6 minute read

Create TwinSAFE project

For your project you want to add functional safety features. For this you will need a Safety Relais or Safety PLC. Motorcortex is capable to communicate with Safety PLC’s trough EtherCAT. In This Series You will learn how to create a Safety project with Beckhoff TwinSAFE©® and link it to Motorcortex for your project.

In this section you will learn the basics how to create a TwinSAFE Project offline.

Requirements:

TwinCAT 3 Engineering Edition on a computer (full install,including XAE shell option).

Create a new Twinsafe Project.

After opening TwinCAT 3©® on your PC, you can create a new Twinsafe Project.

In the top bar go to File → New → Project...
A new window wil open where you can set the new Name, Location and Solution name for you project.
Make sure the Create directory for solution box is checked.

Note

It is advised to use a Generic name for the Name of the project. this makes it possible to reuse this project as a template in the future.

Press OK to create your new TwinSafe Project.

Adding The Vectioneer Safety Template

Vectioneer developed a template for creating new Safety programs. This template is available for purchase for various Safety PLCs (Beckhoff, BBH). Please contact sales@vectioneer.com for pricing information.

When you have purchase the template for TwinSAFE you can download this project through the motorcortex.io portal.
Next you need ti import to project into TwinCAT: In TwinCAT in the Solution Explorer right click on SAFETY and select Add Existing Item....
Browse to the gcc-twinsafe repository that you have donwloaded in step 1. and go to TwinCAT Project → Vx.x.x → CCC_Vxxx and slect the GCC_Vxxx.tsproj file.
Press Open to add the GCC_Vxxx template to the TwinSAFE Project.

The GCC_Vxxx template is now added to your project. You can right click it to Rename the safety project to the name you desire.

Main Logic

The main logic can be found in TwinSafeGroup1.sai. It can be opened by going to the Solution Explorer, in the Safety Tree and double clicking on TwinSafeGroup1.sai

Safety blocks can be added by opening the Toolbox (View → Toolbox) and dragging safety blocks into the tab of TwinSafeGroup1.sai.

Inputs and outputs can be connected by clicking on an input or output and than dragging a line to the desired output or input.

User Defined Blocks and logic

TwinSAFE has the option to use UFBs: User Defined Blocks. In these block the user can make his own custom logic and integrate the block in the main safety project.

The advantage of using UFBs is that they can be reused in other projects and that improve readability of the main safety project by splitting up the (more complex) logic in sub-blocks. By adding the Vectioneer Safety Template you wil have some predifined User defined blocks available.

Go to Solution Manager, Safety → GCC_Safety_Vxxx → GCC_Safety_Vxxx Project → User FBs.
By Right clicking on the folder icon you can add → existing items and import them from your own library or add → User FB... to create a new User Functionblock
All UserFBs will be added to the Toolbox under User FBs.

Vectioneer User Defined Function Blocks

Vectioneer has made a couple User Function Blocks that are used in combination with the Motorcortex software. This section will explain how these UserFBs work.

AlwaysTrue.ufb

The Safety PLC receives several non-safe signals from the Motion Controller (directly via EtherCAT, not via any physical inputs). Two of those are used to trigger STOs (watchdog and E-Stop from the motion Controller) , although because of their non-safe character do not improve the safety ratings (however due to their implementation it also does not make it worse).

In order to implement a non-safe signal into the safety software, it has to be combined with a safe signal. This could e.g. be Emergency Stop. This has as downside that all internal safety PLC signals that are used for diagnosis are also triggered in case of the Emergency Stop. In order to prevent confusion, an “AlwaysTrue” block is created to create the mandatory safe signal that can be combined with the non-safe signal.

NOTE: the non-safe signal is implement in such a way that it can never overwrite the outcome of the safe signals. Therefor there is no impact on the MTTFd on in implementing these extra signals.

NoEstop.ufb

In case the Motion Controller detects a situation that is not safety-critical (and therefor can be implemented on the non-safe Motion Controller), but does desire switching off of the drives, it can trigger an Emergency Stop. It does that with input signal “iNoESTop”. In order to combine this non-safe signal, it has to be joined by a safe signal, that is provided by the output of “AlwaysTrue.ufb”.

Warning

NEVER shall the NoEStop signal originating from Motorcortex be used as replacement of safety critical signal. E.g. triggering Emergency Stop signals via a touchscreen instead of a physical Emergency Stop button is FORBIDDEN.

Watchdog100ms.ufb

The Watchdog is implemented in case of task freezing on the Motion Controller. FSoE has a built-in watchdog timer, however this one is only triggered if the EtherCAT master stops/is too slow in sending packages. For cases where the EtherCAT task will keep running, but e.g. the logic task freezes, the FSoE watchdog will not respond. For this case a separate watchdog is created.

Watchdog100ms.ufb expects a pulsed signal with a maximum time of 100ms for a 0 or 1. Beyond that time, the output of this block will go to 0. The 250ms Ton delay and ErrorAcknowledgementBlock is implemented to prevent cases where the watchdog is border stable and otherwise could lead to a quick switching of the output (no relays are connected in this application to the output, but in case it would, it would significantly reduce the lifetime). Also here the AlwaysTrue signal is used to decouple status of the watchdog timer from any safety inputs.

Verify project

After creating your Safety Logic, it needs to be checked and verified. This can be checked by going to the top bar of TwinCAT, select TwinSAFE and click on Verify Safety Project.

In the pictures below are some example errors you wil get after verifying your project:

Order of Execution not unique: The function blocks are executed in a order defined by the user. Normally this goes from input via blocks to outputs, otherwise it can be that your output will only be updated one clock cycle later. The order of execution of the block is in the top right. In order to change the execution order, click on the function block, open the properties tab and fill-in the desired number.

Another error you might get is that input is not connected. In the example it happened with the variable “iErrorAcknowledge” that was not given to UFB Watchdog100ms.

When all errors are fixed, only 2 warnings remain, linked to UFB an always true signal. For more details see section AlwaysTrue.ufb.

Congratulations you have finished this section!!

The next step is to Add Hardware to your TwinSAFE project. Add Hardware to your TwinSAFE project