motion/ecmc_plugin_safety
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
125 Commits 2 Branches 14 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

ecmc_plugin_safety

IMPORTANT: This plugin or ecmc does NOT offer any safety certified functionality. This plugin only offers a standard interface to an external safety system / safety PLC / safety relay!!!!

This plugin is designed for interfacing safety systems, see example in below picture, to ecmc motion axes.

Safety system

SS1-t

The plugin supports stopping axes according to a concept described as SS1-t, see below picture. In SS1-t the STO (or removal of power) from the axes are delayed for a certain defined time allowing a controlled rampdown of velocity. The rampdown of the axis is handled by the non-safe motion controller while the removal of power (or triggering of STO) after the time delay is handled by a safety system, . This makes it possible to stop moving axes in a controlled way and disable the drives before the power is interrupted (or STO triggered). This will result in a safer system and less harware failures and error messages.

After the time delay expires, hopfully all axes are at standstill and power is already removed from the drives.

SS1-t

Velocity limit

An additional optional feature of this plugin is limiting of axis velocity based on an the state of an ethercat I/O (this is not a safety certified fucntionality).

Axes that are configured with a max velocity will be monitored by this plugin and if exceeding the configured max velocity, the axis will be disabled.

For initiation of new movements, the target velocity will be limited to 95% of the configured maximum velocity. The reason for this is toi allow small fluctuations in actual velocity without disablaing the axes.

Interface

Basically the safey system is interfaced with three binary signals (ethercat I/O):

  • Ramp down command (from safety system to ecmc). 0 means ramp down command is active.
  • Axis stand still status (to safety system from ecmc). 1 means that all axes are at rest AND disabled
  • Limitation of velocity (optional). 0 means limitation of velocity is acrive

If, for instance, an safety event is triggerd by the safety system, it will immediately command this plugin to rampdown velocity of all axes (that a configured to stop). When all axes, that are configured to rampdown, have stopped then this plugin will disable the axes and set an ethercat output informing the safety system that the axes are standstill. After a certain timout the safety system will make sure power is removed from the motion axes by triggering an STO or removing power. The removal of power or triggering of STO will made regardless if the axes are at rest or not. A reset of the safety system, allowing power to the drives, will only be possible once the safety system gets a confirmation that all axes are at rest.

The configuration is made by two commands:

  1. ecmcAddSS1SafetyGroup() wrapped into addSS1Group.cmd
  2. ecmcAddAxisToSafetyGroup() wrapped in snippet addAxisToSafetyGroup.cmd

ecmcAddSS1SafetyGroup()

The ecmcAddSS1SafetyGroup() adds a SS1 safety group. The command takes the following parameters:

ecmcAddSS1SafetyGroup(<name>, <ec_rampdown_cmd>, <ec_standstill_status>,<ec_max_velo_cmd>,<time_delay_ms>)
        <name>                     : Name of group
        <ec_rampdown_cmd>          : Ethercat entry input for rampdown cmd
        <ec_standstill_status>     : Ethercat entry output for group standstill status
        <ec_max_velo_cmd>          : Ethercat entry input for activation of maximum velo limitation (set to "empty" to disable)
        <time_delay_ms>            : Time delay of STO [ms]

Each group is interfacing the safety system through the same I/O (ethercat). Axes that needs the SS1 fucntionality can be added to this group with the ecmcAddAxisToSafetyGroup() command.

This command is also wrapped in a snippet addSS1Group.cmd with the follwoing parameters:

  • NAME : Name of group
  • EC_RAMP_DOWN : Ethercat input of ramp down signal from safety PLC
  • EC_AXES_REST : Ethercat entry for signaling that all axes in group are at rest, output from ecmc (feedback to safety PLC/system)
  • EC_AXES_MAX_VELO : Ethercat entry for reducing velocity, input to ecmc (command from safety PLC/system), put 0 to disable
  • DELAY_MS : Safety system delay time of STO or removal of power

Example:

# Create SS1 group
epicsEnvSet(EC_RAMP_DOWN,"ec${ECMC_EC_MASTER_ID}.s${BI_SLAVE}.binaryInput08.0")
epicsEnvSet(EC_AXES_REST,"ec${ECMC_EC_MASTER_ID}.s${BO_SLAVE}.binaryOutput07.0")
epicsEnvSet(SAFETY_TIMEOUT,500)
${SCRIPTEXEC} ${ecmc_plugin_safety_DIR}addSS1Group.cmd "NAME=first,EC_RAMP_DOWN=${EC_RAMP_DOWN},EC_AXES_REST=${EC_AXES_REST},DELAY_MS=${SAFETY_TIMEOUT}"

ecmcAddAxisToSafetyGroup()

With the "ecmcAddAxisToSafetyGroup()" command an ecmc axis can be added to a safety group. All axes linked to a certain group will act on command from the safety system (initiation of velocity rampdown).

The ecmcAddAxisToSafetyGroup() command takes the following parameters:

ecmcAddAxisToSafetyGroup(<group_name>, <axis_index>, <velo_limit>, <filter_time>)
          <name>                     : Name of safety group to add axis to.
          <Axis id>                  : Axis index to add (ecmc axis index).
          <velo_rest_limit>          : Axis at rest velo limit [unit of axis].
          <velo_max_limit>           : Axis max velo limit [unit of axis].
          <filter_time>              : NOT USED (for future implemenation). Time for axis to be below velo limit [ms].

Note: The "filter_time" parameter is not used right now. As soon as the axis is below teh velo_limit it will be considered to stand still and will then be disabled.

Note: The plugin checks the trajectory generated velocity setpoint and not the actual velocity.

This command is also wrapped in a snippet addAxisToSafetyGroup.cmd with the following parameters:

  • NAME : Name of group to add axis to (group must be created first with addSS1Group.cmd)
  • AX_ID : ecmc axis index of axis to add
  • VELO_REST_LIM : Velocity at rest limit [unit same as EGU of axis]
  • VELO_MAX_LIM : Velocity maximum limit, -1 to disable [unit same as EGU of axis]

Example:

${SCRIPTEXEC} ${ecmc_plugin_safety_DIR}addAxisToSafetyGroup.cmd "NAME=first,AX_ID=1,VELO_REST_LIM=1,VELO_MAX_LIM=100"

Example of startup script:

##############################################################################
## Load safety plugin
#

require ecmc_plugin_safety sandst_a


# Create SS1 group
#-   EC_RAMP_DOWN       :   Ethercat entry for ramp down command, input to ecmc (command from safety PLC/system)
#-   EC_AXES_REST       :   Ethercat entry for signaling that all axes in group are at rest, output from ecmc (feedback to safety PLC/system)
#-   EC_AXES_MAX_VELO   :   Ethercat entry for reducing velocity, input to ecmc (command from safety PLC/system), set to "empty" to disable
#-   DELAY_MS           :   Time between rampdown command and STO
epicsEnvSet(EC_RAMP_DOWN,"ec${ECMC_EC_MASTER_ID}.s${BI_SLAVE}.binaryInput08.0")
epicsEnvSet(EC_AXES_REST,"ec${ECMC_EC_MASTER_ID}.s${BO_SLAVE}.binaryOutput07.0")
epicsEnvSet(EC_AXES_MAX_VELO,"ec${ECMC_EC_MASTER_ID}.s${BO_SLAVE}.ONE.0")
epicsEnvSet(SAFETY_TIMEOUT,500)
${SCRIPTEXEC} ${ecmc_plugin_safety_DIR}addSS1Group.cmd "NAME=first,EC_RAMP_DOWN=${EC_RAMP_DOWN},EC_AXES_REST=${EC_AXES_REST},EC_AXES_MAX_VELO=${EC_AXES_MAX_VELO},DELAY_MS=${SAFETY_TIMEOUT}"

#- Add axis
#-   AX_ID              :   Axis ID
#-   VELO_REST_LIM      :   Velocity at rest limit [unit same as EGU of axis]
#-   VELO_MAX_LIM       :   Velocity maximum limit, -1 to disable [unit same as EGU of axis]
${SCRIPTEXEC} ${ecmc_plugin_safety_DIR}addAxisToSafetyGroup.cmd "NAME=first,AX_ID=1,VELO_REST_LIM=1,VELO_MAX_LIM=100"
....

Test

Triggering of e-stop:

  • Velo 500mm/s
  • Stop ramp 1200mm/s/s

Test data

Velocity Digital

Test at Debye

libversionShow
require            3.3.1     /gfa/.mounts/sls_ioc/modules/require/3.3.1/R7.0.7/             
misc               2.15.0    /gfa/.mounts/sls_ioc/modules/misc/2.15.0/R7.0.7/               
ecmccfg            safety3   /gfa/.mounts/sls_ioc/modules/ecmccfg/safety3/R7.0.7/           
ECmasterECMC       v1.1.0    /gfa/.mounts/sls_ioc/modules/ECmasterECMC/v1.1.0/R7.0.7/       
calc               3.7.6     /gfa/.mounts/sls_ioc/modules/calc/3.7.6/R7.0.7/                
asyn               4.42.2    /gfa/.mounts/sls_ioc/modules/asyn/4.42.2/R7.0.7/               
motorECMC          7.0.9-ESS /gfa/.mounts/sls_ioc/modules/motorECMC/7.0.9-ESS/R7.0.7/       
ruckig             0.6.3     /gfa/.mounts/sls_ioc/modules/ruckig/0.6.3/R7.0.7/              
ecmc               safety3   /gfa/.mounts/sls_ioc/modules/ecmc/safety3/R7.0.7/              
ecmccomp           0.1.0     /gfa/.mounts/sls_ioc/modules/ecmccomp/0.1.0/R7.0.7/            
ecmc_plugin_safety safety3   /gfa/.mounts/sls_ioc/modules/ecmc_plugin_safety/safety3/R7.0.7/
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 901 KiB
Languages
C++ 74.2%
C 12.9%
Batchfile 9.4%
Makefile 3.5%