SafetyStateType describes the safety states of the motion devices and controllers. One motion device system is associated with one or more instances of the SafetyStateType.
The SafetyStateType was modelled directly in the MotionDeviceSystemType for the following reasons:
- The manufacturers of systems have different concepts where safety is functional located, e.g. the hardware and software implementation.
- The safety state typically applies to the entire robotic system. If multiple safety state instances are implemented in robotic systems, these can be represented by individual instances of the SafetyStateType and associated with the controller by reference.
The safety state is for informational purpose only and not intended for use with functional safety applications as defined in ISO 61508.
The SafetyStateType is formally defined in Table 28.
Figure 18 – Overview SafetyStateType
Table 28 – SafetyStateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
SafetyStateType |
||||
|
IsAbstract |
False |
||||
|
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the ComponentType defined in OPC Unified Architecture for Devices (DI) |
|||||
|
HasComponent |
Object |
EmergencyStopFunctions |
|
FolderType |
Optional |
|
HasComponent |
Object |
ProtectiveStopFunctions |
|
FolderType |
Optional |
|
HasComponent |
Object |
2:ParameterSet |
|
BaseObjectType |
Mandatory |
|
The following instance declarations are not defined by this type, but by the supertype ComponentType and repeated here for better readability |
|||||
|
HasProperty |
Variable |
2:ComponentName |
LocalizedText |
PropertyType |
Optional |
The ComponentName property provides a user writeable name provided by the vendor, integrator or user of the device. The ComponentName may be a default name given by the vendor. This property is defined by ComponentType defined in OPC UA DI.
EmergencyStopFunctions is a container for one or more instances of the EmergencyStopFunctionType. The number and names of emergency stop functions is vendor specific. When provided, this object contains a list of all emergency stop functions with names and current state. See description of EmergencyStopFunctionType for examples of emergency stop functions.
Table 29 – TypeDefinition of EmergencyStopFunctions of SafetyStateType
|
Attribute |
Value |
||||
|
BrowseName |
EmergencyStopFunctions |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
HasComponent |
Object |
<EmergencyStopFunctionIdentifier> |
|
EmergencyStopFunctionType |
Mandatory Placeholder |
Table 30 – ObjectType EmergencyStopFunctionType
|
Attribute |
Value |
||||
|
BrowseName |
EmergencyStopFunctionType |
||||
|
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the BaseObjectType defined in OPC Unified Architecture |
|||||
|
HasProperty |
Variable |
Name |
String |
PropertyType |
Mandatory |
|
HasComponent |
Variable |
Active |
Boolean |
BaseDataVariableType |
Mandatory |
Description of EmergencyStopFunctionType:
According to ISO 10218-1:2011 Ch.5.5.2 Emergency stop the robot shall have one or more emergency stop functions.
- The Name of the EmergencyStopFunctionType provides a manufacturer-specific emergency stop function identifier within the safety system.
The only named emergency stop function in the ISO 10218-1:2011 standard is the "Pendant emergency stop function". Other than that, the standard does not give any indication on naming of emergency stop functions.
- The Active variable is TRUE if this particular emergency stop function is active, e.g. that the emergency stop button is pressed, FALSE otherwise.
ProtectiveStopFunctions is a container for one or more instances of the ProtectiveStopFunctionType. The number and names of protective stop functions is vendor specific. When provided, this object contains a list of all protective stop functions with names and current state. See description of ProtectiveStopFunctionType for examples of protective stop functions.
Table 31 – TypeDefinition of ProtectiveStopFunctions of SafetyStateType
|
Attribute |
Value |
||||
|
BrowseName |
ProtectiveStopFunctions |
||||
|
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
HasComponent |
Object |
<ProtectiveStopFunctionIdentifier> |
|
ProtectiveStopFunctionType |
Mandatory Placeholder |
Table 32 – ObjectType ProtectiveStopFunctionType
|
Attribute |
Value |
||||
|
BrowseName |
ProtectiveStopFunctionType |
||||
|
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the BaseObjectType defined in OPC Unified Architecture |
|||||
|
HasProperty |
Variable |
Name |
String |
PropertyType |
Mandatory |
|
HasComponent |
Variable |
Enabled |
Boolean |
BaseDataVariableType |
Mandatory |
|
HasComponent |
Variable |
Active |
Boolean |
BaseDataVariableType |
Mandatory |
Description of ProtectiveStopFunctionType:
According to ISO 10218-1:2011 Ch.5.5.3 the robot shall have one or more protective stop functions designed for the connection of external protective devices.
- The Name of the ProtectiveStopFunctionType provides a manufacturer-specific protective stop function identifier within the safety system.
- The Enabled variable is TRUE if this protective stop function is currently supervising the system, FALSE otherwise. A protective stop function may or may not be enabled at all times, e.g. the protective stop function of the safety doors are typically enabled in automatic operational mode and disabled in manual mode. On the other hand for example, the protective stop function of the teach pendant enabling device is enabled in manual modes and disabled in automatic modes.
- The Active variable is TRUE if this particular protective stop function is active, i.e. that a stop is initiated, FALSE otherwise. If Enabled is FALSE then Active shall be FALSE.
Examples
The table below shows an example with a door interlock function. In this example, the door is only monitored during automatic modes. During manual modes, the operators may open the door without causing a protective stop.
Table 33 – Door Interlock Protective Stop Example
|
|
Automatic Mode |
Manual Mode |
||
|
Door interlock |
Enabled |
Active |
Enabled |
Active |
|
Door closed |
TRUE |
FALSE |
FALSE |
FALSE |
|
Door open |
TRUE |
TRUE |
FALSE |
FALSE |
The next example shows how the three-position enabling device normally found on teach pendants is processed. In this case it does not matter if the enabling device is pressed or not during automatic modes, while in manual modes, a protective stop is active as long as the enabling device is released or fully pressed.
Table 34 – Teach Pendant Enabling Device Protective Stop Example
|
|
Automatic Mode |
Manual Mode |
||
|
Teach Pendant Enabling Device |
Enabled |
Active |
Enabled |
Active |
|
Released |
FALSE |
FALSE |
TRUE |
TRUE |
|
Middle position |
FALSE |
FALSE |
TRUE |
FALSE |
|
Fully pressed (panic) |
FALSE |
FALSE |
TRUE |
TRUE |
Table 35 – ParameterSet of SafetyStateType
|
Attribute |
Value |
||||
|
BrowseName |
ParameterSet |
||||
|
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
HasComponent |
Variable |
OperationalMode |
OperationalModeEnumeration |
BaseDataVariableType |
Mandatory |
|
HasComponent |
Variable |
EmergencyStop |
Boolean |
BaseDataVariableType |
Mandatory |
|
HasComponent |
Variable |
ProtectiveStop |
Boolean |
BaseDataVariableType |
Mandatory |
Description of ParameterSet of SafetyStateType:
- Variable OperationalMode: The OperationalMode variable provides information about the current operational mode. Allowed values are described in OperationalModeEnumeration, see ISO 10218-1:2011 Ch.5.7 Operational Modes.
- Variable EmergencyStop: The EmergencyStop variable is TRUE if one or more of the emergency stop functions in the robot system are active, FALSE otherwise. If the EmergencyStopFunctions object is provided, then the value of this variable is TRUE if one or more of the listed emergency stop functions are active.
- Variable ProtectiveStop: The ProtectiveStop variable is TRUE if one or more of the enabled protective stop functions in the system are active, FALSE otherwise. If the ProtectiveStopFunctions object is provided, then the value of this variable is TRUE if one or more of the listed protective stop functions are enabled and active.
Table 36 – OperationalModeEnumeration
|
OperationalModeEnumeration |
||
|
OTHER |
0 |
This value is used when there is no valid operational mode. Examples are: - During system-boot - The system is not calibrated (and hence can not verify cartesian position values) - There is a failure in the safety system itself |
|
MANUAL_REDUCED_SPEED |
1 |
"Manual reduced speed" - name according to ISO 10218-1:2011 |
|
MANUAL_HIGH_SPEED |
2 |
"Manual high speed" - name according to ISO 10218-1:2011 |
|
AUTOMATIC |
3 |
"Automatic" - name according to ISO 10218-1:2011 |
|
AUTOMATIC_EXTERNAL |
4 |
"Automatic external" - Same as "Automatic" but with external control, e.g. by a PLC |