Figure 1: In Codesys, the module controller contains a non-safe soft PLC and a very fast, safe soft PLC Safety SIL2 for complex safe motion applications. Safety Data: 1 - FSoE rd/wr --> STO/SBC, 2 - Black-channel --> current/torque, 3 - Black-channel --> encoder position

© SEW-Eurodrive

Tripods enable very fast movements that can be dangerous to people. In cooperative operation, it is necessary to monitor the speeds of the tool center point and the three elbows in a functionally safe manner. With a tripod, the necessary coordinate transformation is comparatively complex, as a functionally safe processing of complex floating point algorithms is required.

As with all human-robot collaborations, simple programming of fast and functionally safe multi-axis movements in combination with flexible networking is required. An industrial PC with an Intel quad-core processor certified by TÜV Süd becomes a PLC with motion control and fully integrated safety control, which uses two processor cores for safety functions in accordance with IEC 13849 Cat. 3.

Figure 3: The motor-integrated, safe encoders are used as safety sensors. The central safety controller can switch to the safe state using the STO and SBC safety functions (integrated in the drives).

© SEW-Eurodrive

The Codesys Safety SIL2 Runtime is executed within a separate virtual machine synchronously with the non-safe Runtime on the same quad-core processor. Communication with the safety controller takes place via shared memory areas. The CMP50M servomotors with PxG gear units from SEW-Eurodrive were equipped with EnDat 3 encoders and a 2-wire interface. The encoder communicates fully digitally with the drive without a separate cable via the two wires in the motor connection cable that are usually intended for the temperature sensor. The safety functions in the drive - Safe Torque Off (STO) and Safe Brake Control (SBC) - are controlled via EtherCAT / FSoE. In the multi-axis Safe Motion system, the motor-integrated encoders are safety-related sensors (Figure 2). STO and SBC in the drive form the safety-related actuators.

The extremely high computing power for a safety controller makes it possible to equip the connected drives with significantly reduced safety logic in a space-optimized manner by replacing the safety functionality in the drives with safety modules in the module controller (Figure 3). The safety functions specified in IEC 61800-5-2 can be implemented centrally for multi-axis systems.

Figure 4: Because the module controllers are based on x86-compatible IPC technology, networking with each other and with the control level or IT is very flexible.

© SEW-Eurodrive

The central safety diagnostics also make it particularly easy to implement degraded operating modes. A so-called "qualified diagnosis" assesses centrally according to error type and error location whether a safety sub-function - possibly under conditions that must be observed - may continue to be operated in compliance with the standard.

Connection via Profinet or PubSub methods

Figure 5: Standard operation and safe operation and analysis are integrated in one visualization. The safely (kinematically) reduced speed SLS (Safely Limited Speed) is used to monitor the Tool Center Point (TCP) and the Point of Interests (POI) to be defined.

© SEW-Eurodrive

When integrating an automation module into larger automation systems, the requirements are usually weighted differently. Safe motion functions above the module controller are often digital. It is not necessary here to transmit safe encoder positions cyclically; instead, safety functions such as Safely Limited Speed (SLS) are only switched on or off in a safety-relevant manner via Profinet/Profisafe or MQTT/OPC UA Safety. Networking in accordance with IEC 61499 with its focus on interoperability and event-oriented programming in conjunction with Ethernet-based PubSub methods makes it possible to network a large number of module controllers with each other (Figure 4). Thanks to the possibility of connecting to the current Robot Operating System ROS 2 via DDS, robots and cobots can now very easily use proven methods from automation, in particular safe motion functions for multi-axis systems.

High dynamics and flexibility

The authors (from left): Holger Goergen, Technology Field Manager for Machine Automation at SEW-Eurodrive in Langenfeld; Dr. Jens Krah, Professor at Cologne University of Applied Sciences; Tobias Schmidt, Research Assistant at the Institute of Automation Technology at Cologne University of Applied Sciences; Timo Wilkening, Research Assistant at the Institute of Automation Technology at Cologne University of Applied Sciences.

© SEW-Eurodrive

The new automation concept enables flexibly networkable, highly dynamic systems with integrated safety control and higher functionality while significantly reducing hardware and software complexity. The use of Codesys for both the standard area and for functional safety speeds up commissioning, reduces the possibility of incorrect parameterization and simplifies support. The very fast, safe kinematics make complex applications with cooperating robots more economical and faster to implement. The advantages of the solution are particularly interesting for mobile applications such as AGVs or pallet shuttles, where space, functional safety and energy savings are key aspects.