General function description
The Safe Stop 1 function causes a rapid and safe stopping of a drive. It controls the drive to decelerate autonomously and finally activates the drive-internal Safe Torque Off (STO) safety-related function. As a result, the drive remains torque-free and the motor is no longer supplied with power. (In contrast, the Safe Stop 2 function finally monitors the standstill (similar to the SOS function) instead of STO.)
The active STO function results in a subsequent start-up/restart inhibit (see section below).
SS1 realizes a functional safety-related stop in accordance with stop category 1 according to EN 60204-1.
SS1 is the defined fallback function of the safety-related functions SLS1 to SLS4, SMS, SDIneg and SDIpos.
Monitoring by the safety-related FB/Safety Module
The monitoring behavior by the function block depends on the parameterization of the Safety Module:
If ramp monitoring is deactivated, monitoring is passive until the t2 time interval has elapsed (see figure and description below).
If ramp monitoring is activated, the Safety Module monitors the motor deceleration rate specified by the deceleration ramp.
In both cases, the SS1 function stops the motor and then initiates the STO function to set the drive torque-free.
The request of the safety-related function occurs at the beginning of the t1 time interval ('S_SS1_Request' signal in the diagram). t1 is set with the device parameter SS1_StartDelayTime[t1].
Within the t1 time interval, the standard (non-safety-related) controller also receives the request from the connected process and initiates the motion control function according to the logic and drive parameterization defined in the standard (non-safety-related) application.
After t1 has elapsed, the deceleration of the drive is executed. The maximum allowed duration t2 of this ramp-down phase is defined by the device parameter SS1_RampMonitoringTime[t2].
At the end of t2, STO is activated.
During t2, the deceleration can be monitored by setting the device parameter SS1_RampMonitoring = Activated.
If ramp monitoring is deactivated, the deceleration curve is not monitored. Even acceleration is allowed during the t2 interval. Standstill is enforced when t2 elapses by engaging the STO function.
If ramp monitoring is activated, the deceleration curve is monitored and must follow the parameterized ramp (as shown in the figure). Otherwise, STO is activated as the defined fallback function.
If zero speed has been achieved while t2 has not yet elapsed, a defined velocity tolerance (parameter SS1_MinRampVelocity[v2]) of the axis is allowed and monitored in respect with v2.
If the torque-free status of the drive has been achieved by the correct execution of the SS1 function, the function block switches S_SS1_SafetyActive = SAFETRUE (see diagram).
Otherwise, if the STO fallback function has been activated due to an error detected as described above, this is indicated by S_STO_SafetyActive = SAFETRUE.
Fallback function
If the parameterized SS1_RampMonitoringTime[t2] value is exceeded, or (in case of activated ramp monitoring) if the parameterized deceleration ramp is not respected as defined, or if the velocity tolerance (v2 in the figure) is exceeded, the STO function is automatically executed as the fallback function.
Application
The SS1 function is used if a controlled deceleration of the drive with a following torque-free standstill state is required, e.g., after a safety-relevant event.
SS1 is suitable to bring a large flywheel mass as quickly as possible to a halt or to slow down and come to a standstill from high drive speeds as fast as possible. Typical examples are grinding spindles, centrifuges, storage and retrieval devices.
Restart inhibit following SS1
After removing an SS1 function request by switching the S_SS1_Request input from SAFEFALSE to SAFETRUE, a restart inhibit is automatically activated to prevent the unintended restart of the axis. The restart inhibit is only removed if there is a positive signal edge at the Reset input of the safety-related function block.
Background: According to the relevant IEC 60204-1 standard, the SS1 function executes stop category 1. This stop category implies a subsequent restart inhibit.
Relevant Safety Module device parameters
How to edit the relevant safety-related device parameters: In the EcoStruxure Machine Expert - Safety 'Devices' window, ...
Left-click the Safety Module in the devices tree.
In the Device Parameterization editor on the right, scroll to the relevant parameter section (see table heading below).
Specify the parameters listed in the table below for this safety-related function.
NOTE:
For the most part, the parameters entered here are monitoring parameters. They define the monitoring behavior and thus determine if a safety-related function is executed as defined or if a fallback function is to be executed due to error detection. The actual drive parameterization (such as deceleration parameters, etc.) is defined by you in EcoStruxure Machine Expert. See topic "Functional description".
For detailed information on the value ranges and default values for these parameters, refer to the corresponding chapter for the safety module used in the "Safety Module Parameters and Process Data Items" guide.
|
Parameter section: Safe_Stop_1 |
|
|
SS1_StartDelayTime[t1] |
Delay time after which the monitoring of the safety-related function is started. This value must correspond to the time period, the entire motion control system needs to react, i.e., the time after which the standard (non-safety-related) controller is able to initiate the requested safety-related function after receiving the request coded as process data control word via the SERCOS bus. This interval is referred to as t1 in the timing diagram shown above. The value set here must be equal or greater than the entire system response time including the standard system response time. The value must not be smaller than the shortest possible total response time of the involved components, i.e., the earliest point in time, when the drive is able to decelerate. |
|
SS1_RampMonitoring |
|
|
SS1_MaxRampVelocity[v1] |
Parameter is only relevant if ramp monitoring is activated (see previous table line). The value influences the gradient of the deceleration ramp (see parameter SS1_RampMonitoring). |
|
SS1_RampMonitoringTime[t2] |
The parameter defines the duration in milliseconds after which speed zero has to be achieved (t2 in the figure) and STO is activated. If ramp monitoring is activated, the value influences the gradient of the deceleration ramp (see parameter SS1_RampMonitoring). |
|
SS1_MinRampVelocity[v2] |
Allowed velocity deviation (i.e., maximum speed) during standstill (v2 in the figure above). If the deviation exceeds the defined value, the STO function is activated as the fallback function. For the SS1 function, the position is monitored after zero speed has been achieved and while t2 has not yet elapsed, i.e., as long as STO is not yet active. If ramp monitoring is activated, the value influences the gradient of the deceleration ramp (see parameter SS1_RampMonitoring). |
NOTE:
The SS1 function operates like an STO function if no values are specified in the related device parameter section or if SS1_StartDelayTime[t1] and SS1_RampMonitoringTime[t2] are set to 0.
WARNING
NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS
Verify that the device parameters for the Safety Module correspond to your risk analysis.
Be sure that your risk analysis includes an evaluation for setting incorrectly device parameter values.
Validate the overall safety-related function with regard to the set device parameter values and thoroughly test the application.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Relevant FB inputs/outputs and bit in status word
Function monitoring request via FB input S_SS1_Request = SAFEFALSE
Function status indication via FB output S_SS1_SafetyActive (SAFETRUE = safety-related function activated)
and Bit 5 in the DWORD output at AxisStatus (TRUE = safety-related function activated).
