hiperface dsl – combined with safetysick ag 1 bernd appel - germany hiperface dsl – combined...

Post on 10-May-2020

2 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

1SICK AGBernd Appel - Germany

Hiperface DSL – Combined with Safety

International TÜV Rheinland Symposium in ChinaFunctional Safety in Industrial Applications18 – 19 October 2011, Shanghai - China

2SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation� Failure modes� Motor requirements� Drive requirements

� Documentation

3SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation� Failure modes� Motor requirements� Drive requirements

� Documentation

4SICK AGBernd Appel - Germany

Protocol Overview

� Hiperface DSL (Digital Servo Link)� SICK protocol for motor-feedback systems / encoders� Point-to-point connection drive - encoder

Drive

Motor housing

Motor

Encoder

Drive

controller

Power

electronics

One cable for motor & encoder

2 wires for encoder connection

up to

100 m

Drive

Motor housing

Motor

Encoder

Drive

controller

Power

electronics

One cable for motor

One cable for encoder

4 wires for encoder connection

up to

100 m

Variant 1: One cable Variant 2: “Classical” - two cables

5SICK AGBernd Appel - Germany

Protocol Overview

� Hiperface DSL (Digital Servo Link)� Cyclic communication� Synchronized to drive cycle (500 Hz ~ 80 kHz)

6SICK AGBernd Appel - Germany

Protocol Overview

� Hiperface DSL (Digital Servo Link)� Multiple communication channels� Fixed framing� Fast position frame: 12…24 µs length

� Safe position frame: 96…192 µs length

7SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation� Failure modes� Motor requirements� Drive requirements

� Documentation

8SICK AGBernd Appel - Germany

Safety Architecture

� Hiperface DSL (Digital Servo Link) Safety protocol� Safe position channel 1 & 2� Diverse, redundant transmission� Dual CRC check

9SICK AGBernd Appel - Germany

Safety Architecture

� Safety architecture SIL2� 1 sensor channel with diagnostics (“1oo1D” architecture)� Redundant data transmission of same sensor data

10SICK AGBernd Appel - Germany

Safety Architecture

� Safety architecture SIL3� 2 sensor channels with diagnostics (“1oo2D” architecture)� Data transmission of 2 sensor values

Driv

e

OK …

Safe position channel

Safe position channel 2

SIL3Encoder

Sensor 2

Diagnostics (µC)

Inter-face 2

Inter-face

Drive Controller 1

Drive Controller 2

SICKresponsibility

Customerresponsibility

Sensor 1

Inter-face 1

11SICK AGBernd Appel - Germany

Safety Architecture

� Diagnostics for safety functions� Sensor signal monitoring (sin2 + cos2 check)� Redundant sensor signal digitizing� CRC for parameter storage� CRC for data transmission� Frame counter for data transmission (“toggle bit”)� Supply voltage, sensor current, ambient temperature monitoring� Mission-time counter

12SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation� Failure modes� Motor requirements� Drive requirements

� Documentation

13SICK AGBernd Appel - Germany

Safety Function

� Encoders with Hiperface DSL are safe in drive applications only

Drive System (User) Encoder System

AC

Synchronous /

Asynchronous

Motor

Mechanical

Connection

(Shaft/Housing)

SensorSensor

Interface

Drive

Interface

Analysis,

Diagnostics

Safety

Function

Motor Stop

in case of Error

(STO)

14SICK AGBernd Appel - Germany

Hiperface DSLSafety function

� Supported safety functions (acc. IEC 61800-5-2)

STO is generally selected in case of error detection

Safe Torque OffSTO (informative)

Only if indicated for specific product

Safely-limited Position

SLP

Safely-limited Increment

SLI

Safe DirectionSDI

Safe Speed RangeSSR

Safe Acceleration Range

SAR

Safely Limited Acceleration

SLA

Safe Stop 2SS2

Safe Stop 1SS1

Safely Limited SpeedSLS

Safe Operating StopSOS

RemarksFunctionMode

15SICK AGBernd Appel - Germany

Safety Function

� Safety Parameters� Target for all future DSL encoders

� Specific values found in product datasheet

> 90%Safe Failure Fraction

> 90%-DCavg

> 30 years-MTTFd

1 hour1 hourDiagnostic Test Interval

-Not requiredProof Test Interval

20 years> 20 yearsMission Time

< 10% of PL d resp.PFHd < 10-7 [1/h]

< 10% of SIL 2 resp.PFHd < 10-7 [1/h]

Fraction of availablePFHd allotted toencoder system

Use in safety-relevantfunctional chainsaccording to PL d

Use in safety-relevantfunctional chains accordingto SIL 2

Classification

Corresponds with category 3(in connection with drive systems only)

Structure

Characteristicparameter accordingto DIN EN ISO 13849

Characteristic parameteraccording toDIN EN 62061 / IEC 61508

> 90%Safe Failure Fraction

> 90%-DCavg

> 30 years-MTTFd

1 hour1 hourDiagnostic Test Interval

-> 4 yearsProof Test Interval

20 years> 20 yearsMission Time

< 20% of PL e resp.PFHd < 2 * 10-8 [1/h]

< 20% of SIL 3 resp.PFHd < 2 * 10-8 [1/h]

Fraction of available PFHd allotted to encoder system

Use in safety-relevant functional chains according to PL e

Use in safety-relevant functional chains according to SIL 3

Classification

Corresponds with category 3(in connection with drive systems only)

Structure

Characteristic parameter accordingto DIN EN ISO 13849

Characteristic parameter according toDIN EN 62061 / IEC 61508

SIL2 encoders SIL3 encoders

16SICK AGBernd Appel - Germany

Safety Function

� Safety Parameter example� EKS/EKM36 encoder (first series product)

95%Safe Failure Fraction

90%-DCavg

412 years-MTTFd

1 hour1 hourDiagnostic Test Interval

-Not requiredProof Test Interval

20 years> 20 yearsMission Time

2.8% of PL d resp.PFH = 2.77 x 10-8 [1/h]

2.8% of SIL 2 resp.PFH = 2.77 x 10-8 [1/h]

Fraction of availablePFH allotted to encoderSystem

Use in safety-relevantfunctional chainsaccording to PL d

Use in safety-relevantfunctional chains accordingto SIL 2

Classification

Corresponds with category 3(in connection with drive systems only)

Structure

Characteristicparameter accordingto DIN EN ISO 13849

Characteristic parameteraccording toDIN EN 62061 / IEC 61508

EKS/EKM36 encoder

17SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation

� Failure modes� Motor requirements� Drive requirements

� Documentation

18SICK AGBernd Appel - Germany

Safety Implementation for Drives

� DSL Master IP-core

� Clock frequency

� 75.0 MHz

� Logic size (standard variant)

� 1700 slices (Xilinx Spartan-3)� 1500 slices (Xilinx Spartan-6)

� 3000 LE (Altera Cyclone III)

� Safe variant: adds +10% logic

19SICK AGBernd Appel - Germany

Safety Implementation for Drives

� DSL Master IP-core interfaces� “Interface1”: Drive Controller 1

� Serial (SPI)

� Parallel (EMIFA)

� “Interface2”: Drive Controller 2For Safety only!� Serial (SPI)

20SICK AGBernd Appel - Germany

Safety Implementation for Drives

� DSL Master IP-core� Safety relevance?

� “Grey channel”� Single channel in safety system

� Diagnostics from outside(encoder, drive application)

21SICK AGBernd Appel - Germany

Safety Implementation for Drives

� DSL Master IP-core� Safety relevance?

� “Grey channel”� Single channel in safety system

� Diagnostics from outside(encoder, drive application)

22SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation

� Failure modes� Motor requirements� Drive requirements

� Documentation

23SICK AGBernd Appel - Germany

Safety Failure Modes

� Considered failure modes� Mechanical failures of encoder

� Shaft attachment

� Housing attachment

� Loss of code disc

� Electronical failures of encoder� Signal shape

� Static signals

� Short-cuts, open-circuits� Transmission failures

� Loss, insertion, repetition of frames

� Data corruption� Electronical failures of drive interface

� Static signals

� Short-cuts, open-circuits

Drive

24SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation

� Failure modes� Motor requirements� Drive requirements

� Documentation

25SICK AGBernd Appel - Germany

Motor Requirements

� Encoder assembly� Defined geometry of shaft connection

� Defined torque for shaft connection� Defined conditions for housing connection

� Assembly parameters must be monitored and recorded by user

� Usage requirements� Specification for shock/vibration

� All details in product “Operating Manual”

26SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation

� Failure modes� Motor requirements� Drive requirements

� Documentation

27SICK AGBernd Appel - Germany

Drive Requirements

� Handling of encoder and transmission faults in drive� Error indicators show detection of faults

� Severity of fault explained in manual

� All details in “DSL Manual”, product datasheet

28SICK AGBernd Appel - Germany

Drive Requirements

� Diagnostic tests

� Aim: Fault detection still working?� Drive has to send test messages to encoder

cyclically

� Diagnostic test interval: ~ 1h (slow!)� Diagnostic test generates fault in encoder

� Error indication shows that diagnostics are working

� All details in “DSL Safety Implementation Manual”

Example:

29SICK AGBernd Appel - Germany

Drive Requirements

� Diagnostics in drive controllers

� Necessary since IP-Core is“grey channel”

� Check of 2 position values

� Check of CRC values

Drive

Example:

30SICK AGBernd Appel - Germany

Safety Implementation

� Hiperface DSL� Protocol overview� Safety architecture

� Safety function of DSL encoders

� Safety implementation

� Failure modes� Motor requirements� Drive requirements

� Documentation

31SICK AGBernd Appel - Germany

Documentation

� Two categories of documentation

� Hiperface DSL documentation� General specification of

interface, protocol� Target: Drive

manufacturer

� Encoder documentation� Specific for each product series� Target: Drive and motor manufacturer

� Example: EKS/EKM36DSL Manual(non-safety)

Protocoldetails

DSL Safety Manual

Drive requirementsIP-Core

(interface) Manual

FPGA detailsIP-Core

(interface) datasheet

IP-Core characteristics

OperatingManual

Motor requirementsDatasheet

Encoder characteristics

top related