7 minute read
Adding a TwinSAFE Safety PLC to a Motorcortex based Control System
Motorcortex can be complemented by a Functional Safety System, like a Safety Relay or Safety PLC. The Functional Safety then monitors the functionality if the Control System and takes action if needed. It is most convenient to have a EtherCAT based Safety PLC, like the devices from Beckhoff, who offer a large variety of plcs, input and outputs. Also Servo Drives come with an increasing number of Safety Functions like Safe Motion (like for instance Synapticon Circulo and Integro/Actilink products).
The advantage of using Safety Over EtherCAT (FSoE) is that no additional wiring is required to communicate between the Motorcortex Application and the Safety System and the Motorcortex Application can easily gain insight into the operation of the Safety PLC at runtime.
In this chapter You will learn how to create a Safety project with Beckhoff TwinSAFE and link it to Motorcortex. Also we will create some special functions that allow teh Motorcortex Application to trigger an Emergency Stop and a Watchdog function that monitors the performance of the realtime system.
Note
This page is also relevant for users of TwinCAT, however we encourage you to give Motorcortex a try, so you experience the advantages of a modern and truly open control system.
THINK :: POSSIBLE
Requirements:
- Windows computer or a Virtual Machine running Windows
- TwinCAT 3 Engineering Edition on a computer (full install,including XAE shell option, Warning: 1.3GB download!).
Create a new Twinsafe Project.
After opening TwinCAT 3 on your PC, you can create a new Twinsafe Project.
- In the top bar go to
File→New→Project... - A new window wil open where you can set the new Name, Location and Solution name for you project.
- Make sure the
Create directory for solutionbox is checked.
Note
It is advised to use a Generic name for the Name of the project. this makes it possible to reuse this project as a template in the future.- Press
OKto create your new TwinSafe Project.
Adding The Vectioneer Safety Template
Vectioneer developed a template for creating new Safety programs. This template is available for purchase for various Safety PLCs (Beckhoff, BBH). Please contact sales@vectioneer.com for pricing information.
- When you have purchase the template for TwinSAFE you can download this project through the motorcortex.io portal.
- Next you need ti import to project into TwinCAT: In TwinCAT in the Solution Explorer right click on
SAFETYand selectAdd Existing Item.... - Browse to the gcc-twinsafe repository that you have donwloaded in step 1. and go to
TwinCAT Project→Vx.x.x→CCC_Vxxxand slect theGCC_Vxxx.tsprojfile. - Press
Opento add theGCC_Vxxxtemplate to the TwinSAFE Project.
- The
GCC_Vxxxtemplate is now added to your project. You can right click it toRenamethe safety project to the name you desire.
Main Logic
The main logic can be found in TwinSafeGroup1.sai. It can be opened by going to the Solution Explorer, in the Safety Tree and double clicking on TwinSafeGroup1.sai
Safety blocks can be added by opening the Toolbox (View → Toolbox) and dragging safety blocks into the tab of TwinSafeGroup1.sai.
Inputs and outputs can be connected by clicking on an input or output and than dragging a line to the desired output or input.
User Defined Blocks and logic
TwinSAFE has the option to use UFBs: User Defined Blocks. In these block the user can make his own custom logic and integrate the block in the main safety project.
The advantage of using UFBs is that they can be reused in other projects and that improve readability of the main safety project by splitting up the (more complex) logic in sub-blocks. By adding the Vectioneer Safety Template you wil have some predifined User defined blocks available.
- Go to
Solution Manager,Safety→GCC_Safety_Vxxx→GCC_Safety_Vxxx Project→User FBs. - By
Right clickingon thefolder iconyou canadd→existing itemsand import them from your own library oradd→User FB...to create a new User Functionblock - All UserFBs will be added to the
Toolboxunder User FBs.
Vectioneer User Defined Function Blocks
Vectioneer has made a couple User Function Blocks that are used in combination with the Motorcortex software. This section will explain how these UserFBs work.
AlwaysTrue.ufb
The Safety PLC receives several non-safe signals from the Motion Controller (directly via EtherCAT, not via any physical inputs). Two of those are used to trigger STOs (watchdog and E-Stop from the motion Controller) , although because of their non-safe character do not improve the safety ratings (however due to their implementation it also does not make it worse).
In order to implement a non-safe signal into the safety software, it has to be combined with a safe signal. This could e.g. be Emergency Stop. This has as downside that all internal safety PLC signals that are used for diagnosis are also triggered in case of the Emergency Stop. In order to prevent confusion, an “AlwaysTrue” block is created to create the mandatory safe signal that can be combined with the non-safe signal.
NOTE: the non-safe signal is implement in such a way that it can never overwrite the outcome of the safe signals. Therefor there is no impact on the MTTFd on in implementing these extra signals.
NoEstop.ufb
In case the Motion Controller detects a situation that is not safety-critical (and therefor can be implemented on the non-safe Motion Controller), but does desire switching off of the drives, it can trigger an Emergency Stop. It does that with input signal “iNoESTop”. In order to combine this non-safe signal, it has to be joined by a safe signal, that is provided by the output of “AlwaysTrue.ufb”.
Warning
NEVER shall the NoEStop signal originating from Motorcortex be used as replacement of safety critical signal. E.g. triggering Emergency Stop signals via a touchscreen instead of a physical Emergency Stop button is FORBIDDEN.Watchdog100ms.ufb
The Watchdog is implemented in case of task freezing on the Motion Controller. FSoE has a built-in watchdog timer, however this one is only triggered if the EtherCAT master stops/is too slow in sending packages. For cases where the EtherCAT task will keep running, but e.g. the logic task freezes, the FSoE watchdog will not respond. For this case a separate watchdog is created.
Watchdog100ms.ufb expects a pulsed signal with a maximum time of 100ms for a 0 or 1. Beyond that time, the output of this block will go to 0. The 250ms Ton delay and ErrorAcknowledgementBlock is implemented to prevent cases where the watchdog is border stable and otherwise could lead to a quick switching of the output (no relays are connected in this application to the output, but in case it would, it would significantly reduce the lifetime). Also here the AlwaysTrue signal is used to decouple status of the watchdog timer from any safety inputs.
Verify the project
After creating your Safety Logic, it needs to be checked and verified. This can be checked by going to the top bar of TwinCAT, select TwinSAFE and click on Verify Safety Project.
In the pictures below are some example errors you wil get after verifying your project:
- Order of Execution not unique: The function blocks are executed in a order defined by the user. Normally this goes from input via blocks to outputs, otherwise it can be that your output will only be updated one clock cycle later. The order of execution of the block is in the top right. In order to change the execution order, click on the function block, open the properties tab and fill-in the desired number.
- Another error you might get is that input is not connected. In the example it happened with the variable “iErrorAcknowledge” that was not given to UFB Watchdog100ms.
- When all errors are fixed, only 2 warnings remain, linked to UFB an always true signal. For more details see section AlwaysTrue.ufb.
The next step is to Add Hardware to your TwinSAFE project. Add Hardware to your TwinSAFE project