hiperface dsl – combined with safetysick ag 1 bernd appel - germany hiperface dsl – combined...
TRANSCRIPT
![Page 1: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/1.jpg)
1SICK AGBernd Appel - Germany
Hiperface DSL – Combined with Safety
International TÜV Rheinland Symposium in ChinaFunctional Safety in Industrial Applications18 – 19 October 2011, Shanghai - China
![Page 2: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/2.jpg)
2SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 3: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/3.jpg)
3SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 4: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/4.jpg)
4SICK AGBernd Appel - Germany
Protocol Overview
� Hiperface DSL (Digital Servo Link)� SICK protocol for motor-feedback systems / encoders� Point-to-point connection drive - encoder
Drive
Motor housing
Motor
Encoder
Drive
controller
Power
electronics
One cable for motor & encoder
2 wires for encoder connection
up to
100 m
Drive
Motor housing
Motor
Encoder
Drive
controller
Power
electronics
One cable for motor
One cable for encoder
4 wires for encoder connection
up to
100 m
Variant 1: One cable Variant 2: “Classical” - two cables
![Page 5: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/5.jpg)
5SICK AGBernd Appel - Germany
Protocol Overview
� Hiperface DSL (Digital Servo Link)� Cyclic communication� Synchronized to drive cycle (500 Hz ~ 80 kHz)
![Page 6: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/6.jpg)
6SICK AGBernd Appel - Germany
Protocol Overview
� Hiperface DSL (Digital Servo Link)� Multiple communication channels� Fixed framing� Fast position frame: 12…24 µs length
� Safe position frame: 96…192 µs length
![Page 7: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/7.jpg)
7SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 8: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/8.jpg)
8SICK AGBernd Appel - Germany
Safety Architecture
� Hiperface DSL (Digital Servo Link) Safety protocol� Safe position channel 1 & 2� Diverse, redundant transmission� Dual CRC check
![Page 9: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/9.jpg)
9SICK AGBernd Appel - Germany
Safety Architecture
� Safety architecture SIL2� 1 sensor channel with diagnostics (“1oo1D” architecture)� Redundant data transmission of same sensor data
![Page 10: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/10.jpg)
10SICK AGBernd Appel - Germany
Safety Architecture
� Safety architecture SIL3� 2 sensor channels with diagnostics (“1oo2D” architecture)� Data transmission of 2 sensor values
Driv
e
OK …
Safe position channel
Safe position channel 2
SIL3Encoder
Sensor 2
Diagnostics (µC)
Inter-face 2
Inter-face
Drive Controller 1
Drive Controller 2
SICKresponsibility
Customerresponsibility
Sensor 1
Inter-face 1
![Page 11: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/11.jpg)
11SICK AGBernd Appel - Germany
Safety Architecture
� Diagnostics for safety functions� Sensor signal monitoring (sin2 + cos2 check)� Redundant sensor signal digitizing� CRC for parameter storage� CRC for data transmission� Frame counter for data transmission (“toggle bit”)� Supply voltage, sensor current, ambient temperature monitoring� Mission-time counter
![Page 12: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/12.jpg)
12SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 13: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/13.jpg)
13SICK AGBernd Appel - Germany
Safety Function
� Encoders with Hiperface DSL are safe in drive applications only
Drive System (User) Encoder System
AC
Synchronous /
Asynchronous
Motor
Mechanical
Connection
(Shaft/Housing)
SensorSensor
Interface
Drive
Interface
Analysis,
Diagnostics
Safety
Function
Motor Stop
in case of Error
(STO)
![Page 14: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/14.jpg)
14SICK AGBernd Appel - Germany
Hiperface DSLSafety function
� Supported safety functions (acc. IEC 61800-5-2)
STO is generally selected in case of error detection
Safe Torque OffSTO (informative)
Only if indicated for specific product
Safely-limited Position
SLP
Safely-limited Increment
SLI
Safe DirectionSDI
Safe Speed RangeSSR
Safe Acceleration Range
SAR
Safely Limited Acceleration
SLA
Safe Stop 2SS2
Safe Stop 1SS1
Safely Limited SpeedSLS
Safe Operating StopSOS
RemarksFunctionMode
![Page 15: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/15.jpg)
15SICK AGBernd Appel - Germany
Safety Function
� Safety Parameters� Target for all future DSL encoders
� Specific values found in product datasheet
> 90%Safe Failure Fraction
> 90%-DCavg
> 30 years-MTTFd
1 hour1 hourDiagnostic Test Interval
-Not requiredProof Test Interval
20 years> 20 yearsMission Time
< 10% of PL d resp.PFHd < 10-7 [1/h]
< 10% of SIL 2 resp.PFHd < 10-7 [1/h]
Fraction of availablePFHd allotted toencoder system
Use in safety-relevantfunctional chainsaccording to PL d
Use in safety-relevantfunctional chains accordingto SIL 2
Classification
Corresponds with category 3(in connection with drive systems only)
Structure
Characteristicparameter accordingto DIN EN ISO 13849
Characteristic parameteraccording toDIN EN 62061 / IEC 61508
> 90%Safe Failure Fraction
> 90%-DCavg
> 30 years-MTTFd
1 hour1 hourDiagnostic Test Interval
-> 4 yearsProof Test Interval
20 years> 20 yearsMission Time
< 20% of PL e resp.PFHd < 2 * 10-8 [1/h]
< 20% of SIL 3 resp.PFHd < 2 * 10-8 [1/h]
Fraction of available PFHd allotted to encoder system
Use in safety-relevant functional chains according to PL e
Use in safety-relevant functional chains according to SIL 3
Classification
Corresponds with category 3(in connection with drive systems only)
Structure
Characteristic parameter accordingto DIN EN ISO 13849
Characteristic parameter according toDIN EN 62061 / IEC 61508
SIL2 encoders SIL3 encoders
![Page 16: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/16.jpg)
16SICK AGBernd Appel - Germany
Safety Function
� Safety Parameter example� EKS/EKM36 encoder (first series product)
95%Safe Failure Fraction
90%-DCavg
412 years-MTTFd
1 hour1 hourDiagnostic Test Interval
-Not requiredProof Test Interval
20 years> 20 yearsMission Time
2.8% of PL d resp.PFH = 2.77 x 10-8 [1/h]
2.8% of SIL 2 resp.PFH = 2.77 x 10-8 [1/h]
Fraction of availablePFH allotted to encoderSystem
Use in safety-relevantfunctional chainsaccording to PL d
Use in safety-relevantfunctional chains accordingto SIL 2
Classification
Corresponds with category 3(in connection with drive systems only)
Structure
Characteristicparameter accordingto DIN EN ISO 13849
Characteristic parameteraccording toDIN EN 62061 / IEC 61508
EKS/EKM36 encoder
![Page 17: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/17.jpg)
17SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 18: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/18.jpg)
18SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core
� Clock frequency
� 75.0 MHz
� Logic size (standard variant)
� 1700 slices (Xilinx Spartan-3)� 1500 slices (Xilinx Spartan-6)
� 3000 LE (Altera Cyclone III)
� Safe variant: adds +10% logic
![Page 19: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/19.jpg)
19SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core interfaces� “Interface1”: Drive Controller 1
� Serial (SPI)
� Parallel (EMIFA)
� “Interface2”: Drive Controller 2For Safety only!� Serial (SPI)
![Page 20: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/20.jpg)
20SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core� Safety relevance?
� “Grey channel”� Single channel in safety system
� Diagnostics from outside(encoder, drive application)
![Page 21: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/21.jpg)
21SICK AGBernd Appel - Germany
Safety Implementation for Drives
� DSL Master IP-core� Safety relevance?
� “Grey channel”� Single channel in safety system
� Diagnostics from outside(encoder, drive application)
![Page 22: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/22.jpg)
22SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 23: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/23.jpg)
23SICK AGBernd Appel - Germany
Safety Failure Modes
� Considered failure modes� Mechanical failures of encoder
� Shaft attachment
� Housing attachment
� Loss of code disc
� Electronical failures of encoder� Signal shape
� Static signals
� Short-cuts, open-circuits� Transmission failures
� Loss, insertion, repetition of frames
� Data corruption� Electronical failures of drive interface
� Static signals
� Short-cuts, open-circuits
Drive
![Page 24: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/24.jpg)
24SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 25: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/25.jpg)
25SICK AGBernd Appel - Germany
Motor Requirements
� Encoder assembly� Defined geometry of shaft connection
� Defined torque for shaft connection� Defined conditions for housing connection
� Assembly parameters must be monitored and recorded by user
� Usage requirements� Specification for shock/vibration
� All details in product “Operating Manual”
![Page 26: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/26.jpg)
26SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 27: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/27.jpg)
27SICK AGBernd Appel - Germany
Drive Requirements
� Handling of encoder and transmission faults in drive� Error indicators show detection of faults
� Severity of fault explained in manual
� All details in “DSL Manual”, product datasheet
![Page 28: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/28.jpg)
28SICK AGBernd Appel - Germany
Drive Requirements
� Diagnostic tests
� Aim: Fault detection still working?� Drive has to send test messages to encoder
cyclically
� Diagnostic test interval: ~ 1h (slow!)� Diagnostic test generates fault in encoder
� Error indication shows that diagnostics are working
� All details in “DSL Safety Implementation Manual”
Example:
![Page 29: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/29.jpg)
29SICK AGBernd Appel - Germany
Drive Requirements
� Diagnostics in drive controllers
� Necessary since IP-Core is“grey channel”
� Check of 2 position values
� Check of CRC values
Drive
Example:
![Page 30: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/30.jpg)
30SICK AGBernd Appel - Germany
Safety Implementation
� Hiperface DSL� Protocol overview� Safety architecture
� Safety function of DSL encoders
� Safety implementation
� Failure modes� Motor requirements� Drive requirements
� Documentation
![Page 31: Hiperface DSL – Combined with SafetySICK AG 1 Bernd Appel - Germany Hiperface DSL – Combined with Safety International TÜV Rheinland Symposium in China Functional Safety in Industrial](https://reader034.vdocuments.us/reader034/viewer/2022042213/5eb78efbe804c508714125b3/html5/thumbnails/31.jpg)
31SICK AGBernd Appel - Germany
Documentation
� Two categories of documentation
� Hiperface DSL documentation� General specification of
interface, protocol� Target: Drive
manufacturer
� Encoder documentation� Specific for each product series� Target: Drive and motor manufacturer
� Example: EKS/EKM36DSL Manual(non-safety)
Protocoldetails
DSL Safety Manual
Drive requirementsIP-Core
(interface) Manual
FPGA detailsIP-Core
(interface) datasheet
IP-Core characteristics
OperatingManual
Motor requirementsDatasheet
Encoder characteristics