Safety setup

  9 minutes   Bertus de Groot  
learn 

A guide for setting up safety of a work cell equipped with a Yaskawa SRCI robot.

For an SRCI system, a special safety setup is required to ensure that the robot can be operated safely, also in service scenarios where the operator is inside the work cell. When using SRCI commands, the robot controller is in REMOTEmode, meaning that the native speed limit for TEACH mode is not available.

In this guide, we will create the “safe limited speed” for SRCI using the Functional Safety Unit’s (FSU) speed limit function. Also, we will use an additional key switch for selecting the “point of control”. This will allow us to cover not only SRCI scenarios, but also scenarios where the native robot pendant is used (e.g. by Yaskawa service technicians).

This guide shall be seen as a first step for designing your safety. For your own application, always consult a safety expert to make sure your safety design fulfills all necessary standards and regulations.

System layout

For this guide we have chosen a simple but common system layout. The robot is placed inside a fenced work cell and the operator can access the dangerous area through a service door. Thanks to the implemented safety measures, the operator is able to move the robot slowly while being in the dangerous area.

work-cell
System layout used for this example.

Components

safety-system-layout
Components in the system.

  1. Safety PLC
    The PLC (e.g. Siemens 1516F-3PN) not only runs the user program (controlling the robot using SRCI) but also the safety program (handling the safety of the work cell).

  2. Robot controller
    The controller (e.g. YRC1000) with SRCI option comes with the FSU option. In this example, we use the additional safety fieldbus option (e.g. PROFIsafe) to save on safety wiring.

    The safety fieldbus option is not available for the YRC1000micro controller. In that case, regular 2-channel safety wiring will be used (see robot manual).

  3. Mobile HMI
    The mobile HMI (e.g. Siemens KTP900F) is used as the operator panel for the work cell – which includes controlling the robot using SRCI – in both automatic (production) and manual (service) scenarios. It needs the following safety features:

    • E-stop
    • 3-position enable switch

  4. Robot pendant
    On a SRCI system, the standard Yaskawa programming pendant is only required during first time commissioning (e.g. FSU setup) and maybe later during robot maintenance by Yaskawa service technicians.

    The Yaskawa robot pendant can be replaced by a special dummy connector.

  5. Service door
    The door switch is connected to a PLC safety input.

    Although not covered in this example, it is advised to use a door switch with built-in locking device. This allows a more sophisticated way of stopping the robot cycle (e.g. at a defined position), compared to just opening the door at any time.

  6. Manipulator
    The robot (e.g. GP20) controlled by the PLC using SRCI.

Considerations

For the safety design of the Yaskawa SRCI system, we need to consider various aspects.

Single point of control

As there are two operating panels in the system, we need to make sure that it is very clear which one is in use, and interlock it so that a single point of control is guaranteed.

From control point of view, this is already secured by the fact that SRCI only works with the robot controller in REMOTE mode whereas robot pendant operation is only possible in TEACH or PLAY mode.

From safety point of view, it is a different story. In case of robot pendant operation, the native safety functions need to be used. In case of SRCI operation, it will use the safety mechanisms we create in this guide. These two modes need to be interlocked in the safety PLC. We will do this using an additional key switch which is connected to a safety input.

With this switch, the operator will choose between operation by SRCI (using the mobile HMI) or by robot pendant.

Instead of using such a key switch, it could be considered to mount the lever of a sliding-door lock to the Yaskawa robot pendant. Then as soon as the robot pendant is taken away from its “park position”, the safety signal will be switched automatically.

Stop behavior

For the SRCI safety setup, we will stay as close as possible to the robot controller’s native stop behavior, which is described in below stop category table from the YRC1000 instructions manual:

stop-behavior
YRC1000 stop category table.

This table tells us that the native stop behavior is:

  • Making sure that the robot stops immediately (cat-0) where needed (e.g. operator in dangerous area)
  • Stopping normally (cat-1) in all other cases

The latter prevents the manipulator from extensive wear when e.g. the service door is opened frequently while moving at high speed.

Implementation

To implement the safety for SRCI, we will use the following robot signals:

DirectionRobot signalCommentPurpose
PLC to robotS-EXESPExternal E-stopExecute emergency stop
PLC to robotS-SAFFSafety fencePass status of safety fence (service door)
PLC to robotSVOFF CAT0Category 0 stopExecute immediate stop
robot to PLCPPESPPendant E-stopIntegrate robot controller’s E-stop button into the PLC’s E-stop circuit
Please refer to the robot controller’s instructions manual to learn more about the available safety signals.

Additionally, we will create a speed limit configuration in the FSU with a setting of 250 mm/s for the safe limited speed. This will be used when running SRCI motions while being in the dangerous area.

Setup

Safety fieldbus

  • Adjust settings and IO address for PROFIsafe device:
    CP1616-settings
    CP1616 PROFIsafe device settings.

IO

Buttons and switches

This example uses the following safety switches/buttons which are connected to PLC safety inputs:

  1. Key switch for selecting point of control (PLC/robot pendant)
  2. Safety door switch
  3. Emergency stop button
  4. 3-position enabling switch

safety-io-from-switches
Safety switches connected to the PLC (here just as static variables).

For (automated) testing purposes, we used static safety variables instead of safety inputs in this example.
Make sure to use appropriate safety inputs and -functions (e.g. signal evaluation).

PLC to robot

PLC variables

  1. Create safety data type (size: 64 BOOL):
    data-type-to-robot
    Data type for safety fieldbus data to robot.
  2. Create PLC tag and map to safety fieldbus:
    tag-to-robot
    PLC tag for safety fieldbus data to robot.

Robot controller signals

  • Create SFBIN signals: SAFETY FUNC. » SAFETY SIG. BOARD ALLOC » SIGNAL CHG » SFBIN

    safety-io-from-plc
    SFBIN input signals in the robot controller.

    SFBIN = safety fieldbus inputs

Robot to PLC

PLC variables

  1. Create safety data type (size: 64 BOOL):

    data-type-from-robot
    Data type for safety fieldbus data from robot.

  2. Create PLC tag and map to safety fieldbus:

    tag-to-robot
    PLC tag for safety fieldbus data from robot.

    For simplicity, we will not evaluate the safety limited speed feedback signal.

Robot controller signals

  • Create SFBOUT signals: SAFETY FUNC. » SAFETY SIG. BOARD ALLOC » SIGNAL CHG » SFBOUT

    safety-io-to-plc
    SFBOUT output signals in the robot controller.

    SFBOUT = safety fieldbus outputs
    M-SAFE = for usage inside safety logic circuit
    F-SAFE = for usage inside FSU functions

Logic

Robot

Setting up the robot safety requires safety mode authorization level.

  1. Create the safety logic circuit: SAFETY FUNC. » SAFETY LOGIC CIRCUIT

    safety-logic-circuit
    Content of safety logic circuit.

  2. Create the safe limited speed: SAFETY FUNC. » SPEED LIMIT

    setup-safe-speed
    Setup speed limit for creating a safe limited speed.

PLC

The PLC safety program in this guide is kept very simple and might not fulfill the necessary standards and regulations.

  1. Set the time delay which is used for the scenario where the robot should come to a standstill using a normal- instead of immediate stop:

    safety-logic1
    Time delay setting.

  2. Create an off-delayed signal for the door switch:

    safety-logic2
    Off-delayed door switch signal.

  3. Create the logic for the E-stop signal to the robot. The PLC E-stop circuit and robot pendant (local) E-stop are combined:

    safety-logic3
    E-stop signal to robot.

  4. Create the logic for the safety fence signal to the robot. In case of PLC control, the safety fence signal only drops shortly when opening the door. This will stop the motion with a normal stop.

    After the delay, the signal comes back. This is necessary, because the connected SAFF robot signal would prevent the robot to run (even with limited speed) in REMOTE mode.

    safety-logic4
    Safety fence signal to robot.

  5. Create the logic for the immediate stop signal to the robot. In case of PLC control, the immediate stop signal comes shortly after the door was opened (allowing the robot to stop gently with a normal stop). It is bypassed as long as the 3-position enabling switch is pressed. Also, this immediate stop applies when the E-stop is hit while the door is open.

    safety-logic5
    Immediate stop signal to robot.

  6. Create the logic for the speed limit signal to the robot. In case of PLC control, the speed limit applies when the door is open.

    safety-logic6
    Speed limit signal to robot.

Tests

To verify the SRCI safety setup, we have setup a few automated tests. In these tests, a GP12 robot is moving the S-axis back and forth using point-to-point motion with 50% speed. Then, in the middle of the motion, the corresponding safety inputs are triggered, e.g. to simulate the opening of the service door:

alt text
Robot motion used for the tests.

During the test, data is captured using a PLC trace (IO signals) and the optional robot pendant oscilloscope (TCP speed).

With the latter, the TCP speed and the stop type (normal or immediate) can be verified easily. A straight (vertical) line represents an immediate stop (cat-0) whereas an “s-curve” shaped line represents a normal stop (cat-1).

Results

01x

# test conditions
point_of_control: PLC
operator_location: outside cell
stop_cause: E-stop

01x-signals
01x: IO signals

01x-speed
01x: TCP speed [mm/s]

The robot runs without speed limit and stops with a normal stop.

02x

# test conditions
point_of_control: PLC
operator_location: outside cell
stop_cause: opening service door

02x-signals
02x: IO signals

02x-speed
02x: TCP speed [mm/s]

The robot runs without speed limit and stops with a normal stop.

03x

# test conditions
point_of_control: PLC
operator_location: inside cell
stop_cause: enabling switch

03x-signals
03x: IO signals

03x-speed
03x: TCP speed [mm/s]

The robot runs with safe limited speed and stops with an immediate stop.

04x

# test conditions
point_of_control: PLC
operator_location: inside cell
stop_cause: E-stop

04x-signals
04x: IO signals

04x-speed
04x: TCP speed [mm/s]

The robot runs with safe limited speed and stops with an immediate stop.

11x

# test conditions
point_of_control: robot pendant
operator_location: outside cell
stop_cause: E-stop

11x-signals
11x: IO signals

11x-speed
11x: TCP speed [mm/s]

The robot runs without speed limit and stops with a normal stop.

12x

# test conditions
point_of_control: robot pendant
operator_location: outside cell
stop_cause: opening service door

12x-signals
12x: IO signals

12x-speed
12x: TCP speed [mm/s]

The robot runs without speed limit and stops with a normal stop.

13x

# test conditions
point_of_control: robot pendant
operator_location: inside cell
stop_cause: enabling switch
The releasing of the pendant 3-position enabling switch had to be done by hand and is not visible in below IO signal trace.

13x-signals
13x: IO signals

13x-speed
13x: TCP speed [mm/s]

The robot runs with safe limited speed and stops with an immediate stop.

14x

# test conditions
point_of_control: robot pendant
operator_location: inside cell
stop_cause: E-stop

14x-signals
14x: IO signals

14x-speed
14x: TCP speed [mm/s]

The robot runs with safe limited speed and stops with an immediate stop.

Pages built with Hugo - 16 Sep 2024 10:26 CEST