has been replaced - regardless of whether it is a direct or indirect system - the relevant axis must be re-calibrated. The user can suppress the automatic, internal actual value check by resetting the "User agreement" and thus request re-calibration of the axis with user agreement. 3.11.3 Overview of the data for mounting encoders Overview of MD for 840D Table 3-65 Overview of machine data for 840D Number Name 36910 $MA_SAFE_ENC_SEGMENT_NR 36911 $MA_SAFE_ENC_MODULE_NR 36912 $MA_SAFE_ENC_INPUT_NR 36915 $MA_SAFE_ENC_TYPE 36916 $MA_SAFE_ENC_IS_LINEAR 36917 $MA_SAFE_ENC_GRID_POINT_DIST 36918 $MA_SAFE_ENC_RESOL 36920 $MA_SAFE_ENC_GEAR_PITCH 36921 $MA_SAFE_ENC_GEAR_DENOM[n] 36922 $MA_SAFE_ENC_GEAR_NUMERA[n] 36925 $MA_SAFE_ENC_POLARITY Note: Data is described in Chapter 4, "Machine data for SINUMERIK 840D" Overview of MD for 611 digital Table 3-66 Overview of machine data for 611 digital Number Name 1316 $MD_SAFE_ENC_CONFIG 1317 $MD_SAFE_ENC_GRID_POINT_DIST 1318 $MD_SAFE_ENC_RESOL 1320 $MD_SAFE_ENC_GEAR_PITCH 1321 $MD_SAFE_ENC_GEAR_DENOM[n] 1322 $MD_SAFE_ENC_GEAR_NUMERA[n] Note: Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital" 3-174 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.11 Encoder mounting arrangements 3.11.4 3 Safety-Related Functions Actual value synchronization (slip for 2-encoder systems with SW 5.2 and higher) Description of function If a 2-encoder system is used, SI actual values from the NC and the drive drift apart for systems subject to slip because the drive evaluates the motor measuring system and the NC evaluates the direct measuring system after the gearbox. This offset is detected by the crosswise data comparison and a stop response is triggered. In the case of axis drives with variable coupling factors (slip or belt drive) until now it was necessary to use a 1-encoder system to prevent the SI actual values of the NC and drive from drifting apart. If a direct measuring system was required for position control up until now it was necessary to use an additional 611digital module for actual value sensing. To avoid this, a solution using a 2-encoder system with slip has now been implemented in the software. Slip tolerance In order to define the slip tolerance, the maximum input value is set in MD 36949 $MA_SAFE_SLIP_VELO_TOL. As a result of an action, such as e.g. maximum acceleration, gear stage change with oscillation, a situation is created where the actual values drift apart. This value can be taken as nominal value from the diagnostics display (maximum speed difference), multiplied by a factor of 1.5 and then entered into MD 36949. Actual value synchronization is performed in two channels. Machine data $MA_/$MD_SAFE_SLIP_VELO_TOL is introduced to both channels and the maximum offset between the NCK and drive actual value entered in it as a speed. This machine data is converted to an internal format and is used as the actual value tolerance for the crosswise data comparison. The tolerance value entered in MD 36949: $MA_SAFE_SLIP_VELO_TOL is not relevant as only the "new" tolerance value is taken into account in the crosswise data comparison. For the actual value synchronization, both channels correct their SI actual position to half the derived actual value difference. Please note that the two SI actual positions no longer display the correct absolute position. The NC actual position and the two SI actual positions are different. Both the load-side actual value and the motor-side actual position are corrected. This ensures that the corrected actual value remains active in subsequent monitoring cycles until the next synchronization. Actual value synchronization is performed in the crosswise data comparison cycle. Actual value synchronization is also performed when a crosswise data comparison of the SI actual position outputs an error. The advantage here is that Alarms 27001/300911 can be acknowledged and do not re-appear immediately. Actual value synchronization is also performed after "referencing" and with "parking axis". The latest calculated and maximum SI speed difference since the last reset is displayed in the axis-specific service display for diagnostics purposes. Note Actual value synchronization is not performed until an actual value difference between the two channels of 2 m or 2 millidegrees is detected per SI monitoring cycle. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-175 3 Safety-Related Functions 3.11 Encoder mounting arrangements 11.03 The two SI actual positions no longer display the correct absolute machine position. The correct position can now only be read out via the NC actual position. Limitations Safety monitoring functions SG, SBH, SBR, and "n<nx" still only respond to actual value changes from the particular actual value acquisition channel, not to changes in the actual value resulting from the actual value synchronization. A single-channel SG violation only triggers an alarm in the channel in which this speed violation was detected. The related stop response is still triggered in two channels, as information is exchanged between the two monitoring channels. SGA "n<nx" can also assume statically different states in the two monitoring channels. Actual value synchronization is selected by setting bit 3 in MD $MA_/ $MD_SAFE_FUNCTION_ENABLE. In addition, SI function "SBH/SG monitoring" must also be enabled. Activating Actual value synchronization is only permissible if no monitoring function with absolute reference is enabled at the same time. If SE and/or SN are also selected, power ON Alarms 27033 and 301708 are also output during power up. Actual value synchronization is therefore only permitted with SBH/SG axes, as in this case, the absolute position is not necessarily needed. Further, actual value synchronization is only permitted for two-encoder systems. If this function is enabled for a single-encoder system, Alarm 27033 is output. 3.11.5 Application: Spindle with two encoders and drive with slip (SW 5.2 and lower) General When subject to crosswise data comparison the actual values between the NCK and drive must lie within an actual value tolerance specified in the MD. If the tolerance value is violated, STOP F is output. Note It is not possible to activate the safe functions SE and SN for an axis/spindle where slip can occur between the motor and the load. System behavior 3-176 For the configuration shown in Fig. 3-45 "Motor with a drive subject to slip" the following behavior is manifested: The SI actual values for the drive and the NCK are each provided from a separate encoder. Due to the slip produced by the belt drive, the actual value between the two encoders drifts apart so that the actual value tolerance is violated with the relevant stop response. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.11 Encoder mounting arrangements 3 Safety-Related Functions Belt drive slip Incremental encoder Connection of motor encoder (IMS) Motor (MSD) Connection of direct position encoder (DMS) MSD Fig. 3-44 Indexing mechanism Spindle Incremental encoder GEBER_04.DSF Motor for a drive subject to slip Configuring options In the configuration shown in Fig. 3-46 "Configuration of spindle with a drive subject to slip and two encoders", the SI actual values for the NCK and drive are derived from one encoder (the motor encoder). As the actual value of the motor encoder is used for both monitoring channels, the slip is ignored in this configuration (the same behavior as for 1-encoder system). If there is no free actual value input, an additional module must be used. An actual value input on another drive module must be used for spindle positioning. This drive may not be an SI axis. Drive 1 2 3 Belt drive slip 4 1) 2) Incremental encoder Motor (MSD) GEBER_05.DSF Shift gearbox Spindle 1) 2) Incremental encoder Fig. 3-45 Machine data for 840D/611 digital Configuration of spindle with a drive subject to slip and 2 encoders The MD values refer to two cases (refer to Fig. 3-46 "Configuration of spindle with a drive subject to slip and 2 encoders"): (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-177 3 Safety-Related Functions 3.11 Encoder mounting arrangements 11.03 Slip between load and motor can exist (V belt) and is ignored Slip between load and motor may not exist (toothed belt)) Table 3-67 MD No. 30110 30200 30220 30230 32110 36912 36925 1316 3-178 Machine data for SINUMERIK 840D MD name MD value for 1) 3 CTRLOUT_MODULE_NR[0] NUM_ENCS 1 4 ENC_MODULE_NR[0] 2 ENC_INPUT_NR[0] -1 ENC_FEEDBACK_POL[0] SAFE_ENC_INPUT_NR 1 SAFE_ENC_POLARITY 1 SAFE_ENC_CONFIG 0 for 2) 3 1 3 2 -1 2 -1 4 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 3.12.1 Description of functions General mode of operation From SW 6.3.30 onwards, the SINUMERIK 840D has a fail-safe DP master (F master). The F master, in conjunction with the fail-safe DP modules (F modules) permits fail-safe communications on PROFIBUS DP (PROFIsafe communication) as specified by the PROFIsafe profile. This means that the safety-relevant input/output signals of the process (machine) can be coupled to the Safety Integrated function "Safe programmable logic" (SPL) can be connected in the same way for the PLC and NCK-SPL via the PROFIBUS DP. HMI Embedded or HMI Advanced MPI-Bus PROFIBUS-DP DP-Slave ET 200S DP-Slave ET 200S Distributed module block SINUMERIK 840D BEI1_PS.DSF Fig. 3-46 SI I/Os via F modules on PROFIBUS DP Benefits The benefits of this type of connection for safety-relevant I/O signals are: * Fewer cables are required as a result of the distributed structure * Unified PLC and NCK-SPL I/Os * Unified safety-relevant and non-safety-relevant I/Os. PROFIBUS DP PROFIBUS DP is an international, open field bus Standard specified in the European field bus Standard EN 50170 Part 2. It is optimized for fast data transfer at the field level (time critical). In the case of the components that communicate via PROFIBUS DP, a distinction is made between master and slave components. 1. Master (active node) Components operating on the bus as master determine the data exchange on the bus and are therefore also designated active nodes. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-179 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 11.03 There are two classes of master: 2. * DP master, Class 1 (DPMC1): Central master devices that exchange information with the slaves in fixed message cycles. Examples: S7-300 CPUs: CPU 315-2 DP, CPU 314-2F DP etc. * DP master, Class 2 (DPMC2): Devices for configuration, commissioning, operator control and monitoring during bus operation. Examples: Programming devices, operator control and monitoring devices Slaves (passive nodes) These devices may only receive messages, acknowledge them and transfer message to the master on its request. Examples: Drives, I/O modules, etc. PROFIsafe is a PROFIBUS profile: PROFIsafe * PROFIsafe profile for Safety Technology Version 1.11, July 2001, Order No.: 3.092 for fail-safe data transfer between fail-safe components (F master and F slave) on PROFIBUS DP. The PROFIsafe profile is characterized by the fact that the safety-relevant functions are implemented in the safe terminal nodes, i.e. the F/CPUs, the distributed slaves and the actuators/sensors/field devices using the standard PROFIBUS functions. The useful (net) data of the safety function plus the safety measures are sent. This does not require any additional hardware components, since the protocol chips, driver, repeater, cable can still be used as they are. Therefore both standard components and F components can be used on a PROFIBUS system. 3.12.2 Available fail-safe modules ET 200S distributed I/O system 3-180 Presently, the following fail-safe modules are available for the distributed I/O system ET 200S: * Digital electronic module 4/8 F-DI DC24V PROFIsafe The fail-safe digital input module (F-DI) has 8 separate inputs. These can be used for Safety Integrated in pairs for 4 different 2-channel input signals. Order No.: 6ES7 138-4FA00-0AB0 * Digital electronic module 4 F-DO DC24V/2A PROFIsafe The fail-safe digital output module (F-DO) has 4 P-M-switching outputs that can be used for 4 different 2-channel output signals with Safety Integrated. Order No.: 6ES7 138-4FB00-0AB0 * Power module PM-E F DC24V PROFIsafe In addition to 2 relays to switch the potential busses P1 and P2; 2 fail-safe digital outputs, P-M switching. Order No.: 6ES7 138-4CF00-0AB0 * Power module PM-D PROFIsafe Safety-relevant power module for safety-relevant motor starter for safetyrelevant contact multiplier; 6 switching groups Order No.: 3RK1 903-3BA00 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) Detailed information for distributed I/O systems ET 200S and the various F modules is provided in: References: SIMATIC Distributed I/O device ET 200S, Manual Order No.: 6ES7 151-1AA00-8AA0 SIMATIC Distributed I/O device ET 200S fail-safe modules, Manual Order No: 6ES7 988-8FA11-8AA0 3.12.3 Hardware System prerequisites The following hardware requirements must be fulfilled when setting-up PROFIsafe communications: SIMATIC ET 200S * Interface module IM 151-1 High Feature Order No.: 6ES7 151-1BA00-0AB0 * Power module Power module PM-E F DC24V PROFIsafe Order No.: 6ES7 138-4CF00-0AB0 Power module PM-D PROFIsafe Order No.: 3RK1 903-3BA00 * F electronic modules Digital electronics module 4/8 F-DI DC24V PROFIsafe Order No.: 6ES7 138-4FA00-0AB0 Digital electronics module 4 F-DO DC24V/2A PROFIsafe Order No.: 6ES7 138-4FB00-0AB0 - Note 1. Standard power modules can used to shutdown fail-safe electronic modules. If standard electronic modules are to be safely shut down, fail-safe power modules must be used. 2. Before mounting F modules, these must be configured and parameterized in STEP7, since the PROFIsafe addresses of the F modules are automatically assigned by STEP7. The PROFIsafe address must then be set at each F module using the DIL switches. This is only possible before mounting the F module. SINUMERIK * SINUMERIK 840D NCU NCU 561.4 NCU 571.4 NCU 572.4 NCU 573.4 NCU 573.5 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-181 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) Software 11.03 The following software prerequisites must be fulfilled before PROFIsafe communications can be commissioned and used: SIMATIC: Creating and loading the configuration * SIMATIC STEP 7, from Version V5.1 with Service Pack 6 and Distributed Safety Integrated V5.2 * STEP 7 V5.2 and S7-F Configuration Pack V5.3 (can be downloaded free of charge) SINUMERIK: Parameterizing NCK and PLC * Software release from SW 6.3.30 * Software option "Distributed I/Os via PROFIBUS DP" * Software option "SINUMERIK Safety Integrated safety functions for personnel and machines" 3.12.4 System structure SINUMERIK 840D IPO cycle NCK PLC-SPL NCK-SPL DB 18: INSEP/OUTSEP $A_INSE/$A_OUTSE PROFIsafeLayer PROFIsafeLayer PROFIsafe cycle OB1 cycle PROFIsafe cycle (OB40) Operating system level User level PLC DP cycle DP data PROFIBUSLayer PROFIBUS-DP DP-Slave ET 200S DP-Slave ET 200S User communication PROFIsafe comm. PROFIBUS-DP comm. Fig. 3-47 3-182 PS_KOMSTRU1.DSF System structure: SI I/Os using F modules on PROFIBUS DP (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) Just like Safety Integrated, the PROFIsafe system structure also has a 2-channel diverse system design based on the PLC and NCK PROFIsafe layer. PROFIsafe communications The principle of PROFIsafe communications between SINUMERIK 840D and the F modules on the PROFIBUS DP is explained in detail below based on the transfer of the SPL output data $A_OUTSE/OUTSEP to the F-DO modules: The PROFIsafe layer creates a PROFIsafe telegram (F telegram) in each PROFIsafe cycle with the ANDed SPL output data as F useful (net) data: F useful (net) data = (OUTSEP AND $A_OUTSE) and the backup data (CRC and ConsecutiveNumber) and transfers it to the PROFIBUS layer via the DP data interface. The PROFIBUS layer transfers a DP telegram with the PROFIsafe telegram created by the F layer in each PROFIBUS cycle as DP useful data to the DP slaves that is independent of the PROFIsafe cycle. The F telegram is sent to the specific F-DO module via the backplane bus of the DP slaves. Configuring/ parameterizing 3.12.5 The configuration and parameterization needed to connect the F modules to the external NCK/PLC-SPL interfaces entails the following steps: 1. Create the configuration using SIMATIC STEP7. Refer to Chapter: Configuring and parameterizing the ET 200S F I/Os 2. Perform a standard SINUMERIK 840D commissioning (minimum requirement). 3. Load the configuration and the PLC basic and user program modules into the SINUMERIK 840D PLC. 4. Parameterize the PROFIsafe-relevant SINUMERIK 840D NCK machine data. Refer to the following Chapter: Parameterizing the SINUMERIK 840D NCK Configuring and parameterizing the ET 200S F-I/O The information on configuring and parameterizing the ET 200S F I/Os given in this chapter essentially refers to the specific needs of SINUMERIK Safety Integrated. A complete set of information on configuring and parameterizing the ET 200S and/or ET 200S F components is provided in the SIMATIC manuals: References: SIMATIC Distributed I/O device ET 200S, Manual Order No.: 6ES7 151-1AA00-8AA0 SIMATIC Distributed I/O device ET 200S fail-safe modules, Manual Order No: 6ES7 988-8FA11-8AA0 Configuring The F I/Os are configured while configuring the standard PROFIBUS using STEP7. After the "S7 Distributed Safety" option package or the S7 F Configuration Package has been installed (refer to the previous chapter), the F modules are (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-183 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 11.03 available in the HW Catalog of HW Config. (If the hardware catalog is not displayed, open it using the menu command: View > Catalog): Profile: Standard > PROFIBUS DP > ET 200S * Interface module - IM 151-xxx * Electronic modules - IM 151-xxx > DI > 4/8 F-DI DC24V - IM 151-xxx > DO > 4 F-DO DC24V/2A * F power module - IM 151-xxx > PM > PM-E F DC24V/10A 2F-DO DC24V/2A * Standard power module - IM 151-xxx > PM > PM-E F DC24V * Motor starter - IM 151-xxx > Motor starter > PM > PM-D F PROFIsafe Refer above for the module Order Nos.: Chapter 3.12.3 System prerequisites. Parameterizing Both the standard and F parameterization of the F modules is carried out via the relevant properties dialog box of the module. Choose the appropriate DP slave (IM 151-1) in the station window and then open the properties dialog box of the relevant F module in the detailed view. 2nd parameter: Input/output address The input/output addresses that are assigned to an F module in the input/output address area of the DP master, are parameterized in the properties dialog box under: Dialog box: Properties of ET 200S standard module Tab: Addresses Input: Start Output Start Note The input/output addresses of an F module are subject to the following conditions: - Input address > 127 - Output address = Input address. F parameterization F parameterization is carried out in the properties dialog box under: Dialog box: Properties of ET 200S standard module Tab: Parameter Parameter > F parameter The F parameters of the electronic modules are automatically set to the F monitoring time of the HW configuration and cannot be changed. The displayed values of the F parameter F_Source_Address - F_Target_Address must be entered in the NCK machine in a subsequent parameterization step to configure the NCK (refer below). 3-184 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) F parameter: F_Source_Address The F source address is the decimal PROFIsafe address of the F master allocated automatically by the HW Config. Note To parameterize the SINUMERIK 840D (F master) the F source address must be entered in the hexadecimal format in the following NCK machine data: * MD 10385: $MN_PROFISAFE_MASTER_ADDRESS (PROFIsafe address of F master) Refer to Chapter: Parameterizing the SINUMERIK 840D NCK F parameter: F_Target_Address The F source address is the decimal PROFIsafe address of the F master allocated automatically by the HW Config. Note To parameterize the SINUMERIK 840D (F master), the F target addresses must be entered in the hexadecimal format in the following NCK machine data: F-DI module: * MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index], (PROFIsafe address of an input module) F-DO, PM-E F, PM-D F module: * MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index], (PROFIsafe address of an output module) Refer to Chapter: Parameterizing the SINUMERIK 840D NCK F parameter: DIL switch setting The DIL switch setting shown corresponds to the PROFIsafe address to be set on the DIL switch of the F module. F parameter: F monitoring time The F monitoring time defines the maximum time until a new valid F telegram must have received from the F master. Note If the F monitoring time is configured to be shorter than the PROFIsafe monitoring time set via the NCK machine, an alarm is issued when the system runs-up: * Alarm "27242 PROFIsafe: F module Number, F_WD_Timeout faulted" Parameter: DO/DI channel x The channels of an F module are parameterized in the properties dialog box under: Dialog box: Properties of an ET 200S standard module Tab: Parameter Parameter > Module group parameter > DO or DI channel x (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-185 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 11.03 F-DI module The channels of the F-DI module are mapped differently to the NCK/PLC-SPL inputs $INTSE/INSEP depending on the selected parameterization. * 2v2 parameterization For 2v2 parameterization, the process signals of both channels in the F-DI module are combined to form one F useful (net) data signal and thus supply an SPL input data. SINUMERIK 840D ET 200S F-DI module Channel 0 Channel 1 Channel 2 Channel 3 AND $A_INSE/INSEP n AND $A_INSE/INSEP n+1 AND AND $A_INSE/INSEP n+2 $A_INSE/INSEP n+3 Channel 4 Channel 5 Channel 6 Configuration: channel x,y = 2v2 Channel 7 Fig. 3-48 * FDI_ND1.DSF 2v2 mapping of the F-DI channels to SPL input data 1v1 parameterization For 1v1 parameterization, the process signals of both channels are transferred from the F-DI module and can thus supply 2 different SPL input data. SINUMERIK 840D ET 200S F-DI module Channel 0 $A_INSE/INSEP n Channel 1 $A_INSE/INSEP n+1 Channel 2 Channel 3 AND AND $A_INSE/INSEP n+2 $A_INSE/INSEP n+3 Channel 4 $A_INSE/INSEP n+4 Channel 5 $A_INSE/INSEP n+5 Channel 6 Channel 7 Configuration channel x,y = 2v2 Configuration channel x,y = 1v1 FDI_ND2.DSF Fig. 3-49 3-186 2v2/1v1 mapping of the F-DI channels to SPL input data (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) Note Mixed 2v2 and 1v1 parameterization within an F-DI module can reduce the number of usable SPL input data $A_INSE/INSEP. It is therefore recommended that 1v1 is first parameterized followed by 2v2. F-DO module The NCK/PLC-SPL outputs $A_OUTSE/OUTSEP are logically combined in the F driver to produce an F useful data signal (implicit 2v2 parameterization) and mapped to the channels of the relevant F/DO module. ET 200S F-DO module SINUMERIK 840D Channel 0 ($A_OUTSE n Channel 1 ($A_OUTSE n+1 AND OUTSEP n+1) Channel 2 ($A_OUTSE n+2 AND OUTSEP n+2) Channel 3 ($A_OUTSE n+3 AND OUTSEP n+3) AND OUTSEP n) FDO_ND1.DSF Fig. 3-50 PROFIsafe cycle and DP cycle time Mapping the SPL output data to F-DO channels When parameterizing the PROFIsafe clock cycle, the DP cycle time determined by the HW Config must be observed to ensure correct PROFIsafe communications. Also refer to the following Chapter: Parameterizing the SINUMERIK 840D NCK After the station has been fully configured, the DP cycle time can be determined by activating the isochronous bus cycle as follows: In HW Config, open the properties dialog box of the PROFIBUS: DP master of the configured station: Dialog box Dialog box: Properties - DP Master system Tab: General Subnet, Button: Properties Dialog box: Properties - PROFIBUS Tab: Network settings Button: Options Dialog box: Options Tab: Equidistance Activate equidistant bus cycle Checkbox: Recalculate equidistant time (Note: Activate the equidistant bus cycle via the option field: "Activate equidistant bus cycle/Recalculate equidistant time".) Display field: Equidistant bus cycle (Note: The value calculated by HW Config and displayed in the field: "Equidistant bus cycle" is the same as the DP cycle time) Cancel Cancel Cancel (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-187 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 11.03 Note 3.12.6 1. The DP cycle time calculated by the HW Config is needed as guideline for parameterizing the PROFIsafe clock cycle (refer to Chapter: "Parameterizing the SINUMERIK 840D NCK". 2. Before modifying the DP cycle time, read the information provided in the online documentation (Button: "Help" of the relevant dialog box). Parameterizing SINUMERIK 840D NCK The parameterization of the SINUMERIK 840D NCK is made up of the following sub-areas: F master address 1. Configuration of the PROFIsafe communications 2. Parameterization of the SPL SGE/SGA interface 1. Configuring the PROFIsafe communications In order to check the correct assignment of F module to F master, the PROFIsafe address assigned by the HW Config for the F master must be entered in the following NCK machine data: * MD 10385: $MN_PROFISAFE_MASTER_ADDRESS (PROFIsafe address of F master) Input format: 0s 00 0a aa - s: Bus segment (currently only: 5 = DP connection on the PLC side) - aaa: hexadecimal PROFIsafe address of the F master. Note The PROFIsafe address of the F master can be found under: HW Config -> Properties dialog box of the F module -> F parameter: F_Source_Address (e.g.: 1: PLC 314-2 DP) * STEP 7 V5.1 Master address = 01 (up to NCU system-SW < 6.4.15 required) * STEP 7 V5.2 Master address (standard value) = 2002 (from NCU system-SW >= 6.4.15 possible) Refer to Chapter: Configuring and parameterizing the ET 200S F I/Os If the value entered does not match the value displayed in the F modules, an alarm is issued when the NCK runs-up: * Alarm: 27220 "PROFIsafe: Number of NCK-F modules (number) <> Number of DP modules (number)". 3-188 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) PROFIsafe clock cycle The PROFIsafe clock cycle defines the time frame in which new F telegrams are generated by the F master for transfer to the F modules. The PROFIsafe clock cycle is derived as standard from the interpolation cycle in the ratio 1:1. As part of the PROFIsafe communications, a cyclic interrupt of the PLC user program (OB1) in the PROFIsafe cycle is made via OB40. Note The OB40 run time increases by 0.5 ms per F module. To reduce the resulting computational load, use the NCK machine data: * MD 10098: $MN_PROFISAFE_IPO_TIME_RATIO, (factor, PROFIsafe communications cycle) to change the PROFIsafe clock cycle/interpolation clock cycle ratio. In order to achieve sufficiently fast response times regarding the PROFIsafecommunications, the PROFIsafe clock cycle may not be parameterized longer than 25 ms. The selected PROFIsafe clock cycle is displayed in the NCK machine data: * MD 10099: $MN_INFO_PROFISAFE_CYCLE_TIME, (PROFIsafe communications clock cycle) If a PROFIsafe cycle is longer than 25 ms, an alarm is issued the next time the NCK is started: * Alarm: 27200 "PROFIsafe cycle time time [ms] is too long" PROFIsafe clock cycle and DP clock cycle time The PROFIsafe clock cycle should be parameterized longer than the DP clock cycle time displayed by the STEP7: HW Config (refer to Chapter: Configuring and parameterizing the ET 200S F I/Os). Otherwise, the load on the PLC user program is increased as a result of unnecessary OB40 interrupts. Note The PROFIsafe clock cycle should be parameterized so that the following applies: 12 ms < PROFIsafe clock cycle < 25 ms PROFIsafe clock cycle overruns Even if the parameterized software operates error-free in normal operation, runtime fluctuations in the PLC operating system (e.g. processing diagnostic alarms) can mean that the processing of the OB40 interrupt was not able to be completed before the start of the next PROFIsafe clock cycle. In this particular case, the NCK attempts, up to a limit of 50 ms after the last correctly processed PROFIsafe clock cycle, to initiate an OB40 interrupt. The repeated attempts to initiate the OB40 interrupt are no longer executed in the PROFIsafe clock cycle but in the IPO clock cycle. Alarm 27253: PROFIsafe: Communications error is not issued within this time. An alarm is displayed after the 50 ms limit is exceeded: * Alarm: 27253 "PROFIsafe communications error F master components Components, Error Error code" and the configured Stop response (Stop D or E) is output at the Safety axes. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-189 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 11.03 Further, an attempt is still made to initiate the OB40 interrupt and to maintain PROFIsafe communications. The time up to initiating the next OB40 interrupt is displayed in the following NCK machine data: * MD 10099: $MN_INFO_PROFISAFE_CYCLE_TIME, (PROFIsafe communications clock cycle) If the PROFIsafe clock cycle is continuously exceeded and just not sporadically, then the following alarm is displayed: * Alarm: 27256 "PROFIsafe actual cycle time Cycle time [ms] > parameterized cycle time" 2. Assignment: F modules to F master Parameterizing the SPL SGE/SGA interface The NCK machine data is used to parameterize the F master for the F modules assigned to it: * MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index], (PROFIsafe address of an input module) * MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index], (PROFIsafe address of an output module) Index: 0...15 Input format: 0s 00 0a aa - s: Bus segment (currently only: 5 = DP connection on the PLC side) - aaa: hexadecimal PROFIsafe address of the F module The PROFIsafe address of the F module is the value of the F parameter defined by HW Config: F_Target_Address (refer below: Example of an assignment). Note 1. The PROFIsafe address of an F module can be found under: HW Config -> Properties dialog box of the F module -> F parameter: F_Target_Address (e.g.: 1022D = 3FEH) Refer to Chapter: Configuring and parameterizing the ET 200S F I/Os 2. Parameterizing errors 3-190 The PROFIsafe address of the F modules displayed in the HW Config in the decimal format must be entered in the hexadecimal format in the NCK machine data: * MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index] * MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index] The following parameterizing errors are detected at run-up and the appropriate alarms displayed: 1) Incorrect bus segment (bus segment <> 5) Incorrect PROFIsafe address error for F master or F module 2) More F modules in the NCK machine data than in the configuration 3) More F modules in the NCK machine data than assigned as 3) F master in the configuration of the NCK The PROFIsafe address of an F module does not exist in the configuration 4) An F module assigned to the NCK as F master in the configuration has not been entered in the NCK machine data 5) The module type (input, output) detected in the NCK machine data does not match the configuration 6) 7) An F module has been parameterized more than once (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) * * * * * * * Assignment: F useful data to SPL SGE/SGA 1) Alarm: 27201 "PROFIsafe: MD Number [Index]: Bus segment Segment incorrect" 2) Alarm: 27202 "PROFIsafe: MD Number [Index]: Address Address incorrect" 3) Alarm: 27220 "PROFIsafe: Number of NCK-F modules (number) <> number S7-F modules (number)" 4) Alarm: 27221 "PROFIsafe: NCK-F module MD Number [Index] unknown" 5) Alarm: 27222 "PROFIsafe: S7-F module PROFIsafe address address unknown" 6) Alarm: 27223 "PROFIsafe: NCK-F module MD Number [Index] is not a module type module" 7) Alarm: 27224 "PROFIsafe: F module MD Number [Index] - MD Number [Index]: Double assignment of a PROFIsafe address" F useful data is assigned to the SPL SGE/SGAs using the NCK machine data: * MD 10388: $MN_PROFISAFE_IN_ASSIGN[Index], (assignment between ext. SPL-SST $A_INSE/INSEP and PROFIsafe input modules) * MD 10389: $MN_PROFISAFE_OUT_ASSIGN[Index], (assignment between ext. SPL-SST $A_OUTSE/OUTSEP and PROFIsafe output modules) Index: 0...15 Input format: eee sss sss: decimal SGE/SGA start address (1...64) eee: decimal SGE/SGA end address (1...64) The SGE/SGA start address always assigns bit 0 of the F useful data to the SPL SGE/SGA[sss]. The SGE/SGA end address always assigns bit n of the F useful data to the SPL SGE/SGA[eee]. Bit number n is calculated as follows: n = eee - sss The bits of the F useful data, that lie between bit 0 and bit n are automatically assigned by the NCK to the SGEs/SGAs that lie between the SGE/SGA start address and the end address. The assignment of the F module for supplying/clearing the input/output data for the SPL SGE/SGAs is made implicitly via the machine data index; i.e. the input/output data assigned to the SPL/SGEs/SGAs per NCK machine data: ...PROFISAFE_IN/OUT_ASSIGN[Index] refer to the F module whose PROFIsafe address is entered under the same index in NCK machine data: ...PROFISAFE_IN/OUT_ADDRESS[Index] Note The NCK machine data: * MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index] * MD 10388: $MN_PROFISAFE_IN_ASSIGN[Index] and * MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index] * MD 10389: $MN_PROFISAFE_OUT_ASSIGN[Index] (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-191 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 11.03 refer to each other via their indices. Parameterizing errors The following parameterizing errors are detected at run-up and the appropriate alarms displayed: Bit limits interchanged (start value > end value) 1) Bit values greater than max. SGE/SGA number (> 64) 1) Number greater than max. F useful data bits (end value - start value + 1> 8) 1) 1) No SPL assignment parameterized (start and end value == 0) 1) Incorrect SPL assignment (start or end value == 0) SPL-SGE multiple assignment (F module and DMP module) 2) F module: MD 10388 $MN_PROFISAFE_IN_ASSIGN DMP module: MD 10390 $MN_SAFE_IN_HW_ASSIGN * 1) * 2) Alarm: 27203 "PROFIsafe: MD Number [Index]: SPL assignment incorrect" Alarm: 27204 "PROFIsafe: Dual allocation MD Number [Index] MD Number [Index]" Note If, via NCK machine data: * MD 10388: $MN_PROFISAFE_IN_ASSIGN[Index] is incorrectly assigned more useful data bits of an F-DI module of the SPL SGEs than are transferred to the relevant bits defined by the parameterization of the F/DI module, this cannot be detected by the NCK. Example: For 2v2 parameterization of all of the channels of the F module: ET 200S F, F-DI module: 4/8 F-DI 24VDC the 8 transferred useful data bits contain only 4 actually relevant bits (bit 0 to bit 3). In this case, bit 4 to bit 7 are always 0. Assignment example Assignment example based on two ET 200S F-DI modules "4/8 F-DI 24V": The F-DI modules have been assigned the F target addresses: 1022 and 1021. For the parameter: "2v2" was selected in each case for the parameter: "encoder analysis", so that only bits 0 to 3 are used to transfer relevant data in the F useful data. A "0" is always transferred in the other F useful data. The F target addresses (1022 and 1021) of the configured F-DI modules are entered into the NCK machine data: * MD 10386: $MN_PROFISAFE_IN_ADDRESS[0] and [1]. Using the NCK machine data: MD 10388: $MN_PROFISAFE_IN_ASSIGN[0] and [1] the F useful (net) data are assigned: F useful data of 1022, bit 0 to bit 3 for SPL-SGE[1] to SPL-SGE[4] F useful data of 1021, bit 0 to bit 3 for SPL-SGE[5] to SPL-SGE[8] 3-192 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) DP slave ET 200S F-DI block Parameter F parameter F_target_address 1022 Module parameters Channel 1, 5 activated Encoder evaluation Channel 2, 6 activated Encoder evaluation Channel 3, 7 activated Encoder evaluation Channel 4, 8 activated Encoder evaluation 2v2 2v2 SPL-SGE $A_INSE NCK machine data: $MN_PROFISAFE_IN_ADRESS [index] 03FEH (1022) 0 03FDH (1021) 1 NCK machine data: $MN_PROFISAFE_IN_ASSIGN [index] 1 Contents of F address 1022.bit 1 2 Contents of F address 1022.bt 2 3 4 004001 0 Contents of F address 1022.bit 3 008005 1 Contents of F address 1021.bit 0 5 Contents of F address 1021.bit 1 6 Contents of F address 1021.bit 2 7 Contents of F address 1021.bit 3 8 --- 61 ----- 62 --- 64 2v2 2v2 0 14 0 14 0 15 0 15 F-DI block Parameter F parameter F_target_address Module parameters Channel 1, 5 activated Encoder evaluation Channel 2, 6 activated Encoder evaluation Channel 3, 7 activated Encoder evaluation Channel 4, 8 activated Encoder evaluation Fig. 3-51 1021 F DI block (1021) Transferred F useful data Channel 1,5 2v2 bit 0 2v2 Channel 2,6 2v2 bit 1 Channel 3,7 2v2 bit 2 2v2 2v2 2v2 Channel 4,8 2v2 bit 3 0 bit 4 0 bit 5 0 bit 6 0 bit 7 [Number] Contents F - M oofd Fu address l 1 0 2 21022.bit .B it 0 0 Used F useful data 63 SGE start address = 005 No. of bits = SGE end address - SGE start address + 1 SGE-end address = 008 PS_MD_FS2SGEA.DSF Assignment example: F useful data to the SPL-SGEs Axial checksum The following machine data: * MD 10099: $MN_INFO_PROFISAFE_CYCLE_TIME * MD 10385: $MN_PROFISAFE_MASTER_ADDRESS * MD 10386: $MN_PROFISAFE_IN_ADDRESS * MD 10387: $MN_PROFISAFE_OUT_ADDRESS * MD 10388: $MN_PROFISAFE_IN_ASSIGN * MD 10389: $MN_PROFISAFE_OUT_ASSIGN are calculated into axial checksum machine data: * MD 36889: $MA_SAFE_ACT_CHECKSUM[n] (actual checksum). Changes only become active after they have been acknowledged on an axis-for-axis basis: SINUMERIK HMI Advanced or HMI Embedded: Operating area changeover > Startup > Drive Configuration > Soft key "Confirm SI data" If changes to the machine data are not acknowledged, an alarm is issued the next time that the NCK runs up: * Alarm: 27032 "Axis [Name] Checksum error safe monitoring". Acknowledgement and an acceptance test are required! Additional alarms Furthermore, the following error states are also detected and the appropriate alarms displayed: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-193 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 11.03 Configuring error If a DP slave cannot be identified in the loaded configuration, the following alarm is displayed when the NCK runs-up: * Alarm: 27225 "PROFIsafe: Slave DP address Configuration error error" Run-up error The following error states are detected when the NCK runs-up and the appropriate alarms are displayed: The DP master has not run-up or has not transferred a configuration to the NCK 1) PROFIsafe communications are not possible due to differing DP 2) interface versions of NCK and PLC An error has been detected while evaluating an F module configuration: 3) CRC error detected using F parameter The F monitoring time set in the F module is too short compared to the PROFIsafe clock cycle The F telegram lengths entered in the configuration cannot be processed by the NCK Runtime error * * 1) 2) * 3) The following error states are detected during the NCK runtime and the appropriate alarms are displayed: - A new configuration was downloaded into the DP master during operation 1) 2) - Communications error between the F master and an F module - Communications error between the DP master and DP slave in which the F module is inserted 3) 4) - Communications error between NCK and PLC 5) - An F module has signaled a channel error 6) - General error message of an F module 7) - The PROFIsafe communications cycle time is exceeded * * * * * * * 3-194 Alarm: 27240 "PROFIsafe: DP M has not run-up, DP info: Info " Alarm: 27241 "PROFIsafe: DP M version different, NCK: Version, PLC: Version" Alarm: 27242 "PROFIsafe: F module F target address, Parameter incorrect" 1) Alarm: 27250 "PROFIsafe: Configuration in DP-M has been changed; Error code Error code1 - Error code2" 2) Alarm: 27251 "PROFIsafe: F module F target address, F components signals error parameter" 3) Alarm: 27252 "PROFIsafe: Slave DP address, sign-of-life error" 4) Alarm: 27253 "PROFIsafe: Communications error F master components components, error error code" 5) Alarm: 27254 "PROFIsafe: F module F target address, Error in channel Channel" system variable 6) Alarm: 27255 "PROFIsafe: F module F target address, General Error 7) Alarm: 27256 "PROFIsafe: Actual cycle time Cycle time [ms] > Parameterized cycle time" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 3.12.7 Parameterizing the SINUMERIK 840D PLC The PLC does not have to be parameterized explicitly when connecting F modules as SI I/O modules to PROFIBUS DP. The PLC is parameterized implicitly by: Parameterizing the NCK Creating and downloading the configuration The parameterization data required for PROFIsafe communications is made available to the PLC from the NCK when the SINUMERIK 840D runs-up. This is in the form of an image of the relevant NCK machine data. Data block DB18 Data block DB18 has been extended to include two read-only bit arrays: INSEP_PROFISAFE OUTSEP_PROFISAFE The two bit fields are used to display which INSEP/OUTSEP bytes are only assigned to F modules as a result of the parameterization in the NCK machine data: * MD 10388: $MN_PROFISAFE_IN_ASSIGN * MD 10389: $MN_PROFISAFE_OUT_ASSIGN Data block DB18 (excerpt): STRUCT : SPL_DATA:STRUCT INSEP: ARRAY[1 .. 64]OF BOOL; OUTSEP: ARRAY[1 .. 64]OF BOOL; : END_STRUCT; : //External SPL input bytes(HW) with PROFIsafe slaves INSEP_PROFISAFE: ARRAY[1 .. 8]OF BOOL; //External SPL output bytes(HW) with PROFIsafe slaves OUTSEP_PROFISAFE: ARRAY[1 .. 8]OF BOOL; : END_STRUCT; (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-195 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) 3.12.8 11.03 Response times The response time considered here is the time between a signal changing at the input of an F/DI module and the signal changing at the relevant output of an F/DO module. The NC response time TR_NCK is approximated to: NC response time TPST > TIPO: TR_NCK = TINPUT + TOUTPUT + 2* TDPM + 1*TIPO + 3* TPST TPST = TIPO: TR_NCK = TINPUT + TOUTPUT + 2* TDPM + 2*TIPO Note The NC response time is decisive when disabling (1 > 0) an output. The PLC response time TR_PLC is approximated to: PLC response time TR_PLC = TINPUT + TOUTPUT + 4 ms + 1* TPST + 2* TOB1 Note The PLC response time is decisive when activating (0 > 1) an output. where: TINPUT: TOUTPUT: TDPM: TIPO: TPST: TOB1: 3.12.9 Processing/transfer times for F-DI module and DP slave Processing/transfer times for F-DO module and DP slave Internal transfer cycle of DP master, typically 2 ms Parameterized IPO cycle Parameterized PROFIsafe cycle OB1 processing time Functional limitations I/O modules available for SINUMERIK 840D: F modules DMP modules Onboard I/O Mixed mode for I/O modules can be operated in parallel. Multiple assignment of inputs of the various modules to the same SPL SGE are detected and displayed in an alarm: * Alarm: 27204 "PROFIsafe: Dual allocation MD Number [Index] MD Number [Index]" Axial NCK-SGE/SGA 3-196 It is not possible to directly connect the I/Os (F useful data) of an F module to axial NCK SGE/ SGAs. They can only be connected in the context of the NCKSPL which must be installed for the purpose. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3 Safety-Related Functions 3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30) PLC-SPL SGE/SGA Inputs/outputs (F useful data) of an F module are automatically connected to the SPL interface in data block DB18 by the PLC basic program. It is not possible to connect them in a PLC user program. Axial 611D SGE/SGA The I/Os (F useful data) of an F module cannot be connected to axial 611D SGE/ SGAs. They can only be connected in the context of the NCK-SPL which must be installed for the purpose. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-197 3 Safety-Related Functions 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 11.03 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) When the drive bus fails, then communications between the drive and NCK required for SI also fail. The pulses are immediately cancelled from both channels. This pulse cancellation must be delayed for a short time so that in this particular fault situation, a drive-autonomous response (ESR) can be carried-out at the machine. References: Programming Guide Workshop Planning (PGA) This is the reason that after a bus failure has been detected, there must be a delay before canceling the pulses both in the NCK monitoring channel and in the drive monitoring channel. The selected axial SI functionality (SG,SE, SBH) at the instant that the drive bus failed, is still available through one channel in the drive monitoring channel. The NCK monitoring channel can no longer be monitored as there is no actual value. The PLC SPL remains functional in the scope in which the drive monitoring channel is not required. From the PLC-SPL it is not possible to select another monitoring functionality or immediately cancel the pulses via an external Stop A. The NCK-SPL also remains functional if it does not receive its input quantities ($A_INSE) from the DMP modules connected to the drive bus - but instead via PROFIsafe I/O or the local inputs on the NCU. If another axial monitoring function (e.g. SE stage changeover) is selected, this remains ineffective as the axial NCK monitoring functions are de-activated. However, when an external STOP A is selected, this results in the pulses being immediately cancelled via terminal 663 - just the same as for an SBH selection. An SG changeover can also result in immediate pulse cancellation. If the NCK-SGA "enable pulses" is not output via the local outputs on the NCU, but via the DMP modules on the drive bus, then it is not possible to delay the pulse cancellation via terminal 663. The DMP modules delete their outputs when a drive bus failure is detected. If the internal pulse cancellation (also refer to Section 3.1.2 "Shutdown paths") is used, then the SGA "externally enable pulses" must be connected to terminal 663. It is no longer possible to internally cancel the pulses via the drive bus. In this case, the SGA "externally enable pulses" must be output via the local outputs on the NCU. Activation 3.13.1 The delay time up to pulse cancellation via terminal 663 must be parameterized for a value greater than 0 in the NCK machine data 10089 $MN_SAFE_PULSE_DIS_TIME_BUSFAIL and in the appropriate drive machine data 1380 MD_SB_PULSE_DISABLE_TIME. For a standard value of 0, the function is de-activated; when the drive bus fails, the pulse enable signal for terminal 663 is immediately withdrawn. Behavior of the axial NCK monitoring channel If a delayed pulse cancellation is parameterized using MD $MN_SAFE_PULSE_DIS_TIME_BUSFAIL, after a bus failure, the SGA leave all of the axial SI monitoring channels in their old condition. After this delay time has expired, all SGA are, as before, deleted. The axial monitoring functions are immediately no longer processed after the bus fails as the basis for the monitoring function - the safe actual value - is no longer available. 3-198 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 3 Safety-Related Functions In the following cases, when the drive bus fails, the pulses are immediately cancelled via terminal 663 - even if a delay time is parameterized using $MN_SAFE_PULSE_DIS_TIME_BUSFAIL: 3.13.2 * An external STOP A is selected. * A test stop or an external pulse cancellation test is selected. * The SBH function is or will be selected. * An SG stage is selected or will be selected, for which it was previously defined, that in this SG stage, no ESR will be executed when the drive bus fails (e.g. SG stage for personnel protection). This definition is made in MD 36963 $MA_SAFE_VELO_STOP_REACTION (for the individual SG stages) or MD 36961 $MA_SAFE_VELO_STOP_MODE (for all SG stages together). Behavior without NCK-SPL Without NCK-SPL, the axial NCK-SGA are directly transferred to the output modules. The SGA that are output indicate the monitoring status at the instant in time that the drive bus failed. After this delay time has expired, all NCK-SGA are set to 0. However, this only applies to SGA that are output via the local outputs on the NCU. The DMP modules on the drive bus immediately set their outputs to 0 when the bus fails. The axial SGE are still read-in if they are not supplied from the DMP modules on the drive bus. This means, for example, that an immediate pulse cancellation can be triggered (e.g. by selecting SBH). The images of the SGE from the DMP modules on the drive bus are left at their old values. 3.13.3 Behavior with NCK-SPL The NCK-SPL remains active as the actual value is not required for the SPL. This means, for example, that an Emergency Off still results in an external STOP A and therefore pulse cancellation, even if the delay time after the drive bus failed has still not expired. In order to correctly process NCK-SPL, the input and output quantities of the SPL must be considered in more detail ($A_INSE, $A_OUTSE, $A_OUTSI). $A_INSE The system variables $A_INSE contain the input "circuit" of the NCK-SPL. If these input quantities are received from local inputs on the NCU - or PROFIsafe - then no other measures have to be made. If these input quantities come from the DMP modules on the drive bus, then the last valid image of the input circuit is used. Otherwise, with the fail-safe value of 0, an external STOP A would be immediately initiated which, in turn, results in immediate pulse cancellation. Example: For an Emergency Stop, a STOP A is immediately initiated. This means that the time up until the pulses are cancelled is extremely short. If the input (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-199 3 Safety-Related Functions 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 11.03 required is read-in from the DMP modules on the drive bus, then the response time for an Emergency Stop - that almost always occurs simultaneously with a bus failure, increases by the time specified in $MN_SAFE_PULSE_DIS_TIME_BUSFAIL. The pulses are only cancelled after this time and the initiated Emergency Stop is not recognized. This is the reason that $MN_SAFE_PULSE_DIS_TIME_BUSFAIL must be selected to be relatively short. In situations such as these, we recommend that the local inputs on the NCU or PROFIsafe are used. When DMP modules are used on the drive bus with local inputs on the NCU or F-DI modules with PROFIsafe, the engineer programming the SPL must take into account this different behavior if he wishes to configure a delayed pulse cancellation when the drive bus fails. $A_OUTSE The $A_OUTSE system variables include the outputs of the NCK-SPL, that should be output to the peripherals. The output/outputs to terminal 663 of the terminal module must be output via the local outputs on the NCU. Under no circumstances may these outputs be output via the DMP modules connected to the drive bus as this would result in immediate pulse cancellation if the drive bus was to fail. $A_INSI $A_INSI is the input interface to the axial NCK monitoring functions. This means that it includes the NCK-SGA. The NCK-SGA are left in their old state so that when the drive bus fails, no further action is require here. $A_OUTSI $A_OUTSI is the output interface to the axial NCK monitoring functions. This means that it includes the NCK-SGE. In this interface, only the SGE "deselection of the external STOP A", "SBH selection" and the selection of an SG stage for personnel protection are relevant (also refer to "behavior of the axial NCK monitoring channel"). The reason for this is that the actual axial monitoring functions are no longer active: 3.13.4 * An external stop with low priority cannot be executed as setpoints cannot be transferred to the drive. * The additional axial NCK monitoring functions required the actual value that is no longer available. Behavior of the drive monitoring channel The drive monitoring channel delays, just like the NCK monitoring channel, its pulse cancellation by the parameterized time. However, in addition, it keeps the monitoring functions active that were active at the instant of the failure. The drive can still monitor as it still has access to the correct actual value. In the following cases, when the drive bus fails, the pulses are immediately cancelled - even if a delay time has been parameterized: 3-200 * The SBH function is selected. * An SG stage has been selected where it has been previously defined, that in this SG stage, no ESR should be executed when the drive bus fails (e.g. SG stage for personnel protection). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 3.13.5 3 Safety-Related Functions SGE/SGA processing in the PLC The SGE/SGA processing in the PLC must always be available in order to logically combine the 611digital SGA and to output this to the periphery or read-in the peripheral signals and distribute these to the 611digital SGE. Without NCK-SPL, they correspond to the assignment of the SGA/SGE to the digital input/output modules that is made in the NCK using the appropriate machine data. With NCK-SPL, the PLC-SPL is the 2nd channel of the SPL; the results are compared between the NCK and PLC. The SGE that are read-in are not effective as they cannot be transferred to the 611digital monitoring channel via the faulted drive bus. When processing the SGA in the PLC, the 611digital SGA are left in the same state as before the drive bus failed. Due to the missing sign-of-life character in the SGE/SGA data transfer, the PLC will detect a fault at the latest after 2 s. However, at this instant in time, the pulses would already have been cancelled after the expiration of $MN_SAFE_PULSE_DIS_TIME_BUSFAIL or the appropriate drive machine data. 3.13.6 Limitations An ESR executed autonomously in the drive when the drive bus fails is only possible if the pulse enable is output at terminal 663 via the local outputs on the NCU. The DMP modules themselves are connected to the same drive bus and when the drive bus fails, they automatically clear their outputs. When using the NCK-SPL, the input quantities of the SPL should also come from the local inputs on the NCU and/or from the PROFIsafe peripherals. The reason for this is that the input quantities of the DMP modules remain at the same state at the instant that the bus failed. If an Emergency Stop is implemented using the SPL, when considering the maximum response time up to pulse cancellation, the delay time in $MN_SAFE_PULSE_DIS_TIME_BUSFAIL must be taken into account. 3.13.7 Example 1 Examples The following parameterization ensures that when the drive bus fails there is 200 ms time for an ESR executed autonomously in the drive before the pulses are cancelled. The SG stages for personnel protection are defined differently in the individual axes. $MN_SAFE_PULSE_DIS_TIME_BUSFAIL = 0.2 ; Parameterization for the X axis (AX1) ; pulses are immediately cancelled in all SG stages, STOP D is initiated when ; the SG is exceeded $MA_SAFE_VELO_STOP_MODE[AX1] = 3 ; Parameterization for the Y axis (AX2) ; pulses are not immediately cancelled in all SG stages, STOP D is initiated ; when the SG is exceeded $MA_SAFE_VELO_STOP_MODE[AX2] = 13 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-201 3 Safety-Related Functions 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 11.03 ; Parameterization for the Z axis (AX3) ; pulses are immediately cancelled in all SG stages, STOP D is initiated when ; the SG is exceeded in SG stages 1 and 2, STOP C in SG stages 3 and 4 $MA_SAFE_VELO_STOP_MODE[AX3] = 5; => $MA_SAFE_VELO_STOP_REACTION becomes effective $MA_SAFE_VELO_STOP_REACTION[0, AX3] = 3 ; SG stage 1 $MA_SAFE_VELO_STOP_REACTION[1, AX3] = 3 ; SG stage 2 $MA_SAFE_VELO_STOP_REACTION[2, AX3] = 2 ; SG stage 3 $MA_SAFE_VELO_STOP_REACTION[3, AX3] = 2 ; SG stage 4 ; Parameterization for the A axis (AX4) ; pulses not immediately cancelled in all SG stages, STOP D is initiated when ; the SG is exceeded in SG stages 1 and 2, STOP C in SG stages 3 and 4 $MA_SAFE_VELO_STOP_MODE[AX4] = 5; => $MA_SAFE_VELO_STOP_REACTION becomes effective $MA_SAFE_VELO_STOP_REACTION[0, AX4] = 13 ; SG stage 1 $MA_SAFE_VELO_STOP_REACTION[1, AX4] = 13 ; SG stage 2 $MA_SAFE_VELO_STOP_REACTION[2, AX4] = 12 ; SG stage 3 $MA_SAFE_VELO_STOP_REACTION[3, AX4] = 12 ; SG stage 4 ; Parameterization for the B axis (AX5) ; the pulses are only immediately cancelled in SG stages 1 and 3, STOP D , is initiated when the SG is exceeded in all stages $MA_SAFE_VELO_STOP_MODE[AX5] = 5; => $MA_SAFE_VELO_STOP_REACTION becomes effective $MA_SAFE_VELO_STOP_REACTION[0, AX5] = 3 ; SG stage 1 $MA_SAFE_VELO_STOP_REACTION[1, AX5] = 13 ; SG stage 2 $MA_SAFE_VELO_STOP_REACTION[2, AX5] = 3 ; SG stage 3 $MA_SAFE_VELO_STOP_REACTION[3, AX5] = 13 ; SG stage 4 ; Parameterization for the C axis (AX6) ; pulses are only immediately cancelled in SG stages 1 and 3, STOP D is ; initiated when the SG is exceeded in SG stages 1 and 2, STOP C in SG ; stage 3 and STOP E in SG stage 4 $MA_SAFE_VELO_STOP_MODE[AX6] = 5; => $MA_SAFE_VELO_STOP_REACTION becomes effective $MA_SAFE_VELO_STOP_REACTION[0, AX6] = 3 ; SG stage 1 $MA_SAFE_VELO_STOP_REACTION[1, AX6] = 13 ; SG stage 2 $MA_SAFE_VELO_STOP_REACTION[2, AX6] = 2 ; SG stage 3 $MA_SAFE_VELO_STOP_REACTION[3, AX6] = 14 ; SG stage 4 Example 2 The following example clearly indicates the problems when grouping axes whose terminal 663 is controlled using a digital output: The 3 X, Y and Z axes have the same parameterized behavior in their SG stages when the drive bus fails: For SG1, the pulses should be immediately canceled with the drive bus fails, however, for SG2 to SG4, with a delay. Terminal 663 is controlled from all 3 drives via the same output (local output on the NCU). When the bus fails, a 500 ms delay should first expire before the pulses are cancelled. This is parameterized as follows: $MN_SAFE_PULSE_DIS_TIME_BUSFAIL = 0.5 ; Parameterization for the X axis (AX1): ; STOP D is initiated when the SG is exceeded in SG stages 1 and 2, STOP C ; in SG stages 3 and 4 $MA_SAFE_VELO_STOP_MODE[AX1] = 5; => $MA_SAFE_VELO_STOP_REACTION becomes effective $MA_SAFE_VELO_STOP_REACTION[0, AX1] = 3 ; SG stage 1 $MA_SAFE_VELO_STOP_REACTION[1, AX1] = 13 ; SG stage 2 $MA_SAFE_VELO_STOP_REACTION[2, AX1] = 12 ; SG stage 3 $MA_SAFE_VELO_STOP_REACTION[3, AX1] = 12 ; SG stage 4 3-202 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 3 Safety-Related Functions ; Parameterization for the Y axis (AX2): ; STOP C is initiated when the SG is exceeded in SG stage 1, STOP E ; in SG stages 2, 3 and 4 $MA_SAFE_VELO_STOP_MODE[AX2] = 5; => $MA_SAFE_VELO_STOP_REACTION becomes effective $MA_SAFE_VELO_STOP_REACTION[0, AX2] = 2 ; SG stage 1 $MA_SAFE_VELO_STOP_REACTION[1, AX2] = 14 ; SG stage 2 $MA_SAFE_VELO_STOP_REACTION[2, AX2] = 14 ; SG stage 3 $MA_SAFE_VELO_STOP_REACTION[3, AX2] = 14 ; SG stage 4 ; Parameterization for the Z axis (AX3): ; STOP D is initiated when the SG is exceeded in SG stage 1, STOP E ; in SG stages 2, 3 and 4 $MA_SAFE_VELO_STOP_MODE[AX3] = 5; => $MA_SAFE_VELO_STOP_REACTION becomes effective $MA_SAFE_VELO_STOP_REACTION[0, AX3] = 3 ; SG stage 1 $MA_SAFE_VELO_STOP_REACTION[1, AX3] = 14 ; SG stage 2 $MA_SAFE_VELO_STOP_REACTION[2, AX3] = 14 ; SG stage 3 $MA_SAFE_VELO_STOP_REACTION[3, AX3] = 14 ; SG stage 4 This results in the following behavior when the drive bus fails: 1. If SG1 is selected in any one of the three axes at the instant that the bus fails, then the pulses are immediately cancelled for all 3 axes. This is because terminal 663 is controlled from all 3 axes via one output and the pulses are immediately cancelled from the axis with SG1 via this output. 2. If one of the SG stages 2 to 4 is selected in all three axes, then pulse cancellation is delayed for 500 ms. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-203 3 Safety-Related Functions 3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 11.03 Notes 3-204 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 4 Data Descriptions 4 4.1 Machine data .............................................................................................. 4-206 4.1.1 Overview of the machine data .............................................................. 4-206 4.1.2 Description of the machine data ........................................................... 4-208 4.2 Machine data for SIMODRIVE 611 digital ................................................... 4-240 4.2.1 Overview of the machine data .............................................................. 4-240 4.2.2 Description of the machine data ........................................................... 4-242 4.3 Interface signals.......................................................................................... 4-255 4.3.1 Interface signals for SINUMERIK 840D ................................................ 4-255 4.3.2 Description of the interface signals ....................................................... 4-256 4.4 System variable .......................................................................................... 4-263 4.4.1 System variable for SINUMERIK 840D................................................. 4-263 4.4.2 Description of the system variables ...................................................... 4-266 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-205 4 Data Descriptions 4.1 Machine data 11.03 Note The function "safe software limit switch" (SE) is also called "safe limit positions" and the function "safe software cams" (SN) is also called "safe cams". 4.1 Machine data 4.1.1 Overview of the machine data Table 4-1 Overview of machine data for SINUMERIK 840D Number Name Name General ($MN_ ... ) 10050 SYSCLOCK_CYCLE_TIME System basic clock cycle 10060 POSCTRL_SYSCLOCK_TIME_RATIO Factor for position control cycle 10070 IPO_SYSCLOCK_CYCLE_TIME_RATIO Factor for IPO clock cycle 10089 SAFE_PULSE_DIS_TIME_BUS_FAIL Delay time, pulse cancellation on drive failure 10090 SAFETY_SYSCLOCK_TIME_RATIO Factor for monitoring cycle 10091 INFO_SAFETY_CYCLE_TIME Display of monitoring cycle 10092 INFO_CROSSCHECK_CYCLE_TIME Display of crosswise data comparison cycle 10093 INFO_NUM_SAFE_FILE_ACCESS Number of SPL file access operation 10094 SAFE_ALARM_SUPPRESS_LEVEL Alarm suppression level 10095 SAFE_MODE_MASK Safety Integrated modes 10096 SAFE_DIAGNOSIS_MASK Safety Integrated diagnostic function 10097 SAFE_SPL_STOP_MODE Sets the stop response for Error 27090 and protected synchronous responses and PLCSPL set 10098 PROFISAFE_IPO_TIME_RATIO Factor for PROFIsafe communications clock cycle 10099 INFO_PROFISAFE_CYCLE_TIME PROFIsafe communications clock cycle 10200 INT_INCR_PER_MM Calculation resolution for linear positions 10210 INT_INCR_PER_DEG Calculation resolution for angular positions 10366 HW_ASSIGN_DIG_FASTIN Hardware assignment of external digital NCK inputs 10368 HW_ASSIGN_DIG_FASTOUT Hardware assignment of external digital NCK outputs 10385 PROFISAFE_MASTER_ADRESS PROFIsafe address of F master 10386 PROFISAFE_IN_ADRESS PROFIsafe address of an input module 10387 PROFISAFE_OUT_ADRESS PROFIsafe address of an output module 10388 PROFISAFE_IN_ASSIGN Assignment between external SPL interface $A_INSE and PROFIsafe input module 10389 PROFISAFE_OUT_ASSIGN Assignment between external SPL interface $A_INSE and PROFIsafe output module 10390 SAFE_IN_HW_ASSIGN Input assignment ext. SPL interface 10392 SAFE_OUT_HW_ASSIGN Output assignment ext. SPL interface 13010 DRIVE_LOGIC_NR Logical drive number Axis/spindle-specific ($MA_ ... ) 30240 ENC_TYPE Encoder type, actual value sensing method 30300 IS_ROT_AX Rotary axis/spindle 30320 DISPLAY_IS_MODULO Modulo 360 degrees display for rotary axis/spindle 30330 MODULO_RANGE Size of modulo range 32300 MA_AX_ACCEL Axis acceleration 35200 GEAR_STEP_SPEEDCTRL_ACCEL Acceleration in speed control mode 35210 STEP_POSCTRL_ACCEL Acceleration in position control mode 35410 SPIND_OSCILL_ACCEL Acceleration when oscillating 36060 STANDSTILL_VELO_TOL Maximum velocity/speed "Axis/spindle stationary" 36620 SERVO_DISABLE_DELAY_TIME Shutdown delay controller enable 4-206 Reference /FBD/, G2 /FBD/, G2 /FBD/, G2 /FBD/, G2 /FBD/, A4 /FBD/, A4 /FBD/, G2 /FBD/, G2 /FBD/, R2 /FBD/, R2 /FBD/, R2 /FBD/, B2 /FBD/, S1 /FBD/, S1 /FBD/, S1 /FBD/, A2 /FBD/, A2 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data Number 36901 36902 36905 36910 36911 Name SAFE_FUNCTION_ENABLE SAFE_IS_ROT_AX SAFE_MODULO_RANGE SAFE_ENC_SEGMENT_NR SAFE_ENC_MODULE_NR 36912 SAFE_ENC_INPUT_NR 36915 36916 36917 36918 36920 36921 36922 36925 36926 SAFE_ENC_TYPE SAFE_ENC_IS_LINEAR SAFE_ENC_GRID_POINT_DIST SAFE_ENC_RESOL SAFE_ENC_GEAR_PITCH SAFE_ENC_GEAR_DENOM[n] SAFE_ENC_GEAR_NUMERA[n] SAFE_ENC_POLARITY SAFE_ENC_FREQ_LIMIT 36930 36931 36932 36933 36934 36935 36936 36937 36940 36942 SAFE_STANDSTILL_TOL SAFE_VELO_LIMIT[n] SAFE_VELO_OVR_FACTOR[n] SAFW_DES_VELO_LIMIT SAFE_POS_LIMIT_PLUS[n] SAFE_POS_LIMIT_MINUS[n] SAFE_CAM_POS_PLUS[n] SAFE_CAM_POS_MINUS[n] SAFE_CAM_TOL SAFE_POS_TOL 36944 SAFE_REFP_POS_TOL 36946 36948 36949 36950 36951 36952 36953 36954 36955 36956 36957 36958 36960 36961 36962 36963 SAFE_VELO_X SAFE_STOP_VELO_TOL SAFE_SLIP_VELO_TOL SAFE_MODE_SWITCH_TIME SAFE_VELO_SWITCH_DELAY SAFE_STOP_SWITCH_TIME_C SAFE_STOP_SWITCH_TIME_D SAFE_STOP_SWITCH_TIME_E SAFE_STOP_SWITCH_TIME_F SAFE_PULSE_DISABLE_DELAY SAFE_PULSE_DIS_CHECK_TIME SAFE_ACCEPTANCE_TST_TIMEOUT SAFE_STANDSTILL_VELO_TOL SAFE_VELO_STOP_MODE SAFE_POS_STOP_MODE SAFE_VELO_STOP_REACTION[n] 36964 36965 36966 36967 36970 36971 36972 36973 36974 36975 36976 36977 36978 SAFE_IPO_STOP_GROUP SAFE_PARK_ALARM_SUPPRESS SAFE_BRAKETEST_TORQUE SAFE_BRAKETEST_POS_TOL SAFE_SVSS_DISABLE_INPUT SAFE_SS_DISABLE_INPUT SAFE_VELO_SELECT_INPUT[n] SAFE_POS_SELECT_INPUT SAFE_GEAR_SELECT_INPUT[n] SAFE_STOP_REQUEST_INPUT SAFE_PULSE_STATUS_INPUT SAFE_EXT_STOP_INPUT[n] SAFE_OVR_INPUT[n] Name Enable safety functions Rotary axis Modulo value safe cams (from SW4.2) Actual value assignment: Drive type Actual value assignment: Drive number/measuring circuit number Actual value assignment: Input on drive module/control loop module Encoder type Linear scale Linear scale graduations Encoder pulses per revolution Lead screw pitch Denominator of encoder/load gear Numerator of encoder/load gear Direction reversal actual value Encoder frequency for safe operation (only with Performance 2 controls) Zero speed tolerance Limit value for safely reduced speed Override factor for SG (SW 4.2 and higher) SG set speed limitation Upper limit value for safe limit position Lower limit value for safe limit position Plus cam position for safe cams Minus cam position for safe cams Tolerance for safe cams Actual value comparison tolerance (crosswise) Actual value comparison tolerance (referencing) Speed limit nx (from SW4.2) Tolerance actual speed for SBR (from SW4.2) Speed tolerance slip Tolerance time for SGE changeover Delay time speed changeover Transition time, STOP C to safe standstill Transition time, STOP D to safe standstill Transition time, STOP E to safe standstill Delay time STOP F response Delay time pulse cancellation Time for testing pulse cancellation Time limit for acceptance test Shutoff speed for pulse cancellation Stop response safely reduced speed Stop response safe limit position SG-specific stop response (SW 4.2 and higher) Grouping, safety IPO response Alarm suppression for parking axis Brake test torque Position tolerance for brake test Input assignment SBH/SG de-selection Input assignment SBH de-selection Input assignment SG selection Input assignment SE selection Input assignment gear ratio selection Input assignment "Test stop selection" Input assignment "Pulses cancelled" status Input assignment external brake request Input assignment for SG override selection (SW 4.2 and higher) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 Reference 4-207 4 Data Descriptions 4.1 Machine data 11.03 Number 36979 Name SAFE_STOP_REQUEST_EXT_INPUT 36980 36981 SAFE_SVSS_STATUS_OUTPUT SAFE_SS_STATUS_OUTPUT 36982 SAFE_VELO_STATUS_OUTPUT[n] 36984 SAFE_EXT_PULSE_ENABLE_OUTPUT 36985 36986 36987 36988 36989 36990 36992 SAFE_VELO_X_STATUS_OUTPUT SAFE_PULSE_ENABLE_OUTPUT SAFE_REFP_STATUS_OUTPUT SAFE_CAM_PLUS_OUTPUT[n] SAFE_CAM_MINUS_OUTPUT[n] SAFE_ACT_STOP_OUTPUT[n] SAFE_CROSSCHECK_CYCLE 36993 36994 36995 36997 36998 36999 37000 37090 37092 SAFE_CONFIG_CHANGE_DATE[n] SAFE_PREV_CONFIG[n] SAFE_STANDSTILL_POS SAFE_ACKN SAFE_ACT_CHECKSUM SAFE_DES_CHECKSUM FIXED_STOP_MODE SAFE_BRAKETEST_TORQUE SAFE_BRAKETEST_POS_TOL 4.1.2 General Name Assignment of input terminal to select the external shutdown test Output assignment SBH/SG active Output assignment for SBH active (from SW 4.2) Output assignment for SG active (from SW 4.2) Assignment of the output terminal for external pulse enable request. Output assignment for n < nx (from SW4.2) Output assignment "Enable pulses" Output assignment "Axis safely referenced" Output assignment SN1 + to SN4 + Output assignment SN1 - to SN4 Output assignment act. STOP Display of axial crosswise data comparison clock cycle Date/time of the last change SI-NCK-MD Data of previous safety function Standstill position User agreement Actual checksum Setpoint checksum Traverse to fixed endstop mode Brake test, holding torque Position tolerance for brake test Reference Description of the machine data General information about machine data and an explanation of their contents such as unit, data type, protection level, effectiveness, etc. can be found in the following references: References: /LIS/, Lists SINUMERIK 840D 10089 $MN_SAFE_PULSE_DIS_TIME_BUSFAIL 840D MD number Delay time until the pulses are cancelled when the drive bus fails Default: 0 Min. input value: 0 Max. input value: 0.8 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 6.4.09 Meaning This is the time after the drive bus fails that the pulses are safely cancelled. During this time, it is still possible to implement a response to the bus failure that is executed autonomously in the drive (refer to extended shutdown and retraction) In the following cases, the pulses are immediately cancelled (the system does not wait for this delay time to expire): * When selecting an external Stop A * For active SBH or when SBH is selected * For an active SG stage or when selecting an SG stage for which an immediate pulse cancellation is parameterized in $MA_SAFE_VELO_STOP_MODE or $MA_SAFE_VELO_STOP_REACTION. Special cases, errors .$MN_SAFE_PULSE_DIS_TIME_BUSFAIL is transferred using the copy function of the SI-MD into drive MD 1380 and then subject to a crosswise data comparison. These general machine data are included in the axial checksum calculation of the safetyrelevant machine data ( $MA_SAFE_ACT_CHECKSUM, $MA_SAFE_DES_CHECKSUM). Corresponds with ... 4-208 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO 840D MD number Factor for monitoring cycle Default: 3 Min. input value: 1 Max. input value: 50 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning Ratio between the monitoring and basic system clock cycle. The monitoring clock cycle is the product of this data and $MN_SYSCLOCK_CYCLE_TIME. Special cases, errors The monitoring clock cycle is checked during power-up: * It must be an integral multiple of the position control clock cycle * It must be 25 ms If these conditions are not fulfilled, the factor is rounded to the next possible value. The monitoring cycle that is actually set is displayed via $MN_INFO_SAFETY_CYCLE_TIME. The value for the crosswise data comparison clock cycle that is displayed via $MN_INFO_CROSSCHECK_CYCLE_TIME also changes. Note: The monitoring cycle defines the response time of the monitoring functions. It should be noted that a short monitoring cycle time increases the load on the CPU. Corresponds with ... MD 10050: $MN_SYSCLOCK_CYCLE_TIME MD 10091: $MN_INFO_SAFETY_CYCLE_TIME MD 10092: $MN_INFO_CROSSCHECK_CYCLE_TIME 10091 $MN_INFO_SAFETY_CYCLE_TIME 840D MD number Displays the monitoring cycle Default: Min. input value: Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/Unit: ms Data type: DOUBLE Applies from SW 3.4 Meaning This data displays the monitoring clock cycle time that is actually effective. For display purposes only - cannot be written into. Corresponds with ... MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO References Refer to Chapter 2, "Safety monitoring clock cycle and crosswise comparison clock cycle" 10092 $MN_INFO_CROSSCHECK_CYCLE_TIME 840D MD number Displays the crosswise comparison clock cycle Default: Min. input value: Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/Unit: ms Data type: DOUBLE Applies from SW 3.4 Meaning This data displays the effective time for one full execution of the crosswise data comparison clock cycle. For display purposes only - cannot be written into. SW 6.3.21 and higher: Maximum crosswise data comparison clock cycle in seconds. Corresponds with ... MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO References Refer to Chapter 2, "Safety monitoring cycle and crosswise data comparison clock cycle" 10093 $MN_INFO_NUM_SAFE_FILE_ACCESS 840D MD number Number of SPL file accesses Default: 0 Min. input value: Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 2/Unit: Data type: DWORD Applies from SW 4.4.18 Meaning Display data: NCK-SPL file /_N_CST_DIR/_N_SAFE_SPF has been accessed n-times in the protected state. This MD is only used for service purposes. The value of the MD can only be 0 or 1. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-209 4 Data Descriptions 4.1 Machine data 11.03 10094 $MN_SAFE_ALARM_SUPPRESS_LEVEL 840D MD number "Safety Integrated" alarm suppression level Default: 2 Min. input value: 0 Max. input value: 13 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: BYTE Applies from SW 6 Meaning The monitoring channels NCK and 611 digital display alarms with the same significance in several situations. In order to reduce the size of the alarm image, this MD is used to specify whether safety alarms with the same significance are to be suppressed. The two-channel stop response is not influenced by this setting. 0 = Alarms triggered in two channels are displayed to the full extent - Two-channel display of all axial safety alarms - Alarm 27001, error code 0 is displayed - The Alarms 27090, 27091, 27092, 27093 and 27095 are displayed a multiple number of times using 2 channels 1 = Alarms with the same meaning are only displayed once. The following alarms are affected: 27010 = 300907 27011 = 300914 27012 = 300915 27013 = 300906 27020 = 300910 27021 = 300909 27022 = 300908 27023 = 300901 27024 = 300900 With these alarms, only one of the specified Alarms (270xx or 300xxx) is initiated. The alarm of the monitoring channel that then subsequently initiates the alarm with the same significance, is no longer displayed. Furthermore, Alarm 27001 with error code 0 is suppressed. This alarm occurs as a result of drive Alarm 300911. In this particular case, drive machine data 1391, 1392, 193, 1394 provide information regarding the cause of the error. 2 = Default Going beyond the functionality with MD value=1, the alarms from the SPL processing (27090, 27091, 27092, 27093 and 27095) are only displayed through one channel and only once. This machine data must be set to 0 to generate an acceptance report. This allows the system to document all of the alarms that have been initiated. 3 = Axial Alarms 27000 and 300950 are replaced by Alarm message 27100 for all axes/drives. 12 = Going beyond the functionality with MD value = 2, the alarms are assigned priorities. What appears to be apparent follow-on alarms are no longer displayed or are automatically cleared from the display. The following alarms may be affected: 27001, 27004, 27020, 27021, 27022, 27023, 27024, 27091, 27101, 27102, 27103, 27104, 27105, 27106, 27107 13 = Going beyond the functionality with MD value = 3, the alarms are assigned priorities as for MD value 12. This machine data must be set to 0 to generate an acceptance report. This allows the system to document all of the alarms that have been initiated. Corresponds with ... References 4-210 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 10095 $MN_SAFE_MODE_MASK 840D MD number Safety Integrated modes Default: 0 Min. input value: 0 Max. input value: 0x0001 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 5.3 Meaning Bit 0=0 $A_INSE[1...64] Default setting "0" Bit 0=1 $A_INSE[1...64] Default setting "1" (Compatibility mode for older PLC SW versions) These functions are only supported by the NCK in one channel. This data is not included in the axial MD checksum SAFE_ACT_CHECKSUM. Corresponds with ... References 10096 MD number Default: 1 $MN_SAFE_DIAGNOSIS_MASK Safety Integrated diagnostic functions Min. input value: 0 Change becomes effective after POWER ON: Data type: DWORD Meaning 840D Max. input value: 0x0001 Protection level (R/W) 7/2 Unit: - Applies from SW 5.3 Bit 0=0 SGE differences between NCK and 611D digital monitoring channels are not displayed Bit 0=1 SGE differences between NCK and 611D digital monitoring channels are displayed Differences between the following SGEs are detected (the listed bit numbers refer to the axial mapping of the SGEs, these correspond to the following VDI-interface assignment: Bit 0: SBH/SG de-selection = DB3<x>.DBX22.0 Bit 1: SBH de-selection = DB3<x>.DBX22.1 Bit 3: SG selection, bit 0 = DB3<x>.DBX22.3 Bit 4: SG selection, bit 1 = DB3<x>.DBX22.4 (from SW 6) Bit 12: SE selection = DB3<x>.DBX23.4 Bit 28: SG correction, bit 0 = DB3<x>.DBX33.4 Bit 29: SG correction, bit 1 = DB3<x>.DBX33.5 Bit 30: SG correction, bit 2 = DB3<x>.DBX33.6 Bit 31: SG correction, bit 3 = DB3<x>.DBX33.7 <x> is the axis number The differences are indicated via Alarm 27004. Corresponds with ... References 10097 $MN_SAFE_SPL_STOP_MODE 840D MD number Stop response for SPL errors Default: 3 Min. input value: 3 Max. input value: 4 Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit Data type: BYTE Applies from SW 6.3 Meaning Selects the stop response when errors are detected in the crosswise data comparison of NCK and PLC-SPL 3: Stop D 4 Stop E When the value 4 is entered in this MD (Stop E) without enabling the external Stop E in all axes with SI function enable signals ($MA_SAFE_FUNCTION_ENABLE not equal to 0) results in Alarm 27033, "Axis %1 Invalid parameterization of MD MN_SAFE_SPL_STOP_MODE". To remedy this, either parameterize Stop D or set bit 4 and bit 6 in $MA_SAFE_FUNCTION_ENABLE for all of the axes involved. This machine data is incorporated in the checksum for safety-relevant machine data ($MA_SAFE_ACT_CHECKSUM, $MA_SAFE_DES_CHECKSUM) If this MD is set to 4, then DBX36.1 in DB18 must also be set to signal the PLC about this parameterization. For a different parameter assignment, Alarm 27090 is output, "Error for crosswise data comparison NCK-PLC". (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-211 4 Data Descriptions 4.1 Machine data 11.03 10098 $MN_PROFISAFE_IPO_TIME_RATIO 840D MD number Factor for PROFIsafe communications cycle Default: 1 Min. input value: 1 Max. input value: 25 Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning Relationship between the interpolator clock cycle and the clock cycle in the communications with PROFIsafe I/Os modules. In the resulting time grid, OB40 on the PLC side is initiated from the NCK side to enable communication between F master and F slaves. The value obtained for the communication clock cycle from this MD and the set IPO cycle must not be greater than 25 ms. Special cases, errors Corresponds with ... 10099 $MN_INFO_PROFISAFE_CYCLE_TIME 840D MD number PROFIsafe communications clock cycle Default: 0.000 Min. input value: Max. input value: Changes effective after POWER ON Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 6.3 Meaning Shows the time grid for communications between F master and F slaves. The value is obtained from the interpolator clock cycle and MD $MN_PROFISAFE_IPO_TIME_RATIO. For display purposes only - cannot be written into. Special cases, errors Corresponds with ... 10385 $MN_PROFISAFE_MASTER_ADDRESS 840D MD number PROFIsafe address of F master Default: 0 Min. input value: 0 Max. input value: 50FA7DH Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning Defines the PROFIsafe address for the F master NCK/PLC. Used to uniquely assign an F master to an F slave. This parameter must be entered in accordance with the "F_Source_Address" parameter set in S7-ES for the F slaves. An attempt to establish communications is only made for F slaves where this address has been entered. Special cases, errors Corresponds with ... 10386 $MN_PROFISAFE_IN_ADDRESS MD number PROFIsafe address of an input module Default: 0 Min. input value: 0 Max. input value: 5003FFH Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning Defines the PROFIsafe address of a PROFIsafe input module Special cases, errors Corresponds with ... 840D 10387 $MN_PROFISAFE_OUT_ADDRESS MD number PROFIsafe address of an output module Default: 0 Min. input value: 0 Max. input value: 5003FFH Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning Defines the PROFIsafe address of a PROFIsafe module Special cases, errors Corresponds with ... 840D 4-212 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 10388 MD number $MN_PROFISAFE_IN_ASSIGN 840D Assignment between external SPL interface $A_INSE and PROFIsafe input module Default: 0 Min. input value: 0 Max. input value: 64064 Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning The three lower positions indicate the least significant $A_INSE variables to be supplied. The three upper positions indicate the most significant $A_INSE variables to be supplied. Example: PROFISAFE_IN_ASSIGN[0] = 4001: The system variables $A_INSE[1...4] are supplied with the state of the input terminals of the PROFIsafe module defined in MD PROFISAFE_IN_ADDRESS[0]. Special cases, errors Corresponds with ... 10389 MD number $MN_PROFISAFE_OUT_ASSIGN 840D Assignment between external SPL interface $A_INSE and PROFIsafe output module Default: 0 Min. input value: 0 Max. input value: 64064 Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning The three lower positions indicate the least significant $A_OUTSE variables to be supplied. The three upper positions indicate the most significant $A_OUTSE variables to be supplied. Example: PROFISAFE_IN_ASSIGN[0] = 4001: The system variables $A_OUTSE[1...4] are supplied at the output terminals of the PROFIsafe module defined in MD PROFISAFE_OUT_ADDRESS[0]. Special cases, errors Corresponds with ... The following machine data $MN_INFO_PROFISAFE_CYCLE_TIME $MN_PROFISAFE_MASTER_ADDRESS $MN_PROFISAFE_IN_ADDRESS $MN_PROFISAFE_OUT_ADDRESS $MN_PROFISAFE_IN_ASSIGN $MN_PROFISAFE_OUT_ASSIGN are included in the axial checksum machine data $MA_SAFE_ACT_CHECKSUM. This means that, they are protected against modification. Changes can only be confirmed and activated by pressing "Confirm SI data" softkey. Changes to the machine data and resulting axial checksums are displayed via Alarm 27032, "Axis %1 Checksum error for safe monitoring. Acknowledgement and acceptance test necessary!". (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-213 4 Data Descriptions 4.1 Machine data 11.03 10390 $MN_SAFE_IN_HW_ASSIGN[n]: 0...7 840D MD number Input assignment ext. SPL interface Default: 0 Min. input value: 0 Max. input value: 01 1E 08 02 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 4.4.18 Meaning One input byte of the NCK I/Os can be assigned bytewise (byte-serial) to the system variables $A_INSE[x] using this machine data. n =0 =1 =2 =3 =4 =5 =6 =7 Corresponds with ... References System variables $A_INSE[1..8] $A_INSE[9..16] $A_INSE[17..24] $A_INSE[25...32] $A_INSE[33...40] $A_INSE[41...48] $A_INSE[49...56] $A_INSE[57...64] Comment Assignment for 1st byte Assignment for 2nd byte Assignment for 3rd byte Assignment for 4th byte Assignment for 5th byte Assignment for 6th byte Assignment for 7th byte Assignment for 8th byte Structure: refer to MD 10366: $MN_HW_ASSIGN_DIG_FASTIN. In this case, the restriction applies that an I/O module must addressed via the MD. An assignment to another system variable is not possible. MD 10392: $MN_SAFE_OUT_HW_ASSIGN Refer to Chapter 3, "Safe programmable logic (SPL)" 10392 $MN_SAFE_OUT_HW_ASSIGN[n]: 0...7 840D MD number Output assignment ext. SPL interface Default: 0 Min. input value: 0 Max. input value: 01 1E 08 02 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 4.4.18 Meaning One output byte of the NCK I/Os can be assigned bytewise (byte-serial) to the system variables $A_OUTSE[x] using this machine data. n =0 =1 =2 =3 =4 =5 =6 =7 Corresponds with ... References System variables $A_OUTSE[1..8] $A_OUTSE[9..16] $A_OUTSE[17..24] $A_OUTSE[25...32] $A_OUTSE[33...40] $A_OUTSE[41...48] $A_OUTSE[49...56] $A_OUTSE[57...64] Comment Assignment for 1st byte Assignment for 2nd byte Assignment for 3rd byte Assignment for 4th byte Assignment for 5th byte Assignment for 6th byte Assignment for 7th byte Assignment for 8th byte Structure: refer to MD 10364: $MN_HW_ASSIGN_DIG_FASTOUT. In this case, the restriction applies that an I/O module must addressed via the MD. An assignment to another system variable is not possible. MD 10390: $MN_SAFE_IN_HW_ASSIGN Refer to Chapter 3, "Safe programmable logic (SPL)" Assigning local inputs on the NCU to the SPL interface (from SW 6.3.21): * Parameterization for s = 0 for SPL SGEs/SGAs: i =0H fixed mm =00H fixed xx =00H fixed nn =01H - 0FH Screen form for the digital I/O used for Safety Inputs/outputs Setting the value "nn" can be used to define which of the available four digital I/Os are to be used for the SPL SGEs/SGAs: 4-214 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data Examples nn = 01H: only map input/output 1 in $A_INSE/$A_OUTSE nn = 05H: only map inputs/outputs 1 and 3 in $A_INSE/$A_OUTSE nn = 0FH: map all inputs/outputs in $A_INSE/$A_OUTSE This parameterization allows selective digital I/Os to be reserved for SI and, at the same time, the other I/Os to be used for other functions. A single output bit is connected to a terminal with each entry. The structure is the same as $MN_HW_ASSIGN_ANA_FASTOUT[n]. 20108 $MC_PROG_EVENT_MASK 840D MD number Event-controlled program call Default: (0x0, 0x0, 0x0,...) Min. input value: 0 Max. input value: 0xF Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.1 Meaning Parameterizes the event where the user program, set with $MN_PROG_EVENT_NAME (default: _N_PROG_EVENT_SPF) is implicitly called: Bit 0=1: Part program start Bit 1 = 1: Part program end Bit 2 = 1: Operator panel reset Bit 3 = 1: Run-up The user program is called using the following search path: 1. /_N_CUS_DIR/_NPROG_EVENT_SPF 2. /_N_CMA_DIR/_NPROG_EVENT_SPF 3. /_N_CST_DIR/_NPROG_EVENT_SPF Corresponds with ... References (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-215 4 Data Descriptions 4.1 Machine data 11.03 36901 MD number Default: 0 $MA_SAFE_FUNCTION_ENABLE Enable safety-related functions Min. input value: 0 High byte Bit 15 Bit 14 Bit 13 Enable safe cams SN4 SN4 + SN3 Bit7 Bit6 Bit5 Enable (from SW4.2) 840D Max. input value: FF 03, FF E3 (from SW4.2) Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Hexadecimal Data type: DWORD Applies from SW 3.4 Meaning The functions for safe operation can be enabled for one axis/spindle with this data. It is only possible to enable - on an axis-specific basis - as many axes/spindles for safe operation as have been enabled by the global option. If one of the bits from bit 1 is set, then bit 0 must also be set. This is because for a STOP C, D, E the control switches into the safe operating stop. This condition is checked (if there is an error, configuration Alarm 27033 is output). The more partial functions that are set, then the more computing time the safe functions require. Low byte Special cases, errors Corresponds with ... References 4-216 Bit 12 Bit 11 Bit 19 Bit 9 Bit 8 SN3 + Bit4 SW 6.3 SN2 SN2 + SN1 SN1 + Bit 3 Bit 2 Bit 1 Bit 0 From Reserve Enable SW 5.2 d 0 SE SBH/ Cam External Override Enable Enable SG synchron STOPs for external act. ization safelyESR value reduced activatio synchr. speed n 2nd encoder system If bit 1 or a higher bit is set, then bit 0 must also be set since the control system switches to a safe operational stop in response to STOP C, D or E (a configuration alarm is output if an error is detected). If an insufficient number of axes/spindles have been enabled for safe operation using the global option, then this data may be overwritten with the value 0000 during run-up Global option Refer to Chapter 2, "Enabling safety-related functions" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36902 $MA_SAFE_IS_ROT_AX 840D MD number Rotary axis Default: 0 Min. input value: 0 Max. input value: 1 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: BOOLEAN Applies from SW 3.4 Meaning Data specifies whether the axis for safe operation is a rotary axis/spindle or linear axis. = 0: Linear axis = 1: Rotary axis/spindle The value set in this MD must be the same as the value set in MD: $MA_IS_ROT_AX. A parameterization error is displayed if they are not identical. Corresponds with ... MD 30300: $MA_IS_ROT_AX 36905 $MA_SAFE_MODULO_RANGE 840D MD number Modulo value for SN Default: 0.0 Min. input value: 0.0 Max. input value: 737280.0 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Degrees Data type: DOUBLE Applies from SW 4.2 Meaning Actual value range within which safe cams for rotary axes are calculated. The axis must be a rotary axis ($MA_/$MD_SAFE_IS_ROT_AX = 1). Value = 0: Modulo override after +/- 2048 revolutions (i.e. after 737 280 degrees) Setting > 0 and multiples of 360 degrees: Modulo override after this setting (e.g. setting = 360 the actual value range is between 0 and 359.999 degrees, i.e. a modulo override is carried-out after every revolution. Special cases, errors * If the value set in this data is not 0 or a multiple of 360 degrees, then an appropriate alarm is output during run-up. * The cam positions are also checked with respect to the parameterized actual value range during run-up. An appropriate alarm is output if parameterization errors are detected. * Actual value ranges set in $MA_SAFE_MODULO_RANGE and $MA_MODULO_RANGE must be a multiple integer. Corresponds with ... MD 1305: $MD_SAFE_MODULO_RANGE MD 30330: $MA_MODULO_RANGE MD 36935/1336: $MA_/$MD_SAFE_CAM_POS_PLUS[n] MD 36937/1337: $MA_/$MD_SAFE_CAM_POS_MINUS[n] 36910 $MA_SAFE_ENC_SEGMENT_NR MD number Actual value assignment: Drive type Default: 1 Min. input value: 0 Max. input value: 1 Change becomes effective after POWER ON: Protection level (R/W) 0/0 Unit: Data type: BYTE Applies from SW 3.4 Meaning Number of the bus segment via which the encoder is addressed. =1: Drive bus of SIMODRIVE 611 digital (always used) 840D 36911 $MA_SAFE_ENC_MODULE_NR 840D MD number Actual value assignment: Drive number/measuring circuit number Default: 1 Min. input value: 1 Max. input value: NCU 572: 31 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: BYTE Applies from SW 3.4 Meaning Module No. within a segment via which the SI encoder is addressed. The logical drive number of the drive assigned to the axis via $MN_DRIVE_LOGIC_NR must be entered here. For standard applications with a 2-encoder system, the encoder for Safety Integrated is connected to the second encoder connection (lower input) of the same drive module. Special cases, errors Any actual value input in the 611 digital group can be used for the second encoder as the measuring system on the NC side. Corresponds with ... MD 36910: $MA_SAFE_ENC_SEGMENT_NR MD 36912: $MA_SAFE_ENC_INPUT_NR MD 36010: $MN_DRIVE_LOGIC_NR MD 30220: $MA_ENC_MODULE_NR (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-217 4 Data Descriptions 4.1 Machine data 11.03 36912 $MA_SAFE_ENC_INPUT_NR 840D MD number Actual value assignment: Input to drive module/measuring circuit board Default: 1 Min. input value: 1 Max. input value: 2 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: BYTE Applies from SW 3.4 Meaning Number of the actual value input of a module via which the SI encoder is addressed. = 1: SI encoder is connected to the upper input (motor encoder) = 2: SI encoder is connected to the lower input (2nd encoder) For standard applications with a 2-encoder system, the encoder for Safety Integrated is connected to the second encoder connection (lower input) of the same drive module. Special cases, errors Any actual value input in the 611 digital group can be used for the second encoder as the measuring system on the NC side. Corresponds with ... MD 36911: $MA_SAFE_ENC_MODULE_NR MD 30230: $MA_ENC_INPUT_NR 36915 $MA_SAFE_ENC_TYPE 840D MD number Encoder type Default: 0 Min. input value: 0 Max. input value: 4 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: BYTE Applies from SW 3.4 Meaning The type of SI encoder connected is specified here. = 0: Reserved = 1: Raw signal encoder (1V peak-to-peak) = 4: Absolute encoder with EnDat interface Special cases, errors * The value is coded in the same way as in data $MA_ENC_TYPE. * Only the value 1 or 4 is permitted. * An incorrect configuration (e.g. entry of values 0, 2, 3 or 5) is flagged with Alarm 27033. Corresponds with ... MD 30240: $MA_ENC_TYPE 36916 $MA_SAFE_ENC_IS_LINEAR 840D MD number Linear scale Default: 0 Min. input value: 0 Max. input value: 1 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: BOOLEAN Applies from SW 3.4 Meaning This is used to specify whether the connected encoder is a rotary or a linear encoder. = 0: Rotary encoder is connected $MA_SAFE_ENC_RESOL is used to specify its resolution and convert it to the load side using $MA_SAFE_ENC_GEAR_PITCH, $MA_SAFE_ENC_GEAR_DENOM[n] and $MA_SAFE_ENC_GEAR_NUMERA[n]. MD: $MA_SAFE_ENC_GRID_POINT_DIST has not significance. = 1: Linear encoder is connected Its resolution is defined in $MA_SAFE_ENC_GRID_POINT_DIST. The MDs: $MA_SAFE_ENC_RESOL, $MA_SAFE_ENC_GEAR_PITCH, $MA_SAFE_ENC_GEAR_DENOM[n] and $MA_SAFE_ENC_GEAR_NUMERA[n] have no significance. Corresponds with ... For 0: $MA_SAFE_ENC_RESOL $MA_SAFE_ENC_GEAR_PITCH $MA_SAFE_ENC_GEAR_DENOM[n] $MA_SAFE_ENC_GEAR_NUMERA[n] For 1: $MA_SAFE_ENC_GRID_POINT_DIST 36917 $MA_SAFE_ENC_GRID_POINT_DIST MD number Linear scale grid spacing Default: 0.01 Min. input value: 0.000 01 Max. input value: 8 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm Data type: DOUBLE Applies from SW 3.4 Meaning The grid spacing of the linear scale used is specified here. MD irrelevant for .... A rotary encoder 4-218 840D (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36918 $MA_SAFE_ENC_RESOL MD number Encoder pulses per revolution Default: 2 048 Min. input value: 1 Max. input value: 100 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning The number of pulses per revolution for a rotary encoder is specified here. MD irrelevant for .... a linear encoder 840D 36920 $MA_SAFE_ENC_GEAR_PITCH 840D MD number Spindle pitch Default: 10 Min. input value: 0.1 Max. input value: 10 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm Data type: DOUBLE Applies from SW 3.4 Meaning Gear ratio of gearbox between encoder and load for a linear axis with rotary encoder. MD irrelevant for .... a linear encoder 36921 $MA_SAFE_ENC_GEAR_DENOM[n] 840D MD number Denominator of encoder/load gear Default: 1 Min. input value: 1 Max. input value: 2 147 000 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning Denominator of the gearbox between encoder and load, i.e. the denominator of the fraction No. of encoder revolutions / No. of load revolutions n = 0, 1, ... ,7 stands for gear stage 1, 2, ... 8 The current value is selected via safety-relevant input signals (SGEs). Corresponds with ... MD 36922: $MA_SAFE_ENC_GEAR_NUMERA[n] MD irrelevant for .... a linear encoder 36922 $MA_SAFE_ENC_GEAR_NUMERA[n] 840D MD number Numerator of encoder/load gear Default: 1 Min. input value: 1 Max. input value: 2 147 000 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning Numerator of the gearbox between encoder and load, i.e. the numerator of the fraction No. of encoder revolutions / No. of load revolutions n = 0, 1, ... 7 stands for gear stage 1, 2, ... 8 The current value is selected via safety-relevant input signals (SGEs). Corresponds with ... MD 36921: $MA_SAFE_ENC_GEAR_DENOM[n] MD irrelevant for .... a linear encoder 36925 $MA_SAFE_ENC_POLARITY MD number Direction reversal actual value Default: 1 Min. input value: -1 Max. input value: 1 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning A direction reversal of the actual value can be selected using this data. = -1: Direction reversed = 0 or = 1: Direction not reversed (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 840D 4-219 4 Data Descriptions 4.1 Machine data 11.03 36926 $MA_SAFE_ENC_FREQ_LIMIT 840D MD number Encoder frequency for safe operation Default: 300000 Min. input value: 300000 Max. input value: 420000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: freq. Data type: DWORD Applies from SW 6.3 Meaning Encoder frequency above which amplitude monitoring is disabled. A speed corresponding to this frequency may not be exceeded in safe operation. If the encoder frequency is exceeded in safe operation (SBH or SG), the stop response parameterized for the active monitoring function is triggered. For Performance-2 control modules, High Standard and High Performance, this frequency can be set higher than 300 kHz. Parameterization errors are flagged with Alarm 27033. 36930 $MA_SAFE_STANDSTILL_TOL 840D MD number Standstill tolerance Default: 1 mm Min. input value: 0 Max. input value: 100 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning The tolerance for the safe operating stop is set in this data. If the difference between the position reference value and position actual value is greater than the tolerance set here when safe operating stop is selected, then the control system activates Alarm 27010 with STOP A or B. Corresponds with ... MD 36956: $MA_SAFE_PULSE_DISABLE_DELAY 36931 $MA_SAFE_VELO_LIMIT[n] 840D MD number Limit value for safely-reduced speed Default: 2 000 mm/min Min. input value: 0 Max. input value: * Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min inch/min, rev./min Data type: DOUBLE Applies from SW 3.4 Meaning The limit values for safely-reduced speeds 1, 2, 3 and 4 are set in this data. When SG1, SG2, SG3 or SG4 is selected and the current speed exceeds the limit set here, then the control system activates Alarm 27011 with the stop response configured in $MA_SAFE_VELO_STOP_MODE. n = 0, 1, 2, 3 stand for limit value of SG1, SG2, SG3, SG4 Special cases, errors With active SBH/SG and a 1-encoder system, the speed is monitored on the basis of an encoder limit frequency of 200kHz (300 kHz from SW 4.2). An appropriate alarm is output when the limit is exceeded. Corresponds with ... MD 36961: $MA_SAFE_VELO_STOP_MODE 36932 $MA_SAFE_VELO_OVR_FACTOR[n] 840D MD number Override factor for SG Default: 100 Min. input value: 1 Max. input value: 100 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: % Data type: DWORD Applies from SW 4.2 Meaning Using SGEs it is possible to select overrides for safely-reduced speeds 2 and 4 and to set the associated override value (percentage) in this machine data. n = 0, 1, ... , 15 stand for overrides 0, 1, ... 15 Application $MA_SAFE_VELO_OVR_FACTOR[0]=30 (Override 0) $MA_SAFE_VELO_OVR_FACTOR[1]=50 (Override 1) $MA_SAFE_VELO_OVR_FACTOR[2]=80 (Override 2) $MA_SAFE_VELO_OVR_FACTOR[3]=100 (Override 3) Depending on whether override 0, 1, 2 or 3 is selected, safely-reduced speeds 2 and 4 are monitored for 30, 50, 80 or 100% of the set limit value. Special cases, errors * The "Override for safely-reduced speed" function is enabled via MD 36901 (MD 1301): * This override is not applied to the limit values for safely-reduced speeds 1 and 3. Corresponds with ... MD 36978: $MA_SAFE_OVR_INPUT[n] MD 36931: $MA_SAFE_VELO_LIMIT[n] References Refer to Chapter 3, "Override for safely-reduced speed" 4-220 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36933 $MA_SAFE_DES_VELO_LIMIT 840D MD number Evaluation factor to limit the speed setpoint Default: 0 Min. input value: 0 Max. input value: 100 Change effective after RESET Protection level (R/W) 7/2 Unit: % Data type: DWORD Applies from SW 5.2 Meaning Evaluation factor to define the setpoint limit from the actual speed limit. The active SG limit value is evaluated with this factor and specified to the interpolator as the setpoint limit. Setpoint 0 is specified when SBH is selected. If 100% is entered, the setpoint is limited to the active SG stage. If 0% is entered, the speed setpoint limit is not active. Corresponds with ... Special cases, errors This MD may have to be altered several times before an optimum setting for the dynamic response of the drives is found. To prevent this procedure from being unnecessarily awkward, "reset" has been defined as the activation criterion. This data is not included in the crosswise data comparison with the drive. This data is not included in the axial checksum $MA_SAFE_ACT_CHECKSUM, as it is a single-channel function. References Refer to Chapter 3.5.2, "Limiting the speed setpoint" 36934 $MA_SAFE_POS_LIMIT_PLUS[n] 840D MD number Upper limit value for safe end position Default: 100 000 mm Min. input value: -2 147 000 Max. input value: 2 147 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning The upper limit value for safe end positions 1 and 2 is specified here. If SE1 or SE2 is selected and the actual position exceeds the limit set in this data, the control system activates Alarm 27012 with the stop response configured in $MA_SAFE_POS_STOP_MODE and changes over to the SBH mode. A violation of the SBH tolerance window initiates stop response STOP B and A. n = 0, 1 stands for upper limit value of SE1, SE2 Corresponds with ... MD 36962: $MA_SAFE_POS_STOP_MODE MD 36935: $MA_SAFE_POS_LIMIT_MINUS[n] MD 36901: $MA_SAFE_FUNCTION_ENABLE Special cases, errors If a lower or identical value is entered in MD: $MD_SAFE_POS_LIMIT_PLUS[n] than in MD: $MA_SAFE_POS_LIMIT_MINUS[n], then a parameterizing error is displayed. 36935 $MA_SAFE_POS_LIMIT_MINUS[n] 840D MD number Lower limit value for safe end position Default: -100 000 mm Min. input value: -2 147 000 Max. input value: 2 147 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning The lower limit value for safe end positions 1 and 2 is specified here. If SE1 or SE2 is selected and the actual position drops below the limit set in this data, the control system activates Alarm 27012 with the stop response configured in $MA_SAFE_POS_STOP_MODE and changes over to the SBH mode. A violation of the SBH tolerance window initiates stop response STOP B and A. n = 0, 1 stands for lower limit value of SE1, SE2 Corresponds with ... MD 36962: $MA_SAFE_POS_STOP_MODE MD 36934: $MA_SAFE_POS_LIMIT_PLUS[n] MD 36901: $MA_SAFE_FUNCTION_ENABLE Special cases, errors If a lower or identical value is entered in MD: $MD_SAFE_POS_LIMIT_PLUS[n] than in MD: $MA_SAFE_POS_LIMIT_MINUS[n], then a parameterizing error is displayed. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-221 4 Data Descriptions 4.1 Machine data 11.03 36936 $MA_SAFE_CAM_POS_PLUS[n] 840D MD number Plus cam position for safe cams Default: 10 mm Min. input value: -2 147 000 Max. input value: 2 147 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning The plus cam position for safe cams SN1 +, SN2 +, SN3 + and SN4 + is specified in this data. If the actual position is the value set here when the safe cam function is active, then the appropriate safety-relevant output signal (SGA) is set to 0 and to 1 if the actual position is > this value. (Observe the hysteresis for cam synchronization) n = 0, 1, 2, 3 stands for plus cam position of SN1+, SN2+, SN3+, SN4+ Corresponds with ... MD 36988: $MA_SAFE_CAM_PLUS_OUTPUT[n] MD 36901: $MA_SAFE_FUNCTION_ENABLE 36937 $MA_SAFE_CAM_POS_MINUS[n] 840D MD number Minus cam position for safe cams Default: -10 mm Min. input value: -2 147 000 Max. input value: 2 147 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning The minus cam position for safe cams SN1-, SN2-, SN3- and SN4-. If the actual position is the value set here when the safe cam function is active, then the appropriate safety-relevant output signal (SGA) is set to 0 and to 1 if the actual position is > this value. (Observe the hysteresis for cam synchronization) n = 0, 1, 2, 3 stands for minus cam position of SN1-, SN2-, SN3-, SN4Corresponds with ... MD 36989: $MA_SAFE_CAM_MINUS_OUTPUT[n] MD 36901: $MA_SAFE_FUNCTION_ENABLE 36940 $MA_SAFE_CAM_TOL 840D MD number Tolerance for safe cams Default: 0.1 mm Min. input value: 0.001 Max. input value: 10 mm Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning Due to the different mounting locations of the encoders and variations in clock cycle and signal transit times, the cam signals of the two monitoring channels never switch at exactly the same position and never simultaneously. This data specifies the tolerance for all cams as a load-side distance. The monitoring channels may have different signal states for the same cam within this tolerance band without generating Alarm 27001. Special cases, errors Recommendation: Enter an identical or slightly higher value than that set in MD 36942. 36942 MD number Default: 0.1 mm $MA_SAFE_POS_TOL Actual value comparison tolerance (crosswise) Min. input value: 0.001 840D Max. input value: 10 mm or 360 degrees Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning Due to the fact that encoders are not mounted in identical locations and the effects of backlash, torsion, leadscrew errors, etc., the actual positions sensed simultaneously by the NCK and drive may differ. The tolerance band for the crosswise comparison of the actual position in the two monitoring channels is specified in this data. Special cases, errors * "Finger protection" (about 10 mm) is the primary consideration when setting this tolerance value. * Stop response STOP F is activated when the tolerance band is violated. 4-222 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 36944 MD number Default: 0.01 mm 4 Data Descriptions 4.1 Machine data $MA_SAFE_REFP_POS_TOL Actual value comparison tolerance (referencing) Min. input value: 0 840D Max. input value: 1 mm or 36 degrees Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees Data type: DOUBLE Applies from SW 3.4 Meaning The tolerance for the actual value check after referencing (with an incremental encoder) or at POWER ON (with an absolute encoder) is set in this data. A second absolute actual position is calculated from the last standstill position that was saved prior to control power off and the distance traversed since POWER ON. The control system checks the actual values after referencing on the basis of the two actual positions, the traversed distance and this data. The following factors must be taken into consideration when calculating tolerance values: Backlash, leadscrew errors, compensation (max. compensation values for LEC, sag and temperature compensation), temperature errors, torsion (2-encoder system), gear play for selector gearboxes, lower resolution (2-encoder system), oscillating distance for selector gearboxes. Special cases, errors If these two actual positions deviate from one another by more than the value set in this data with valid user agreement, then Alarm 27001 is displayed with error code 1003 and a new user agreement is required for referencing. 36946 $MA_SAFE_VELO_X MD number Speed limit nx Default: 20.0 Min. input value: 0.0 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Data type: DOUBLE Meaning Corresponds with ... References 840D Max. input value: 1 000.0 Unit: mm/min inch/min, rev./min Applies from SW 4.2 This data defines limit speed nx for SGA "n < nx". MD 1346: $MD_SAFE_VELO_X Refer to Chapter 3, "SGA "n < nx" and "SG active"" 36948 $MA_SAFE_STOP_VELO_TOL 840D MD number Actual speed tolerance for SBR Default: 300.0 Min. input value: 0.0 Max. input value: 20 000.0 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min inch/min, rev./min Data type: DOUBLE Applies from SW 4.2 Meaning After the safe braking ramp has been activated, the actual speed plus the speed tolerance set in this machine data are applied as a speed limit. Corresponds with ... MD 1348: $MD_SAFE_STOP_VELO_TOL References Refer to Chapter 2, "Safe braking ramp (SBR)" (a recommended setting and setting formula are specified in this Chapter). 36949 $MA_SAFE_SLIP_VELO_TOL 840D MD number Speed tolerance slip Default: 6.0 Min. input value: 0.0 Max. input value: 1000.0 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min inch/min, rev./min Data type: DOUBLE Applies from SW 5.2 Meaning Speed difference that, for a 2-encoder system is tolerated between the drive and and load sides without the crosswise data comparison between SIMODRIVE 611digital and NCK signaling an error. MD 36949 is only evaluated if MD $MA_SAFE_FUNCTION_ENABLE, bit 3 is set. Corresponds with ... MD 1349: $MD_SAFE_SLIP_VELO_TOL References Refer to Chapter 3.11.4, Actual value synchronization (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-223 4 Data Descriptions 4.1 Machine data 11.03 36950 $MA_SAFE_MODE_SWITCH_TIME 840D MD number Tolerance time for SGE changeover Default: 0.5 Min. input value: 0 Max. input value: 10 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 3.4 Meaning SGE changeovers do not take effect simultaneously owing to variations in run times for SGE transmission in the two monitoring channels. A crosswise data comparison would output an error message in this case. This data is used to specify the period of time after SGE changeover during which no crosswise comparison of actual values and monitoring results is carried out (machine data is still compared!). The selected monitoring functions continue to operate unhindered in both monitoring channels. A safe function is immediately activated in a monitoring channel if selection or changeover is detected in this channel. The different run times are mainly determined by the PLC cycle time. Special cases, errors System-dependent minimum tolerance time: 2 x PLC cycle time (maximum cycle) + 1 x IPO cycle time The variations in run times in the external circuitry (e.g. relay operating times) must also be taken into account. References Refer to Chapter 3, "Safety-relevant input/output signals (SGE/SGA)" 36951 $MA_SAFE_VELO_SWITCH_DELAY 840D MD number Delay time speed changeover Default: 0.1 Min. input value: 0 Max. input value: 10 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 3.4 Meaning A timer with the value in this data is started when changing from a high to a lower safelyreduced speed or when a safe operating stop is selected when the safely-reduced speed function is active. While the timer is running, the speed continues to be monitored for the last selected speed limit value. During this period, the axis/spindle can be braked, for example, via the PLC user program without the monitoring function signaling an error and initiating a stop response. Examples: 1. The timer is interrupted as soon as a higher or identical SG limit (i.e. to that which was previously active) is selected. 2. The timer is interrupted if "non-safe operation" (=NSB SGE "de-select SBH/SG=1) is selected. 3. The timer is retriggered (restarted) if an SG limit lower than the one previously active is selected or SBH is selected while the timer is running. 36952 $MA_SAFE_STOP_SWITCH_TIME_C 840D MD number Transition time, STOP C to safe operating stop Default: 0.1 Min. input value: 0 Max. input value: 10 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 3.4 Meaning This data defines the time period between the initiation of a STOP C and the activation of the safe operating stop function. Once the time has expired, the drive is monitored for safe operating stop. If the axis/spindle has still not been stopped, STOP B/A is initiated. 36953 $MA_SAFE_STOP_SWITCH_TIME_D 840D MD number Transition time, STOP D to safe operating stop Default: 0.1 Min. input value: 0 Max. input value: 60 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 3.4 Meaning This data defines the time period between the initiation of a STOP D and the activation of the safe operating stop function. Once the time has expired, the drive is monitored for safe operating stop. If the axis/spindle has still not been stopped, STOP B/A is initiated. 4-224 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36954 $MA_SAFE_STOP_SWITCH_TIME_E MD number Transition time STOP E to safe standstill Default: 0.1 Min. input value: 0 Max. input value: 60 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DOUBLE Applies from SW 6.4.15 Meaning Time after which a changeover is made from Stop E to a safe operating stop. Special cases, errors Corresponds with ... 840D 36955 $MA_SAFE_STOP_SWITCH_TIME_F 840D MD number Delay time STOP F to STOP B Default: 0 Min. input value: 0 Max. input value: 60 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: Applies from SW 6.4.09 Meaning Time after which, for a STOP F with active monitoring functions, a change is made to STOP B. The changeover is also made if a STOP C/D/E occurs during this time, Special cases, errors Corresponds with ... 36956 $MA_SAFE_PULSE_DISABLE_DELAY 840D MD number Delay time pulse cancellation Default: 0.1 Min. input value: 0 Max. input value: 10 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 3.4 Meaning For a STOP B, the axis is braked along the current limit with speed setpoint 0. After the delay time defined in this data, the braking mode changes to STOP A for pulse cancellation. Special cases, errors The pulses are cancelled earlier than defined in this data if the condition for the pulse cancellation is present as specified in MD 36960: $MA_SAFE_STANDSTILL_VELO_TOL or MD 36620: $MA_SERVO_DISABLE_DELAY_TIME If the timer in this data is set to zero, an immediate change is made from a STOP B to a STOP A (immediate pulse cancellation). Corresponds with ... MD 36960: $MA_SAFE_STANDSTILL_VELO_TOL MD 36620: $MA_SERVO_DISABLE_DELAY_TIME MD 36060: $MA_STANDSTILL_VELO_TOL 36957 $MA_SAFE_PULSE_DIS_CHECK_TIME 840D MD number Time for testing pulse cancellation Default: 0.1 Min. input value: 0 Max. input value: 10 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 3.4 Meaning This specifies that time where after pulse cancellation has been requested the pulses must actually be cancelled. The time that elapses between setting the SGA "enable pulses" and detecting the SGE "pulses cancelled status" must not exceed the time limit set in this data. Special cases, errors If the pulses are not cancelled within this time, a STOP A response is activated. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-225 4 Data Descriptions 4.1 Machine data 11.03 36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT 840D MD number Time limit for the acceptance test duration Default: 40 Min. input value: 5 Max. input value: 100 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s Data type: DOUBLE Applies from SW 6.4 Meaning On the NCK side, a time limit can be specified for the duration of an acceptance test (there is a drive machine data MD 1358 that corresponds with this, in which the same time must be entered). If an acceptance takes longer than the time specified in MD 36958, then the NCK terminates the test. The acceptance status is set to zero on the NCK side. If the acceptance test has been reset, then on the NCK and drive sides, SI POWER ON alarms are again changed-over from being able to be acknowledged with a reset to being able to be acknowledged with a POWER ON. NCK clears Alarm 27007 and the drive, Alarm 300952. This MD is also used to limit the duration of an acceptance test SE. After the program time has expired, the acceptance test SE is interrupted and Alarm 27008 is cleared. The software end positions are then again effective the same as they are used in the machine data. Special cases, errors . 36960 $MA_SAFE_STANDSTILL_VELO_TOL 840D MD number Shutdown speed for pulse cancellation Default: 0 Min. input value: 0 Max. input value: 1 000 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min, inch/min, rpm Data type: DOUBLE Applies from SW 3.4 Meaning When the axis/spindle speed drops below this limit, it is considered to be at a "standstill". In STOP B mode, the pulses are then cancelled (through transition to STOP A). Corresponds with ... MD 36956: $MA_SAFE_PULSE_DISABLE_DELAY 36961 $MA_SAFE_VELO_STOP_MODE 840D MD number Stop response, safely reduced speed Default: 5 Min. input value: 0 Max. input value: 14 Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: Data type: BYTE Applies from SW 3.4 Meaning The ones position defines the selection of the stop responses when the safely-reduced speed is exceeded. The tens position defines the behavior when the drive bus fails if a time greater than 0 was parameterized in $MN_SAFE_PULSE_DIS_TIME_BUSFAIL. Special case: For a value of 5 in this MD, the stop response for each SG stage is selectively defined $MA_SAFE_VELO_STOP_REACTION. =0: Stop A =1: Stop B =2: Stop C =3: Stop D =4: Stop E =5: SAFE_VELO_STOP_MODE invalid, the stop response is parameterized using MD. SAFE_VELO_STOP_REACTION Stop A, in addition when the drive bus fails and the SG is active, the pulses are not immediately cancelled =11: Stop B, in addition when the drive bus fails and the SG is active, the pulses are not immediately cancelled =12: Stop C, in addition when the drive bus fails and the SG is active, the pulses are not immediately cancelled =13: Stop D, in addition when the drive bus fails and the SG is active, the pulses are not immediately cancelled =14, Stop E, in addition when the drive bus fails and the SG is active, the pulses are not immediately cancelled Special cases, errors Corresponds with ... MD 36931: $MA_SAFE_VELO_LIMIT[n] MD 36963: $MA_SAFE_VELO_STOP_REACTION[n] 4-226 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36962 $MA_SAFE_POS_STOP_MODE MD number Stop response, safe limit position Default: 2 Min. input value: 2 Max. input value: 4 Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: Data type: BYTE Applies from SW 3.4 Meaning Selects the stop response when passing the safe end stops 2: Stop C 3: Stop D 4: Stop E Corresponds with ... MD 36934: $MA_SAFE_POS_LIMIT_PLUS[n] MD 36935: $MA_SAFE_POS_LIMIT_MINUS[n] 840D 36963 840D $MA_SAFE_VELO_STOP_REACTION[n] MD number Stop response, safely reduced speed Default: 2,2,2,2 Min. input value: 0 Max. input value: 14 Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: Data type: BYTE Applies from SW 4.2 Meaning The ones position defines the SG-specific selection of the stop response when the safelyreduced speed is exceeded. The tens position defines the behavior when the drive bus fails on an SG-specific basis if a time greater than 0 was parameterized in $MN_SAFE_PULSE_DIS_TIME_BUSFAIL. 0: Stop A 1: Stop B 2: Stop C 3: Stop D 4: The tens position defines the behavior when the drive bus fails on an SGspecific basis if a time greater than 0 was parameterized in MD $MN_SAFE_PULSE_DIS_TIME_BUSFAIL. 10: Stop A, in addition, when the drive bus fails, the pulses are not immediately cancelled if this SG stage is active. 11: Stop B, in addition, when the drive bus fails, the pulses are not immediately cancelled if this SG stage is active. Stop C, in addition, when the drive bus fails, the pulses are not immediately cancelled if this SG stage is active. 13: Stop D, in addition, when the drive bus fails, the pulses are not immediately cancelled if this SG stage is active. 14: Stop E, in addition, when the drive bus fails, the pulses are not immediately cancelled if this SG stage is active. Special cases, errors This function is active only when MD 36961 and MD 1361 are set to 5. Corresponds with ... MD 36931: $MA_SAFE_VELO_LIMIT[n] MD 36961: $MA_SAFE_VELO_STOP_MODE (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-227 4 Data Descriptions 4.1 Machine data 11.03 36964 $MA_SAFE_IPO_STOP_GROUP 840D MD number Grouping safety IPO response Default: 0 Min. input value: 0 Max. input value: 1 Change effective after RESET Protection level (R/W) 7/2 Unit: Data type: BYTE Applies from SW 4.4.18 Meaning This MD influences the channel-wide IPO stop response distribution of Safety Integrated. It is only effective for Safety Integrated axes/spindles. 0= All other axes-spindles in the channel are notified of the IPO stop response of this axis (default) * 1 = For internal STOPs, the axes and machining spindles, interpolating with the axis involved, are also additionally influenced via the initiated safety alarms. On the other hand, other axes/spindles in the channel continue to run without any disturbance. For external STOPs (without alarm) all of the other axes/spindles remain unaffected by the safety axis/spindle stop. This allows, for example, the pulses of the spindle to be safely cancelled (using an external STOP A) so that this spindle can be manually rotated and the axis can still be safely monitored when moving. If, in some machining situations, the other axes/spindles should stop together with the safety/axis/spindle, then the user is responsible in implementing this using PLC or synchronous action logic combinations. 36965 $MA_SAFE_PARK_ALARM_SUPPRESS 840D MD number Suppression of Alarm "Axis not safely referenced" during parking Default: FALSE Min. input value: Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: BOOLEAN Applies from SW 5.2 Meaning Enable the suppression of Alarms 27000/300950 "Axis not safely referenced" when the "Parking" function is selected. Corresponds with ... 36966 $MA_SAFE_BRAKETEST_TORQUE 840D MD number Brake test, holding torque Default: 5% Min. input value: 0 Max. input value: 800 Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: % Data type: DOUBLE Applies from SW 6.3.21 Meaning Specifies the torque or force for the function test of the brake mechanical system. The holding brake must be capable of applying this torque without any axis slippage. Activating the appropriate test function via MD $MA_FIXED_STOP_MODE, bit 1. This MD must be a minimum of 10 % above the actual torque when selecting the brake test (i.e. with the brake open). This guarantees that if the brake is defective, the motor can again brake the axis. If this is not the case, the brake test is aborted with Alarm 20095. If the drive MD 1192 is not correctly parameterized, then the required safety margin is increased by twice the margin between the real torque and that parameterized in MD 1192. 36967 $MA_SAFE_BRAKETEST_POS_TOL 840D MD number Position tolerance, brake test Default: 1 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/degrees Data type: REAL Applies from SW 6.3.21 Meaning Maximum position tolerance for the function test of the brake mechanical system. If the axis position deviates from the position by more than this tolerance, when the brake test is selected, then the function test for the brake mechanical system is aborted. The corresponding test function is activated via MD $MA_FIXED_STOP_MODE, bit 1. 4-228 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data Note The maximum input value for all axial NCK_SGE/SGA configuring machine data differs depending on the application: Configuring on NCK I/Os: 811E0810 Configuring an SGE on the SPL interface: 84020220 Configuring an SGA on the SPL interface: 84010220 An incorrect entry is detected at the next run-up and flagged with Alarm 27033. Description of the parameterization of the SGE machine data MD 36970 to MD 36979 Coding of input assignment Structure for the input assignment SBH/SG de-selection is mm xx nn Perm. values Explanation i Inversion 0, 8 0: No inversion 8: Inversion before processing s Segment No. 1, 4 1: I/Os on 611 digital bus (terminal) 4: Internal map in system memory (system variable) Further parameterization if one terminal is assigned (s = 1). mm Module no. 01-1F Number of the logical slot in which the terminal block with external I/Os is inserted (drive number) xx Submodule No. 01-08 Slot number of the submodule inside the I/O module nn I/O No. 01-10 Bit number (input/outputnumber on the submodule Further parameterization if a system variable is assigned (s = 4). mm Module No. 01-02 01: Addressing of internal SPL interface $A_OUTSI or $A_INSI 02: Addressing of external SPL interface (only for input signals, $A_INSE) xx Submodule No. 01-02 Index of system variable word (per 32 bits) nn I/O No. 01-20 Bit number in system variable word $A_OUTSID[xx], $A_INSID[xx], $A_INSED[xx] With each entry, a single bit is assigned to a terminal. The structure corresponds to MD 10362: $MN_HW_ASSIGN_ANA_FASTIN[n]. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-229 4 Data Descriptions 4.1 Machine data 11.03 Additional parameterization for local inputs on the NCU (from SW 6.3.21): s=0 s=1 s=4 * Local inputs on the NCU I/Os on the 611 digital bus System variable assignment, internal image in the system memory Parameterization for s = 0 for axial SGEs: mm =00H fixed xx =00H fixed nn =01H - 04H Bit number 36970 $MA_SAFE_SVSS_DISABLE_INPUT 840D MD number Input assignment, SBH/SG de-selection Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data defines the NCK input for selection/de-selection of the SBH and SG functions. Signal means =0 SG or SBH is selected Design: =1 SG and SBH are de-selected Special cases, errors * Input value "0" means: There is no assignment, the input remains at 0, SG and SBH cannot be de-selected. * Input value "80 00 00 00" means: There is no assignment, the input remains at 1 * If MD bit 31 is set, then the signal is processed inverted (ss = 81) References /FB/, A4, Digital and Analog NCK I/Os Corresponds with... MD 10366: $MN_HW_ASSIGN_DIG_FASTIN MD 13010: $MN_DRIVE_LOGIC_NR 36971 $MA_SAFE_SS_DISABLE_INPUT 840D MD number Input assignment, SBH de-selection Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning Assignment of the NCK input for de-selecting the safe operating stop function. Design: See coding of input assignment Assignment of terminal signal level to the safe functions if safely-reduced speed or safe operating stop has been activated. Signal means =0 Safe operating stop is selected =1 Safely-reduced speed is selected (only if STOP C, D or E has not been activated by other functions) Special cases, errors * If MD bit 31 is set, then the signal is processed inverted (ss = 81) * This input is of no significance if SG and SBH have been de-selected (see $MA_SAFE_SVSS_DISABLE_INPUT). References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT 4-230 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36972 $MA_SAFE_VELO_SELECT_INPUT[n] MD number Input assignment, SG selection Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data defines the two inputs for selecting SG1, SG2, SG3 or SG4. Structure: Refer to coding of input assignment n = 1, 0 stands for bits 1, 0 for selecting SG1 to SG4 Assignment of input bits to safely-reduced speeds: Bit 1 Bit 0 Selected SG 0 0 SG1 0 1 SG2 1 0 SG3 1 1 SG4 Special cases, errors If the MD bits 31 are set, then the signal is processed inverted (ss = 81). References MD 36971: $MA_SAFE_SVSS_DISABLE_INPUT 840D 36973 $MA_SAFE_POS_SELECT_INPUT MD number Input assignment, SE selection Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data defines the input for selecting safe limit position 1 or 2. Structure: Refer to coding of input assignment Signal means =0 SE1 is active =1 SE2 is active Special cases, errors If MD bit 31 is set, then the signal is processed inverted (ss = 81) References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT 840D 36974 $MA_SAFE_GEAR_SELECT_INPUT[n] MD number Input assignment, gear ratio selection Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning Assignment of the input terminals for selecting the gear ratio (gear stage). Structure: Refer to coding of input assignment n = 2, 1, 0 stands for bits 2, 1, 0 for selecting gear stages 1 to 8 Bit 2 Bit 1 Bit 0 Active gear stage 0 0 0 Stage 1 0 0 1 Stage 2 0 1 0 Stage 3 ... ... ... ... 1 1 1 Stage 8 Special cases, errors If the MD bits 31 are set, then the signal is processed inverted (ss = 81). References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT 840D 36975 $MA_SAFE_STOP_REQUEST_INPUT MD number Input assignment, "test stop selection" Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data defines the input for selecting the test stop. Structure: Refer to coding of input assignment Signal means =0 Test stop is de-activated =1 Test stop is executed Special cases, errors If MD bit 31 is set, then the signal is processed inverted (ss = 81) References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT 840D (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-231 4 Data Descriptions 4.1 Machine data 11.03 36976 $MA_SAFE_PULSE_STATUS_INPUT MD number Input assignment "pulses cancelled" status Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data defines the input for reading back the "pulses cancelled" status signal. Structure: Refer to coding of input assignment Signal means =0 Pulses are enabled =1 Pulses are cancelled Special cases, errors If MD bit 31 is set, then the signal is processed inverted (ss = 81) References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT 840D 36977 $MA_SAFE_EXT_STOP_INPUT[n]: 0...2 840D MD number Input assignment, external brake request Default: 0,0,0,0 Min. input value: 0 Max. input value: 0x811E0810 Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: Data type: DWORD Applies from SW 4.4.18 Meaning Assigns the input terminal for the external brake requests Assigns the terminal level to stop types ("0" active): Index 0: Assignment for "de-selection ext. STOP A" (SH, pulse cancellation) Index 1: Assignment for "de-selection ext. STOP C" (braking along the current limit) Index 2: Assignment for "de-selection ext. STOP D" (braking along the path) Index 3: Assignment for "de-selection ext. STOP E" (ESR+braking along the path) For safety reasons, inverted logic is used for these signals. Corresponds with ... MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT References Refer to Chapter 3, "External STOPs" 36978 $MA_SAFE_OVR_INPUT[n]: 0...3 840D MD number Input assignment, SG override selection Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 4.2 Meaning Assignment of NCK inputs for override of the limit value of safely-reduced speeds 2 and 4. Structure: Refer to coding of input assignment n = 3, 2, 1, 0 stand for override selection bits 3, 2, 1, 0 Assignment of input bits to SG override values: Bit 3 Bit 2 Bit 1 Bit 0 0 0 0 0 Override 0 is selected 0 0 0 1 Override 1 is selected to 1 1 1 1 Override 15 is selected The override factor itself (percentage) is defined using the following machine data: For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n] For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n] Special cases, errors The "override for safely-reduced speed" function is enabled via MD 36901 (MD 1301): $MA($MD)_SAFE_FUNCTION_ENABLE If the MD bits 31 are set, then the signal is processed inverted (ss = 81). Corresponds with ... MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n] References Refer to Chapter 3, "override for safely-reduced speed" 4-232 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36979 $MA_SAFE_STOP_REQUEST_EXT_INPUT 840D MD number Assignment of input terminals for selecting the "test stop external shutdown" Default: 0 Min. input value: 0 Max. input value: 0x811E0810 Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning This MD must be parameterized as soon as the internal pulse cancellation is used (bit 30 in $MA_SAFE_PULSE_ENABLE_OUTPUT=1) Structure: Refer to coding of input assignment With each machine data of this kind, a single I/O bit is connected to a terminal or a system variable. Otherwise, the structure of the machine data is as for 36970 and onwards. Special cases, errors References Description of the parameterization of the SGA machine data MD 36980 to MD 36990 Coding of the output assignment Structure of the output assignment SBH/SG de-selection is mm xx nn Perm. values Explanation i Inversion 0, 8 0: No inversion 8: Inversion before processing s Segment No. 1, 4 1: I/Os on 611 digital bus (terminal) 4: Internal image in system memory (system variable) Further parameterization if one terminal is assigned (s = 1). mm Module No. 01-1F Number of the logical slot in which the terminal block with external I/Os is inserted (drive number) xx Submodule No. 01-08 Slot number of the submodule inside the I/O module nn I/O No. 01-10 Bit number (input/outputnumber on the submodule Further parameterization if a system variable is assigned (s = 4). mm Module No. 01-02 01: Addressing internal SPL interface $A_OUTSI or $A_INSI 02: Addressing of external SPL interface (only for input signals, $A_INSE) xx Submodule No. 01-02 Index of system variable word (per 32 bits) nn I/O No. 01-20 Bit number in system variable word $A_OUTSID[xx], $A_INSID[xx], $A_INSED[xx] Additional parameterization for local outputs on the NCU (from SW 6.3.21): (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-233 4 Data Descriptions 4.1 Machine data 11.03 s=0 s=1 s=4 Local outputs on the NCU I/Os on the 611 digital bus System variable assignment, internal image in the system memory 36980 $MA_SAFE_SVSS_STATUS_OUTPUT 840D MD number Output assignment, SBH/SG active Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning Assignment of the output for signaling the status of the safely-reduced speed or safe operating stop function. Signal means =0 SG and SBH are not active (only if STOP C, D or E has not been activated by other functions) =1 SG or SBH is active Special cases, errors * Input value of 0 means: There is no assignment, the output remains unaffected by status changes * Input value of 80 00 00 00 means: There is no assignment, the output remains at 1 * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) * If several output signals are connected to the same terminal, the following applies: If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some cases inverted) output signals are then ANDed and the result output at the terminal. References /FB/, A4, Digital and analog NCK I/Os 36981 $MA_SAFE_SS_STATUS_OUTPUT 840D MD number Output assignment, SBH active Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 4.2 Meaning This data determines the output or system variable for the "SBH active" signal. Structure: Refer to coding of output assignment Signal means =0 SBH is not active =1 SBH is active Special cases, errors * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) * If several output signals are connected to the same terminal, the following applies: If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some cases inverted) output signals are then ANDed and the result output at the terminal. 4-234 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36982 840D $MA_SAFE_VELO_STATUS_OUTPUT[n] MD number Output assignment, SG active Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 4.2 Meaning This data determines the outputs or system variables for the "SG active bit 0" and "SG active bit 1" signals. Structure: Refer to coding of output assignment n = 1, 0 stands for SG active, bits 1, 0 SG active Bit 1 Bit 0 means =0 =0 SG1 active if SBH/SG is active and SBH is not active SBH active if SBH/SG and SBH are active =1 =0 SG2 active =0 =1 SG3 active =1 =1 SG4 active Special cases, errors * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) * If several output signals are connected to the same terminal, the following applies: If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some cases inverted) output signals are then ANDed and the result output at the terminal. 36984 $MA_SAFE_EXT_PULSE_ENAB_OUTPUT 840D MD number Assignment of output terminal for selection of "external pulse enable" Default: 0 Min. input value: 0 Max. input value: 0x811E0810 Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning This MD must be parameterized as soon as the internal pulse cancellation is used (bit 30 in $MA_SAFE_PULSE_ENABLE_OUTPUT=1) Structure: Refer to coding of input assignment With each machine data of this kind, a single I/O bit is connected to a terminal or a system variable. Otherwise, the structure of the machine data is as for 36970 and onwards. Special cases, errors References 36985 $MA_SAFE_VELO_X_STATUS_OUTPUT 840D MD number Output assignment for n < nx Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 4.2 Meaning This data determines the output or system variable for the "n < nx" signal. Structure: Refer to coding of output assignment Signal means =0 Actual speed is higher than the limit speed in $MA_SAFE_VELO_X =1 Actual speed is lower or equal to the limit speed Corresponds with ... $MA_SAFE_VELO_X Special cases, errors * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) * If several output signals are connected to the same terminal, the following applies: If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some cases inverted) output signals are then ANDed and the result output at the terminal. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-235 4 Data Descriptions 4.1 Machine data 11.03 36986 $MA_SAFE_PULSE_ENABLE_OUTPUT 840D MD number Output assignment, enable pulses Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning The output assignment for the pulses is enabled using this data. Structure: Refer to coding of output assignment Signal means =0 Request for pulse cancellation =1 Request for pulse enable Special cases, errors * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) * If several output signals are connected to the same terminal, the following applies: If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some cases inverted) output signals are then ANDed and the result output at the terminal. * Bit 30 has the following special meaning If bit 30 is set to 1, the internal pulse cancellation via the drive bus is used (only permissible for 611 digital Performance 2 modules). In this case, the MDs for external pulse enabling must also be parameterized as an additional safety measure in the event that the internal pulse cancellation fails ($MA_SAFE_EXT_PULSE_ENABLE_OUTPUT and $MA_SAFE_STOP_REQUEST_EXT_INPUT) Possible values of i: Value 0 4 Meaning The SGA "enable pulses" is output at the parameterized interface (SPL or periphery). The pulses are internally cancelled via the drive bus. The SGA "enable pulses" contains the same information and is output at the parameterized interface (SPL or periphery). This SGA is not transferred if mm, xx and nn=0. 8 The SGA "enable pulses" is output inverted at the parameterized interface. 12 (=0CH) The pulses are cancelled internally via the drive bus. The SGA "enable pulses" contains the same information and is output inverted at the parameterized interface (SPL or periphery). 36987 $MA_SAFE_REFP_STATUS_OUTPUT 840D MD number Output assignment "axis safely referenced" Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data specifies the output for the "axis safely referenced" signal. Structure: Refer to coding of output assignment Signal means =0 Axis is not safely referenced (i.e. the SE is de-activated) =1 Axis is safely referenced Special cases, errors * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) * If several output signals are connected to the same terminal, the following applies: If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some cases inverted) output signals are then ANDed and the result output at the terminal. Further references MD 36980: $MA_SAFE_SVSS_STATUS_OUTPUT 4-236 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36988 $MA_SAFE_CAM_PLUS_OUTPUT[n] 840D MD number Output assignment, SN1 + to SN4 + Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data specifies the outputs for plus cams SN1+ to SN4+. Structure: Refer to coding of output assignment n = 0, 1, 2, 3 stands for the assignment of plus cams SN1+, SN2+, SN3+, SN4+ Signal means =0 Axis is located to the left of the cam (actual value cam position) =1 Axis is located to the right of the cam (actual value > cam position) (also refer to Chapter 3.7 Safe software cams, output assignment) Special cases, errors * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) * If several output signals are connected to the same terminal, the following applies: If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some cases inverted) output signals are then ANDed and the result output at the terminal. Further references MD 36980: $MA_SAFE_SVSS_STATUS_OUTPUT 36989 $MA_SAFE_CAM_MINUS_OUTPUT[n] 840D MD number Output assignment, SN1 - to SN4 Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 3.4 Meaning This data defines the outputs for minus cams SN1- to SN4-. Structure: Refer to coding of output assignment n = 0, 1, 2, 3 stands for the assignment of minus cams SN1-, SN2-, SN3-, SN4Signal means =0 Axis is located to the left of the cam (actual value cam position) =1 Axis is located to the right of the cam (actual value > cam position) (also refer to Chapter 3.7 Safe software cams, output assignment) Special cases, errors * If a single output signal is connected to a terminal, the following applies: If MD bit 31 is set, then the signal is processed inverted (ss = 81) Further references MD 36980: $MA_SAFE_SVSS_STATUS_OUTPUT (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-237 4 Data Descriptions 4.1 Machine data 11.03 36990 $MA_SAFE_ ACT_STOP_OUTPUT[n]: 0...3 840D MD number Output assignment active STOP Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 4.4.18 Meaning This data defines the assignment of the states "STOP A/B is active", "STOP C is active" and "STOP D is active" to an output terminal or system variable. Structure: Refer to coding of output assignment n associated status (on "1" level) n=0 "STOP A/B is active " n=1 "STOP C is active " n=2 "STOP D is active " n=3 "STOP E is active" Special cases, errors * Test stop can be detected using SGA "Pulse enable". * "STOP A/B is active" can only be used for "leading brake control" because after the time specified in MD36956: $MA_SAFE_PULSE_DISABLE_DELAY changeover is made from STOP B to STOP A. * "STOP A/B is active", "STOP C is active" and "STOP D is active" can be used for the forced checking procedure of external STOPs. Corresponds with ... MD 36980: $MA_SAFE_ SVSS_STATUS_OUTPUT Further references Refer to Chapter 3, "External STOPs" 36992 $MA_SAFE_CROSSCHECK_CYCLE 840D MD number Displays axial crosswise comparison clock cycle Default: 0 Min. input value: 0 Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: DWORD Applies from SW 6.3 Meaning Indicates effective axial comparison clock cycle in seconds. Obtained from INFO_SAFETY_CYCLE_TIME and the number of data to be compared crosswise. The axial value displayed depends on the associated drive module, since the length of the crosswise data comparison lists between Performance-1/Standard-2 and Performance-2 modules is different. 36993 $MA_SAFE_CONFIG_CHANGE_DATE[n]; n=0...4 840D MD number Date/time of last configuration change of safety-relevant NCK machine data Default: "Blank" Min. input value: Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Data type: STRING Applies from SW 5.2 Meaning Display data which logs when safety-relevant NCK machine data are activated. The last change is logged in the MD with field index 0. Previous times in fields 1...4. Special cases, errors 36994 $MA_SAFE_PREV_CONFIG[n]; n=0...4 840D MD number Save data to verify safety configuration changes Default: "Blank" Min. input value: Max. input value: Change becomes effective after POWER ON: Protection level (R/W) 7/7 Unit: Data type: STRING Applies from SW 3.4 Meaning If the safety configuration is changed, safety-relevant configuration data is stored in this field. Special cases, errors 4-238 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.1 Machine data 36995 MD number Default value 0 $MA_SAFE_STANDSTILL_POS 840D Standstill position Min. input value: Max. input value: -2 147 483 647 2 147 483 647 Change becomes effective after POWER ON: Protection level (R/W) 0/0 Unit: Data type: DWORD Applies from SW 3.4 Meaning The position at which the axis has currently stopped is displayed in this MD. To be able to perform a plausibility check on the axis referencing when the control system is powered-up the next time, the current axis position is saved permanently when the following events take place: * When safe operating stop (SBH) is selected * Cyclically when SE/SN is active Special cases, errors Any manual changes to the MD are detected the next time the control is powered-up and the axis reference checked for plausibility. "User agreement" is required again after referencing. 36997 $MA_SAFE_ACKN 840D MD number User agreement Default: 0 Min. input value: 0 Max. input value: FF FF FF FF Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Hexadecimal Data type: DWORD Applies from SW 3.4 Meaning The user agreement status is displayed in this machine data. The user can confirm or cancel his "user agreement" via an appropriate screen display. If it is internally detected in the software that the reference to the machine has been lost, then the "user agreement" is automatically cancelled (e.g. during gear changes, or if the plausibility comparison with the stored standstill position fails during referencing). Special cases, errors Any manual changes to the MD are detected the next time the control is powered-up and the axis reference checked for plausibility. "User agreement" is required again after referencing. 36998 $MA_SAFE_ACT_CHECKSUM 840D MD number Actual checksum Default: 0 Min. input value: 0 Max. input value: FF FF FF FF Change becomes effective after POWER ON: Protection level (R/W) 7/Unit: Hexadecimal Data type: DWORD Applies from SW 3.4 Meaning The actual checksum calculated after POWER ON or for a RESET, over the current values of safety-relevant machine data is entered here. 36999 $MA_SAFE_DES_CHECKSUM 840D MD number Setpoint checksum Default: 0 Min. input value: 0 Max. input value: FF FF FF FF Change becomes effective after POWER ON: Protection level (R/W) 7/1 Unit: Hexadecimal Data type: DWORD Applies from SW 3.4 Meaning This data contains the setpoint (reference) checksum of the actual values of safetyrelevant machine data that was saved during the last machine acceptance test. 37000 $MA_FIXED_STOP_MODE MD number Travel to fixed endstop mode Default: 0 Min. input value: 0 Max. input value: 3 Change becomes effective after POWER ON: Protection level (R/W) 7/1 Unit: Hexadecimal Data type: BYTE Applies from SW Meaning Bit 0: Selects "Traverse to fixed endstop" from the part program or synchronous actions. Bit 1: Selects "Traverse to fixed endstop" for the function test of the braking mechanical system from the PLC (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 840D 4-239 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 11.03 4.2 Machine data for SIMODRIVE 611 digital 4.2.1 Overview of the machine data Table 4-2 Machine data for SIMODRIVE 611 digital No. Name for 611 digital Equivalent MD for 840D Name Name No. 1300 $MD_SAFETY_CYCLE_TIME 10090: $MA_SAFETY_SYSCLOCK_TIME_RATIO SI Monitoring cycle Factor for monitoring cycle 1301 $MD_SAFE_FUNCTION_ENABLE 36901: $MA_SAFE_FUNCTION_ENABLE Enable safety functions Enable safety functions 1302 $MD_SAFE_IS_ROT_AX 36902: $MA_SAFE_IS_ROT_AX Axis-specific bits for safe functions Rotary axis 1305 $MD_SAFE_MODULO_RANGE 36905: $MA_SAFE_MODULO_RANGE Actual value range for SN for rotary axes Modulo value for safe cams 1316 $MD_SAFE_ENC_CONFIG 36916: $MA_SAFE_ENC_IS_LINEAR Motor encoder configuration, safe functions Linear scale 1317 $MD_SAFE_ENC_GRID_POINT_DIST 36917: $MA_SAFE_ENC_GRID_POINT_DIST Grid spacing linear scale Grid spacing linear scale 1318 $MD_SAFE_ENC_RESOL 36918: $MA_SAFE_ENC_RESOL Encoder pulses per revolution Encoder pulses per revolution 1320 $MD_SAFE_ENC_GEAR_PITCH 36920: $MA_SAFE_ENC_GEAR_PITCH Lead screw pitch Lead screw pitch 1321 $MD_SAFE_ENC_GEAR_DENOM[n] 36921: $MA_SAFE_ENC_GEAR_DENOM[n] Denominator of encoder/load gear Denominator of encoder/load gear 1322 $MD_SAFE_ENC_GEAR_NUMERA[n] 36922: $MA_SAFE_ENC_GEAR_NUMERA[n] Numerator of encoder/load gear Numerator of encoder/load gear 1326 $MD_SAFE_ENC_FREQ_LIMIT 36926: $MD_SAFE_ENC_FREQ_LIMIT Encoder limit frequency for safe operation Encoder limit frequency for safe operation 1330 $MD_SAFE_STANDSTILL_TOL 36930: $MA_SAFE_STANDSTILL_TOL Standstill tolerance SBH Standstill tolerance 1331 $MD_SAFE_VELO_LIMIT[n] 36931: $MA_SAFE_VELO_LIMIT[n] Limit values for safely-reduced speed Limit value for safely-reduced speed 1332 $MD_SAFE_VELO_OVR_FACTOR[n] 36932: $MA_SAFE_VELO_OVR_FACTOR[n] Correction factor for SG SG override values 1334 $MD_SAFE_POS_LIMIT_PLUS[n] 36934: $MA_SAFE_POS_LIMIT_PLUS[n] Upper limit value for SE Upper limit value for safe end position 1335 $MD_SAFE_POS_LIMIT_MINUS[n] 36935: $MA_SAFE_POS_LIMIT_MINUS[n] Lower limit value for SE Lower limit value for safe end position 1336 $MD_SAFE_CAM_POS_PLUS[n] 36936: $MA_SAFE_CAM_POS_PLUS[n] Plus cams position SN Plus cams position for safe cams 1337 $MD_SAFE_CAM_POS_MINUS[n] 36937: $MA_SAFE_CAM_POS_MINUS[n] Minus cams position SN Minus cams position for safe cams 1340 $MD_SAFE_CAM_TOL 36940: $MA_SAFE_CAM_TOL Tolerance for safe cams Tolerance for safe cams 1342 $MD_SAFE_POS_TOL 36942: $MA_SAFE_POS_TOL Actual-value tolerance crosswise data Actual value comparison tolerance (crosswise) comparison 1344 $MD_SAFE_REFP_POS_TOL 36944: $MA_SAFE_REFP_POS_TOL Actual value tolerance safe axis position Actual value comparison tolerance (referencing) 1346 $MD_SAFE_VELO_X 36946: $MA_SAFE_VELO_X Speed limit nx Speed limit n_x 1348 $MD_SAFE_STOP_VELO_TOL 36948: $MA_SAFE_STOP_VELO_TOL Actual speed tolerance for SBR Speed tolerance for safe braking ramp 1349 $MD_SAFE_SLIP_VELO_TOL 36949: $MA_SAFE_SLIP_VELO_TOL Tolerance 2-encoder drift / slip Speed tolerance slip 1350 $MD_SAFE_MODE_SWITCH_TIME 36950: $MA_SAFE_MODE_SWITCH_TIME Tolerance time for SGE changeover Tolerance time for SGE changeover 1351 $MD_SAFE_VELO_SWITCH_DELAY 36951: $MA_SAFE_VELO_SWITCH_DELAY Delay time SG changeover Delay time SG changeover 1352 $MD_SAFE_STOP_SWITCH_TIME_C 36952: $MA_SAFE_STOP_SWITCH_TIME_C Transition time STOP C to SBH Transition time STOP C to safe standstill 4-240 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 1353 1354 1355 1356 1357 1358 1360 1361 1362 1363 1370 1371 1380 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital $MD_SAFE_STOP_SWITCH_TIME_D Transition time STOP D to SBH $MD_SAFE_STOP_SWITCH_TIME_E Transition time STOP E to SBH $MD_SAFE_STOP_SWITCH_TIME_F Transition time STOP F to SBH $MD_SAFE_PULSE_DISABLE_DELAY Delay time pulse cancellation $MD_SAFE_PULSE_DIS_CHECK_TIME Time for testing pulse cancellation $MD_SAFE_ACC_TEST_TIMEOUT SI acceptance test timer $MD_SAFE_STANDSTILL_VELO_TOL Shutoff speed for pulse cancellation $MD_SAFE_VELO_STOP_MODE Stop response for SG $MD_SAFE_POS_STOP_MODE Stop response for SE $MD_SAFE_VELO_STOP_REACTION[n] SG-specific stop response $MD_SAFE_TEST_MODE SI acceptance test mode $MD_SAFE_TEST_STATE SI acceptance test status $MD_SAFE_PULSE_DIS_TIME_FAIL Time until pulse cancellation $MD_SAFE_FIRMWARE_VERSION Firmware release Safety Integrated $MD_SAFE_DIAG_NC_RESULTLIST1 Diagnostics: NC result list 1 $MD_SAFE_DIAG_611D_RESULTLIST1 Diagnostics: 611digital result list 1 $MD_SAFE_DIAG_NC_RESULTLIST2 Diagnostics: NC result list 2 $MD_SAFE_DIAG_611digital_RESULTLIST2 Diagnostics: 611digital result list 2 $MD_SAFE_STOP_F_DIAGNOSIS Diagnostics for STOP F $MD_SAFE_ACKN_WRITE User agreement $MD_SAFE_ACKN_READ 611 digital internal agreement $MD_SAFE_ACT_CHECKSUM Checksum display of SI-MD $MD_SAFE_DES_CHECKSUM Checksum for SI-MD 36953: 36954: 36955 36956: 36957: 36958 36960: 36961: 36962: 36963: $MA_SAFE_STOP_SWITCH_TIME_D Transition time STOP D to safe standstill $MA_SAFE_STOP_SWITCH_TIME_E Transition time STOP E to safe standstill $MA_SAFE_STOP_SWITCH_TIME_F Transition time STOP F to safe standstill $MA_SAFE_PULSE_DISABLE_DELAY Delay time pulse cancellation $MA_SAFE_PULSE_DIS_CHECK_TIME Time for testing pulse cancellation $MA_SAFE_ACCEPTANCE_TST_TIMEOUT Time limit for the acceptance test duration $MA_SAFE_STANDSTILL_VELO_TOL Shutoff speed for pulse cancellation $MA_SAFE_VELO_STOP_MODE Stop response safely reduced speed $MA_SAFE_POS_STOP_MODE Stop response safe end position $MA_SAFE_VELO_STOP_REACTION[n] SG-specific stop response corresponds to BTSS variables for NCK corresponds to BTSS variables for NCK corresponds to BTSS variables for NCK not available for 840D not available for 840D not available for 840D not available for 840D not available for 840D For 840D, integrated in alarm text not available for 840D 36997: 36998 36999 $MA_SAFE_ACKN User agreement $MA_SAFE_ACT_CHECKSUM Actual checksum $MA_SAFE_DES_CHECKSUM Setpoint checksum Note: * The drive machine data is copied to the drive after the soft key COPY TO DRIVE is pressed. Drive machine data marked in this way are not taken into account when copying. The machine 13xx manufacturer must manually enter this data. * The same description as for the equivalent machine data of the 840D system apply to the machine data copied to the drive. Loading the standard motor data When the standard motor data is loaded, some drive machine data is overwritten. If another type of motor is mounted (e.g. after repairs have been carried-out) and the associated motor default data is loaded, then the encoder data must be changed back to their original values. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-241 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 4.2.2 11.03 Description of the machine data 1300 611 digital $MD_SAFETY_CYCLE_TIME Monitoring clock cycle Unit: 31.25 s Default: 384 (= 12 ms) Minimum value: 16 Maximum value: 800 Relevant for: FD/MSD Data type: short integer Becomes effective: POWER ON This data sets the monitoring clock cycle for safe operation. Position controller clock cycle <= Monitoring clock cycle <= 25ms The monitoring clock cycle defines the response time of the monitoring functions. It should be noted that a short monitoring cycle time increases the load on the CPU. 1301 611 digital $MD_SAFE_FUNCTION_ENABLE Enable safety functions Unit: Hexadecimal Default: 0 Minimum value: 0 Maximum value: FFEB Hex Relevant for: FD/MSD Data type: Binary Becomes effective: POWER ON This data enables the partial functions for safe operation on an axis-specific or spindle-specific basis. The bit assignment is as follows: High byte Low byte Bit 15 Bit 14 Bit 13 Enable safe cams SN4 SN4 + SN3 Bit 7 Bit 6 Bit 5 Enable (840D from SW4.2) Cam External Override, synchronSTOPs safelyization reduced speed 1302 Bit 12 Bit 11 Bit 10 SN3 + SN2 SN2 + Bit 4 Bit 3 Bit 2 Reserved, these bits must be set to 0 Enable external ESR activation Enable actual value synchroniz ation 2encoder system Reserved for functions with absolute reference $MD_SAFE_IS_ROT_AX Default: 0 Minimum value: 0 Bit 8 SN1 Bit 1 Enable SN1 + Bit 0 SE SBH/SG 611 digital Axis-specific bits for safety-relevant functions Unit: - Bit 9 Maximum value: 00 03 Relevant for: FD/MSD Data type: Binary Becomes effective: POWER ON Axis and encoder bits related to safety functions. Bit 15 High byte 0 Bit 7 Low byte 0 4-242 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Reserved, these bits must be set to 0 0 0 0 0 0 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Reserved, these bits must be set to 0 0 0 0 0 0 Bit 0 1: 0: Rotary axis/spindle Linear axis Bit 1 1: 0: Imperial system (inches etc.) Metric system: Bit 9 Bit 8 0 Bit 1 0 Bit 0 Inch system Axis type (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 1305 $MD_SAFE_MODULO_RANGE 611 digital Actual value range for SN for rotary axes Unit: mdegree Default: 0 Minimum value: 0 Maximum value: 737 280 000 Relevant for: FD/MSD Data type: long integer Valid from: 840D from SW4.2 Becomes effective: POWER ON Actual value range within which safe cams for rotary axes are calculated. The axis must be a rotary axis ($MA_/$MD_SAFE_IS_ROT_AX = 1). Value = 0: Modulo correction after +/- 2048 revolutions (i.e. after 737 280 000 mdegrees) Setting > 0 and multiples of 360 000 mdegrees: Modulo correction after this setting e.g. setting = 360 000 the actual value range is between 0 and 359.999 degrees, i.e. a modulo correction is carried-out after every revolution. Corresponding machine data: MD 36905: $MA_SAFE_MODULO_RANGE MD 36936/1336: $MA_/$MD_SAFE_CAM_POS_PLUS[n] MD 36937/1337: $MA_/$MD_SAFE_CAM_POS_MINUS[n] 1316 $MD_SAFE_ENC_CONFIG 611 digital Motor encoder configuration, safety-relevant functions Unit: - Default: 0 Minimum value: 0 Maximum value: 00 07 Relevant for: FD/MSD Data type: Binary Becomes effective: POWER ON Axis and encoder bits related to safety functions. High byte Bit 15 Reserved 0 Bit 7 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit 9 Bit 8 0 Bit 6 0 Bit 5 0 Bit 4 0 Bit 3 0 Bit 2 0 Bit 1 0 Bit 0 0 0 0 0 2encoder system Sign change Motor encoder (IMS) Low byte 0 Bit 0 1: 0: Linear motor encoder (e.g.: Linear scale for linear motors) Rotary motor encoder Bit 1 1: 0: Sign change No sign change Bit 2 1: 2-encoder system (for encoder limit frequency is not monitored) 1-encoder system (for encoder limit frequency is monitored) 0: 1317 $MD_SAFE_ENC_GRID_POINT_DIST Linear scale graduations Unit: m Default: 10 Minimum value: 0.010 Maximum value: 8 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Grid spacing of encoder (only applies to linear encoders) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-243 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 1318 11.03 $MD_SAFE_ENC_RESOL 611 digital Encoder pulses per revolution Unit: Default: 2 048 Minimum value: 1 Maximum value: 100 000 Relevant for: FD/MSD Data type: - Becomes effective: POWER ON Number of pulses per encoder revolution (only applies to rotary encoders) 1320 $MD_SAFE_ENC_GEAR_PITCH Lead screw pitch Unit: mm/rev Default: 10 Minimum value: 0.1 Maximum value: 8 388.00 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Gear ratio between encoder and load (applies to linear axes with rotary encoder) 1321 $MD_SAFE_ENC_GEAR_DENOM[n] Denominator of encoder/load gear Unit: - Default: 1 Minimum value: 1 Maximum value: 8 388 607 611 digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Denominator of the gear between encoder and load, i.e. the denominator of the fraction number of encoder revolutions / number of load revolutions There are a total of 8 values (n = 0 ... 7); the current value is selected by means of SGEs. 1322 $MD_SAFE_ENC_GEAR_NUMERA[n] Numerator of encoder/load gear Unit: - Default: 1 Minimum value: 1 Maximum value: 8 388 607 611 digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Numerator of the gear between encoder and load, i.e. the numerator of the fraction number of encoder revolutions / number of load revolutions" There are a total of 8 values (n = 0 ... 7); the current value is selected by means of SGEs. 1326 $MD_SAFE_ENC_FREQ_LIMIT Encoder limit frequency for safe operation Unit: - Default: 300000 Minimum value: 300000 Maximum value: 420000 611 digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Encoder limit frequency setting due to hardware requirements (encoder cable length, encoder type). Only applies with 611 digital Performance 2 control 1330 $MD_SAFE_STANDSTILL_TOL Standstill tolerance (SBH) Unit: m or mdegrees Default: 1 000 Minimum value: 1 Maximum value: 100 000 611 digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Tolerance value for the safe standstill monitoring. This machine data defines the standstill tolerance window for SBH. The actual value must be within this tolerance value otherwise an alarm is output 4-244 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital (tolerance for safe operating stop exceeded, STOP a/B) and the drive is switched into the safe standstill condition. 1331 $MD_SAFE_VELO_LIMIT[n] 611 digital Limit values for safely-reduced speed Unit: mm/min or rev/min Default: 2 000 Minimum value 0 Maximum value: 1 000 000 Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Limit values for the safely reduced speed monitoring. n = 0, 1, 2, 3, stands for limit value of SG1, 2, 3, 4 If the actual speed is greater than this limit value, then the drive initiates a stop response (this can be parameterized in MD 1361: $MD_SAFE_VELO_STOP_MODE) and switches into the safe operating stop. With active SBH/SG and a 1-encoder system, the speed is monitored on the basis of an encoder limit frequency of 200kHz (300 kHz, 840D from SW 3.6). The parameterized stop response is output when the limit is exceeded. 1332 $MD_SAFE_VELO_OVR_FACTOR[n] Correction factor for SG Unit: % Default: 100 Minimum value: 1 Maximum value: 100 611digital Relevant for: FD/MSD Data type: short integer Valid from: SW version 4.2 Becomes effective: POWER ON It is possible to select overrides via SGEs for safely-reduced speeds 2 and 4 and to set the associated override value (percentage) in this machine data. n = 0, 1, ... , 15 stand for overrides 0, 1, ... 15 The "override for safely-reduced speed" function is enabled via MD 36901 (MD 1301): $MA($MD)_SAFE_FUNCTION_ENABLE (refer to Chapter 3.4.5 "Override for safely-reduced speed"). 1334 $MD_SAFE_POS_LIMIT_PLUS[n] Upper limit value for safe end position Unit: m or mdegrees Default: 100 000 000 Minimum value: -2 147 000 000 Maximum value: 2 147 000 000 611 digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Upper (positive) limit value for safe monitoring of a limit position n = 0, 1 stands for safe limit position SE1, SE2 When passing the active, upper limit value, the drive initiates an alarm (this can be parameterized using MD 1362: $MD_SAFE_POS_STOP_MODE) and switches into the safe operating stop. 1335 $MD_SAFE_POS_LIMIT_MINUS[n] Lower limit value for safe end position Unit: m or mdegrees Default: -100 000 000 Minimum value: -2 147 000 000 Maximum value: 2 147 000 000 611digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Lower (negative) limit value for SE. n = 0, 1 stands for safe end position SE1, SE2 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-245 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 11.03 When passing the active, lower limit value, the drive initiates an alarm (this can be parameterized using MD 1362: $MD_SAFE_POS_STOP_MODE) and switches into the safe operating stop condition. 1336 $MD_SAFE_CAM_POS_PLUS[n] Plus cams position for safe cams Unit: m or 0.001 degrees Default: 10 000 Minimum value: -2 147 000 000 Maximum value: 2 147 000 000 611digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Absolute position for plus cams. n = 0, 1, 2, 3 stands for plus cams SN1+, SN2+, SN3+, SN4+ If the safe actual position is greater than the machine data, then the safetyrelevant output (SGA) assigned to this cam, is set to 1. 1337 $MD_SAFE_CAM_POS_MINUS[n] Minus cams position for safe cams Unit: m or 0.001 degrees Default: -10 000 Minimum value: -2 147 000 000 Maximum value: 2 147 000 000 611digital Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Absolute position for minus cams. n = 0, 1, 2, 3 stands for minus cams SN1-, SN2-, SN3-, SN4If the safe actual position exceeds the position set in the machine data, then the SGA assigned to the relevant cam is set to 1. 1340 $MD_SAFE_CAM_TOL 611 digital Tolerance for safe cams Unit: m or 0.001 degrees Default: 100 Minimum value: 1 Maximum value 10 000 Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Tolerance threshold for all safe cams. As a result of the minimum measuring, computational and runtime deviations, the two monitoring channels (NC and drive) rarely detect when a cam position is passed at exactly the same time and at exactly the same position. This data creates a tolerance window within which cam results in the two monitoring channels may deviate without resulting in an error. Cam tolerance and actual value tolerance (MD 1342) should be identical. 1342 $MD_SAFE_POS_TOL 611 digital Actual value tolerance, crosswise data comparison Unit: m or mdegrees Default: 100 Minimum value: 1 Maximum value: 360 000 Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Tolerance threshold for the crosswise data comparison of the position actual value between the NC and drive. This machine data creates a tolerance window within which the position actual values of the NC and drive may deviate from one another. "Finger protection" (about 10 mm) is the primary consideration when setting this tolerance value. 4-246 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital If the difference between the position actual values is greater than the tolerance window, the drive initiates an alarm (STOP F) and shuts down if at least one monitoring function is active. 1344 $MD_SAFE_REFP_POS_TOL 611 digital Actual value tolerance safe axis position Unit: m or mdegrees Default: 10 Minimum value: 0 Maximum value: 36 000 Relevant for: FD/MSD Data type: long integer Becomes effective: POWER ON Tolerance threshold for the actual value monitoring after referencing. A second absolute actual position is calculated from the last standstill position that is saved before the encoder is powered down and the distance traversed since POWER ON. These two actual positions must be within the tolerance window or else the axis cannot be referenced without a "user agreement". If the user agreement is not present, alarm "axis not safely referenced" is output with error code. The following factors must be taken into consideration when calculating tolerance values: Backlash, leadscrew errors, temperature errors, torsion for 2-encoder systems, gear play for selector gearboxes, lower resolution for 2-encoder systems, oscillating travel for selector gearboxes. $MD_SAFE_VELO_X 1346 611 digital Speed limit nx Unit: mm/min, rpm Default: 20 Minimum value: 0 Maximum value: 1 000 Relevant for: FD/MSD Data type: float Valid from: SW4.2 for 840D Becomes effective: POWER ON This data defines the speed limit nx for SGA "n < nx". Setting 0 means: n < nx is not active. 1348 $MD_SAFE_STOP_VELO_TOL Actual speed tolerance for SBR Unit: mm/min, inch/min, rpm Default: 300 Minimum value: 0 Maximum value: 20 000 611 digital Relevant for: FD/MSD Data type: float Valid from: SW4.2 for 840D Becomes effective: POWER ON After activating the safe braking ramp (SBR), the actual speed plus the speed tolerance, specified using this machine data, is activated as speed limit. If a value > 0 is specified in this MD, a value, converted to the internal format, is limited to >= 1. Recommended settings: Refer to Chapter 3 "Safe braking ramp" 1349 $MD_SAFE__SLIP_VELO_TOL Tolerance 2-encoder drift / slip Unit: mm/min, inch/min, rpm Default: 6 Minimum value: 0 Maximum value: 1000 611 digital Relevant for: FD/MSD Data type: float Valid from: SW5.2 for 840D Becomes effective: POWER ON The tolerance specified in this MD is used as the maximum permissible speed difference between the NC and drive if the function in bit 3 of MD 1301 "Enable actual value synchronization" is selected. The tolerance in this MD is then used for the crosswise data comparison instead of the parameterized tolerance in (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-247 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 11.03 $MD_SAFE_POS_TOL. If this value is exceeded, STOP F is initiated with fine code 3 or 44-57 (actual value comparison or dynamic limit value comparison). 1350 $MD_SAFE_MODE_SWITCH_TIME Tolerance time for SGE changeover Unit: ms Default: 500 Minimum value: 0 Maximum value: 10 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Timer for SGE changes. The timer is started every time new SGEs are accepted. The new monitoring functions are immediately active, however, the crosswise comparison of the result lists, position actual value and dynamic position limit values must be delayed for a specific time as the two monitoring channels cannot detect the SGE changes at precisely the same time. Note System-dependent minimum tolerance time: 2 x PLC cycle time (maximum cycle) + 1 x IPO cycle time The variations in runtime in the external circuitry (e.g. relay operating times) must also be taken into account. 1351 $MD_SAFE_VELO_SWITCH_DELAY Delay time speed changeover Unit: ms Default: 100 Minimum value: 0 Maximum value: 10 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Timer for the SGE delay timer. The timer is started at the transition from the safely-reduced speed function to the safe operating stop mode or when the speed monitoring limit is reduced to a lower speed. During this period, the last selected SG limit remains active. Example: 1352 1. The timer is interrupted as soon as a higher or identical SG limit (i.e. to that which was previously active) is selected. 2. The timer is immediately stopped if a changeover is made to "non-safe operation" (=NSB SGE "de-select SBH/SG=1). 3. The timer is restarted if an SG limit, lower than the one previously active, is selected or a changeover made to SBH while the timer is running. $MD_SAFE_STOP_SWITCH_TIME_C Transition time from STOP C to safe operating stop Unit: ms Default: 100 Minimum value: 0 Maximum value: 10 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON When the time in this timer expires, a transition is made from STOP C (initiated by SG or SE) to SBH. After the time has elapsed, the axis/spindle is monitored for a safe operating stop. If it has still not reached zero speed, a STOP A or STOP B is initiated. 4-248 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 1353 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital $MD_SAFE_STOP_SWITCH_TIME_D Transition time from STOP D to safe operating stop Unit: ms Default: 100 Minimum value: 0 Maximum value: 60 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON When the time in this timer has expired, a transition is made from STOP D (initiated by SG or SE) to SBH. After the time has elapsed, the axis/spindle is monitored for a safe operating stop. If it has still not reached zero speed, a STOP A or STOP B is initiated. 1354 $MD_SAFE_STOP_SWITCH_TIME_E Transition time from STOP E to safe operating stop Unit: ms Default: 100 Minimum value: 0 Maximum value: 60 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON When the time in this timer expires, a transition is made from STOP E (initiated by SG or SE) to SBH. After the time period has elapsed, the axis/spindle is monitored for a safe operating stop. If it has still not reached zero speed, a STOP A or STOP B is initiated. 1355 $MD_SAFE_STOP_SWITCH_TIME_F Transition time from STOP F to STOP B Unit: ms Default: 100 Minimum value: 0 Maximum value: 60 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON When this time in this timer stage expires, a transition is made from STOP F to STOP B. 1356 $MD_SAFE_PULSE_DISABLE_DELAY Delay time pulse cancellation Unit: ms Default: 100 Minimum value: 0 Maximum value: 10 000 611digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Delay time to cancel the pulses after STOP B was initiated as a result of safe standstill monitoring or as a result of a STOP F. The pulses are cancelled earlier than defined in this data if the condition for pulse cancellation is present via MD 1360: $MD_SAFE_STANDSTILL_VELO_TOL. If the timer stage in this data is set to zero, then an immediate transition is made from STOP B to STOP A (the pulses are immediately cancelled). 1357 $MD_SAFE_PULSE_DIS_CHECK_TIME Time for checking the pulse cancellation Unit: ms Default: 100 Minimum value: 0 Maximum value: 10 000 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON After the time in this timer stage has expired, the pulses must have been cancelled if this has been requested using the SGE "test stop selection". If the pulses have not been cancelled after the parameterized time, a STOP A response is initiated. If the pulses have been cancelled after the parameterized (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-249 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 11.03 time, this is indicated to the user by setting the SGA "pulses cancelled". The user can now reset the SGE "Stop selection". 1358 $MD_SAFE_ACCTEST_TIME 611 digital Acceptance test timer Unit: ms Default: 40000 Minimum value: 5000 Maximum value: 100000 Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Corresponds to MD $MA_SAFE_ACCEPTANCE_TST_TIMEOUT for NCK as timer starting value to monitor the active acceptance test mode.. 1360 $MD_SAFE_STANDSTILL_VELO_TOL Shutdown speed, pulse cancellation Unit: mm/min or rev/min Default: 0.0 Minimum value: 0.0 Maximum value: 1 000.0 611 digital Relevant for: FD/MSD Data type: float Becomes effective: POWER ON Speed, below which the axis is considered to be at a "standstill" and the pulses are cancelled. If this speed threshold is fallen below when the STOP B response has expired, then the higher-priority STOP A response is activated with pulse cancellation. MD 1356: $MD_SAFE_PULSE_DISABLE_DELAY must be observed. If the delay time expires before the speed drops below the limit set in the above data, then the drive pulses are prematurely cancelled. 1361 $MD_SAFE_VELO_STOP_MODE Stop response for safely-reduced speed Unit: - Default: 5 Minimum value: 0 Maximum value: 15 611 digital Relevant for: FD/MSD Data type: short integer Becomes effective: POWER ON Selects the STOP response when the safely reduced speed monitoring responds. = 0, 1, 2, 3, 4 corresponding to STOP A, B, C, D, E - is initiated when an error occurs = 5 means that the stop reaction can be configured for specific SGs in MD 36963/1363. 1362 $MD_SAFE_POS_STOP_MODE Stop response, safe limit position Unit: - Default: 2 Minimum value: 2 Maximum value: 4 611 digital Relevant for: FD/MSD Data type: short integer Becomes effective: POWER ON When the activated safe limit position 1 or 2 is passed, then the stop response specified in this data is initiated. = 2, 3, 4 corresponding to STOP C, D or E - is initiated when an error occurs. 1363 Unit: - 611 digital $MD_SAFE_VELO_STOP_REACTION[n] SG-specific stop response Default: 2 Minimum value: 0 Maximum value: 14 Relevant for: FD/MSD Data type: short integer 840D from SW4.2 Becomes effective: POWER ON The stop response programmed in this data is initiated when a selected limit value for safely-reduced speed 1, 2, 3 or 4 is exceeded. Significance of the field index: n = 0, 1, 2, 3 stands for SG1, SG2, SG3, SG4 Value = 0, 1, 2, 3, 4 corresponds to STOP A, B, C, D, E 4-250 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital This function is only active when MD 36961 and MD 1361 are set to 5. If a value not equal to 5 is entered, then the parameterized stop response from MD 1361 is valid and 1363 is not evaluated. 1370 $MD_SAFE_TEST_MODE 611 digital SI acceptance test mode Unit: - Default: 0 Minimum value: 0 Maximum value: 0xAC Relevant for: FD/MSD Data type: short integer 840D from SW 6.4.15 Becomes effective: Immediate Corresponds to the BTSS variables safeAcceptTestMode for NCK - signals the request for an acceptance test mode: 0: 0xAC: 1371 Request, exit the acceptance test mode, error acknowledgement Request, go into the acceptance test mode $MD_SAFE_TEST_STATE 611 digital Acceptance test status Unit: - Default: 0 Minimum value: 0 Maximum value: 0xAC Relevant for: FD/MSD Data type: short integer 840D from SW4.2 Becomes effective: ImmediateE Corresponds to the BTSS variables safeAcceptTestState for the NCK - signals the state of the drive regarding the acceptance test mode: 0: 0xC: 0xD: 0xF: 0xAC: 1380 Acceptance test mode inactive At least 1 active SI POWER ON alarm present when the system goes into the acceptance test mode Incorrect ID received in MD 1370 Acceptance timer has expired Acceptance test mode is active $MD_SAFE_PULSE_DIS_TIME_FAIL Time up to pulse cancellation Unit: ms Default: 0 Minimum value: 0 Maximum value: 800 611 digital Relevant for: FD/MSD Data type: float 840D from SW4.2 Becomes effective: Restart After the drive bus fails, the pulses must have been safely cancelled after this time has expired. 1390 $MD_SAFE_FIRMWARE_VERSION Firmware version SINUMERIK Safety Integrated Unit: - Default: - Minimum value: - Maximum value: - 611 digital Relevant for: FD/MSD Data type: long integer SW: 4.02/07 Becomes effective: Immediate The machine data is assigned each time the machine tool is powered up - irrespective of whether SINUMERIK Safety Integrated is selected or not. When a separate version ID for SI is displayed, the certification costs with the German Statutory Industrial Accident Insurance Association (BIA) are reduced as only software releases have to be registered that include changes. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-251 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 1391 1392 Unit: - 11.03 $MD_SAFE_DIAG_NC_RESULTLIST1 $MD_SAFE_DIAG_611digital_RESULTLIST1 Diagnostics, NC result list 1 Diagnostics, 611 digital result list 1 Default: Minimum value: 0 0 Maximum value: FFFF FFFF 611 digital Relevant for: FD/MSD Data type: Long integer Becomes effective: POWER ON This machine data is used to decode errors in result list 1. Bit No. Function Bit No. Function Bit No. Function Bit No. Function Bit 31 Bit 23 Bit 15 Bit 7 SG1 Bit 30 Bit 22 Bit 14 Bit 6 SG1 Bit 29 Bit 21 Bit 13 SG4 Bit 5 SE2 Bit 28 Bit 20 Bit 12 SG4 Bit 4 SE2 Bit 27 Bit 19 Bit 11 SG3 Bit 3 SE1 Bit 26 Bit 18 Bit 10 SG3 Bit 2 SE1 Bit 25 Bit 17 Bit 9 SG2 Bit 1 SBH Bit 24 Bit 16 Bit 8 SG2 Bit 0 SBH The bits assigned to SI functions have an identical status when there is no error, but have different states when there is an error. In the case of a difference between 1391 and 1392, an error has occurred in the SI function that is assigned to this bit. Example: MD 1391 = 0000 1556Hex = 0000 0000 0000 0000 0001 0101 0101 0110Binary MD 1392 = 0000 1557Hex = 0000 0000 0000 0000 0001 0101 0101 0111Binary --> Bit 0 is different --> error in the result cross-check of the safe operating stop (SBH function). Data that is relevant for the safe operating stop function must be checked in the NCK and drive channels. 1393 1394 Unit: - $MD_SAFE_DIAG_NC_RESULTLIST2 $MD_SAFE_DIAG_611digital_RESULTLIST2 Diagnostics, NC result list 2 Diagnostics, 611 digital result list 2 Default: Minimum value: 0 0 Maximum value: FFFF FFFF 611 digital Relevant for: FD/MSD Data type: Long integer Becomes effective: POWER ON This machine data is used to decode errors in result list 2. Bit No. Function Bit No. Function Bit 31 Bit 23 - Bit 30 Bit 22 - Bit No. Function Bit No. Function Bit 15 SN4 Bit7 SN2 - Bit 14 SN4 Bit6 SN2 - Bit 29 Bit 21 Cam modulo range Bit 13 SN4 + Bit5 SN2 + Bit 28 Bit 20 Cam modulo range Bit 12 SN4 + Bit4 SN2 + Bit 27 Bit 19 nx lower limit Bit 26 Bit 18 nx lower limit Bit 25 Bit 17 nx upper limit Bit 24 Bit 16 nx upper limit Bit 11 SN3 Bit 3 SN1 - Bit 10 SN3 Bit 2 SN1 - Bit 9 SN3 + Bit 1 SN1 + Bit 8 SN3 + Bit 0 SN1 + The bits assigned to SI functions have an identical status when there is no error, but have different states when there is an error. In the case of a difference between 1393 and 1394, an error has occurred in the SI function that is assigned to this bit. Example: MD 1393 = 0000 1547Hex = 0000 0000 0000 0000 0001 0101 0100 0111Binary MD 1394 = 0000 1557Hex = 0000 0000 0000 0000 0001 0101 0101 0111Binary --> Bit 4 is different --> error in result cross-check of safe cam (SN2 +). Data that is relevant for this cam must be checked in the NCK and drive channels. 4-252 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 1395 $MD_SAFE_STOP_F_DIAGNOSIS Diagnostics for STOP F Unit: - Default: 32 767 Minimum value: 0 Maximum value: 32 767 611 digital Relevant for: FD/MSD Data type: Short integer Becomes effective: Immediate The fine diagnostics for the following alarms is displayed in this data: for 840D Alarm 27001 "Defect in a monitoring channel" for 611 digital Alarm 300911 "Defect in a monitoring channel" For error code = 1: Evaluate fine error coding in MDs 1391 and 1392 For error code = 2: Evaluate fine error coding in MD 1393 and 1394 For SINUMERIK 840D, the error code is output together with the alarm display. Note The error code for stop F is shown in detail in Alarm 27001. 1396 $MD_SAFE_ACKN_WRITE 611digital User agreement Unit: Hexadecimal Default: 00 00 Minimum value: 00 00 Maximum value: FFFF Hex Relevant for: FD/MSD Data type: Binary Becomes effective: Immediate The user must input his agreement (acknowledgement) manually to change over the axis from the "axis referenced" (IS) state to the "axis safely referenced" (SGA) state. The user agreement does not have to be given when the axis is referenced again provided that the comparison of the standstill position and the "reference position", which is automatically made during power-up, produces a positive result. Bit 15 ... 0 = 00AC =0 1397 Meaning Agreement set Agreement not set $MD_SAFE_ACKN_READ 611digital 611 digital internal agreement Unit: Hexadecimal Default: 00 00 Minimum value: 00 00 Maximum value: FF FF Relevant for: FD/MSD Data type: Binary Becomes effective: Immediate Indicates that an axis is in the "axis safely referenced" state after user agreement has been issued. Bit 15 ... 0 = 00AC =0 1398 Meaning Agreement set Agreement not set $MD_SAFE_ACT_CHECKSUM Displays the checksum of the Safety Integrated machine data Unit: Default: 00 00 00 00 Minimum value: 00 00 00 00 Maximum value: FF FF FF FF 611digital Relevant for: FD/MSD Data type: Long integer Becomes effective: Immediate The actual checksum calculated after POWER ON over the actual values of the SI machine data is entered here. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-253 4 Data Descriptions 4.2 Machine data for SIMODRIVE 611 digital 11.03 If the actual checksum does not match the setpoint checksum in MD 1399: $MD_SAFE_DES_CHECKSUM, then the Alarm 300744 "Checksum error safe monitoring" is displayed. 1399 $MD_SAFE_DES_CHECKSUM Checksum of machine data for safety functions Unit: Default: 00 00 00 00 Minimum value: 00 00 00 00 Maximum value: FF FF FF FF 611digital Relevant for: FD/MSD Data type: Long integer Becomes effective: POWER ON This data contains the setpoint checksum of the actual values of the SI machine data that was saved during the last machine acceptance test. After POWER ON, the actual checksum is calculated, entered into MD 1398: $MD_SAFE_ACT_CHECKSUM and compared with the setpoint checksum in this data. If the values are not identical, data has either been changed or there is an error and Alarm 300744 "Checksum error safe monitoring" is displayed. 4-254 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.3 Interface signals 4.3 Interface signals The safety-relevant input and output signals (SGEs and SGAs) are signals that are sent to and received from the system via two channels: General * Via the NCK monitoring channel <--> NCK I/O devices <--> signal processing <--> NCK SGE/SGA interface <-> NCK-CPU * Via the drive monitoring channel <--> PLC I/O devices <--> signal processing via PLC <--> NC/PLC interface <-->drive CPU Note The SGEs/SGAs in the drive monitoring channel are mapped in an area of the NC/PLC interface (signals to/from drive) and must be supplied in the PLC user program. As a result of the two-channel structure of Safety Integrated, the machine manufacturer must supply the SGEs and SGAs in both the NCK monitoring channel and the drive monitoring channel. Unused SGEs must be set to a defined state. 4.3.1 Interface signals for SINUMERIK 840D Table 4-3 DB 31... Byte ... ... ... Interface signals for 840D Signals to/from drive Bit 7 Bit 6 Bit 5 22 23 Bit 3 Reserved Test stop Reserved Reserved Reserved Reserved SG selection Bit 1 Bit 0 SE- Reserved Selection Reserved Reserved Bit 3 Bit 2 33 Deselection ext. STOP_E SG override selection Bit 1 Bit 0 Bit 1 Bit 0 Reserved SBH- SBH/SG- DeDeselection selection Gear ratio selection Bit 2 Bit 1 Bit 0 Deselection ext. STOP_A Reserved Reserved Reserved Reserved Reserved Reserved Reserved "Pulses cancelled" status Reserved SBH/ SG active SGE (signals to drive) DeDeselection selection ext. ext. STOP_D STOP_C ... ... ... 108 Bit 2 ... ... ... Selection: 32 Bit 4 ... ... ... Axis safely referenced Reserved Reserved Reserved (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-255 4 Data Descriptions 4.3 Interface signals 11.03 109 110 111 Cam signals of plus and minus cams SN4 - SN4 + SN3 - Reserved Reserved n < nx STOP_D active (from SW4.2) STOP_C active STOP_C active SN3 + SN2 - SN2 + SGA (signals from drive) SG active (from SW4.2) SN1 - SN1 + SBH active Bit 1 Bit 0 Reserved STOP_A/B active Reserved Reserved (from SW4.2) Reserved Reserved Reserved Note: DB 31 / 32 / 33 ... contains the interface signals for axis/spindle 1 / 2 / 3 ... 4.3.2 Description of the interface signals Description of the signals sent to the monitoring channel SGE SBH/SG de-selection SBH de-selection These signals are used to select/deselect the SBH and SG functions. Table 4-4 Selection/de-selection of SBH and SG SGE SBH/SG de-selection =1 =0 SBH de-selection x =0 =0 =1 x: Signal state optional Meaning SBH and SG are deselected SBH is selected (refer to Chapter 3, "Safe operating stop (SBH)") SG is selected SGE status pulses cancelled (only for an axis) This signal provides the NC monitoring channel with feedback as to whether the pulses were cancelled during the test stop. SGE SG selection, bits 1, 0 By combining these signals, it is possible to select the speed limit value for SG1, 2, 3 or 4 when the SG function is activated. Tabelle 4-5 Selection of speed limit values for SG SGE SG selection SG selection Meaning Bit 1 Bit 0 =0 =0 Speed limit value for SG1 is selected =0 =1 Speed limit value for SG2 is selected =1 =0 Speed limit value for SG3 is selected =1 =1 Speed limit value for SG4 is selected 4-256 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 SGE gear ratio selection, bits 2, 1, 0 SGE SE selection SGE GE override bits 3, 2, 1, 0 (840D, from SW 4.2) SGE test stop selection 4 Data Descriptions 4.3 Interface signals The combination of these signals determines the selected gear ratio 1, 2, ... ,8. Table 4-6 Gear ratio selection SGE gear ratio selection Bit 2 Bit 1 Bit 0 Meaning 0 0 0 Gear stage 1 is selected 0 0 1 Gear stage 2 is selected 0 1 0 Gear stage 3 is selected ... ... 1 1 1 Gear stage 8 is selected SE1 or SE2 is selected when this SGE is activated and the SE function is active. 0 signal: SE1 is selected 1 signal: SE2 is selected 16 overrides for the limit value of safely-reduced speeds 2 and 4 can be defined using the SGEs. This means that the limit values for SG2 and SG4 can be more finely graduated. An override factor of between 1 and 100% can be assigned to the selected override via the following machine data: For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n] (override factor safely-reduced speed) For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n] This signal is used to initiate the shutdown path test for the drive monitoring channel. SGE Teststop-Anwahl Vorgang "Teststop lauft" 1 2 Timer und Prufung Vorgang "Impulse loschen" 3 SGA "Status Impulse sind geloscht" 1 Mit Setzen des Signals (1 PLC-Zyklus) wird das Loschen der Impulse gestartet. 2 Nach dem Starten des Teststops lauft ein Timer. Am Ende wird uber den SGA "Status Impulse sind geloscht" die Ausfuhrung des Teststops gepruft. 3 Die Signale werden vom System zuruckgesetzt. NST_01.DSF Fig. 4-1 Signal timing for SGE test stop selection (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-257 4 Data Descriptions 4.3 Interface signals 11.03 The sequence for "test stop external shutdown" is comparable with the sequence for test stop (refer to Chapter 3.1.3 Testing the shutdown paths). After selecting "test stop external shutdown", the SGA "enable pulse externally" is cancelled and a timer started with the value SGE test stop external shutdown (at axis only, SW 6.3 and higher) For 840D MD 36957: $MA_SAFE_PULSE_DIS_CHECK_TIME For 611 digital MD 1357: $MD_SAFE_PULSE_DIS_CHECK_TIME When the timer expires before a checkback signal for pulse cancellation is received, Alarm 27001 with code number 1010 is output. In addition, a STOP A is initiated for the drive and the pulses cancelled via the internal shutdown path. This state can only be exited with a POWER ON. The state of the active monitoring functions (SBH, SG, SE, SN) is not changed by the "test stop external shutdown". Test stop for external STOPs (840D, SW 4.4.18 and higher) This branch must also be subject to a forced-checking procedure due to the introduction of an additional possibility of activating STOP A, C, D and E (from SW 6.4.15 onwards) via SGEs. The test stop of external STOPs is divided into the following 2 phases: * Phase 1 The shutdown path is tested as always (refer to Chapter 3.1.3, "Testing shutdown paths"). The safe pulse cancellation is tested to ensure that it is functioning correctly. Successful completion of this phase is signaled as follows: - For the NCK monitoring channel: A positive checkback signal is returned in the form of a 0/1 edge from SGE "status, pulses cancelled". - For the drive monitoring channel: The positive checkback signal is displayed using the SGA "pulses are cancelled". * Phase 2 The correct functioning of the safe pulse cancellation was already separately tested for both channels in phase 1. Therefore, in this phase, it is sufficient to check the function of the SGE standstill requests. Procedure: All of the externally wired/used stopping SGEs are switched in both channels one after the other and the positive response evaluated via the associated SGA. Note Phase 2 only has to be performed if the function "external STOPs" has been enabled. Only the enabled and activated external standstill functions have to be tested. 4-258 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.3 Interface signals SGE De-select ext. STOP A "Pulse cancellation" can be requested and executed via this SGE from both monitoring channels. The safe functions currently active (SG/SBH/SN/SE) are not influenced by this SGE. If one of the limits currently active is violated an alarm is triggered. The associated switch-off response cannot be activated because the pulses have already been cancelled. As soon as the stop request is cancelled via the SGE "de-select ext. STOP A" any queued shutdown responses become active. If a stop request is active, SGA "STOP A/B is active" is set in the same way as it would be for an internally triggered STOP A. 0 signal: 1 signal: SGE De-select ext. STOP C "Pulse cancellation" is requested "Pulse cancellation" is not requested This SGE requests "braking with nset = 0" (braking at the current limit). When this stopping type is initiated, the safe braking ramp (SBR) is activated. In addition, the time set in MD36952/1352: $MA_/$MD_SAFE_STOP_SWITCH_TIME_C (transition time, STOP C to safe operating stop) is started. When this time has elapsed the system automatically changes over to SBH. If a stop request is active, SGA "STOP C is active" is set in the same way as it would be for an internally triggered STOP C. 0 signal: 1 signal: "Braking with nset = 0" is requested No request for "braking with nset = 0" Note Stopping with an external STOP A (pulse cancellation) has a higher priority and can interrupt an external STOP C (braking at the current limit). SGE De-select ext. STOP D "Braking along a path" can be requested via this SGE. When ext. STOP D is triggered, the time set via MD 36953/1353 $MA_/ $MD_SAFE_STOP_SWITCH_TIME_D (transition time, STOP D to safe operating stop) is started. When this time has elapsed the system automatically changes over to SBH. If a stop request is active, SGA "STOP D is active" is set in the same way as it would be for an internally triggered STOP D. 0 signal: "Braking along a path" is requested 1 signal: "Braking along a path" is not requested Note Stopping with an external STOP A (pulse cancellation) and external STOP C (braking at the current limit) have a higher priority and can interrupt an external STOP D (braking along a path). SGE De-select ext. STOP E (SW 6.4.15 and higher) STOP E only produces a different response than STOP D if the user has configured the ESR function (extended stop and retract) and the initiation of the ESR is programmed depending on $VA_STOPSI or $A_STOPESI. If no ESR is active, the STOP E behaves like a STOP D. However, if the ESR was (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-259 4 Data Descriptions 4.3 Interface signals 11.03 incorrectly configured, there is a delay up to the time $MC_ESR_DELAY_TIME1 and $MC_ESR_DELAY_TIME2 compared to STOP D until the braking operation is initiated. After these times have expired, braking is initiated at the current limit. An external STOP E in contrast to the other external stops, results in Alarm 27020, which can only be acknowledged with a reset. The program cannot be directly continued, since retraction from the desired contour was performed by the configured ESR. The reset required must also be taken into consideration for the test stop sequence. Description of signals from the monitoring channel SGA external pulse enable (from axis only) When internal pulse cancellation is used, the pulses are cancelled without using the NCK I/O for the drive module involved (currently only possible for 611D Performance 2 modules). If bit 30 is set in $MA_SAFE_PULSE_ENABLE_OUTPUT, the pulses are internally cancelled. SGA SBH/SG active This SGA is used by the drive monitoring channel to signal the status of the SBH and SG functions in the following way: 0 signal: SBH/SG is not active 1 signal: SBH/SG is active SGA enable pulses (from axis only) This SGA controls terminal 663 to enable signals for the drive. SGA status, pulses are cancelled (from drive only) After the shutdown path test has been initiated via the SGE "test stop selection" or if a limit-value is violated with a resulting STOP A response, this signal is output to indicate that the drive pulses have been internally cancelled (refer to Chapter 3 "Shutdown paths"). 0 signal: Pulses are enabled 1 signal: Pulses are cancelled SGA axis safely referenced SGA SN1+, SN1SN2+, SN2SN3+, SN3SN4+, SN4- 4-260 This SGA indicates whether the relevant axis/spindle is safely referenced (refer to Chapter 3.11.2, "Adjustment, calibration, axis states and previous history"). 0 signal: Axis is not safely referenced 1 signal: Axis is safely referenced These signals are used to indicate which plus or minus cam of cam pair 1, 2, 3 or 4 is "actuated". 0 signal: Axis/spindle is located to the left of the cam 1 signal: Axis/spindle is located to the right of the cam (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 SGA: SBH active (840D, from SW 4.2) 4 Data Descriptions 4.3 Interface signals This signal indicates the status of safe operating stop (SBH) (refer to Chapter 3, "Safe operating stop (SBH)"). 1 signal: SBH is active 0 signal: SBH is not active SGA STOP A/B is active This signal indicates that STOP A/B is active. The signal must be used for the forced checking procedure for external STOPs. (840D, from SW 4.4.18) 0 signal: 1 signal: SGA STOP C is active This signal indicates that STOP C is active. The signal must be used for the forced checking procedure for external STOPs. (840D, from SW 4.4.18) 0 signal: 1 signal: SGA STOP D is active This signal indicates that STOP D is active. The signal must be used for the forced checking procedure for external STOPs. (840D, from SW 4.4.18) 0 signal: 1 signal: SGA STOP E is active (840D, from SW 6.4.15) This signal indicates that STOP E is active. The signal must be used for the forced checking procedure for external STOPs. SGA n < nx (840D from SW4.2) This SGA indicates whether the absolute value of the actual speed is above or below a speed specified in the machine data. 0 signal: Otherwise: STOP A/B is not active STOP A/B is active STOP C is not active STOP C is active STOP D is not active STOP D is active STOP E is not active STOP E is active 1 signal: Actual speed is lower than the limit speed 0 signal: Actual speed is greater or equal to the limit speed (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-261 4 Data Descriptions 4.3 Interface signals 11.03 n nx t SGA "n < nx" 1 0 N_KL_NX.DSF Fig. 4-2 Signal n < nx, depending on the speed characteristic Application Only when the spindle has stopped (SGA "n < nx" = 0) is the chuck, for example, controlled. Defining limit speed nx The limit speed nx is defined using the following machine data: For 840D MD 36946: $MA_SAFE_VELO_X For 611 digital MD 1346: $MD_SAFE_VELO_X Note If the axis/spindle runs at nx, changes in the actual value in both monitoring channels of the SGA can cause the SGA "n < nx" to have different states. This must be taken into account in the safe further processing of the SGA. Description of the SGAs "SG active bit 1, 0" (840D from SW 4.2) The SGAs "SG active bit 1, 0" display which safely reduced speed and therefore which speed limit value is actively monitored. The SGAs are only updated when the function "SBH/SG" is enabled and SG is active (SGE "SBH/SG de-selection" = 0 and "SBH de-selection" = 1). Table 4-7 Display of the active safely-reduced speed SGA SG SBH/ SBH Meaning active SG active Bit 0 active =0 1 1 SBH is active (no safely-reduced speed active) =0 1 0 Speed limit value for SG1 active =1 1 0 Speed limit value for SG2 active =0 1 0 Speed limit value for SG3 active =1 1 0 Speed limit value for SG4 active =0 0 0 Neither SBH nor SG is active SG active Bit 1 =0 =0 =0 =1 =1 =0 Note: State "SG active Bit 1, 0" = "0" has two different meanings. An unambiguous interpretation can be obtained by additionally evaluating the SGAs "SBH active" and "SBH/SG active". 4-262 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.4 System variable 4.4 System variable 4.4.1 System variable for SINUMERIK 840D System variables Table 4-9 Overview of system variables System variables Meaning Value range Actual position $VA_IS[Achse] Safe actual position for Safety Integrated Actual position for closed-loop control $AA_IM[Achse] Encoder actual value in machine $VA_IM[Achse] coordinate system Internal inputs/outputs NCK input $A_INSI[n] $A_INSID[n] $A_INSIP[n] $A_INSIPD[n] $A_OUTSI[n] NCK inputs Image of the PLC input Image of the PLC-SPL inputs from the drive monitoring channel NCK output NCK outputs Image of the PLC output Image of the PLC-SPL outputs from the drive monitoring channel External inputs/outputs NCK input $A_INSE[n] $A_OUTSID[n] $A_OUTSIP[n] $A_OUTSIPD[n] $A_INSED[n] $A_INSEP[n] NCK inputs Image of a PLC-SPL input from the PLC hardware I/O $A_INSEPD[n] Image of PLC-SPL inputs from the PLC hardware I/O NCK output $A_OUTSE[n] $A_OUTSED[n] $A_OUTSEP[n] NCK outputs Image of a PLC-SPL output from the PLC hardware I/O $A_OUTSEPD[n] Image of PLC-SPL outputs to PLC hardware I/O Markers and timers $A_MARKERSI[n] $A_MARKERSID[n] $A_MARKERSIP[n] Markers Markers (from SW 4.4.18) Image of the PLC markers n = 1, 2, ... 64 stands for No. of input n = 1,2 n = 1,2, ...64 n = 1,2 n = 1, 2, ... 64 stands for No. of output n = 1,2 n = 1, 2, ... 64 n = 1,2 n = 1, 2, ... 64 stands for No. of input n = 1,2 n = 1, 2, ... 64 stands for No. of input n = 1,2 n = 1, 2, ... 64 stands for No. of output n = 1,2 n = 1, 2, ... 64 stands for No. of output n = 1,2 Data type Possible access for Part Synchr. program action l s l s DOUBLE x x DOUBLE DOUBLE x x x x BOOL x x INT BOOL INT x x x x x x BOOL x x x x INT BOOL INT x x x x x x x x BOOL x x INT BOOL x x x x INT x x BOOL x x x x INT BOOL x x x x x x INT x x n = 1, 2, ... 64 stands for No. of marker n = 1, 2 BOOL x x x x INT x x x x n = 1,2, ...64 BOOL x (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 x 4-263 4 Data Descriptions 4.4 System variable 11.03 System variables Meaning Value range Data type $A_MARKERSIPD[n] Image of PLC the markers (from SW 4.4.18) n = 1, 2 INT Possible access for Part Synchr. program action l s l s x x $A_TIMERSI[n] Timer REAL x $A_STATSID Crosswise data comparison error initiated if the value is not equal to 0 INT x $A_CMDSI 10-fold change timer timeout value for long forced checking procedure pulses and/or single-channel test stop logic. Crosswise data comparison stack level display: Number of signals for which NCK and PLC detect different signals n = 1, 2...16 stands for No. of timer n = 0 Error not triggered n = 1 Error triggered Bit 0 = 0 10-fold time active 0...320 BOOL x INT x $A_LEVELSID x x x x x x x x Note: l -> read, s -> write An implicit preliminary stop is generated Only permitted in the commissioning phase 4-264 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.4 System variable System variables from SW 6 System variables Meaning Value range Data type Possible access for Part Synchr. program action l s l s Actual position $A_XFAULTSI (from SW 6.4.15) 0: [0,3] INT x x [0,3] INT x x [-1,11] INT x x [0,MAX_INT] INT x x [FALSE, TRUE] BOOL x x [FALSE, TRUE] BOOL x x $VA_XFAULTSI[axis] (from SW 6.4.15) $VA_STOPSI (from SW 6.4.15) $VA_STOPESI (from SW 6.4.15) $A_PLCSIIN (from SW 6.3.30) $A_PLCSIOUT (from SW 6.3.30) In the crosswise data comparison between NCK and 611D of any axis, an actual-value error has been detected 1: In the crosswise data comparison between NCK and 611D of any axis, an error was detected and the delay time until STOP B is initiated in this axis is running or has already expired. 0: For a crosswise data comparison of this axis between NCK and 611D, an actual value error has been detected 1: In the crosswise data comparison between NCK and 611D of any axis, an error was detected and the delay time until STOP B is initiated in this axis is running or has already expired. Actual Safety Integrated stop of relevant axis -1: No stop 0: Stop A 1: Stop B 2: Stop C 3: Stop D 4: Stop E 5: Stop F 10: Test stop 11: Test, external pulse cancellation Actual Safety Integrated Stop E for any axis 0: No stop Otherwise: For one of the axes, a Stop E is present Single-channel direct communication between NCK and PLC-SPL. Signals can be written by the PLC and read by the NCK. Single-channel direct communication between NCK and PLC-SPL. Signals can be read by the PLC and written by the NCK. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-265 4 Data Descriptions 4.4 System variable 4.4.2 11.03 Description of the system variables The safe actual value, used by SI, can be read and further processed from the NC part program for every axis/spindle. System variable $VA_IS Example: When an NC part program is started, Safety Integrated checks whether axis X would move into the vicinity of shutdown limits as a result of the zero offsets when a program is processed. The part program can be programmed as follows, for example: IF ($VA_IS[X] < 10000) GOTOF POS_OK MESG ("Axis has nearly reached limit switch!") POS_OK: ... ; if actual value too high, ; then message, ; otherwise, continue here The variable can also be used in synchronous actions in order to reduce the override when the axis is nearly at the limit switch. Difference between $VA_IS and $AA_IM Both variable $VA_IS and variable $AA_IM can be used to read actual values. Table 4-60 Variable $VA_IS $AA_IM References: System variables $A_XFAULTSI and $VA_XFAULTSI Difference between $VA_IS and $AA_IM Meaning Reads the actual value used by Safety Integrated Reads the actual value (setpoint of position closed-loop control) used by the closed-loop control /PGA/, Programming Guide, Production Planning Reading actual value crosswise data comparison errors using system variables If a crosswise data comparison between NCK and 611 digital detects errors, the response is determined by the current operating state: * SBH, SG, SE or SN active: After a Stop F, a crosswise data comparison error leads to a Stop B, which initiates the fastest possible braking of the axis. Then a Stop A is initiated and the pulse enable is cancelled. * SBH and SG are not active and SE/SN are not used or Stop C/D/E has already been activated: In this case, a Stop F due to a crosswise data comparison error does not result in any further action - only Alarm 27001 is output that provides information. Processing then continues. This chain of responses is not altered to ensure personnel safety. To allow responses to a crosswise data comparison error, a new system variable $A_XFAULTSI is introduced and indicates that a crosswise data comparison error has occurred on any of SI axes. Retraction can then be initiated as a response to this system variable. An axis-specific system variable $VA_XFAULTSI[<Axis name>] is also introduced so that, if necessary, axis-specific responses can be configured for particular applications. 4-266 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 4 Data Descriptions 4.4 System variable The system variables are only set as reference if crosswise data comparison errors occur. The system variables are updated whether or not the SI monitoring functions are active or not active. The Stop F error codes that result in the system variables being set are listed in Chapter 4.4. System variable $VA_STOPSI Axial system variable that contains the current stop. In the case of a value of 2, a Stop E is active for this axis. System variable $A_STOPESI Global system variable that uses a value not equal to 0 to indicate that a Stop E is active on one of the axes. System variables $A_INSI[1...64] The status signals of the NCK monitoring channel in the NCK-SPL can be used via these system variables. Each of the system variables $A_INSI[1...64] can be assigned any safety-relevant output signal or the AND operation of several signals via axial MD $MA_SAFE_xxx_OUTPUT. These system variables can only be read by the user program. Parameterizing example - $MA_SAFE_CAM_PLUS_OUTPUT[0] = 04010101H => SGA "Cam 1+" can be evaluated in the SPL via system variable $A_INSI[1]. For a precise description of MD parameterization refer to Chapter 4, "Machine data for SINUMERIK 840D". Programming example: ; Copying an SGA from the internal SPL interface ; into the external SPL interface (NCK I/O) N1010 IDS = 01 DO $A_OUTSE[1] = $A_INSI[1] These system variables can only be read by the user program. System variables $A_INSID[1,2] The status signals of the NCK monitoring channel in the NCK-SPL can be evaluated double-word-serial via this system variable: $A_INSID[1] corresponds to $A_INSI[1...32] $A_INSID[2] corresponds to $A_INSI[33...64] These system variables can only be read by the user program. System variables $A_OUTSI[1...64] The control signals of the NCK monitoring channel can be addressed from the NCK-SPL via these system variables. Each of the system variables $A_OUTSI[1...64] can be assigned any one or several safety-relevant input signals simultaneously via the axial MD $MA_SAFE_ xxx_INPUT. Parameterizing example - $MA_SAFE_VELO_SELECT_INPUT[0] = 04010204H => SGE "SG selection, bit0" is controlled in the SPL via system variable $A_OUTSI[36]. Programming example: ; SGA "Cam 1+" (see above) controls SG selection ; N1020 IDS = 02 DO $A_OUTSI[36] = $A_INSI[1] (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-267 4 Data Descriptions 4.4 System variable 11.03 These system variables can be read and written by the user program. System variables $A_OUTSID[1,2] The control signals of the NCK monitoring channel in the NCK-SPL can be addressed double-word-serial via these system variables: $A_OUTSID[1] corresponds to $A_OUTSI[1...32] $A_OUTSID[2] corresponds to $A_OUTSI[33...64] These system variables can be read and written by the user program. System variables $A_INSE[1...64] Up to 64 external control signals can be used in the NCK-SPL via these system variables. The status of one byte of an NCK I/O input module can be assigned to a block of eight system variables via MD $MN_SAFE_IN_HW_ASSIGN[0...7]. $MN_SAFE_IN_HW_ASSIGN[0] $MN_SAFE_IN_HW_ASSIGN[1] $MN_SAFE_IN_HW_ASSIGN[2] $MN_SAFE_IN_HW_ASSIGN[3] $MN_SAFE_IN_HW_ASSIGN[4] $MN_SAFE_IN_HW_ASSIGN[5] $MN_SAFE_IN_HW_ASSIGN[6] $MN_SAFE_IN_HW_ASSIGN[7] -> -> -> -> -> -> -> -> $A_INSE[1...8] $A_INSE[9...16] $A_INSE[17..24] $A_INSE[25..32] $A_INSE[33..40] $A_INSE[41..48] $A_INSE[49..56] $A_INSE[57..64] For a precise description of MD parameterization refer to Chapter 4, "Machine data for SINUMERIK 840D". The user program can only read these system variables. System variables $A_INSED[1,2] The external control signals can be evaluated double-word-serial in the NCKSPL via these system variables: $A_INSED[1] corresponds to $A_INSE[1...32] $A_INSED[2] corresponds to $A_INSE[33...64] The user program can only read these system variables. System variables $A_OUTSE[1...64] Up to 64 external status signals can be addressed by the NCK-SPL via these system variables. The status of eight system variables can be copied to an NCK I/O output module via MD $MN_SAFE_OUT_HW_ASSIGN[0...7]. $MN_SAFE_OUT_HW_ASSIGN[0] $MN_SAFE_OUT_HW_ASSIGN[1] $MN_SAFE_OUT_HW_ASSIGN[2] $MN_SAFE_OUT_HW_ASSIGN[3] $MN_SAFE_OUT_HW_ASSIGN[4] $MN_SAFE_OUT_HW_ASSIGN[5] $MN_SAFE_OUT_HW_ASSIGN[6] $MN_SAFE_OUT_HW_ASSIGN[7] <<<<<<<<- $A_OUTSE[1...8] $A_OUTSE[9...16] $A_OUTSE[17..24] $A_OUTSE[25..32] $A_OUTSE[33..40] $A_OUTSE[41..48] $A_OUTSE[49..56] $A_OUTSE[57..64] For a precise description of MD parameterization refer to Chapter 4, "Machine data for SINUMERIK 840D". These system variables can be read and written by the user program. 4-268 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 System variables $A_OUTSED[1,2] 4 Data Descriptions 4.4 System variable The external status signals can be addressed double-word-serial from the NCK-SPL via these system variables: $A_OUTSED[1] corresponds to $A_OUTSE[1...32] $A_OUTSED[2] corresponds to $A_OUTSE[33...64] These system variables can be read and written by the user program. System variables $A_MARKERSI[1...64] Up to 64 status bits of the SPL can be flagged via these system variables. The markers are read and written directly in the NCK-SPL. Programming example: N1030 IDS = 03 DO $A_MARKERSI[2] = $A_OUTSI[1] AND $A_INSE[2] N1040 IDS = 04 DO $A_OUTSE[1] = $A_MARKERSI[2] System variables $A_MARKERSID[1,2] The SPL status bits can be addressed word-serial via these system variables. System variables $A_TIMERSI[1...16] Up to sixteen timer stages can be programmed using these system variables. System variable $A_STATSID This system variable can be used in the NCK-SPL to evaluate whether, in the crosswise data comparison between NCK and PLC, an error was detected in the two-channel control/processing of the control and status signals. This gives the user the opportunity to respond to this error with special synchronous actions. $A_MARKERSID[1] corresponds to $A_MARKERSI[1...32] $A_MARKERSID[2] corresponds to $A_MARKERSI[33...64] Programming example: ; Set marker once after two seconds, reset ; timer value and stop timer. N1050 IDS = 05 WHENEVER $A_TIMERSI[1] > 2.0 DO $A_TIMERSI[1] = 0.0 $A_TIMERSI[1] = -1.0 $A_MARKERSI[2] = 1 Programming example: ; For crosswise data comparison error, set the ext. output N1060 IDS = 06 WHENEVER $A_STATSID <> 0 DO $A_OUTSE[1] = 1 The user program can only read this system variable. System variable $A_CMDSI[1] The system variable can be used to increase the time up to 10 s for the signal change monitoring in the crosswise data comparison between NCK and PLC. This extension is used, among other things, to carry-out the test stop function that must be separately perform for the NCK and drive monitoring channel. Signal differences between the NCK and PLC system variables up to a period of 10s are tolerated without Alarm 27090 being output. This system variable can be read and written by the user program. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-269 4 Data Descriptions 4.4 System variable 11.03 System variable $A_LEVELSID This system variable is used to display the stack level of the signal change monitoring in the crosswise data comparison between NCK and PLC. This variable indicates the current number of signals to be checked by the crosswise data comparison function. Commissioning SPL Images of the PLC-SPL interface and markers are provided to make it easier to commission the SPL. Access to these variables is no longer allowed in the final NCK-SPL program, i.e. they are only permitted in the commissioning phase! System variables $A_INSIP[1...64] Images of the PLC-side internal SPL input signals (status signals from the drive monitoring channel) can be read via these system variables. Associated DB18 values: System variables $A_INSIPD[1,2] Images of the PLC-side internal SPL input signals (status signals from the drive monitoring channel) can be read double-word-serial (32bit) via these system variables. Associated DB18 values: System variables $A_OUTSIP[1...64] DB18.DBD38, DBD42 Images of the PLC-side external SPL output signals (status signals from the PLC-SPL) can be read via these system variables. Associated DB18 values: 4-270 DB18.DBX38.0 ... DBX45.7 Images of the PLC-side external SPL input signals (control signals to the PLCSPL) can be read double-word-serial (32bit) via these system variables. Associated DB18 values: System variables $A_OUTSEP[1...64] DB18.DBD62, DBD66 Images of the PLC-side external SPL input signals (control signals to the PLCSPL) can be read via these system variables. Associated DB18 values: System variables $A_INSEPD[1,2] DB18.DBX62.0 ... DBX69.7 Images of the PLC-side internal SPL output signals (control signals to the drive monitoring channel) can be read double-word-serial (32bit) via these system variables. Associated DB18 values: System variables $A_INSEP[1...64] DB18.DBD54, DBD58 Images of the PLC-side internal SPL output signals (control signals to the drive monitoring channel) can be read via these system variables. Associated DB18 values: System variables $A_OUTSIPD[1,2] DB18.DBX54.0 ... DBX61.7 DB18.DBX46.0 ... DBX53.7 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 System variables $A_OUTSEPD[1,2] 4 Data Descriptions 4.4 System variable Images of the PLC-side external SPL output signals (status signals from PLCSPL) can be read double-word-serial (32bit) via these system variables. Associated DB18 values: DB18.DBD46, DBD50 System variables $A_MARKERSIP[1..64] Images of the PLC-side SPL markers can be read via these system variables. System variables $A_MARKERSIPD[1,2] Images of the PLC-side SPL markers can be read double-word-serial (32bit) via these system variables. Associated DB18 values: Associated DB18 values: DB18.DBX70.0 ... DBX77.7 DB18.DBD70, DBD74 System variable $A_PLCSIIN Direct single-channel communications between NCK and PLC-SPL. Signals can be written by the PLC and read by the NCK. System variable $A_PLCSIOUT Direct single-channel communications between NCK and PLC-SPL. Signals can be read by the PLC and written by the NCK. General information about system variables $A_xxxP(D) The system variables are updated in the same clock cycle as the crosswise data comparison between the NCK and the PLC. These system variables can only be accessed reading. These system variables may only be used in the commissioning phase. As soon as commissioning has been signaled as completed, access to these system variables is disabled. If these program commands are processed, this is indicated as an error with Alarm 17210. Note Write access operations to all named system variables $A_OUT..../$A_MARKER... and $A_TIMERSI is only possible from the program saved in program file /_N_CST_DIR/_N_SAFE_SPF reserved for the SPL. Access operations from other programs are flagged as an error with Alarm 17070. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-271 4 Data Descriptions 4.4 System variable 11.03 Notes 4-272 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.1 Commissioning SINUMERIK 840D 5 Commissioning 5 5.1 Commissioning SINUMERIK 840D ............................................................. 5-275 5.1.1 Commissioning procedure .................................................................... 5-275 5.1.2 First commissioning .............................................................................. 5-276 5.1.3 Series commissioning........................................................................... 5-279 5.1.4 Upgrading software .............................................................................. 5-280 5.1.5 Changing data ...................................................................................... 5-280 5.2 Acceptance report....................................................................................... 5-282 5.3 Conventional acceptance test ..................................................................... 5-286 5.4 NCK acceptance test support ..................................................................... 5-288 5.4.1 Scope of the test list ............................................................................. 5-289 5.4.2 Internal mechanisms to support the test procedure .............................. 5-290 5.4.3 Trace techniques .................................................................................. 5-292 5.4.4 Basic operating information and instructions ........................................ 5-293 5.5 Diagnostics ................................................................................................. 5-294 5.5.1 Troubleshooting procedure................................................................... 5-294 5.5.2 Diagnostics support by configuring your own extended alarm text........ 5-298 5.5.3 Servo trace bit graphics for Safety Integrated ....................................... 5-301 5.5.4 Bit graphics for SI signals in the servo trace ......................................... 5-304 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-273 5 Commissioning 5.1 Commissioning SINUMERIK 840D 11.03 Note The function "safe software limit switch" (SE) is also called "safe limit position" and the function "safe software cams" (SN) is also called "safe cams". Note If SI functions SH, SBH and SG have been enabled, then they become operational after the control system has run-up (basic display on screen). Cam and limit positions can be evaluated reliably for the SN and SE functions once the axes have been "safely" referenced. ! 5-274 Caution Protection of operating personnel must be the primary consideration when configuring machine data for SINUMERIK Safety Integrated(R). This is this reason that the parameterizable tolerances, limit values and delay times should be determined and optimized during the commissioning phase dependent on the machine design and arrangement. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.1 Commissioning SINUMERIK 840D 5.1 Commissioning SINUMERIK 840D 5.1.1 Commissioning procedure Configuring safetyrelevant functions In order to commission the SI functions, the "Start-up\machine configuration" display must be selected in the basic control display using the STARTUP softkey. For example, the following screen is displayed: MPF.DIR JOG AUTO MPF.DIR MPF.DIR AUTO JOG MAR.MPF TEST.MPF CHAN1 Start-up Parameter CHAN1 Dienste Diagnose MAR.MPF Kanal aktivreset Channel angehalten: Programm abgebrochen: Program aborted Programm lSuft aktiv Kanal RESET ROV SKP DAY ROV ROV SBL2 LCD brighter T-Nr. MMC-Alarm MO1 DRF PRT FST FST quittieren LCD T-Nr.darker - Standard-Maschine: Achse X1 Istgeschwindigkeit Alarmgrenze 25030 Programme/Daten Werkzeugkorrekturdaten Machine configuration Name Alarme MMC MMC_1 Diagnose Typ LSnge Datum Freigabe Change DIR1 10.04.95 X D-Nr. Nr.T-Nummer Datum Lsch. Text D-Nummer Schneidenanzahl 1 1 language + 10.04.95 DIR X Werkzeugtyp 100 Datenhaltung 25030 02.01.96 Standard Maschine: Achse AlarmgrenzeChannel Machine axis 1 Dialog-Programmierung Drive 10.04.95 Schneidenlage DIR XI Istgeschwindigkeit X V24 10.04.95 X DIR Index 11:10:50 NameDP-Anwenderbilder Type Number Type NCK Geometrie Verschlei Basis Stop D-Nr. 10.04.95 DIR X DP-Werkzeuge Reset LSngenkorrektur GP-Makros DIR 0.000 10.04.95 X 0.000 mm 1 : PG 1X 1 LSnge Linear axis 6 VSA 10.04.95 0.000 0.000 mm DIR 0.000 LSnge 2 X1 DP-Hilfe : Lschen 0.000 0.000 mm LSnge 3 : DIR 0.000 X 10.04.95 DP-Basisinfo 2 Y1 Radiuskorrektur 3 Radius Z1 DP7.18.res 4 DPR.17.res A1 DP9.18.res DP10,19.res DP11,20.res Linear axis : System LSngenkorrektur Current access level manufacturer Festplatte: Freiwinkel 0.000 Freier Speicher: DP25.res : : 0.000 Machine WerkzeugAlarme data Daten ein korrektur Fig. 5-1 User P-Para- DIR DIR DIR DIR MDN DIR DIR DIR Technologie-Speicher HSA-Daten : 0.000 Linear axis MBDDE-Alarmtexte 0.000 Teileprogramme 0.000 : Spindle 0.000 : NC_Daten 0.000 : OEM-Daten 0.000 : Unterprogramme Daten aus Meldungen views meter NC Setting SerienAlarmDaten IBN protokoll 7 0.000 10 0.000 0.000 14 0.000 0.000 0.000 VSA 10.04.95 1 X 10.04.95 mm VSA 10.04.95 X 1 X 10.04.95 HSA 10.04.95 10.04.95 10.04.95 10.04.95 X 1 Grad 355.565.568 PLC Nullpkt. Daten ServiceVerschieb verwalten anzeigen Drives Anwender- Protokoll PLCServo daten Status NCU: MMC DatenAuswahl Password... Suchen Archiv X X X X Neue Schneide 2 i EXIT Systemeinstellungen DeNeues activate Werkzeug Tool WerkzeugSchnittmanagem. verwaltung stelle Example of display for "Start-up\Machine configuration" on 840D An NCK RESET can be executed in this display. The softkey "MACHINE DATA" must be selected to allow SI data to be entered. To copy and confirm SI data, select the softkey labeled DRIVE CONFIG. to call the appropriate display. The following screenshot is an example of this display: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-275 5 Commissioning 5.1 Commissioning SINUMERIK 840D Fig. 5-2 11.03 Example of display for "Start-up\Drive configuration" on 840D Softkey COPY SI DATA When the softkey is pressed, all NC machine data, relevant for the SI functions, is transferred into the appropriate drive machine data. The commissioning engineer must separately enter the SI machine data to define the encoder mounting relationships separately for the NCK and drive. The copy function cannot be used to transfer the drive machine data marked in the Table "Machine data for SIMODRIVE". The boot files are automatically saved after data has been copied. Softkey CONFIRM SI DATA After an NCK RESET and the current checksum is saved by selecting the softkey labeled CONFIRM SI DATA in the "Drive configuration" display and acknowledging the following dialog box with "OK". From now on the SI data will be monitored for changes. The boot files are automatically saved after being acknowledged. 5.1.2 First commissioning It is advisable to commission the machine so that at least the axes can be moved. The safety monitoring functions can then be immediately tested after SI data has been entered. This type of test is absolutely essential in order to detect any data entry errors. This test is referred to as the "acceptance test". The following steps must be taken in the specified sequence to commission SI functions: Step 1 Enable option 5-276 Enable option (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Step 2 Monitoring cycle 5 Commissioning 5.1 Commissioning SINUMERIK 840D * Basic "start-up" display: Set the password (at least machine manufacturer password) by selecting softkeys PASSWORD\SET PASSWORD * "General machine data" display: Enter the number of axes for which safety monitoring functions need to be activated in the option machine data. Enter the monitoring clock cycle * "General machine data" display: Enter the factor for the monitoring clock cycle in data $MN_SAFETY_SYSCLOCK_TIME_RATIO (refer to Chapter 2, "Safety monitoring cycle and crosswise comparison cycle"). * The actual monitoring time is immediately displayed in data $MN_INFO_SAFETY_CYCLE_TIME. Note Before you perform an NCK RESET, you must copy the current monitoring clock cycle to machine data $MD_SAFETY_CYCLE_TIME of the drive by selecting softkey COPY SI DATA in the "Drive configuration" display. Step 3 Set axis monitoring Set the monitoring function for all of the axes to be safely monitored. Enter the following in the specified sequence in the "axis-specific machine data" display * Function enabling bits * Axis characteristics (rotary or linear axis) * Measuring-circuit assignment, i.e. which encoder will supply the "safety" actual value, what type of encoder it is and how it is mechanically flanged. * For rotary axes, an NCK RESET must be given. * Monitoring limits and tolerances * Changeover and monitoring times * Stop responses after a monitoring function has responded * Assignment of safety-relevant inputs and outputs, i.e. which hardware terminals are supplying the drive signals for the NC monitoring channel and where are the checkback and cam signals being sent (the PLC accepts this link for the drive monitoring channel, i.e. there are no corresponding drive machine data). Recommendation: The software switches should be set closer together while the system is being commissioned. Step 4 Actual value and measuring circuit assignment Assign measuring circuits and actual values to axes/spindles * Select the softkey labeled COPY SI DATA in the "Drive configuration" display (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-277 5 Commissioning 5.1 Commissioning SINUMERIK 840D Step 5 Acknowledge/save monitoring data Step 6 User agreement Step 7 Machine commissioning Step 8 Acceptance test 5-278 11.03 * Enter the measuring circuit assignment, i.e. which encoder will supply the safe actual value - the type of encoder being used and how it is mechanically flange mounted - for each drive in the "FD machine data" or "MSD machine data" display. For ERN 1387 encoders, this step is not required; for EQN 1325 encoders, only the data for the absolute encoder has to be set. At the same time, the data, copied using the softkey, can be subject to a visual check. * If you alter anything in the "FD or MSD" display, select the softkey SAVE BOOTFILES to transfer the setting to the non-volatile memory. * Carry-out an NCK RESET. Acknowledge and save the monitoring data * Press the CONFIRM SI DATA softkey in the "Drive configuration" display A dialog box describing the function of the softkey then appears. Select OK to acknowledge the box. The actual checksum of the safety-relevant data is then saved in both monitoring channels and monitored for changes from this point onwards. Drive data is also automatically saved to a non-volatile memory (as with SAVE BOOTFILES). A dialog box is now displayed on the screen requesting you to perform an acceptance test. You must acknowledge the box. * The safety monitoring functions are now ready to be used and can be activated as described in Chapter 2, "Monitoring clock cycle and crosswise data comparison clock cycle". Enter a user agreement (refer to Chapter 2, "User agreement") * The safe limit positions and safe cams are now activated (provided that they have been enabled, refer to Chapter 2, "Enabling safety-relevant functions"). This step can be omitted if you do not wish to use either of these functions. * Key-operated switch position 3 must be set for "User agreement". Carry-out general machine tests. * Optimize the axes/spindle. * Adjust SI functions (monitoring limits, timers). Carry-out the acceptance test and enter in the logbook. * A function test must be carried-out for all of the enabled safe monitoring functions for each axis/spindle. For suggestions on how to test activated SI functions, please refer to Chapter 5, "Acceptance test" and "Acceptance report" (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.1 Commissioning SINUMERIK 840D Step 9 Re-activate standard monitoring functions All standard monitoring functions (e.g. zero-speed monitor, software limit switches) that were de-activated or altered for the purpose of the acceptance test must now be re-activated/returned to original settings. Step 10 Save machine data Save machine data. Use the SERVICES\DATA OUTPUT softkeys to save all machine data to an external computer or the hard disk in the MMC. This data can be used to commission series equipment. * In order to carry-out series commissioning, the machine data of the NCK and drive must be available as separate data sets (the softkey COPY SI DATA may not be used for the purpose of commissioning series equipment). Caution ! On completion of the acceptance text, all illegal (old) MD files must be removed from the hard disk (to avoid confusion between old and new data). The data that corresponds to the acceptance test data must be backed-up (archived). Step 11 Delete password 5.1.3 * Delete password . To delete the password, go to the screen "Start-up\Machine configuration" and select the vertical softkey labeled PASSWORD...\DELETE PASSWORD. Series commissioning The settings for the safety monitoring functions are automatically transferred with other data in the course of a normal series commissioning process. The following steps need to be taken in addition to the normal commissioning procedure: 1. Enter a user agreement 2. Carry-out an acceptance test (individual monitoring functions must be randomly tested). Note When series machines are commissioned, two separate data sets for the drive and NCK must be downloaded into the control system. The copy function may be used after machine data have been altered. Sequence of operations for series commissioning The following sequence of operations makes sense when commissioning series equipment: * Download the data set for the series machine (separate sets for NCK and drive) into the control system. * Adjust the absolute encoder * Carry out a POWER ON. This ensures that any errors, i.e. deviations in data content that may exist between the NCK and drive will be detected by the checksum check and crosswise data comparison. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-279 5 Commissioning 5.1 Commissioning SINUMERIK 840D 11.03 The data must be checked if an error is detected. If an error is not detected, then data has not been changed and is identical to the acceptance test data. The copy function may be used if data is subsequently altered. 5.1.4 Carry-out random function tests. The tests are required for acceptance of the new machine. * Set special features When special features are set, each altered safety data must be checked. The copy functions may be used. Upgrading software Important ! 5.1.5 * Please carefully read the instructions in the relevant Update Guide before updating the software. Changing data The user must enter the correct password before he can transfer the machine data for SI functions to the system. After data for SI functions has been altered, a new acceptance test must be carried-out on the SI function(s) involved and then recorded and confirmed in the acceptance report. Change report Changes made to NCK machine data important for Safety Integrated are recorded in a display data. These change times are displayed in axial MD 36996: $MA_SAFE_CONFIG_CHANGE_DATE[0...4]. This MD can neither be overwritten by manual entry nor by loading an MD archive. It can only be deleted by running-up the control from the general reset mode (switch position 1). After the control has been run-up from the general reset mode, nothing is displayed in the MD. 36996: SAFE_CONFIG_CHANGE_DATE[0] 25/08/98 17:35:23 This data is updated when the following changes are made to the NCK machine data: 5-280 * Activation of an altered safety MD configuration (NCK safety MD have been changed and confirmed by correction of $MA_SAFE_DES_CHECKSUM). * Alteration of MD $MA_SAFE_FUNCTION_ENABLE from values not equal to zero to zero, or from zero to values not equal to zero. These changes mean that the safety functionality of an axis are completely enabled/ disabled. Other changes to MD $MA_SAFE_FUNCTION_ENABLE always change MD $MA_SAFE_ACT_CHECKSUM, which themselves have to be acknowledged by changes to MD $MA_SAFE_DES_CHECKSUM. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Limitations 5 Commissioning 5.1 Commissioning SINUMERIK 840D * Changes to MD $MA_SAFE_FUNCTION_ENABLE by limiting the safety option. If the scope of axial safety functions is enabled for more axes than are set in the safety option data, the function enable are automatically cancelled again for the excess number of axes when the control runs-up. * Loading an MD archive that is different to the NCK MD set currently active * Upgrade (corresponds to downloading an MD archive) * Series commissioning (corresponds to downloading an MD archive). Changes to the MD configuration are only noted when the change becomes active, i.e. after altering MD $MA_SAFE_DES_CHECKSUM and subsequent power on. This MD is calculated, effective immediately, also for axes that were not released for Safety Integrated. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-281 5 Commissioning 5.2 Acceptance report 11.03 5.2 Acceptance report The machine manufacturer must perform an acceptance test of the activated SI functions on the machine. This test must provoke that all of the limit values are violated for the enabled SI functions to ensure that they are operating correctly. Note Some of the standard NC monitoring functions, such as zero speed monitoring, software limit switches, etc. must be de-activated (monitoring limits must be made less sensitive) before the acceptance test is carried out. The function sequences can be acquired and listed using the servo trace function (840D, from SW 4.2 onwards) or using the D/A converter output. References /IAD/, SINUMERIK 840D Installation & Start-Up Guide Note If the machine data of SI functions are changed, a new acceptance test must be carried-out for the modified SI function and recorded in the acceptance report. Authorized person, acceptance report All SI functions must be acceptance-tested by an authorized person and the test results recorded in a test report. The report must be signed by the person who carried-out the acceptance tests. The acceptance test report must be kept in the logbook of the particular machine. After the SPL has been commissioned the access rights for the NCK-SPL (SAFE.SPF) via the HMI interface must be reduced to the manufacturer or service level and documented in the acceptance report. Authorization in the above sense is a person authorized by the machine manufacturer who on account of his or her technical qualifications and knowledge of the safety functions has the necessary skill sets to perform the acceptance test in the correct manner. Note 5-282 * Please refer to the information in Chapter 5, "Commissioning for SINUMERIK 840D". * The acceptance report presented below is both an example and recommendation. The specified values apply to the system chosen for this particular example. * Template for the acceptance report: An electronic template for the acceptance report is available: - in the toolbox for SINUMERIK 840D - on DOCONCD for SINUMERIK 840D - on the service CD for SINUMERIK 840 * The acceptance report comprises checking the alarm displays and including the alarm reports in the overall acceptance report. In order to obtain reproducible and comparable alarm displays, during the acceptance test, MD 10094: $MN_SAFE_ALARM_SUPPRESS_LEVEL must be set to 0 in order to avoid suppressing alarm outputs. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Necessity of an acceptance test 5 Commissioning 5.2 Acceptance report A full acceptance test (as described in this Chapter) must always be carried-out when the functionality of Safety Integrated is commissioned for the first time on a machine. Extended safety-relevant functionality, transferring the commissioned software to additional series machines, modifications to the hardware, software upgrades etc. may make it necessary to carry-out the acceptance test with a reduced test scope. The conditions prescribing the necessity for, or giving suggestions for the required test scope are given below. Overview/definitions for performing the acceptance test In order to define a partial acceptance test it is first necessary to describe the individual parts of the acceptance test and then define logical groups that represent the components of the acceptance text. Contents of the full acceptance test DOCUMENTATION Documentation of the machine incl. safety functions 1. Machine description (with overview) 2. Details about the control system 3. Configuration plan 4. Function table Active monitoring functions depending on the operating mode, the protective doors and other sensors Ideally, this table should be the object and result of the configuring work. 5. SI functions per axis 6. Information about the safety equipment. FUNCTION TEST PART 1 General function check incl. checking the wiring/programming 7. Test the shutdown paths path (test the forced checking procedure of the shutdown paths) 8. Test the external stops 9. Test the forced checking procedure of the inputs and outputs 10. Test the crosswise data comparison of the basic Safety Integrated functions and Safety Integrated SPL system variables 11. Test the EMERGENCY STOP function and the safety circuits 12. Test the changeover of SI functions. FUNCTION TEST PART 2 Detailed function test incl. checking the values of the individually used SI functions 13. Test the SI function "safely-reduced speed" - SG (in each case with evaluated measurement diagram and measured values) 14. Test the SI function "safe operating stop" - SBH (in each case with evaluated measurement diagram and measured values) 15. Test the SI function "safe software limits" - SE (in each case with evaluated measurement diagram and measured values) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-283 5 Commissioning 5.2 Acceptance report 11.03 16. Test the SI function "safe cams" - SN (check using the diagnostics display and assigned SGAs) 17. If necessary, test of SI function "external stops" in each case with evaluated measurement diagram and measured values. COMPLETION OF THE REPORT A report of the commissioning status that was checked is generated with the appropriate counter-signatures 18. Check the SI machine data 19. Log the checksums (axis MD / SPL) 20. Complete the NCK commissioning 21. Complete the PLC commissioning 22. Verify the data backup 23. Counter-signature. APPENDIX Reports/measurement records for FUNCTION TEST PART 1/2 Alarm logs/servo trace measurements Effect of the acceptance test for specific measures Table 5-1 Measure Depth of acceptance test as a function of specific measures DOCUMENTFUNCTION TEST FUNCTION TEST ATION PART 1 PART 2 Replace the encoder No No Partial check of safe system actual values and (cf. 7.6.4) function of SE/SN (axis specific) Upgrade software Supplement Yes Yes, (NCU/drive/PLC) version data with note about when if system cycles or the new function is to acceleration behavior be introduced (e.g. also jerk) have been changed and the new function tested. Upgrade software Possible No No (MMC) supplement, SW version Supplement the No Yes, Replace NCU hardware hardware data if system clock cycles (e.g. upgrade of or dynamic response NCU 572 <-> NCU 573) were changed If the NCU hardware is identical, no measures are necessary Supplement, No Partial, Replace control board if the system cycles or (e.g. from Standard.2 <-> hardware data/ configuration dynamic response were Performance) changed If control board is (axis specific) identical, no measures are necessary Change an individual limit Supplement, No Partial, value (e.g. SG limit) SI functions per test the changed limit axis value Function expansion (e.g. Supplement, Yes Partial, additional actuator, SI functions per with note, if relevant test of possible additional SG stage) axis or function limited to adapted additional limit values table parts 5-284 REPORT COMPLETION No Supplement, possibly new checksums and counter-signature No Supplement, possibly new checksums and counter-signature Supplement, possibly new checksums and counter-signature Supplement, new checksums and counter-signature Supplement, possibly new checksums and counter-signature (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Transfer data to additional machines with series commissioning Replace hardware of SI-relevant peripherals (e.g. I/O modules) 5 Commissioning 5.2 Acceptance report Possibly supplement, machine description (check the SW version) No Yes with note No if data are identical No if data are identical (check checksums) Yes with note about limitation to replaced components No No The acceptance report is included as a Word file in the toolbox supplied and is made up of the following parts: * System description * Description of safety functions * Test of safety functions. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-285 5 Commissioning 5.3 Conventional acceptance test 11.03 5.3 Conventional acceptance test Testing the SGAs and SGEs The crosswise data comparison can be tested by removing the connectors from the NCK I/O (NCU terminal block or mixed I/O modules). Checking the test stop The NCK and drive test stop can be checked by viewing the SGE/SGA signals. SGEs: Test stop selection (drive, also the interface signal DB <axis>.DBX23.7 status, pulses are cancelled (only axis). SGAs: Shutdown path NCK - enable pulses Shutdown path checkback signal from the drive - pulses are cancelled, also the interface signal DB<axis>.DBX108.2. Negative test: Remove the terminal block for AS1/ AS2 from the drive and carry-out the NCK test stop. STOP A stop response must be initiated. Testing the SBH SI function Test the SBH function by violating the monitoring limits * Execute numerically controlled traversing motion (JOG). * Provide positive feedback in the position closed-loop control by reversing the polarity of the position actual value using the machine data. * Start the function generator with speed controller/setpoint input References /IAD/, SINUMERIK 840D Installation & Start-Up Guide The distance traveled by the axis until it is stopped by the configured stop response can be read from the actual value display. The time required to stop the axis can be determined by recording the actual speed value via D/A converters. Testing the SG SI function 5-286 The following cases must be tested. * Correct response: After the active speed limit value has been exceeded, the axis must have been stopped within the changeover time to SBH by the configured stop response. * Incorrect response: After the active speed limit value was exceeded, the axis was not stopped to SBH within the changeover time as a result of the configured stop response. This results in a transition from STOP B to STOP A. * Changeover between the SG limit values (if set). A limit value is selected that is lower than the actual axis speed. * Changeover between the SG and SBH functions. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.3 Conventional acceptance test Testing the SN SI function Test the cams by traversing them at various axis speeds. Testing the SE SI function Test the limit positions/enstops by passing them at various axis speeds. * * Position the cam at the center of the axis. Traverse the cam at various axis speeds and in the rapid traverse mode. Calculate the time and distance traveled by the axis until the desired cam signal (NCK-SGA, PLC-SGA) is output. Locate the limit position/enstops at the center of the axis. Pass the position at various axis speeds and in the rapid traverse mode. Calculate the remaining distance traveled by the axis until it is stopped by the configured stop response. Locate the safe limit in front of the fixed endstop of the axis at a distance corresponding to the calculated remaining distance plus a safety margin defined by the machine manufacturer. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-287 5 Commissioning 5.4 NCK acceptance test support 11.03 5.4 NCK acceptance test support General The requirements associated with an acceptance test can be derived from the EU Machinery Directive. Presently IEC 22G WG 10 is working on a standard for "functional safety". This also includes a specific description of the requirements for an acceptance test. Accordingly, the machinery construction (OEM) is responsible for the following: * to carry-out an acceptance test for safety-relevant functions and machine parts, and * to issue an "Acceptance certificate" that includes the results of the test. When using the Safety Integrated function, the acceptance test is used to check the functionality of the SI monitoring functions used in the NCK, PLC and drive. In this case, the correct implementation of the defined safety functions is investigated, the implemented test mechanisms checked (forced checking procedure measures) as well as the response of individual monitoring functions, provoked by individually violating the tolerance limit. This should be carried-out for the safety functions that were implemented using SPL as well as all of the axial monitoring functions of the axes that are monitored with SI. Previously, the result of the test was a manually created document (refer to Section 5.2). The test steps required were accompanied, in some instances, by changes made to the PLC program and to MD settings and the alarms that were issued were documented. Further, servo trace plots were evaluated using the associated measuring function and the results and graphics transferred into a document that the OEM had created. The principle contents and structure of such a document is described in Chapter 5.2 "Acceptance report". Based on this method, the existing SI functionality was expanded in the NCK and drive software in order, in conjunction with an operator interface (SinuCom NC), to support and simplify the test procedure as well as the associated documentation. The objective of this support is to control the creation and administration of an acceptance report and prepare and carry-out the required test steps using the appropriate operator actions via the operator interface. The test steps that are required as part of the acceptance test are not fully automatically executed but are controlled using a skilled operator. This operator must carry-out the measures, associated with the test step, at the system being tested. The following mechanisms are applied in order to carry-out the test steps and to optimize the creation of the acceptance report: 5-288 * Support when documenting the active monitoring functions and monitoring limit values by reading-out the appropriate machine data. * Support when documenting the checksum values. * Standardization of the procedure when carrying-out the test, following a pre-defined test list. * The test time is reduced by preparing test procedures within the system, automatic trace and evaluation techniques and reduced time when acknowledging SI alarms that are output. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.4 NCK acceptance test support Software requirements The acceptance test report function is based on the interaction between the NCK/drive and the SinuCom NC operator interface. This means that if this function is used, these components must have a certain minimum software version. SinuCom NC software NCU system software Version 06.03.07. or higher Version 06.04.15 or higher The basic functionality of the SinuCom NC software is explained within the scope of its own documentation. This documentation also provides information about the steps when handling the acceptance test support function, a description of the screen forms and the menu prompting. This is the reason that this is not handled in this documentation. References: Start-up Tool SINUMERIK SinuCOM NC Edition 08.2003 5.4.1 Scope of the test list The test steps of the SI acceptance test, supported by the system, is based on the previous test execution and comprises the following steps: Designation Purpose of the test step General Overview Document the machine details (e.g. manufacturer, machine type,...) Check the forced-checking procedure measures Shutdown paths Test the forced checking procedure of the shutdown paths for the NCK and drive. External stops Test the forced checking procedure of the (used) external stop responses (when using SPL). SPL inputs/outputs Test the forced checking procedure (if required) of the external SPL I/O. Qualitative function checks EMERGENCY STOP Test the internal EMERGENCY STOP functionality when executed via external stop responses and the response to the external SPL I/O. Inter-relationships between Test all of the states relevant for the safety functions that should be functions first documented within the scope of a function table or similar (interdependency of sensor signals, positions, modes). In this case, the following should be taken into account - the active monitoring function for SI-monitored axes (internal safety functions) and the switching state of safety-related external SPL output peripherals Quantitative function checks SBH (safe operating stop) Test the response when provoking that the SBH limit value is exceeded and define associated characteristic quantities/parameters. SG (safely-reduced speed) Test the response when provoking that the SG limit value is exceeded and define associated characteristic quantities/parameters. SE (safe software limit switch) Test the response when provoking that the SE limit value is exceeded and define associated characteristic quantities/parameters. Termination Finished The test results are saved and loaded. The acceptance report is generated based on the test results that have been determined. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-289 5 Commissioning 5.4 NCK acceptance test support 5.4.2 11.03 Internal mechanisms to support the test procedure In order to support the execution of the individual test steps, defined states are activated as a result of the interaction between the SinuCom NC operator interface and NCK/drive. This creates the appropriate requirements relating to the secondary conditions of the test step, that up until now, had to be manually set. Acceptance test phase If the acceptance test function is selected on the SinuCom NC operator interface, then on the NCK side, the acceptance test phase is selected. As a result, the acceptance test phase is continually active while working through the test list. In order to ensure that all of the SI alarms are output when they occur while executing the test steps and that these SI alarms can also be logged, then the alarm suppression that might have been set in MD 10094 $MN_SAFE_ALARM_SUPPRESS_LEVEL is not taken into account and therefore does not have to be manually reset to 0 for the duration of the acceptance test. The acceptance test phase is de-selected by exiting the acceptance test function. Acceptance test mode For the new acceptance test support provided by the NCK and drive, the SI functions to be tested are sub-divided into groups that require a specific acceptance test mode (acceptance test from group 1, e.g. SBH test, SG test) and in groups that do not require an acceptance test mode (acceptance tests from group 2, e.g. acceptance test for SE). Acceptance tests with the acceptance test mode For the test steps of group 1 - these include testing the SBH response and SG response - an additional state is active under defined secondary conditions. This state has specific internal features that support the test procedure. This acceptance test mode becomes active under the following secondary conditions (in a test associated with group 1): * There is no active SI power on alarm for the axis to be tested. * The pulses of the axis to be tested are enabled. * JOG is active as NC mode * The SI monitoring function selected when carrying-out the test step is active, i.e. if for example the SG2 test is selected as test, then if the SG1 is active, the acceptance test mode (group 1) is not active. * Both monitoring channels (NCK, drive) allow modes to be activated. The state that is assumed is subject to a crosswise data comparison between the NCK and drive. For the active acceptance test mode (group 1) the following features are active for the axis to tested: 5-290 * NCK (Alarm No. 27007) and drive (Alarm No. 300952) return the state using the "Acceptance test mode active" alarm. * The reference (setpoint) speed limit is de-activated via the axial MD 36933 $MA_ SAFE_DES_VELO_LIMIT. This means that the machine data is internally handled as if it has been parameterized with 0%. This allows the axis to be traversed in spite of the fact that the SBH monitoring is active or (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.4 NCK acceptance test support a traversing speed greater than the actual SG monitoring without having to change the selected reference (setpoint) speed limiting. * SI POWER ON alarms can be temporarily acknowledged with a reset so that after an SBH response has been tested for an axis, an NCK reset does not have to be initiated for the fault acknowledgement. The acknowledgement criteria for the following alarms is involved: Alarm No. NCK 27010 Alarm No. drive 300907 27023 27024 300901 300900 Alarm text Tolerance for safe operating stop exceeded: STOP B activated STOP A activated * Traversing motion is possible in spite of the external Stop C/D. This means that it is also possible to test the active SBH monitoring state that results from an external Stop. * An active Stop in another axis does not result in the traversing inhibit for the axis being tested also for the setting MD 36964 $MA_SAFE_IPO_STOP_GROUP = 0 for this axis. * When traversing the axes using the JOG buttons, then the set speed limits are ignored - such as e.g. MD 32020 $MA_JOG_VELO - and the G0 value is activated as effective limit value (maximum axis speed). This state is only active from time to time as the described acceptance test mode has some associated internal and extensive consequences. It is deselected using the following conditions: Acceptance tests without acceptance test mode * As a result of an NCK Reset * When an internal timer value expires that defines the maximum time that the state can be active. This timer value is set in the following machine data MD 36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT (NCK) and MD 1358 $MD_SAFE_ACC_TEST_TIMEOUT (drive). * Automatically when the measured value trace has been completed. * If the monitoring function to be tested, that was active when selected, is no longer active; e.g. when changing-over from SBH to SG monitoring with the mode active. * With the mode active, if the JOG NC mode is no longer active. For test steps associated with group 2 - this also involves testing the SE response - under defined secondary conditions, an additional state is active that has specific internal features to support the test procedure. This acceptance test (group 2) becomes active under the following secondary conditions (in a test of group 2): * There is no active SI power on alarm for the axis to be tested. * The pulses of the axis to be tested are enabled. * JOG is active as NC operating mode * The SI monitoring function selected for the particular test step is active, this means, for example, that if the SE1 test is selected as test, if SE2 is active, the acceptance test mode (group 2) is not active. * The NCK monitoring channel allows the mode to be activated through one channel. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-291 5 Commissioning 5.4 NCK acceptance test support 11.03 The following features apply for an active acceptance test (group 2) for the axis to be tested: * The NCK returns the state (Alarm No. 27008) via the alarm "single-channel software limit switch de-activated". * The single-channel software limit switches (set positions, refer to MD 36100 to MD 36130) are de-activated. This means that an axis can pass these software limit switches without having to change the associated machine data. The acceptance test (group 2) is again de-activated for the following conditions: 5.4.3 * As a result of an NCK reset. * When an internal timer value expires that defines the maximum time that the state can be active. This timer value is set in the following machine data MD 36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT (NCK) and MD 1358 $MD_SAFE_ACC_TEST_TIMEOUT (drive). * Automatically when the measured value trace has been completed. * If the monitoring function to be tested, that was active when selected, is no longer active; e.g. when changing-over from SE1 to SE2 monitoring with the mode active. * With the mode active, if the JOG NC mode is no longer active. Trace techniques A test is carried-out prompted step-by-step using the SinuCom NC operator interface. There are various trace techniques, which can be used to confirm and log as to whether the test was positively carried-out. TEXT Text entry by the operator A table or cell for the user documentation is provided for the test. This should then be completed corresponding to the specifications. In addition to how the test is initiated, the text entry includes, e.g. the description of test situations and responses or similar. ALARM Alarms that have occurred are automatically logged Specific system and user alarms expected for the test step that are automatically logged after data trace has been started. After the appropriate data has been traced, the selection of alarms to be logged can be reduced to those alarms that are relevant for the specific test step. TRC Internal signal trace function The SinuCom NC internal trace function is started when the data trace is started and the signals, relevant for the specific test step, recorded. After the appropriate trace time (the relevant signal changes have taken place), then the trace must be manually terminated. 5-292 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.4 NCK acceptance test support TRC+ Internal signal trace function with additional automatic determination of the characteristic quantities The SinuCom NC internal trace function is started when the data trace is started and the signals, relevant for the specific test step, recorded. The trace is automatically terminated after the appropriate (expected) signal changes and transitions and the appropriate characteristic quantities are automatically determined and displayed for the test. It is not necessary to manually terminate the trace. Designation of the test step TEXT ALARM General X Overview Checking the forced-checking procedure measures X X Shutdown paths External stops X X X SPL inputs/outputs Qualitative function checks X EMERGENCY STOP X Function inter-relationships Quantitative function checks X X SBH (safe operating stop) SG (safely-reduced speed) X X X X SE (safe software limit switch) Termination Completed Using the internal trace function 5.4.4 TRC TRC+ X X X X X Specific NC machine data must be set in order that the trace function can be used. This prepares the appropriate resources for the function. The values to be set should be taken from the SINUMERIK SinuCom NC start-up tool Basic operating information and instructions * The operator is prompted, step-by-step when carrying-out a test. The following secondary conditions must be observed, especially for those tests that use the internal trace function: If a traversing direction has been selected, then this must also be taken into account for the subsequent task. The reason for this is that the trigger condition for the automatic data acquisition and evaluation is based on this direction data. A procedure is initiated to activate the trace function using the button <start data acquisition>. This can take several seconds. The signal is only acquired after the appropriate message in a message box. If the trace has to be manually terminated, then this step should, if at all possible, be made directly after the last expected signal change that is relevant for the trace. This ensures that the relevant area is optimally displayed in the subsequent trace display. * For each test step, the operator must decide as to whether the test was successfully carried-out. He should make this decision based on traced and determined data and test situations that have been carried-out and documented. This can be confirmed after the test has been carried-out by selecting the appropriate results. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-293 5 Commissioning 5.5 Diagnostics 11.03 * The test list, provided and supported via SinuCom NC includes the basic test steps to be carried-out. Depending on the machine configuration, several tests may not be necessary for the particular machine. This can be selected in the basic display of the test step. Further, there are test cases, that are required for the machine but are not (or still not) included within the scope of the test list, e.g. measuring the braking travel when a light barrier is obstructed, or similar. These tests should still be manually carried-out. * When generating the acceptance certificate, for documentation purposes, data is automatically retrieved from some machine data (SI limit values, checksums, hardware information). Further, the results for the test that was carried-out are incorporated in the document. The report is structured the same as the document that was previously manually created. Some sections, such as for example, the machine overview, function table of the configured safety functions etc., that are not standardized, are still manually incorporated in the document at a later data. 5.5 Diagnostics 5.5.1 Troubleshooting procedure * The alarms that have been activated in response to an error are output in the "DIAGNOSIS - ALARMS" display. * When the alarm "Defect in a monitoring channel" is output, for the NCK monitoring channel, the cause of the alarm can be directly read-out from the diagnostics for STOP F. * The cause of the alarm in the drive monitoring channel can be found in MD 1395: MD_SAFE_STOP_F_DIAGNOSIS in the "START-UP MACHINE DATA - FDD OR MSD" display. Note Different error codes may be displayed for the NCK and drive monitoring channels. * 5-294 When the "Service SI" softkey is actuated, three data blocks are listed in HMI Advanced (from SW 6.2) for the selected axis via Safety Integrated - Status SI (selected per default) - SGE/SGA - SPL (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.5 Diagnostics Fig. 5-3 Status SI The vertical softkeys axis +, axis - or direct selection are used to set the desired axis. The current axis is displayed at the top righthand side of the table. Available values/signals Safe actual position Position deviation NCK/drive "Safe operating stop" monitoring active "Safely-reduced speed" monitoring active Active SG step Active SG correction factor Safely-reduced actual speed limit Setpoint speed limit Actual speed difference Maximum speed difference Active safe software limit switch Active gear ratio (step) Active stop Currently requested external stop Stop F code value (Alarm 300911) Pulses enabled Traversing inhibit due to a stop in other axis The vertical softkeys "SGE/SGA" and "SPL" can be used to select two additional screens, which show the situation for the safety-relevant inputs/ outputs and the safe programmable logic. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-295 5 Commissioning 5.5 Diagnostics 11.03 Fig. 5-4 Status display of SGE/SGA The available signals are shown in the figure above. The vertical softkey Status SI accesses the SI status screen, the SPL softkey accesses the screen for safe programmable logic. Fig. 5-5 shows the status display of the safe input/output signals. 5-296 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.5 Diagnostics SG selection Bit 0 Status impulses disabled (Axis only) SBH deselection SBH/SG deselection Bit 1 Bit 2 Bit 1 Bit 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 X 1 1 Deselection ext. Stops Bit 3 Bit 2 Bit 1 Bit 0 Stop D SG Override selection Bit 0 ... 15 Save output signals, axis 1 Safe output signals, drive 1 SBH/SG active Axis safety referenced 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 SN2 SN2 + SN1 SN1 + Safe input signals, axis 2 Safe input signals, drive 2 SN4 SN4 + SN3 SN3 + Bit 16 ... 31 Stop C Stop A Save input signals, axis 1 Safe input signals, drive 1 Gear ratio selection Enable pulses Bit 0 ... 15 SE selection NCK monitoring channel Drive monitoring channel Test stop selection Axis: Drive: 1 0 1 1 1 1 1 1 1 0 0 0 0 1 0 0 1 0 1 1 1 1 1 1 1 0 0 0 0 1 0 0 Pulses diabled status Bit 16 ... 31 Safe output signals, axis 2 Safe output signals, drive 2 Fig. 5-5 SG active n < nx Bit 1 Bit 0 Stop D Stop C Stop A/B active Stop SBH active 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 Status display of safe input/output signals (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-297 5 Commissioning 5.5 Diagnostics 11.03 SPL Fig. 5-6 Status display SPL In the "Variable" selection box, you can select: $A_INSE(P) corresponds to simultaneous selection of $A_INSE $A_INSEP upper line, origin of the NCK and lower line, origin of the PLC and effectively the same for the other variables: $A_OUTSE(P) $A_INSI(P) $A_OUTSI $A_MARKERSI(P) The variables that have been selected and the associated bit areas are saved and are taken into account when subsequently selecting the screen. Using the select key, the following formats can be selected in the variable rows B Binary H Hexadecimal D Decimal The selected format applies for all of the variables displayed in the screens. 5.5.2 Diagnostics support by configuring your own extended alarm text In order to upgrade the level of diagnostics information when an error occurs, certain Safety Integrated system alarms can be supplemented by a freelydefinable user text. For instance, for hardware-related faults, supplementary information such as input designation, circuit diagram identification number or similar can be included in the system alarm that is output. 5-298 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.5 Diagnostics This extended alarm text is based on the interaction between the NCK system software (that specifies the parameter that addresses the supplementary information for the alarm text) and the HMI software (that has to appropriately process this parameter). Dedicated extended alarm texts can be defined for the following Safety Integrated system alarms: Prerequisites, HMI Advanced * General SPL crosswise data comparison error (different status of the SPL variables) Alarm 27090, error for crosswise data comparison NCK-PLC extended alarm text is available from NCU system software 05.03.25 and 06.03.01. * Channel-related error on the PROFIsafe module (only when using the PROFIsafe I/O Alarm 27254 PROFIsafe: F module, error in the channel Extended alarm text available from NCU system software 06.04.15 The following entry is located in the configuration file for the alarm server (file MBDDE.INI) in the section [Text files]. File excerpt: mbdde.ini [Textfiles] NCK=f:\dh\mb.dir\aln_ ; Example : Standard entry This means that all of the NCK alarms are defined in the file referenced after the NCK entry. The processing of an extended alarm text for the above specified alarms is prepared as part of this definition File excerpt: aln_gr.com 027090 0 0 "Error for crosswise data comparison NCK-PLC, %1[%2], NCK: %3; %4<ALSI>" 027254 0 0 "PROFIsafe: F module %1, error in channel %2; %3<ALSI>" An extended alarm text can be defined for an alarm using the supplement %4<ALSI> (Alarm 27090) and %3<ALSI> (Alarm 27254). If required, this entry can be subsequently entered into older HMI software versions, in order to activate the display of the extended alarm text - under the assumption that the NCK system software supports this. Principle of operation - extended alarm text If Alarm 27090 or Alarm 27254 occurs, the NCK transfers an additional parameter value (27090:%4; 27254: %3) to the HMI software. This parameter has a defined value range. Each value can be uniquely assigned an extended alarm text. Value range of the transfer parameter 000 Parameterizing error detected at run-up (different state active) Crosswise data comparison error, SPL protective mechanism: MD 11500 - DB18.DBX36.0 Crosswise data comparison error, stop response for SPL error: MD 10097 - DB18.DBX36.1 001...064 Error in system variables $A_INSE(P)[01...64] (Alarm 27090/ Alarm 27254) If the safety-related input signal is taken from a PROFIsafe module, then only a safe signal state is transferred to the NCK and PLC. This means that internally, a different state no longer (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-299 5 Commissioning 5.5 Diagnostics 11.03 occurs between $A_INSE and $A_INSEP. The index value then results from a channel error signaled from the PROFIsafe module (Alarm 27254) that is assigned the appropriate $A_INSE(P) variable (e.g. discrepancy error) Definition of the extended text 065...128 Error in the system variables $A_OUTSE(P)[01...64] (Alarm 27090 / Alarm 27254) If the safety-related output signal is output at a PROFIsafe module, then only a safe signal state is transferred. This means, Alarm 27090 signals an internal logic error ($A_OUTSE(P)variables differ) and Alarm 27254 signals a channel error signaled from the PROFIsafe module that is assigned to the appropriate $A_OUTSE(P) variable (e.g. short-circuit fault) 129...192 Error in system variables $A_INSI(P)[01...64] (only Alarm 27090) 193...256 Error in system variables $A_OUTSI(P)[01...64] (only Alarm 27090) 257...320 Error in system variables $A_MARKERS(P)[01...64] (only Alarm 27090) The file, in which the extended texts are defined, is also declared in the configuration file for the alarm server (file MBDDE-INI) in the section [IndexTextFiles] File excerpt: mbdde.ini [IndexTextfiles] ALSI=f:\dh\mb.dir\alsi_ ; Example : Standard entry We recommend that this file for the extended text is located in the HMI user directory. Every parameter can be assigned a dedicated text in this file, whereby the text entry is located in front of the associated parameter value (refer to the following file excerpt). File excerpt: alsi_gr.com 000000 0 0 "Parametrierfehler MD11500/DB18.DBX36.0 bzw. MD10097/DB18.DBX36.1" 000001 0 0 "Anwendertext $A_INSE(P)[01]" .. 000064 0 0 "Anwendertext $A_INSE(P)[64]" 000065 0 0 "Anwendertext $A_OUTSE(P)[01]" .. 000128 0 0 "Anwendertext $A_OUTSE(P)[64]" 000129 0 0 "Anwendertext $A_INSI(P)[01]" 000192 0 0 "Anwendertext $A_INSI(P)[64]" 5-300 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.5 Diagnostics 000193 0 0 "Anwendertext $A_OUTSI(P)[01]" 000256 0 0 "Anwendertext $A_OUTSI(P)[64]" 000257 0 0 "Anwendertext $A_OUTSI(P)[01]" 000320 0 0 "Anwendertext $A_OUTSI(P)[64]" The assigned user text is then displayed when Alarms 27090 or 27254 occur, referred to the associated SPL variable. 5.5.3 Servo trace bit graphics for Safety Integrated General The servo trace function is one of the measuring functions in the start-up area. Using the servo trace, for drive signals and NCK signals, measurements can be started by entering a measuring time and trigger conditions. The results of the measurements are then graphically displayed. Two curves can be displayed in 2 graphics. The results of the measurements can be saved in files. Further, the graphics can be saved as bitmap file in the HMI_ADV data manager - or directly printed out. Starting servo trace After MMCWIN has been started, the start-up operator area can be reached using the horizontal "Start-up" softkey (also refer to Section 5.3). After this softkey has been pressed, one menu level lower can be accessed and the servo trace reached by pressing the horizontal "drives/servo" softkey. The basic servo trace display appears after pressing the horizontal servo trace softkey: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-301 5 Commissioning 5.5 Diagnostics 11.03 The servo trace belongs to those measuring functions that request measured values from the NCK via a parameterized PI service and graphically display the measured values with respect to time. When successful, the NCK returns up to 4 measured value buffers to the HMI for evaluation. Selecting signals When selecting signals, axes and signal names can be selected from the lists for a maximum of 4 trace channels (trace 1 to trace 4). Trace 1 has a special significance - a signal must be selected in trace 1 otherwise when the PI service is started using the vertical "start" softkey, this is negatively acknowledged from the NCK. Measuring parameters For the measuring parameters, the measuring time, the trigger time, specific thresholds and various trigger signals can be set (e.g. a trigger from the part program). These settings are used to parameterize the PI services at segment values and offset values of NCK using the vertical "start" softkey. A measurement that has already been started can be interrupted using the vertical "stop" softkey. In this case, the NCK does not supply any measured values. Physical address If the physical address entry is selected in the signal selection list, the vertical softkey having the same name is activated. Using the input masks under this softkey, segment values and offset values of NCK system variables etc. can be specified and then measured. It is possible to scroll over the axes and spindles in the application using the vertical "Axis +" and "Axis -" softkeys. The axis name or spindle name is included in the selected selection list for the axis/spindle names. Selecting SGE drive 5-302 The selection of the SI signal SGE drive (from the PLC) is shown in the following. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.5 Diagnostics The measurement is started on the NCK side and appropriate information output in the dialog line after pressing the vertical "start" softkey. If the measurement cannot be started, appropriate error information and instructions are provided which can be used to troubleshoot the problem. Measured value buffer When NCK ends the measurement, the buffers, that contain the factors that are used to convert from the formats on the NCK side to the physical units for display with HMI_ADV and the actual measured values, are transferred to the HMI_ADV. The number of buffers depends on the number of trace channels that are assigned (trace 1 to trace 4). When the buffers are being transferred, this is signaled in the dialog line. Display Once the measurement has been completed, the results of the measurement can be graphically displayed using the horizontal "display" softkey. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-303 5 Commissioning 5.5 Diagnostics 11.03 Graphic Two graphics (graphic 1 and graphic 2) are displayed. Each graphic can include up to two measured value curves that are color-coded (trace 1 in graphic 1: green, trace 2 in graphic 1: blue, trace 3 in graphic 2: green, trace 4 in graphic 2: blue). Trace 1 and trace 2 are displayed in graphic 1, trace 3 and trace 4 in graphic 2. The X axis of the graphics is the time axis and the Y axis is scaled in the physical units of the particular signal. The title lines of the graphics indicate (Tr.1 :X1 axis) that the measured values come from an actual measurement. The parameterization of the measurement can be seen from the basic screen of the servo trace (this can be accessed using the horizontal "measurement" softkey). Measurement settings and the measured values of the servo trace functions can be saved, downloaded or deleted using the horizontal "file functions" softkey. A detailed description will not be provided here. More detailed information can be found in the following document File functions References: //IAD//, Start-up Guide, SINUMERIK 840D, Chapter 10 5.5.4 Bit graphics for SI signals in the servo trace Using the expansion of the servo trace, individual bits can be selected from bitcoded SI signals and the characteristic over time can be graphically displayed similar to a logic analyzer. Bit characteristics can be displayed as a function of time for 10 character channels (tracks). Bit-coded SI signals 5-304 The bit-coded SI signals are principally sub-divided into two groups: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.5 Diagnostics * SI signals where the system allocates the names of the bits (signals: SGENCK, SGA-NCK, SGE-PLC and SGA-PLC) * SI signals where the user can freely select their names and default names are entered into an Ini file (hmi_adv\ibsvtsi.ini). If the user wishes to change the default assignment, he can do this in the file hmi_adv\ibsvtsi.ini or using the appropriate forms in the operator interface. These different bit-coded SI signals are parameterized on the operator interface. The settings do not modify the measurement but only how the results of the measurement are actually displayed in the graphic. No bit graphics are generated for SI signals that are not bit-coded. Bit selection The setting possibilities are accessed using the vertical "bit selection..." softkey: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-305 5 Commissioning 5.5 Diagnostics 11.03 The following screen appears after pressing the vertical "bit selection..." softkey: The vertical "bit selection trace 1...", "bit selection trace 2...", "bit selection trace 3..." and "bit selection trace 4..." softkeys listed allow, for the SI signals selected in trace channels trace 1 to trace 4, bit names of these SI signals to be assigned a possible 10 character channels (tracks) in the bit graphics for these signals. A dedicated graphic is displayed for trace 1, trace 2, trace 3 and trace 4. If a bit-coded SI signal is not selected in a trace channel, then when the corresponding softkey is pressed, it has no effect; information is output in the dialog line to signal that it does not involve a bit-coded SI signal. Bit selection, trace 1 ... 5-306 In the example, the signal SGE-NCK has been read-in to graphic 1 for trace 1. The following screen is displayed when the vertical "bit selection trace 1..." softkey is pressed: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 5 Commissioning 5.5 Diagnostics The bits of this signal are consecutively numbered. Every bit is permanently assigned an associated bit name. In the entry boxes "track", by assigning the value in the range between 0..9 it is possible to define in which of the 10 character channels (tracks) the bit should be graphically displayed. In the example Bit 0 SBH/SG de-selection NCK is displayed in track 0 of the bit graphic for trace 1. Bit 19 de-select ext. Stop C NCK is displayed in track 9 of the bit graphic for trace 1. The user is shown which track numbers have already been allocated (they have a blue background in the label "track number:"). If a track number is allocated twice, an error message is displayed. All of the signal bits are listed; bits that are not available are designated with free or reserved. Using the scrollbar, it is possible to scroll over the bit range from 0 to bit 31. Starting values for the track assignments have been entered into the file hmi_adv\ibsvtsi.ini. If the user does not like these, then he can make changes as he wishes. These changes for the bit graphics become effective if the vertical "Accept" softkey and are also transferred into the file hmi_adv\ibsvtsi.ini as new starting values. This means that they also apply for new measurements with this signal as default settings. Using the vertical "Abort" softkey, the screen is exited without accepting possible changes made to values. Bit selection, trace 2... to trace 4... A similar procedure is also obtained for trace 2.. to trace 4 that, in this particular example, contain the following signals: Trace 2 Trace 3 Trace 4 SGE drive (from the PLC) SGA-NCK SGA drive (from the PLC) The handling is the same as described under bit selection, trace 1. Mixing traces... Using the vertical softkey "Mix traces...", the user can select individual bits of SI signals from 4 traces and display these in the tracks as bit graphics for (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-307 5 Commissioning 5.5 Diagnostics 11.03 comparison purposes. This means that especially inputs and outputs of various SI signals can be combined. 5-308 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 6 Alarms 6 6.1 Alarms for SINUMERIK 840digital .............................................................. 6-310 6.2 Alarms from SIMODRIVE 611 digital .......................................................... 6-343 6.3 Alarm suppression ...................................................................................... 6-355 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-309 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 Note The function "safe software limit switch" (SE) is also called "safe limit positions" and the function "safe software cams" (SN) is also called "safe cams". 6.1 Alarms for SINUMERIK 840digital Alarms for SINUMERIK 840D/611 digital Detailed explanations of all alarms that are not described here can be found in the following references for the SINUMERIK 840D system with SIMODRIVE 611 digital: References: /DA/, Diagnostics Guide. Note In systems with MMC 101/102, the alarms are also explained in the online help. Alarms for SINUMERIK (R) Safety Integrated The alarms that can occur in connection with the SI option are listed below: 20095 Axis %1 illegal torque, current torque %2 Parameter Program continuation %1 = axis name, spindle number %2 = measured holding torque when selecting the brake test The actually measured holding torque cannot be provided with the existing parameterization of the brake test. Alarm display The function test of the brake mechanical system is aborted Check the parameterization for the brake test function: The torque for the weight equalization in drive machine data 1192 should be nearly the same as the actual holding torque. The specified torque for the brake test in MD $MA_SAFE_BRAKETEST_TORQUE must be set higher than the actual holding torque. Clear the alarm with the Clear key or with NC START. 20096 Axis %1 brake test aborted, additional information %2 Parameter %1 = axis name, spindle number %2 = fault information, based on $VA_FXS_INFO The brake test has detected a problem. The additional information provides details of the cause of the alarm. An explanation is provided in the documentation about the system variables $VA_FXS_INFO Supplementary info: 0: No additional information available 1: Axis type is neither a PLC nor a command axis 2: Limit position reached, motion stopped 3: Abort using NC RESET (key reset) 4: Exit monitoring window 5: Torque reduction rejected by drive 6: PLC has withdrawn the enable signal. Explanation Response Remedy Explanation 6-310 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital Response Program continuation Alarm display Interface signals are set Note the supplementary conditions of the brake test, refer to supplementary info. Clear the alarm with the Clear key or with NC START. 27000 Axis %1 is not safely referenced Parameter Explanation %1 axis number There are two reasons for this alarm: - the user has still not acknowledged the machine position, - the machine position has still not been verified by subsequent referencing. Even if the axis is already referenced, there is no acknowledgement that referencing has supplied the correct result. For example, incorrect results can occur if the axis was moved after the control was powered-down, with the result that the standstill position saved prior to powering-down is no longer correct. To make sure that this does not happen, the user must acknowledge the displayed actual position after the first referencing process. When the user agreement has first been set, the axis must be subsequently referenced each time that the control is run-up (with absolute encoders, this subsequent referencing is automatically executed). This procedure is carried out to verify the standstill position saved prior to powering-down the control. The alarm display can be set using MD $MN_SAFE_ALARM_SUPPRESS_LEVEL (MD>=3) so that the group alarm 27100 is displayed for all SI axes. Alarm display The SGA "Axis safely referenced" is not set. SE is disabled if the safety actual position has not yet been acknowledged by user agreement. If user agreement is set SE remains active. The safe cams are calculated and output, but their significance is limited because referencing has not been acknowledged. Move the axis to a known position, change to the "Referencing" mode and press the softkey "Agreement". Check the positions displayed in the agreement diagram at the machine. If these correspond to those expected at the known positions, confirm this using the toggle key. If the user agreement has already been set, reference the axis again. The user agreement can only be changed in key-actuated switch setting 3 or after entering a password. WARNING: If the axis has not been safely referenced and there is no user agreement, then the following applies: - the safe cams are still not safe - the safe limit positions are still not active The alarm display disappears together with the cause of the alarm. No further operator action necessary. Remedy Response Remedy Program continuation ! Warning If the axis has not been safely referenced and there is no user agreement, then the following applies: - the safe cams are still not safe - the safe limit positions are still not active (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-311 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27001 Axis %1 error in a monitoring channel, code %2, values: NCK %3, drive %4 Parameter %1 = axis number %2 = supplementary information, crosswise data comparison index %3 = supplementary information, comparison value, NCK %4 = supplementary information, comparison value, drive The mutual comparison of the two monitoring channels has found a difference between input data or results of the monitoring operations. One of the monitoring functions is no longer reliable, i.e. safe operation is no longer possible. The following fault codes are possible on the NCK side: - 0 No fault has been detected in this channel, subsequent (follow-on) alarm at drive Alarm 300911. - 1 Result list 1: Difference in SBH, SG, SBR or SE result, e.g. because the monitoring channels are not equally controlled. For further information refer to Drive MD 1391, 1392. - 2 Result list 2: Difference in the SN, n_x result. For further information, refer to the drive MD 1393, 1394. - 3 Actual value difference greater than that set in $MA_SAFE_POS_TOL. - 4 Not assigned - 5 Function enable signals $MA_SAFE_FUNCTION_ENABLE. - 6 Speed limit $MA_SAFE_VELO_LIMIT[0]. - 7 Speed limit $MA_SAFE_VELO_LIMIT[1]. - 8 Speed limit $MA_SAFE_VELO_LIMIT[2]. - 9 Speed limit $MA_SAFE_VELO_LIMIT[3]. - 10 Tolerance for safe operating stop $MA_SAFE_STANDSTILL_TOL. - 11 Limit position $MA_SAFE_POS_LIMIT_PLUS[0]. - 12 Limit position $MA_SAFE_POS_LIMIT_MINUS[0]. - 13 Limit position $MA_SAFE_POS_LIMIT_PLUS[1]. - 14 Limit position $MA_SAFE_POS_LIMIT_MINUS[1]. - 15 Cam position $MA_SAFE_CAM_POS_PLUS[0] + $MA_SAFE_CAM_TOL. - 16 Cam position $MA_SAFE_CAM_POS_PLUS[0]. - 17 Cam position $MA_SAFE_CAM_POS_MINUS[0] + $MA_SAFE_CAM_TOL. - 18 Cam position $MA_SAFE_CAM_POS_MINUS[0]. - 19 Cam position $MA_SAFE_CAM_POS_PLUS[1] + $MA_SAFE_CAM_TOL. - 20 Cam position $MA_SAFE_CAM_POS_PLUS[1]. - 21 Cam position $MA_SAFE_CAM_POS_MINUS[1] + $MA_SAFE_CAM_TOL. - 22 Cam position $MA_SAFE_CAM_POS_MINUS[1]. - 23 Cam position $MA_SAFE_CAM_POS_PLUS[2] + $MA_SAFE_CAM_TOL. - 24 Cam position $MA_SAFE_CAM_POS_PLUS[2]. - 25 Cam position $MA_SAFE_CAM_POS_MINUS[2] + $MA_SAFE_CAM_TOL. - 26 Cam position $MA_SAFE_CAM_POS_MINUS[2]. - 27 Cam position $MA_SAFE_CAM_POS_PLUS[3] + $MA_SAFE_CAM_TOL. - 28 Cam position $MA_SAFE_CAM_POS_PLUS[3]. - 29 Cam position $MA_SAFE_CAM_POS_MINUS[3] + $MA_SAFE_CAM_TOL. - 30 Cam position $MA_SAFE_CAM_POS_MINUS[3]. - 31 Position actual value tolerance $MA_SAFE_POS_TOL. $MA_SAFE_SLIP_VELO_TOL for active actual value synchronization (slip) - 32 Ref. position tolerance $MA_SAFE_REFP_POS_TOL. - 33 Delay time SG[x] -> SG[y] $MA_SAFE_VELO_SWITCH_DELAY. Explanation 6-312 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital - 34 Delay time, crosswise data comparison $MA_SAFE_MODE_SWITCH_TIME. - 35 Delay time, pulse cancellation Stop B $MA_SAFE_PULSE_DISABLE_DELAY. - 36 Delay time pulse cancellation, test stop $MA_SAFE_PULSE_DIS_CHECK_TIME. - 37 Delay time, Stop C -> SBH $MA_SAFE_STOP_SWITCH_TIME_C. - 38 Delay time, Stop D -> SBH $MA_SAFE_STOP_SWITCH_TIME_D. - 39 Delay time, Stop E -> SBH $MA_SAFE_STOP_SWITCH_TIME_E. - 40 Stop response when SG exceeded $MA_SAFE_VELO_STOP_MODE. - 41 Stop response when SE exceeded $MA_SAFE_POS_STOP_MODE. - 42 Standstill speed $MA_SAFE_STANDSTILL_VELO_TOL. - 43 Data save test, stop response. - 44 Actual position + SG[0] $MA_SAFE_VELO_LIMIT[0]. - 45 Actual position - SG[0] $MA_SAFE_VELO_LIMIT[0]. - 46 Actual position + SG[1] $MA_SAFE_VELO_LIMIT[1]. - 47 Actual position - SG[1] $MA_SAFE_VELO_LIMIT[1]. - 48 Actual position + SG[2] $MA_SAFE_VELO_LIMIT[2]. - 49 Actual position - SG[2] $MA_SAFE_VELO_LIMIT[2]. - 50 Actual position + SG[3] $MA_SAFE_VELO_LIMIT[3]. - 51 Actual position - SG[3] $MA_SAFE_VELO_LIMIT[3]. - 52 Standstill position + tolerance $MA_SAFE_STANDSTILL_TOL. - 53 Standstill position - tolerance $MA_SAFE_STANDSTILL_TOL. - 54 Position actual value + n_x + tolerance $MA_SAFE_VELO_X + $MA_SAFE_POS_TOL. - 55 Position actual value + n_x $MA_SAFE_VELO_X. - 56 Position actual value - n_x $MA_SAFE_VELO_X. - 57 Position actual value - n_x - tolerance $MA_SAFE_VELO_X $MA_SAFE_POS_TOL - 58 Active external stop request. - 59 SG correction factor 1 $MA_SAFE_VELO_OVR_FACTOR[0]. - 60 SG correction factor 2 $MA_SAFE_VELO_OVR_FACTOR[1]. - 61 SG correction factor 3 $MA_SAFE_VELO_OVR_FACTOR[2]. - 62 SG correction factor 4 $MA_SAFE_VELO_OVR_FACTOR[3]. - 63 SG correction factor 5 $MA_SAFE_VELO_OVR_FACTOR[4]. - 64 SG correction factor 6 $MA_SAFE_VELO_OVR_FACTOR[5]. - 65 SG correction factor 7 $MA_SAFE_VELO_OVR_FACTOR[6]. - 66 SG correction factor 8 $MA_SAFE_VELO_OVR_FACTOR[7]. - 67 SG correction factor 9 $MA_SAFE_VELO_OVR_FACTOR[8]. - 68 SG correction factor 10 $MA_SAFE_VELO_OVR_FACTOR[9]. - 69 SG correction factor 11 $MA_SAFE_VELO_OVR_FACTOR[10]. - 70 SG correction factor 12 $MA_SAFE_VELO_OVR_FACTOR[11]. - 71 SG correction factor 13 $MA_SAFE_VELO_OVR_FACTOR[12]. - 72 SG correction factor 14 $MA_SAFE_VELO_OVR_FACTOR[13]. - 73 SG correction factor 15 $MA_SAFE_VELO_OVR_FACTOR[14]. - 74 SG correction factor 16 $MA_SAFE_VELO_OVR_FACTOR[15]. - 75 Speed limit n_x $MA_SAFE_VELO_X. - 76 Stop response SG1 $MA_SAFE_VELO_STOP_REACTION[0]. - 77 Stop response SG2 $MA_SAFE_VELO_STOP_REACTION[1]. - 78 Stop response SG3 $MA_SAFE_VELO_STOP_REACTION[2]. - 79 Stop response SG4 $MA_SAFE_VELO_STOP_REACTION[3]. - 80 Modulo value, safe cams $MA_SAFE_MODULO_RANGE. - 81 Tolerance actual speed SBR $MA_SAFE_STOP_VELO_TOL. - 82 SG correction factor SGEs 0...15 = active SGE position. -1 = SG correction inactive (neither SG2 nor SG4 active or function not selected via $MA_SAFE_FUNCTION_ENABLE). - 83 Acceptance test duration differs $MA_SAFE_ACCEPTANCE_TST_TIMEOUT. - 84 Delay time, Stop F -> Stop B (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-313 6 Alarms 6.1 Alarms for SINUMERIK 840digital Response Remedy 11.03 $MA_SAFE_STOP_SWITCH_TIME_F. - 85 Delay time, pulse cancellation, bus failure $MN_SAFE_PULSE_DIS_TIME_BUSFAIL. - 86 Not assigned - 87 Not assigned - 88 Not assigned - 89 Encoder limit frequency $MA_SAFE_ENC_FREQ_LIMIT (only Performance_2). - 1000 Check timer (watchdog) has expired: If a channel is signaled an SGE change in the other channel, then this is checked using this check (watchdog) timer as to whether the change timer in the other channel expires.. - 1001 (only assigned on the drive, refer to Alarm 300911) - 1002 User agreement inconsistent: Data for the user agreement are different in both monitoring channels after 2 sec. have expired. %3 = status of the user agreement, NCK. %4 = status of the user agreement, 611D. - 1003 Reference tolerance $MA_SAFE_REFP_POS_TOL exceeded - 1004 Plausibility error, user agreement. - 1005 Pulses already cancelled during test stop selection. - 1006 (only assigned on drive, refer to Alarm 300911). - 1007 (only assigned on drive, refer to Alarm 300911). - 1008 (only assigned on drive, refer to Alarm 300911). - 1009 Pulses are not cancelled after the test stop time $MA_SAFE_PULSE_DIS_CHECK_TIME. - 1010 Pulses are not cancelled for a test with external pulse cancellation after the test stop time $MA_SAFE_PULSE_DIS_CHECK_TIME. - 1011 NCK/drive acceptance test status differs. - 1020 Communications error between NCK and the drive monitoring channel. NC start inhibit in this channel Alarm display If safe monitoring was active, STOP B was also automatically triggered. It is necessary to power-down/power-up the control (power on). Find the difference between the monitoring channels. The fault code %2 indicates the cause of the alarm. It is possible that the safety-relevant machine data is no longer the same (if required, re-load), or the safety-related inputs do not have the same signal level (measure). If no error of this type is apparent, an error may have occurred in the CPU, e.g. a "flipped" memory cell. This can be temporary (in this case it can be cleared using a power on) or permanent (if it re-occurs after power on, replace the hardware). Error codes for STOP F for 840D/611D: 0: No error in this channel. Search for the cause in the other channel. 1: Result list 1. The functions are controlled differently via the SGEs; evaluate the fine error coding in the 611D MDs 1391 and 1392. 2: Result list 2. Check the tolerance of the cams, evaluate the fine error coding in the 611D-MDs 1393 and 1394. 3: Actual position. Incorrect encoder evaluation (check MDs). Different standstill positions have been saved. 4: No crosswise data comparison. 5: Function enable signals Enter equal MDs. 6: Limit value for SG1. Enter equal MDs. 7: Limit value for SG2. Enter equal MDs. 8: Limit value for SG3. Enter equal MDs. 9: Limit value for SG4. Enter equal MDs. 10: Standstill tolerance. Enter equal MDs. 6-314 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: Upper limit value SE1. Enter equal MDs. Lower limit value SE1. Enter equal MDs. Upper limit value SE2. Enter equal MDs. Lower limit value SE2. Enter equal MDs. Safe cam 1+ (+tolerance). Enter equal MDs. Safe cam 1+. Enter equal MDs. Safe cam 1- (+tolerance). Enter equal MDs. Safe cam 1-. Enter equal MDs. Safe cam 2+ (+tolerance). Enter equal MDs. Safe cam 2+. Enter equal MDs. Safe cam 2- (+tolerance). Enter equal MDs. Safe cam 2-. Enter equal MDs. Safe cam 3+ (+tolerance). Enter equal MDs. Safe cam 3+. Enter equal MDs. Safe cam 3- (+tolerance). Enter equal MDs. Safe cam 3-. Enter equal MDs. Safe cam 4+ (+tolerance). Enter equal MDs. Safe cam 4+. Enter equal MDs. Safe cam 4- (+tolerance). Enter equal MDs. Safe cam 4-. Enter equal MDs. Position tolerance. Enter equal MDs. Reference position tolerance. Enter equal MDs. Time, speed changeover. Enter equal MDs. Tolerance time SGE changeover. Enter equal MDs. Delay time, pulse cancellation. Enter equal MDs. Time to test the pulse cancellation. Enter equal MDs. Transition time, STOP C to SBH. Enter equal MDs. Transition time, STOP D to SBH. Enter equal MDs. Transition time, STOP E to SBH. Enter equal MDs. Stop response after SG. Enter equal MDs. Stop response after SE. Enter equal MDs. Shutdown speed after pulse cancellation. Enter equal MDs. Data save test, stop response. Actual position value + limit value SG1. Actual position value - limit value SG1. Actual position value + limit value SG2. Actual position value - limit value SG2. Actual position value + limit value SG3. Actual position value - limit value SG3. Actual position value + limit value SG4. Actual position value - limit value SG4. Standstill position + tolerance. Standstill position - tolerance. Actual position value "+ nx" + tolerance. Actual position value "+ nx". Actual position value "- nx". Actual position value "- nx" + tolerance. Actual stop request. SG correction factor 1. Enter equal MDs. SG correction factor 2. Enter equal MDs. SG correction factor 3. Enter equal MDs. SG correction factor 4. Enter equal MDs. SG correction factor 5. Enter equal MDs. SG correction factor 6. Enter equal MDs. SG correction factor 7. Enter equal MDs. SG correction factor 8. Enter equal MDs. SG correction factor 9. Enter equal MDs. SG correction factor 10. Enter equal MDs. SG correction factor 11. Enter equal MDs. SG correction factor 12. Enter equal MDs. SG correction factor 13. Enter equal MDs. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-315 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: Program continuation SG correction factor 14. Enter equal MDs. SG correction factor 15. Enter equal MDs. SG correction factor 16. Enter equal MDs. Speed limit "nx". Enter equal MDs. Stop response for SG1. Enter equal MDs. Stop response for SG2. Enter equal MDs. Stop response for SG3. Enter equal MDs. Stop response for SG4. Enter equal MDs. Modulo value for safe cams. Enter equal MDs. Speed tolerance for the safe braking ramp. Enter equal MDs. 82: SG correction factor SGEs Control the SGEs the same. 83: Acceptance test duration. Enter equal MDs. 84: Delay time, Stop F -> Stop B. Enter equal MDs. 85: Delay time, pulse cancellation, bus failure. Enter equal MDs. 89: Encoder limit frequency. Enter equal MDs. 1000: Check (watchdog) timer has expired. Too many switching operations at the SGEs (e.g. due to contact problems, poor contact). 1001: Incorrect control timer initialization. 1002: User agreement timer expired. 1003: Reference tolerance violated. Compare the reference position with the actual safe actual position. 1004: Plausibility violation of user agreement. 1005: Pulses already cancelled for test stop selection. Test stop selection for missing pulse enable, fault in the wiring of the SGEs "Pulses are cancelled". 1006: Error for SGA forced checking procedure. 1007: Communications failure between PLC and drive. 1008: Data transfer error between PLC and drive. 1009: Trigger a subsequent stop after test stop. Check the wiring. Check the configuring of the SGE via MD $MA_SAFE_PULSE_STATUS_INPUT Check the timer stage for the test stop. 1010: Pulses not cancelled. Check the MD. 1020: Cyclic communications error between the NCK and drive. Clear the alarm with the RESET key. Restart part program. If a STOP B was initiated, then the control must be power-down/powered-up (power on). Note The previous display of Alarm 27001 with error codes 1 and 2 is replaced by the new alarms being displayed (27101 to 27107). 27002 Axis %1 Test stop in progress Parameter Explanation %1 = axis number Proper functioning of the shutdown path is presently being tested by setting of the SGE "Test stop selection". Alarm display The message serves only for user information. Alarm display disappears with alarm cause. No further operator action necessary. The alarm automatically disappears after expiration of the delay time that is defined in MD $MA_SAFE_PULSE_DIS_CHECK_TIME, and the removal of the SGE "Test stop selection" when the controller detects pulse cancellation, i.e., the test is successfully concluded. An unsuccessful test can be recognized as a result of Alarm 27001 with error code 1005 or Alarm 27024. Response Remedy Program continuation 6-316 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 27003 Checksum error occurred %1 %2 Parameter Program continuation %1 = reference to the code section or table %2 = table number Checksum error in safety-relevant code or safety-relevant data. The safe monitoring (Safety Integrated) in the NCK could be damaged. Alarm display Only continue with the work with increased caution. Reload code and data as soon as possible (power on). If this error occurs again, contact your service personnel. Power-down the control system and power-up again. 27004 Axis %1, difference safe input %2, NCK %3, drive %4 Parameter %1 = axis number %2 = monitoring involved %3 = interface label, NCK input %4 = interface label, drive input A difference has been found at the specified safe input. The state of the specified input signal differed in the two monitoring channels NCK and 611D during the time set in $MA_SAFE_MODE_SWITCH_TIME. Explanation Response Remedy Explanation Monitoring involved (%2). SS/SV SS SV SP SVOVR Difference in the SGE "De-selection safe operating stop / safely reduced speed Difference in SGE "De-selection safe operating stop" Difference in SGE "Selection safely-reduced speed" Difference in SGE "Selection safe limit position" Difference in SGEs "Selection SG corrections" Interface label, NCK input (%3): DMP<drv><mod><bit>=<value> <drv> = drive number of the terminal block (1...31) <mod> = sub-module number (1...8) <bit> = connection number (1...16) <value> = value of the NCK-SGE (0,1) SPL for the case that SGE is parameterized at the SPL interface. <io> = parameterized system variable range (01=$A_INSID, 02=$A_INSED) <dword> = system variable double word (1,2) <bit> = bit number in the system variable double word (1...32) <value> = value of the NCK-SGE (0,1) Onboard input - for the case that the SGE is parameterized at an onboard input. <bit> = input number = 01 ...04 <value> = value of the NCK-SGE = 0,1 Interface label, drive input (%4): DBX<byte><bit>=<value> <byte> = byte number in the axial DB (22, 23, 32, 33) <bit> = bit number in the byte (0...7) <value> = value of the drive SGE (0,1) Response Remedy Program continuation This alarm can be hidden using the MD $MN_SAFE_DIAGNOSIS_MASK, Bit 0=0. Alarm display Check settings for safe input signals (NCK I/Os, PLC DB parameters). Clear the alarm with the RESET key. Restart part program. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-317 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27005 Axis %1 error for crosswise data comparison: Static actual value difference Parameter Explanation %1 = axis number A difference in the actual values was detected using the crosswise data comparison between NCK and 611D monitoring channel. This difference is greater than the maximum tolerance defined in MD $MA_SAFE_POS_TOL. This can be checked using the safe position actual values of the two monitoring channels displayed in the service screen. The alarm is only displayed, if monitoring with absolute reference (SE/SN) has been enabled for the specified axis and if the user agreement has been set. As soon as the user agreement is deleted or the actual difference between the two monitoring channels again drops below the maximum permissible difference, the alarm is cleared. Alarm display The user agreement must be deleted if the alarm is available as a steady-stage alarm. When the control is then rebooted, the machine can be brought into the safe state again and operation resumed by a new referencing process and setting the user agreement. Prior to setting the user agreement, the actual position of the axis displayed in the "User enable" screen must be compared with the current machine position. This is obligatory to ensure proper functioning of the safe limit positions (SE) and safe cams (SN). The user agreement can only be changed in key-actuated switch setting 3 or after entering a password. Alarm display disappears with the alarm cause. No further operator action necessary. Response Remedy Program continuation 27006 Axis %1 test ext. pulse cancellation running Parameter Explanation %1 = axis number The perfect functioning of the external pulse cancellation is presently being tested by setting the SGE "Test stop external shutdown". Alarm display Alarm automatically disappears when the test is terminated by deleting the SGE "Test stop external shutdown". Alarm display disappears with the alarm cause. No further operator action necessary. Response Remedy Program continuation 27007 Axis %1 acceptance test mode is active Parameter Explanation %1 = axis number An SI acceptance test has been started with the acceptance test wizard at the operator panel. The acceptance test mode is activated via the NCK and drive for the duration of this acceptance test. In the acceptance test mode, SI power on alarms can be acknowledged with the reset key. Alarm display Acceptance test, e.g. de-select using the acceptance test Wizard or wait until it has been completed (the duration of the acceptance test can be parameterized using MD $MA_SAFE_ACCEPTANCE_TST_TIMEOUT). Alarm display disappears with the alarm cause. No further operator action necessary. Response Remedy Program continuation 6-318 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 27008 Axis %1 SW limit switch deactivated Parameter Explanation %1 = axis number An SI acceptance test safe end position has been started with the acceptance test wizard at the operator panel. For these acceptance tests, the singlechannel SW limit switches are de-activated for the axis/spindle in order to ensure that the safe limit positions can be approached. Alarm display De-select the acceptance test, e.g. using the acceptance test wizard or wait for the end of the test. Alarm display disappears with alarm cause. No further operator action necessary. Response Remedy Program continuation 27010 Axis %1 tolerance for safe operating stop exceeded Parameter Explanation Program continuation %1 = axis number The axis has moved too far away from the reference position. It is further away than allowed in MD $MA_SAFE_STANDSTILL_TOL. The alarm can be re-configured in the MD $MN_ALARM_REACTION_CHAN_NOREADY (channel not ready). Mode group not ready Channel not ready NC start inhibit in this channel Interface signals were set Alarm display NC stop for alarm Channel not ready Stop the axis with speed setpoint = 0 (STOP B). As soon as the speed actual value is less than that defined in the MD $MA_SAFE_STANDSTILL_VELO_TOL, at the latest however, after the time in MD $MA_SAFE_PULSE_DISABLE_DELAY expires, the pulses are cancelled (STOP A). Check the tolerance for the standstill monitoring: does the value match the precision and control dynamics of the axis? If not, increase tolerance. If yes, check the machine for damage and repair it. Power-down the control and power-up again. 27011 Axis %1 safely-reduced speed exceeded Parameter Explanation %1 = axis number The axis has moved too quickly and faster than that specified in MD $MA_SAFE_VELO_LIMIT. When SBH/SG is active and for a 1-encoder system, the speed, that corresponds to the encoder limit frequency saved in MD SAFE_ENC_FREQ_LIMIT was exceeded. NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm The axis is stopped with STOP A, C, D or E, depending on what has been configured in MD $MA_SAFE_VELO_STOP_MODE or MD $MA_SAFE_VELO_STOP_REACTION. If no obvious operator error has occurred: Check the value entered into the MDs, check SGEs: Was the correct safely-reduced speed selected? If the MDs and SGEs are o.k., check the machine for any damage and rectify. Clear the alarm with the RESET key. Restart part program. Response Remedy Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-319 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27012 Axis %1 Safe limit position crossed Parameter Explanation %1 = axis number The axis has passed the limit position entered in MD $MA_SAFE_POS_LIMT_PLUS or MD $MA_SAFE_POS_LIMIT_MINUS. NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm The axis is stopped with STOP C, D or E, according to the configuration in MD $MA_SAFE_POS_STOP_MODE. If no obvious operator error has occurred: Check the value entered in the machine data, check the SGEs: Was the correct one of 2 limit positions selected? If the MDs and SGEs are o.k., check the machine for any damage and repair. Clear the alarm with the RESET key. Restart part program. Withdraw the user agreement for this axis. Then press the RESET key. The program is aborted and the alarm reset. Move the axis in the JOG mode to the valid traversing range. After the NC program error has been eliminated and the position of this axis carefully checked, the user agreement can be re-issued and the program can be restarted. Response Remedy Program continuation 27013 Axis %1 safe braking ramp exceeded Parameter Explanation Program continuation %1 = axis number After the initiation of STOP B or C, the speed exceeded the tolerance value entered in MD $MA_SAFE_STOP_VELO_TOL. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Interlock the pulses by initiating a STOP A. Check the MD $MA_SAFE_STOP_VELO_TOL. Check the braking characteristics of the drive involved. Power-down the control and power-up again. 27020 Axis %1: STOP E activated Parameter Explanation %1 = axis number This alarm comes with Alarms 27011 "Safely-reduced speed exceeded" or 27012 "Safe limit position exceeded" (according to the configuration in MD $MA_SAFE_VELO_STOP_MODE, $MA_SAFE_VELO_STOP_REACTION or MD $MA_SAFE_POS_STOP_MODE). NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm A LIFTFAST-ASUP (sub-routine) is initiated and the safe operating stop (SBH) is internally activated after the time set in MD $MA_SAFE_STOP_SWITCH_TIME_E has expired. Remove the causes for "Safely-reduced speed exceeded" and/or "Safe limit position exceeded" (refer to a description of the alarms). Clear the alarm with the RESET key. Restart part program. Response Remedy Response Remedy Program continuation 6-320 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 27021 Axis % 1: STOP D activated Parameter Explanation Program continuation %1 = axis number This alarm comes with Alarms 27011 "Safely-reduced speed exceeded" or 27012 "Safe limit position exceeded" (according to the configuration in MD $MA_SAFE_VELO_STOP_MODE, $MA_SAFE_VELO_STOP_REACTION or $MA_SAFE_POS_STOP_MODE). NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm "Braking along the path" is initiated and the safe operating stop (SBH) is internally activated after the time set in MD $MA_SAFE_STOP_SWITCH_TIME_D has expired. Remove the causes for "Safely-reduced speed exceeded" and/or "Safe limit position exceeded" (refer to a description of the alarms). Clear the alarm with the RESET key. Restart part program. 27022 Axis %1: STOP C activated Parameter Explanation Program continuation %1 = axis number This alarm comes with Alarms 27011 "Safely-reduced speed exceeded" or 27012 "Safe limit position exceeded" (according to the configuration in MD $MA_SAFE_VELO_STOP_MODE, $MA_SAFE_VELO_STOP_REACTION or $MA_SAFE_POS_STOP_MODE). NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm "Braking along the current limit" is initiated and the safe operating stop (SBH) is internally activated after the time, set in MD $MA_SAFE_STOP_SWITCH_TIME_C has expired. Remove the causes for "Safely-reduced speed exceeded" and/or "Safe limit position exceeded" (refer to a description of the alarms). Clear the alarm with the RESET key. Restart part program. 27023 Axis %1: STOP B activated Parameter Explanation %1 = axis number This alarm comes with the alarm 27010 "Tolerance for safe standstill exceeded" or after the Alarm 27001 "STOP F initiated". The alarm can be reconfigured in the MD ALARM_REACTION_CHAN_NOREADY (channel not ready). Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm "Braking along the current limit" is initiated and the timer for changeover to STOP A is activated (refer to MD $MA_SAFE_PULSE_DISABLE_DELAY). Remove the causes for "Tolerance for safe standstill exceeded" or for "Safe F initiated" (refer to a description of these alarms). Power-down the control and power-up again. Response Remedy Response Remedy Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-321 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27024 Axis %1: STOP A activated Parameter Explanation Program continuation %1 = axis number This alarm is output as a result of Alarm 27011 "safely-reduced speed exceeded" (for the appropriate configuring in $MA_SAFE_VELO_STOP_MODE, $MA_SAFE_VELO_STOP_REACTION), Alarm 27013 "safe braking ramp exceeded", Alarm 27023 "Stop B initiated" unsuccessful test stop. The alarm can be re-configured in the MD ALARM_REACTION_CHAN_NOREADY (channel not ready). Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm "Pulse cancellation" initiated. Remove the causes of - Alarm "safely-reduced speed exceeded", - Alarm "safe braking ramp exceeded", - Alarm "Stop B initiated" - Unsuccessful test stop (refer to the description of the alarms). Power-down the control and power-up again. 27030 Axis %1 function not supported on this 611D module Parameter Explanation %1 = axis number SINUMERIK Safety Integrated can only be used with the 611D Performance control modules with 2 measuring circuits per drive and shutdown relay. An attempt has been made to activate a safety function although no such module is plugged in. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Replace the module or switch-off safety functions in MD $MA_SAFE_FUNCTION_ENABLE. Power-down the control and power-up again. Response Remedy Response Remedy Program continuation 27031 Axis %1 limit value for safely-reduced speed %2 for ratio %3 too high (max. %4) Parameter %1 = axis number %2 = limit value index %3 = number of the ratio %4 = maximum speed All of the limit values in MD $MA_SAFE_VELO_LIMIT must be set so that the limit frequency of the amplitude monitoring in the measuring circuit hardware is not exceeded. The limit value that does not maintain this condition, is specified here as second parameter (1 for SG1, 2 for SG2, etc.). The third parameter indicates the gear stage, e.g. 1 for gear stage 1, 2 for gear stage 2, etc. The fourth parameter indicates the maximum speed that can be entered to just maintain the limit frequency in safe operation. Explanation 6-322 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Response Remedy Program continuation 6 Alarms 6.1 Alarms for SINUMERIK 840digital The alarm can be re-configured in the MD ALARM_REACTION_CHAN_NOREADY (channel not ready). Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Initiation of a "Pulse cancellation". Reduce the limit value in MD $MA_SAFE_VELO_LIMIT[x], x = (2nd alarm parameter) - 1, or correct the setting of the gear factors. Power-down the control and power-up again. 27032 Axis %1: Checksum error safety monitors. Acknowledgement and acceptance test required! Parameter Explanation Program continuation %1 = axis number The relevant MDs $MN_SAFE_..., $MN_PROFISAFE_..., $MA_SAFE ... are protected by a checksum. The alarm indicates that the current checksum is no longer the same as the stored setpoint checksum, i.e. that an MD value has either been changed illegally or that data is corrupted. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check MDs. Have the checksum re-calculated. Safety functions should be subject to a new acceptance test. Power-down the control and power-up again. 27033 Axis %1 parameterization of the MD %2[%3] not valid Parameter %1 = axis number %2 = machine data label %3 = machine data index The parameterization of machine data %2 is incorrect. An additional indication is the field index of the machine data. If the machine data is a single machine data a zero is specified as array index. This alarm occurs in the following contexts: - 1. The conversion of the specified MD into the internal computation format results in an overflow. - 2. The values entered in MD $MA_SAFE_POS_LIMIT_PLUS and $MA_SAFE_POS_LIMIT_MINUS have been interchanged. The upper limit is less than or equal to the lower limit. - 3. For an axis with safety functions the setpoint/actual value assignment in MD $MA_SAFE_ENC_SEGMENT_NR, MD $MA_CTRLOUT_SEGMENT_NR was not made for the drive bus. No module number was specified for a setpoint /actual value channel assignment in MD $MA_CTRLOUT_MODULE_NR, MD $MA_SAFE_ENC_MODULE_NR. - 4. The number of drives has changed. When reading back the standstill position and the associated drive number, a difference was identified to the current drive configuration. - 5. A safety function was enabled in MD $MA_SAFE_FUNCTION_ENABLE without the safety functions SBH/SG having been enabled. - 6. Error when parameterizing the input/output assignments for the SGEs/SGAs. Response Remedy Explanation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-323 6 Alarms 6.1 Alarms for SINUMERIK 840digital - 7. - 8. - 9. - 10. - 11. - 12. - 13. - 14. - 15. - 16. - 17. - 18. - 19. - 20. - 21. - 22. - 23. - 24. - 25. - 26. 6-324 11.03 A zero was entered into MD $MA_SAFE_ENC_GRID_POINT_DIST. A zero was entered into MD $MA_SAFE_ENC_RESOL. Various settings were made in MD $MA_IS_ROT_AX and MD $MA_SAFE_IS_ROT_AX. A non-existent measuring circuit was parameterized in MD $MA_SAFE_ENC_INPUT_NR. The number of drive was entered into MD $MA_SAFE_ENC_MODULE_NR that is either non-existent or is detected as being inactive. For an inactive drive, MD $MA_SAFE_ENC_TYPE was not reset to 0. An encoder type was parameterized in MD $MA_SAFE_ENC_TYPE that does not correspond to the actual type being used. An incorrect encoder type ($MA_SAFE_ENC_TYPE = 0, 2, 3 or 5) for active drive was entered in MD $MA_SAFE_ENC_TYPE. When parameterizing the motor encoder in MD $MA_SAFE_ENC_INPUT_NR, the measuring circuit for the 2nd measuring system is also used in order to secure the two-channel functionality. The 2nd measuring circuit of this drive module was also parameterized in the data of another axis so that there is a double assignment. The 2nd measuring circuit connection - for this parameterization cannot be used for the actual value sensing. For a linear axis, a value of greater than 10mm was entered into MD $MA_SAFE_POS_TOL. For linear axis, a value of greater than 1mm was entered into MD $MA_SAFE_REFP_POS_TOL . The limit values for the "n<n_x" monitoring function, calculated from MD $MA_SAFE_VELO_X and MD $MA_SAFE_POS_TOL are the same magnitude. One of the activated cam positions is outside the actual value modulo range. The parameterized cam modulo range MD $MA_SAFE_MODULO_RANGE is not an integral multiple of 360 degrees. The parameterized cam modular range MD $MA_SAFE_MODULO_RANGE and the modulo range in MD $MA_MODULO_RANGE cannot be divided by one another to give an integer number. The function "actual value synchronization 2-encoder system" (slip) is selected for a single-encoder system or a function with absolute reference (SE/SN) is simultaneously selected. The Alarms 27000/300950 should be suppressed when parking (MD $MA_SAFE_PARK_ALARM_SUPPRESS!=0). In this case, the SGA "axis safely referenced" must be parameterized using the MD $MA_SAFE_REFP_STATUS_OUTPUT. An axial SGE/SGA was parameterized at the SPL interface (segment number = 4) and the function enable for the external stops is missing (MD $MA_SAFE_FUNCTION_ENABLE, Bit 6). An axial SGE/SGA was parameterized at the SPL interface (segment number = 4) and the SGE "de-selection ext Stop A" (assigned using MD $MA_SAFE_EXT_STOP_INPUT[0]) was parameterized inverted (bit 31 = 1) or the SGE "de-selection ext. Stop A" was not parameterized at the SPL interface $A_OUTSI. For the parameterized incremental encoder, the function "save actual value for incremental encoder" is selected via MD $MA_ENC_REFP_STATE and a monitoring function with absolute reference (SE/SN) is selected via MD $MA_SAFE_FUNCTION_ENABLE. The combination of functions is not permitted. For a linear axis, a value greater than 1,000 mm/min was entered into MD $MA_SAFE_STANDSTILL_VELO_TOL. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital Program continuation - 27. For a linear axis, a value greater than 20,000 mm/min was entered into MD $MA_SAFE_STOP_VELO_TOL. - 28. For a linear axis, a value greater than 1,000 mm/min was entered into MD $MA_SAFE_VELO_X. - 29. For a linear axis, a value greater than 1,000 mm/min was entered into MD $MA_SAFE_SLIP_VELO_TOL. - 30. A value greater than the maximum selectable encoder limit frequency for safe operation of a single-encoder system was set in MD $MA_SAFE_ENC_FREQ_LIMIT. - 31. A value greater than 300 kHz for a Performance 1 or Standard 2 control module was set in MD $MA_SAFE_ENC_FREQ_LIMIT. - 32. MD $MA_SAFE_EXT_PULSE_ENAB_OUTPUT was not parameterized or was not correctly parameterized. This MD must be parameterized if bit 30 in MD $MA_SAFE_PULSE_ENABLE_OUTPUT is set to 1 - i.e. internal pulse cancellation is used. - 33. MD $MN_SAFE_SPL_STOP_MODE was parameterized to a value of 4 (Stop E) without having enabled the external Stop E in all axes with SI function enable signals (MD $MA_SAFE_FUNCTION_ENABLE not equal to 0). - 34. The test of the brake mechanical system was enabled in MD $MA_FIXED_STOP_MODE (bit 1 = 1), without safe operation having been enabled for this axis in MD $MA_SAFE_FUNCTION_ENABLE. The test of the brake mechanical system is only permissible in this axis with safety functions. - 35. The MD $MA_SAFE_VELO_STOP_MODE or MD $MA_SAFE_VELO_STOP_REACTION was parameterized for an illegal value. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check and alter the MD named in the alarm text. Have the checksum recalculated. Re-accept safety functions. Power-down the control and power-up again. 27034 Parameterization of MD %1 invalid Parameter Explanation %1 = machine data label The parameterization of %1 is incorrect. This alarm occurs in the following cases: An invalid value was set for MD $MN_SAFE_ALARM_SUPPRESS_LEVEL. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check and correct the specified machine data. Power-down the control and power-up again. Response Remedy Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-325 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27090 Error in data NCK-PLC %1 [%2], NCK: %3; %4<ALSI> Parameter %1 = name of the system variable in which error was detected %2 = supplementary info, system variables - field index %3 = supplementary information, comparison value NCK %4 = supplementary information, crosswise data comparison - field index For the cyclic crosswise data comparison between NCK and PLC, differences have occurred in the compared data.. Parameter %1 specifies the incorrect system variable ($A_INSI, $A_OUTSI, $A_INSE, $A_OUTSE or $A_MARKERSI) with field index %2. Special cases: Display "Error for crosswise data comparison NCK-PLC, $MN_PREVENT_SYNACT_LOCK[0], ..." means that the SPL commissioning status is set differently in the NCK and PLC. Display "Error for crosswise data comparison NCK-PLC, $MN_SPL_STOP_MODE[0], ..." means that the SPL stop response (Stop D or E) is set differently in the NCK and PLC. Display "error for crosswise data comparison NCK-PLC, TIMEOUT[0], NCK: 0" means that there is a major communications error between the NCK and PLC and no crosswise data comparison can be carried-out. Explanation For crosswise data comparison errors on the system variables $A_INSE, the system variable involved is specified in alarm parameter %1 and the hardware assignment parameterized in MD $MN_SAFE_IN_HW_ASSIGN[0...7] is displayed, so that the hardware connection involved can be directly seen from the data in the alarm line. Example: Error for crosswise data comparison, NCK-PLC, DMP 04.03 bit 01=$A_INSE[2], NCK: 1; The information in the example (04.03) corresponds to the entries made in the machine data $MN_SAFE_IN_HW_ASSIGN[0...7] about the system variables. They specify: DMP 04.xx The drive number of the terminal block involved (value range = 01...21) Module number of the input module (value range = 01...08) The specified numbers are in the hexadecimal notation the same as in MD $MN_SAFE_IN_HW_ASSIGN[0...7]. The bit number is specified starting just like the numbering of the inputs on the DMP modules with the value 0 (value range = 00...15) When assigning the SPL inputs to the NC onboard inputs, the expanded alarm text looks like this: Error for the crosswise data comparison, NCK-PLC, NC-Onboard-In 01=$A:INSE[1], NCK: 1;2 A specific alarm message can be configured on the HMI for each of the listed system variables using parameter %4: %4 = 0: Error SPL commissioning status ($MN_PREVENT_SYNACT_LOCK[0,1] - DB18.DBX36.0) or different stop response ($MN_SAFE_SPL_STOP_MODE - DB18.DBX36.1) %4 = 1.... 64: Error in system variables $A_INSE[1...64] %4 = 65...128: Error in system variables $A_OUTSE[1...64] %4 = 129...192: Error in system variables $A_INSI[1...64] %4 = 193..256: Error in system variables $A_OUTSI[1...64] %4 = 257...320: Error in system variables $A_MARKERSI[1...64] In order to parameterize Alarm 27090, file ALSI_xx.com must be incorporated in the data management and communicated to the HMI via MBDDE.INI in section [IndexTextFiles] ALNX=f:\dh\mb.dir\alsi_. The machinery construction OEM can re-define this file in order to incorporate sensible expanded texts in the alarm for his particular machine/system. If the file is to be re-defined, the new file to be created must be made known to the system via MBDDE.INI. 6-326 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital Program continuation The display of Alarm 27090 is influenced via the MD $MN_SAFE_ALARM_SUPPRESS_LEVEL: MD $MN_SAFE_ALARM_SUPPRESS_LEVEL = 2 : Alarm 27090 is only displayed for the first data difference found. Alarm display A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality if the SPL commissioning phase (MD $MN_PREVENT_SYNACT_LOCK[0,1] not equal to 0) has been completed. Analyze the displayed value and evaluate DB18: SPL_DELTA on the PLC side. Find the difference between the monitoring channels. Possible causes: incorrect wiring incorrect SPL the axial SGEs have been incorrectly assigned to the internal interface $A_OUTSI the axial SGAs have been incorrectly assigned to the internal interface $A_INSI the SPL-SGEs have been incorrectly assigned to the external interface $A_INSE the SPL-SGAs have been incorrectly assigned to the external interface $A_OUTSE different SPL commissioning status has been set in the NCK and PLC different SPL stop response has been set in the NCK and PLC Clear the alarm with the RESET key. Restart part program. 27091 Error in data cross check NCK-PLC, STOP of %1 Parameter %1 = supplementary information about the monitoring channel that has initiated the stop The monitoring channel specified in %1 (NCK or PLC) has triggered a stop D or E (depending on the parameterization in MD $MN_SAFE_SPL_STOP_MODE). Alarm 27090 provides additional information about the reason for the Stop D/E. Alarm display A STOP D/E has been initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality if the SPL commissioning phase (MD $MN_PREVENT_SYNACT_LOCK[0,1] not equal to 0) has been completed. Evaluate the alarm parameters of Alarm 27090 and correct the SPL, or check the I/O modules/wiring or the internal SPL interfaces to the safety monitoring channels in the NCK and drive 611D. Clear the alarm with the RESET key. Restart part program. Response Remedy Explanation Response Remedy Program continuation 27092 Communications interrupted for crosswise data comparison, NCKPLC, error detected by %1 Parameter Explanation %1 = supplementary information about the detecting monitoring channel The delay timer stage (1s) for the communication monitoring has been exceeded in the monitoring channel specified in %1 (NCK or PLC). The other monitoring channel did not send a new data packet within this time. Alarm display A STOP D/E has been initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality if the SPL commissioning phase (MD $MN_PREVENT_SYNACT_LOCK[0,1] not equal to 0) has been completed. A timer stage of 5 sec is started - after it has expired - the external NCK-SPL outputs are deleted - the PLC goes to stop. Do not start the SPL again. Check the system components (PLC must have the correct version of FB15 and have DB18). Power-down the control and power-up again. Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-327 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27093 Checksum error NCK-SPL, %1, %2, %3 Parameter Program continuation %1 = supplementary information about the type of error %2 = supplementary information about reference size %3 = supplementary information about current size The checksum error in the NCK SPL. The file /_N_CST_DIR/_N_SAFE_SPF was subsequently modified. The safe programmable logic (SPL) in the NCK may be corrupted. Parameter %1 provides further information about the type of change: %1 = FILE_LENGTH: The file length has changed. %1 = FILE_CONTENT: The file contents have changed. %2 specifies the variable calculated as the reference (file length, checksum about file contents), %3 specifies the current size calculated cyclically. Alarm display Check the file and when the last change was made to that file. Reload the original file and start the monitoring system again with a power on. Power-down the control and power-up again. 27094 Write access to system variable %1 only allowed from NCK-SPL Parameter Explanation Response Remedy Program continuation %1 = name of the safety system variable involved Write access to one of the safety system variables is only possible from part program /_N_CST_DIR/_N_SAFE_SPF. If this error occurs, an instruction from another part program was detected. Alarm display Check the part program used for write access to safety system variables. Clear the alarm with the RESET key. Restart part program. 27095 %1 SPL protection not activated Parameter Program continuation %1 = name of the component for which the protection is not activated (NCK or PLC). The protective mechanisms for the SPL have not been activated. The commissioning phase of the SPL has not yet been completed. For an error in the crosswise data comparison between NCK and PLC, a stop response (Stop D or E) is not initiated. Alarm display Remedy for NCK: Activate the protective mechanisms by writing to MD $MN_PREVENT_SYNACT_LOCK[0,1]. The number range of the synchronous action IDs used in the SPL must be entered in this MD. Remedy for PLC: Activate the protective mechanisms by setting the appropriate data bit in DB18. Clear the alarm with the RESET key. Restart part program. 27096 SPL start not allowed Explanation To start the SPL in the protected state ($MN_PREVENT_SYNACT_LOCK[0,1] not equal to 0), at least one axis must have safety integrated functionality activated (via MD $MA_SAFE_FUNCTION_ENABLE) beforehand. Without this functionality it is only possible to operate the SPL in the commissioning state. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Explanation Response Remedy Explanation Response Remedy Response 6-328 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Remedy 6 Alarms 6.1 Alarms for SINUMERIK 840digital Program continuation Commissioning the axial safety integrated functionality or cancellation of the SPL protection using MD $MN_PREVENT_SYNACT_LOCK[0,1] Power-down the control and power-up again. 27100 At least one axis is not safely referenced Explanation There are two reasons for this alarm: the machine position of at least one of the axes monitored with SI has not been acknowledged by the user or the machine position of at least one of the axes monitored with SI has still not been verified by subsequent referencing Even if the axis is already referenced, there is no acknowledgement that referencing has supplied the correct result. For example, incorrect results can occur if the axis was moved after the control was powered-down, with the result that the standstill position saved prior to powering-down is no longer correct. To make sure that this does not happen, the user must acknowledge the displayed actual position after the first referencing process. When the user agreement has been set for the first time, the axis must be subsequently referenced each time that the control is run-up (with absolute encoders, this subsequent referencing is automatically executed). This procedure is carried out to verify the standstill position saved prior to poweringdown the control. The alarm display can be set in $MN_SAFE_ALARM_SUPPRESS_LEVEL (MD<3) in such a way that incorrect referencing is displayed separately for each axis. Alarm display The SGA "Axis safely referenced" is not set. SE is disabled if the safe actual position has not yet been acknowledged by the user agreement. If the user agreement is set, SE remains active. The safe cams are calculated and output, but their significance is limited because referencing has not been acknowledged. Move all of the SI axes to the known positions and change into the "Referencing" mode. Check the positions on the machine displayed in the user agreement field and set "User agreement" using the selection/toggle key. If the user agreement has already been set for the axis, then re-reference the axes. It is only possible to change the user agreement in the key-operated switch position 3 or after entering a password. Alarm display disappears with alarm cause. No further operator action necessary. Response Remedy Program continuation 27101 Axis %1, difference in function safe operating stop, NCK: %2, drive: %3 Parameter %1 = Axis number %2 = Monitoring status, safe operating stop %3 = Monitoring status, safe operating stop In the crosswise data comparison of result list 1 between the monitoring channels, NCK and drive, a difference was detected in the monitoring state of the safe operating stop monitoring. Safe operating stop: Bit 0,1 in result list 1 monitoring state (%2, %3): - OFF = monitoring inactive in this monitoring channel - OK = monitoring active in this monitoring channel, limit values not violated - L+ = monitoring active in this monitoring channel, upper limit value violated - L- = monitoring active in this monitoring channel, lower limit value violated Explanation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-329 6 Alarms 6.1 Alarms for SINUMERIK 840digital Response Remedy Program continuation 11.03 Alarm display If safe monitoring was active, then STOP B was also automatically initiated. It is necessary to power-down the control and power it up again (power on). Check that the safe inputs in both monitoring channels have switched into the same state within the permissible time tolerance. For further diagnostics, refer to the drive machine data 1391, 1392 and the servo-trace signal "Results list 1 NCK" and "Results list 1 Drive". Clear the alarm with the RESET key. Restart part program. 27102 Axis %1, difference in function safe velocity %2, NCK: %3, drive: %4 Parameter %1 = Axis number %2 = SG stage for which the difference was detected %3 = Monitoring status, safely-reduced speed %4 = Monitoring status, safely-reduced speed In the crosswise data comparison of result list 1between the monitoring channels, NCK and drive, a difference in the monitoring state of the safelyreduced speed monitoring was detected. - Safely-reduced speed 1: Bits 6, 7 in result list 1 - Safely-reduced speed 2: Bits 8, 9 in result list 1 - Safely-reduced speed 3: Bits 10, 11 result list 1 - Safely-reduced speed 4: Bit 12, 13 in result list 1 Monitoring state (%3, %4): - OFF = monitoring inactive in this monitoring channel - OK = monitoring active in this monitoring channel, limit values not violated - L+ = monitoring active in this monitoring channel, upper limit value violated - L- = monitoring active in this monitoring channel, lower limit value violated Alarm display If safe monitoring was active, then STOP B was also automatically initiated. It is necessary to power-down the control and power it up again (power on). Check that the safe inputs in both monitoring channels have switched into the same state within the permissible time tolerance. For further diagnostics, refer to the drive machine data 1391, 1392 and the servo-trace signal "Results list 1 NCK" and "Results list 1 Drive". Clear the alarm with the RESET key. Restart part program. Explanation Response Remedy Program continuation 27103 Axis %1, difference in function safe limit position %2, NCK: %3, drive: %4 Parameter %1 = Axis number %2 = Number of SE limit %3 = Monitoring status, safe limit position %4 = Monitoring status, safe limit position In the crosswise comparison of result list 1between the monitoring channels, NCK and drive, a difference was detected in the monitoring state of the safe limit position monitoring. - safe limit position 1: Bits 2, 3 in result list 1 - safe limit position 2: Bits 4, 5 in result list 1 Monitoring state (%3, %4): - OFF = monitoring inactive in this monitoring channel - OK = monitoring active in this monitoring channel, limit values not violated - L+ = monitoring active in this monitoring channel, upper limit value violated - L- = monitoring active in this monitoring channel, lower limit value violated Explanation 6-330 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Response Remedy Program continuation 6 Alarms 6.1 Alarms for SINUMERIK 840digital Alarm display If safe monitoring was active, the STOP B was also automatically initiated. It is necessary to power-down the control and power it up again (power on). Check that the safe inputs in both monitoring channels have switched into the same state within the permissible time tolerance. For further diagnostics, refer to the drive machine data 1391 and 1392 and the servo-trace signal "Results list 1 NCK" and "Results list 1 Drive". Clear the alarm with the RESET key. Restart part program. 27104 Axis %1, difference in function safe cam plus %2, NCK: %3, drive: %4 Parameter %1 = Axis number %2 = Number of cam %3 = Monitoring status, safe cam plus %4 = Monitoring status, safe cam plus During the crosswise comparison of result list 2 between the monitoring channels, NCK and drive, a difference was detected in the monitoring state of the safe cam plus monitoring. - safe cam 1+: Bits 0, 1 in result list 2 - safe cam 2+: Bits 4, 5 in result list 2 - safe cam 3+: Bits 8, 9 in result list 2 - safe cam 4+: Bits 12, 13 in result list 2 Monitoring state (%3, %4): - OFF = monitoring inactive in this monitoring channel - OK = monitoring active in this monitoring channel, limit values not violated - L+ = monitoring active in this monitoring channel, upper limit value violated - L- = monitoring active in this monitoring channel, lower limit value violated Alarm display If safe monitoring was active, then STOP B was also automatically initiated. It is necessary to power-down the control and power it up again (power on). Check that the safe actual values in both monitoring channels match. For further diagnostics, the drive machine data 1393, 1394 and the servo trace signals "Result list 2, NCK" and "Result list 2, drive" can be used. Clear the alarm with the RESET key. Restart part program. Explanation Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-331 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27105 Axis %1, difference in function safe cam minus %2, NCK: %3, drive: %4 Parameter %1 = Axis number %2 = Number of cam %3 = Monitoring status, safe cam minus %4 = Monitoring status, safe cams minus In the crosswise comparison of result list 2 between the monitoring channels, NCK and drive, a difference was detected in the monitoring state of the safe cam minus monitoring. - safe cam 1-: Bits 2, 3 in result list 2 - safe cam 2-: Bits 6, 7 result list 2 - safe cam 3-: Bits 10, 11 in result list 2 - safe cam 4-: Bits 14, 15 result list 2 Monitoring state (%3, %4): - OFF = monitoring inactive in this monitoring channel - OK = monitoring active in this monitoring channel, limit values not violated - L+ = monitoring active in this monitoring channel, upper limit value violated - L- = monitoring active in this monitoring channel, lower limit value violated Alarm display If safe monitoring was active, then STOP B was also automatically initiated. It is necessary to power-down the control and power it up again (power on). Check that the safe actual values in both monitoring channels match. For further diagnostics, the drive machine data 1393, 1394 and the servo trace signals "Result list 2, NCK" and "Result list 2, drive" can be used. Clear the alarm with the RESET key. Restart part program. Explanation Response Remedy Program continuation 27106 Axis %1, difference in function safe velocity nx, NCK: %2, drive: %3 Parameter %1 = Axis number %2 = Monitoring status, safely-reduced speed nx %3 = Monitoring status, safely-reduced speed nx In the crosswise data comparison of result list 2 between the monitoring channels, NCK and drive, a difference was detected in the monitoring state of the safely-reduced speed nx monitoring. - safely-reduced speed nx+: Bits 16, 17 in result list 2 - safely-reduced speed nx-: Bits 18, 19 in result list 2 Monitoring state (%2, %3): - OFF = monitoring inactive in this monitoring channel - OK = monitoring active in this monitoring channel, limit values not violated - L+ = monitoring active in this monitoring channel, upper limit value violated - L- = monitoring active in this monitoring channel, lower limit value violated Alarm display If safe monitoring was active, then STOP B was also automatically initiated. It is necessary to power-down the control and power it up again (power on). Check that the safe actual values in both monitoring channels match. For further diagnostics, the drive machine data 1393, 1394 and the servo trace signals "Result list 2, NCK" and "Result list 2, drive" can be used. Clear the alarm with the RESET key. Restart part program. Explanation Response Remedy Program continuation 6-332 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 27107 Axis %1, Difference with Cam Modulo Monitoring function, NCK: %2, drive: %3 Parameter Program continuation %1 = Axis number %2 = Monitoring status, safe cam modulo range %3 = Monitoring status, safe cam modulo range In the crosswise data comparison of result list 2 between the monitoring channel, NCK and drive, a difference was detected in the monitoring state of the cam modulo area monitoring. Safe cam modulo range: Bits 20, 21 in result list 2 Monitoring state (%2, %3): - OFF = monitoring inactive in this monitoring channel - OK = monitoring active in this monitoring channel, limit values not violated - L+ = monitoring active in this monitoring channel, upper limit value violated - L- = monitoring active in this monitoring channel, lower limit value violated Alarm display If safe monitoring was active, then STOP B was also automatically initiated. It is then necessary to power-down the control and power it up again (power on). Check that the safe actual values in both monitoring channels match. For further diagnostics, the drive machine data 1393, 1394 and the servo trace signals "Result list 2, NCK" and "Result list 2, drive" can be used. Clear the alarm with the RESET key. Restart part program. 27124 Stop A initiated for at least 1 axis Explanation Remedy Program continuation This alarm only indicates that Stop A has been triggered in at least one axis and power on is required to acknowledge the alarm. This alarm is output if the alarm priority function was activated in MD $MN_SAFE_ALARM_SUPPRESS_LEVEL. Alarm display Interface signals are set "Pulse cancellation" is initiated for the axis involved. Locate the cause of the error using additional alarm messages. Power-down the control and power-up again. 27200 PROFIsafe: Cycle time %1 [ms] is too long Parameter Explanation %1 = parameterized cycle time The PROFIsafe communication cycle time resulting from MD $MN_PROFISAFE_IPO_TIME_RATIO and MD $MN_IPO_CYCLE_TIME exceeds the permissible limit value (25 ms). Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Correct the cycle time using MD $MN_PROFISAFE_IPO_TIME_RATIO or reduce the IPO clock cycle. Power-down the control and power-up again. Explanation Response Remedy Response Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-333 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27201 PROFIsafe: MD %1[%2]: Bus segment %3 error Parameter Remedy Program continuation %1 = MD name %2 = MD field index %3 = Parameterized bus segment An incorrect bus segment was entered in the specified machine data. The value must be 5. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Correct the MD. Power-down the control and power-up again. 27202 PROFIsafe: MD %1[%2]: Address %3 error Parameter Remedy Program continuation %1 = MD name %2 = MD field index %3 = Parameterized PROFIsafe address An incorrect PROFIsafe address was entered in the specified machine data. The value must be greater than 0. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Correct the MD. Power-down the control and power-up again. 27203 PROFIsafe: MD %1[%2]: Wrong SPL assignment Parameter %1 = MD name %2 = MD field index The parameterization in the specified MD for the connection between the SPL interface and a PROFIsafe module is incorrect. The reasons for this are as follows: - bit limits interchanged (upper bit value < lower bit value) - bit values greater than in the definition of the SPL interface (bit value > 64) - number of bits too high for this PROFIsafe module (upper bit value - lower bit value + 1> 8) - no SPL assignment was parameterized (both bit values are equal to zero) - incorrect SPL assignment (bit value equal to zero) Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Correct the MD. Power-down the control and power-up again. Explanation Response Explanation Response Explanation Response Remedy Program continuation 6-334 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 27204 PROFIsafe: Double assignment MD %1[%2] - MD %3[%4] Parameter %1 = MD name 1 %2 = MD field index for MD name 1 %3 = MD name 2 %4 = MD field index for MD name 2 A double assignment has illegally been parameterized in the specified machine data: A_INSE parameterized on the DMP as well as PROFIsafe modules. MDs involved: - MD $MN_SAFE_IN_HW_ASSIGN - MD $MN_PROFISAFE_IN_ASSIGN Explanation Remedy Program continuation $A_INSE parameterized on several PROFIsafe modules. MD involved: - MD $MN_PROFISAFE_IN_ASSIGN Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Correct the MD. Power-down the control and power-up again. 27205 PROFIsafe: Number of signals in MD %1[%2] - MD %3[%4] Parameter Remedy Program continuation %1 = MD name 1 %2 = MD field index to the MD name 1 %3 = MD name 2 %4 = MD field index to the MD name 2 The parameterized number of signals used must be the same in both machine data. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Correct the MD. Power-down the control and power-up again. 27206 PROFIsafe: MD %1[%2] max. bit index %3 exceeded Parameter %1 MD name %2 MD field index to the MD name %3 max. bit index Data parameterized in the specified machine data lie outside the useful (net) F data area of the F module. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Correct the MD. Power-down the control and power-up again. Response Explanation Response Explanation Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-335 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27207 PROFIsafe: MD %1[%2] max. sub-slot number: %3 exceeded Parameter %1 MD name %2 MD field index to the MD name %3 max. number of sub-slots The sub-slot parameterized in the specified machine data exceeds the max. permissible number of sub slots per PROFIsafe module. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Reduce the number of sub-slots by changing the F useful (net) data distribution of the PROFIsafe module. Power-down the control and power-up again. Explanation Response Remedy Program continuation 27220 PROFIsafe: Number of NCK F modules (%1) < > number of S7-F modules (%2) Parameter Program continuation %1 = number of parameterized NCK-F modules %2 = number of parameterized S7-F modules The number of F modules parameterized using the NCK machine data $MN_PROFISAFE_IN/OUT_ADDRESS is - greater than the number of PROFIBUS slaves configured in the S7 PROFIBUS - less than the number of F modules in the configured S7 PROFIBUS - greater than the number of F modules in the configured S7 PROFIBUS Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check the F parameterization in the MD $MN_PROFISAFE_IN/OUT_ADDRESS. Check the F configuration in the configured S7 PROFIBUS. Check the parameterized PROFIsafe master address in MD $MN_PROFISAFE_MASTER_ADDRESS and configured S7-PROFIBUS. Power-down the control and power-up again. 27221 PROFIsafe: NCK F module MD %1[%2] unknown Parameter %1 = MD name %2 = MD field index The F module parameterized in the specified machine data is unknown under this PROFIsafe address in the S7 PROFIBUS configuration. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check the PROFIsafe addresses in the NCK-MD and S7 PROFIBUS configuration Power-down the control and power-up again. Explanation Response Remedy Explanation Response Remedy Program continuation 6-336 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital 27222 PROFIsafe: S7 F module PROFIsafe address %1 unknown Parameter Explanation Remedy Program continuation %1 = PROFIsafe address The F module with the specified PROFIsafe address has not been parameterized as an F module in the NCK MD. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check the S7 PROFIBUS configuration. Register the module in the NCK MD. Power-down the control and power-up again. 27223 PROFIsafe: NCK F module MD %1[%2] is not a %3 module Parameter %1 = MD name %2 = MD field index %3 = Module type The F module parameterized in the specified NCK MD has not been designated as an appropraite input/output module in the S7 PROFIBUS configuration. - %3 = INPUT: - NCK F parameterization expects an INPUT module - %3 = OUTPUT: NCK F parameterization expects an OUTPUT module - %3 = IN/OUT: NCK F parameterization expects an INPUT or OUTPUT module Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check the module in the S7 PROFIBUS configuration Power-down the control and power-up again. Response Explanation Response Remedy Program continuation 27224 PROFIsafe: F module MD %1[%2] - MD %3[%4]: Double assignment of PROFIsafe address Parameter %1 = MD name 1 %2 = MD field index 1 %3 = MD name 2 %4 = MD field index 2 In the NCK MD or in the S7 F parameters, the same PROFIsafe address has been parameterized for the F modules parameterized in the specified machine data. This means that there is no unique communications relationship possible between the F master and F slave. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check and correct the S7 F parameterization and NCK MD. Power-down the control and power-up again. Explanation Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-337 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 27225 PROFIsafe: Slave %1, configuration error, %2 Parameter Remedy Program continuation %1 = PROFIBUS slave address %2 = Configuration error An error occurred during the evaluation of the S7 PROFIBUS configuration for the specified slave. This is specified further in the alarm parameter. %2 = PRM header: the PRM telegram for this slave could not clearly be interpreted. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check the S7 PROFIBUS configuration and correct. Power-down the control and power-up again. 27240 PROFIsafe: DP M has not run-up, DP info: %1 Parameter Explanation Program continuation %1 = actual information from the DP interface NCK-PLC There is no DP configuration available to the NCK after the time specified via the MD $MN_PLC_RUNNINGUP_TIMEOUT. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm - increase MD $MN_PLC_RUNNINGUP_TIMEOUT - check the PLC operating state - check the PLC operating system software release - delete the F parameterization in the NCK-MD. Power-down the control and power-up again. 27241 PROFIsafe: DP M version different, NCK: %1, PLC: %2 Parameter Program continuation %1 = version of the DP interface on the NCK side %2 = version of the DP interface on the PLC side The DP interface has been implemented differently for the NCK and PLC components. The F communication cannot be initialized. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm - check PLC operating system and correct NCK software versions. - upgrade the PLC operating system. - delete NCK-F parameterization. Power-down the control and power-up again. 27242 PROFIsafe: F module %1, %2 faulty Parameter %1 = PROFIsafe address %2 = incorrect F parameter An error was detected during the evaluation of the F parameters. %2 = CRC1: CRC error, F parameters. %2 = F_WD_Timeout: The monitoring time parameterized in Step 7 is too short Explanation Response Response Remedy Explanation Response Remedy Explanation 6-338 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Response Remedy Program continuation 6 Alarms 6.1 Alarms for SINUMERIK 840digital for the PROFIsafe cycle time defined by the MD $MN_PROFISAFE_IPO_TIME_RATIO. %2 = CRC2_Len: Incorrect length of the telegram CRC. %2 = F_Data_Len: The incorrect telegram length has been defined for the stated module. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm %2 = CRC1: General PLC reset, reload the S7 F configuration. %2 = F_WD_Timeout: Reparameterize the PROFIsafe cycle time or F monitoring time. %2 = CRC2_Len: General PLC reset, reload the S7 F configuration. %2 = F_Data_Len: General PLC reset, reload the S7 F configuration. Power-down the control and power-up again. 27250 PROFIsafe: Configuration in DP-M changed; Error code %1 - %2 Parameter Remedy Program continuation %1 = NCK project Number %2 = Current PLC project number The DP master shows a modified S7 PROFIBUS configuration. Error-free operation can no longer be guaranteed. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Communications with the F slaves is terminated. A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality. Restart the PLC/NCK. Power-down the control and power-up again. 27251 PROFIsafe: F module %1, %2 reports error %3 Parameter %1 = PROFIsafe address %2 = Signaling components (master/slave) %3 = Error detection An error has occurred in the PROFIsafe communication between the F master and the specified F module which was detected by the signaling component (master/slave). The error code specifies the error type: - %3 = TO: The parameterized communications timeout has been exceeded - %3 = CRC: A CRC error was detected - %3 = CN: An error was detected in the sequence (timing) of the F telegrams - %3 = SF: F master error, NCK/PLC are no longer in synchronism - %3 = EA: Communications error, slave sends empty telegrams Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality. Explanation Response Explanation Response (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-339 6 Alarms 6.1 Alarms for SINUMERIK 840digital 11.03 Remedy Program continuation Check the DP wiring. Restart F slave modules. Restart the NCK/PLC. Clear the alarm with the RESET key. Restart part program. 27252 PROFIsafe: Slave %1, sign-of-life error Parameter Explanation %1 = DP slave address The specified DP slave no longer communicates with the master. Stop D/E is triggered. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality. Check the DP wiring. Restart F slave modules. Restart the NCK/PLC. Clear the alarm with the RESET key. Restart part program. Response Remedy Program continuation 27253 PROFIsafe: Communication fault F master component %1, error %2 Parameter Program continuation %1 = faulty components (NCK/PLC) %2 = fault/error detected The F master signals a communications error between the NCK and PLC. The cause of the error is indicated by error code %1; - %1 = NCK: Link between PROFIsafe and SPL interface is interrupted. - %1 = PLC: The PLC no longer executes the OB40 request. - %1 = PLC-DPM: DP master is no longer in the OPERATE state. Parameter %2 provides additional information about the reason for the error: - %2 = 0: NCK-internal sequence error (refer to %1=NCK). - %2 = 1,2,4: PLC processing of the OB40 not finished. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality. Extend the PROFIsafe cycle time via MD $MN_PROFISAFE_IPO_TIME_RATIO. Clear the alarm with the RESET key. Restart part program. 27254 PROFIsafe: F module%1, error on channel %2; %3<ALSI> Parameter %1 = PROFIsafe address %2 = channel number %3 = supplementary information system variables - field index The F module signals that an error has occurred in the interface of the specified channel. Explanation Response Remedy Explanation 6-340 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.1 Alarms for SINUMERIK 840digital Remedy Program continuation This alarm is only triggered for ET200S F modules. %2=0: Special meaning: A general fault has occurred in the F module. Using parameter %3, a specific alarm message can be configured on the HMI for each of the listed system variables: - %3 = 1....64: Error in system variables $A_INSE[1...64] - %3 = 65...128: Error in system variables $A_OUTSE[1...64] Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality. Check the wiring. Wiring OK: Replace F module. Clear the alarm with the RESET key. Restart part program. 27255 PROFIsafe: F module %1, general error Parameter Explanation Program continuation %1 = PROFIsafe address The specified PROFIsafe module signals an error. A more exact specification of the cause of the error cannot be made without further resources. This alarm is triggered for all types of PROFIsafe slaves. For ET200S F modules, this error can only occur if there already is a channel error when cyclic communication starts between the F master and module. Mode group not ready Channel not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm Check the wiring. A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality. Clear the alarm with the RESET key. Restart part program. 27256 PROFIsafe: Actual cycle time %1 [ms] > parameterized cycle time Parameter Explanation %1 = actual PROFIsafe communications cycle time The current PROFIsafe communication cycle time is greater than the value set via MD $MN_PROFISAFE_IPO_TIME_RATIO. The parameterized PROFIsafe communication cycle time is continually exceeded on the PLC side. Mode group not ready NC start inhibit in this channel Interface signals are set Alarm display NC stop for alarm A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE) on all of the axes with safety functionality. Adapt the cyclic time using MD $MN_PROFISAFE_IPO_TIME_RATIO At least the value, displayed in parameter %1 must be set. The selected cycle time has an effect on the runtime utilization of the PLC module. This must also be taken into account in the setting. Clear the alarm with the RESET key. Restart part program. Response Response Remedy Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-341 6 Alarms 6.1 Alarms for SINUMERIK 840digital 27299 PROFIsafe: Diagnostics %1 %2 %3 %4 Parameter %1 error ID 1 %2 error ID 2 %3 error ID 3 %4 error ID 4 Internal error in the NCK PROFIsafe implementation. Alarm display Please contact the Siemens A&D MC, Hotline with the error text - Tel 0180 / 5050 - 222 (Germany) - Fax 0180 / 5050 - 223 - Tel +49-180 / 5050 - 222 (outside Germany) - Fax +49-180 / 5050 - 223 - email techsupport@ad.siemens.de Power-down the control and power-up again. Explanation Response Remedy Program continuation 6-342 11.03 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 6.2 Alarms from SIMODRIVE 611 digital Alarms that may occur in connection with SINUMERIK Safety Integrated are listed below. 300500 Axis %1, drive %2 system error, error codes %3, % Parameter %1 = NC axis number %2 = drive number %3 = error code 1 %4 = error code 2 The drive has signaled a system error. Safety Integrated: Interrogation: In the corresponding clock cycle. For FD: Regenerative stop (corresponds to STOP B) For MSD: Pulse and controller inhibit (corresponds to STOP A) The error occurs if the computation time of the drive processor is not sufficient for the cycle indicated in the supplementary information. Error No.: 03, Supplementary information: 40, monitoring clock cycle for SINUMERIK Safety Integrated too low. Mode group not ready Channel not ready NC stop for alarm NC start inhibit in this channel NC switches into the tracking mode Alarm display Interface signals are set Increase the relevant clock cycle or subordinate clock cycle (e.g. currentcontrol, speed-control or position-control clock cycle) or deselect any functions that are not required. Power-down the control and power-up again. Explanation Response Remedy Program continuation 300743 Axis %1 drive %2 function not supported on this 611D controller module Parameter %1 = NC axis number %2 = drive number The 611D Performance control module is required for SINUMERIK Safety Integrated. If this hardware has not been installed, this alarm is triggered. This alarm is also triggered if the motors 1PH2/4/6 are connected but neither a 611D Performance control module nor 611D Standard 2 control module is available. Interrogation: When the control is running-up. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Replace the 611 digital control module. Power-down the control and power-up again. Explanation Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-343 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 11.03 300744 Axis %1, drive %2 checksum error safe monitoring functions - acknowledgement and acceptance test required! Parameter Program continuation %1 = NC axis number %2 = drive number The actual checksum of the safety-relevant MDs calculated by the drive and saved in MD 1398: $MD_SAFE_ACT_CHECKSUM (display of the checksum of the machine data for safe functions) has another value than the setpoint (reference) checksum saved during the last machine acceptance in MD 1399: $MD_SAFE_DES_CHECKSUM (checksum of the machine data for safetyrelated functions). The safety-relevant data has been modified or there is an error. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Check all safety-relevant MDs and correct if necessary. Then carry-out a power on. Carry-out an acceptance test on the machine. Power-down the control and power-up again. 300745 Axis %1, drive %2 limit values for safe end positions exchanged Parameter Program continuation %1 = NC axis number %2 = drive number The data for the upper limit for the SE monitoring function contains a lower value than the data for the lower limit. Interrogation: When the control runs-up. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Check the following MDs MD 1334: $MD_SAFE_POS_LIMIT_PLUS[n] (upper limit value for the safe limit position) and MD 1335: $MD_SAFE_POS_LIMIT_MINUS[n] (lower limit value for the safe limit position) and change so that the upper limit value is greater than the lower limit value. Power-down the control and power-up again. 300746 Axis %1, drive %2 SBH/SG not enabled Parameter %1 = NC axis number %2 = drive number In the machine data 1301: $MD_SAFE_FUNCTION_ENABLE (safe functions enable) the function SBH/SG has not been enabled although the function SE/SN has been selected in this MD. Interrogation: When the control runs-up. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Explanation Response Remedy Explanation Response Remedy Explanation Response 6-344 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Remedy 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital Program continuation Enable the function SBH/SG via MD 1301: $MD_SAFE_FUNCTION_ENABLE (enable safe functions) Power-down the control and power-up again. 300747 Axis %1, drive %2 Invalid monitoring cycle clock for MD 1300 Parameter Program continuation %1 = NC axis number %2 = drive number MD 1300: $MD_SAFETY_CYCLE_TIME (monitoring clock cycle) was not set as a multiple of the NC position controller clock cycle. Interrogation: When the control runs-up. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Using MD 1300, set the monitoring cycle to n * NC position control cycle. Note that n must be >= 1. Power-down the control and power-up again. 300748 Axis %1, drive %2 Monitoring cycle not identical for both axes Parameter %1 = NC axis number %2 = drive number The monitoring clock cycle in MD 1300: $MD_SAFETY_CYCLE_TIME (monitoring time) for the two axes of a 2-axis module has not been set to the same value. Interrogation: When the control runs-up. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Set MD 1300: $MD_SAFETY_CYCLE_TIME (monitoring cycle) the same on all drives of the module. Power-down the control and power-up again. Explanation Response Remedy Explanation Response Remedy Program continuation 300749 Axis %1, drive %2 conversion factor between motor and load too large Parameter %1 = NC axis number %2 = drive number The factor to convert from the motor system [increments] to the load system [m/mdeg] is larger than 1 or the factor which converts the load system to the motor system is larger than 65535. Conditions: The condition for the factor to convert from the load system to motor system is: m_to_incr <= 65535 The condition for the factor to convert from the motor system to load system is: inkr_to_m <= 1 with m_to_inkr = 1 / inkr_to_m Formula for rotary axis: The following applies for rotary motor encoder and rotary axis: inkr_to_m(n) = (MD1321 SAFE_ ENC_ GEAR_ DENOM(n) / (MD1322 SAFE_ ENC_NUMERA(n)) * inkr_to_m_rot_rund with n = 0 ... 7 (gear stage) and inkr_to_m_rot_rund = (360000 / 8192) * (1 / MD1318 SAFE_ENC_RESOL) Explanation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-345 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 11.03 Program continuation * MD 1318 SAFE_ENC_RESOL (number of encoder pulses per revolution) * MD 1321 SAFE_ENC_GEAR_DENOM[n] (encoder/load gear denominator) * MD 1322 SAFE_ENC_GEAR_NUMERA[n] (encoder/load gear numerator) Formula for linear axis: The following applies for a rotary motor encoder and linear axis: inkr_to_m(n) = (MD1321 SAFE_ ENC_ GEAR_ DENOM(n) / (MD1322 SAFE_ ENC_NUMERA(n)) * inkr_to_m_rot_lin inkr_to_m_rot_lin = (1000 / 8192) * (1 / MD1318 SAFE_ENC_RESOL) * MD1320 SAFE_ENC_GEAR_PITCH Explanation: * MD 1318 SAFE_ENC_RESOL (number of encoder pulses per revolution) * MD 1320 SAFE_ENC_GEAR_PITCH (spindle pitch) * MD 1321 SAFE_ENC_GEAR_DENOM[n] (encoder/load gear denominator) * MD 1322 SAFE_ENC_GEAR_NUMERA[n] (encoder/load gear numerator) * n = 0 ... 7 (gear stage) Interrogation: When the control runs-up. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. Check the following safety-relevant MDs depending on the motor encoder type and axis type and correct, if necessary. * MD 1317 SAFE_ENC_GRID_POINT_DIST Grid division, linear scale (for linear encoder) * MD 1318 SAFE_ENC_RESOL Encoder pulses per revolution (for rotary encoder) * MD 1318 SAFE_ENC_RESOL * MD 1320 SAFE_ENC_GEAR_PITCH (for rotary encoder and linear axis) * MD 1321 SAFE_ENC_GEAR_DENOM * MD 1322 SAFE_ENC_GEAR_NUMERA (when using a gear) * The motor encoder type and the axis type are specified using MD 1302 SAFE_IS_ROT_AX Power-down the control and power-up again. 300776 Axis %1, drive %2 Measuring circuit monitoring must be active Parameter %1 = NC axis number %2 = drive number For FD: The control is inhibited, the motor is braked, SIMODRIVE_READY and DRIVE_READY are withdrawn. For MSD: The pulses are cancelled, the motor coasts down, SIMODRIVE_READY and DRIVE_READY are withdrawn. Note: The response (FD, MSD) can be configured using 611D-MD 1613.0. Interrogation: When the control runs-up and cyclic. For active Safety Integrated (MD 1301 <> 0: $MD_SAFE_FUNCTION_ENABLE (enable safe functions)), the measuring circuit monitoring of the motor (incremental) must be activated via MD 1600: $MD_ALARM_MASK_POWER_ON (alarms that can be suppressed (power on) bit 4. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Response Remedy Explanation Response 6-346 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital Program continuation Alarm display Interface signals are set Please inform the authorized personnel/service department. Activate the measuring circuit monitoring of the motor (incremental). Power-down the control and power-up again. 300900 Axis %1, drive %2 STOP A initiated Parameter Program continuation %1 = NC axis number %2 = drive number The drive is stopped using STOP A. This inhibits the pulses using the relay "Antrieb_IMP" ["Drive_IMP"]. Interrogation: In the monitoring clock cycle. If STOP A has been triggered, this can have several reasons: 1. The timer in MD 1356: $MD_SAFE_PULSE_DISABLE_DELAY (delay time, pulse cancellation) of STOP B has expired. 2. The speed threshold in MD 1360: $MD_SAFE_STANDSTILL_VELO_TOL (shutdown speed, pulse cancellation) of STOP B has not been reached. 3. The user has requested a test of the shutdown path using SGE "Test stop selection", but the pulses were not cancelled after the timer stage in MD 1357: $MD_SAFE_PULSE_DIS_CHECK_TIME (time to test the pulse cancellation) had expired. 4. Safe brake ramp (SBR) has responded. 5. "SG-specific stop response" is set to STOP A and has responded. The alarm can be re-configured in the MD ALARM_REACTION_CHAN_NOREADY (channel not ready). Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. The user must identify the cause and take appropriate measures. Power-down the control and power-up again. 300901 Axis %1, drive %2 STOP B initiated Parameter %1 = NC axis number %2 = drive number The drive is shut down using a STOP B. This inhibits the pulses using the relay "Antrieb_IMP" ["Drive_IMP"]. Interrogation: In the monitoring clock cycle. If STOP B has been triggered, this can have several reasons: 1. Safe standstill monitoring has responded. 2. Call for STOP F, i.e. a crosswise data comparison error has occurred. 3. The "SG-specific stop response" is set to STOP B and has responded. The alarm can be re-configured in the MD ALARM_REACTION_CHAN_NOREADY (channel not ready). Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. The user must identify the cause and take appropriate measures. Power-down the control and power-up again. Remedy Explanation Response Remedy Explanation Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-347 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 11.03 300906 Axis %1, drive %2 safe braking ramp exceeded Parameter Program continuation %1 = NC axis number %2 = drive number The drive is stopped using a STOP A. Interrogation: In the monitoring clock cycle. The actual speed of the axis has not decreased when braking with "nset = 0" (STOP B or STOP C), but has increased again above the speed limit corrected by braking and the tolerance specified in MD 1348: $MD_SAFE_VELO_TOL (actual speed tolerance for SBR). The alarm can be re-configured in the MD ALARM_REACTION_CHAN_NOREADY (channel not ready). Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. Check the braking characteristics and, if necessary, modify the speed tolerance in MD 1348: $MD_SAFE_VELO_TOL (actual speed tolerance for SBR). Restart is only possible with power on. Power-down the control and power-up again. 300907 Axis %1, drive %2 Tolerance for safe operational stop exceeded Parameter Program continuation %1 = NC axis number %2 = drive number The drive is stopped using a STOP A or STOP B. This inhibits the pulses using the relay "Antrieb_IMP" ["Drive_IMP"]. Interrogation: In the monitoring clock cycle. The actual position has moved too far away from the setpoint/standstill position (outside the standstill window). The standstill window is parameterized using MD 1330: $MD_SAFE_STANDSTILL_TOL (standstill tolerance SBH) Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. Check the tolerance for the safe operating stop: does the value match the precision and control dynamic performance of the axis? If not, increase the tolerance. Power-down the control and power-up again. 300908 Axis %1, drive %2 STOP C initiated Parameter %1 = NC axis number %2 = drive number The drive is stopped using a STOP C. At the end of the stop response, the drive remains in closed-loop control, the axis is monitored for SBH. Interrogation: In the monitoring clock cycle. If a STOP C was initiated, then this can have several reasons (depending on what has been configured): 1. The safely-reduced speed monitoring has responded (MD 1361: $MD_SAFE_VELO_STOP_MODE (stop response, safely-reduced speed ) or MD 1363: $MD_SAFE_VELO_STOP_REACTION (SG-specific stop response) (840D from SW4.2)). Explanation Response Remedy Explanation Response Remedy Explanation 6-348 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 2. Program continuation The safe limit-position monitoring has been triggered (MD 1362: $MD_SAFE_POS_STOP_MODE (safe limit position, stop response)). The alarm indicates the initiation of a "braking at the current limit" and the internal activation of "safe operation stop". NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. The user must identify the cause and take appropriate measures. Clear the alarm with the RESET key. Restart part program. 300909 Axis %1, drive %2 STOP D initiated Parameter Program continuation %1 = NC axis number %2 = drive number The drive was stopped by the NC with a STOP D. At the end of the stop response, the drive remains in closed-loop control, the axis is monitored for SBH. Interrogation: In the monitoring clock cycle. If a STOP D was initiated, then this can have several reasons (depending on what has been configured): 1. The safely-reduced speed monitoring has responded (MD 1361: $MD_SAFE_VELO_STOP_MODE (stop response, safely-reduced speed ) or MD 1363: $MD_SAFE_VELO_STOP_REACTION (SG-specific stop response) (840D from SW 4.2)). 2. The safe limit-position monitoring has been triggered (MD 1362: $MD_SAFE_POS_STOP_MODE (safe limit position, stop response)). The alarm indicates the initiation of a "braking along the path" in the NC and the internal activation of "safe operating stop" in the NC and drive. NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. The user must identify the cause and take appropriate measures. Clear the alarm with the RESET key. Restart part program. 300910 Axis %1, drive %2 STOP E initiated Parameter %1 = NC axis number %2 = drive number The drive was stopped by the NC with a STOP E. At the end of the stop response, the drive remains in closed-loop control, the axis is monitored for SBH. Interrogation: In the monitoring clock cycle. If a STOP E was initiated, then this can have several reasons (depending on what has been configured): 1. The safely-reduced speed monitoring has been triggered (MD 1361: $MD_SAFE_VELO_STOP_MODE (stop response, safely-reduced speed) 2. The safe end limit monitoring has been triggered (MD 1362: $MD_SAFE_POS_STOP_MODE (safe limit position, stop response)). The alarm indicates the initiation of an "extended stop and retract ESR" on the NC side or "LIFTFAST-ASUB" (840D) and the internal activation of "safe operating stop" in the NC and drive. NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Response Remedy Explanation Response Remedy Explanation Response (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-349 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital Remedy 11.03 Program continuation Please inform the authorized personnel/service department. The user must identify the cause and take appropriate measures. Clear the alarm with the RESET key. Restart part program. 300911 Axis %1, drive %2 error in one monitoring channel Parameter Program continuation %1 = NC axis number %2 = drive number The mutual comparison of the two monitoring channels has found a difference between input data or results of the monitoring functions. One of the monitoring functions no longer functions reliably, i.e. safe operation is no longer possible. Alarm display Please inform the authorized personnel/service department. Locate the difference between the monitoring channels. The error code indicating the cause is displayed as follows: For 840D the error code is output in the alarm text. For 661D MD 1395: $MD_SAFE_STOP_F_DIAGNOSIS (diagnostics for STOP F) This significance of the error code can be found as follows: For 840D: Description of Alarm 27001 The safety-relevant machine data might not be identical or the SGEs might not be at the same level (re-measure or check in SI service display). If no error of this type is apparent, an error may have occurred in the CPU, e.g. a "flipped" memory cell. This error can be temporary (in this case it can be eliminated by a power on) or permanent (if it re-occurs again after power on replace the hardware). Clear the alarm with the RESET key. Restart part program. 300914 Axis %1, drive %2 Safely reduced velocity exceeded Parameter %1 = NC axis number %2 = drive number The drive is stopped using the response configured in MD 1361: $MD_SAFE_VELO_STOP_MODE. At the end of the stop response, the drive remains in closed-loop control, the axis is monitored for SBH. Interrogation: In the monitoring clock cycle. The axis has moved faster than that specified in MD 1331: $MD_SAFE_VELO_LIMIT[n] (limit values for safely-reduced speed). If the function "correction, safely-reduced speed" in MD 1301: $MD_SAFE_FUNCTION_ENABLE has been enabled (enable safe functions), then, for SG2 and SG4, the entered correction factor must be taken into account for the permissible speed. NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. Check the machine data values that have been entered. Check the safe input signals: Is the correct one of the four speed limits selected? Clear the alarm with the RESET key. Restart part program. Explanation Response Remedy Explanation Response Remedy Program continuation 6-350 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 300915 Axis %1, drive %2 safe end positions exceeded Parameter Program continuation %1 = NC axis number %2 = drive number The drive is stopped using the response configured in MD 1362: $MD_SAFE_POS_STOP_MODE. At the end of the stop response, the drive remains in closed-loop control, the axis is monitored for SBH. Interrogation: In the monitoring clock cycle. The axis has exceeded the limit position (i.e. endstop) that is entered in * MD 1334: $MD_SAFE_POS_LIMIT_PLUS[n] (upper limit for safe limit position) * MD 1335: $MD_SAFE_POS_LIMIT_MINUS[n] (lower limit for safe limit position) NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. If no obvious operator error occurred: Check the SGEs: Was the correct one of 2 limit positions selected? If the MDs and SGEs are o.k., check the machine for any damage and repair. Clear the alarm with the RESET key. Restart part program. 300950 Axis %1, drive %2 Axis not safely referenced Parameter %1 = NC axis number %2 = drive number No stop response is initiated. When the SN/SE functions are enabled, the message remains until the axis state "Axis safely referenced" has been reached. Interrogation: In the monitoring clock cycle. 1.) Axis is not safely referenced or 2.) User agreement for this axis is missing or has been withdrawn. This can occur, for example, if the axis was moved after the machine was powered-down and the standstill position that was saved is therefore no longer correct. This message prompts the user to confirm the actual position. To do this, you must determine the position, e.g. as follows: * Measure the position. * Move to a known position. Alarm display Please inform the authorized personnel/service department. If the axis cannot be automatically and safely referenced, then the user must enter a "user agreement" for the new position using the appropriate softkey. This user agreement identifies this position as safe - that means the axis status "Axis safely referenced" is reached. Warning: If the axis has not been safely referenced and the user has not issued a user agreement, then the following applies: - The safe cams are active, but not yet safe - The safe limit positions are not yet active Alarm display disappears with alarm cause. No further operator action necessary. Explanation Response Remedy Explanation Response Remedy Program continuation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-351 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 11.03 300951 Axis %1, drive %2 test stop running Parameter %1 = NC axis number %2 = drive number The drive pulses are cancelled. 1. If the positive acknowledgement that the pulses were cancelled is not received within the time configured in MD 1357: $MD_SAFE_PULSE_DIS_CHECK_TIME (time to check the pulse cancellation), a STOP A is triggered. 2. If pulse cancellation is acknowledged within the configured time in the drive, no stop response is triggered. When selected via the SGE "test stop selection", the message remains until the selection has been withdrawn (de-selected). The user activated the test stop by setting the SGE "test stop selection". If the users withdraws this SGE, then the message is also withdrawn. Interrogation: In the monitoring clock cycle. The test stop has been activated by the user by setting the SGE "Test stop selection". The drive pulses are cancelled. 1. If the positive acknowledgement that the pulses were cancelled is not received within the time configured in MD 1357: $MD_SAFE_PULSE_DIS_CHECK_TIME (time to check the pulse cancellation), a STOP A is triggered. 2. If pulse cancellation is acknowledged within the configured time in the drive, no stop response is triggered. When selected via the SGE "test stop selection", the message remains until the selection has been withdrawn (de-selected). Alarm display The message disappears automatically if the user terminates the test by withdrawing the SGE "Test stop selection". If a STOP A was initiated, then the system can only be re-started using a power on. Alarm display disappears with alarm cause. No further operator action necessary. Explanation Response Remedy Program continuation 300952 Axis %1 drive %2 Acceptance test mode is active Parameter %1 = axis number %2 = drive number The acceptance test mode has been activated by the user. Alarm display This message disappears automatically when the test is completed. Alarm display disappears with alarm cause. No further operator action necessary. Explanation Response Remedy Program continuation 301701 Axis %1 drive %2 Limit value for safe velocity too large Parameter %1 = NC axis number %2 = drive number The run-up sequence is interrupted. The pulses remain cancelled. Interrogation: In the monitoring clock cycle. The limit value set for the safely-reduced speed is higher than the speed that corresponds to a limit frequency of 200 kHz (300 kHz for 840D from SW 4.2). The max. permissible speed that can be monitored is determined as follows: nmax[rev/min] = (200000[Hz] * 60) / number of encoder pulses Monitoring condition: MD 1331: $MD_SAFE_VELO_LIMIT[n] <= (1 / ue) * nmax Explanation 6-352 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Response 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital Program continuation Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. Check the entry in machine data MD 1331: $MD_SAFE_VELO_LIMIT[n] (limit values for safelyreduced speed) correct, if necessary, and carry-out a power on. Power-down the control and power-up again. 301706 Axis %1 drive %2 parameterization of cam position invalid Parameter %1 = NC axis number %2 = drive number At least one of the parameterized cams enabled via MD 1301: $MD_SAFE_FUNCTION_ENABLE (enable safety-relevant functions) has failed to comply with the rule that cam positions may not be located within the tolerance range around the modulo position. The valid tolerance range is: * for inactive cam synchronization (MD 1301 bit 7 = 0): Remedy Explanation * lower modulo value + POS_TOL cam position upper modulo value - POS_TOL > cam position for active cam synchronization (MD 1301 bit 7 = 1): lower modulo value + POS_TOL cam position upper modulo value - POS_TOL - CAM_TOL > cam position Program continuation Explanations: POS_TOL: Actual value tolerance (MD 1342: $MD_SAFE_POS_TOL (tolerance, crosswise actual value comparison)) CAM_TOL: Cam tolerance (MD 1340: $MD_SAFE_CAM_TOL (tolerance for safe cams)) lower/upper modulo values: is defined using MD 1305: $MD_SAFE_MODULO_RANGE (for rotary axes, the actual value range) Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. Check/correct parameter settings of cam positions in MD 1336: $MD_SAFE_CAM_POS_PLUS (plus cam position for safe cams) or MD 1337: $MD_SAFE_CAM_POS_MINUS (minus cam position for safe cams) and carry-out power on. MD 1305: Check $MD_SAFE_MODULO_RANGE (for rotary axes, the actual value range for SN). Power-down the control and power-up again. 301707 Axis %1, drive %2 Invalid modulo value parameters for SN Parameter %1 = NC axis number %2 = drive number The cam modulo range parameterized in $MD_SAFE_MODULO_RANGE (for rotary axes, the actual value range for SN ) for a rotary axis has failed to Response Remedy Explanation (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-353 6 Alarms 6.2 Alarms from SIMODRIVE 611 digital 11.03 Program continuation comply with the rule that only a multiple integer of 360 degrees may be set for this range. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. Change the parameterization of the cam modulo range in MD 1305 : $MD_SAFE_MODULO_RANGE (for rotary axes, the actual value range for SN). Power-down the control and power-up again. 301708 Axis %1 drive %2 actual value synchronisation not allowed Parameter %1 = NC axis number %2 = drive number The actual value synchronization for drift/slip in MD 1301: $MD_SAFE_FUNCTION_ENABLE (enable safety-relevant functions) is selected. This is only permissible for SBH/SG because the absolute actual position is of no significance for these monitoring types. However, safe limit position and/or cam monitoring is also selected. Mode group not ready Channel not ready NC start inhibit in this channel NC stop for alarm Alarm display Interface signals are set Please inform the authorized personnel/service department. De-select the actual value synchronization for drift/slip or the safe limit position and/or safe cam monitoring in MD 1301: $MD_SAFE_FUNCTION_ENABLE (enable safetyrelated functions). Power-down the control and power-up again. Response Remedy Explanation Response Remedy Program continuation 6-354 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.3 Alarm suppression 6.3 Alarm suppression Some alarms with the same meaning are triggered by both NCK and 611 digital monitoring channels. In order to improve the transparency of the alarm display, alarms with the same significance triggered at a later time are suppressed. The alarm of the monitoring channel, that first detected the error that triggered the alarm, is displayed. This only applies to some of the axial alarms. Alarms whose information content differs for the NCK and 611 digital alarm display are still displayed separately. The two-channel stop initiation is not affected by this alarm suppression. This functionality is implemented and ensured irrespective of how the type of alarm was initiated. All NCK and 611 digital safety alarms are listed in the table below. The alarms marked with "No" are not suppressed if triggered in two channels, those marked with "Yes", are only displayed for one monitoring channel if actively suppressed. Table 6-2 NCK alarm number 20095 20096 27000 27001 27002 27003 27004 27005 27006 27007 27008 27010 27011 27012 27013 27020 27021 27022 27023 27024 27030 27031 27032 27033 27034 27090 27091 27092 27093 27094 27095 27096 27100 27101 27102 27103 Comparison of NCK and 611 digital safety alarms 611 digital Suppression alarm number no no 300950 yes, replaced by Alarm 27100 300911 no 300951 no no no no no 300952 no no 300907 yes 300914 yes 300915 yes 300906 yes 300910 yes 300909 yes 300908 yes 300901 yes 300900 yes 300743 no 301701 no 300744 no no no no no no no no no no no no no no (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-355 6 Alarms 6.3 Alarm suppression 11.03 27104 27105 27106 27107 27124 27200 27201 27202 27203 27204 27205 27206 27207 27220 27221 27222 27223 27224 27225 27240 27241 27242 27250 27251 27252 27253 27254 27255 27256 27299 - 300500 300745 300746 300747 300748 300749 300776 301706 301707 301708 no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no Reasons for not suppressing alarms: 6-356 * 27001-300911: The information content of the NCK alarm is more extensive than that of the drive alarm and must continue to appear in the alarm log so that this information is accessible to service personnel. * 27002-300951: These alarms continue to be displayed separately because under normal conditions they are never triggered by both channels simultaneously and because simultaneous occurrence of these alarms causes problems in the test stop interface. * 27031-301701: Parameterization alarm - is no longer triggered on the NCK side. * 27032-300744: Checksum errors in the parameterization of the safety MD are initiated once at power on and then usually do not re-occur. If these alarms do occur, this indicates a problem in the MD parameterization which can be separately changed for both monitoring channels. * 27003: OEM monitoring functions are only implemented in the NCK. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 6 Alarms 6.3 Alarm suppression * 27030-300743: Configuring error. Only occurs in systems that contain 611 digital control modules that are not safety-related. * 27033: MD parameterizing errors displayed on the NCK side are covered on the drive side by the Alarms 300745-300747, 301706-301708. * 27090, 27091, 27092, 27093, 27095: These SPL monitoring alarms are not implemented on the drive side. * 300748, 300749, 300776: These drive-side monitoring functions are not implemented on the NCK side. * 300745, 300746, 300747, 301706, 301707, 301708: These monitoring functions are displayed by the NCK using Alarm 27033 with reference to the associated MD. Activating The function is activated via MD 10094 $MN_SAFE_ALARM_SUPPRESS_LEVEL. The function is already active when standard data is loaded. This means that the alarms are displayed with a reduced scope. Alarms 27000 and 300950 can be replaced by Alarm 27100 using MD 10094. Limitation The MD is not included in the axial safety MD checksum. This means that the function can be enabled/disabled at any time by changing the MD. During the acceptance test, the alarm suppression function should be disabled in order to be able to check the two-channel error detection. After the acceptance test it can be re-enabled to reduce the number of alarms displayed to the final user. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-357 6 Alarms 6.3 Alarm suppression 11.03 Notes 6-358 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.1 General information on engineering 7 7 Configuring example 7.1 General information on engineering............................................................ 7-360 7.2 Circuit examples ......................................................................................... 7-361 7.2.1 Control and drive components .............................................................. 7-362 7.2.2 Engineering .......................................................................................... 7-363 7.3 Safety Integrated with SPL ......................................................................... 7-365 7.3.1 Start configuration in the OB100........................................................... 7-367 7.3.2 Starting the NCK-SPL and PLC-SPL .................................................... 7-368 7.3.3 Declaring variables ............................................................................... 7-371 7.3.4 Connecting-up the drives...................................................................... 7-379 7.3.5 EMERGENCY STOP............................................................................ 7-381 7.3.6 Test stop............................................................................................... 7-388 7.3.7 Protective door interlocking .................................................................. 7-397 7.3.8 De-selecting SBH via the key-operated switch ..................................... 7-398 7.3.9 SG changeover..................................................................................... 7-400 7.3.10 NCK-SPL.............................................................................................. 7-401 7.3.11 PLC blocks ........................................................................................... 7-403 7.3.12 Appendix .............................................................................................. 7-410 7.4 Safety Integrated without SPL .................................................................... 7-413 7.4.1 Connecting-up the drives...................................................................... 7-413 7.4.2 EMERGENCY STOP and connecting-up the I/R module...................... 7-414 7.4.3 Test stop............................................................................................... 7-416 7.4.4 Protective door interlocking .................................................................. 7-417 7.4.5 De-selecting SBH using the key-operated switch/SG changeover using the door safety contactor............................................................. 7-418 7.5 External STOPs .......................................................................................... 7-420 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP ..................... 7-424 7.6.1 Functional scope of the application....................................................... 7-424 7.6.2 Connecting-up the sensors and actuators ............................................ 7-424 7.6.3 Individual application functions ............................................................. 7-428 7.6.4 Configuring and connecting-up the ET200S I/O.................................... 7-429 7.6.5 Parameterizing the Sinumerik 840D NCK............................................. 7-434 7.6.6 Programming the NCK-SPL.................................................................. 7-435 7.6.7 Programming the PLC-SPL .................................................................. 7-438 7.6.8 Modified limitations with PROFIsafe ..................................................... 7-441 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-359 7 Configuring example 7.1 General information on engineering 11.03 7.1 General information on engineering Please refer to the information in the following references for instructions on how to interconnect the SINUMERIK 840D with SIMODRIVE 611 digital systems: References for SINUMERIK 840D References: /HBD/, NCU Manual /IAD/, Start-Up Guide /LID/, Lists References for SIMODRIVE 611 References: /PJ1/, SIMODRIVE 611, Planning Guide for Inverters /PJ2/, SIMODRIVE, Planning Guide for AC Motors References for switchgear References: /ASI/, Low-Voltage Switchgear and Systems, Catalog 1997/1998 Note Please note that the possibilities of connecting-up the NE unit are not restricted in any way by SI. For example, three-wire or six-wire line supply connections, star-delta operation and operation when the power fails can still be implemented as before. The following basic engineering options are available: Some basic engineering information Safety Integrated without safe programmable logic Safety Integrated with safe programmable logic (SPL) without contactless EMERGENCY STOP Safety Integrated with safe programmable logic (SPL) and contactless EMERGENCY STOP Safety Integrated without SPL The EMERGENCY STOP circuit and door monitoring (for limitations, refer to Chapter 7.4.4, "Protective door locking") must be implemented conventionally with safety switching devices. Switches and sensors are interconnected on the PLC side using the S7 program - and on the NCK side by connecting-up contactors, switches and sensors. The NC logic and PLC logic must be identical. Safety Integrated with SPL and without contactless EMERGENCY STOP If SPL is used without contactless EMERGENCY STOP, the SPL is exclusively used for logically combining safety-related input and output signals. The EMERGENCY STOP circuit and the connection of the input/regenerative feedback module have to be implemented in the same way as for Safety Integrated without SPL. 7-360 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.2 Circuit examples Safety Integrated with SPL and contactless EMERGENCY STOP If SPL is used, emulation of S7 logic by the contactors and therefore the wiring is no longer necessary. The safe programmable logic is programmed on the PLC side in the form of an S7 program and on the NCK side by an ASUB. A contactless EMERGENCY STOP function can be implemented with the external stop function and the SPL. This means that safety switching devices are not required for the EMERGENCY STOP function. The door switch can also be monitored by the SPL - in this case, the safety switching devices are also not required. 7.2 Circuit examples A machine tool with two axes and one spindle was selected as an example: MASCHINE.DSF Fig. 7-1 Schematic diagram of a machine The following must be taken into account before the machine is configured: General * What is the magnitude of the hazard potential? * Which measures can be implemented to reduce the risk? * What risks remain? * Which safety functions should be implemented? The circuit shown below is an example of a drive with an incremental measuring system. It is provided to illustrate the principle of how a safety zone on a machine can be monitored. The following functions are implemented with Safety Integrated in the example: * Contactless EMERGENCY STOP (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-361 7 Configuring example 7.2 Circuit examples 11.03 * When the protective door is open the operator can select either safe operating stop or traverse with safely reduced speed at 2 m/min (axes) and 50 rpm (spindle) using the key-operated switch. * When the protective door is closed all the drives are monitored for maximum speed by Safety Integrated * Testing the shutdown paths (with SPL: Test of the external STOPs and forced checking procedure of the inputs and outputs). i.e. Safety Integrated with SPL with contactless EMERGENCY STOP Note 7.2.1 * This basic circuit must be adapted to the various safety zones (if applicable) and the number of axes according to the machine configuration. * SI functions are used to safely monitor the drives for standstill or a specific speed and to stop them safely in the event of an error. Control and drive components The configuration of the individual components is illustrated below. The system requirements are described in the Description of Functions. SINUMERIK 840D PLC I/Os MMC NCK I/Os MCP E/R NCU MSD FDD FDD SIMODRIVE 611D + motors Switches, buttons, contactors BEI2_03.DSF Fig. 7-2 Description Structure of the control and drive components The MMC 103, NC572 and SIMODRIVE 611 digital components are used in this example. The design must also be expanded to include a terminal block with 16-bit I/O modules for the NCK side and additional S7 modules for the PLC/drive side. The additional operating elements (switches, buttons etc.) and the contactors required for switching off the power are listed and described in more detail in the relevant sections. 7-362 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.2 Circuit examples The drive configuration is shown in the following table: Slot 2 3 1 4 Drive number 1 2 3 4 Terminal block 7.2.2 Active Yes Yes Yes Yes Drive FD FD MSD PER Module 2-axis-1 2-axis-2 1axis The 16 bit DMP submodules used are located in the following slots in the terminal block: 16-bit input module Slot 1 16-bit output module Slot 2 Engineering Objective In order to achieve functional safety of a machine or system, the safety-relevant parts of the protection and control equipment must function correctly and respond in such a way that if a fault occurs the system remains in a safe state or is brought into a safe state. This demands the use of specifically qualified technology that meets the requirements described in the relevant standards. "SINUMERIK Safety Integrated" is one aspect of this qualified technology (certified, e.g. to EN 954-1) and must be integrated in the machine in such a way that functional safety is achieved in conjunction with the other protective equipment of the machine/system (e.g. protective doors, EMERGENCY STOP buttons, ...). The aim of this configuration is to describe the machine-specific combination of "SINUMERIK Safety Integrated(R)" and other protective equipment. Sequence When engineering the SI system, the machine functions are sub-divided into different operating modes (these operating modes are initially independent of the NC operating mode - the relevant combinations must be configured). The safety functions that are to be activated when the protective doors are opened and closed are then defined. The two operating modes - setting-up and production - are used in the machine example. For an EMERGENCY STOP, the drives of the complete drive group are brought to a standstill via external stops (Stop C -> Stop A). Assigning the operating modes The required safety functions are defined for the machine operating modes. The machine operating mode (setting-up/production) is selected using a keyoperated switch. Production is the default machine operating mode. Usually, the key-operated switch can only be actuated by authorized personnel. This means that only appropriately trained personnel can move the machine when the protective door is open. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-363 7 Configuring example 7.2 Circuit examples 11.03 Setting-up with the protective door open * Safely-reduced speed (SG1) spindle axes (example values) 2m/min 50 rpm * The axes and spindles must stop when the door is opened, or the speed of axis/spindle must be < SG1 (this must be ensured by the PLC user program). * The PLC program interlocks the NC modes MDA and AUTO. Setting-up with the protective door closed * Safely-reduced speed (SG2) spindle axes (example values) 10 m/min 2000 rpm (drives are monitored for maximum speed). * When the door is closed, Safety Integrated automatically changes over to the SG2 limit * All NC operating modes are permitted when the protective door is closed. Production with the protective door open: * The NC operating modes MDA and AUTO are disabled by the PLC program - automatic mode is not permitted when the protective door is open. The safety function safe operating stop (SBH) is activated with the keyoperated switch position "Production" when the protective door is open. This means that the drive is monitored for zero speed. * The axes and the spindle must stop when the protective door is opened (this must be controlled by the PLC user program) Production with the protective door closed: Function charts * Safely-reduced speed (SG2) ) (example values) * When the door is closed, Safety Integrated automatically changes-over to the SG2 limit * All operating modes are permitted when the protective door is closed. axes 10 m/min spindle 2000 rpm Once the safety functions have been defined function charts are drawn up for the individual functions to which the * SPL program * PLC program * Circuit diagram and * Machine data configuration refer. 7-364 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL 7.3 Safety Integrated with SPL The principal method of operation is illustrated in the diagram below. Please refer to this diagram when reading the following sections. Description Switches. light barriers, signal lamps, contactors, etc. NCK I/Os $A_INSE SPL input variables Safe_SPF Logic Simatic I/Os 1 2 3 4 5 6 7 8 $A_OUTSE SPL output variables Inputs DB18 Machine data NCK-SPL Safe_SPF Logic Machine data $A_OUTSI SPL output variables Data and event cross-check NCK-SW / FB 15 FC XXX Logic PLC-SPL DB18-DB31-61 $A_INSI SPL input variables NCK-SGA/SGE signals SI Kernel Data and event cross-check Data exchange via drive bus Fig. 7-3 Outputs Drive SGA/ SGE signals Drive SW (on RK) Function chart - a detailed view of this diagram is provided in the Appendix (7.3.12) Note Examples of the PLC blocks can be requested from the Centre of Competence Service (CoCS) - Sinumerik Safety Integrated. Also refer to Chapter 2.10. Example blocks for SI applications The PLC blocks, listed in Chapter 7 are available as example in the toolbox for the basic PLC program. Further, an S7 library can be requested via Customer Support (refer to 2.10) within the scope of a Hotline request. This S7 library has example blocks for the SI application that can be generally used. They can be incorporated in a specific project and adapted to the particular requirements by appropriately parameterizing them. Description In this example, PLC blocks FC95 (start ASUB), FC96 (PLC-SPL), FC97 (safety test routine) are used for Safety Integrated. The basic program blocks FB4 and FC9 are called (FB1/P3) in FC 95 to start the NCK ASUB. The parameter supply for FC9 and FB4 is stored in DB120. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-365 7 Configuring example 7.3 Safety Integrated with SPL Program 11.03 DB120 program excerpt: DATA_BLOCK DB 120 TITLE = VERSION : 0.1 STRUCT pname : STRING [32 ] := '_N_SAFE_SPF'; //Program name ppath : STRING [32 ] := '/_N_CST_DIR/'; //Directory FB4_Error : BOOL ; //Error bit FB4_Done : BOOL ; //Task completed FB4_State : WORD ; //Cause of error FC9_Active : BOOL ; //ASUB active FC9_Done : BOOL ; //ASUB completed FC9_Error : BOOL ; //Error during task processing FC9_SError : BOOL ; //Interrupt number not //assigned FC9_Ref : WORD ; //Internal use END_STRUCT ; BEGIN pname := '_N_SAFE_SPF'; ppath := '/_N_CST_DIR/'; FB4_Error := FALSE; FB4_Done := FALSE; FB4_State := W#16#0; FC9_Activ := FALSE; FC9_Done := FALSE; FC9_Error := FALSE; FC9_SError := FALSE; FC9_Ref := W#16#0; END_DATA_BLOCK When the NCK-SPL has been successfully started by the PLC (FC95) processing of the PLC-SPL (FC96) is enabled in OB1. Two more predefined blocks are integrated in FC97 - FC60 (Example blocks can be requested from the hotline, telephone No. 0180-525 8000) and FC21 (basic program block - FB1/P3). Modifications must also be made to OB100 to ensure perfect operation of the safe programmable logic. The markers, outputs and inputs used in this example have been freely selected according to the test set-up being used. Chapter 7.3.3 contains an overview of the I/O (peripherals) and variables used. The ASUB for the NCK-SPL must be saved in the standard cycle directory (CST.DIR) under the name SAFE.SPF. The Safety Integrated functions SBH/SG and the SI function "External STOPs" are activated for the individual drives. External stops are a prerequisite for using the SPL logic. X axis Z axis Spindle 7-366 36901 SAFE_FUNCTION_ENABLE 36901 SAFE_FUNCTION_ENABLE 36901 SAFE_FUNCTION_ENABLE 41H 41H 41H (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL The following machine data must either be set or checked to ensure error-free start-up of the NCK-SPL. 11602 ASUP_START_MASK 11604 ASUP_START_PRIO_LEVEL 7.3.1 Description 7H 1H Start configuration in the OB100 A marker (M210.0) is set in FC 95 in OB100 to start the NCK ASUB. This marker also inhibits initialization of the PLC-SPL (FC96) in OB1 until the NCKSPL has started. The PLC outputs that are used for the forced-checking procedure of the inputs and outputs must be set to "1". From software release 5.3 onwards (or from 04.04.29), it is no longer necessary to pre-assign the INSIP variables in the DB18. Parameterization of machine data 10095 SAFE_MODE_MASK = "0" (default setting) ensures that all SGAs of the NCK channel are automatically set to "0", also the INSI variables (if SPL is used). Any NC alarm can prevent ASUB SAFE.SPF from starting up. They must be cancelled when the system is running-up. For example, in the program excerpt, the EMERGENCY STOP alarm is cancelled during run-up. Program OB100 program excerpt: // Set ASUB_start_marker and forced checking procedure //output / Reset alarms (e.g. EMERGENCY STOP) SET S S R R M 210.0 A 88.1 DB10.DBX56.1 DB21.DBX21.7 // // // // NCK ASUB Start Supply EMERGENCY STOP Deactivate EMERGENCY STOP (PLC) De-activate single block // // Pre-assignment of SGE L T T T T T T Description 0 // DB31.DBW DB32.DBW DB33.DBW DB31.DBW DB32.DBW DB33.DBW Logical "0" 22 // SGE axis X 22 // SGE axis Z 22 // SGE spindle C 32 // SGE axis X 32 // SGE axis Z 32 // SGE spindle C The bits in the axis/spindle data blocks are not cleared when the system runsup (only valid up to SW 5 - from SW 5 the bits in the axis/spindle data block are deleted when the system runs-up). The supply of values to the NCK-SGE is however slightly delayed by the NCK-SPL running-up so that the crosswise data comparison of the SGE signals can respond. This is the reason that the SGEs on the PLC side must be pre-assigned a value of "0". (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-367 7 Configuring example 7.3 Safety Integrated with SPL 11.03 Correspondingly, if NCK-SGE is permanently de-selected by the axis-specific machine data (80000000H), the PLC-SGE must also be pre-assigned or directly supplied from the PLC when the system runs-up. Example: SBH is permanently de-selected safely-reduced speed is active 1. Drive: 36971 SAFE_SS_DISABLE_INPUT 80000000H set DB31.DBX22.1 to "1" when the system starts-up (OB100) - not with the PLC-SPL. 7.3.2 Starting the NCK-SPL and PLC-SPL Switch on/Start up control:OB100: M210.0="1" Drive not in cyclic operation PLC waiting for checkback drive group is in cyclic operation Scan DB10.DBX108.5 Drive in cyclic operation ASUB not running OB1: Loop when M210.0="1" Drive in cyclic operation PLC starts NCK-SPL via FB4 and FC9 ASUB started PLC-SPL is not activated until ASUB checkback successfully started ASUB started FC 95: M210.0="0" PLC-SPL (FC96) NCK-SPL ABLAUF01.DSF Fig. 7-4 Description 7-368 Flowchart In order to ensure that the crosswise data comparison function does not respond, the NCK-SPL and the PLC-SPL must be started almost at the same time. The PLC program is exclusively responsible in activating the individual SPL programs. The following program excerpt shows how the PLC-SPL and the NCK-SPL can be started almost simultaneously. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL An overview of the PLC program structure used is given in the Appendix (Subsection 7.3.12). Note From software release 6.4.15 onwards, the NCK-SPL can also be started using the PROG_EVENT mechanism (refer to Chapter 3.10.13). Program OB1 program excerpt: // CALL "GP_HP" // Basic program CALL U BEB FC 95 M 210.0 // // // // // "Start NCK-SPL" NCK SPL inactive PLC SPL is started if NCK-SPL is started // // Before running the ASUB "SAFE.SPF", it is not // advisable to run any of the user program blocks // Exception: To check correct functioning of // function block FC 19, it might be necessary to run // it immediately. In this case, // critical function keys such as RESET and single block // must be de-activated until the SPL has started: // Example: // U M 210.0 // NCK SPL inactive // R E3.7 // Reset RESET key //.R E3.5 // Reset single block key CALL FC 50 // User program CALL FC 51 // User program // CALL CALL FC FC 96 97 // PLC SPL // Safety test stop // Description The NCK SPL is started with the programs (PLC basic program) FB4 and FC9. Once it has successfully started, marker 210.0 is reset in order to enable processing of the PLC blocks FC96 (PLC SPL) and FC97 (safety test) in OB1. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-369 7 Configuring example 7.3 Safety Integrated with SPL 11.03 FC95 program excerpt: TITLE = VERSION : 0.1 BEGIN NETWORK TITLE = U U FP = M 210.0; // ASUB start marker from OB100 DB10.DBX 108.5; // Drive group and terminal block // run-up M 210.1; // Start edge marker, PI service M 210.2; // Start cycle marker, PI service // U S M M 210.2; 210.3; // Start cycle marker, PI service // Start PI service // CALL FB 4 , DB Req PI service Unit Addr1 Addr2 WVar1 WVar2 WVar3 WVar4 Error Done State 121 ( // PI service interrupt number and priority := M 210.3,// Start PI service := P#DB16.DBX 18.0 BYTE 26,// PI service ASUB := 1, := P#DB120.DBX 34.0 BYTE 34,// Program path := P#DB120.DBX 0.0 BYTE 34,// Program name := W#16#1,// Interrupt number = 1 := W#16#1,// Priority = 1 := W#16#0,// LIFTFAST = 0 := W#16#0,// BLKSYNC := DB120.DBX 68.0,// Error occurred := DB120.DBX 68.1,// Task, error-free := DB120.DBW 70); // Error code // U S R DB120.DBX 68.1; // Task successfully completed M 210.4; // Start ASUB M 210.3; // Reset PI service start ASUB // // CALL FC Start ChanNo IntNo Active Done Error StartErr Ref 9 ( := := := := := := := M 210.4,// Start ASUB 1,// Channel number 1 1,// Interrupt number 1 DB120.DBX 72.0,// ASUB active DB120.DBX 72.1,// Task completed DB120.DBX 72.3,// Error occurred DB120.DBX 72.4,// Interrupt number missing := DB120.DBW 74);// Memory range internal // U S R R DB120.DBX 72.1; // Request completed ==> ASUB running M 210.7; M 210.0; // Reset ASUB start marker from OB100 M 210.4; // Reset start ASUB // END_FUNCTION Description 7-370 Interrupt number 1 and priority 1 are assigned to the ASUB with FB4. The variables LIFTFAST (fast retraction from the contour) and BLSYNC (the program block is still being processed and the interrupt routine is only started after this) must be assigned the value 0. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL Further, it must be noted that the ASUB (SAFE.SPF in the directory CST.DIR) must be started in channel 1 for the NCK-SPL in order that the SPL completely runs-up. Once FB4 has been successfully executed, the ASUB is started with function FC9. Here it is important that the FC9 bit "Done" is interrogated in order that the program can continue. This is because the PLC-SPL can only be started once the ASUB start task has been completed. In addition to the FC9 bit "Done", the interface bit "Channel 1-M02/M17/M30 active - DB21.DBX33.5" is also logically combined in order to identify that the ASUB has been completely executed. It might be possible for a user-written M function to be output at the end of ASUB instead of using M02/M17/M30. 7.3.3 Description Declaring variables The individual SPL variables must be declared in the NCK-SPL and the PLC-SPL. On the PLC side, the I/O input and output bits and the Safety Integrated SGEs and SGAs are transferred to DB 18 or supplied from DB18. The PLC-SPL only has to be programmed with the variables of DB18 (exception, test stop and the forced-checking procedure of the inputs and outputs). To ensure clear configuration and programming, it is necessary to list the variables used and to document their meaning. A suggestion for how to do this is documented below. To achieve clarity and uniform formatting, a separate declaration table is created both for the NCK and for the PLC sides. For diagnostics and support during the commissioning phase, both of these tables should be considered as a single-entity in order to clearly represent crossreferences. The two variable tables which are relevant for programming SPL (PLC and NCK sides) When programming the PLC-SPL, please not that the "worst-case" response time of the PLC also applies. This means, that under worst case conditions, a time difference of 2 PLC cycle times can expire between changing the input signal and the appropriate change of the associated output signal. A bitwise (bit-serial) overview of the individual signals of the DB18 is provided in the Appendix (Subsection 7.3.12). A list of the complete NCK-SPL program and the PLC modules that are required for the PLC-SPL is given in Chapter 7.3.10 or Chapter 7.3.11. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-371 7 Configuring example 7.3 Safety Integrated with SPL 11.03 Variable declaration NCK NCK-I/O E1 I2 I3 I4 E5 I6 I7 E8 E9 E10 E11 E12 E13 E14-E16 NCK variables $A_INSE[1] $A_INSE[2] $A_INSE[3] $A_INSE[4] $A_INSE[5] $A_INSE[6] $A_INSE[7] $A_INSE[8] $A_INSE[9] $A_INSE[10] $A_INSE[11] $A_INSE[12] $A_INSE[13] $A_INSE[14-16] Symbolic NOT_HALTE TUERZUVER NOT_QUIT SCHLUESSEL KL_AS12_XZ KL_AS12_C TESTSTOP1E TESTSTOP2E TEST_STOPA TEST_STOPC TEST_STOPD - Machine data 10390 SAFE_IN_HW_ASSIGN[0] = 01040101 " " " " " " " 10390 SAFE_IN_HW_ASSIGN[1] = 01040102 " " " " " A1 A2 A3 A4 -A8 $A_OUTSE[1] $A_OUTSE[2] $A_OUTSE[3] $A_OUTSE[4] $A_OUTSE[5-8] NOT_HALT2K KL_663_XZ KL_663_C - 10392 SAFE_OUT_HW_ASSIGN [0] = 01040201 - $A_INSI[1] $A_INSI[2] IMP_FREI_XZ IMP_FREI_C 36986 SAFE_PULSE_ENABLE_OUTPUT = 04010101 (X, Z) 36986 SAFE_PULSE_ENABLE_OUTPUT = 04010102 (C) - $A_OUTSI[1] $A_OUTSI [2] $A_OUTSI [3] $A_OUTSI [4] $A_OUTSI [5] $A_OUTSI [6] $A_OUTSI [7] $A_OUTSI [8] $A_OUTSI [9] $A_OUTSI [10] STOP_A_ABWS STOP_A_ABWA STOP_C_ABW STOP_D_ABW SBH_ABW SG_BIT_0 TEST1STOP TEST2STOP STAT_IMP_XZ STAT_IMP_C 36977 SAFE_EXT_STOP_INPUT[0] = 04010101 (C) 36977 SAFE_EXT_STOP_INPUT[0] = 04010102 (X, Z) 36977 SAFE_EXT_STOP_INPUT[1] = 04010103 (X, Z, C) 36977 SAFE_EXT_STOP_INPUT[2] = 04010104 (X, Z, C) 36971 SAFE_SS_DISABLE_INPUT = 04010105 (X, Z, C) 36972 SAFE_VELO_SELECT_INPUT = 04010106 (X, Z, C) 36975 SAFE_STOP_REQUEST_INPUT = 04010107 (X, C) 36975 SAFE_STOP_REQUEST_INPUT = 04010108 (Z) 36976 SAFE_PULSE_STATUS_INPUT = 04010109 (X, Z) 36976 SAFE_PULSE_STATUS_INPUT = 0401010A (C) - $A_MARKERSI [1] $A_MARKERSI [2] $A_MARKERSI [3] $A_MARKERSI [4] $A_MARKERSI [5] $A_MARKERSI [6] $A_MARKERSI [7] $A_MARKERSI [8] MERK1 NOT_HALT QUIT_REQUEST QUIT_MARKER STOP_A_A STOP_A_S - - $A_TIMERSI[1] $A_TIMERSI[2] $A_TIMERSI[3] TIMER1 TIMER2 QUIT_TIMER3 - - $A_DBB[4] QUIT_PLC - 7-372 " " " (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 $A_INSE / $A_OUTSE NCK 7 Configuring example 7.3 Safety Integrated with SPL The external NCK input and outputs are assigned bytewise to the NCK-SPL in the following machine data External NCK inputs MD 10390 SAFE_IN_HW_ASSIGN[0] : MD 10390 SAFE_IN_HW_ASSIGN[1] : $A_INSE[1..8] $A_INSE[9..16] External NCK outputs MD 10392 SAFE_OUT_HW_ASSIGN[0] : MD 10392 SAFE_OUT_HW_ASSIGN[1] : $A_OUTSE[1..8] $A_OUTSE[9..16] They are available in the form of system variables $A_INSE and $A_OUTSE for the SPL program. Configuration example: The terminal block has the logical drive number 4 (acc. to the drive configuration), the input module being used is inserted into slot 1 (submodule 1), the output module into slot 2 (sub-module 2). This results in the following parameterization for the machine data above: $A_INSI / $A_OUTSI NCK MD 10390 SAFE_IN_HW_ASSIGN[0] : MD 10390 SAFE_IN_HW_ASSIGN[1] : 01 04 01 01 H (LOW-Byte) 01 04 01 02 H (HIGH-Byte) MD 10392 SAFE_OUT_HW_ASSIGN[0] : MD 10392 SAFE_OUT_HW_ASSIGN[1] : 01 04 02 01 H (LOW-Byte) 01 04 02 02 H (HIGH-Byte) The internal inputs and outputs of the SPL logic are assigned using the following machine data Internal SPL inputs MD36980...MD36990 : SGA -> $A_INSI The SGAs are output signals of the SI function and can be mapped to the system variables $A_INSI[n]. These can, in turn, be read in the NCK-SPL and used as inputs for the logic operations. Internal SPL outputs MD36970...MD36978 : $A_OUTSI -> SGE The SGEs are input signals of SI function and their values are supplied from the system variables $A_OUTSI[n]. These can be written in the NCK-SPL. Configuration example: Parameterized machine data as shown in the table $A_MARKERSI NCK In order to save intermediate states in the SPL logic, markers are defined. These markers are available in the NCK in system variables $A_MARKERSI[n]. There is no connection with machine data. Configuration example: Assignment as shown in the table $A_TIMERSI In order to program timers in the SPL logic, timers are available in the NCK in system variables $A_TIMERSI[n]. There is no connection with machine data. Configuration example: Assignment as shown in the table (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-373 7 Configuring example 7.3 Safety Integrated with SPL Symbolic 11.03 At the beginning of the NCK-SPL (standard cycle SAFE.SPF), freely selectable names are assigned to system variables $A_INSE/$A_OUTSE and $A_INSI/ $A_OUTSI using the "DEFINE" instruction. This makes the program easier to read and facilitates making changes to the terminal assignment. The "DEFINE" statements must be placed at the beginning of the NCK-SPL. In the tabular list, names used in the example program are listed in the column headed "Symbolic". NCK-SPL program excerpt / ; ; ---- External interfaces ---; DEFINE NOT_HALTE AS $A_INSE[1] DEFINE TUERZUVER AS $A_INSE[2] DEFINE NOT_QUIT AS $A_INSE[4] DEFINE SCHLUESSEL AS $A_INSE[5] DEFINE KL_AS12_XZ AS $A_INSE[7] DEFINE KL_AS12_C AS $A_INSE[8] DEFINE TESTSTOP1E AS $A_INSE[9] DEFINE TESTSTOP2E AS $A_INSE[10] DEFINE TEST_STOPA AS $A_INSE[11] DEFINE TEST_STOPC AS $A_INSE[12] DEFINE TEST_STOPD AS $A_INSE[13] ; DEFINE NOT_HALT2K AS $A_OUTSE[1] DEFINE KL_663_XZ AS $A_OUTSE[3] DEFINE KL_663_C AS $A_OUTSE[4] ; ; ; ---- Internal interfaces ---; DEFINE IMP_FREI_XZ AS $A_INSI[1] DEFINE IMP_FREI_C AS $A_INSI[2] ; DEFINE STOP_A_ABWS AS $A_OUTSI[1] DEFINE STOP_A_ABWA AS $A_OUTSI[2] DEFINE STOP_C_ABW AS $A_OUTSI[3] DEFINE STOP_D_ABW AS $A_OUTSI[4] DEFINE SBHABW AS $A_OUTSI[5] DEFINE SG_BIT_O AS $A_OUTSI[6] DEFINE TEST1STOP AS $A_OUTSI[7] DEFINE TEST2STOP AS $A_OUTSI[8] DEFINE STAT_IMP_XZ AS $A_OUTSI[9] DEFINE STAT_IMP_C AS $A_OUTSI[10] ; ; ; ----- Markers ---; DEFINE MERK1 AS $A_MAKERSI[1] DEFINE NOT_HALT AS $A_MAKERSI[2] DEFINE QUIT_REQUEST AS $A_MAKERSI[3] DEFINE QUIT_MARKER AS $A_MAKERSI[4] DEFINE STOP_A_A AS $A_MAKERSI[7] DEFINE STOP_A_S AS $A_MAKERSI[8] ; ; ; ----- Timers ---; DEFINE TIMER1 AS $A_TIMERSI[1] DEFINE TIMER2 AS $A_TIMERSI[2] DEFINE QUIT_TIMER3 AS $A_TIMERSI[3] ; ; 7-374 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL ; ----- Variable Dual Port RAM PLC <-> NCK ---; DEFINE QUIT_PLC AS $A_DBB[4] Variable declaration PLC PLC I/O E76.0 E76.1 E76.3 E76.5 - DB18 variable $A_INSEP[1] $A_INSEP[2] $A_INSEP[3] $A_INSEP[4] $A_INSEP[5] $A_INSEP[6] $A_INSEP[7] $A_INSEP[8] $A_INSEP[9] $A_INSEP[10] $A_INSEP[11] $A_INSEP[12] $A_INSEP[13] $A_INSEP[14-16] Symbolic "SPL".NOT_HALTE "SPL".TUERZUVER "SPL".NOT_QUIT "SPL".SCHLUESSEL "SPL".KL_AS12_XZ "SPL".KL_AS12_C - Absolute DB18.DBX38.0 DB18.DBX38.1 DB18.DBX38.2 DB18.DBX38.3 DB18.DBX38.4 DB18.DBX38.5 DB18.DBX38.6 DB18.DBX38.7 DB18.DBX39.0 DB18.DBX39.1 DB18.DBX39.2 DB18.DBX39.3 DB18.DBX39.4 DB18.DBX39.5-7 Associated bit in axis DB - A48.2 - $A_OUTSEP[1] $A_OUTSEP[2] $A_OUTSEP[3] $A_OUTSEP[4] $A_OUTSEP[5-8] "SPL". NOT_HALT1K "SPL". KL_663_XZ "SPL". KL_663_C - DB18.DBX46.0 DB18.DBX46.1 DB18.DBX46.2 DB18.DBX46.3 DB18.DBX46.4-7 - - $A_INSIP[1] $A_INSIP[2] "SPL".IMP_FREI_XZ "SPL".IMP_FREI_C DB18.DBX54.0 DB18.DBX54.1 - - $A_OUTSIP[1] $A_OUTSIP[2] $A_OUTSIP[3] $A_OUTSIP[4] $A_OUTSI P[5] $A_OUTSIP[6] $A_OUTSI P[7] $A_OUTSIP[8] $A_OUTSIP[9] $A_OUTSIP[10] "SPL". STOP_A_ABWS "SPL". STOP_A_ABWA "SPL". STOP_C_ABW "SPL". STOP_D_ABW "SPL". SBH_ABW "SPL". SG_BIT_0 "SPL". STAT_IMP_XZ "SPL". STAT_IMP_C DB18.DBX38.0 DB18.DBX38.1 DB18.DBX38.2 DB18.DBX38.3 DB18.DBX38.4 DB18.DBX38.5 DB18.DBX38.6 DB18.DBX38.7 DB18.DBX39.0 DB18.DBX39.1 DB33.DBX 32.2 DB31/32.DBX 32.2 DB31/32/33.DBX 32.3 DB31/32/33.DBX 32.4 DB31/32/33.DBX 22.1 DB31/32/33.DBX 22.3 - - $A_MARKERSIP[1] $A_MARKERSIP[2] $A_MARKERSIP[3] $A_MARKERSIP[4] $A_MARKERSIP[5] $A_MARKERSIP[6] $A_MARKERSIP[7] $A_MARKERSIP[8] "SPL".NOT_HALT "SPL".QUIT_MARKER "SPL".STOP_A_A "SPL".STOP_A_S DB18.DBX70.0 DB18.DBX70.1 DB18.DBX70.2 DB18.DBX70.3 DB18.DBX70.4 DB18.DBX70.5 DB18.DBX70.6 DB18.DBX70.7 - PLC I/O PLC variable T20 T21 T22 T23 T24 Symbolic TIMER1 TIMER2 T_K_ABFALL T_VERZUG_1 T_VERZUG_" Comment STOP c-> STOP A (axes) STOP c-> STOP A (spindle) Drop-out time of contactors K1, K2 EMERGENCY STOP on delay time Acknowledgement delay time - T30 Teststop_Zeit1 Monitoring duration 2h 40min - T31 Teststop_Zeit2 Monitoring duration 5h 20min - T32 Teststop_Zeit3 Monitoring duration 8h (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-375 7 Configuring example 7.3 Safety Integrated with SPL $A_INSEP / $A_OUTSEP PLC 11.03 On the PLC, the I/O input and output bits must be assigned in SPL interface DB18. External PLC inputs DB18.DBX38.0 ... DB18.DBX41.7 : DB18.DBX42.0 ... DB18.DBX45.7 : $A_INSEP[1..32] $A_INSEP[33..64] External PLC outputs DB18.DBX46.0 ...DB18.DBX49.7 : DB18.DBX50.0 ...DB18.DBX53.7 : $A_OUTSEP[1..32] $A_OUTSEP[33..64] They are assigned bitwise in the user program. Configuration example: table // // Program excerpt FC96 - Assignment as shown in the Supply I/Os ==> SPL_DATA_INSEP // // U = E 76.0 "SPL".NOT_HALTE // EMERGENCY STOP switch // Door switch // U E = "SPL".TUERZUVER 76.1 U E = "SPL".NOT_QUIT U = E 76.5 "SPL".SCHLUESSEL // 76.3 // EMERGENCY STOP acknowledgement // // // // // // // Key-operated switch // (SBH de-selection) The logic operations are located here (SPL) Supply SPL_DATA_OUTSEP ==> I/Os U = "SPL".NOT_HALT1K // EMERGENCY STOP 1K A 48.2 // EMERGENCY STOP contactor K1 // $A_INSIP / $A_OUTSIP PLC The same procedure is applied to the internal SPL inputs or outputs: Internal SPL inputs DB18.DBX54.0 ... DB18.DBX57.7 : DB18.DBX58.0 ... DB18.DBX61.7 : $A_INSIP[1..32] $A_INSIP[33..64] The SGAs are output signals of the SI function and can be mapped to the DB18 variables $A_INSIP[n]. These can be read in the PLC-SPL and used as inputs for the logic operations. Internal SPL outputs DB18.DBX62.0 ...DB18.DBX65.7 : DB18.DBX66.0 ...DB18.DBX69.7 : $A_OUTSIP[1..32] $A_OUTSIP[33..64] The SGEs are input signals of the SI function and their values are assigned from the DB18 variables $A_OUTSIP[n]. These can be written in the PLC-SPL. 7-376 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL Configuration example: : the table Program excerpt FC96 - Assignment as shown in // // Logic operations (SPL) are located here (SPL) // // // Supply SPL_DATA_OUTSIP ==> DB31, DB32, DB33 U = "SPL".STOP_A_ABWS DB33.DBX 32.2 // STOP A for Spindle C // Drive interface Drive C U = = "SPL". STOP_A_ABWA // STOP A for Axes X, Z DB31.DBX 32.2 // Drive interface Drive X DB32.DBX 32.2 // Drive interface Drive Z // // // // Supply SPL_DATA_OUTSIP ==> DB31, DB32, DB33 U = = = "SPL". STOP_C_ABW DB31.DBX 32.3 DB32.DBX 32.3 DB33.DBX 32.3 // // // // STOP C for Drives X,Z,C Drive interface Drive X Drive interface Drive Z Drive interface Drive C // U "SPL". STOP_D_ABW // STOP D for Drives X,Z,C = = = DB31.DBX DB32.DBX DB33.DBX // Drive interface Drive X // Drive interface Drive Z // Drive interface Drive C U = = = "SPL".SBHABW DB31.DBX 22.1 DB32.DBX 22.1 DB33.DBX 22.1 // // // // SBH SBH SBH SBH U = = = "SPL".SG_BIT_0 DB31.DBX 22.3 DB32.DBX 22.3 DB33.DBX 22.3 // // // // SG SG SG SG 32.4 32.4 32.4 // de-selection de-selection Axis X de-selection Axis Z de-selection Spindle C // bit bit bit bit 0 0 0 0 selection Axis X Axis Z Spindle C This means that the output signals of the SPL are transferred to the axis interface (and therefore affect the outputs). Just like the systemology used in the NCK (one $A_OUTSI can be assigned to more than one SGE), one DB18 variable $A_OUTSIP can be assigned to more than one drive to equally supply SI functions in several axes. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-377 7 Configuring example 7.3 Safety Integrated with SPL 11.03 In order to be able to save intermediate states in the SPL logic, markers are defined. These markers must be supplied on the DB18 in accordance with their use in the NCK-SPL. $A_MARKERSIP PLC SPL markers DB18.DBX70.0 ...DB18.DBX73.7 : DB18.DBX74.0 ...DB18.DBX77.7 : $A_MARKERSIP[1..32] $A_MARKERSIP[33..64] Configuration example: Assignment as shown in the table The individual timers can be freely selected in the PLC - there are no associated DB18 signals in the NCK system variables $A_TIMERSI[n]. TIMER PLC Configuration example: Assignment as shown in the table Note The individual timers (NCK: $A_TIMERSI; PLC: freely selectable) are not listed at his point (refer to Chapter 7.3.10 "SPL programs") because they are not included in the crosswise data and result comparison. For the PLC-SPL, the name "SPL" or also a variable type (UDT18) can be assigned to DB18 in the symbol table. A sample module for the UTD18, that defines the DB18 signals can be obtained on request from the hotline (cf. Chapter 2.9). The symbolic variable names can then be adapted in this UDT18 and can be adapted to match the user program. Symbolic Excerpt from symbol editor 7-378 PLC symbol table Symbol Address SPL DB18 Data type UDT18 Comment Interface SPL data area (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7.3.4 Description 7 Configuring example 7.3 Safety Integrated with SPL Connecting-up the drives 1st alternative On the NCK side, terminals 663 and AS1/AS2 are supplied via inputs and outputs that are allocated to the SPL via machine data (MD10390/ MD10392). These inputs and outputs are monitored by the crosswise data comparison. To avoid undesirable crosswise data comparison errors, the behavior of the NCK must be emulated on the DB18 on the PLC side. Power can be supplied to terminal AS1 either from terminal 9 or an external +24 V power supply, depending on the cabinet configuration. SIMODRIVE 611D SIMODRIVE 611D Double axis module Single axis module Axis X, axis Z Spindle C 663 AS2 AS1 9 663 AS2 AS1 9 +24V NCK NCK Q3 Q4 Fig. 7-5 I7 I8 Circuit diagram Description The NCK SPL contains a copy procedure from the safe output signal pulse enable (SGA -> INSI) to an output (OUTSE -> terminal 663) and from an input (terminal AS1/AS2 -> INSE) to the safe input signal (OUTSI -> SGE) "pulses safely cancelled". INSI/OUTSI system variables are assigned to the SGE/SGA using axis-specific machine data and is listed in Chapter 7, "Variable declaration". Program NCK-SPL program excerpt ; ; -------------------------------------------------------; ------------- Supply, terminals AS1/AS2 and 663 -------; -------------------------------------------------------; ; N420 IDS=58 DO STAT_IMP_XZ = KL_AS12_XZ STAT_IMP_C = (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-379 7 Configuring example 7.3 Safety Integrated with SPL 11.03 N430 IDS=60 KL_AS12_C DO KL_663_XZ = IMP_FREI_XZ IMP_FREI_C KL_663_C = ; Description The PLC SPL cannot directly interrogate the status of terminals AS1/AS2 and terminal 663 . However, it can interrogate the bit "pulses safely cancelled" at the axis-specific drive interface. The signal status of the system variables used in the NCK SPL can be emulated using this signal (or group signal for dual-axis modules). This emulation must be programmed for each drive separately. Program FC96 program excerpt: // // ----- Supply, DB18 (terminals AS1/AS2 and 663) ----// Simulation of the NCK input (INSE variable) U U = DB31.DBX 108.2 DB32.DBX 108.2 "SPL".KL_AS12_XZ // Pulses cancelled Axis X // Pulses cancelled Axis Z // Terminal AS1 / AS2 U = DB33.DBX 108.2 "SPL". KL_AS12_C // Pulses cancelled Axis C // Terminal AS1 / AS2 // // Assignment INSE (AS1/AS2) -> OUTSI (SGE: Pulses cancelled) // Assignment -> INSI (SGA: Pulses enabled) // Assignment INSI (SGA Pulses enabled) -> OUTSE (terminal 663) U "SPL".KL_AS12_XZ = "SPL".STAT_IMP_XZ NOT = "SPL".KL_663_XZ = "SPL".IMP_FREI_XZ // Terminal AS1 / AS2 // Status, pulses cancelled U "SPL". = "SPL". NOT = "SPL". = "SPL". KL_AS12_C STAT_IMP_C // Terminal AS1 / AS2 // Status pulses cancelled KL_663_C IMP_FREI_C // Terminal 663 // Pulse enable C // Terminal 663 // Pulse enable X,Z // // Description 2nd alternative If a separate input and output byte are provided at the MCK I/Os to supply terminals 663 and AS1/AS2 in the cabinet configuration, then the programming shown above does not apply. Example: The two 663 terminals of the drive modules are connected to the second output byte of the DMP output module. This byte is not assigned to the NCK-SPL via machine data: MD: 10392 SAFE_OUT_HW_ASSIGN[0] = 01040201 H MD: 10392 SAFE_OUT_HW_ASSIGN[1] = 0 H Pulse cancellation by Safety Integrated is directly parameterized using the axisspecific safety machine data at the two outputs 9 and 10: (mixed operation of safety level 1 and safety level 2 (SPL logic)). Mixed mode NCK I/Os 7-380 When considering mixed mode for NCK I/Os used in conjunction with Safety Integrated, two cases must be taken into account. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL Case 1: Mixed mode standard I/Os and SI I/Os Generally, multiple assignments may be made for NCK inputs, i.e. the input can be used both as a standard input with an assignment to $A_IN[n] (assignment in machine data MD 10366), as an input for Safety Integrated level I (axial assignment in the machine data MD 36970 ... 36978) and also as an input for Safety Integrated level II (assignment in machine date MD 10390). However, multiple assignment only makes sense in particular cases. There is no restriction when assigning hardware to the NCK inputs. The situation is different for the NCK output devices: If an NCK output of a sub-module (output word) is assigned for the Safety Integrated function (Level I : MD 36980 to MD 36990 or Level II : MD 10392), then the outputs of this sub-module can no longer be used as standard output (MD 10368). This means that only wordwise mixed mode (per sub-module) is possible between the standard output devices and SI output devices. Case 2: Mixed mode SI I/Os (without SPL) and SI I/Os (with SPL) As described above, NCK inputs can be assigned a multiple number of times, i.e. the input or its image can be used both for an assignment in the axial machine data (MD 36970 ... MD 36978) and for the SPL I/Os (MD 10390). For the NCK outputs, bytewise mixed operation is possible. This means that if a byte of the sub-module is defined as SPL output (MD 10392), then the output signals on the second sub-module can be used for an assignment in the axial machine data (MD 36980 ... MD 36990). This is particularly recommended in conjunction with the signal "Pulses enabled" (MD 36986) so that there is no need to make an entry for the logic for this signal. 7.3.5 Description EMERGENCY STOP A contactless EMERGENCY STOP function is implemented with the SPL with the same level of safety as for an EMERGENCY STOP function implemented using contacts (in the Foreword to DIN EN 60204-1). Terminal 48 then no longer has to be connected. Terminals 64 and 63 are permanently connected to 24V (terminal 9). Terminal 48 must be isolated from the 24V supply using a leading contact of the main switch. The line contactor can be switched (if required) in the SPL after the drive pulses have been cancelled. It does not have to be implemented using two channels (e.g. only by the PLC). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-381 7 Configuring example 7.3 Safety Integrated with SPL 11.03 Circuit diagram Leading contact of power switch 0V NS1 NS2 9 64 63 113 48 19 111 ER_MODUL.DSF Fig. 7-6 Description 7-382 I/R module The two main contacts of the Emergency Stop button are supplied with 24 V (three-terminal concept) via the PLC output. This PLC output is used for the forced checking procedure of the inputs and outputs (refer to Chapter 7.3.6 "Test stop"). The individual circuits of the Emergency Stop button are separately connected to the PLC and NCK inputs. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL Circuit diagram PLC Q48.1 11 PLC 21 EMERGENCY STOP button 12 22 NCK I1 I76.0 NOTAUS1.DSF Fig. 7-7 Description EMERGENCY STOP button The power to the external actuators is disconnected in the cabinet using two contactors that are controlled redundantly by the PLC and the NC. The power contacts are connected in series and therefore disconnect the power through two channels when an EMERGENCY STOP is initiated. One signaling contact of each of the two contactors is connected in series to the input of the PLC. This PLC input is also used for the forced checking procedure of the inputs and outputs (refer to Chapter 7.3.6 "Test stop"). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-383 7 Configuring example 7.3 Safety Integrated with SPL 11.03 Circuit diagram -230V +24V PLC Q48.2 K1 13 21 14 22 13 21 14 22 NCK O1 K2 PLC I76.4 M Fig. 7-8 Description Disconnecting the power Emergency Stop is acknowledged through two channels using an acknowledgment button. This is connected to the +24 V power supply. The safety guidelines published by the German Institute for Occupational Safety state that this switch must be configured using two channels. If additional checkback signals (e.g. AS1/AS2) have to be included in the acknowledgement function, then these contacts should be included in the 24 V power supply of the two-channel acknowledgement button. Circuit diagram +24V PLC 11 21 Acknowledgement switch 12 22 I4 I76.3 Fig. 7-9 7-384 NCK Emergency Stop acknowledgment (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Description 7 Configuring example 7.3 Safety Integrated with SPL The "AND" and "OR" blocks shown in the logic diagram form a latching element, which is initialized by the acknowledgement button (NOT_QUIT /"SPL".NOT_QUIT) when the EMERGENCY STOP button (NOT_AUSE/"SPL".NOT_AUSE) is not actuated and which sets the internal EMERGENCY STOP signal (NOT_AUS/"SPL".NOT_AUS = "1") to "1". When the EMERGENCY STOP button is pressed (NOT_AUSE/"SPL".NOT_AUSE = "0") this initiates the contactless EMERGENCY STOP (NOT_AUS//"SPL".NOT_AUS = "0"). The "AND" function ensures that acknowledgement is not possible when an EMERGENCY STOP is present. The contactless EMERGENCY STOP brakes all drives with STOP C (nset = 0 ; STOP_C_ABW/"SPL". STOP_C_ABW = "0") and cancels the pulses for the axes after 1 second (STOP_A_A/"SPL". STOP_A_A = "0") and for the spindles after 5 seconds (STOP_A_S/"SPL". STOP_A_S = "0"). These times must be carefully adapted for each of the drives of the machine. If the machine configuration does not allow braking of any of the drives with STOP C (e.g. a grinding wheel), it is possible to make a distinction between the different types of drive and to brake the drives in question with STOP D (brake along a path) or STOP A (pulse cancellation). However, a STOP C is the fastest braking method (analog terminal 64 - I/R module). A hazard analysis must be conducted to determine whether any other STOP function is permissible. The Emergency Stop contactors K1 and K2 (NOT_AUS2K/ "SPL". NOT_AUS1K) are switched with the internal EMERGENCY STOP signal (NOT_AUS/"SPL".NOT_AUS = "1"). Function diagram >1 NOT_QUIT "SPL".NOT_QUIT NOT_AUSE "SPL".NOT_HALTE STOP_C_ABW "SPL".STOP_C_ABW NOT_HALT2K "SPL".NOT_HALT1K & OFF delay NOT_AUS "SPL".NOT_HALT STOP_A_A "SPL".STOP_A_A T=3s OFF delay STOP_A_S "SPL".STOP_A_S T=8s NOTAUS4.DSF Fig. 7-10 Program EMERGENCY STOP logic NCK-SPL program excerpt ; N100 N101 N102 N103 IDS=08 IDS=09 IDS=10 IDS=11 EVERY QUIT_PLC == 1 DO QUIT_REQUEST = 1 EVERY QUIT_PLC == 0 DO QUIT_REQUEST = 0 DO QUIT_MARKER = 0 EVERY NOT_HALTE == 0 DO QUIT_TIMER = 0 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-385 7 Configuring example 7.3 Safety Integrated with SPL 11.03 N104 IDS=12 EVERY NOT_HALTE == 1 DO QUIT_TIMER = -1 N105 IDS=13 EVERY QUIT_REQUEST == 1 DO QUIT_MARKER = (QUIT_TIMER<0.4) ; ------------------------------------------------------N110 IDS=14 DO NOT_HALT = NOT_HALTE AND (NOT_HALT OR NOT_QUIT OR QUIT_MARKER) ; N120 IDS=15 EVERY NOT_HALT == 0 DO TIMER1 = 0 N130 IDS=16 EVERY NOT_HALT == 1 DO STOP_A_A = 1 TIMER1=-1 N140 IDS=17 EVERY (TIMER1 > 1.0) AND NOT NOT_HALT DO TIMER1 = -1 STOP_A_A = 0 ; N150 IDS=18 EVERY NOT_HALT == 0 DO TIMER2 = 0 N160 IDS=20 EVERY NOT_HALT == 1 DO STOP_A_S = 1 TIMER2=-1 N170 IDS=22 EVERY (TIMER2 > 5.0) AND NOT NOT_HALT DO TIMER2 = -1 STOP_A_S = 0 ; N180 IDS=24 DO STOP_A_ABWA = STOP_A_A AND NOT TEST_STOPA ; N200 IDS=28 DO STOP_A_ABWS = STOP_A_S AND NOT TEST_STOPA ; N210 IDS=30 DO STOP_C_ABW = NOT_HALT AND NOT TEST_STOPC ; N220 IDS=32 DO STOP_D_ABW = NOT TEST_STOPD ; N230 IDS=34 DO NOT_HALT2K = NOT_HALT ; Lines N100-N105 are described in more detail in Chapter 7.3.6 "Test stop". The programming of the function chart starts in line N110 - where the acknowledgement button and the EMERGENCY STOP button are logically combined. They form the internal "EMERGENCY_STOP" signal. STOP C is selected with "EMERGENCY_STOP=0" (N210) and the timers for the axes (N120-N140) and the spindles (N150-N170) are started. When each of the timers has elapsed STOP A is triggered for the axes (N180) and the spindles (N200). STOP D is not used on the NC side but is combined in the test stop (refer to Chapter 7.3.6 "Test stop"). The power contactor K2 for the NC side is controlled using instruction line N 230. Program FC96 program excerpt: // // ---------- EMERGENCY STOP ---------// U "SPL".NOT_HALTE // EMERGENCY STOP button INSE 1 U( O "SPL".NOT_HALT // EMERGENCY STOP signal internal O "SPL".NOT_QUIT // Acknowledgement: Button O "SPL".QUIT_MARKER // Acknowledgement FC 97 ) = "SPL".NOT_HALT // EMERGENCY STOP signal internal // U "SPL".NOT_HALT // After pressing EMERGENCY STOP L S5T#1S // Load for 1 second SA T 20 // After pressing U T 20 // the EMERGENCY STOP = "SPL".STOP_A_A // STOP A: Axes X, Z // U "SPL".NOT_HALT // After pressing EMERGENCY STOP L S5T#5S // Load for 5 seconds SA T 21 // After pressing U T 21 // the EMERGENCY STOP = "SPL".STOP_A_S // STOP A: Spindle C // U "SPL".STOP_A_A // STOP A: Axes X, Z UN M 216.3 // Test external STOP A (FC 97) = "SPL".STOP_A_ABWA // De-select STOP A (X/Z) 7-386 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL // U UN = // U UN = // UN UN = // U = // Description "SPL".STOP_A_S M 216.3 "SPL".STOP_A_ABWS // STOP A: Spindle C // Test external STOP A (FC 97) // De-select STOP A (C) "SPL".NOT_HALT M 216.2 "SPL".STOP_C_ABW // EMERGENCY STOP signal internal // Test: External STOP C (FC 97) // De-select STOP C (X,Z,C) M 216.1 M 218.7 "SPL".STOP_D_ABW // Test: External STOP D (FC97) // STOP D dynamized (FC 97) // De-select STOP D (X,Z,C) "SPL".NOT_HALT "SPL".NOT_HALT1K // EMERGENCY STOP pressed // EMERGENCY STOP contactor K1 The structure of the PLC program is identical to that of the NCK-SPL. The additional acknowledgement of the EMERGENCY STOP ("SPL". QUIT_MARKER /DB18.DBX70.4) and the individual tests of the stop functions are described in detail in Chapter 7.3.6 "Test stop". On the PLC side the power contactor K1 is controlled using the last two instruction lines. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-387 7 Configuring example 7.3 Safety Integrated with SPL 7.3.6 11.03 Test stop The test stop is conducted at a suitable time (e.g. after eight hours have elapsed and the protective door has been opened). In order to perform various tests on the NC side, signals must be transferred from the PLC to the NCK. Description In this example, this is implemented by connecting the PLC outputs to the NCK inputs. Circuit diagram NCK PLC Test stop 1 Q49.0 Q49.1 Q49.2 Q49.3 Q49.4 Fig. 7-11 Test stop 2 Test: STOP A Test: STOP C Test: STOP D I9 I10 I11 I12 I13 SGE wiring to select test stop There are two ways of replacing this wiring by internal data transfer between the PLC and NCK. These two methods are described below. Supplying SGE to select test stop (NCK) without wiring Version 1: Data transfer via the FC 21 An example using of the FC21 is provided in the FC97 for an automatic EMERGENCY STOP acknowledgment after test stop phase III. The FC 21 is used to transfer a byte (the smallest transferable data structure for the FC 21) from the PLC to the NCK via the dual-port RAM (DPR). An equivalent method to this is to define for each test stop step (test stop 1, test stop 2, test STOP A, test STOP C, test STOP D) a byte value that corresponds to the particular step. Example: Excerpt from an SPL program that shows how to proceed (this is not part of the actual configuration example). ;DEFINITIONS (relevant sections only) ; ; ---- Internal interfaces: OUTSI -> SI-SGE; ; N6500 DEFINE TESTSTOP_1 AS $A_OUTSI[9] ; vgl. MD 36975 N6600 DEFINE TESTSTOP_2 AS $A_OUTSI[10] ; vgl. MD 36975 ; ; ---- Internal interfaces: Markers ; N8700 DEFINE TEST_STOPA N8800 DEFINE TEST_STOPC N8900 DEFINE TEST_STOPD ; 7-388 AS $A_MARKERSI[11] AS $A_MARKERSI[12] AS $A_MARKERSI[13] (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL ; ----- TEST STOP TRIGGER via PLC ; N9700 DEFINE TESTST_PLC AS $A_DBB[5] ; ; ----- GENERAL DEFINITIONS ; N9900 DEFINE BIT_0 N10000 DEFINE BIT_1 N10100 DEFINE BIT_2 N10200 DEFINE BIT_3 N10300 DEFINE BIT_4 N10400 DEFINE BIT_5 N10500 DEFINE BIT_6 N10600 DEFINE BIT_7 AS 1 AS 2 AS 4 AS 8 AS 16 AS 32 AS 64 AS 128 ; PROGRAM EXCERPT (relevant sections only) ; Test stop (forced checking procedure / Phase 1/2) N14000 IDS=41 EVERY TESTST_PLC == BIT_0 DO TESTSTOP_1 = 1 N14100 IDS=42 EVERY TESTST_PLC == BIT_1 DO TESTSTOP_2 = 1 ; Test stop (external stops / STOP A/C/D) N14200 IDS=43 EVERY TESTST_PLC == BIT_2 DO TEST_STOPA = 1 N14300 IDS=44 EVERY TESTST_PLC == BIT_3 DO TEST_STOPC = 1 N14400 IDS=45 EVERY TESTST_PLC == BIT_4 DO TEST_STOPD = 1 ; The markers TEST_STOPA, TEST_STOPC, TEST_STOPD are also combined into the STOP A, STOP C, STOP D de-selection in a similar way to the SPL program of the configuration examples. The byte in the dual port RAM ($A_DBB[5] "TESTST_PLC") is assigned the value for the actual test step via the FC 21 from the PLC program, i.e. the transfer FC 21 is active for the test stops. Version 2: Data transfer via the simulated NCK-I/Os It is also possible to replace the wiring by a bitwise (bit-serial) data transfer via the DB 10. Limitations $MN_FASTIO_DIG_NUM_INPUTS MD 10350 Number of digital I bytes: 1...5 (standard value 1 - onboard inputs) MD 10360 $MN_FASTIO_DIG_NUM_OUTPUTS Number of digital Q bytes: 1...5 (standard value 0) To use the function for data transfer, MD 10350 and 10360 must be set depending on how many bytes are to be used for data exchange. If real inputs and outputs are present, they can be used regardless of SI. In this case, MD 10366 $MN_HW_ASSIGN_DIG_FASTIN and MD 10368 $MN_HW_ASSIGN_DIG_FASTOUT must be set in accordance with the hardware configuration. Data exchange can only be used for bytes for which there are no real inputs and outputs. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-389 7 Configuring example 7.3 Safety Integrated with SPL 11.03 Data exchange between NCK -> PLC $A_IN[1..8] $A_IN[9..40] -> -> DB10.DBB60 DB10.DBB186..189 $A_OUT[1..8] $A_OUT[9..40] -> -> DB10.DBB64 DB10.DBB190..193 $A_OUT variables can be written in the NC program e.g. $A_OUT[n] = 1 Data exchange between PLC -> NC $A_IN[1..8] $A_IN[9..40] -> -> DB10.DBB1 DB10.DBB123..129 $A_OUT[1..8] $A_OUT[9..40] -> -> DB10.DBB6 DB10.DBB130..141 $A_IN variables can be read in the NC program To implement data transfer for the test stop, a bit is allocated to each test stop step. The further implementation can be seen from the above SPL program excerpt. Test stop phase 1 marker 211.1) Start Pulses of drives X, Z, C not disabled no yes Triggering of test stop on PLC side Drive X, C: DB3x.DBX23.7 FC 60 internal Triggering of test stop on NCK side Drive X, C: Q89.0 FC 60 internal Checkback signal Pulses safely Drive X, C: DB3x.DBX108.2 FC 60 internal no Check signal Pulses safely disabled Drive X, C: DB3x.DBX108.2 FC 60 internal yes Triggering of test stop on PLC side Drive Z: DB3x.DBX23.7 FC 60 internal no yes Cancellation of test stop on PLC side FC 60 internal Canellation of test stop on NCK side FC 60 internal Test stop step 1 yes Cancellation of test stop on PLC side FC 60 internal no Checkback signal Pulses safely disabled Drive Z: DB3x.DBX108.2 FC 60 internal no yes Cancellation of test stop on NCK side FC 60 internal End of test stop phase 1 M 216.0 FUNKPLAN.DSF Fig. 7-12 Checkback signal Pulses safely disabled Drive Z: DB3x.DBX108.2 FC 60 internal Triggering of test stop on NCK side Drive Z: Q89.1 FC 60 internal Function chart FC97 program excerpt: // // ----- Forced checking procedure of the pulse cancellation ----UN M 211.0 // Monitoring time of 8 hours L S5T#2H40M // Load for 2 hours and 40 minutes SE T 30 // Start Timer 30 // U T 30 // After 160 minutes L S5T#2H40M // Load for 2 hours and 40 minutes 7-390 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL SE T 31 // Start Timer 31 U L SE T 31 S5T#2H40M T 32 // After 160 minutes // Load for 2 hours and 40 minutes // Start Timer 32 U UN UN UN UN U U U S S T 32 E 76.1 DB31.DBX108.2 DB32.DBX108.2 DB33.DBX108.2 DB31.DBX110.5 DB32.DBX110.5 DB33.DBX110.5 M 211.1 M 211.0 // // // // // // // // // // // // // CALL FC Description 60 start := M 211.1 // reset := E 3.7 num_axis := 2 // test_axis_1 := 1 // test_axis_2 := 3 // After 540 minutes Door not closed and interlocked Pulses not cancelled (X) Pulses not cancelled (Z) Pulses not cancelled (C) Axis X stopped Axis Z stopped Spindle C stopped Start test step 1 Reset monitoring time Start test stop 1 // RESET/MCP Number of drives Drive number Axis X Drive number Spindle C After test stop step 1 has been completed, the external STOPs are tested. The test sequence is implemented by a simple sequence control in which the external STOPs D, C, A are triggered one after the other in the PLC and then in the same sequence in the NCK. The STOPs are checked by reading back the safe output signals "STOP D, C, A active" into the PLC. The sequence does not wait for the individual stops to be de-selected before the next stop is tested. This is because the external stop with a higher priority de-activates the external stop with a lower priority! (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-391 7 Configuring example 7.3 Safety Integrated with SPL 11.03 Test stop phase 2 (M 216.0) Start Pulses on drives X, Z, C not safely disables No Yes STOP D is triggered on STOP D is triggered on PLC side (M 216.1) NCK side (M 216.5 / A 49.4) Yes Yes Checkback signal STOP D active DB3x.DBX111.6 No Checkback signal STOP D No activeDB3x.DBX111.6 Yes Yes STOP C is triggered on STOP C is treiggered on PLC side (M 216.2) NCK side (M 216.6 / A 49.3) Checkback signal STOP C Checkback signal STOP C active DB3x.DBX111.5 active DB3x.DBX111.5 Yes Yes STOP A is triggered on No PLC side (M 216.3) STOP A is triggered on NCK side (M 216. 7/ A 49.2) No Yes Yes Checkback signal STOP A Checkback signal STOP A active DB3x.DBX111.4 active DB3x.DBX111.4 Yes Yes Check STOP A not active Check STOP A not active DB3x.DBX111.4 / M 216.4 DB3x.DBX111.4 / M 217.0 End of test stop phase 2 M217.1 TESTS3_00.DSF Fig. 7-13 Flowchart Note If the sequence control stops at a particular point because a checkback signal has not been received, STOP D is triggered after the crosswise data comparison tolerance time. After the error has been corrected, the error can be acknowledged with a reset and the particular test stop completed. If the Emergency Stop button is actuated during test stop step 2, the sequence control stops at its current position. As soon as the Emergency Stop is acknowledged, the test phase is completed. 7-392 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL Test stop step 2 FC97 program excerpt //Forced checking procedure of the external STOPs A ,C and D // U M 216.0 // Start test stop step 2 UN DB31.DBX 108.2 // Axis X Pulses not safely cancelled UN DB32.DBX 108.2 // Axis Z pulses not safely cancelled UN DB33.DBX 108.2 // Spindle C pulses not safely cancelled S M 216.1 // Initiate Stop D on PLC FC96 R M 216.0 // Reset Start test stop step 2 // U M 216.1 // Check Stop D on the PLC side U DB31.DBX 111.6 // STOP D active Axis X U DB32.DBX 111.6 // STOP D active Axis Z U DB33.DBX 111.6 // STOP D active Spindle C S M 216.2 // Initiate Stop C on the PLC side FC96 R M 216.1 // Reset Check Stop D PLC // U M 216.2 // Check Stop C on the PLC side U DB31.DBX 111.5 // STOP C active Axis X U DB32.DBX 111.5 // STOP C active axis Z U DB33.DBX 111.5 // STOP C active Spindle C S M 216.3 // Initiate Stop A on the PLC side FC96 R M 216.2 // Reset Check Stop C PLC // U M 216.3 // Check Stop A on the PLC side U DB31.DBX 111.4 // STOP A/B active Axis X U DB32.DBX 111.4 // STOP A/B active Axis Z U DB33.DBX 111.4 // STOP A/B active Spindle C S M 216.4 // Check: STOP A (PLC) not active R M 216.3 // Reset Check Stop A PLC // U M 216.4 // Check: STOP A (PLC) not active UN DB31.DBX 111.4 // STOP A/B active Axis X UN DB32.DBX 111.4 // STOP A/B active Axis Z UN DB33.DBX 111.4 // STOP A/B not active Spindle C S M 216.5 // Initiate Stop D on the NCK side R M 216.4 // Reset Check STOP A PLC // U M 216.5 // Initiate Stop D on the NCK side = A 49.4 // See circuit diagram and NCK-SPL // U M 216.5 // Check Stop D on the NCK side U DB31.DBX 111.6 // STOP D active Axis X U DB32.DBX 111.6 // STOP D active Axis Z U DB33.DBX 111.6 // STOP D active Spindle C S M 216.6 // Initiate Stop C on the NCK side R M 216.5 // Reset Check Stop D NCK // U M 216.6 // Initiate Stop C on the NCK side = A 49.3 // See circuit diagram and NCK-SPL // U M 216.6 // Check Stop C on the NCK side U DB31.DBX 111.5 // STOP C active Axis X U DB32.DBX 111.5 // STOP C active axis Z U DB33.DBX 111.5 // STOP C active Spindle C S M 216.7 // Initiate Stop A on the NCK side R M 216.6 // Reset Check Stop C NCK // U M 216.7; // Initiate Stop A on the NCK side = A 49.2; // See circuit diagram and NCK-SPL // U M 216.7 // Check Stop A on the NCK side U DB31.DBX 111.4 // STOP A/B active Axis X U DB32.DBX 111.4 // STOP A/B active Axis Z U DB33.DBX 111.4 // STOP A/B active Spindle C S M 217.0 // Check: STOP A (NCK) not active R M 216.7 // Reset Check Stop A NCK // U UN UN UN S M 217.0 DB31.DBX 111.4 DB32.DBX 111.4 DB33.DBX 111.4 M 217.1 R M 217.0 // // // // // Check: STOP A (NCK) not active// STOP A/B active Axis X STOP A/B active Axis Z STOP A/B not active Spindle C Start forced checking procedure at inputs // Reset check: STOP A NCK // (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-393 7 Configuring example 7.3 Safety Integrated with SPL 11.03 After completion of test stop step 2, marker 217.1 is set and the forced checking procedure for the inputs is started. The forced checking procedure is performed in the following sequence. Description Forced dormant error detection of inputs and outputs Start Forced dormant error detection output PLC : Reset Q48.1 Drop-out time contactors Check: Checkback input PLC: I76.4 both contactors dropped out no no STOP D triggered on PLC side yes Forced dormant error detection output PLC : Q48.1 enabled yes Error diagnostics RESET ==> error check Error corrected ?= Backup time yes Check: EMERGENCY STOP actuated during test phase no Automatic emergency stop acknowledgment by PLC automatic Acknowledgment by PLC-SPL : DB18.DBX70.4 End offset automatic A data byte is transferrred from the PLC with FC21 and evaluated by the NCK-SPL Acknowledgment by NCK-SPL: QUIT_MARKER without acknowledgment TESTS04.DSF Fig. 7-14 Flowchart Note If an EMERGENCY STOP is triggered during the forced checking procedure of the input and outputs, automatic acknowledgement is interrupted and the test step is terminated. If an error occurred while checking the checkback input and EMERGENCY STOP is actuated, acknowledgement is only possible after the error has been removed (diagnostics) of the checkback input by the RESET button. Testing the external inputs and outputs 7-394 FC97 program excerpt // // ------ Forced checking procedure of the inputs/outputs -----// U M 217.1 // Start forced checking procedure for M217.1=1 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL U S R R DB18.DBX 70.1 // Emergency stop not actuated M 218.0 // Check Emergency Stop inputs M 217.1 // Reset: Start forced checking procedure A 48.1 // PLC forced checking procedure output U L SE M 218.0 // Check Emergency Stop inputs S5T#120MS // Drop-out time of contactor T 22 // Set Timer 22 U UN T A 22 // After drop-out time of contactor 48.1 // PLC forced checking procedure output UN E 76.4 // Error case, checkback contactor input = S S M A 218.7 48.1 // Initiate Stop D ( see FC96) // PLC forced checking procedure output U UN T A 22 // After drop-out time of contactor 48.1 // PLC forced checking procedure output U E 76.4 // Good case, checkback input of contactor S S M A 218.1 48.1 // Start acknowledgement // PLC forced checking procedure output R U U U U M T E E E 218.0 // Check Emergency Stop inputs 22 // After drop-out time of contactor 3.7 // RESET/MCP 76.0 // Emergency Stop (PLC) not actuated 76.4 // Forced checking procedure input E76.4 = S R R M M M 218.1 218.0 218.7 U L SE M 218.1 // Start acknowledgement S5T#50MS // Delay time for Emergency Stop inputs T 23 // Set Timer 23 U UN R T E M 23 // Delay time for Emergency Stop inputs 76.0 // Emergency Stop actuated 218.1 // Reset acknowledgement U U U T E E 23 // Delay time for Emergency Stop inputs 76.0 // Emergency stop not actuated 76.4 // Forced checking procedure input E76.4 = S S R DB18.DBX 70.4 // Acknowledge EMERGENCY STOP PLC M 218.2 // Acknowledge EMERGENCY STOP NCK M 218.1 // Check: EMERGENCY STOP U L SE DB18.DBX 70.4 // Acknowledge EMERGENCY STOP PLC S5T#200MS // Delay time: Acknowledge NCK/PLC T 24 // Set Timer 24 U S R T M M // // // 0 // // =1 // 1 // Start acknowledgement // Check EMERGENCY STOP inputs // Withdraw Stop D // // // 1 // // 24 // Acknowledge EMERGENCY STOP 218.3 // Withdraw acknowledgement NCK 218.2 // Acknowledge EMERGENCY STOP NCK // UN M 218.2 SPB QUI1 // Acknowledge EMERGENCY STOP NCK // Do not acknowledge NCK (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-395 7 Configuring example 7.3 Safety Integrated with SPL 11.03 // L T 1 // Load 1 MB 194 // Transfer marker byte 194 // QUI1: UN M 218.3; // Withdraw NCK acknowledgment SPB QUI2; // L 0; // Load 0 T MB 194; // Transfer marker byte 194 // QUI2: NOP 0; // // CALL FC 21 ( Enable := DB18.DBX 70.4, Funct := B#16#4, S7Var := P#M 194.0 BYTE 1, IVAR1 := 4, IVAR2 := -1, Error := M 218.4, ErrCode := MW 188); // U M 218.3; // Withdraw acknowledgement NCK U DB18.DBX 70.1; // Acknowledgment EMERGENCY STOPPLC o.k. UN DB18.DBX 110.1; // No difference between NCK/PLC UN M 218.4; // No error during transfer R DB18.DBX 70.4; // Acknowledge EMERGENCY STOP PLC R M 218.3; // Reset: Withdraw acknowledgement NCK R M 211.0; // Start monitoring time of 8 hours Description After the PLC has started the automatic acknowledgement, the EMERGENCY STOP on the PLC side is acknowledged using the SPL marker "SPL".QUIT_MARKER/ DB18.DBX70.4. When acknowledgement is started, an S7 variable (MB194) is transferred using FC21 with a value of "1" and is then evaluated by the NCK-SPL in lines N100 to N105. The PLC (FC 21) can only transfer data to the NC with a minimum length of one byte. This byte can be read in the synchronous actions by system variable $A_DBB[n]. However, the binary logic operations "AND" and "OR" cannot combine a bit with a byte so that the byte sent ($A_DBB[4]) must be converted to a bit ($A_MARKERSI[3] / QUIT_REQUEST) (lines N100/N101). As a result of lines N102 to 105, automatic acknowledgment is only permitted if the "1" signal level of the NCK EMERGENCY STOP input is not interrupted for longer than 400 ms. In order to check this time, a timer is started (line N103) when the signal level changes from "1" to "0" at the EMERGENCY STOP input. This is checked when automatic acknowledgment is to be made. An acknowledgment is only issued if the time is < 400 ms. Otherwise an attempt to automatically acknowledge an EMERGENCY STOP will be prevented. This additional safeguard is necessary because at this point EMERGENCY STOP is acknowledged using a single-channel by the PLC in both SPL programs. The acknowledgement request on the NCK side (QUIT_REQUEST/QUIT_MARKER) and the PLC side ("SPL".QUIT_MARKER) are located at different SPL markers (MARKERSI[3,4,5]) in order to detect the error that each acknowledgement request has the static status "1". Program 7-396 DEFINE QUIT_PLC AS $A_DBB[4] ; ; ------------------------------------------------------; --------------------- EMERGENCY STOP -----------------; ------------------------------------------------------- (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL ; N100 N101 N102 N103 N104 N105 IDS=08 IDS=09 IDS=10 IDS=11 IDS=12 IDS=13 EVERY QUIT_PLC == 1 DO QUIT_REQUEST = 1 EVERY QUIT_PLC == 0 DO QUIT_REQUEST = 0 DO QUIT_MARKER = 0 EVERY NOT_HALTE == 0 DO QUIT_TIMER3 = 0 EVERY NOT_HALTE == 1 DO QUIT_TIMER3 = -1 EVERY QUIT_REQUEST == 1 DO QUIT_MARKER = (QUIT_TIMER3<0.4) ; ------------------------------------------------------------N110 IDS=14 DO NOT_HALT = NOT_HALTE AND (NOT_HALT OR NOT_QUIT OR QUIT_MARKER) After 200 ms (T24) has elapsed acknowledgement is cancelled by transferring the S7 variable with value "0" (MB194): Forced checking procedure of the inputs and outputs is completed as soon as the variables have been sent in FC21. Note The time for timer 22 must be matched to the drop-out time of the contactors used. The times for timers 23 and 24 are dependent on the PLC cycle time and have to be appropriately adapted. 7.3.7 Description Protective door interlocking In this example, the two-channel door switch checkback signal "Door closed and interlocked" is used and connected to one input of the NCK I/Os and one input of the PLC I/Os. The door switch is monitored through two channels by the crosswise data comparison of the NCK and PLC inputs. The signal is available as INSE[2]/TUERZUVER and INSEP[2]/"SPL".TUERZUVER for programming the NCK-SPL and PLC-SPL. The door solenoid is enabled by the PLC so that the request to "open door" is made with a single-channel button (e.g. MCP). The signal "Door closed" from the door switch is also made available to the PLC to automatically interlock the door switch with the door solenoid when the protective door is closed. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-397 7 Configuring example 7.3 Safety Integrated with SPL Circuit diagram 11.03 PLC Q 48.1 +24V 13 Door button open 14 13 21 31 I1 22 32 I2 14 closed SIGUARD Door switch PLC NCK I76.3 I76.1 I76.2 I2 SCHALTPL.DSF Fig. 7-15 Wiring of the door switch Note If external devices and equipment (hydraulics, cooling water, etc.) are to be powered-down/disconnected when the door is opened, then in this case, the same contactor circuit should be used as for the Emergency Stop (K1/K2). This means that an output must be supplied, in the PLC-SPL ($A_OUTSEP[n]) as well as in the NCK-SPL ($A_OUTSE[n]) that drops-out when the door opens. The checkback input must be checked every time the protective door is opened, or even better, integrated into the forced checking procedure of the inputs/outputs (error response STOP D from PLC) - if it is not certain that the door will be opened once within eight hours. 7.3.8 De-selecting SBH via the key-operated switch The safe operating stop is not active when the protective door is closed. When the door is open, the operator can switch between safe operating stop and safely-reduced speed using a key-operated switch. In addition, the switch setting in the PLC can be used to select one of the NC operating modes. 7-398 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL Circuit diagram +24V 13 14 PLC 23 24 Keyswitch NCK I5 I76.5 SBH01.DSF Fig. 7-16 Wiring of the key-operated switch Function chart DOOR CLOSER >1 SBHABW KEYSWITCH FUNKPL03.DSF Fig. 7-17 Program Function chart, SBH de-selection NCK-SPL program excerpt ; ; --------------------------------------------------------------------------------------; ---------SBH DE-SELECTION VIA KEY-OPERATED SWITCH ----; --------------------------------------------------------------------------------------; ; N380 IDS=50 DO SBHABW = KEY OR DOOR ; Program FC96 program excerpt: // // -------SBH de-selection using the key-operated switch -----// // U "SPL".SCHLUESSEL // Key-operated switch O "SPL".TUERZUVER // Door closed and interlocked = "SPL".SBHABW // SBH de-selection Machine data The standstill tolerance is saved in the axis-specific machine data and in the drive machine data (FD/MSD). 36930 / 1330 SAFE_STANDSTILL_TOL (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-399 7 Configuring example 7.3 Safety Integrated with SPL 7.3.9 11.03 SG changeover Description The SG stage is selected via the status of the protective door. When the protective door is opened, SG stage 1 (SG1=2 m/min; SG1=50 RPM) is active and when the protective door is closed, SG stage 2 (SG2=10 m/min; SG2 = 2000 RPM) is active. The speed limits are saved in the axis-specific machine data and in the drive machine data (FD/MSD). Machine data 36931 / 1331 SAFE_VELO_LIMIT[0/1] Function chart & DOOR CLOSER SG-BIT 0 FUNKPL04.DSF Fig. 7-18 Program Function chart, SG selection NCK-SPL program excerpt ; ; ------------------------------------------------------- ; ------------- SG selection via protective door --------; ------------------------------------------------------; ; N390 IDS=52 DO SG_BIT_O = DOOR CLOSED ; Program FC96 program excerpt: // // ------- SG selection using the key-operated switch -------// // U "SPL".TUERZUVER // Door closed and interlocked = "SPL".SG_BIT_0 // SG bit0 // 7-400 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7.3.10 7 Configuring example 7.3 Safety Integrated with SPL NCK-SPL %_N_SAFE_SPF ;$PATH=/_N_CST_DIR ; SAFE_CHECKSUM = 000429caH ; ========================================================= == ; File: safe.spf ; Author: ; Creation date: ; ------------------------------------------------------; "Drives: one spindle + two feed drives" ; "Contactless EMERGENCY STOP + forced checking procedure ; "Test stop" ; "SBH/SG selection using the key-operated switch when the protective door is open" ; ==================================================== ; ; ---- External interfaces ---; DEFINE NOT_HALTE AS $A_INSE[1] DEFINE TUERZUVER AS $A_INSE[2] DEFINE NOT_QUIT AS $A_INSE[4] DEFINE SCHLUESSEL AS $A_INSE[5] DEFINE KL_AS12_XZ AS $A_INSE[7] DEFINE KL_AS12_C AS $A_INSE[8] DEFINE TESTSTOP1E AS $A_INSE[9] DEFINE TESTSTOP2E AS $A_INSE[10] DEFINE TEST_STOPA AS $A_INSE[11] DEFINE TEST_STOPC AS $A_INSE[12] DEFINE TEST_STOPD AS $A_INSE[13] ; DEFINE NOT_HALT2K AS $A_OUTSE[1] DEFINE KL_663_XZ AS $A_OUTSE[3] DEFINE KL_663_C AS $A_OUTSE[4] ; ; ; ---- Internal interfaces ---DEFINE IMP_FREI_XZ AS $A_INSI[1] DEFINE IMP_FREI_C AS $A_INSI[2] ; DEFINE STOP_A_ABWS AS $A_OUTSI[1] DEFINE STOP_A_ABWA AS $A_OUTSI[2] DEFINE STOP_C_ABW AS $A_OUTSI[3] DEFINE STOP_D_ABW AS $A_OUTSI[4] DEFINE SBHABW AS $A_OUTSI[5] DEFINE SG_BIT_O AS $A_OUTSI[6] DEFINE TEST1STOP AS $A_OUTSI[7] DEFINE TEST2STOP AS $A_OUTSI[8] DEFINE STAT_IMP_XZ AS $A_OUTSI[9] DEFINE STAT_IMP_C AS $A_OUTSI[10] ; ; ; ; ---- Marker ---DEFINE MERK1 AS $A_MARKERSI[1] DEFINE NOT_HALT AS $A_MARKERSI[2] DEFINE QUIT_REQUEST AS $A_MARKERSI[3] DEFINE QUIT_MARKER AS $A_MARKERSI[4] DEFINE STOP_A_A AS $A_MARKERSI[7] DEFINE STOP_A_S AS $A_MARKERSI[8] ; ; ; ---- Timer ---DEFINE TIMER1 AS $A_TIMERSI[1] DEFINE TIMER2 AS $A_TIMERSI[2] DEFINE QUIT_TIMER3 AS $A_TIMERSI[3] ; ; ; ---- EMERGENCY STOP acknowledgment via PLC ---DEFINE QUIT_PLC AS $A_DBB[4] ; ; ; ------------------------------------------------------N0040 MSG("SPL Start") (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-401 7 Configuring example 7.3 Safety Integrated with SPL 11.03 ; ------------------------------------------------------; ; ------------------------------------------------------; --------------------- EMERGENCY STOP -----------------; ------------------------------------------------------; ; N100 IDS=08 EVERY QUIT_PLC == 1 DO QUIT_REQUEST = 1 N101 IDS=09 EVERY QUIT_PLC == 0 DO QUIT_REQUEST = 0 N102 IDS=10 DO QUIT_MARKER = 0 N103 IDS=11 EVERY NOT_HALTE == 0 DO QUIT_TIMER3 = 0 N104 IDS=12 EVERY NOT_HALTE == 1 DO QUIT_TIMER3 = -1 N105 IDS=13 EVERY QUIT_REQUEST == 1 DO QUIT_MARKER = (QUIT_TIMER3<0.4) ; ------------------------------------------------------------N110 IDS=14 DO NOT_HALT = NOT_HALTE AND (NOT_HALT OR NOT_QUIT OR QUIT_MARKER) ; N120 IDS=15 EVERY NOT_HALT == 0 DO TIMER1 = 0 N130 IDS=16 EVERY NOT_HALT == 1 DO STOP_A_A = 1 TIMER1 = -1 N140 IDS=17 EVERY (TIMER1 > 1.0) AND NOT NOT_HALT DO TIMER1 = -1 STOP_A_A = 0 ; N150 IDS=18 EVERY NOT_HALT == 0 DO TIMER2 = 0 N160 IDS=20 EVERY NOT_HALT == 1 DO STOP_A_S = 1 TIMER2 = -1 N170 IDS=22 EVERY (TIMER2 > 5.0) AND NOT NOT_HALT DO TIMER2 = -1 STOP_A_S = 0 ; N180 IDS=24 DO STOP_A_ABWA = STOP_A_A AND NOT TEST_STOPA ; N200 IDS=28 DO STOP_A_ABWS = STOP_A_S AND NOT TEST_STOPA ; N210 IDS=30 DO STOP_C_ABW = NOT_HALT AND NOT TEST_STOPC ; N220 IDS=32 DO STOP_D_ABW = NOT TEST_STOPD ; N230 IDS=34 DO NOT_HALT2K = NOT_HALT ; ; ; -----------------------------------------------------; ----SBH DE-SELECTION USING THE KEY-OPERATED SWITCH ---; ------------------------------------------------------; ; N380 IDS=50 DO SBHABW = SCHLUESSEL OR TUERZUVER ; ; ; ------------------------------------------------------; ---------- SG selection via protective door-----------; ------------------------------------------------------; ; N390 IDS=52 DO SG_BIT_O = TUERZUVER ; ; ; -----------------------------------------------------; ------------------ TEST STOP -------------------------; ------------------------------------------------------- ; ; N400 IDS=54 DO TEST1STOP = TESTSTOP1E N410 IDS=56 DO TEST2STOP = TESTSTOP2E ; ; ; ------------------------------------------------------; ----- Supply terminals AS1/AS2 and 663 ------------; -----------------------------------------------------; ; N420 IDS=58 DO STAT_IMP_XZ = KL_AS12_XZ STAT_IMP_C = KL_AS12_C N430 IDS=60 DO KL_663_XZ = IMP_FREI_XZ KL_663_C = IMP_FREI_C ; ; ----------------------------------------------------N1040 MSG("SPL active") ; ----------------------------------------------------N1070 M17 7-402 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL 7.3.11 PLC blocks FUNCTION FC 95: VOID TITLE = VERSION : 0.1 BEGIN NETWORK TITLE = U U FP = M 210.0; // ASUB start marker from OB100 DB10.DBX 108.5; // Drive group and terminal block // run-up M 210.1; // Start edge marker PI service M 210.2; // Start cycle marker PI service U S M M // 210.2; 210.3; // Start cycle marker PI service // Start PI service // CALL FB 4 , DB Req PI service Unit Addr1 Addr2 WVar1 WVar2 WVar3 WVar4 Error Done State 121 ( // PI service interrupt number and priority := M 210.3,// Start PI service := P#DB16.DBX 18.0 BYTE 26,// PI service ASUB := 1, := P#DB120.DBX 34.0 BYTE 34,// Program path := P#DB120.DBX 0.0 BYTE 34,// Program name := W#16#1,// Interrupt number = 1 := W#16#1,// Priority = 1 := W#16#0,// LIFTFAST = 0 := W#16#0,// BLKSYNC := DB120.DBX 68.0,// Error occurred := DB120.DBX 68.1,// Task, error-free := DB120.DBW 70); // Error code // U S R DB120.DBX 68.1; M 210.4; M 210.3; // Task successfully (error-free) completed // Start ASUB // Reset PI service Start ASUB // // CALL FC 9 ( Start ChanNo IntNo Active Done Error StartErr Ref := := := := := := := M 210.4,// Start ASUB 1,// Channel number 1 1,// Interrupt number 1 DB120.DBX 72.0,// ASUB active DB120.DBX 72.1,// Task completed DB120.DBX 72.3,// Error occurred DB120.DBX 72.4,// Interrupt number missing := DB120.DBW 74);// Memory range internal // U S R R DB120.DBX 72.1; M 210.7; M 210.0; M 210.4; // Task completed ==> ASUB running // Reset ASUB start marker from OB100 // Reset start ASUB // END_FUNCTION (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-403 7 Configuring example 7.3 Safety Integrated with SPL 11.03 FUNCTION FC 96: VOID TITLE = VERSION : 0.1 BEGIN NETWORK TITLE =Supply I/Os with signals from/to PLC-SPL // Supply I/Os ==> SPL_DATA_INSEP // U = E 76.0; "SPL".NOT_HALTE; // EMERGENCY STOP button U = E 76.1; "SPL".TUERZUVER; // Door switch (closed and interlocked) U = E 76.3; "SPL".NOT_QUIT; // EMERGENCY STOP acknowledgement // // // U E 76.5; = "SPL".SCHLUESSEL; // Key-operated switch (SBH de-selection) NETWORK TITLE = // ---------- EMERGENCY STOP ---------U "SPL".NOT_HALTE; // EMERGENCY STOP button INSE 1 U( ; O "SPL".NOT_HALT; // EMERGENCY STOP signal internal O "SPL".NOT_QUIT; // EMERGENCY STOP acknowledgement O "SPL".QUIT_MARKER; // EMERGENCY STOP acknowledgement forced checking procedure ) ; = "SPL".NOT_HALT; // EMERGENCY STOP signal internal // U "SPL".NOT_HALT; // After pressing L S5T#1S; // Load for 1 second SA T 20; // After pressing U T 20; // EMERGENCY STOP = "SPL".STOP_A_A; // Intermediate marker STOP A for axes X,Z // U "SPL".NOT_HALT; // EMERGENCY STOP L S5T#5S; // Load for 5 seconds SA T 21; // After pressing U T 21; // EMERGENCY STOP = "SPL".STOP_A_S; // Intermediate marker STOP A for spindle C // U "SPL".STOP_A_A; //Intermediate marker STOP A for axes X,Z UN M 216.3; // Test external STOP A (see FC97) = "SPL".STOP_A_ABWA; // STOP A for axes X, Z // U "SPL".STOP_A_S; // Intermediate marker STOP A for spindle C UN M 216.3; // Test: external STOP A (see FC97) = "SPL".STOP_A_ABWS; // STOP A for spindle C // U UN = "SPL".NOT_HALT; M 216.2; "SPL".STOP_C_ABW; // EMERGENCY STOP signal internal // Test: external STOP C (see FC97) // De-select STOP C AN UN = M 216.1; M 216.7; "SPL".STOP_D_ABW; // Test: external STOP D (see FC97) // STOP D for forced checking procedure // De-select STOP D U = "SPL".NOT_HALT; "SPL".NOT_HALT1K; // EMERGENCY STOP // EMERGENCY STOP contactor // // // // // ---- SBH de-selection using the key-operated switch---// // U "SPL".SCHLUESSEL; // Key-operated switch O "SPL".TUERZUVER; // DOOR LOCKED = "SPL".SBHABW; // SBH de-selection // // ------ SG selection using the protective door---------// // U "SPL".TUERZUVER; // DOOR LOCKED 7-404 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL = "SPL".SG_BIT_0; // SG bit 0 NETWORK TITLE =Supply of SGE/SGA signals to/from the PLC-SPL // Supply of conversion variables to axis data block // // // Supply of SPL_DATA_OUTSEP ==> I/Os // U "SPL".NOT_HALT1K; = A 48.2; // EMERGENCY STOP contactor K4 // // Supply of SPL_DATA_OUTSIP ==> DB31, DB32, DB33 // U "SPL".STOP_A_ABWS; // Select STOP A for spindle C = DB33.DBX32.2; // Drive interface for drive C // U "SPL".STOP_A_ABWA; // Select STOP A for axis X = DB31.DBX32.2; // Drive interface for drive X = DB32.DBX32.2; // Drive interface for drive Z // U "SPL".STOP_C_ABW; // Select STOP C for axes X , Z = DB31.DBX32.3; // Drive interface for drive X = DB32.DBX32.3; // Drive interface for drive Z = DB33.DBX32.3; // Drive interface for drive C // U "SPL".STOP_D_ABW; // Select STOP D for axes X , Z = DB31.DBX32.4; // Drive interface for drive X = DB32.DBX32.4; // Drive interface for drive Z = DB33.DBX32.4; // Drive interface for drive C // U "SPL".SBHABW; // SBH de-selection = DB31.DBX22.1; // SBH de-selection axis X = DB32.DBX22.1; // SBH de-selection axis Z = DB33.DBX22.1; // SBH de-selection spindle C // U "SPL".SG_BIT_0; // SG bit 0 selection = DB31.DBX22.3; // SG bit 0 axis X = DB32.DBX22.3; // SG bit 0 axis Z = DB33.DBX22.3; // SG bit 0 spindle C NETWORK TITLE =Terminal 663 ; AS1 / AS2 U U = = NOT = = DB31.DBX108.2; // Pulses safely cancelled axis X DB32.DBX108.2; // Pulses safely cancelled axis Z "SPL".KL_AS12_XZ; // Terminal AS1 / AS2 "SPL".STAT_IMP_XY; // Status, pulses cancelled ; "SPL".KL_663_XZ; // Terminal 663 // Terminal 663 "SPL".IMP_FREI_XZ; // Pulse enable X, Z A = = NOT = = DB33.DBX108.2; "SPL".KL_AS12_C; // Terminal AS1 / AS2 "SPL".STAT_IMP_XY; // Status, pulses cancelled ; "SPL".KL_663_C // Terminal 663 "SPL".IMP_FREI_C; // Pulse enable C // // END_FUNCTION (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-405 7 Configuring example 7.3 Safety Integrated with SPL 11.03 FUNCTION FC 97: VOID TITLE =Test stop //Test stop activated after eight hours have elapsed and the protective door has been opened VERSION : 0.1 BEGIN NETWORK TITLE =Test stop step 1 //Forced checking procedure of the pulse cancellation UN L SE M 211.0; S5T#2H40M; T 30; // Start monitoring time of 8 hours // Load 2 hours and 40 minutes // Start timer 30 U L SE T 30; S5T#2H40M; T 31; // After 2 hours and 40 minutes have elapsed // Load 2 hours and 40 minutes // Start timer 31 U L SE T 31; S5T#2H40M; T 32; // After 5 hours and 20 minutes have elapsed // Load 2 hours and 40 minutes U UN UN UN UN U U U S S T 32; E 76.1; DB31.DBX 108.2; DB32.DBX 108.2; DB33.DBX 108.2; DB31.DBX 110.5; DB32.DBX 110.5; DB33.DBX 110.5; M 211.0; M 211.1; // // // // // // // // // // // // // After 8 hours have elapsed and door not closed and interlocked Pulses not disabled (X) Pulses not cancelled (Z) Pulses not cancelled (C) Axis X stopped Axis Z stopped Axis C stopped Reset monitoring time of 8 hours Start test stop 1 // CALL FC 60 (// Test stop module start := M 211.1,// Start test stop 1 reset := E 3.7,// Reset by RESET/MCP num_axis := 2,// Number of drives test_axis_1 := 1,// Drive number Axis X test_axis_2 := 3,// Drive number spindle C test_axis_3 := 0, test_axis_4 := 0, test_axis_5 := 0, test_axis_6 := 0, test_axis_7 := 0, test_axis_8 := 0, servo_test_out := A 49.0, // Test stop 1 NCK by A 49.0 aux_dword := MD 212, // Marker double word internal ready := M 211.2, // Test stop 1 executed error := M 211.7);// Error on test stop // S U M R M 211.3; M 211.2; // Test stop 1 successfully executed // Start test stop 2 211.2; // Test stop 1 // CALL FC 60 ( start reset num_axis test_axis_1 test_axis_2 test_axis_3 test_axis_4 test_axis_5 test_axis_6 test_axis_7 test_axis_8 7-406 := := := := := := := := := := := M E 1, 2, 0, 0, 0, 0, 0, 0, 0, 211.3,// Start test stop 2 3.7, // Reset by RESET/MCP // 2 Number of drives // Drive number axis Z (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL servo_test_out aux_dword ready error := := := := A MD M M 49.1, // 220, // 211.4, // 211.6);// Test stop 2 NCK by A 49.1 Marker double word internal Test stop 2 executed Error on test stop // U R R R S M M M M M 211.4; 211.1; 211.3; 211.4; 216.0; // // // // // Test stop 2 successfully executed Start test stop 1 Start test stop 2 Test stop 2 successfully executed Start test stop step 2 NETWORK TITLE =Test stop step 2 //Forced checking procedure of external STOPs A and C U M 216.0; // Start test stop step 2 UN DB31.DBX 108.2; // Axis X: Pulses not safely cancelled UN DB32.DBX 108.2; // Axis Z: Pulses not safely cancelled UN S R DB33.DBX 108.2; M 216.1; M 216.0; // Spindle C: Pulses not safely cancelled // Initiate Stop D on the PLC side (FC96) // Reset start test stop step 2 U U U U S R M 216.1; DB31.DBX 111.6; DB32.DBX 111.6; DB33.DBX 111.6; M 216.2; M 216.1; // // // // // // U U U M 216.2; DB31.DBX 111.5; DB32.DBX 111.5; // Check stop C on the PLC side // STOP C active axis X // STOP C active axis Z U S R DB33.DBX 111.5; M 216.3; M 216.2; // STOP C active spindle C // Initiate Stop A on the PLC side (FC96) // Reset check stop C (PLC) U U U U S R M 216.3; DB31.DBX 111.4; DB32.DBX 111.4; DB33.DBX 111.4; M 216.4; M 216.3; // // // // // // Check stop A on the PLC side STOP A/B active axis X STOP A/B active axis Z STOP A/B active spindle C Check: STOP A (PLC) not active Reset check stop A (PLC) U UN UN UN S R M 216.4; DB31.DBX 111.4; DB32.DBX 111.4; DB33.DBX 111.4; M 216.5; M 216.4; // // // // // // Check: STOP A (PLC) not active STOP A/B not active axis X STOP A/B not active axis Z STOP A/B not active spindle C Initiate Stop D on the NCK side Reset check: STOP A (PLC) U = M A // Initiate Stop D on the NCK side // See circuit diagram and NCK-SPL U U U U S R M 216.5; DB31.DBX 111.6; DB32.DBX 111.6; DB33.DBX 111.6; M 216.6; M 216.5; // // // // // // U = M A // Initiate Stop C on the NCK side // See circuit diagram and NCK-SPL U U U U S M 216.6; DB31.DBX 111.5; DB32.DBX 111.5; DB33.DBX 111.5; M 216.7; // Check stop D on the PLC side STOP D active axis X STOP D active axis Z STOP D active spindle C Initiate Stop C on the PLC side (FC96) Reset check stop D (PLC) // // // // 216.5; 49.4; // Check Stop D on the NCK side STOP D active axis X STOP D active axis Z STOP D active spindle C Initiate Stop C on the NCK side Reset check Stop D (NCK) // 216.6; 49.3; // // // // // // Check Stop C on the NCK side STOP C active axis X STOP C active Axis Z STOP C active spindle C Initiate Stop A on the NCK side (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-407 7 Configuring example 7.3 Safety Integrated with SPL 11.03 R M 216.6; // Reset check Stop C (NCK) U = M A 216.7; 49.2; // Initiate Stop A on the NCK side // See circuit diagram and NCK-SPL U U U U S R M 216.7; DB31.DBX 111.4; DB32.DBX 111.4; DB33.DBX 111.4; M 217.0; M 216.7; // // // // // // Check stop A on the NCK side STOP A/B active axis X STOP A/B active axis Z STOP A/B active spindle C Check: STOP A (NCK) not active Reset check Stop A (NCK) U UN UN UN S R M 217.0; DB31.DBX 111.4; DB32.DBX 111.4; DB33.DBX 111.4; M 217.1; M 217.0; // // // // // // Check: STOP A (NCK) not active STOP A/B not active axis X STOP A/B not active axis Z STOP A/B not active spindle C Start forced checking procedure of inputs Reset check: STOP A (NCK) // // // NETWORK TITLE =Forced checking procedure of the input and output devices //The time for performing the forced checking procedure can depend on several //machine-specific conditions. The solution shown in this example is not binding. // U M 217.1; // Start forced checking procedure for M217.1 = 1 U "SPL".NOT_HALT; // EMERGENCY STOP not actuated S M 218.0; // Check EMERGENCY STOP inputs R M 217.1; // Reset: Start forced checking procedure R A 48.1; // PLC forced checking procedure output // U M 218.0; // Check EMERGENCY STOP inputs L S5T#120MS; // Drop-out time of contactor SE T 22; // Timer 22 // U T 22; // After drop-out time of contactor UN A 48.1; // PLC forced checking procedure output UN E 76.4; // Error case checkback input contactors = 0 S M 218.7; // Initiate Stop D ( see FC96) S A 48.1; // PLC forced checking procedure output // U T 22; // After drop-out time of contactor UN A 48.1; // PLC forced checking procedure output U E 76.4; // Good case checkback input contactors = 1 S M 218.1; // Start acknowledgement S A 48.1; // PLC forced checking procedure output R M 218.0; // Check EMERGENCY STOP inputs // U T 22; // After drop-out time of contactors U E 3.7; // RESET MCP U E 76.0; // EMERGENCY STOP (PLC) not actuated U E 76.4; // Forced checking procedure input E76.4 = 1 S M 218.1; // Start acknowledgement R M 218.0; // Check EMERGENCY STOP inputs R M 218.7; // Withdraw Stop D // U M 218.1; // Start acknowledgement L S5T#50MS; // Delay time EMERGENCY STOP inputs SE T 23; // Set timer 23 // U UN R T E M 23; 76.0; 218.1; U U U S S R T 23; E 76.0; E 76.4; "SPL".QUIT_MARKER; M 218.2; M 218.1; // Delay time EMERGENCY STOP inputs // EMERGENCY STOP actuated // Reset acknowledgement // 7-408 // // // // // EMERGENCY STOP not actuated Forced checking procedure input E76.4 = 1 Acknowledge EMERGENCY STOP PLC Acknowledge EMERGENCY STOP NCK Check: EMERGENCY STOP (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.3 Safety Integrated with SPL R T U L SE "SPL".QUIT_MARKER; S5T#200MS; T 24; 23; // Acknowledge EMERGENCY STOP PLC // Delay time: Acknowledgement NCK/PLC // Set timer 24 // Reset timer 23 U S R R T M M T // // // // UN SPB M 218.2; QUI1; // Acknowledge EMERGENCY STOP NCK // Do not acknowledge NCK L T 1; // Load 1 MB 194; // Transfer marker byte 194 // // 24; 218.3; 218.2; 24; Acknowledge EMERGENCY STOP Withdraw acknowledgement NCK Acknowledge EMERGENCY STOP NCK Reset timer 24 // // // QUI1: UN M 218.3; SPB QUI2; // L 0; // Load 0 T MB 194; // QUI2: NOP 0; // // CALL FC 21 ( Enable Funct S7Var IVAR1 IVAR2 Error ErrCode // U M 218.3; U "SPL".NOT_HALT; UN DB18.DBX 110.1; UN M 218.4; R "SPL".QUIT_MARKER; R M 218.3; R M 211.0; // Withdraw NCK acknowledgement // Transfer marker byte 194 := := := := := := := // // // // // // // "SPL".QUIT_MARKER, B#16#4, P#M 194.0 BYTE 1, 4, -1, M 218.4, MW 188); Withdraw acknowledgement NCK Acknowledgment EMERGENCY STOP-PLC o.k. No difference between NCK/PLC No error on transfer Acknowledge EMERGENCY STOP PLC Reset: Withdraw acknowledgement NCK Start monitoring time of 8 hours END_FUNCTION (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-409 7 Configuring example 7.3 Safety Integrated with SPL 7.3.12 11.03 Appendix Excerpt from symbol table: Symbol Address Data type Comment 1 Hochlauf_ASUP_Start M 210.0 BOOL Run-up marker for SPL / ASUB start 2 Flanke_FB4_SPL_Start M 210.1 BOOL Edge marker for SPL / FB4 start 3 Zyklus_FB4_SPL_Start M 210.2 BOOL Cycle marker for SPL / FB4 start 4 FB4_Start M 210.3 BOOL Interrupt number and polarity for SPL (FB4) 5 FC9_SPL_Start M 210.4 BOOL Start SPL 6 Teststop_aktiv M 211.0 BOOL Activate test stop 7 Teststop_1_starten M 211.1 BOOL Forced checking procedure of the shutdown paths (X, C) 8 Teststop_1_ready M 211.2 BOOL Test stop1 performed without errors 9 Teststop_2_starten M 211.3 BOOL Forced checking procedure of shutdown paths (Z) M 211.4 BOOL Test stop 2 performed without errors 10 Teststop_2_ready 11 Teststop_2_error M 211.6 BOOL Error for test stop 2 (Z) 12 Teststop_1_error M 211.7 BOOL Error for test stop 1 (X, C) 13 QUIT_NCK_error M 214.4 BOOL Error for transfer using FC21 14 Teststopphase_2_starten M 216.0 BOOL Start test of external stops 15 Test_Stop_D_PLC M 216.1 BOOL Trigger stop D in PLC / FC96 16 Test_Stop_C_PLC M 216.2 BOOL Trigger stop C in PLC / FC96 17 Test_Stop_A_PLC M 216.3 BOOL Trigger stop A in PLC / FC96 18 PLC_Stop_A_nicht_aktiv M 216.4 BOOL Stop A / PLC check not active 19 Test_Stop_D_NCK M 216.5 BOOL Trigger stop D via A 49.4 / PLC in NCK 20 Test_Stop_C_NCK M 216.6 BOOL Trigger stop C via A 49.3 / PLC in NCK 21 Test_Stop_A_NCK M 216.7 BOOL Trigger stop A via A 49.2 / PLC in NCK 22 NCK_Stop_A_nicht_aktiv M 217.0 BOOL Stop A / NCK check not active 23 Test_I/O_Peripherie_1 M 217.1 BOOL Forced checking procedure of the I/O devices 24 Test_I/O_Peripherie_2 M 218.0 BOOL Check Emergency Stop inputs 25 Test_I/O_Peripherie_3 M 218.1 BOOL Start acknowledgement for Emergency Stop 26 Test_I/O_Peripherie_4 M 218.2 BOOL Acknowledge Emergency Stop on the NCK side 27 Test_I/O_Peripherie_5 M 218.3 BOOL 28 Fehler_Stop_D_PLC M 218.7 BOOL Withdraw acknowledgment Emergency Stop on the NCK side Checkback input of contactors E 76.4 not OK. 29 Teststop_1_intern MD 212 DWORD Run test stop 1 FC60 internally 30 Teststop_2_intern MD 220 DWORD Run test stop 2 FC60 internally 31 QUIT_NCK_error_code MW WORD Error code from FC21 32 TIMER1 T 20 TIMER STOP C -> STOP A (axes) 33 TIMER2 T 21 TIMER STOP C-> STOP A (spindle) 34 T_K_ABFALL T 22 TIMER Drop-out time of contactors K1, K2 35 T_VERZUG_1 T 23 TIMER Delay time EMERGENCY STOP input 36 T_VERZUG_2 T 24 TIMER Delay time, acknowledgment 37 Teststop_Zeit_1 T 30 TIMER Monitoring duration 2h 40min 38 Teststop_Zeit_2 T 31 TIMER Monitoring duration 5h 20min 39 Teststop_Zeit_3 T 32 TIMER Monitoring duration 8h 7-410 188 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 Symbols used in the PLC program 7 Configuring example 7.3 Safety Integrated with SPL The following structure was used for the PLC program of the configuration example. Structure of PLC program / call of user modules OB1 FC2 : Basic program FC95 : Start of NCK-SPL FB4, instance DB 121 data DB 120 FC9, data DB 120 FC96 : PLC-SPL FC97 : Forced dormant error detection FC60, test stop phase I Remaining user program Fig. 7-19 Structure of the user program The following function overview is used to configure and commission SPL logic (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-411 Uebersicht_00.DSF Fig. 7-20 7-412 t of the SI function 36970..36978 0: SBH/SG deselection 1: SBH deselection 2: SG selection 3: SE selection 4: I Transmission ratio sel. 5: I Test stop selection 6: I Status pulses reset 7: I External STOPS 8: I SG override select. gnment of $A_OUTSI GE D 10390 AFE_IN_HW_ASSIGN[0..7] tewise assignment of e NCK inputs => A_INSE 6 7 8 variables SPL variables SPL SI-KERNEL NCK-SGA/SGE signals input Output SAFE.SPF Logic $A_INSI Machine data NCK-SPL $A_OUTSI SAFE.SPF Logic Machine data variables SPL 5 variables SPL 4 Output 3 $A_OUTSE 2 Input 1 $A_INSE NCK I/Os Input of the SI function Monitoring cycles settable in MD Order of magnitude 81 * MD 10090 Data exchange via drive bus Cross checking of data and results Inputs DB18-DB31-61 PLC-SPL DB18 Output of the SI function DBX108.7: Q Axis safely ref. DBB109: Q SN1+ to SN4+ DBB109: Q SN1- to SN4DBX111.4..6: Q active stop Assignment SGA => INSIP DB31..61 ( axis interface) DBX108.0: Q SB H/SG active DBX108.2 Q Status pulses reset* DBX110.1: Q SB H active DBX110.3..4: Q SG active DBX110.5: Q n< n x * inverted with respect to SGA Pulses enabled in NCK not if test stop active (PLC side) INSIP[1..64] DB18.DBX54.0 to DB18.DBX61.7 Input variables SPL FC XXX Logik Assignment of SPL outputs OUTSEP[1...64] DB18.DBX46.0 to DBX53.7 Outputs Drive SGA/SGE signals Drive SW (on CL) OUTSIP[1..64] DB18.DBX62.0 to DB18.DBX69.7 Output variables SPL FC XXX Logic Assignment to SPL inputs INSEP[1...64] DB18.DBX38.0 to DBX45.7 DB31...61 (axis interface) DBX22.0: SBH/SG deselection DBX22.1: SBH deselection DBX22.3..4: SG selection DBX23.4: SE selection DBX23.0..2: I monit. selection DBX23.7: I Test stop selection DBX32.2..4: I External STOPS DBX33.4..7: I SG override selection In case of error STOP F Output of the SI function MD36980..36990 36980: Q SBH/SG active 36981: Q SBH active 36982: Q SG active 36985: Q n<n x 36986: Q Release pulses 36987: Q Axis safely ref. 36988: Q SN1+ to SN4+ 36989: Q SN1- to SN436990: Q active stop Cross checking of data and results NCK-SW / FB 15 DB18 comparison (monitoring 1s -> 10s) In case of error, STOP D is triggered if SPL is protected MD 10392 SAFE_OUT_HW_ASSIGN[0..7] bytewise assignment of $A_OUTSE => NCK outputs SIMATIC I/Os Switches, light barriers, display lamps, contactors, etc. 7 Configuring example 7.3 Safety Integrated with SPL 11.03 Function overview SPL logic Overview, SPL logic (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.4 Safety Integrated without SPL 7.4 Safety Integrated without SPL Contrary to Safety Integrated with SPL, here the program (S7 PLC program) must be emulated for the NCK using switches and contactors. This has an impact on the costs associated with the cabinet wiring, and, depending on the complexity of the machine, is complicated. In addition, the EMERGENCY STOP buttons and the door switches must be evaluated by safety contactors which themselves influence the drives of the 611 digital group. Safety Integrated without SPL Switches, light barriers, indicator lamps, etc. Safety Integrated with SPL Switches, light barriers, indicator lamps, etc. Combinational logic with switches and contactors NCK I/Os 1 2 3 4 5 6 7 8 SGE input signals SGA output signals 1 2 3 4 5 6 7 8 NCK I/Os $A_OUTSE input variables SPL $A_INSE input variables SPL Machine data Machine data NCK-SPL $A_OUTSI input variables SPL Machine data NCK SGA/ NCK SGA/ SGE signals SGE signals $A_INSI output variables SPL BEI2_02.DSF Fig. 7-21 7.4.1 Function schematic of SI without SPL Connecting-up the drives The drives are connected-up exactly in the same way as for the version with SPL. Pulse enable (terminal 663) and the checkback status of the pulses (AS1/AS2) are assigned to the NCK-SGE via machine data. X axis: 36986 SAFE-PULSE_ENABLE_OUTPUT 36976 SAFE_PULSE_STATUS_INPUT : 01040203H : 01040107H Z axis: 36986 SAFE-PULSE-ENABLE_OUTPUT 36976 SAFE_PULSE_STATUS_INPUT : 01040203H : 01040107H Spindle C: 36986 SAFE-PULSE-ENABLE_OUTPUT 36976 SAFE_PULSE_STATUS_INPUT : 01040204H : 01040108H Power can be supplied to terminal AS1 either from terminal 9 or an external +24 V power supply, depending on the cabinet configuration. On the PLC side, the pulses must be enabled on the axis-specific drive interface (DB3x.DBX21.7). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-413 7 Configuring example 7.4 Safety Integrated without SPL 11.03 SIMODRIVE 611D SIMODRIVE 611D Double axis module Single axis module Axis X, axis Z Spindle C 663 AS2 AS1 9 663 AS2 AS1 9 +24V NCK SGAs NCK SGEs I7 I8 Q3 Q4 BEI2_01.DSF Fig. 7-22 7.4.2 Circuit example EMERGENCY STOP and connecting-up the I/R module For an EMERGENCY STOP, all the drives in the drive group are stopped via terminal 64 (controller inhibit) on the infeed/regenerative feedback module. The drives brake with the maximum current (this can be configured). After a certain delay (if, for example, the spindle has also braked and is stationary), the internal line contactor in the NE module that is used to electrically isolate it from the power supply, is opened via terminal 48 (DIN EN 60204-1). The connection between terminals NS1, NS2 is opened as an additional safety measure to prevent the line contactor from re-closing. The infeed/regenerative feedback module is supplied from the line supply using a three-conductor cable. The line contactor integrated in the infeed/regenerative feedback module is used to isolate the drives from the line supply (an external line contactor is not required). 7-414 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.4 Safety Integrated without SPL Circuit diagram EMERGENCY STOP Q1 EMERGENCY STOP Time relay K2 K1 Leading contact from power switch EMERGENCY STOP K2 Time relay 0V . LV1 . LV2 . 9 . 64 . 63 . 48 . 19 Kl Kl . 213 . 111 L1 L2 L3 Fig. 7-23 BEI2_11.DSF Connecting-up the infeed/regenerative feedback module without SPL The EMERGENCY STOP button is monitored using a safety relay K1 (3TK2805). When the EMERGENCY STOP button is pressed, safety relay K1 drops out immediately and opens the NO contacts that are included in the connection between terminal 9 and terminal 64 on the infeed/regenerative feedback module and in the supply path for delay module 3TK29. As soon as the selected delay time has elapsed, delay module K2 (3TK29.3) also drops out and opens the NO contacts that are included in the connection between terminal 9 and terminals 48/63 and in the connection between terminal NS1 and terminal NS2. EMERGENCY STOP can only be acknowledged when the line contactor in the infeed/regenerative feedback module and the delay module K2 have dropped out. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-415 7 Configuring example 7.4 Safety Integrated without SPL 11.03 +24V K2 S1 11 21 12 EMERGENCY STOP 22 button T1 EMERGENCY STOP EMERGENCY STOP time relay K1 EMERGENCY STOP acknowledgment Kl. 111 (I/RF module) Kl. 213 (I/RF module) L+ X3 K1 X5 Safety relay module 3TK2805 L- A1/L+ X4 K2 Delay module 3TK29 A2/L- 0V schalt03.dsf Fig. 7-24 7.4.3 Connecting-up the safety relay combination Test stop For the test stop, the first section of the test stop test can be taken from the PLC programming example with SPL. The parameterization of the machine data directly refers to the DMP input modules: X axis: 36975 SAFE_STOP_REQUEST_INPUT : 01060809H Spindle C: 36975 SAFE_STOP_REQUEST_INPUT : 01060809H Z axis: 36975 SAFE_STOP_REQUEST_INPUT : 0106080AH Circuit diagram PLC Q49.0 Q49.1 NCK I9 I10 Test stop 1 Test stop 2 SCHALTBI.DSF Fig. 7-25 7-416 Circuit diagram for test stop (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7.4.4 7 Configuring example 7.4 Safety Integrated without SPL Protective door interlocking The following circuit is used for monitoring the protective door if external devices (hydraulics, cooling water etc.) have to be powered-down/disconnected when the door is opened. The safety relay monitors the door switch and its contacts are included in the switching logic for the SGEs of the Safety Integrated functions. Other contacts of the safety contactor switch all of the external devices (not shown in this diagram) in the vicinity of the protective door that are potentially hazardous to the operator. If the protective door switch only activates and de-activates Safety Integrated functions of the NC drives in the safety area, and this is clearly confirmed by the risk analysis, then the contacts of the door switch can be directly integrated into the switching logic for the SGEs (NCK/SPL) (see Fig. 7-26). Safety Integrated monitors the door switch using the crosswise data comparison of the SGEs. Circuit diagram PLC +24V Q 48.0 Door switch open Type: TZF closed L+ X1 K3 X2 X3 X5 Safety relay 3TK2805 L- 0V SCHALT01.DSF Fig. 7-26 Circuit diagram for protective door interlocking Notes on the diagram We recommend that a door release solenoid is used with a mechanical system (as shown) that acts on the contacts of the checkback signals. The protective door interlocking is evaluated as follows: Terminal X3 of the safety relay is activated when the door is open and terminal X5 of the safety relay when the door is closed. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-417 7 Configuring example 7.4 Safety Integrated without SPL 7.4.5 11.03 De-selecting SBH using the key-operated switch/SG changeover using the door safety contactor On the NCK side, "safe operating stop" is de-selected using DMP input 5. The state shown in the circuit diagram is "protective door open" and "safe operating stop" was selected using the key-operated switch. Using the key-operated switch, it is possible to change-over to safely-reduced speed with the protective door open. X axis, Z axis, spindle C: 36971 SAFE_SAFE_SS_DISABLE_INPUT: : 01040105H Safe operating stop is de-selected when the protective door is closed and a changeover is made from safely-reduced speed 1 (personnel protection) to safely-reduced speed 2 (machine protection). X axis, Z axis, spindle C: 36972 SAFE_SAFE_VELO_SELECT_INPUT[0] : 01040106H On the PLC side, the switching states of the door and the key-operated switch are logically combined in an S7 program. The safety functions are activated and de-activated via the PLC drive interface (see Chapter 4, "Interface signals"). Circuit diagram +24V Door locking Safety contactor K3 or door switch see Section 7.4.4 Keyswitch 13 23 33 13 23 14 24 34 14 24 NCK PLC I5 I6 I32.5 I32.6 SCHALT02.DSF Fig. 7-27 7-418 Circuit diagram: SBH de-selection using key-operated switch SG changeover using the door safety contactor (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.4 Safety Integrated without SPL Program Program excerpt: // // -------- SBH selection using the protective door and using the key-operated switch -------// U E 32.5 // Door closed and interlocked O E 32.6 // = DB31.DBX22.1 // SBH de-selection = DB32.DBX22.1 // SBH de-selection = DB33.DBX22.1 // SBH de-selection // // -------- SG selection via the protective door -------// U E 32.6 // Door closed and interlocked = DB31.DBX22.3 // SG bit 0 = DB32.DBX22.3 // SG bit 0 = DB33.DBX22.3 // SG bit 0 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-419 7 Configuring example 7.5 External STOPs 11.03 7.5 External STOPs Description This example is based on the configuring example in Section 7 "Safety Integrated without SPL", although external STOP C is to be used for all the drives on the example machine. A small SPL has to be written for this problem because external STOP A must be supplied from a system variable ($A_OUTSI). In this case, no hardware of the NCK-SPL has to be assigned by the machine data 10390/10392, nor does the machine data parameterized in Section 7 "Safety Integrated without SPL" have to be changed. Task/structure: External STOP C is to be activated for X, Z, C when the light barrier is triggered. The light barrier is analyzed by an external unit. The light barrier is also acknowledged by a switch that is connected to this evaluation unit. In order to test the external STOP C the two switching contacts for the PLC I/Os and the NCK I/Os are supplied with +24 V by two separate PLC outputs (A36.0/A36.1) (refer to circuit diagram). The logical drive number for the terminal block is 4 and the input module used is inserted into slot 1 in the terminal block. Commissioning is explained step-by-step with reference to the previous sections in Chapter 7. 1. Enable the function "SBH/SB monitoring" and "external STOPs" for drives X, Z, C via the axis-specific machine data 36901: SAFE_FUNCTION_ENABLE = 41 H 2. Set the machine data 11602: ASUP_START_MASK=7: ASUB start in all operating states of the NC (RESET/JOG/not all axes referenced/read-in inhibit active). 3. Set machine data 11604: ASUP_START_PRIO_LEVEL=1: (interrupt priority from which MD $MN_ASUP_START_MASK is active). 4. Enter axis-specific machine data for drives X, Z, C 36977: SAFE_EXT_STOP_INPUT[0]: 04010101H (STOP A is supplied from $A_OUTSI[1] in the SPL) 36977: SAFE_EXT_STOP_INPUT[1]: 01040101H (first input on the DMP input module) 36977 SAFE_EXT_STOP_INPUT[2]: 80000000H (STOP D statically de-selected). 5. The other safety machine data are parameterized as described in Chapter 7, "Safety Integrated without SPL". 6. The following program has to be written for the PLC: SET = DB18.DBX62.0 // Supply OUTSIP[1] = DB31.DBX32.2 // Supply STOP A for axis X = DB32.DBX32.2 // Supply STOP A for axis Z = DB33.DBX32.2 // Supply STOP A for spindle C // U I 32.0 // PLC input / light barrier evaluation unit = DB31.DBX32.3 // Supply STOP C for axis X = DB32.DBX32.3 // Supply STOP C for axis Z = DB33.DBX32.3 // Supply STOP C for spindle C // 7-420 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.5 External STOPs 7. SET = DB31.DBX32.4 // Supply STOP D for axis X = DB32.DBX32.4 // Supply STOP D for axis Z = DB33.DBX32.4 // Supply STOP D for spindle C 8. In addition, if the light barrier is interrupted, the PLC should trigger an NC STOP at the channel interface in the automatic mode . 9. Implement the following NCK-SPL in the standard cycle directory CST.DIR under the name SAFE.SPF %_N_SAFE_SPF ;$PATH=/_N_CST_DIR ; SAFE_CHECKSUM = 000009C6H ; N100 IDS=01 DO $A_OUTSI[1] = 1 // Static de-selection STOP A ; N110 M17 10. The NCK-SPL start when the control runs-up is described in Chapter 7, "Starting the NCK-SPL and PLC-SPL. 11. The first part of the test stop described in Chapter 7, "Test stop", can be used and adapted to the machine configuration. An external STOP C must be incorporated in each test algorithm in the following form: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-421 7 Configuring example 7.5 External STOPs 11.03 Test stop phase 2 (marker 216.0) Start Pulses for drives X, Z, C not safely disabled no yes Trigger STOP C on PLC side (Q 36.0 = "0") Checkback signal STOP C active DB3x.DBX111.4 no yes Cancel STOP C on PLC side (Q 36.0 = "1") Trigger STOP C on NCK side (Q 36.1 = "0") yes Checkback signal STOP C active DB3x.DBX111.4 no Cancel STOP C NCK side (Q 36.1 = "1") End of test stop M 211.0 = "0" Fig. 7-28 7-422 Flowchart when testing external STOP C (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.5 External STOPs Circuit diagram PLC PLC Q36.0 Q36.1 Light barrier analysis unit PLC 11 21 12 22 I32.0 Fig. 7-29 NCK I1 Wiring Note The drive cannot be operated until the SPL is started because the external STOP A is not supplied! (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-423 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 11.03 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP The following function elements will be described using this example: - Wiring options for ET200S PROFIsafe modules Parameterization of ET200S PROFIsafe components (hardware configuration) Parameterization of associated machine data Effects on NCK and PLC-SPL (safe programmable logic). The entire system with all of the required hardware and software settings is not shown; rather, only the sections that differ when compared to previous SPL applications with two separate hardware I/O branches (NCK and PLC I/Os). 7.6.1 Functional scope of the application The safety-relevant input signals read-in from the F-DI module and processed in the SPL are to be used to change over axis-specific safety functions (SBH, SG, external stop response, etc.), and output safety-relevant output signals to actuators (via an F-DO module or PM-E F module). 7.6.2 Connecting-up the sensors and actuators The diagram below shows the layout of the ET 200S line-up used in the example IM 151 PM E High Feature s Cable for: PROFIBUS-DP F-DI PROFIsafe F-DO PROFIsafe PM-EF DO PROFIsafe BSP_Module.dsf Fig. 7-30 7-424 Layout of the DP slave (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP The assignment and significance of the signals for the PROFIsafe modules is explained below: Electronic module 4/8 F-DI DC24V PROFIsafe The safety-relevant I/O input signals are connected to this module. These are implemented either using two NC contacts (EMERGENCY Stop button and the position monitoring function for the protective door) with an exclusive OR function. This means with one NC contact and one NO contact (agreement button) - or with two NO contacts (<drive ON> button). As a result of these versions, in some cases, different parameter settings are obtained in the hardware configuration under STEP 7. All of the sensor signals are connected through two channels. F-DI VS1 EMERGENCY stop Type: NC Contact 2; 6 Protective door closed Enable button Type: NC/NO contact Drives ON Type: NO contact Type: NC Contact 4; 8 VS2 10; 14 12; 16 Channel 0 1 Channel 4 9 Channel 1 5 Channel 5 13 Channel 2 3 Channel 6 11 Channel 3 7 Channel 7 15 BSP_FDI_ Verdrahtung .dsf Fig. 7-31 Example: F-DI connections Significance and use of the individual signals: F-DI (channel 0.4) : Emergency Stop actuator Signal status channel 0 = "1" and channel 4 = "1": Emergency Stop not pressed Signal status channel 0 = "0" and channel 4 = "0": Emergency Stop pressed F-DI (channel 1.5) : Position monitoring function, protective door Signal status channel 1 = "1" and channel 5 = "1": Protective door closed Signal status channel 1 = "0" and channel 5 = "0": Protective door not closed (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-425 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 11.03 F-DI (channel 2.6) : Agreement button Signal status channel 2 = "1" and channel 6 = "0" Agreement button not pressed Signal status channel 2 = "0" and channel 6 = "1" Agreement button pressed F-DI (channel 3,7) : <drive on> key Signal status channel 3 = "0" and channel 7 = "0" <drive on> key not pressed Signal status channel 3 = "1" and channel 7 = "1" <drive on> key pressed VS1: Internal encoder supply for channels 0 to 3 VS2: Internal encoder supply for channels 4 to 7 Both of these encoder supplies must be used when the short-circuit test is activated (cf. Chapter "Configuration and wiring of the ET200S I/Os -> Components of the node IM151 HF: F-DI module). The exclusive OR sensor agreement button is an exception. For this type of wiring, the encoder supply VS1 must be used, in conjunction with the shortcircuit test, for both contacts. The actuators that must be shut down in a safety-related fashion, are connected through two channels. Shutdown is possible separately for each channel. Two valve units are connected in the sample configuration to control the motion of supplementary pneumatic axes. Electronic module 4 F-DO DC24 V/2 A PROFIsafe F-DO DO 0 P 1 Channel 0 DO 0 M 2 DO 1 P 5 Channel 1 DO 1 M 6 Valve unit 1 DO 2 P 9 Channel 2 DO 2 M 10 DO 3 P 13 Channel 3 Valve unit 2 DO 3 M 14 BSP_FDO_Verdrahtung.dsf Fig. 7-32 7-426 Example: F-DO connections (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP Significance and use of the individual signals: F-DO (channel 0) : Valve unit 1 Signal status channel 0 = "0" Valve in the inhibited/quiescent position Signal status channel 0 = "1" Valve open F-DO (channel 1) : Not used F-DO (channel 2) : Valve unit 2 Signal status channel 2 = "0" Valve in the inhibited/quiescent position Signal status channel 2 = "1" Valve open F-DO (channel 3) : Not used PM-E F power module This module combines two functions. On the one hand, all three two-channel output channels can be connected to individual actuators (cf. functionality of an F-DO module); on the other hand, the third output channel DO 2 has an additional function. Output channel DO2 is used to internally switch-in or switch-out the safetyrelevant (i.e. via two voltage potentials) power supply to or from the downstream standard DO or standard DI modules. This means that the outputs on the DO modules can be controlled as single-channel outputs in the PLC for the "normal" function - after the PM-E F module, all of the DO modules can be shut down in a safety-related fashion. PM-E F DO 0 P 9 Channel 0 DO 0 M 10 DO 1 P 13 Valve unit 3 Channel 1 DO 1 M 14 Group disconnection from standard modules P1 (P) DO 2 P 11,15 Channel 2 Internal disconnection of voltage buses DO 2 M 12,16 P2 (M) External wiring for additional actuators possible on DO2 BSP_PMEF_ Verdrahtung.dsf Fig. 7-33 Example: PM-E F connections (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-427 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 11.03 Significance and use of the individual signals: PM-E F (channel 0) : Valve unit 3 Signal status channel 0 = "0" Valve in the inhibited/quiescent position Signal status channel 0 = "1" Valve open PM-E F (channel 1) : Not used PM-E F (channel 2) : Shutting down the supply voltage for subsequent DO module / external not used Signal status channel 2 = "0" The power supply voltage for the subsequent DO module is disconnected via the two potential rails P1/P2. Signal status channel 2 = "1" The power supply voltage for the subsequent DO module is switchedin via the two potential rails P1/P2. 7.6.3 Individual application functions The <drive on> button is only used to acknowledge the internal Emergency Stop state. The button has no function in subsequent operation. The table of functions below shows the logical inter-relationships between the individual safety-relevant signals and functions. The description starts with the assumption that the Emergency Stop state has been acknowledged. Table 7-1 Application functions Sensor State Emergency Stop Protective door Agreement button Not actuated Closed Not applicable Case 1 Emergency Stop Protective door Agreement button Not actuated Open Not pressed Case 2 Emergency Stop Protective door Agreement button Not actuated Open Pressed Case 3 Emergency Stop Protective door Agreement button Actuated Open Pressed Case 4 Emergency Stop Protective door Agreement button Actuated Closed Pressed Case 5 7-428 Axes, spindles/ external devices Axes/spindles Valve unit 1 Valve unit 2 Valve unit 3 Supply voltage DO Axes/spindles Valve unit 1 Valve unit 2 Valve unit 3 Supply voltage DO Axes/spindles Valve unit 1 Valve unit 2 Valve unit 3 Supply voltage DO Axes/spindles Valve unit 1 Valve unit 2 Valve unit 3 Supply voltage DO Axes/spindles Valve unit 1 Valve unit 2 Valve unit 3 Supply voltage DO Monitor function/ switching status SG3 (> maximum speed) Open position Open position Open position Connected SBH Inhibit-quiescent position Inhibit-quiescent position Inhibit-quiescent position Disconnected SG1 Open position Inhibit-quiescent position Open position Disconnected STOP C -> SBH Inhibit-quiescent position Inhibit-quiescent position Inhibit-quiescent position Disconnected STOP D -> SBH Inhibit-quiescent position Inhibit-quiescent position Inhibit-quiescent position Disconnected (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 7.6.4 Configuring and connecting-up the ET200S I/O PROFIBUS connection (overall system) Only the part required for the PROFIBUS connection of the ET 200S line is displayed here: PROFIsafe: DP master system (1) (0) 840D NCU 57x.4 2 X2 SI PLC315-2DP 2AF03 DP 3 4 IM 360 S7 FM-NCU (8) IM 151 HWKonf_Bus.dsf Fig. 7-34 STEP 7 Hardware configuration: Definition of the PROFIBUS system The system requirements regarding the NCU hardware and interface module must be observed (cf. Chapter 3.12 -> SI I/Os using fail-safe modules on PROFIBUS-DP -> System requirements). Note When describing how the F I/Os are configured, the associated parameters are only described to some extent or only in the form of an overview. More detailed information is given in the context-sensitive online help and in the manual ET200S Distributed I/O System, Fail-Safe Modules. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-429 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 11.03 Components of the node IM151 HF: F-DI module The diagram below shows the parameter settings for the F-DI module: (8) IM 151-1 HF Baugruppe PM-E DC24V 4/8 F-DI DC24V 4 F-DO DC24V/2A PM-E F DC24V/10A 2 F-DO 4 DO 24V/10A Bestellnummer 6ES7 138-4CA00-0AA0 6ES7 138-4FA00-0AB0 6ES7 138-4FB00-0AA0 6ES7 138-4CF00-0AB0 6ES7 132-4BD30-0AA0 E-Adre..... A-Adres.... D..... Kommentar 128...133 128...131 134...138 134...138 139...143 139...143 32.0...32.3 F-Zieladresse 1111111110 (hexadezimal 3FE) F-Zieladresse 1111111101 (hexadezimal 3FD) F-Zieladresse 1111111100 (hexadezimal 3FC) Eigenschaften - 4/8 F-DI DC24V - (R-/S5) Allgemein Adressen Parameter Parameter Parameter Wert F-Parameter F_Quell_Adresse F_Ziel_Adresse DIL-Schalterstellung (9........0) F_Uberwachungszeit (ms) 1: SI PLC315-2DP 2AF03 1022 1111111110 100 Baugruppenparameter Eingangsverzogerung Kurzschlusstest Kanal 0, 4 Aktiviert Auswertung der Geber Art der Geberverschaltung Diskrepanzzeit (ms) 2v2-Auswertung Zweikanalsensor 300 Kanal 1, 5 Kanal 2, 6 Aktiviert Auswertung der Geber Art der Geberverschaltung Diskrepanzzeit (ms) Kanal 3, 7 2v2-Auswertung Antivalentsensor 300 OK Fig. 7-35 Abbrechen Parameter settings for the F-DI module Explanationen of parameters The parameters of the F-DO module are explained below: * * * 7-430 Hilfe F_Source_Address The parameter F_Source_Address is automatically assigned for the configured F master (in this case, the NCU 572.4 or NCU 573.4). This parameter is identical for all PROFIsafe components since they are associated with the same PROFIsafe master. F_Target_Address The parameter F_Target_Address is automatically assigned for the relevant F module and displayed in the decimal notation (for the F-DI module 1022). The DIL switch setting displayed must be set accordingly. This address is needed later for parameterizing the machine data in the hexadecimal notation (for the F-DI module 3FE). F_Monitoring time The parameter F_Monitoring time defines the maximum time within which a new valid F telegram must have been received from the F master. Generally, the default value can be used. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP * * * * * Input delay In order to suppress coupled-in noise and disturbances, it is possible to define a noise/disturbance pulse length (in ms) for all of the modules using the input delay parameter. Noise/disturbance pulses from 0 ms up to the set value are then suppressed. Short-circuit test The short-circuit test parameter activates the short-circuit detection function for the module. This test only makes sense if a simple switch is used, which is connected via two encoder supplies in the module (VS1, VS2). In this context, each input terminal must be assigned a supply voltage for the test (cf. Chapter: Connecting-up sensors and actuators -> Electronic module 4/8 F-DI DC24 V PROFIsafe). Encoder evaluation In the example, all of the input sensors are connected through twochannels (refer to Fig. 7-34). Therefore, the encoder evaluation is set to 2v2 evaluation for all 4 channel pairs. Type of encoder connection The type of encoder connection depends on the encoder design. For NC and NO contact pairs (channels 0,4; channels 1,5; channels 3,7), the twochannel sensor version must be set. On the other hand, for the exclusive OR agreement button (one NC and one NO contact), the exclusive OR sensor version should be specified. Discrepancy time The discrepancy time parameter is used to enter the monitoring time for discrepancy analysis (only relevant for 2v2 analysis). If there is still a difference between the two associated input signals after the discrepancy time has expired, then this is detected as an error and signaled to the master. This time should be orientated to the switching duration (both channels) for the connected sensor. Only one signal state is transferred to the master via the PROFIsafe protocol. This means that an internal control crosswise data comparison error, referred to two different input signal states, can no longer occur. The discrepancy analysis is executed in a distributed fashion - this means that the time should be selected to take this into account. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-431 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 11.03 The diagram below shows the parameter settings for the F-DO module: Components of the node IM151 HF: F-DO module (8) IM 151-1 HF Baugruppe Bestellnummer PM-E DC24V 4/8 F-DI DC24V 4 F-DO DC24V/2A E-Adre..... A-Adres.... D..... Kommentar 6ES7 138-4CA00-0AA0 6ES7 138-4FA00-0AB0 128...133 128...131 6ES7 138-4FB00-0AA0 134...138 134...138 F-Zieladresse 1111111110 (hexadezimal 3FE) PM-E F DC24V/10A 2 F-DO 6ES7 138-4CF00-0AB0 139...143 139...143 F-Zieladresse 1111111100 (hexadezimal 3FC) 4 DO 24V/10A 6ES7 132-4BD30-0AA0 F-Zieladresse 1111111101 (hexadezimal 3FD) 32.0...32.3 Eigenschaften - PM-E F DC24V/10A 2 F-DO DC24V/2A - (R-/S7) Allgemein Adressen Parameter Parameter Wert Parameter F-Parameter F_Quell_Adresse F_Ziel_Adresse DIL-Schalterstellung (9........0) F_Uberwachungszeit (ms) 1: SI PLC315-2DP 2AF03 1021 1111111101 100 Baugruppenparameter DO-Kanal 0 Aktiviert Diagnose: Drahtbruch DO-Kanal 1 Aktiviert Diagnose: Drahtbruch DO-Kanal 2 Aktiviert Diagnose: Drahtbruch DO-Kanal 3 Aktiviert Diagnose: Drahtbruch OK Fig. 7-36 Explanations of parameters Abbrechen Parameter settings for the F-DO module The parameters of the F-DO module are explained below: * * * 7-432 Hilfe F parameters The F parameters have already been explained in relation to the F/DI module (cf. above). The target address for the F-DO module is 3FD in the hexadecimal notation. DO channels The individual DO channels can be separately activated and de-activated. Diagnostics: Wire breakage Further, using Diagnostics: Wire breakage, it is possible to set as to whether the connection from the output to the actuator for the particular channel is checked for wire breakage; if wire breakage is detected, this is signaled to the master. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP Components of the node IM151 HF: PM-E F module The diagram below shows the parameter settings for the PM-E F module: (8) IM 151-1 HF Baugruppe Bestellnummer PM-E DC24V 4/8 F-DI DC24V 4 F-DO DC24V/2A PM-E F DC24V/10A 2 F-DO 4 DO 24V/10A E-Adre..... A-Adres.... D..... Kommentar 6ES7 138-4CA00-0AA0 6ES7 138-4FA00-0AB0 128...133 128...131 6ES7 138-4FB00-0AA0 134...138 134...138 6ES7 138-4CF00-0AB0 139...143 139...143 32.0...32.3 6ES7 132-4BD30-0AA0 F-Zieladresse 1111111110 (hexadezimal 3FE) F-Zieladresse 1111111101 (hexadezimal 3FD) F-Zieladresse 1111111100 (hexadezimal 3FC) Eigenschaften - PM-E F DC24V/10A 2 F-DO DC24V/2A - (R-/S7) Allgemein Adressen Parameter Parameter Wert Parameter F-Parameter F_Quell_Adresse F_Ziel_Adresse DIL-Schalterstellung (9........0) F_Uberwachungszeit (ms) 1: SI PLC315-2DP 2AF03 1020 1111111100 100 Baugruppenparameter DO-Kanal 0 Aktiviert Diagnose: Drahtbruch DO-Kanal 1 Aktiviert Diagnose: Drahtbruch DO-Kanal 2 (P1/P2) Aktiviert OK Fig. 7-37 Abbrechen Hilfe Parameter settings for the PM-E F module Explanationen of parameters The parameters of the PM-E F module are explained below: * F parameters The F parameters have already been explained in relation to the F/DI module (cf. above). The target address for the PM-E F module is 3FC in the in hexadecimal notation. * DO channel 0 / 1 The parameterization of the individual DO channels has already been explained in relation to F-DO. * DO channel 2 (P1/P2) The third output pair (DO channel 2 (P1/P2)) cannot be de-activated. This channel is used to internally switch-in or switch-out the safety-relevant power supply to or from the downstream standard DO or also DI modules (see Fig. 7-33). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-433 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 7.6.5 11.03 Parameterizing the Sinumerik 840D NCK Addressing the PROFIsafe masters (cf. parameter F_Source_Address): * MD 10385 $MN_PROFISAFE_MASTER_ADRRESS = 05 00 00 01 H General PROFIsafe parameterization Setting the PROFIsafe clock cycle * MD 10071 $MN_ IPO_CYCLE_TIME = 0.006 s * MD 10098 $MN_PROFISAFE_IPO_TIME_RATIO = 3 ( => 0.018 s) For details on setting the PROFIsafe clock cycle, see: Chapter 3, SI I/Os via fail-safe module on PROFIBUS-DP Configuring and parameterizing the ET 200S F I/Os PROFIsafe clock cycle and DP cycle time Connecting SPL-SGE-/SGA ($A_INSE(P)/$A_OUTS E(P) variables) Inputs from the F-DI module to mapped to $A_INSE(P) variables 1..4 * MD 10386 $MN_PROFISAFE_IN_ADDRESS[0] = 05 00 03 FEH * MD 10388 $MN_PROFISAFE_IN_ASSIGN[0] = 004 001 In the case of an agreement button connected-up in an exclusive OR configuration, when OK, the signal state is transferred to the SPL defined by the lower channel (channel 2 in the example). $A_OUTSE(P) variables 1..4 are output to the F-DO module * MD 10387 $MN_PROFISAFE_OUT_ADDRESS[0] = 05 00 03 FDH * MD 10389 $MN_PROFISAFE_OUT_ASSIGN[0 = 004 001 $A_OUTSE(P) variables 5..7 are output to the PM-E F module * MD 10387 $MN_PROFISAFE_OUT_ADDRESS[1] = 05 00 03 FCH * MD 10389 $MN_PROFISAFE_OUT_ASSIGN[0] = 007 005 Additional SI machine data A few definitions are now required in order to explain a safe programmable logic (SPL). This is the reason that not all of the parameterized machine data for Safety Integrated will be described. Furthermore, axial machine data are only specified to represent an axis. SBH de-selection via $A_OUTSI[1] * MD 36970 $MA_SAFE_SS_DISABLE_INPUT = 04 01 01 01H SG selection bit 1 via $A_OUTSI[2] * MD 36972 $MA_SAFE_VELO_SELECT_INPUT[0] = 04 01 01 02H STOP A de-selection via $A_OUTSI[3] * MD 36977 $MA_SAFE_EXT_STOP_INPUT[0] = 04 01 01 03H STOP C de-selection via $A_OUTSI[4] * MD 36977 $MA_SAFE_EXT_STOP_INPUT[1] = 04 01 01 04H STOP D de-selection via $A_OUTSI[5] * MD 36977 $MA_SAFE_EXT_STOP_INPUT[2] = 04 01 01 05H These safety-relevant internal input signals are used to implement the functions described above 7-434 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7.6.6 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP Programming the NCK-SPL The complete SPL logic is not shown, only the parts needed to understand the application. The parts not shown include terminal 663 and the forced checking procedure. ; +---------------------------------------------------------+ ; | Safe programmable logic (NCK-SPL) | ; +---------------------------------------------------------+ ; File: SAFE.SPF ; Excerpt for explanation of PROFIsafe ; ----------------------------------------------------------; D e s c r i p t i o n : ; - NCK-SPL ; - Logical combination of SPL input variables ; External (from PROFIsafe) : $A_INSE (MD 10386 10388) ; Internal (from SI kernel) : $A_INSI (MD 36980..36990) ; to output variables of the SPL ; Internal (to SI kernel) : $A_OUTSI (MD 36970..36978) ; External (to PROFIsafe) : $A_INSE (MD 10387 10389) ; E n d D e s c r i p t i o n ; ----------------------------------------------------------; ;-------------------- Cycle definition ---------------------; Suppress single block, display ; ----------------------------------------------------------N100 PROC SAFE SBLOF DISPLOF ; --------------------- Declarations -----------------------; Definition of symbolic names for SPL variables ; ----------------------------------------------------------; Addressing of PROFIsafe input modules ; MD 10386 $MN_PROFISAFE_IN_ADDRESS[n] ; Assignment of PROFIsafe signals to SPL ; MD 10388 $MN_PROFISAFE_IN_ASSIGN[n] ;-----------------------------------------------------------;MD 10386[0]/MD 10388[0] : F-DI NCK ; PLC-DB18. ;-----------------------------------------------------------N105 DEFINE IE_EMERGENCY_STOP AS $A_INSE[01] ; DBX38.0 N110 DEFINE IE_PROT.DOOR_CLOSED AS $A_INSE[02] ; DBX38.1 N115 DEFINE IE_AGREEMENT AS $A_INSE[03] ; DBX38.2 N120 DEFINE IE_DRIVES_ON AS $A_INSE[04] ; DBX38.3 ;============================================================ ;Internal inputs (mapping of SGA 36980..36990) ; PLC-DB18. ;-----------------------------------------------------------;not used for example N105 DEFINE II_RES_01 AS $A_INSI[01] ; DBX55.0 ;============================================================ ;Internal outputs (assignment to SGE 36970..36978); PLC-DB18. ;-----------------------------------------------------------N425 DEFINE OI_SBH_DESEL AS $A_OUTSI[01] ; DBX62.0 N430 DEFINE OI_SG_SEL_B1 AS $A_OUTSI[02] ; DBX62.1 N435 DEFINE OI_STOPA_DESEL AS $A_OUTSI[03] ; DBX62.2 N440 DEFINE OI_STOPC_DESEL AS $A_OUTSI[04] ; DBX62.3 N445 DEFINE OI_STOPD_DESEL AS $A_OUTSI[05] ; DBX62.4 ;============================================================ (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-435 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 11.03 ; Addressing of PROFIsafe input modules ; MD 10387 $MN_PROFISAFE_OUT_ADDRESS[n] ; Assignment of PROFIsafe signals to SPL ; MD 10389 $MN_PROFISAFE_OUT_ASSIGN[n] ;-----------------------------------------------------------;MD 10387[0]/MD 10389[0] : F-DO NCK ; PLC-DB18. ;-----------------------------------------------------------N585 DEFINE OE_VALVE1 AS $A_OUTSE[01] ; DBX46.0 N590 DEFINE OE_RES_02 AS $A_OUTSE[02] ; DBX46.1 N595 DEFINE OE_VALVE2 AS $A_OUTSE[03] ; DBX46.2 N600 DEFINE OE_RES_04 AS $A_OUTSE[04] ; DBX46.3 ;-----------------------------------------------------------;MD 10387[1]/MD 10389[1] : PM-EF NCK ; PLC-DB18. ;-----------------------------------------------------------N605 DEFINE OE_VALVE3 AS $A_OUTSE[05] ; DBX46.4 N610 DEFINE OE_RES_06 AS $A_OUTSE[06] ; DBX46.5 N615 DEFINE OE_P1P2 AS $A_OUTSE[07] ; DBX46.6 ;============================================================ ;MARKERSI : Internal status marker ; PLC-DB18. ;-----------------------------------------------------------N665 DEFINE MI_NO_E_STOP AS $A_MARKERSI[01] ; DBX70.0 N670 DEFINE MI_AGREEMENT AS $A_MARKERSI[02] ; DBX70.1 ;============================================================ ;TIMERSI : Internal timer ; PLC timer ;-----------------------------------------------------------N742 DEFINE TI_RES_01 AS $A_TIMERSI[01] ; T xxx ;not used for example ;============================================================ ;PLCSIOUT : Single-channel data from PLC -> NCK ; PLC-DB18. ;-----------------------------------------------------------N800 DEFINE IPLC_RES_01 AS $A_PLCSIOUT[01] ; DBX128.0 ;not used for example ;============================================================ ;PLCSIIN : Single-channel data from NCK -> PLC ; PLC-DB18. ;-----------------------------------------------------------N900 DEFINE OPLC_RES_01 AS $A_PLCSIIN[01] ; DBX132.0 ;not used for example ;============================================================ ; --------------------- Program section -------------------; INSE/INSI ---> OUTSI/OUTSE (MARKERSI memory) ; ----------------------------------------------------------; First static synchronized action : IDS = aa (MD 11500[0]) ; Last static synchronized action : IDS = bb (MD 11500[1]) ; Static de-select STOP A IDS=01 DO STOPA_DESEL = 1 ; Emergency stop (STOP C if protective door open / STOP D if closed) IDS=02 EVERY IE_DRIVES_ON == 1 DO MI_NO_E_STOP = 1 ; Set status marker IDS=03 WHENEVER IE_E_STOP == 0 DO MI_DO_NOT_STOP = 0 ; Reset status marker 7-436 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP ; De-select STOP C IDS=04 DO STOPC_DESEL = De-select STOP C IE_PROT.DOOR_CLOSED OR MI_NO_E_STOP ; ; De-select STOP D IDS=05 DO STOPD_DESEL = NOT IE_PROT.DOOR_CLOSED OR MI_NO_E_STOP ; Deselect STOP D ; Agreement mode IDS=06 DO MI_AGREEMENT = NOT IE_PROT.DOOR_CLOSED AND IE_AGREEMENT ; SBH de-selection (if protective door closed or for agreement mode) IDS=07 DO OI_SBH_DESEL = IE_PROT.DOOR_CLOSED OR MI_AGREEMENT ; SG changeover (select SG3 if protective door closed) IDS=08 DO OI_SG_DESEL_B1 = IE_PROT.DOOR_CLOSED ; Valve unit 1 IDS=09 DO OE_VALVE1 = MI_NO_E_STOP AND (IE_PROT.DOOR_CLOSED OR MI_AGREEMENT) ; Valve unit 2 IDS=10 DO OE_VALVE2 = MI_NO_E_STOP AND IE_PROT.DOOR_CLOSED ; Valve unit 3 IDS=11 DO OE_VALVE3 = OE_VALVE1 ; Supply potential DO IDS=12 DO OE_P1P2 = OE_VALVE2 N1000 MSG ("SPL OK") N1005 M30 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-437 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 7.6.7 Programming the PLC-SPL Excerpt from symbol definitions DB18 "SPL" Table 7-2 11.03 Only data ranges for which a symbol has been defined for the example are listed. Excerpt from symbol definition DB18 "SPL" Address Name Type Initial value Comment ... ... ... ... ... +38.0 +38.1 IEP_NOT_HALT IEP_SCHUTZTUER _ZU IEP_ZUSTIMMUNG IEP_ANTRIEBE_E IN BOOL BOOL FALSE FALSE $A_INSEP[1] $A_INSEP[2] BOOL BOOL FALSE FALSE $A_INSEP[3] $A_INSEP[4] +38.2 +38.3 ... ... ... ... ... +46.0 +46.1 +46.2 +46.3 +46.4 +46.5 +46.6 OEP_VENTIL1 OEP_RES_02 OEP_VENTIL2 OEP_RES_04 OEP_VENTIL3 OEP_RES_06 OEP_P1P2 BOOL BOOL BOOL BOOL BOOL BOOL BOOL FALSE FALSE FALSE FALSE FALSE FALSE FALSE $A_OUTSEP[01] $A_OUTSEP[02] $A_OUTSEP[03] $A_OUTSEP[04] $A_OUTSEP[05] $A_OUTSEP[06] $A_OUTSEP[07] ... ... ... ... ... +62.0 +62.1 +62.2 +62.3 +62.4 OIP_SBH_ABWAHL OIP_SG_AUSW_B1 OIP_STOPA_ABW OIP_STOPC_ABW OIP_STOPD_ABW BOOL BOOL BOOL BOOL BOOL FALSE FALSE FALSE FALSE FALSE $A_OUTSIP[01] $A_OUTSIP[02] $A_OUTSIP[03] $A_OUTSIP[04] $A_OUTSIP[05] ... ... ... ... ... +70.0 MIP_KEIN_NOT_H ALT MIP_ZUSTIMMUNG BOOL FALSE BOOL FALSE $A_MARKERSIP[0 1] $A_MARKERSIP[0 2] +70.1 PLC-SPL BEGIN NETWORK TITLE =map external inputs to $A_INSEP variables // // // // // // // This step is no longer required for PROFIsafe inputs in the user program. The input signals from the F-DI module are also transferred via the parameters of the NCK machine data MD 10386[n] and MD 10388[n] to the corresponding bits in DB 18, i.e. the associated $A_INSEP variables (DB18.DBX38.0 .. DBX 45.7) are written inside the system NETWORK TITLE =Map status signals from SI (SGA) -> to internal inputs // cf. MD 36980..MD36990 // SGA signals in axis DB : DBX108.0 ... DBX111.7 // $A_INSIP[01]...$A_INSIP[64] : DB18.DBX54.0 ... DB18.DBX61.7 // No $A_INSIP variables are used for the application // example 7-438 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP NETWORK TITLE =SPL logic INSEP/INSIP -> map OUTSIP // cf. SAFE.SPF // $A_MARKERSIP[1]...$A_MARKERSIP[64] : // DB18.DBX70.0 ... DB18.DBX77.7 // $A_OUTSIP[1]......$A_OUTSIP[64] : // DB18.DBX62.0 ... DB18.DBX69.7 // // [IDS=01] Static de-select STOP A SET; = "SPL".OIP_STOPA_DESEL; // [IDS=02/03] Emergency Stop (STOP C for open / STOP D for // closed protective door) A "SPL".IEP_DRIVES_ON; FP M 100.0; // Auxiliary edge marker S "SPL".MIP_NO_E_STOP; // Set status marker UN R "SPL".IEP_EMERGENCY_STOP; "SPL".MIP_NO_E_STOP; // Reset status marker // [IDS=04] U O = STOP C - De-select "SPL".IEP_PROT.DOOR_CLOSED; "SPL".MIP_NO_E_STOP; "SPL".OIP_STOPC_DESEL; // [IDS=05] UN O = STOP D - De-select "SPL".IEP_PROT.DOOR_CLOSED; "SPL".MIP_NO_E_STOP; "SPL".OIP_STOPD_DESEL; // [IDS=06] UN U = Agreement mode "SPL".IEP_PROT.DOOR_CLOSED; "SPL".IEP_AGREEMENT; "SPL".MIP_AGREEMENT; // [IDS=07] SBH de-selection (if protective door closed or // for agreement mode) U "SPL".IEP_PROT.DOOR_CLOSED; O "SPL".MIP_AGREEMENT; = "SPL".OIP_SBH_DESEL; // [IDS=08] SG changeover (select SG3 if protective door closed) U "SPL".IEP_PROT.DOOR_CLOSED; = "SPL".OIP_SG_SEL_B1; NETWORK TITLE =SPL logic INSEP/INSIP -> map OUTSIP // cf. SAFE.SPF // $A_MARKERSIP[1]...$A_MARKERSIP[64] : // DB18.DBX70.0 ... DB18.DBX77.7 // $A_OUTSIP[1]......$A_OUTSIP[64] : // DB18.DBX62.0 ... DB18.DBX69.7 // // [IDS=09] Valve unit 1 U "SPL".MIP_NO_E_STOP; U( ; U "SPL".IEP_PROT.DOOR_CLOSED; O "SPL".MIP_AGREEMENT; (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-439 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP ) = // [IDS=10] U U = 11.03 ; "SPL".OEP_VALVE1; Valve unit 2 "SPL".MIP_NO_E_STOP; "SPL".IEP_PROT.DOOR_CLOSED; "SPL".OEP_VALVE2; // [IDS=11] Valve unit 3 U "SPL".OEP_VALVE1; = "SPL".OEP_VALVE3; // [IDS=12] Supply potential DO U "SPL".OEP_VALVE2; = "SPL".OEP_P1P2; NETWORK TITLE =Assign internal outputs (OUTSIP) to SI inputs (SGE) // cf. MD 36970..MD36978 // SGE signals in axis DB Part 1 : DBX22.0 ... DBX23.7 // SGE signals in axis DB Part 2 : DBX32.0 ... DBX33.7 // The example describes only the interface of axis 1 // De-select SBH U "SPL".OIP_SBH_DESEL; = DB31.DBX 22.1; // SG Changeover bit 1 U "SPL".OIP_SG_SEL_B1; = DB31.DBX 22.4; // De-select external STOP A (cf. MD 36977[0]) U "SPL".OIP_STOPA_DESEL; = DB31.DBX 32.2; // De-select external STOP C (cf. MD 36977[1]) U "SPL".OIP_STOPC_DESEL; = DB31.DBX 32.3; // De-select external STOP D (cf. MD 36977[2]) U "SPL".OIP_STOPD_DESEL; = DB31.DBX 32.4; NETWORK TITLE =Output external outputs (OUTSEP) to I/Os // This step is no longer required for PROFIsafe outputs // in the user program. The A_OUTSEP[n] variables // used (DB18.DBX46.0 .. DBX54.7) are output via the parameters // of the NCK machine data MD 10387[n] and MD 10389[n] from the // interface in DB18 (logically ANDed with the associated // $A_OUTSE variable) directly to the I/Os. i.e. the output to the I/O is carried-out within // the system END_FUNCTION 7-440 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 7.6.8 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP Modified limitations with PROFIsafe When compared to connecting the SPL I/O with two separate hardware I/O branches (NCK and PLC I/Os), when connected via SPL I/Os using one safety-relevant bus (PROFIsafe) results in some modified limitations when it comes to configuring and programming: * Error in the PROFIsafe input devices (e.g. input signals that differ from one another) cause the associated SPL-SGEs to be cleared. This initiates a STOP D/E . * The external SPL input signals in the DB18 interface for the $A_INSEP variables are transferred within the system, i.e. programming is no longer necessary in the user program. The PROFIsafe input I/Os now only transfer one signal state to the master for both SPL channels, i.e. data crosswise comparison is no longer performed in the control for the $A_INSE(P) variables. * The external SPL output signals of the DB18 interface ($A_OUTSEP variables) are transferred within the system to the relevant PROFIsafe output modules. Since only one signal state is transferred via PROFIsafe, it is no longer possible to temporarily output a signal state for the PLC output that is different from the NCK output (as implemented previously for exceptional cases). There is now no PLC branch and no NCK branch for a safe PROFIsafe output that has a two-channel structure. * If may be necessary to use single-channel signals (signals that are present only in the PLC or only in the NCK) to change over external SPL outputs (e.g. brake control). This fact means that these single-channel signals must also be made available to the other program channel to align the logic and program synchronously. Direct communications between the NCK and PLC-SPL via DB18 is a good way to achieve this. * In each PROFIsafe cycle, the PROFIsafe layer generates a PROFIsafe telegram with the logically AND'ed SPL output data as F net (useful) data. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-441 7 Configuring example 7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP 11.03 Notes 7-442 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.1 Conventional brake control (single-channel from the PLC) 8 Application examples 8 8.1 Conventional brake control (single-channel from the PLC) ......................... 8-444 8.2 Two-channel brake control with SI (SPL) .................................................... 8-445 8.3 Testing the function of the brake mechanical system.................................. 8-450 8.3.1 Applications .......................................................................................... 8-450 8.3.2 Parameterization .................................................................................. 8-450 8.3.3 Sequence ............................................................................................. 8-452 8.3.4 Limitations ............................................................................................ 8-455 8.3.5 Activating.............................................................................................. 8-455 8.3.6 Examples.............................................................................................. 8-456 8.4 Safe cams at the modulo limit ..................................................................... 8-457 8.5 SPL functionality without real drives ........................................................... 8-464 8.6 Direction detection when retracting from SE ............................................... 8-466 8.7 Replacing a motor or encoder..................................................................... 8-469 8.8 Example for combining SI with ESR ........................................................... 8-473 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-443 8 Application examples 8.1 Conventional brake control (single-channel from the PLC) 11.03 The application examples listed below are intended to provide support when engineering and using Safety Integrated. It involves recommended solutions for applications that are frequently encountered in the field and for which there is no clear or trivial solution. The examples are intended purely as an aid to configuration and should not be interpreted as configuration instructions, i.e. equally suitable alternative solutions may exist. 8.1 Conventional brake control (single-channel from the PLC) Many brake actuation systems still use a PLC output that switches an additional hardware relay. The reason for this is that a standard S7 output can only supply 0.5 A and a current of this magnitude is usually insufficient to be able to actuate a brake. This circuit has the following disadvantages: Firstly, control via the PLC does not comply with the safety requirements (in the worst case, the PLC can crash without resetting the outputs, i.e. the axis could fall). Secondly, the application time of the holding brake is increased because the hardware relay has to be controlled and it also has an associated switching time. In order to keep the switching time of the contactor as short as possible, neither an interference suppression diode (6 to 10-fold increase in the switching time) nor a diode combination (2 to 6-fold increase in the switching time) may be used for interference suppression of the contactor. The only practical solution in this case is a varistor (increase of approximately 2-5 ms). It is better to use an optocoupler or an S7 module, both of which provide an output current of 2 A. Holding/service break actuation Current source/sink version Auxiliary relay Holding brake Holding brake Fig. 8-1 Single-channel brake control, P-switching (single-channel from the PLC) If this type of brake control is used with Safety Integrated, the STOP A/B active signal (DB3x.DBX 111.4) is available to be logically combined with further criteria to control the brake (for SI with SPL, a significantly more sophisticated brake control function can be implemented, that is described further below). 8-444 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.2 Two-channel brake control with SI (SPL) The "position controller active" signal (DB3x.DBX 61.5) represents a further condition to release the brake. The "speed controller active" signal (DB3x.DBX 61.6) should be used in conjunction with Safety Integrated, because when Stop C is active the position controller is inactive but the speed controller remains active, which means that the drive would work in opposition to the brake. Note For this type of control, there is a risk that single-channel actuation of the brake or the holding brake may not operate correctly in the event of a PLC fault and that, in the worst case, the axis may fall. 8.2 Two-channel brake control with SI (SPL) Description In order to increase the safety-relevant quality of the brake control system (for the holding brake or operating brake), it is necessary to use a two-channel control system. An NCK output switches the P voltage (24 V) to release the brake and a PLC output (S7 relay module) switches the M voltage (P/M control). A checkback contact on the PLC side verifies that the two switching elements are operating correctly. Controlling the NCK output (relevant signals - suggestion): * "STOP A/B active" * $VA_DPE[machine axis name] (power enable status - axis-specific) available in software version 5.x and higher * Alternatively or in addition, system variable $AC_ALARM_STAT (information about the queued alarm response) (already in software V4.4.x) * Application-specific SPL signals such as "EMERGENCY STOP not active", "control system not powered-up", etc. Connecting these signals to $A_OUTSE (NCK output) Controlling the PLC output (relevant signals - suggestion): Equivalent programming measures should be implemented on the PLC side (up to the $A_OUTSEP variable), i.e. further shutdown conditions can be integrated to control the output. * "STOP A/B active" * SGA "pulses safely cancelled", axis DB.DBX 108.2 * * Status signal "pulses enabled", axis DB.DBX 93.7 Status signal "speed controller active", axis DB.DBX 61.6 * Application-specific SPL signals such as "EMERGENCY STOP not active", "control system not powered-up", etc. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 Compare $VA_DPE 8-445 8 Application examples 8.2 Two-channel brake control with SI (SPL) 11.03 Connecting these signals to $A_OUTSEP (DB18 signal) Signals that are logically combined after $A_OUTSEP to control the PLC output no longer influence the SPL crosswise data comparison. Additional signals can include the following: * User signals, e.g. "test stop active" * Status signal "position controller active", axis DB.DBX 61.6 for faster application of the brake Connecting these signals to the PLC output Example NCK part (1) Machine data MD 36990[0] SAFE_ACT_STOP_OUTPUT = 04010101 (for drive X1) (2) SPL DEFINE STOP_A_B_aktiv AS $A_INSI[1] DEFINE P_BREMSE_X1 AS $A_OUTSE[1] DEFINE NOT_HALT_nicht_aktiv AS $A_MARKERSI[1] IDS=1 DO P_BREMSE_X1 = NOT STOP_A_B_aktiv AND $VA_DPE[X1] AND EMERGENCA_STOP_not_active PLC part U DB31.DBX111.4 // STOP A/B active = DB18.DBX56.0 // $A_INSIP[1] UN DB18.DBX56.0 UN DB31.DBX108.2 // $A_INSIP[1] // SGA pulses not safely cancelled U DB31.DBX93.7 // Pulses enabled U DB31.DBX61.6 // Speed controller active U DB18.DBX70.0 // EMERGENCY STOP not active = DB18.DBX46.0 U DB18.DBX46.0 U DB31.DBX61.5 // $A_OUTSEP[1] // $A_OUTSE[1] // Position controller active - from here onwards, no longer any effect on SPL crosswise data comparison . . = A2.0 8-446 // PLC output, relay module (M voltage) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.2 Two-channel brake control with SI (SPL) Holding/service brake actuation Current source/link version with checkback Holding brake Relay outoutput Fig. 8-2 Two-channel brake control, P/M switching with SI Unlike the test routine described in Chapter 7.3.6, the test involves separately controlling the two outputs A1 and A2 and monitoring the resulting level change at test input E1. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-447 8 Application examples 8.2 Two-channel brake control with SI (SPL) 11.03 A1 (NCK) high low A2 (PLC) high low E1 (PLC) high low t1 t2 t3 t4 t5 t6 Bremsen3_00.DSF Fig. 8-3 Description 8-448 Test routine at power-up The check can be integrated into the normal test routine (Chapter 7.3.4) or can be performed separately. The flowchart below shows the test procedure. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.2 Two-channel brake control with SI (SPL) Start of test phase Brake has already been applied at this point (e.g. test stop phase 1) New test? Check test input I1 (time t 2 ) Test input: level high Test input: level low Activate output Q1 (time t 3 ) Check test input I1 (time t 4) Conductor D1 short-circuit to current source or switching element Q1 short-circuit to current source or malfunction. Error message Test input: level low Test input: level high Conductor D2 short-circuit to current source or switching element Q2 short-circuit to current source or malfunction. Error message / deactivate output Q1 Delayed activation of output Q2 (time t 5 ) Check test input I1 (time t 6 ) Test input: level high Output Q2 no longer capable of operation after test. Test input: level low End of test phase Fig. 8-4 Description Error message / deactivate output Q1/Q2 Delayed pulse disable Flowchart for the test routine With this safe brake control, only the operating brake represents a potential hazard. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-449 8 Application examples 8.3 Testing the function of the brake mechanical system 11.03 8.3 Testing the function of the brake mechanical system 8.3.1 Applications The brake mechanical system test should be used for all axes which must be prevented from moving in an uncontrolled manner by a holding brake. This test function is primarily intended for so-called vertical axes. The brake test fulfills the requirements of control Category 2 according to EN 954-1. The functionality is based on "traversing to a fixed endstop" (FXS). The traversing to fixed endstop can be individually parameterized to test the function of the brake mechanical system. It is activated and de-selected from the PLC. For further details on traversing to fixed endstop, refer to /FB1/, F1. The machine manufacturer can use his PLC user program to close the brake at a suitable moment in time (nominal value, every 8h similar to the SI test stop) and initiates the drive to produce an additional torque/additional force equivalent to the weight of the axis. In a fault-free state, the brake can apply the necessary force, i.e. the axis will hardly move. When there is a fault condition, the actual position value leaves the parameterizable monitoring window. In this case, traversing to fixed endstop is terminated so that the position controller can prevent the axis falling. The brake test is then negatively acknowledged. The brake test must always be started when the axis is at standstill (also refer to Chapter 8.3.5 "Activation"). The direction in which the drive produces force is specified by the PLC using a "traversing motion" via FC 18. The destination of this traversing motion must be able to be reached without incurring any potential hazard in the case that the brake cannot provide the necessary force. 8.3.2 Parameterization The following axial NCK machine data are available to the user for parameterizing the function test of the brake mechanical system: - $MA_FIXED_STOP_MODE - $MA_FIXED_STOP_THRESHOLD - $MA_SAFE_BRAKETEST_TORQUE - $MA_SAFE_BRAKETEST_POS_TOL $MA_FIXED_STOP_ MODE The function test of the mechanical brake system is enabled by setting bit 1 in $MA_FIXED_STOP_MODE. If the user needs to travel to a fixed stop with this axis from the part program, bit 0 can also be set. An internal monitoring is performed to check that only one type of traverse to fixed endstop is active at a time. In the case of an error, Alarm 20092, "Axis %1 Travel to fixed stop still active" is issued. $MA_SAFE_ BRAKETEST_TORQUE The machinery manufacturer must parameterize the total required brake holding torque in the axial MD $MA_SAFE_BRAKETEST_TORQUE. Internally, this is used to calculate the drive torque needed in addition to the weight of the axis as braking load. 8-450 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.3 Testing the function of the brake mechanical system For SIMODRIVE 611 digital, the drive torque is determined at the time when the function test is selected. It is thus possible to take into a deviation from the torque parameterized in the drive machine data 1192 (or force due to the weight). This ensures that the brake test can also be carried-out with varying machine loads (e.g. different workpieces or tools). The drive torque to load the holding brake is limited to the maximum motor torque if the desired braking torque would require a higher drive torque. m MD BRAKETEST_TORQUE m m FXS 611D-MD 1192 Drive Measured torque on selection of brake test m Act 0 m m Drive t FXS Torque limiting in current controller MD 1192 + / - m Fig. 8-5 FXS Torque limiting for 611 digital When selecting the brake test, the holding torque required for the weight of the axis is measured internally (mAct). The drive must only provide the difference between this torque and the braking torque specified in MD $MA_SAFE_BRAKETEST_TORQUE. This torque is designated with a mDrive in Fig. 8-5. The SIMODRIVE 611 digital drive locates its torque limit symmetrically around the torque specified in drive machine data 1192. This is the reason that mFXS from Fig. 8-5 is specified as torque limit. mFXS is the sum of mDrive and MD 1192. If the measured torque mAct coincides with the the parameterization in MD 1192, then mFXS becomes the value from MD $MA_SAFE_BRAKETEST_TORQUE Incorrect parameterization in MD $MA_SAFE_BRAKETEST_TORQUE or drive machine data 1192 can mean that the drive with reduced torque cannot even apply the required holding torque. This parameterization is detected when the brake test is selected and produces Alarm 20095 (refer to Chapter 6). The fact that the actual torque/force setpoint is displayed in MD 1728 makes it easier to correctly parameterize drive machine data 1192. If only the force due to the weight is effective, then this value can be directly transferred into MD 1192. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-451 8 Application examples 8.3 Testing the function of the brake mechanical system 11.03 This value must be entered with an additional safety margin in MD $MA_SAFE_BRAKETEST_TORQUE. The magnitude of the margin is oriented to the maximum holding force to be tested. Example: The weight of the vertical axis is 4000 N, the guaranteed braking force is 6000 N. On account of the weight of the axis, a torque of 32% of the holding torque of the motor is obtained and displayed in MD 1728. Therefore 32% must be parameterized in MD 1192. The correct value for $MA_BRAKETEST_TORQUE is obtained as follows: $MA_SAFE_BRAKETEST_TORQUE = 32% * 6000N / 4000N = 48% In addition, the electronic weight equalization should be parameterized in the axial NCK-MD 32460: $MA_TORQUE_OFFSET. This means that the necessary holding torque is re-established much faster when the brake is released (the brake is open). $MA_SAFE_BRAKE TEST_POS_TOL The monitoring window for the maximum permissible movement in the brake test is defined in the axial MD $MA_SAFE_BRAKETEST_POS_TOL. The PLC actively monitors this position window - from the start of the brake test and not only when it is detected that the fixed endstop has been reached. This is a difference when compared to activating traversing to the fixed endstop from the part program. The contour deviation that is determined is always used in the brake test to detect that the fixed endstop has been reached. The parameterization in $MA_FIXED_STOP_BY_SENSOR is therefore irrelevant. The required threshold value must be set in MD $MA_FIXED_STOP_THRESHOLD. This means that the traversing distance from the PLC via FC 18 must be greater than this threshold value. Furthermore, the drive must have reached its torque limit parameterized via $MA_SAFE_BRAKETEST_TORQUE. 8.3.3 Sequence The brake test in the PLC is carried out by calling data block FB11 (in the basic program) from the user program. The brake test comprises the following steps: Step Start brake test Close brake Output traversing command Output traversing command test Wait for the holding time De-select brake test/open brake Output test O.K. Function_Block FB 11 Expected checkback DBX 71.0 = 1 Bclosed = 1 DBX 64.6 Or DBX 64.7 DBX62.5 = 1 DBX62.5 = 1 DBX71.0 = 0 Monitoring time value TV_BTactiv TV_Bclose TV_FeedCommand TV_FXSreached TV_FXShold TV_BTactiv Declaration of the function VAR_INPUT Start: BOOL ; //Start of the brake test Quit : BOOL ; //Acknowledge Error Bclosed : BOOL ; //Brake closed input (single channel - PLC) Axis : INT ; //Testing axis no. TimerNo : TIMER ; //Timer from User TV_BTactiv : S5TIME ; //TimeValue - brake test active 8-452 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.3 Testing the function of the brake mechanical system TV_Bclose : S5TIME ; //TimeValue -> close brake TV_FeedCommand : S5TIME ; //TimeValue -> force FeedCommand TV_FXSreached : S5TIME ; //TimeValue -> Fixed stop reached TV_FXShold : S5TIME ; //TimeValue -> test brake END_VAR VAR_OUTPUT CloseBrake : BOOL ; //Signal close brake MoveAxis : BOOL ; //do move axis Done : BOOL ; Error : BOOL ; State : BYTE ; //Error byte END_VAR The following table lists all of the formal parameters of the brake test function Signal Start Quit Bclosed Type I I I Type BOOL BOOL BOOL AXIS TimerNo TV_Btactiv I I I INT TIMER S5TIME TV_Bclose I S5TIME TV_FeedCommand I S5TIME TV_FXSreached TV_FXShold CloseBrake MoveAxis Done Error State I I O O O O O S5TIME S5TIME BOOL BOOL BOOL BOOL BYTE Remarks Starts the brake test Acknowledgement error Checkback input whether close brake is controlled (singlechannel - PLC) Axis number of axis to be tested Timer from user program Monitoring time value -> close brake. Test the axis signal DBX71.0 Monitoring time value -> close brake. Check the input signal Bclosed after the CloseBrake output was set. Monitoring time value -> output traversing command. Check travel command after MoveAxis has been set. Monitoring time value -> fixed endstop reached Monitoring time value -> test brake Request, close brake Request, initiate traversing Test successfully completed Error has occurred ErrorStatus Error IDs State 0 1 2 3 4 5 6 7 8 9 10 11 Meaning No error Start conditions not fulfilled, e.g. axis not in closed-loop control/brake closed/axis inhibited No NC checkback in the "brake test active" signal when the brake test is selected No checkback signal "brake applied" using the input signal Bclosed No traversing command output (e.g. axis motion has not been started) Fixed endstop will not be reached - axis RESET was initiated. Traversing inhibit/approach too slow -> fixed endstop cannot be reached. Monitoring time TV_FXSreached has expired. Brake is not holding at all (end position is reached)/approach speed is too high Brake opens during the holding period Error when de-selecting the brake test Internal error "PLC-controlled axis" signal not enabled in the user program (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-453 8 Application examples 8.3 Testing the function of the brake mechanical system 11.03 Alarm number 411101 Meaning: Remedy: Parameter, axis not in the permissible range Use the permissible axis number Note The user program must call the block. The user must provide an instance DB with any number for this purpose. The call is multi-instance-capable. FB11 call UN M 111.1; //Request close Z axis brake from FB = A 85.0; //Control Z axis brake AUF "Axis3"; //Test, Z axis brake O O FP UN S S S E 73.0; //Initiates the brake test, Z axis M (GND) 110.7; //Brake test running M (GND) 110.0; M (GND) 111.4; //Fault/error occurred M (GND) 110.7; //Brake test running M (GND) 110.6; //Next step DBX 8.4; //Request neutral axis U U FP R S R S DBX 68.6; //Checkback signal, axis is neutral M (GND) 110.6; M (GND) 110.1; M (GND) 110.6; M (GND) 110.5; //Next step DBX 8.4; DBX 28.7; //Request PLC monitored axis U DBX 63.1; //Checkback signal, the PLC is monitoring the axis M (GND) 110.5; M (GND) 110.2; M (GND) 110.5; M (GND) 111.0; //Start the brake test for FB FP R S CALL FB 11 , DB 211 (//Brake test block Start := M 111.0, //Start brake test Quit := E 3.7, //Acknowledge error with Reset key Bclosed := E 54.0, //Checkback signal, close brake, controlled Axis := 3,//Axis number of axis to be tested, Z axis TimerNo := T 110, //Timer number TV_Btactiv := S5T#200MS,//Monitoring time value: Brake test active DBX71.0 TV_Bclose := S5T#1S,//Monitoring time value: Brake closed TV_FeedCommand := S5T#1S,//Monitoring time value: Traversing command output TV_FXSreached := S5T#1S,//Monitoring time value: Fixed endstop reached 8-454 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.3 Testing the function of the brake mechanical system TV_FXShold CloseBrake MoveAxis Done Error State OPEN O FP R UN FP R R := S5T#2S,//Monitoring time value: Test time Brake := M 111.1,//Request, close brake := M 111.2,//Request, initiate traversing motion := M 111.3,//Test successfully completed := M 111.4,//Error has occurred := MB 112);//Error status "Axis3"; //Brake test, Z axis M (GND) 111.3; //Test ended successfully M (GND) 111.4; //Fault/error occurred M (GND) 110.3; DBX 28.7; //Request, PLC monitored axis DBX 63.1; //Checkback signal, the PLC is monitoring the axis M (GND) 111.0; //Start brake test for FB M (GND) 110.7; //Brake test running M (GND) 110.4; M (GND) 111.0; //Start brake test for FB M (GND) 110.7; //Brake test running CALL "SpinCtrl" (//Traverse Z axis Start = M 111.2, //Start traversing motion Stop := FALSE, Funct := B#16#5,//Mode: Axis mode Mode := B#16#1,//Traversing: Incremental AxisNo := 3,//Axis number of the axis to be traversed, Z axis Pos := -5.000000e+000,//Distance: Minus 5 mm Frate := 1.000000e+003,//Feed rate: 1000 mm/min InPos := M 113.0,//Position reached Error := M 113.1,//Error has occurred State = MB 114); //Error status 8.3.4 Limitations During the brake test, traversing to fixed endstop and traverse with limited torque (FOC) may not be active at the same time. In this case, Alarm 20092, "Axis %1 Travel to fixed stop still active" is triggered. During the brake test, contour monitoring is not active and also no standstill monitoring after the PLC has started traversing motion. The brake test is only possible for SIMODRIVE 611 digital. It cannot be used for gantry axes. 8.3.5 Activating The brake test must always be started when the axis is at a standstill. For the entire duration of the brake test, the enable signals of the parameterized axis must be set to enable (e.g. the signals, controller inhibit, feed enable). (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-455 8 Application examples 8.3 Testing the function of the brake mechanical system 11.03 The signal "PLC controlled axis" (DB "Axis".DBX28.7) must still be set to state 1 by the user program for the entire duration of the test. Prior to activating the signal "PLC controlled axis", the axis must be set as "neutral axis", e.g. set byte 8 in the axis DB to channel 0. Set the activating signal in the same byte. The block may not be started until the NC checkback signal has been received via the appropriate bit (DB Axis.DBX 63.1). For PLC-controlled axis, also refer to: References: /FB2/ P2 "Autonomous single-axis processes (SW 6.3 and higher)" 8.3.6 Examples An example of incorrect parameterization that results in Alarm 20095, "Axis %1 impermissible holding torque, measured torque %2" is shown in the following diagram: The torque due to weight in the drive machine data 1192 has been parameterized considerably lower than the measured torque mAct. The calculated torque limit mFXS symmetrically around this MD would mean that the drive would not be able to produce the required holding torque for this axis (MD1192+mFXS is lower than mAct). m Measured torque on selection of brake test m Act MD BRAKETEST_TORQUE m Drive 611D-MD 1192 m m m 0 FXS Drive FXS t Torque limiting in current controller: MD 1192 + / - m FXS Fig. 8-6 Commissioning 8-456 Example of incorrect parameterization To support start-up of the brake test, Alarm 20096, "Axis %1 Brake test aborted, Additional info %2" can be enabled via bit 5 in machine data $MN_ENABLE_ALARM_MASK. This alarm supplies detailed information if the brake test is interrupted. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.4 Safe cams at the modulo limit 8.4 Safe cams at the modulo limit Description </Bkmk_Toc473536862> </Bkmk_Toc473537158> </Bkmk_Toc473537257> A problem frequently encountered with machine tools and production machines is the reliable detection of the position of a drive. Safe cams (SN) are used for this purpose, however it should be noted that the signal level of a safe cam changes at the modulo limit of a rotary axis. The following spindle application illustrates the problem: General position detection (can be applied to linear axes) For the rotary axis, the 90 position is to be safely detected. A cam signal is to be generated for this purpose, that has a high signal level between 89.5 and 90.5 (pulse). These positions are entered into the machine data 36936 SAFE_CAM_POS_PLUS[0] : 90.5 degrees 36937 SAFE_CAM_POS_MINUS[0] : 89.5 degrees 36905 SAFE_MODULO_RANGE : 360 degrees and are subsequently transferred into the FD/MSD machine data. The levels of the safe cam signals change as follows: 89.5 90 90.5 SN1+ SN1- Position detection to be implemented Fig. 8-7 Safe cam signal characteristics Safe cams SN1+ to SN4- are individual position signals with a signal change from "low" to "high" at the saved position. The required cam signal is generated by negating signal SN1+ and rounding it with signal SN1-. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-457 8 Application examples 8.4 Safe cams at the modulo limit 11.03 89.5 0 90.5 SN1+ inverted SN1Modulo correction SN1+ & Position detection 90 degrees SN1- Fig. 8-8 Negating a safe cam signal to generate a pulse The appropriate machine data settings are used to negate SN1+ and round-off on the NCK side. To implement this, the two cam signals should be parameterized to an NCK output 36988 SAFE_CAM_PLUS_OUTPUT[0] 81040101 36989 SAFE_CAM_MINUS_OUTPUT[0] 01040101 or a system variable ($A_INSI[1]) 36988 SAFE_CAM_PLUS_OUTPUT[0] 84010101 36989 SAFE_CAM_MINUS_OUTPUT[0] 04010101 The minimum logic (Chapter 3.9.19) of the NCK safety channel is used for multiple assignment to an output or a system variable. This includes the rounding-off of the assigned signals. This type of logic is not available in the form of parameter settings on the PLC side. The negation on the NC side is not effective for the drive (PLC) side, therefore the position detection has to be programmed as shown below: UN U = = Position detection at modulo limit with and without SPL 8-458 DB3x.DBX109.0 DB3x.DBX109.1 M1.0 // // DB18.DBX54.0 // // // SN1+ // SN1Position detection 90 in marker 1.0 $A_INSIP[1] Position detection 90 At the modulo limit, the cams respond differently to the description in 1) because of the modulo correction. The following positions are saved in the machine data: 36936 SAFE_CAM_POS_PLUS[0] : 0.5 Degrees 36937 SAFE_CAM_POS_MINUS[0] : 359.5 Degrees 36905 SAFE_MODULO_RANGE : 360 Degrees (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.4 Safe cams at the modulo limit The levels of the SN signals change as follows: 359.5 0 0.5 SN1+ SN1- Modulo correction SN1+ SN1- Fig. 8-9 & Position detection to be implemented Position detection 0 degrees Signal generation for modulo cam 1 Because of the modulo correction and the associated level changes of the safe cams, the above method of rounding would have the effect that "position detection 0 degrees" would always be a low signal. This problem can be solved by negating signal SN1+ in the machine data parameterization and OR'ing it with signal SN1-. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-459 8 Application examples 8.4 Safe cams at the modulo limit 11.03 359.5 0 1 0.5 SN1+ inverted SN1Modulo correction SN1+ SN1- Fig. 8-10 >1 Position detection 0 degrees Signal generation for modulo cam 2 However, the OR operation is not integrated in the system and must be implemented in the SPL or by hardwiring. With SPL, the two cam signals are parameterized to $A_INSI variables and logically combined in the SPL. 36988 36989 SAFE_CAM_PLUS_OUTPUT[0] SAFE_CAM_MINUS_OUTPUT[0] 84010101 ($A_INSI[1]) 04010102 ($A_INSI[2]) IDS=1 DO $A_MARKERSI[1] = $A_INSI[1] OR $A_INSI[2] PLC programming is analogous to that of the NCK SPL. UN = // U = // U O = DB3x.DBX109.0 // SN1+ inverted DB18.DBX62.0 // $A_INSIP[1] DB3x.DBX109.1 // SN1DB18.DBX62.1 // $A_INSIP[2] DB18.DBX62.0 // $A_INSIP[1] DB18.DBX62.1 // $A_INSIP[2] DB18.DBX72.0 // Position detection 0 degrees // $A_MARKERSIP[1] Without SPL, the SN1+ cam is negated and parameterized to an output. The SN1- cam is also parameterized to a separate output. 36988 SAFE_CAM_PLUS_OUTPUT[0] 81040101 36988 SAFE_CAM_MINUS_OUTPUT[0] 01040102 8-460 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.4 Safe cams at the modulo limit NCK +24 V Q1 Q2 K1 NCK I1 Fig. 8-11 Signal generation for modulo cam 3 In this case, the OR operation is implemented by wiring the two outputs to a contactor whose contacts can be used for further processing or can be logically combined with other signals. The signals are logically combined in the PLC in the usual manner: UN O = Cam synchronization DB3x.DBX109.0 // SN1+ DB3x.DBX109.1 // SN1M2.0 // Position detection 0 Cam synchronization can also be activated for position monitoring, in order that the two safety channels are switched in synchronism (see also Section 3.7). This synchronization is necessary if the safe cam signals are to be processed in the SPL. Consideration should be given to conditions which can affect the parameter settings and the effect of synchronization on position detection. The position of the safe cams at the modulo limit must be aligned to the selected cam tolerance. The calculations shown here are also performed by the Safety Integrated system and, in the event of a parameter error, Alarm: 27033 Parameterization of machine data 36936/36937 [0-3] invalid is displayed. The following machine data is assumed for the calculations below: 36942 SAFE_POS_TOL : 0.1mm 36940 SAFE_CAM_TOL : 0.1mm Example 1 (rotary axes) SN1+ lower modulo value + SAFE_POS_TOL SN1+ 359.999 + 0.1 SN1+ 0.099 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-461 8 Application examples 8.4 Safe cams at the modulo limit 11.03 Cam SN1+ must be greater than or equal to 0.099. SN1- < upper modulo value - SAFE_POS_TOL - SAFE_CAM_POS_TOL SN1- < 0 - 0.1 - 0.1 SN1- < 359.8 Cam SN1- must be less than 359.8. When using the cam tolerance, it should be noted that the switching position of the cam signal generated from switching signals SN1+ and SN1- varies according to the traversing direction, the magnitude of the tolerance, and the magnitude of the position deviations. Example 2 (linear axis, pulse generation) For a cam position of 100 mm and the following tolerances, 36942 SAFE_POS_TOL: 0.1mm (max. static deviation) 36940 SAFE_CAM_POS_TOL : 0.1mm 36936 SAFE_CAM_POS_PLUS[0]: 100 mm (SN+) 36037 SAFE_CAM_POS_MINUS[0]: 99mm (SN-) POSITION NCK at 0 mm : 0.000 mm POSITION drive at 0 mm : 0.040 mm (static deviations of actual values 0.040 mm) then when the cam tolerance is active, the following switching characteristics are obtained for the individual channels and the characteristics of the synchronized signal. Further, the following diagram shows how a pulse signal is generated from two synchronized cam signals (schematic distances). 8-462 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.4 Safe cams at the modulo limit Cam synchronization SN1+ SN1+ (K1- channel 1) SAFE_CAM_TOL Channel 1 (NCK) - unsync.. SN1+ (K1) + SAFE_CAM_TOL & Static deviation of actual values SN1+ (K2 - channel 2) SAFE_CAM_TOL Channel 2 (drive) - unsync. . SN1+ (K2) + SAFE_CAM_TOL SGA SN1+ synchronized with hysteresis SAFE_CAM_TOL Generation of an area cam from SN1+ and SN1- (PULSE) SGA SN1+ synchronized with hysteresis (negation of a signal for SN1+ via MD parameters) SAFE_CAM_TOL SGA SN1- synchronized with hysteresis (generated in same way as SN1+) SAFE_CAM_TOL Use of cam signals (signal pattern depending on traversing direction) (by mapping onto same signal HW/INSI) Traversing direction + SAFE_CAM_TOL SAFE_CAM_TOL Traversing direction - SN_Sync01_00.DSF Fig. 8-12 Signal generation for modulo cam 2 As can be seen in the diagram, the setting of machine data MD_SAFE_CAM_TOL determines the following variables: * Magnitude of the hysteresis (for a synchronized cam signal) * Magnitude of the traversing direction-dependent offset of the pulse generated from two cam signals (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-463 8 Application examples 8.5 SPL functionality without real drives 11.03 8.5 SPL functionality without real drives Description This example is intended to illustrate how to commission "Safety Integrated" with SPL functionality using the "parking axis" function (i.e. where a position measurement system is not active). The motor and measuring system connections on the drive can remain disconnected. This option is suitable for commissioning external peripheral devices (hydraulic systems, chip conveyors, etc.), which require the safety functions of the SPL logic, or for a test-set-up, to configure and test the SPL logic in a preliminary phase (e.g. EMERGENCY STOP). Note The SE (safe limit positions) and SN (safe cam) functions cannot be tested in this example since there are no real actual values. 1. Run-up the NCK with the standard machine data by selecting key position S3=1 and then activating power on. 2. Switch S3 back to position 0. 3. The password for protection level 2 = "Machine manufacturer" must be active. 4. Alternative 1: Readiin an NC archive file with an existing drive configuration => (continue with Point 11) 5. Alternative 2: Commission one or more axes - Drive configuration softkey - Insert module softkey (SRM, ARM...) - Allocate the logical drive number - Select the power module softkey 6. Commission the NCK DMP modules (inputs and outputs) - Insert module softkey (DMP-C) - Allocate the logical drive number - Switch modules to the active state 7. Power-up the NCK (The following error appears: 300010 "Axis %1 , Drive %2 active without NC axis assignment") 8. Change the axis-specific machine data -MD30130[0]: CTRLOUT_TYPE = 1 -MD30240[0]: ENC_TYPE 9. =1 Power-up the NCK (Error 300701 "Axis %1, Drive %2 Start-up required" appears) 10. Enter motor types - Drive MD softkey - Motor/controller softkey - Select motor softkey (e.g. 1PH...) - Select motor measuring system - Save the boot file 11. Power-up the NCK 8-464 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.5 SPL functionality without real drives 12. If errors occur at this position, for example, 25201,300504,25000 or 300613, then a position measuring system is active at the interface. Both position measuring systems should be de-activated. Position measuring system 1 (DB3x.DBX1.5) = 0 ( ? "parking axis" ) Position measuring system 2 (DB3x.DBX1.6) = 0 ( ? "parking axis" ) 13. Commission "Safety Integrated" as described in Chapter 7 set MD 36915: SAFE_ENC_TYPE to 1 or 4 If terminals 663 or AS1/AS2 on the control card are already connected-up, then the supply must be made from the PLC side, as otherwise errors will occur for the crosswise data comparison. (Also refer to Chapter 7.3.4 "Connecting the drives") (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-465 8 Application examples 8.6 Direction detection when retracting from SE 11.03 8.6 Direction detection when retracting from SE Description When SE responds, there is no SGA signal to indicate which SE was exceeded or not reached. In order to only allow retraction from the safe limit position in the specified direction, it is necessary to develop a retraction logic in the PLC program. A possible solution is outlined below. Acknowledge and retract refer to Chapter 3.6.1 The axis in which the SE has responded is moved into a range in which the monitoring system no longer responds. This is achieved by canceling the user enable (the SE monitoring system is then no longer active) or by changing over to another SE (with a longer traversing range). The error message output when the safe limit position is exceeded must be acknowledged in accordance with the configured stop response. Conditions for retraction If SE responds, traversing motion in the minus direction must be inhibited; if SE+ responds, traversing motion in the plus direction must be inhibited. This prevents damage to the mechanical system and simplifies operation at this point. Development of retraction logic The "safe cam" SI function is used for the solution. A detailed description of this function is given in Chapter 3.7. The section below only describes how the function is used. The retraction logic is based on the following considerations: 1. SI function "Safe cam": The SGA signal assigned to the safe cam is only used on the PLC side (it is not necessary to configure the machine data). This meets the needs of the application in question because a fail-safe function is not required and the traversing inhibit can only be initiated through one channel. The following interface signals are relevant in the axis DB SN1SN2SN3SN4- 2. DBX.109.0 DBX.109.2 DBX.109.4 DBX.109.6 SN1+ SN2+ SN3+ SN4+ DBX.109.1 DBX.109.3 DBX.109.4 DBX.109.7 Interface signals for the hardware limit switch function The following interface signals in the axis DB are relevant (see Description of Functions /A3/ "Axis Monitoring, Protection Zones") Hardware limit switchHardware limit switch+ DBX12.0 DBX12.1 If the signal is detected as being set, Alarm 21614 "Hardware limit switch + or -" is output and the axis is immediately braked (this is not necessary based on the configured stop response). Further traversing motion is only permitted in the appropriate retraction direction. 8-466 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.6 Direction detection when retracting from SE Fig. 7-40 illustrates the inter-relationships at the machine and is used to explain the appropriate configuring. Traversing limits / monitoring Mechanical traversing limit SNx - SNx + Traversing area (program) Software limit switch - Software limit switch + SE- SE+ Cam signal (SGA) SNx - Cam signal (SGA) SNx + SEFR_00.DSF Fig. 8-11 Example of retraction logic The minus cam of a cam pair, for example (cams SN1+ - SN4 can all be used), is set up in the machine data at the position immediately in front of the left safe limit position (SE-). It must be ensured that SN- is passed if SE- is passed. This means that the difference should be kept as low as possible (we recommend 0...0.1 mm). A cam should be set up in the MD at the position directly behind the right safe limit position. The signal characteristics (of the interface signals - SGA) for the two configured cams is shown in the diagram. These two signals can be used to supply information to the hardware limit switch +/- interface signals. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-467 8 Application examples 8.6 Direction detection when retracting from SE Implementation in the PLC 11.03 The interface signal for the hardware limit switch- (DBX12.0) should be supplied with the inverted cam signal of SNx- and the interface signal for the hardware limit switch+ (DBX12.1) should be supplied with the cam signal of SN+. It should be noted that the SGA for the cam signal is not available until the drive has powered up. Example (when using the 1st cam pair) U DB10.DBX108.5 L S5T#50ms SE T100 UN T100 SPB NOSN UN = DB<axis>.DBX109.0 DB<axis>.DBX12.0 U DB<axis>.DBX109.1 = DB<axis>.DBX12.1 NOSN: NOP 0 // Drives in cyclic // mode // Transition period to avoid // timing problems // Timer as // input delay // While the time has still not // expired, the HW limit switch // signals are not supplied // SN1// Hardware limit switch // SN1// Hardware limit switch + This logic can be used to implement the required interlocking function when retracting. 8-468 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.7 Replacing a motor or encoder 8.7 Replacing a motor or encoder /IAD/, Installation and Start-up Guide /R1/, Reference Point Approach References for SINUMERIK 840D References: Description The following information essentially refers to replacing a motor encoder. The limitations that apply as well as the procedures are essentially the same when replacing a direct measuring system. When service is required (motor defective or encoder defective), it might be necessary to completely replace the motor or just the motor encoder. In this case, the motor encoder must be re-calibrated. This affects the behavior of Safety Integrated if the functionality "Safe limit positions" or "Safe cams" has been activated for the axis in question, i.e. the axis has the status "safely referenced". Depending on which motor measuring system is used, it might be necessary to select a different procedure. The procedures for replacing a motor with absolute value encoder and to replace a motor with incremental encoder are described in the following text. The end of the chapter discusses 2-encoder systems. Limitations As mentioned above, the functionality "Safe limit positions" or "Safe cams" is active for the axis in question. The user agreement is set for the axis, i.e. the axis has had the status "safely referenced" at least once - adjustment between the actual position value of the NC and the SI actual values (axis/drive) has been carried-out. "Safe limit positions" or "Safe cams" have been able to be used. A motor or motor encoder must replaced under these limitations/conditions. Replacing a motor with In order to set the encoder, the offset between the machine zero and the zero of the absolute encoder was determined and saved in the SRAM of the absolute value NC module. encoder The calibrated state is identified by the control using MD 34210: ENC_REFP_STATE = 2. The important factor when replacing a motor (also without Safety Integrated) is that a defined position reference can be established with respect to the mechanical parts of the machine. For example, by mounting and removing the motor at a defined mechanical position or appropriately re-calibrating after the motor has been replaced. After the old motor has been removed and the new motor installed, another actual position value is read by the new absolute value encoder (there is no longer a defined reference to the correctly calibrated actual position value). Therefore the following error profile appears when the control runs-up: Alarm 27001 Axis <name of the axis> fault in a monitoring channel, Code 1003, values: NCK 0, drive 0 The comparison between the saved standstill position and the actual position indicates a larger deviation than that specified in MD 36944: $MA_SAFE_REFP_POS_TOL (actual value comparison tolerance (referencing)) or MD 1344: $MD_SAFE_REFP_POS_TOL (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-469 8 Application examples 8.7 Replacing a motor or encoder 11.03 The alarm results in a STOP B followed by a STOP A (safe pulse cancellation) for the axis involved. The user agreement is also cancelled. This means that the axis loses the status "safely referenced" in connection with the Alarms 27000/300950 axis <name of the axis> not safely referenced. The actual position value supplied by the new motor encoder does not have a reference to the mechanical system. This means that the absolute value encoder must be re-aligned and set-up at this point. Note An acceptance report is generally not required when a motor has been replaced. Re-calibration procedure 1. Carry out an NCK reset Note After the NCK-Reset, the axis can be traversed again. Alarms 27000/300950 "Axis not safely referenced" are still present and indicate that the functions "Safe limit positions" and "Safe cams" are not active in this state. For example, if the "Safe limit positions" as being used as a substitute for hardware limit switches, then they are not functioning at this time! 8-470 2. Move the axis to the reference position after first setting MD 34010 REFP_CAM_DIR_ IS_MINUS according to the approach direction. (MD 34010 should be set to 1 if the axis is moved in the minus direction to the reference position.) 3. MD 34100: Set REFP_SET_POS to the actual value of the reference position. 4. MD 34210: Set ENC_REFP_STATE = 1 to activate the calibrated settings. 5. Select the axis that is to be calibrated on the machine control panel and press the RESET key on the machine control panel. 6. Select the JOG/REF mode, enable the axis feed. 7. The calibration process must be initiated with traversing key + or according to MD 34010: REFP_CAM_DIR_IS_MINUS and the approach direction to the reference position. (Backlash has been eliminated.) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.7 Replacing a motor or encoder 8. The axis does not traverse. Instead, the offset between the correct actual value (reference position) and the actual value supplied by the encoder is entered in MD 34090: REFP_MOVE_DIST_CORR. The current actual value appears in the basic display and the axis signals "referenced". The value 2 is entered in MD 34210 as the result. Example: MD 34010 = 1 (minus) and the reference position was approached in the minus (negative) direction. Then, the "-" key must also be pressed on the machine control panel. 9. When the absolute value encoder has been re-calibrated (MD 34210 from 1 -> 2), the axis changes over into the "referenced" state. At this time, the new valid actual position is taken over for the safe actual values (axis and drive). 10. Finally, if the JOG/REF machine mode is active on the MMC, the "user agreement" softkey must be pressed and the user agreement for the axis involved must be reset. Alarms 27000/300950 disappear and the functions "Safe limit positions" and "Safe cams" are safely active again Replacing a motor with The same conditions apply as when replacing a motor with absolute value encoder - these are described first. incremental encoder To calibrate the encoder, a reference point approach has been set up, e.g. with reference point cams, i.e. after the zero mark has been passed when leaving the cam, the reference point is approached according to the offsets in 34080 REFP_MOVE_DIST and 34090 REFP_MOVE_DIST_CORR - and the value of the reference point is set in MD 34100: REFP_SET_POS. After the referencing operation, Alarm messages 27000/300950 "Axis not safely referenced" disappear and the functions "Safe limit positions" and "Safe cams" are safely active. The important factor when replacing a motor (also without Safety Integrated) is that a defined position reference can be established with respect to the mechanical parts of the machine. This can be achieved by mounting and removing the motor at a defined mechanical position or appropriately recalibrating after the motor has been replaced. After the old motor has been removed and the new motor installed, the following procedure is recommended: Re-calibration procedure 1. Run-up the control or carry-out an NCK reset 2. If the JOG/REF machine mode is active on the MMC, the "user agreement" softkey must be pressed and the user agreement for the axis involved is withdrawn to avoid Alarm 27001 Axis <name of the axis> fault in a monitoring channel, Code 1003, values: NCK 0, drive 0 3. After the system has run-up, the JOG/REF mode is selected and the feed enable for the axis is issued. Carry-out a reference point approach for the axis involved. (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-471 8 Application examples 8.7 Replacing a motor or encoder 11.03 Note The error at a reference point approach is no more then one motor rotation (difference between two zero marks). This offset is usually not critical for the mechanical parts of the machine. If problems arise with the traversing limits because of the type of reference point approach, then for example, set the offset values in MD 34080 /34090 to non-critical values. Alarms 27000/300950 "Axis not safely referenced" are still present and indicate that the functions "Safe limit positions" and "Safe cams" are not active in this state. For example, if "Safe limit positions" is being used to substitute hardware limit switches, then it is important to note that at this time, the safe limit positions are not functional! After completion of the reference point approach, the axis goes into the "referenced" status. However, because of the zero mark offset between the encoders, the reference position still has to be calibrated, i.e. the position reference with respect to the mechanical system must be reestablished. The system is calibrated after measuring the difference - usually in MD 34080 REFP_MOVE_DIST or 34090 REFP_MOVE_DIST_CORR. Comments about 2-encoder systems 4. After the reference point has been re-calibrated, the reference point approach must be re-initiated. The axis changes over into the "referenced" state. At this time, the reference point value is taken over as the safe actual value for the axis and drive. 5. Finally, if the JOG/REF machine mode is active on the MMC, the "user agreement" softkey must be pressed and the user agreement for the axis involved must be reset. Alarms 27000/300950 disappear and the functions "Safe limit positions" and "Safe cams" are safely active again Case A 1st measuring system: Incremental motor measuring system 2nd measuring system: Absolute direct measuring system The 2nd position measuring system ( (DBX 1.5 = 0, DBX 1.6 =1) is selected as the active measuring system via the axis interface In this case, motor replacement is straightforward because the NC reference point position is supplied with values exclusively from the 2nd measuring system (DMS). This means that the measuring system does not have to be recalibrated. Case B 1st measuring system: Absolute motor measuring system 2nd measuring system: Incremental direct measuring system The 1st position measuring system (DBX 1.5 = 1, DBX 1.6 =0) is selected as the active measuring system via the axis interface when the system runs-up. This is for monitoring purposes. A changeover is then made to the 2nd position measuring system (DBX 1.5 = 0, DBX 1.6 =1) . In this case, the motor must be replaced carefully observing the Description, motor with absolute value encoder. This is because it is necessary to recalibrate the absolute value encoder. When re-calibrating the system, we recommend to permanently select the 1st positioning measuring system and to only traverse the axis using the motor measuring system. 8-472 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.8 Example for combining SI with ESR 8.8 Example for combining SI with ESR General If the ESR functionality (refer to the Description of Functions, Special Functions) is to be used on a machine together with Safety Integrated, then frequently, problems are encountered with the responses when a fault or error develops. The shutdown responses from Safety Integrated (safe state, pulse cancellation) prevents the required retraction motion or delayed stopping of the axes. This example shows a possible parameter assignment for Safety Integrated functionality that still guarantees optimum machine protection in the automatic mode. Required configuration ESR: If a fault or error situation is detected in the automatic mode, the X axis should make a retraction movement - the other axes should continue to move for a short time and then should be braked along the parameterized braking ramp of the interpolator. If communications to the drive are faulted, then the X axis should retract - also in the automatic mode. This function is executed directly and independently in the drive. ESR should not become active if personnel are in the hazardous zone of the machine. This is the reason that ESR should be parameterized as follows at the machine (the following doesn't provide a complete parameterization of the ESR function, only that part required to obtain an understanding): Parameterization of the channel-specific ESR machine data (NC controlled retraction) MD 21380 $MC_ESR_DELAY_TIME1=0.1; Continue to move for a short time MD 21381 $MC_ESR_DELAY_TIME2=3.0; Time for the braking ramp Parameterizing the axis-specific ESR machine data (NC controlled retraction) MD 37500 $MA_ESR_REACTION[AX1]=21; Retraction motion of the X axis MD 37500 $MA_ESR_REACTION[AX2]=22; Stopping the Y axis Parameterizing the drive-specific machine data (retraction that is executed independently in the drive) MD 1638 $MD_RETRACT_TIME[DR1]=200 Retraction time, function executed in the drive, X axis MD 1639 $MD_RETRACT_SPEED[DR1]=400000 Retraction speed, X axis MD 1637 $MD_GEN_STOP_DELAY[DR2]=200 Stopping time of the Y axis - executed independently in the drive (drive-based function) Safety Integrated The safely-reduced speed should be monitored for the X and Y axes as soon as anybody has entered or is in the hazardous zone of the machine. This is detected if the protective door is opened or closed. Further, the safe limit switches are activated for the Y axis and SPL is also used. SG2 is active in the automatic mode (with an extremely high limit speed), with protective door SG1 open. Hazardous locations The following hazardous locations can be obtained in the automatic mode that can be prevented using the required ESR and Safety Integrated: (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-473 8 Application examples 8.8 Example for combining SI with ESR Eliminating the hazardous locations 11.03 * The protective door switch fails in one channel. This is the reason that as a result of the crosswise data comparison of the SPL, a stop D is initiated after 1 s. * The protective door switch fails in one channel. This is the reason that as a result of the crosswise data comparison of the NCK and drive, a stop F with subsequent Stop B/A is initiated at the earliest after the time specified in MD $MA_SAFE_MODE_SWITCH_TIME. * Any other failure results in a crosswise data comparison error for the NCK and drive and therefore, in turn, to a Stop F/B/A. * If the communications to the drive fail (drive bus failure), then the pulses are immediately cancelled. This therefore prevents ESR being autonomously executed in the drive (as drive-based function) These hazardous locations are removed as follows: 1.) Stop E is activated as response to the speed being exceeded in SG2 and for SPL crosswise comparison errors: MD 10097 $MN_SAFE_SPL_STOP_MODE = 4 Default value 3. For errors in the crosswise data comparison of the SPL (Alarm 27090), with the value 4, a Stop E is initiated instead of a Stop D. At the same time, bit DB18.DBX36.1 must be set in the PLC: SET = DB18.DBX36.1 (enable Stop E) MD 36901 $MA_SAFE_FUNCTION_ENABLE[AX1]=51; X axis: SG/SBH + external Stop E MD 36901 $MA_SAFE_FUNCTION_ENABLE[AX2]=53; Y axis: SG/SBH + SE + external Stop E Note: All axes with $MA_SAFE_FUNCTION_ENABLE not equal to 0 must have enabled the external Stop E, if $MN_SAFE_SPL_STOP_MODE = 4 was parameterized. MD 36961 $MA_SAFE_VELO_STOP_MODE [AX1]=5; $MA_SAFE_VELO_STOP_REACTION MD 36961 $MA_SAFE_VELO_STOP_MODE [AX2]=5; becomes effective for axes X and Y MD 36963 $MA_SAFE_VELO_STOP_REACTION [1,AX1]=3; Stop D for SG1, axis X MD 36963 $MA_SAFE_VELO_STOP_REACTION [2,AX1]=14; Stop E for SG2 axis X, pulses are not cancelled when the bus fails MD 36963 $MA_SAFE_VELO_STOP_REACTION [1,AX2]=3; Stop D for SG1, axis Y MD 36963 $MA_SAFE_VELO_STOP_REACTION [2,AX2]=14; Stop E for SG2 axis Y, pulses are not cancelled when the bus fails 2.) Parameterizing a Stop E: MD 36954 $MA_SAFE_STOP_SWITCH_TIME_E[AX1] = 3.5; 3.5 s because ESR was parameterized to 3.1 s MD 36954 $MA_SAFE_STOP_SWITCH_TIME_E[AX2] = 3.5; 3.5 s because ESR was parameterized to 3.1 s 8-474 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 8 Application examples 8.8 Example for combining SI with ESR Note: 3.) The safe operating stop is activated after this time has expired. This is the reason that this transition time for the Stop E must correspond to the ESR times ($MC_ESR_DELAY_TIME1 + $MC_ESR_DELAY_TIME2). If this time is selected to be too short, then the retraction motion will not be correctly executed and depending on the safe functions, hard stops will be initiated (Alarm 27024 Stop A/B). Delaying stops following a stop F MD 36955 $MA_SAFE_STOP_SWITCH_TIME_F[AX1] = 3.5; 3.5 s because ESR was parameterized to 3.1 s MD 36955 $MA_SAFE_STOP_SWITCH_TIME_F[AX2] = 3.5; 3.5 s because ESR was parameterized to 3.1 s An ESR can be initiated in this time. This is the reason that here it makes sense to use the same time as in $MA_ SAFE_STOP_SWITCH_TIME_E. 4.) Delaying pulse cancellation when the drive bus fails: MD 10089 $MN_SAFE_PULSE_DIS_TIME_BUS_FAIL[AX1] = 0.5; 0.5 s because ESR was parameterized to 0.2 s An ESR can be autonomously executed in the drive (drive-based function) in this time. This time should therefore be adapted to the parameterization of the drive MD $MD_RETRACT_TIME (in this particular example, 200 ms). In this example, the system does not wait for this time in the following specific cases - 5.) active SBH when an external Stop A is selected active SG1: For SG1, $MA_SAFE_VELO_STOP_REACTION is parameterized so that when the bus fails, the pulses should be immediately cancelled. Input assignment of the SGE "de-select external Stop E" MD 36977 $MA_SAFE_EXT_STOP_INPUT[3,AX1]=04010109 Assignment to the SPL: OUTSI[09] MD 36977 $MA_SAFE_EXT_STOP_INPUT[3,AX2]=04010109 Assignment to the SPL: OUTSI[09] DB axis DBX32.5 U DB18.DBX63.0 = DB31.DBX32.5 = DB32.DBX32.5 De-select the external Stop E from the PLC: (corresponds to OUTSIP[09]) (ext. Stop E, axis X) (ext. Stop E, axis Y) DB axis DBX111.7 includes the checkback signal "Stop E active" 6.) Delay time for the SG/SBH changeover: MD 36951 $MA_SAFE_VELO_SWITCH_DELAY[AX1]=4.1s MD 36951 $MA_SAFE_VELO_SWITCH_DELAY[AX2]=4.1s A value (1 s + retraction time) must be entered, for all axes, in the MD 36951 (delay time SG and SBH). After 1 s, the defective door switch is detected with Alarm 27090, crosswise data comparison and Stop E is initiated. Depending on the selected SG stage, retraction motion is executed. If this time is significantly (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-475 8 Application examples 8.8 Example for combining SI with ESR 11.03 shorter than the required retraction time, then the retraction time, after this time has expired, is only carried-out at the reduced speed SG1. 7.) Initiating ESR a) ESR must be enabled in the machining program: $AA_ESR_ENABLE[X] = 1 ; enables ESR for the X axis LFPOS ; POLF[X] = IC(25) ; retraction path, axis X POLFMASK(X) ; Axis X is declared as retraction axis b) ESR must be triggered in synchronous actions (e.g. in SAFE.SPF): An X axis retraction is initiated if at least one axis detects a Stop E: IDS = 250 WHENEVER ($AC_MARKER[20] == 1) AND ($A_STOPESI<>0) DO $AC_ESR_TRIGGER=TRUE The retraction is automatically initiated if safety integrated has detected a problem associated with the actual value sensing Alarm 27001 with Codes 3 or 44 to 57 has occurred), or a Stop F is present that will result in a subsequent stop B/A: ID = 251 WHENEVER ($AC_MARKER[20] == 1) AND ($A_XFAULTSI <> 0) DO $AC_ESR_TRIGGER=TRUE Marker 20 is only used to interlock the retraction, e.g. when testing the external Stop E. It is possible to respond to fault/error states by using the axis-specific system variables $VA_STOPSI[ axis name] and $VA_XFAULTSI[ axis name]. 8.) Hardware prerequisites The pulse enable (terminal 663) must be controlled from an onboard output (MD 36986 $MA_SAFE_PULS_ENABLE_OUTPUT = 1 or 2 or 3 or 4), as otherwise the pulse cancellation delay time is not effective when the drive fails. 8-476 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 A Appendix A A Appendix A.1 Index of abbreviations AB Output byte AS1/AS2 Starting inhibit 1/2 (terminals on 611D performance control module) ASUB Asynchronous subroutine ASIC Application Specific Integrated Circuit (semiconductor module developed for special applications) BAG Mode group BAG-STOP Stop in corresponding mode group BG Professional association (in Germany) BIA Berufsgenossenschaftliches Institut fur Arbeitssicherheit (German Institute for Occupational Safety) CFG Configuration telegram CPU Central Processing Unit CRC Cyclic Redundancy Check DAC D/A converter DB Data block (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-477 A Appendix 11.03 DI Digital Input DKE-AK German Electrotechnical Working Committee DL Data Left DMP Distributed machine I/Os DMS Direct Measuring System DO Digital Output DP Distributed I/O DPM DP master DPR Dual Port RAM DR Data Right DW Data Word ENC Number of encoder pulses ENDAT Encoder Data (interface for absolute encoder) EQN/ERN Part of an order code for absolute/incremental encoders made by Heidenhain ESD ElectroStatic Discharge ESR Extended Stop and Retract F... Failsafe... F-DI Failsafe input module F-DO Failsafe output module A-478 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 A Appendix FD Feed drive FOC Force control, travel with limited torque/force FV Failsafe Values FXS Fixed Stop, travel to fixed stop HHU Handheld Unit HMS High-resolution Measuring System HW Hardware I/RF Infeed/Regenerative Feedback Unit IB Input Byte IBN Start-up IMP Pulse cancellation IMS Indirect Measuring System IPO Interpolator IS Interface signal KDV Crosswise data comparison LEC Leadscrew Error Compensation LSB Least Significant Bit LIFTFAST Fast retraction from contour LL Lower limit (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-479 A Appendix 11.03 MD Machine Data or Marker Doubleword MDD Machine Data Dialog Mixed-IO I/O module with analog and digital signals MDIR Machinery Directive MMC Man Machine Communication (operator interface for man-machine communication) MSB Most Significant Bit MSD Main Spindle Drive MT Machine Tool NC Numerical Control NCK NC Kernel NE Line infeed module OA Operator Acknowledge OB Organization block OI Operator interface OP Operator panel Order No. Machine-readable product designation PLC Programmable Logic Controller PM-E F Power Module Electronic Failsafe A-480 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 A Appendix PS Power supply PSC PROFIsafe cycle QVK Peer-to-peer data transfer RPM Revolutions Per Minute SBH Safe operating stop SBR Safe braking ramp SE Safe Limit Switch SG Safely-reduced speed SGA Safety-relevant outputs SGE Safety-relevant inputs SH Safe standstill SI SINUMERIK Safety Integrated SIL Safety Integrity Level SK Softkey SN Safe cams SPL Safe Programmable Logic STOP A, B, C, D, E, F Stop response: In the event of a fault, the system reacts depending on the configured STOP response SW Software (R) (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-481 A Appendix 11.03 TCP Tool Center Point TEA Testing Data Active U Gear Ratio UL Upper limit A-482 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 A Appendix A.2 List of References. A.2.1 List of references, general /ASI/ Low-Voltage Switchgear and Systems Catalog 1995/1996 Siemens Drives and Standard Products Order No.: E20002-K1002-A101-A6 /1/ Richtlinie 89/392/EWG (Maschinenrichtlinie) Bundesanzeigerverlag, 1993. /2/ Positionspapier des AK 226.03 im DKE: Sicherheitsgerichtete Funktionen elektrischer Antriebssysteme in Maschinen. /3/ Schafer, M./Umbreit, M.: Antriebssysteme und CNC-Steuerungen mit integrierter Sicherheit, BIA-Report Nr. 4/97. /4/ Kategorien fur sicherheitsbezogene Steuerungen nach EN 954-1, BIA-Report 6/97. /5/ ZH1/419. Pruf- und Zertifizierungsordnung der Pruf- und Zertifizierungsstellen im BG-Prufzert. (Pruf- und Zertifizierungsordnung), Ausgabe 10/97. /6/ Reinert, D./Schafer, M./Umbreit, M.: Antriebe und CNC-Steuerungen mit integrierter Sicherheit (Antriebe und CNC-Steuerungen), in: ETZ-Heft 11/98. /7/ Johannknecht, A./Warlich, H.-J.: Maschinenschutz in Europa - BG (Maschinenschutz). /SHB/ Safety Integration: Das Programm fur die Industrien der Welt, Applikations-Handbuch, Ausgabe 03.99 Bestell-Nr. E20001-P285-A733 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-483 A Appendix A.2.2 11.03 List of references for SINUMERIK 840D /DA/ SINUMERIK 840D/840Di/810D Diagnostics Guide Order No.: 6FC5 298-6AA20-0BP3 /PHD/ SINUMERIK 840D Configuration Manual NCU 561.2 -573.4 Order No.: 6FC5 297-6AC10-0BP2 /IAD/ SINUMERIK 840D/SIMODRIVE 611D Installation and Start-Up Guide Order No.: 6FC5 297-6AB10-0BP2 /LIS/ SINUMERIK 840D/840Di/810D/SIMODRIVE 611D Lists Order No.: 6FC5 297-6AB70-0BP3 /FB1/ SINUMERIK 840D/840Di/810D Description of Functions Basic Machine (Part 1), Order No.: 6FC5 297-6AC20-0BP2 /FB2/ SINUMERIK 840D/840Di/810D (CCU2) Description of Functions Extended Functions (Part 2), Order No.: 6FC5 297-6AC30-0BP2 /FB3/ SINUMERIK 840D/840Di/810D (CCU2) Description of Functions Special Functions (Part 3), Order No.: 6FC5 297-6AC80-0BP1 /PG/ SINUMERIK 840D/840Di/810D Programming Guide Fundamentals Order No: 6FC5 298-6AB00-0BP2 /S7H/ SIMATIC S7-300 Manual: Assembly, CPU data (HW Description) Reference Manual: Module Data Order No.: 6ES7 398-8FA10-8AA0 A-484 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 A.2.3 A Appendix List of References for SIMODRIVE 611 /PJU/ SIMODRIVE 611-A/611-D Planning Guide Inverters Transistor PWM Inverters for AC Feed Drives and AC Main Spindle Drives Order No: 6SN1197-0AA00-0BP5 /PJFE/ SIMODRIVE Planning Guide Synchronous Build-in Motors 1FE1 AC Motors for Main Spindle Drives Order No.: 6SN1 197-0AC00-0BP1 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-485 A Appendix 11.03 Notes A-486 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 11.03 I Index I I Index I.1 Keyword index $ $A_STOPESI.................................................3-76 $MN_INFO_PROFISAFE_CYCLE_TIME...3-190 $VA_STOPSI.................................................3-76 A Absolute encoder ........................................3-168 Acceptance test ............................... 5-279, 5-283 Acceptance test support..............................5-291 Acknowledge/save monitoring data ............5-279 Actual value and measuring circuit assignment ...............................................5-278 Actual value synchronization.......................3-175 Alarms for 611 digital ...........................................6-343 for 840D ...................................................6-310 Alteration of SI data.....................................5-281 Axis not referenced .....................................3-170 Axis referenced............................................3-171 Axis safely referenced .................................3-171 Axis, vertical ..................................................2-51 B Brake test ....................................................8-451 C Cam signals.................................................3-115 Cam synchronization...................................3-116 Enable for 840D.......................................4-217 Changing the speed limit values ...................3-97 Circuit, safety relay......................................3-149 Clock cycle overruns ...................................3-189 Coding of the output assignment ................4-234 Coding the input assignment.......................4-230 Commissioning 840D First commissioning .................................5-277 Series commissioning..............................5-280 Communication NCK and PLC-SPL ................................. 3-158 Comparison clock cycle................................ 2-35 for 840D........................................ 4-210, 4-215 Configuration for 840D ............................... 5-276 Connection of the drives.................. 7-381, 7-415 Control category 3 ........................................ 2-32 Control Category 3 ....................................... 2-49 Cross Monitoring........................................... 1-19 Crosswise data comparison .............. 2-34, 3-138 D D/A converter output................................... 5-283 Data altering..................................................... 5-281 Delete password ......................................... 5-280 Different channel run times ........................ 3-131 Digital PLC inputs/outputs for 840D ........... 3-134 Direct measuring system ............................ 3-169 Diverse structure........................................... 2-33 DMP compact modules .............................. 3-132 DMS ............................................................ 3-169 Door safety contactor ................................. 7-420 DP master, Class 1..................................... 3-180 DP master, Class 2..................................... 3-180 Drive with slip.............................................. 3-176 E EC Directives ................................................ 2-27 EMERGENCY STOP....................... 7-383, 7-416 Enable of functions for 840D............................... 4-217 Enable option for 840D................................................... 5-277 Enable, global ............................................... 2-36 Enabling functions ........................................ 2-37 Encoder limit frequency ................................ 3-96 Encoder limit frequency, parameterizable.... 3-96 Encoder replacement ...................... 3-174, 8-470 Encoder type combinations ........................ 3-168 Encoder types............................................. 3-168 2-encoder system ................................... 3-169 Engineering................................................. 7-362 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03 I-487 I Index 11.03 Enter monitoring cycle for 840D ...................................................5-278 Error analysis General ......................................................2-48 in automatic mode .....................................2-48 in set-up mode ...........................................2-46 in test mode ...............................................2-47 Error code......................................................3-77 Fine error decoding....................................3-77 ESR ...............................................................3-75 ET 200S F I/Os............................................3-183 ET200S PROFIsafe components Parameterization......................................7-426 ET200S PROFIsafe module Wiring .......................................................7-426 Example circuits ..........................................7-363 External STOPs Machine data .............................................3-87 F F master ......................................................3-179 Fault analysis.................................................2-46 F-DI module.................................................3-186 Parameter settings...................................7-432 F-DO connections .......................................7-428 F-DO module ...............................................3-187 Parameter settings...................................7-434 Forced checking procedure.........................3-164 Forced checking procedure, safety relay....3-151 G Gantry axis ....................................................2-52 Gearboxes ...................................................3-100 K Keyswitch.................................................... 7-400 L Limit frequency ............................................. 3-96 Limiting the setpoint speed........................... 3-99 Load standard motor data .......................... 4-242 Local inputs on the NCU............................. 4-231 Local outputs on the NCU .......................... 4-234 Logbook ...................................................... 5-279 M Machine calibration..................................... 3-170 Machine data for 611 digital Overview ................................................. 4-241 Machine data for 611digital Description .............................................. 4-243 Machine data for 840D Description .............................................. 4-209 Overview ................................................. 4-207 Machinery Directive ...................................... 2-49 Master ......................................................... 3-179 Measuring system changeover .................... 2-51 Modulo display............................................ 3-117 Monitoring channel ..................................... 3-128 Monitoring clock cycle For 611digital .......................................... 4-243 Monitoring cycle............................................ 2-35 for 840D................................................... 4-210 Monitoring devices........................................ 1-19 Motor encoder adjustment.......................... 3-170 Multiple assignment.................................... 3-133 Multiple distribution ..................................... 3-133 H Hazard analysis .............................................2-28 HW requirements PROFIsafe ...............................................3-181 I I/O modules .................................................3-196 I/O system ET 200 S ...................................3-180 Incremental encoder....................................3-168 Initialization Safety relay ..............................................3-149 Integrated safety functions ............................1-20 Interface signals ..........................................4-256 from drive .................................................4-261 to drive .....................................................4-257 I-488 N NCK RESET for 840D ................................ 5-276 NCK SGEs/SGAs ....................................... 3-131 NCK-SLP programming.............................. 3-139 NCK-SPL .................................................... 3-137 NCU local inputs ......................................... 4-215 NCU onboard I/Os ...................................... 3-146 NCU terminal block..................................... 3-132 NCU-local inputs/outputs............................ 3-146 Not suppressing alarms.............................. 6-356 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03 11.03 O Objective of safety technology ......................1-19 OEM Users of 840D ............................................2-52 OEM applications ..........................................2-52 Override factor for safely-reduced speed ...3-103 Override factor safely-reduced speed.........4-258 P Park axis ........................................................2-51 Parking an axis ..............................................2-51 Parking axes with absolute reference ...........2-51 Performance closed-loop control module .....3-88 Performance control module .......................3-168 PLC SGEs/SGAs.........................................3-132 PM-E F connections ....................................7-429 PM-E F module Parameter settings...................................7-435 Potential savings ...........................................1-21 Powering-up ..................................................2-45 Powering-up the control ................................2-45 PROFIBUS connection................................7-431 PROFIsafe...................................................3-180 PROFIsafe clock cycle ................................3-189 PROFIsafe clock cycle overruns .................3-189 PROFIsafe communication .........................3-183 PROFIsafe, system prerequisites .................2-40 PROG_EVENT mechanism ........................3-141 PROG_EVENT.SPF....................................3-141 Protective door ............................................7-369 Protective door interlocking.........................7-419 Protective door locking ................................7-399 Protective mechanisms ...............................3-140 Pulse cancellation .........................................3-66 R Reference point reached .............................3-171 Residual risk ..................................................2-49 Response time...............................................2-35 Risk assessment ................................. 2-28, 2-32 Rotary axis....................................... 4-218, 4-243 Cam actual value range...........................3-117 endlessly turning......................................3-117 Modulo display.........................................3-117 Safe software cams .................................3-117 S Safe braking ramp .......................................3-124 Safe cams....................................................3-115 Safe limit switches.......................................3-114 Safe operating stop .......................................3-89 De-selection ...............................................3-92 Function features .......................................3-89 I Index Machine data............................................. 3-94 Prerequisites ............................................. 3-90 Selecting ................................................... 3-90 Safe operating stop, test............................. 5-287 Safe signal processing ............................... 3-129 Safe software cams Function features .................................... 3-115 Hysteresis ............................................... 3-116 Machine data........................................... 3-123 Output assignment.................................. 3-117 Prerequisites ........................................... 3-115 Special case............................................ 3-116 Specifying cam positions ........................ 3-116 Synchronization....................................... 3-116 Tolerance ................................................ 3-116 Safe software cams, test ............................ 5-288 Safe software limit switch Configurable stop responses .................. 3-115 Limit values: ............................................ 3-114 Prerequisites ........................................... 3-114 Safe software limit switch, test ................... 5-288 Safe software limit switches Function features .................................... 3-114 Machine data........................................... 3-117 Safe speed Configurable stop responses .................. 3-101 Features of the function ............................ 3-95 Override for ............................................. 4-258 Prerequisites ............................................. 3-95 Selection ................................................... 3-97 Safe standstill ............................................... 3-88 Function features ...................................... 3-88 Machine data............................................. 3-89 Selecting/de-selecting............................... 3-88 Safe standstill - disconnecting the energy feed................................................ 3-60 Safe standstill - prerequisites ....................... 3-88 Safely-reduced speed................................... 3-95 Changing the limit values.......................... 3-97 Override for ............................................. 3-103 Safely-reduced speed, test......................... 5-287 Safe-reduced speed machine data........................................... 3-113 Safety relay................................................. 3-148 Safety relay, test ......................................... 3-151 Safety standards........................................... 2-28 Save boot files for 840D................................................... 5-277 Save data.................................................... 5-280 Save standstill position ................................. 2-45 Saved standstill position ............................. 3-172 SBH............................................................... 3-89 SBR............................................................. 3-124 SE ............................................................... 3-114 Selecting speed limit values ......................... 3-97 Selector gearboxes..................................... 3-100 Series commissioning................................. 5-280 Service display............................................ 3-129 Service displays for 840D........................... 5-295 Servo trace ...................................... 5-283, 5-302 Set axis monitor .......................................... 5-278 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03 I-489 I Index 11.03 Set password...............................................5-277 Setpoint speed...............................................3-99 SG..................................................................3-95 SGA SBH active .................................................3-92 SGE/SGA Function features .....................................3-127 Machine data ...........................................3-135 Signal run times .......................................3-131 What is the minimum number needed? ..3-130 SGE/SGA assignment for 840D ...................................................5-278 SGE/SGA test..............................................5-287 SGEs Standstill via STOP....................................3-80 SG-Override .................................... 3-103, 4-258 SG-specific STOPs .....................................3-102 SH..................................................................3-88 Shutdown path of drive CPU.........................3-61 Shutdown path of NCK CPU .........................3-62 Shutdown paths.............................................3-61 Requirements ............................................3-65 Stop responses..........................................3-70 Test ............................................................3-65 Shutdown paths for a dual-axis module........3-68 Shutdown paths with several axes without SPL ................................................3-68 SIRELAY .....................................................3-151 Slaves ..........................................................3-180 Slip Between motor and load..........................3-176 Slip for 2-encoder system ...........................3-175 SN................................................................3-115 Softkey Confirm SI data........................................5-277 Copy SI data ............................................5-277 Specifying cam positions.............................3-116 Speeds and velocities ...................................3-95 SPL ..............................................................3-137 Linking to the I/Os....................................3-145 SPL data on the PLC side...........................3-156 SPL start without axial safety enable ..........3-137 Standard monitoring functions ......................2-46 Standstill tolerance ........................................3-89 Standstill via SGEs........................................3-80 Start SPL .....................................................3-144 STOP A Description .................................................3-73 STOP B Description .................................................3-73 STOP C Description .................................................3-74 STOP D Description .................................................3-75 I-490 STOP F Description ................................................ 3-76 Stop response SG-specific.............................................. 3-102 Stop responses Assignment table ...................................... 3-72 Overview ................................................... 3-71 Priority ....................................................... 3-72 Sequence .................................................. 3-72 Stop responses machine data........................................... 3-126 Stop responses, configurable....................... 3-72 SW requirements PROFIsafe .............................................. 3-182 Synchronization of cam signals Description .............................................. 3-116 Enable ..................................................... 3-116 System variable .......................................... 3-153 System variable $A_XFAULTSI, $VA_XFAULTSI.......................................... 4-267 System variable $VA_IS............................. 4-267 T Terminology .................................................. 2-31 Test stop .......................................... 7-390, 7-418 for external STOPs ........................ 3-83, 4-259 Sequence .................................................. 3-65 When to carry out...................................... 3-64 Testing the external pulse cancellation ........ 3-66 Time response when cam position is passed.................................................. 3-119 Tolerance for SN......................................... 3-116 Troubleshooting for 840D................................................... 5-295 Two-channel structure .................................. 2-33 Two-encoder system .................................. 3-169 U User agreement ................................. 2-35, 5-279 Interlock..................................................... 2-36 User agreement, saved .............................. 3-171 V Verification .................................................... 2-29 Vertical axis .................................................. 2-51 (c) Siemens AG 2003 All Rights Reserved SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03 To Siemens AG A&D MC BMS P.O. Box 3180 D-91050 Erlangen (Tel.: +49 (0)180 5050 - 222 [Hotline] Suggestions Corrections For Publication/Manual: SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated Manufacturer Documentation Fax: +49 (0) 9131 / 98 - 2176 E-mail: motioncontrol.docu@erlf.siemens.de) From Description of Functions Name: Order No.: Edition 11.03 Company/Dept. Should you come across any printing errors when reading this publication, please notify us using this form. Suggestions for improvement are also welcome. Address: Postal code: ____________ City: Phone: __________ / Fax: ________ / Suggestions and/or corrections 6FC5297-6AB80-0BP2 Siemens AG Automation and Drives Motion Control Systems Postfach 3180, D - 91050 Erlangen Bundesrepublik Deutschland www.ad.siemens.de (c) Siemens AG 2003 Subject to change without prior notice Order No.: 6FC5297-6AB80-0BP2 Printed in the Federal Republic of Germany