[go: up one dir, main page]

WO2009155993A1 - Système de sécurité d'une machine - Google Patents

Système de sécurité d'une machine Download PDF

Info

Publication number
WO2009155993A1
WO2009155993A1 PCT/EP2008/058301 EP2008058301W WO2009155993A1 WO 2009155993 A1 WO2009155993 A1 WO 2009155993A1 EP 2008058301 W EP2008058301 W EP 2008058301W WO 2009155993 A1 WO2009155993 A1 WO 2009155993A1
Authority
WO
WIPO (PCT)
Prior art keywords
safety
computing units
logic
safety system
building components
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2008/058301
Other languages
English (en)
Inventor
Roger Mellander
Johnny ÖBERG
Mats X KÄLLMAN
Per V Carlsson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ABB Research Ltd Switzerland
Original Assignee
ABB Research Ltd Switzerland
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ABB Research Ltd Switzerland filed Critical ABB Research Ltd Switzerland
Priority to PCT/EP2008/058301 priority Critical patent/WO2009155993A1/fr
Publication of WO2009155993A1 publication Critical patent/WO2009155993A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B25HAND TOOLS; PORTABLE POWER-DRIVEN TOOLS; MANIPULATORS
    • B25JMANIPULATORS; CHAMBERS PROVIDED WITH MANIPULATION DEVICES
    • B25J9/00Programme-controlled manipulators
    • B25J9/16Programme controls
    • B25J9/1674Programme controls characterised by safety, monitoring, diagnostic
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24186Redundant processors are synchronised
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24187Redundant processors run identical programs
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24189Redundant processors monitor same point, common parameters
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24192Configurable redundancy
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25163Transmit twice, redundant, same data on different channels, check each channel
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25268PLD programmable logic device

Definitions

  • the present invention relates to a safety system for a machine.
  • the system comprises two independent logic computing units for executing a safety function based on input data from two redundant data transmission channels providing the same safety inputs to each of the logic computing units, and a fault detecting unit configured to compare the outputs from each of the logic computing units and based on the result of the comparison detecting faults and sending safety control inputs to the machine.
  • a safety system for a machine performs one or more safety functions to ensure the safety of human working in the environment of an industrial process, and the machine as well.
  • a system may include safety elements, one or more logic computing units for executing the safety functions.
  • Typical safety ele- ments are, for example, sensors, switches or emergency push buttons.
  • the logic computing units are, for example, general- purpose computers, microprocessors, and a set of electric circuits.
  • a safety control input will be sent to the machine, for example, a stop input can be sent to the driving system of the machine to stop the operation of the machine.
  • a machine could be a valve, a pump, or a robot.
  • Reliability is a desired feature for such safety control systems and can be measured by so-called safety levels.
  • safety levels are defined in corresponding standards.
  • SIL safety integrity levels
  • EN 954-1 various safety categories are defined.
  • a high reliability of a safety system for example defined as SIL 2 in IEC 61508 or safety category 3 in EN 954-1 , is usually achieved by using two separate logic computing units to simultaneously execute the same safety function based on the same safety inputs from the safety elements. The operation results are then compared by a fault defecting unit in order to detect faults.
  • the system generates a control input for controlling the operation of a machine, for example a stop signal may be sent to stop the operation of the machine.
  • a safety system comprising two separate logic computing units and data inputs, transmitted via two redundant data channels, is denoted a safety system with dual data processing channels. Such a safety system enables a high level of safety because the system will continue to operate even in the event of a fault.
  • the system is further extended with supervision/monitoring modules to be able to feed back safety inputs coming from the logic computing units to the safety functions.
  • a recent patent application DE102006012042 presents a solution based on dual core processor architecture.
  • the application proposes a solution that uses a dual core processor as the logic computing units, the safety function carried out on each logic computing unit being implemented and executed on each core of the dual core processor.
  • the problem with the solution is that a main storage is commonly used by the processor cores for storing the safety function and some intermediate results, which creates a single failure point in the system.
  • the dual core architecture on which the system based is still quite expensive.
  • One object of the present invention is to provide a safety system for a machine which is compact and economic in construction.
  • Such a safety system comprises a programmable logic device comprising a plurality of independent programmable building components, two of which are programmed to implement two independent logic computing units for executing a safety function based on safety inputs from two redundant data transmission channels.
  • a programmable logic device is an electronic component including a plurality of independent programmable building components which can be used to build reconfigurable digital circuits.
  • a PLD has an undefined function at the time of manufacture and before it can be used it must be programmed.
  • Examples of PLD devices are a complex programmable logic device, denoted CPLD, and a field- programmable gate array, denoted FPGA.
  • the building components of a PLD can be hard processor units embedded in the PLD, soft processor units, and programmable logic blocks and interconnects which can be hardware programmed to perform logic functions. Most of PLD devices include memory.
  • a safety function is one or more logic operations performed on the inputs, such as safety signals, to the safety function and the output of the safety function is the result of the logic operations on the safety signals.
  • One of the advantages with the programmable logic device is compactness since it makes it possible to implement a safety system with two independent logic computing units on a single chip.
  • Another advantage is economic, meaning that a highly reliable safety system with dual data processing channels can be achieved at a cheaper hardware cost.
  • Such a safety control sys- tern according to invention is cost-effective per hardware.
  • Yet another advantage is, compared with a general-purpose computer or a microprocessor which usually has an operating system, that a programmable logic device has much less instructions, which means programming the safety function is easier than the one built on the general-purpose computer or a microprocessor.
  • each of the building components programmed to implement the logic computing units has its own memory.
  • PLD devices including the above mentioned building blocks having embedded memories.
  • a hard processor usually includes a program memory and a data memory
  • a soft processor may be configured to have its own memory too.
  • Even logic blocks have memory elements, for example, simple flip- flops or more complete blocks of memory. Having separate memories for the logic computing units achieves two totally separate logic computing units. Therefore, the problem with single failure point of a common used memory is eliminated.
  • the building component configured to implement each of the logic computing units is any of the following types: a hard processor unit, a soft processor unit, or at least one logic block programmed by hardware description language.
  • a hard processor unit can be, for example, an embedded microprocessor.
  • a soft processor is implemented within the programmable logic device and such a soft processor is reconfigurable to suit a specific program.
  • the third variant is when a hardware description language, denoted HDL, is used to create a hardware implementation of the software ap- plication.
  • two different types of building components are used to program the safety logic on each of the logic computing units.
  • one of the building components, implementing one of the com- puting units may include one or more logic blocks programmed by hardware description language, and the other building com- ponent, implementing the other computing unit, can be a soft processor, or the building components programmed to implement the two computing units can be a soft processor unit and a hard processor unit, or any combination of the above mentioned types of building components.
  • Using two different types of building components to implement the safety logic increases the safety of the system.
  • the system provides an ability to detect common mode faults/failures or systematic faults such as software design, coding defects that could be repro- cuted on both computing units. Therefore a high reliability is achieved.
  • one of the building components is configured to implement the fault detecting unit.
  • one of building components on the same programmable logic device is configured to perform a fault detecting function.
  • one of the building components on the same programmable logic device is programmed to synchronize the logic computing units.
  • the execution of the safety function on the two logic computing units is parallel, which means that the generated outputs from the two logic computing units may not come out simultaneously.
  • the synchronization unit ensures that the fault detecting unit compares the results generated by the computing units based on the same safety inputs.
  • two of the building components are configured as monitoring units for monitoring the current safety states from the computing units, each of the monitoring unit is configured to receive safety inputs from one of the computing units and provide feedback to the other computing unit. Since a computing unit itself can also generate faults, one building component is configured to monitor the faults coming from one computing unit. The safety inputs then will be sent back to another computing unit, which enables two computing units to monitor each other. Due to the fact that the programmable logic device includes a plurality of building components, the monitoring units can also be programmed on the same pro- grammable logic device. Therefore, the safety system may achieve high reliability and be compact in size.
  • the machine is an industrial robot comprising a control unit configured to generate safety inputs including an emergency stop input as the safety input to the logic computing units. Consequently such a safety system can be used as an industrial robot safety system to provide a solution that is highly reliable and economic and flexible as well. This feature increases the competition capability of a robot system.
  • a control unit for controlling an industrial robot comprising a safety system of the present invention.
  • the control unit is configured to gen- erate safety inputs including an emergency stop input to the logic computing units.
  • the safety system according to the invention is very suitable for use in a control unit of an industrial robot. Due to the fact that the safety system built on a programmable logic device has a compact size, it makes it easier to in- tegrate such a safety system into the control unit of a robot.
  • the programmable logic device is a field-programmable gate array, denoted FPGA, device.
  • a cyclic redundancy check is implemented to verify the contents on the whole or on parts of the field-programmable gate array in order to detect faults.
  • Parts that can be verified with the CRC can for example be the soft processor instead of jogging the instruction set as is done in a hard processor to verify if the hard processor is working as expected.
  • an FGPA chip it is even possible to partially reconfigure the FPGA chip to correct errors that has been detected by the cyclic CRC.
  • a cyclic CRC check on the entire FPGA can be implemented with, for example, an external small CPLD, or an internal CRC macro may be used to ensure a reliable safety system built on the FPGA chip.
  • At least one of the programmable building components is a soft processor.
  • the soft processor is provided with an internal register, and a parity check is implemented to detect bit errors on the internal register.
  • a parity check is implemented to detect bit errors on the internal register.
  • FPGA chip With an FPGA chip, it is possible to add one or more parity bits together with a parity check to detect bit errors on the inter- nal registers used by the soft processor, which enables to instantly detect any soft errors and eventually take corrective measures. This is yet another advantage over a safety system based on multi-core architecture where essentially two hard processors are used, and it is not possible today to perform a parity check to detect bit errors within the hard processors.
  • a programmable logic device comprises a plurality of building components, it can be used to build a safety system with a compact size but it is still at least as reliable as the prior art.
  • a safety system can be integrated with a control unit of a machinery system, for example an industrial robot system.
  • Fig. 1 shows a safety system for a machine implemented on a programmable logic device, according to an embodiment of the invention.
  • Fig. 2 shows an FPGA chip that includes a plurality of pro- grammable logic blocks and interconnects, and a periphery of input and output blocks.
  • Fig. 3 shows one possible combination of building components on a PLD device.
  • Fig. 4 shows another example of a proposed safety system, implemented on a programmable logic device, where the safety system is extended with two monitoring units implemented by the building components on the same programmable logic device.
  • FPGA field-programmable gate array
  • CPLD complex programmable logic device
  • Fig. 1 shows a safety system for a machine according to an embodiment of the invention implemented on a programmable logic device 1 , in this example an FPGA device.
  • the system comprises a first logic computing unit 2 and a second logic comput- ing unit 2', a fault detecting unit 4, and a synchronization unit 6.
  • Fig. 1 shows also a signal generation unit 12 that generates the safety inputs to the safety system and a machine 14 that is the safety controlling target of the system.
  • the machine 14 is, for example, an industrial robot.
  • the signal generation unit 12 can be, for example, be a teach pedant unit (TPU) connected to the control unit of the industrial robot.
  • the TPU may include an emergency stop button generating an emergency stop signal and an enabling button generating an enabling signal.
  • the safety input to the safety system includes the emergency stop signal and enabling signal from the TPU.
  • Other safety inputs can be a protective stop or other types of safety inputs.
  • the emergency stop signal is transmitted via dual redundant data channels 10, 10' to each of the computing units 2, 2', which means the same safety input is simultaneously transmitted through the data channels 10 and 10', to both computing units, and both computing units receive the same safety inputs when both channels work correctly. Dual data channels prevent loss of data when being transmitted via a single data channel. For example, if the channel 10 fails to transmit the safety inputs, the safety inputs may still be transmitted thorough the channel 10'.
  • the computing units 2, 2' are programmed to execute the same safety function. Upon receiving the safety input, the logic computing units 2, 2' execute the same safety function in parallel based on the same safety inputs.
  • a safety function may be, for example, a logic calculation of the states of several safety inputs, for example, an emergency stop button may be repre- sented in two states: ON or OFF. The output of the safety function is the result of the logic calculation.
  • the function of the fault detecting unit 4 is to compare the results generated by the computing units. If the generated result from one of the computing units is not the same as from the other one, a fault is detected, and consequently a safety control signal may be sent to the machine 14, for example a stop signal to stop the operation of the machine. Because the execution of the computing units is performed in parallel, the results generated by the computing units are synchronized by the synchroni- zation unit 6, which ensures that the results compared by fault detecting unit 4 are generated by the computing units 2, 2' based on the same safety inputs. To synchronize the results, for example, a timer may be used, meaning that the results should be compared within the time limit that the timer is set.
  • safety control signals are sent to the machine 14 via dual data channels 8, 8'.
  • the function of the dual data channels 8, 8' is similar to that of the dual data channels 10, 10', meaning that the same safety con- trol signal is redundantly transmitted to the machine 14 to retain the safety function.
  • a PLD comprises a plurality of building components. Building components used to implement the computing units 2,2', the synchronization unit 6, and the fault detecting unit 4 can be any of the following types: a hard processor embedded in the PLD, a soft processor, or hardware implementation though hardware description language.
  • Fig.2 shows an FPGA chip 50 that includes a plurality of programmable logic blocks 52 and programmable interconnects 54, as well as a periphery of input and output blocks 56.
  • Logic blocks can be programmed to perform the functions of basic logic gates such as AND, XOR, or more complex combinational functions such as decoders or mathematical functions. In most FPGAs, the logic blocks also include memory elements, for example simple flip-flops.
  • a hierarchy of programmable interconnections allows logic blocks to be interconnected as needed in the field by the system designer to perform desired functions. To program a desired function, a hardware description language is used to specify how to interconnect a set of logic blocks by working with the logic circuit diagram, or the source code of the function.
  • the logic blocks and programmable interconnects form a building block to perform the desired function.
  • a building component is configured to perform the de- sired safety function.
  • a cyclic redundancy check denoted CRC, may be implemented on the FPGA device to verify the contents on the whole or on parts of the FPGA in order to detect faults.
  • Fig. 3 shows one possible combination of building components on a PLD device 26, wherein the PLD device comprises an embedded hard processor 20, two reconfigurable soft processor 22, 22', and one building components 24 configured by a plurality of programmable logic blocks interconnected by a plurality of pro- grammable interconnects on a single chip. There may be still a plurality of unconfigured logic blocks and programmable interconnects on the same chip, and they can be programmed as building components, for example, the building components 24', 24" to perform some other logic functions if needed. How a building component is configured by a plurality of programmable logic blocks interconnected by a plurality of programmable interconnects depends on the function of the logic implements. Fig.
  • a PLD device may have other combinations; for example, it may comprise a soft processor and one and more building components configured by a plurality of programmable logic blocks interconnected by a plurality of programmable interconnects on a single chip; or two embedded hard processors and an array of soft processors and one and more building components configured by a plurality of programmable logic blocks interconnected by a plurality of programmable interconnects on a single chip.
  • the configuration is depending on the need of a system.
  • a soft processor commonly uses an internal register. If at least one of the programmable building components is a soft proces- sor, it is advantageous that the soft processor is provided with a parity check is implemented to detect bit errors on the internal register.
  • the soft processor 22 can be configured as the first computing logic unit 2, and the building components 24 can be configured as the second computing logic unit 2'; the fault detecting unit 4 can be implemented by another soft processor 22', and the synchronization unit 6 can be implemented on the hard processor 20.
  • the PLD device may be an FPGA chip, which itself is in the form of a complementary metal-oxide-semiconductor denoted CMOS.
  • CMOS complementary metal-oxide-semiconductor
  • Fig. 4 shows another example of a proposed safety system, implemented on a PLD device, according to an embodiment of the invention, where the safety system is extended with two monitoring units 40, 40'.
  • the safety system may program another two building components on the same PLD device, for example the building blocks 24' 24" shown in Fig. 3 to implement the monitoring units 40, 40'.
  • the other building components shown in the Fig. 3 are configured as the same as the example shown in Fig .1 .
  • the function of the monitoring units is to detect if there is any fault coming from the computing units themselves.
  • each of the monitoring units is configured to receive the outputs from one of the computing units 2, 2' and feed back the results to the other computing unit.
  • the results could be the same safety inputs as received by the computing units or the signals generated by the monitoring units based on the safety inputs.
  • the computing units can monitor each other to enable detecting more types of faults.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Robotics (AREA)
  • Mechanical Engineering (AREA)
  • Hardware Redundancy (AREA)

Abstract

La présente invention porte sur un système de sécurité d'une machine (14), le système comprenant deux unités de calcul logique indépendantes (2, 2') pour exécuter une fonction de sécurité basée sur des entrées de sécurité provenant de deux canaux de transmission de données redondantes (10, 10') transmettant les mêmes entrées de sécurité à chacune des unités de calcul logique, et une unité de détection d'anomalie (4) configurée pour comparer les sorties de chacune des unités de calcul logique et, sur la base du résultat de la comparaison, pour détecter des anomalies et transmettre un signal de commande de sécurité à la machine par l'intermédiaire de deux autres canaux de transmission de données redondantes (8, 8'). Le système comprend un dispositif logique programmable (1) comprenant une pluralité de composants fonctionnels de construction programmables indépendants, deux d’entre eux étant programmés pour mettre en œuvre lesdites unités de calcul logique.
PCT/EP2008/058301 2008-06-27 2008-06-27 Système de sécurité d'une machine Ceased WO2009155993A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/058301 WO2009155993A1 (fr) 2008-06-27 2008-06-27 Système de sécurité d'une machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/058301 WO2009155993A1 (fr) 2008-06-27 2008-06-27 Système de sécurité d'une machine

Publications (1)

Publication Number Publication Date
WO2009155993A1 true WO2009155993A1 (fr) 2009-12-30

Family

ID=40349974

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/058301 Ceased WO2009155993A1 (fr) 2008-06-27 2008-06-27 Système de sécurité d'une machine

Country Status (1)

Country Link
WO (1) WO2009155993A1 (fr)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2478178A (en) * 2010-02-25 2011-08-31 Endress & Hauser Gmbh & Co Kg Field device for determining or monitoring a physical or chemical process variable
WO2012004161A1 (fr) * 2010-07-05 2012-01-12 Endress+Hauser Gmbh+Co.Kg Appareil de terrain pour la détermination ou la surveillance d'une grandeur de processus physique ou chimique
WO2012159850A3 (fr) * 2011-05-23 2013-01-24 Pilz Gmbh & Co. Kg Procédé pour faire fonctionner un appareil de commande de sécurité
US8712727B2 (en) 2009-10-12 2014-04-29 Endress + Hauser Gmbh + Co. Kg Field device for determining or monitoring a physical or chemical process variable
EP2595018A3 (fr) * 2011-11-17 2014-12-03 Rockwell Automation Limited Procédé et appareil de contrôle du courant de sortie analogique
WO2016048627A1 (fr) * 2014-09-24 2016-03-31 Xilinx, Inc. Circuit intégré programmable avec sous-système de sécurité
US20170199299A1 (en) * 2016-01-07 2017-07-13 Sick Ag Method of Configuring and of Operating a Monitored Automated Work Cell and Configuration Apparatus
EP2672339A4 (fr) * 2011-01-31 2018-01-24 Mitsubishi Heavy Industries, Ltd. Dispositif de sécurité, et procédé de calcul de dispositif de sécurité
WO2019055257A1 (fr) * 2017-09-14 2019-03-21 Bae Systems Controls Inc. Utilisation d'un processeur multicœur pour atténuer les défauts de calcul en mode commun
EP3483675A1 (fr) * 2017-11-14 2019-05-15 Pilz GmbH & Co. KG Circuit d'entrée permettant une lecture protégée contre les erreurs d'un signal d'entrée analogique
EP3581343A1 (fr) * 2018-06-14 2019-12-18 Siemens Aktiengesellschaft Système de contrôle de sécurité pour un robot industriel et robot industriel
CN111331619A (zh) * 2020-04-26 2020-06-26 珠海格力电器股份有限公司 机器人的安全控制设备及机器人的控制方法、机器人
WO2020176473A1 (fr) * 2019-02-27 2020-09-03 Veo Robotics, Inc. Architecture de système pour applications de sécurité
CN115387917A (zh) * 2022-09-22 2022-11-25 国核自仪系统工程有限公司 基于fpga的机器故障的检测方法、系统、设备及介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020099455A1 (en) * 2000-11-09 2002-07-25 Derek Ward Programmable controller
WO2007057390A2 (fr) * 2005-11-16 2007-05-24 Abb Ab Procede et dispositif servant a commander le mouvement d'un robot industriel
US20080147206A1 (en) * 2004-08-30 2008-06-19 Abb Ab Control system for Real Time Applications for Cooperative Industrial Robots

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020099455A1 (en) * 2000-11-09 2002-07-25 Derek Ward Programmable controller
US20080147206A1 (en) * 2004-08-30 2008-06-19 Abb Ab Control system for Real Time Applications for Cooperative Industrial Robots
WO2007057390A2 (fr) * 2005-11-16 2007-05-24 Abb Ab Procede et dispositif servant a commander le mouvement d'un robot industriel

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DOBIAS R ET AL: "FPGA based design of the railway's interlocking equipments", DIGITAL SYSTEM DESIGN, 2004. DSD 2004. EUROMICRO SYMPOSIUM ON RENNES, FRANCE AUG. 31 - SEPT. 3, 2004, PISCATAWAY, NJ, USA,IEEE, 31 August 2004 (2004-08-31), pages 467 - 473, XP010723534, ISBN: 978-0-7695-2203-6 *
JOSEF BORCSOK ET AL: "Implementation of a 1oo2-RISC-architecture on FPGA for safety systems", COMPUTER SYSTEMS AND APPLICATIONS, 2008. AICCSA 2008. IEEE/ACS INTERNATIONAL CONFERENCE ON, IEEE, PISCATAWAY, NJ, USA, 31 March 2008 (2008-03-31), pages 1046 - 1051, XP031245085, ISBN: 978-1-4244-1967-8 *

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8712727B2 (en) 2009-10-12 2014-04-29 Endress + Hauser Gmbh + Co. Kg Field device for determining or monitoring a physical or chemical process variable
GB2478178B (en) * 2010-02-25 2014-10-01 Endress & Hauser Gmbh & Co Kg Field device for determining or monitoring a physical or chemical process variable
GB2478178A (en) * 2010-02-25 2011-08-31 Endress & Hauser Gmbh & Co Kg Field device for determining or monitoring a physical or chemical process variable
WO2012004161A1 (fr) * 2010-07-05 2012-01-12 Endress+Hauser Gmbh+Co.Kg Appareil de terrain pour la détermination ou la surveillance d'une grandeur de processus physique ou chimique
US9720386B2 (en) 2010-07-05 2017-08-01 Endress + Hauser Gmbh + Co. Kg Field device for determining or monitoring a physical or chemical, process variable
EP2672339A4 (fr) * 2011-01-31 2018-01-24 Mitsubishi Heavy Industries, Ltd. Dispositif de sécurité, et procédé de calcul de dispositif de sécurité
US9405278B2 (en) 2011-05-23 2016-08-02 Pilz Gmbh & Co. Kg Method for operating a safety control device
WO2012159850A3 (fr) * 2011-05-23 2013-01-24 Pilz Gmbh & Co. Kg Procédé pour faire fonctionner un appareil de commande de sécurité
CN103703423A (zh) * 2011-05-23 2014-04-02 皮尔茨公司 用于运行安全控制设备的方法
EP2595018A3 (fr) * 2011-11-17 2014-12-03 Rockwell Automation Limited Procédé et appareil de contrôle du courant de sortie analogique
US10222770B2 (en) 2011-11-17 2019-03-05 Rockwell Automation Limited Method and apparatus for analogue output current control
US9182754B2 (en) 2011-11-17 2015-11-10 Rockwell Automation Limited Method and apparatus for analogue output current control
EP2595019A3 (fr) * 2011-11-17 2014-12-03 Rockwell Automation Limited Procédé et appareil de contrôle du courant de sortie analogique
CN106716843B (zh) * 2014-09-24 2018-08-17 赛灵思公司 带有安全子系统的可编程ic
KR20170060028A (ko) * 2014-09-24 2017-05-31 자일링크스 인코포레이티드 안전 서브-시스템을 가지는 프로그램가능 ic
CN106716843A (zh) * 2014-09-24 2017-05-24 赛灵思公司 带有安全子系统的可编程ic
WO2016048627A1 (fr) * 2014-09-24 2016-03-31 Xilinx, Inc. Circuit intégré programmable avec sous-système de sécurité
KR102386719B1 (ko) 2014-09-24 2022-04-13 자일링크스 인코포레이티드 안전 서브-시스템을 가지는 프로그램가능 ic
US20170199299A1 (en) * 2016-01-07 2017-07-13 Sick Ag Method of Configuring and of Operating a Monitored Automated Work Cell and Configuration Apparatus
US10353767B2 (en) 2017-09-14 2019-07-16 Bae Systems Controls Inc. Use of multicore processor to mitigate common mode computing faults
WO2019055257A1 (fr) * 2017-09-14 2019-03-21 Bae Systems Controls Inc. Utilisation d'un processeur multicœur pour atténuer les défauts de calcul en mode commun
CN111213062A (zh) * 2017-09-14 2020-05-29 Bae系统控制有限公司 使用多核处理器减轻共模计算故障
JP2019091452A (ja) * 2017-11-14 2019-06-13 ピルツ ゲーエムベーハー ウント コー.カーゲーPilz GmbH & Co.KG アナログ入力信号のフェイルセーフ読み取りのための入力回路
EP3483675A1 (fr) * 2017-11-14 2019-05-15 Pilz GmbH & Co. KG Circuit d'entrée permettant une lecture protégée contre les erreurs d'un signal d'entrée analogique
JP7202151B2 (ja) 2017-11-14 2023-01-11 ピルツ ゲーエムベーハー ウント コー.カーゲー アナログ入力信号のフェイルセーフ読み取りのための入力回路
CN109787573A (zh) * 2017-11-14 2019-05-21 皮尔茨有限及两合公司 用于故障安全地读取模拟的输入信号的输入电路
EP3581343A1 (fr) * 2018-06-14 2019-12-18 Siemens Aktiengesellschaft Système de contrôle de sécurité pour un robot industriel et robot industriel
WO2020176473A1 (fr) * 2019-02-27 2020-09-03 Veo Robotics, Inc. Architecture de système pour applications de sécurité
US11543798B2 (en) 2019-02-27 2023-01-03 Veo Robotics, Inc. System architecture for safety applications
US11846916B2 (en) 2019-02-27 2023-12-19 Veo Robotics, Inc. System architecture for safety applications
CN111331619A (zh) * 2020-04-26 2020-06-26 珠海格力电器股份有限公司 机器人的安全控制设备及机器人的控制方法、机器人
CN111331619B (zh) * 2020-04-26 2023-08-25 珠海格力电器股份有限公司 机器人的安全控制设备及机器人的控制方法、机器人
CN115387917A (zh) * 2022-09-22 2022-11-25 国核自仪系统工程有限公司 基于fpga的机器故障的检测方法、系统、设备及介质

Similar Documents

Publication Publication Date Title
WO2009155993A1 (fr) Système de sécurité d'une machine
JP7202448B2 (ja) 安全性が要求されるプロセスを監視する自動化システム
JP5014899B2 (ja) 再構成可能デバイス
US20060200278A1 (en) Generic software fault mitigation
CN102841828B (zh) 逻辑电路中的故障检测和减轻
JP5368926B2 (ja) プログラマブル・ロジック・コントローラ、および、プログラマブル・ロジック・コントローラにおける故障診断方法
CN104281217B (zh) 微型计算机
CN108803557A (zh) 具有信号链锁步的用于高完整性的功能安全应用的装置
KR20170060028A (ko) 안전 서브-시스템을 가지는 프로그램가능 ic
CN100480913C (zh) 以安全为导向的控制系统
RU2597472C2 (ru) Способ и устройство для мониторинга устройства, оснащенного микропроцессором
Baig et al. An island-style-routing compatible fault-tolerant FPGA architecture with self-repairing capabilities
JP2011185875A (ja) 制御装置
Györök et al. Duplicated control unit based embedded fault-masking systems
US20120030524A1 (en) High reliability method of data processing, and controller unit
CN101681287B (zh) 处理器动作检查系统及动作检查电路
JP2014052781A (ja) Fpga監視制御回路
JP6736980B2 (ja) システムおよび半導体装置
Sundaram et al. Controller integrity in automotive failsafe system architectures
WO2020090034A1 (fr) Dispositif de traitement
Baig et al. A low-overhead multiple-SEU mitigation approach for SRAM-based FPGAs with increased reliability
JP4477739B2 (ja) 冗長系情報処理システム
CN101174135B (zh) 输入输出控制装置及方法、信息控制装置及方法
JP2018014102A (ja) コンピュータ化されたシステムおよび冗長システム
JP7267400B2 (ja) 安全性が要求されるプロセスを監視する自動化システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08774463

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08774463

Country of ref document: EP

Kind code of ref document: A1