Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined...
Transcript of Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined...
1SICK AGBernd Appel - Germany
Hiperface DSL – Combined with Safety
International TÜV Rheinland Symposium in ChinaFunctional Safety in Industrial Applications18 – 19 October 2011, Shanghai - China
2SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
3SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
4SICK AGBernd Appel - Germany
Protocol Overview
� Hiperface DSL (Digital Servo Link)� SICK protocol for motor-feedback systems / encoders� Point-to-point connection drive - encoder
Drive
Motor housing
Motor
Encoder
Drive
controller
Power
electronics
One cable for motor & encoder
2 wires for encoder connection
up to
100 m
Drive
Motor housing
Motor
Encoder
Drive
controller
Power
electronics
One cable for motor
One cable for encoder
4 wires for encoder connection
up to
100 m
Variant 1: One cable Variant 2: “Classical” - two cables
5SICK AGBernd Appel - Germany
Protocol Overview
� Hiperface DSL (Digital Servo Link)� Cyclic communication� Synchronized to drive cycle (500 Hz ~ 80 kHz)
6SICK AGBernd Appel - Germany
Protocol Overview
� Hiperface DSL (Digital Servo Link)� Multiple communication channels� Fixed framing� Fast position frame: 12…24 µs length
� Safe position frame: 96…192 µs length
7SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
8SICK AGBernd Appel - Germany
Safety Architecture
� Hiperface DSL (Digital Servo Link) Safety protocol� Safe position channel 1 & 2� Diverse, redundant transmission� Dual CRC check
9SICK AGBernd Appel - Germany
Safety Architecture
� Safety architecture SIL2� 1 sensor channel with diagnostics (“1oo1D” architecture)� Redundant data transmission of same sensor data
10SICK AGBernd Appel - Germany
Safety Architecture
� Safety architecture SIL3� 2 sensor channels with diagnostics (“1oo2D” architecture)� Data transmission of 2 sensor values
Driv
e
OK …
Safe position channel
Safe position channel 2
SIL3Encoder
Sensor 2
Diagnostics (µC)
Inter-face 2
Inter-face
Drive Controller 1
Drive Controller 2
SICKresponsibility
Customerresponsibility
Sensor 1
Inter-face 1
11SICK AGBernd Appel - Germany
Safety Architecture
� Diagnostics for safety functions� Sensor signal monitoring (sin2 + cos2 check)� Redundant sensor signal digitizing� CRC for parameter storage� CRC for data transmission� Frame counter for data transmission (“toggle bit”)� Supply voltage, sensor current, ambient temperature monitoring� Mission-time counter
12SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
13SICK AGBernd Appel - Germany
Safety Function
� Encoders with Hiperface DSL are safe in drive applications only
Drive System (User) Encoder System
AC
Synchronous /
Asynchronous
Motor
Mechanical
Connection
(Shaft/Housing)
SensorSensor
Interface
Drive
Interface
Analysis,
Diagnostics
Safety
Function
Motor Stop
in case of Error
(STO)
14SICK AGBernd Appel - Germany
Hiperface DSLSafety function
� Supported safety functions (acc. IEC 61800-5-2)
STO is generally selected in case of error detection
Safe Torque OffSTO (informative)
Only if indicated for specific product
Safely-limited Position
SLP
Safely-limited Increment
SLI
Safe DirectionSDI
Safe Speed RangeSSR
Safe Acceleration Range
SAR
Safely Limited Acceleration
SLA
Safe Stop 2SS2
Safe Stop 1SS1
Safely Limited SpeedSLS
Safe Operating StopSOS
RemarksFunctionMode
15SICK AGBernd Appel - Germany
Safety Function
� Safety Parameters� Target for all future DSL encoders
� Specific values found in product datasheet
> 90%Safe Failure Fraction
> 90%-DCavg
> 30 years-MTTFd
1 hour1 hourDiagnostic Test Interval
-Not requiredProof Test Interval
20 years> 20 yearsMission Time
< 10% of PL d resp.PFHd < 10-7 [1/h]
< 10% of SIL 2 resp.PFHd < 10-7 [1/h]
Fraction of availablePFHd allotted toencoder system
Use in safety-relevantfunctional chainsaccording to PL d
Use in safety-relevantfunctional chains accordingto SIL 2
Classification
Corresponds with category 3(in connection with drive systems only)
Structure
Characteristicparameter accordingto DIN EN ISO 13849
Characteristic parameteraccording toDIN EN 62061 / IEC 61508
> 90%Safe Failure Fraction
> 90%-DCavg
> 30 years-MTTFd
1 hour1 hourDiagnostic Test Interval
-> 4 yearsProof Test Interval
20 years> 20 yearsMission Time
< 20% of PL e resp.PFHd < 2 * 10-8 [1/h]
< 20% of SIL 3 resp.PFHd < 2 * 10-8 [1/h]
Fraction of available PFHd allotted to encoder system
Use in safety-relevant functional chains according to PL e
Use in safety-relevant functional chains according to SIL 3
Classification
Corresponds with category 3(in connection with drive systems only)
Structure
Characteristic parameter accordingto DIN EN ISO 13849
Characteristic parameter according toDIN EN 62061 / IEC 61508
SIL2 encoders SIL3 encoders
16SICK AGBernd Appel - Germany
Safety Function
� Safety Parameter example� EKS/EKM36 encoder (first series product)
95%Safe Failure Fraction
90%-DCavg
412 years-MTTFd
1 hour1 hourDiagnostic Test Interval
-Not requiredProof Test Interval
20 years> 20 yearsMission Time
2.8% of PL d resp.PFH = 2.77 x 10-8 [1/h]
2.8% of SIL 2 resp.PFH = 2.77 x 10-8 [1/h]
Fraction of availablePFH allotted to encoderSystem
Use in safety-relevantfunctional chainsaccording to PL d
Use in safety-relevantfunctional chains accordingto SIL 2
Classification
Corresponds with category 3(in connection with drive systems only)
Structure
Characteristicparameter accordingto DIN EN ISO 13849
Characteristic parameteraccording toDIN EN 62061 / IEC 61508
EKS/EKM36 encoder
17SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
18SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core
� Clock frequency
� 75.0 MHz
� Logic size (standard variant)
� 1700 slices (Xilinx Spartan-3)� 1500 slices (Xilinx Spartan-6)
� 3000 LE (Altera Cyclone III)
� Safe variant: adds +10% logic
19SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core interfaces� “Interface1”: Drive Controller 1
� Serial (SPI)
� Parallel (EMIFA)
� “Interface2”: Drive Controller 2For Safety only!� Serial (SPI)
20SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core� Safety relevance?
� “Grey channel”� Single channel in safety system
� Diagnostics from outside(encoder, drive application)
21SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core� Safety relevance?
� “Grey channel”� Single channel in safety system
� Diagnostics from outside(encoder, drive application)
22SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
23SICK AGBernd Appel - Germany
Safety Failure Modes
� Considered failure modes� Mechanical failures of encoder
� Shaft attachment
� Housing attachment
� Loss of code disc
� Electronical failures of encoder� Signal shape
� Static signals
� Short-cuts, open-circuits� Transmission failures
� Loss, insertion, repetition of frames
� Data corruption� Electronical failures of drive interface
� Static signals
� Short-cuts, open-circuits
Drive
24SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
25SICK AGBernd Appel - Germany
Motor Requirements
� Encoder assembly� Defined geometry of shaft connection
� Defined torque for shaft connection� Defined conditions for housing connection
� Assembly parameters must be monitored and recorded by user
� Usage requirements� Specification for shock/vibration
� All details in product “Operating Manual”
26SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
27SICK AGBernd Appel - Germany
Drive Requirements
� Handling of encoder and transmission faults in drive� Error indicators show detection of faults
� Severity of fault explained in manual
� All details in “DSL Manual”, product datasheet
28SICK AGBernd Appel - Germany
Drive Requirements
� Diagnostic tests
� Aim: Fault detection still working?� Drive has to send test messages to encoder
cyclically
� Diagnostic test interval: ~ 1h (slow!)� Diagnostic test generates fault in encoder
� Error indication shows that diagnostics are working
� All details in “DSL Safety Implementation Manual”
Example:
29SICK AGBernd Appel - Germany
Drive Requirements
� Diagnostics in drive controllers
� Necessary since IP-Core is“grey channel”
� Check of 2 position values
� Check of CRC values
Drive
Example:
30SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
31SICK AGBernd Appel - Germany
Documentation
� Two categories of documentation
� Hiperface DSL documentation� General specification of
interface, protocol� Target: Drive
manufacturer
� Encoder documentation� Specific for each product series� Target: Drive and motor manufacturer
� Example: EKS/EKM36DSL Manual(non-safety)
Protocoldetails
DSL Safety Manual
Drive requirementsIP-Core
(interface) Manual
FPGA detailsIP-Core
(interface) datasheet
IP-Core characteristics
OperatingManual
Motor requirementsDatasheet
Encoder characteristics