Safety functions

Axis commissioning includes:

In particular, the knowledge and use of NC security functionalities,
taking the necessary safety precautions and
compliance with a specific sequence of commissioning steps.

DANGER

Danger to life or risk of serious injury or damage to property due to unintentional movements of the axis

When commissioning axes, there is a movement of them and the mechanics coupled to them, which creates a hazard for people and a risk of damage to the machine. The following safety measures provide guidelines for safe commissioning. The actual measures to be taken depend on the axis and its surroundings.

As a general rule, "Don't take an action whose consequence you can't estimate."

A monitoring function (watchdog) is provided in order to monitor the operation and regular updating of the cyclical interface between the PLC and the NC. In addition, there is task runtime overrun monitoring for each task and position lag monitoring and end position monitoring for the axes. Finally, monitoring facilities are provided on the hardware side.

Make sure that you are aware of further safety procedures for axis commissioning. (See Axis commissioning > General)

Watchdog for cyclic axis interface between PLC and NC

The watchdog (function monitoring) functionality between the cyclic axis interface of the PLC and NC should always be activated. This is the case if any value other than zero is entered for the watchdog. The value specifies the number of sequential task cycles following which the watchdog will trigger if no new information has been transferred between the NC and the PLC. If the watchdog is triggered, the corresponding axis interface (PlcToNc or NcToPlc) is cleared, i.e. zeroed.

If for example the PLC is stopped, or an infinite loop has been programmed within the PLC, or an FPU exception occurs, the active watchdog ensures that the NC axes are halted because the watchdog will cause the enable for the controller and feed to be canceled.

Task time-out monitoring

For purposes of diagnosis and analysis the task time-out monitoring should be activated. This is true both for the SEC task (I/O task of the NC) and for the SPP task of the NC. As regards content this monitoring has no effect, but should there be an occasion where an unexpected task time-out occurs, the response is in the form of a message box and an additional entry in the event display.

Position lag monitoring, end position monitoring, target position control

Right from the start of any operations each axis should be driven with both "position lag monitoring" and "end position monitoring" active. Even if an axis that has not yet been optimized is moving with lag errors that are very large at times, these fundamental monitoring mechanisms should not be switched out. Instead, their parameters should be set correspondingly generously (see TwinCAT System Manager documentation > NC - Configuration > Settings dialog > Axes dialog: Global). Furthermore, there is the possibility to control the target position automatically.

Direction inversion, direction monitoring

There are functionalities, e.g. position compensation on a master axis, which can cause an inversion of the direction of movement. To avoid an unwanted direction of travel, there is a direction-dependent feed enable that stops the axis instantaneously if it travels in the wrong direction.

Maximum velocity

Furthermore there is the possibility to define the maximum allowed travel velocity of an axis in the axis parameters or to limit the output of the drive in percent (see TwinCAT System Manager Documentation > NC - Configuration > Settings Dialog > Axes - Dialog: Global).

For example, it can happen that, by mistake, the direction of actuation of the axis control loop (positive feedback) is altered as a result of changeover of drive or encoder polarity, and the axis, with full logical consistency, drives towards the mechanical end position at maximum output value.

In the following situations the maximum velocity can be exceeded:

Through position compensation of the master or slave axes.
Through setting or changing the coupling factor of a slave axis or (indirectly) of the flying saw.
Through externally generated data in the FIFO or the table slave axes.

Stop

All master axes can be stopped at any time.

Notice The flying saw is the only slave axis that has a stop function. However, there are situations when a flying saw cannot be stopped.

Slave axes are to be stopped by converting them online into master axes, which can then be stopped. The FIFO axes can be stopped and the NCI group can be stopped.

Hardware monitoring

It may be that a facility in an emergency situation (emergency stop, watchdog, etc.) must not be allowed under any circumstances, for mechanical or other reasons, to halt abruptly its axes in the next I/O cycle (e.g. to command 0 V suddenly). Such behavior can only be ensured via the drive hardware that is present. To this end most manufacturers offer simple digital circuitry options that ensure that an axis is brought to a halt in a defined way (braking ramp, standstill window for electrical deactivation of the control system and activation of the brakes, etc.).