© 2013 spiiplus training class safety and faults 1
TRANSCRIPT
© 2013
SPiiPlus Training Class
Safety and Faults
1
© 2013
Faults Mechanism
2
All fault responses can be customized by the user
• Fault: An abnormal situation detected by the controller related to safety of motion, hardware damage, faulty wiring, EtherCAT errors, limit switch tripped, etc.
• Faults and errors are monitored every controller cycle.
• The controller has a predefined set of faults and default responses.
© 2013
Faults Mechanism
• Example faults:o Encoder error due to bad wiringo Drive alarm caused by problem with the power amplifiero Axis limit switch trippedo E-Stop activationo Critical position error caused by a driving axis into a hard
stop
3
© 2013
Some Predefined Axis and System Faults
4
Axis FaultsRight Limit
Left Limit
Soft Right Limit
Soft Left Limit
Encoder not connected
Encoder error
Drive Alarm
Position Error
Critical Position Error
Velocity Limit
Overcurrent
System FaultsProgram error
Memory overuse
Runtime overload
Servo Processor alarm
Servo Interrupt
Emergency stop
© 2013
Axis Fault Variables
• FAULTo Encodes all faults for a certain axis. For example, ON
FAULT(1).#ENCNC will activate an autoroutine when axis 1 encoder is disconnected.
• FMASKo Masks a defined axis fault. For example, FMASK(0).#RL=0
will mask axis 0 hardware right limit fault.
• FDEFo Activates/deactivates default response to axis fault. For
example, FDEF(3).#SLL=0 will disable the default response to axis 3 software left limit fault.
5
© 2013
System Fault Variables
• S_FAULTo Aggregates one specific fault for all axes. For example, ON
S_FAULT.#LL will activate an autoroutine when any axis passes the left limit.
• S_FMASKo Masks a defined system fault. For example,
S_FMASK.#ES=0 will mask the Emergency Stop fault.
• S_FDEFo Activates/deactivates default response to system fault. For
example, S_FDEF.#ES=0 will disable the default response to the Emergency Stop fault.
6
© 2013
Customized Fault Responses
• The user can define a customized fault response that can override/supplement the default fault response by:o Activating the fault FMASK variableo Writing an autoroutine, for example:
! Axis 0 critical position error is being checkedFMASK(0).#CPE = 1FDEF(0).#CPE = 0
STOP
ON FAULT(0).#CPE; BLOCK ! Run on critical position error KILL (0,4) ! Kill axis 0 and 4 START 3, User_PE ! Run buffer 3 starting at label User_PE DISP "Critical position error Axis 0"END; RET
7
© 2013
Safety and Faults Configurator
8
• MMI component used for configuration of controller responses to faults
Red LED indicates a
fault
Allow default
fault response
Allow detection
of fault
Invert fault signal (if necessary)
© 2013
Safety and Faults Monitor
9
• Provides immediate monitoring of axis and systemfaults
© 2013
Default Responses
• The controller provides default responses for most faults
• A default response can be one of the following:o No response – for indication only.o Kill motion – when the axis is under controlo Disable motor – when the controller can’t control the axiso Kill Disable – Kill motion followed by disable
10
© 2013
Default Responses
• To view default responses:o In the System Information Viewer, look under “Safety &
Fault Response” heading to view predefined fault responses per axis
o Alternatively, the terminal command #SC prints the same information to the Communication Terminal
11
© 2013
Fault Mechanism
12
Fault signal
Fault input state: 0=Off, 1=On
Fault status: 0=not active, 1=active
FAULT
Fault mask:0=masked, 1=not masked
Logic inversion: 0=not inverted, 1=inverted
- Read only variables
Default fault response: 0=not active, 1=active
FDEF
Response
- Read/write variables
[and]
[and]
[inversion]
FMASK
SAFINI
SAFIN
© 2013
Fault Mechanism
13
Example 1 – Axis 0 left limit faultAxis 0 left limit
input is on
Fault input state is on
Fault statusis active
Fault is notmasked
Logic inversionnot applied
Default faultresponse is active
Kill Motion
[and]
[and]
[inversion]SAFINI(0).#LL = 0
SAFIN(0).#LL = 1
FMASK(0).#LL = 1
FAULT(0).#LL = 1
FDEF(0).#LL = 1
© 2013
Fault Mechanism
14
Axis 0 left limit input is on
Fault input state is on
Fault statusis not active
Fault is notmasked
Logic inversionis applied
Default faultresponse is active
No response
[and]
[and]
[inversion]SAFINI(0).#LL = 1
SAFIN(0).#LL = 1
FMASK(0).#LL = 1
FAULT(0).#LL = 0
FDEF(0).#LL = 1
Example 2 – Axis 0 left limit fault
© 2013
Encoder Faults
• Encoder Not Connectedo Quadrature encoders:
Checked by HW to verify continuity between A/A’ and B/B’ on quadrature encoders
o Analog Sin-Cos encoders: Checked by SW using Sin^2 + Cos^2
• Encoder Erroro Checks encoder logic by the SW (Firmware) to verify legal transfers
between A and B signals (00 <=> 01 <=> 11 <=> 10)
15
Fault Quad Encoder Sin-cos EncoderEncoder not connected
Encoder Error
© 2013
Hardware Limit Faults
• During operation, when the left limit switch is on, the controller detects a left (negative) limit fault.
• During operation when the right limit switch is on, the controller detects a right (positive) limit fault.
• As a default response, the controller kills the violating motor.
• As long as the fault is active, the controller kills any motion toward the limit while motion away from the limit is allowed.
16
© 2013
Software Limit Faults
• The user can define left and right software limits in the Adjuster Wizard:
• Unlike hardware limits, the software limit causes the fault before the trajectory passes the software limit position
• The controller provides processing so the termination point is very close to software limit – using the KDEC deceleration variable
17
© 2013
• As long as the fault is active, the controller kills any motion toward the limit while motion away from the limit is allowed
Softwareleft limitposition
Software right limit position
Motion range
Axis decelerates towards the software
limit position
Axis velocity = 0
Left limit switch
Right limitswitch
Software Limit Faults
18
© 2013
Velocity and Acceleration Limits
• Maximum reference (not feedback) velocity (XVEL) and acceleration (XACC) can be specified for each axis.
• Calculated automatically by the Adjuster Wizard based on motor data entered earlier in the Adjuster process
• Can be specified by user if necessary
19
© 2013
Important – the velocity limit (XVEL) parameter affects the servo control loops because it scales velocity feedback. Make sure XVEL is set properly before tuning.
Velocity and Acceleration Limits
• When the commanded motion exceeds the maximum velocity value, a FAULT.#VL fault is generated.
• When the commanded motion exceeds the maximum acceleration value, a FAULT.#AL fault is generated.
20
© 2013
Current/Torque Protection
• There are three current/torque protection variables defined in terms of percentage of peak drive current:o XRMS – defines maximum allowable RMS current. If
violated, an overcurrent fault occurs.o XCURI – defines absolute maximum current when axis is
idle. This sets a physical limit on drive output.o XCURV – defines absolute maximum current when axis is in
motion. This sets a physical limit on drive output.
21
© 2013
Current/Torque Protection
• Overcurrent protectiono The controller provides over-current protection by
calculating RMS currento The protection relates to continuous current rating of drive
and motoro The Adjuster Wizard automatically calculates current
protection parameters based on motor and drive data entered earlier in the Adjuster process
o Current protection parameters can be modified by users if necessary
22
© 2013
Current/Torque Protection
23
© 2013
Position Error Faults
• There are six variables for position error faults
• As a default response,the critical positionerror fault disables thedrive
• The position error faulthas no defaultresponse (indicationonly). The user candefine a customizedresponse.
24
© 2013
Error Mechanism
• A four-digit error code is generated after any malfunction during operation.
• The controller returns error codes which belong to the following categories:o ACSPL+ Syntax Errors: numbers 1000 to 1999o ASCPL+ Compilation Errors: 2000 to 2999o ACSPL+ Runtime Errors: 3000 to 3999o Motion Termination Errors: 5000 to 5150o System Errors: 5151 to 5999o EtherCAT Errors: 6000 to 6999o Reserved for user-defined error codes: 9000 and above
25
© 2013
• The meaning of an error code can be determined byo Looking up the error code in section 5 of the ACSPL+ Command and
Variable Reference Guide
o Querying the error code in the Communication Terminal using double question mark syntax For example; ??5167 returns “Initialization problem: Number of
drive modules does not meet the configuration”
• If an error occurs when using the MMI, a pop up window displays the error code along with its meaning.
Error Mechanism
26
© 2013
Error Mechanism
• MERR is an ACSPL+ standard variable that stores motion termination cause per axis
• If axis motion terminates without error, MERR returns 0
• If axis motion terminates with error, MERR returns the corresponding 4-digit error code in the range of 5000-5150
27
© 2013
Error Mechanism
• PERR is an ACSPL+ standard variable that stores ACSPL+ error code (progam error) per program buffer
• If an ACSPL+ error occurs during program execution, the controller stores the error code in the corresponding element of the PERR array
28
© 2013
Error Mechanism
• In addition to the SPiiPlus error codes, the user can add their own codes in the range of 9000 and above. For example:
ON (RPOS(axis) > 10000) ! Condition for error KILL (axis), 9123 ! Kill motion citing error code 9123 DISP "Cause of motion termination", MERR(axis); FCLEAR(axis)! Reset MERR flag of the axisRET
29
© 2013
EtherCAT Diagnostics
• EtherCAT diagnostic commands allow you to view connected EtherCAT network nodes, operational state, network offsets (variables), errors, etc.o There are three diagnostic commands:o #ETHERCAT – A terminal command showing connected EtherCAT
nodes, corresponding states, and variable offsetso ECST – Shows the status of the EtherCAT network. All bits should be on
with the possible exception of bit 4 (synchronization bit) if using 3rd party IO.
o ECERR – Gives an error code that can be sent to ACS Support for troubleshooting purposes. If zero, no errors exist
30
© 2013
Example 1
• A vision system moves a scanner head along a single linear axis
• Safety and faults need to be configured for the axis
• If the scanner head moves into the limit, it is important not to remain there due to hazards
• Turn off the default response to limits for the axis and define new response so the scanner head does not stay in the limit
31
© 2013
Example 1
• Load Safety and Faults example 1 to an empty buffer, review code, and execute.o If using trainer unit, command motion and manually toggle
limit switcheso If using simulator, command motion and simulate limit
switches by toggling. SAFINI(X).#LL, or SAFINI(X).#RL
32
© 2013
Example 2
• The vision system needs to wait for a signal from the user before it is allowed to continue operation
• Modify example 1 so that after moving out of a limit, code execution halts until user sends a signal from the terminal (i.e. user changes the state of a global variable from the terminal)
• Use the terminal to notify the user of any safety issues (use DISP to display messages to the Terminal), and prompt for user input when necessary
33
© 2013
Example 3
• For safety purposes it is desired to disable all axes and stop the program if the user does not send a signal for an extended amount of time
• Modify example 2 accordingly, define an appropriate user-response timeout length
34