[go: up one dir, main page]

WO2023077457A1 - Safety control system and safety controller for industrial robot - Google Patents

Safety control system and safety controller for industrial robot Download PDF

Info

Publication number
WO2023077457A1
WO2023077457A1 PCT/CN2021/129099 CN2021129099W WO2023077457A1 WO 2023077457 A1 WO2023077457 A1 WO 2023077457A1 CN 2021129099 W CN2021129099 W CN 2021129099W WO 2023077457 A1 WO2023077457 A1 WO 2023077457A1
Authority
WO
WIPO (PCT)
Prior art keywords
safety
circuit
controller
output
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2021/129099
Other languages
French (fr)
Chinese (zh)
Inventor
丁程润
林康华
李乐荣
张国柱
邹磊
陈文杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Midea Group Co Ltd
GD Midea Air Conditioning Equipment Co Ltd
KUKA Robotics Guangdong Co Ltd
Original Assignee
Midea Group Co Ltd
GD Midea Air Conditioning Equipment Co Ltd
KUKA Robotics Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Midea Group Co Ltd, GD Midea Air Conditioning Equipment Co Ltd, KUKA Robotics Guangdong Co Ltd filed Critical Midea Group Co Ltd
Priority to PCT/CN2021/129099 priority Critical patent/WO2023077457A1/en
Publication of WO2023077457A1 publication Critical patent/WO2023077457A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/048Monitoring; Safety

Definitions

  • the second aspect of the present application provides a safety control system for an industrial robot, the safety control system comprising:
  • the safety controller is the above-mentioned safety controller.
  • FIG. 9 is a schematic structural diagram of a seventh embodiment of a safety controller of the present application.
  • Fig. 12 is a schematic diagram of the first flow chart of the safety logic control performed by the safety controller of the present application.
  • Fig. 13 is a second schematic flow diagram of the safety logic control performed by the safety controller of the present application.
  • diagnosis circuit 101 is also used for connecting with the logic circuit 12 , for comparing the first safety control instruction output by the output circuit 13 with the first safety instruction output by the logic circuit 12 . Specifically, in response to the fact that the first safety control command output by the output circuit 13 is inconsistent with the first safety control command output by the logic circuit 12 , the diagnosis circuit 101 determines that the output circuit 13 is faulty. At the same time, the diagnostic circuit 101 can feed back the verification result to the logic circuit 12 , and then report to the main controller 40 of the industrial robot through the logic circuit 12 .
  • FIG. 9 is a schematic structural diagram of a seventh embodiment of the safety controller of the present application.
  • the safety controller 10 of this embodiment further includes a reset input acquisition circuit 16 and a power protection circuit 17.
  • the industrial robot is reset through the reset input acquisition circuit 16 and the power supply to the safety controller 10 is provided through the power protection circuit 17.
  • the safety monitoring of the power supply further improves the safety and reliability of the safety controller 10 and meets the safety standard requirements of Category 3 and Performance Level d.
  • the reset input acquisition circuit 16 is directly connected to an external reset button, and a reset signal is obtained by operating the reset button.
  • the reset input collection circuit 16 can also be connected to the input circuit 11 , and the input circuit 11 is further connected to a reset button, and the reset signal can be obtained through the input circuit 11 .
  • FIG. 11 is a schematic flowchart of a safety controller outputting a shutdown control command in the present application.
  • the safety controller 10 outputting the shutdown control instruction may include the following steps:
  • FIG. 12 is a schematic diagram of a first flowchart of safety logic control performed by the safety controller of the present application.
  • the safety logic control performed by the safety controller 10 in this embodiment may include the following steps:
  • Step S62 Start the timing and feed back the trigger state of the second shutdown to the main controller.
  • Step S68 Execute the disabling command.
  • the safety input device 110 is used to collect hazard trigger signals.
  • the hazard trigger signal may include an emergency stop signal, a safety door closing signal, an enabling stop signal, and the like.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)
  • Manipulator (AREA)

Abstract

A safety control system and safety controller (10) for an industrial robot. The safety controller (10) is integrated in a control cabinet (20) of an industrial robot and comprises: a logic circuit (12) for generating a first security instruction on the basis of state information of a security input device (50) of the industrial robot; an output circuit (13) for connecting to the logic circuit (12) and connecting to a servo controller (30) of the industrial robot, and transmitting the first security instruction to the servo controller (30), such that the servo controller (30) executes the first security instruction; and a diagnosis circuit (101) for connecting to the output circuit (13) so as to determine whether the transmission path from the output circuit (13) to the servo controller (30) has failed. Safety logic control of an industrial robot is achieved by using a small-size safety controller (10) while it is ensured that a servo controller (30) of the industrial robot can be effectively stopped.

Description

一种工业机器人的安全控制系统及安全控制器A safety control system and safety controller for an industrial robot 【技术领域】【Technical field】

本申请涉及工业机器人的安全控制领域,特别是涉及一种工业机器人的安全控制系统及安全控制器。The present application relates to the field of safety control of industrial robots, in particular to a safety control system and safety controller of industrial robots.

【背景技术】【Background technique】

随着工业自动化的推进,工业机器人的运用越来越多,在提高了工作效率的同时,工业机器人的安全功能技术成为研发设计中的重中之重。在工业机器人功能安全标准ISO 10218-1:2011和机械安全标准ISO 13849-1:2015中,要求工业机器人安全功能满足Category 3和Performance Level d。具体地,在工业机器人安全控制器中,安全输出需要双通道设计,并且带有反馈监控功能。With the advancement of industrial automation, more and more industrial robots are used. While improving work efficiency, the safety function technology of industrial robots has become the top priority in R&D and design. In the industrial robot functional safety standard ISO 10218-1:2011 and the mechanical safety standard ISO 13849-1:2015, the safety function of industrial robots is required to meet Category 3 and Performance Level d. Specifically, in the industrial robot safety controller, the safety output requires a dual-channel design with a feedback monitoring function.

【发明内容】【Content of invention】

本申请至少提供一种工业机器人的安全控制系统及安全控制器。The present application at least provides a safety control system and a safety controller of an industrial robot.

本申请第一方面提供了一种安全控制器,该安全控制器用于集成在工业机器人的控制柜中,该安全控制器包括:The first aspect of the present application provides a safety controller, the safety controller is used to be integrated in the control cabinet of the industrial robot, the safety controller includes:

逻辑电路,用于基于工业机器人的安全输入设备的状态信息产生第一安全指令;a logic circuit for generating a first safety instruction based on state information of a safety input device of an industrial robot;

输出电路,用于与逻辑电路连接,以及用于与工业机器人的伺服控制器连接,用于将第一安全指令传输给伺服控制器,以使伺服控制器执行第一安全指令;The output circuit is used for connecting with the logic circuit and for connecting with the servo controller of the industrial robot, and is used for transmitting the first safety instruction to the servo controller, so that the servo controller executes the first safety instruction;

诊断电路,用于与输出电路连接,以确定输出电路至伺服控制器的传输路径是否故障。The diagnostic circuit is used to connect with the output circuit to determine whether the transmission path from the output circuit to the servo controller is faulty.

本申请第二方面提供了一种工业机器人的安全控制系统,该安全控制系统包括:The second aspect of the present application provides a safety control system for an industrial robot, the safety control system comprising:

安全输入设备,用于采集危险触发信号;Safety input device for collecting hazard trigger signals;

控制柜;Control cabinet;

伺服控制器,设置在控制柜内,用于控制工业机器人;Servo controller, set in the control cabinet, used to control industrial robots;

主控制器,设置在控制柜内,用于控制伺服控制器;The main controller is set in the control cabinet and is used to control the servo controller;

安全控制器,设置在控制柜内;The safety controller is set in the control cabinet;

其中,安全控制器为上述的安全控制器。Wherein, the safety controller is the above-mentioned safety controller.

上述方案,通过将安全控制器用于集成在工业机器人的控制柜中,使用小体积的安全控制器实现对工业机器人的安全逻辑控制,同时提高系统的集成度,降低成本。此外,本申请安全控制器使用逻辑电路、输出电路以及诊断电路等硬件逻辑电路,以实现小体积、低成本、快响应速度、短开发与验证周期以及快安全认证流程的效果,同时安全控制器使用诊断电路对输出电路故障,以保证工业机器人的伺服控制器能有效的停止。In the above solution, by integrating the safety controller into the control cabinet of the industrial robot, a small-sized safety controller is used to realize the safety logic control of the industrial robot, and at the same time, the integration degree of the system is improved and the cost is reduced. In addition, the safety controller of this application uses hardware logic circuits such as logic circuits, output circuits, and diagnostic circuits to achieve the effects of small size, low cost, fast response speed, short development and verification cycle, and fast safety certification process. At the same time, the safety controller Use the diagnostic circuit to troubleshoot the output circuit to ensure that the servo controller of the industrial robot can be effectively stopped.

应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,而非限制本申请。It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

【附图说明】【Description of drawings】

此处的附图被并入说明书中并构成本说明书的一部分,这些附图示出了符合本申请的实施例,并与说明书一起用于说明本申请的技术方案。The accompanying drawings here are incorporated into the specification and constitute a part of the specification. These drawings show embodiments consistent with the application, and are used together with the description to describe the technical solution of the application.

图1是本申请安全控制器第一实施例的结构示意图;Fig. 1 is a schematic structural diagram of the first embodiment of the safety controller of the present application;

图2是本申请安全控制器第二实施例的结构示意图;Fig. 2 is a schematic structural diagram of the second embodiment of the safety controller of the present application;

图3是本申请安全控制器第三实施例的结构示意图;FIG. 3 is a schematic structural diagram of a third embodiment of the safety controller of the present application;

图4是本申请安全控制器第四实施例的结构示意图;Fig. 4 is a schematic structural diagram of a fourth embodiment of a safety controller of the present application;

图5是本申请安全控制器第五实施例的结构示意图;Fig. 5 is a schematic structural diagram of a fifth embodiment of the safety controller of the present application;

图6是本申请安全控制器第六实施例的结构示意图;Fig. 6 is a schematic structural diagram of the sixth embodiment of the safety controller of the present application;

图7是本申请安全控制器输出第一安全指令的第一流程示意图;Fig. 7 is a schematic diagram of a first flow chart of the safety controller outputting a first safety instruction in the present application;

图8是本申请安全控制器输出第一安全指令的第二流程示意图;Fig. 8 is a second schematic flow diagram of the safety controller outputting the first safety instruction in the present application;

图9是本申请安全控制器第七实施例的结构示意图;FIG. 9 is a schematic structural diagram of a seventh embodiment of a safety controller of the present application;

图10是本申请安全控制器进行复位操作的流程示意图;FIG. 10 is a schematic flow diagram of a reset operation performed by the safety controller of the present application;

图11是本申请安全控制器输出停机控制指令的流程示意图;Fig. 11 is a schematic flow chart of the application safety controller outputting a shutdown control command;

图12是本申请安全控制器进行安全逻辑控制的第一流程示意图;Fig. 12 is a schematic diagram of the first flow chart of the safety logic control performed by the safety controller of the present application;

图13是本申请安全控制器进行安全逻辑控制的第二流程示意图;Fig. 13 is a second schematic flow diagram of the safety logic control performed by the safety controller of the present application;

图14是本申请安全控制系统一实施例的结构示意图。Fig. 14 is a schematic structural diagram of an embodiment of the security control system of the present application.

【具体实施方式】【Detailed ways】

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。可以理解的是,此处所描述的具体实施例仅用于解释本申请,而非对本申请的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与本申请相关的部分而非全部结构。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. It should be understood that the specific embodiments described here are only used to explain the present application, but not to limit the present application. In addition, it should be noted that, for the convenience of description, only some structures related to the present application are shown in the drawings but not all structures. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

另外,本说明书中所使用的术语“第一”或“第二”等用于指代编号或序数的术语仅用于描述目的,而不能理解为明示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”或“第二”的特征可以明示或者隐含地包括至少一个该特征。在本说明书的描述中,“多个”的含义是至少两个,例如两个,三个或更多个等,除非另有明确具体的限定。In addition, terms such as "first" or "second" used in this specification to refer to numbers or ordinal numbers are used for descriptive purposes only, and should not be interpreted as express or implied relative importance or implied indications The number of technical characteristics. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of such features. In the description of this specification, "plurality" means at least two, such as two, three or more, etc., unless otherwise specifically defined.

在工业机器人功能安全标准ISO 10218-1:2011和机械安全标准ISO 13849-1:2015中,要求工业机器人安全功能满足Category 3和Performance Level d。本申请提供一种安全控制器,在满足Category 3和Performance Level d的基础上,实现小体积、高集成以及低成本。In the industrial robot functional safety standard ISO 10218-1:2011 and the mechanical safety standard ISO 13849-1:2015, the safety function of industrial robots is required to meet Category 3 and Performance Level d. This application provides a safety controller that realizes small size, high integration and low cost on the basis of meeting Category 3 and Performance Level d.

此外,本申请安全控制器使用逻辑电路、输出电路以及诊断电路等硬件逻辑电路,以实现小体积、低成本、快响应速度、短开发与验证周期以及快安全认证流程的效果,同时安全控制器使用诊断电路对输出电路故障,以保证工业机器人的伺服控制器能有效的停止。In addition, the safety controller of this application uses hardware logic circuits such as logic circuits, output circuits, and diagnostic circuits to achieve the effects of small size, low cost, fast response speed, short development and verification cycle, and fast safety certification process. At the same time, the safety controller Use the diagnostic circuit to troubleshoot the output circuit to ensure that the servo controller of the industrial robot can be effectively stopped.

请参阅图1,图1是本申请安全控制器第一实施例的结构示意图。如图1所示,安全控制器10集成于工业机器人的控制柜20中,工业机器人的控制柜20进一步集成有伺服控制器30与主控制器40,工业机器人的安全输入设备50设置于控制柜20外侧,具体可设置于控制柜20外壁上。Please refer to FIG. 1 . FIG. 1 is a schematic structural diagram of a first embodiment of a security controller of the present application. As shown in Figure 1, the safety controller 10 is integrated in the control cabinet 20 of the industrial robot, the control cabinet 20 of the industrial robot is further integrated with a servo controller 30 and a main controller 40, and the safety input device 50 of the industrial robot is arranged in the control cabinet 20, specifically, it can be arranged on the outer wall of the control cabinet 20.

其中,安全控制器10分别连接伺服控制器30、主控制器40以及安全输入设备50,伺服控制器30进一步连接主控制器40。Wherein, the safety controller 10 is respectively connected to the servo controller 30 , the main controller 40 and the safety input device 50 , and the servo controller 30 is further connected to the main controller 40 .

安全控制器10通过获取安全输入设备50的状态信息,进一步根据该状态信息输出安全指令至伺服控制器30,以通过伺服控制器30控制工业机器人停止工作。同时,安全控制器10还将该安全指令上报主控制器40,主控制器40基于安全指令禁能伺服控制器30,即停止 对伺服控制器30的使能输出。The safety controller 10 obtains the status information of the safety input device 50 , and further outputs a safety command to the servo controller 30 according to the status information, so as to control the industrial robot to stop working through the servo controller 30 . At the same time, the safety controller 10 also reports the safety instruction to the main controller 40, and the main controller 40 disables the servo controller 30 based on the safety instruction, that is, stops the enabling output to the servo controller 30.

具体地,安全控制器10基于安全输入设备50的状态信息输出安全指令至伺服控制器30,此时安全输入设备50的状态信息为危险触发状态信息,即为工业机器人发生运行故障需要停止工作时,安全输入设备50进行对应的操作,以使安全控制器10通过危险触发状态信息得知工业机器人发生故障,进而输出安全指令至伺服控制器30,伺服控制器30根据安全指令对工业机器人进行停机操作。Specifically, the safety controller 10 outputs safety instructions to the servo controller 30 based on the state information of the safety input device 50. At this time, the state information of the safety input device 50 is dangerous trigger state information, that is, when the industrial robot needs to stop working due to an operation failure. , the safety input device 50 performs corresponding operations, so that the safety controller 10 learns that the industrial robot has failed through the dangerous trigger state information, and then outputs a safety instruction to the servo controller 30, and the servo controller 30 stops the industrial robot according to the safety instruction operate.

安全控制器10还将该安全指令上报主控制器40,主控制器40基于安全指令得知此时的伺服控制器30对工业机器人进行停机操作,进一步输出禁能指令至伺服控制器30,以禁能伺服控制器30,停止对伺服控制器30的使能输出。其中,主控制器40输出禁能指令可在伺服控制器30完成对工业机器人进行停机操作后进行。The safety controller 10 also reports the safety instruction to the main controller 40, and the main controller 40 learns that the servo controller 30 is shutting down the industrial robot based on the safety instruction, and further outputs a disabling instruction to the servo controller 30, so as to The servo controller 30 is disabled, and the enable output to the servo controller 30 is stopped. Wherein, the main controller 40 may output the disabling command after the servo controller 30 finishes shutting down the industrial robot.

可选地,在本实施例中,安全输入设备50可包括急停开关、安全门、使能开关以及复位按键等。具体地,安全输入设备50可包括多种类型的安全输入设备50或多个同一类型的安全输入设备50。可选地,在其他实施例中,还可包括其他用于对工业机器人的安全性能进行监控的输入设备。Optionally, in this embodiment, the safety input device 50 may include an emergency stop switch, a safety door, an enabling switch, a reset button, and the like. Specifically, the safety input device 50 may include multiple types of safety input devices 50 or multiple safety input devices 50 of the same type. Optionally, in other embodiments, other input devices for monitoring the safety performance of the industrial robot may also be included.

具体地,本实施例安全控制器10包括输入电路11、逻辑电路12、输出电路13以及诊断电路101。输入电路11、逻辑电路12以及输出电路13,输入电路11连接逻辑电路12,逻辑电路12进一步连接输出电路13,诊断电路101连接输出电路13。Specifically, the safety controller 10 of this embodiment includes an input circuit 11 , a logic circuit 12 , an output circuit 13 and a diagnosis circuit 101 . The input circuit 11 , the logic circuit 12 and the output circuit 13 , the input circuit 11 is connected to the logic circuit 12 , the logic circuit 12 is further connected to the output circuit 13 , and the diagnosis circuit 101 is connected to the output circuit 13 .

其中,输入电路11用于与工业机器人的安全输入设备50连接,进而获取安全输入设备50的状态信息。Wherein, the input circuit 11 is used to connect with the safety input device 50 of the industrial robot, and then acquire the state information of the safety input device 50 .

逻辑电路12用于与工业机器人的主控制器40连接,用于基于安全输入设备50的状态信息产生第一安全指令,并将第一安全指令传输给输出电路13及主控制器40。The logic circuit 12 is used to connect with the main controller 40 of the industrial robot, and is used to generate a first safety instruction based on the state information of the safety input device 50 and transmit the first safety instruction to the output circuit 13 and the main controller 40 .

输出电路13用于与工业机器人的伺服控制器30连接,用于将第一安全指令传输给伺服控制器30,以使伺服控制器30执行第一安全指令,进一步控制工业机器人停机。The output circuit 13 is used to connect with the servo controller 30 of the industrial robot, and is used to transmit the first safety instruction to the servo controller 30, so that the servo controller 30 executes the first safety instruction, and further controls the shutdown of the industrial robot.

诊断电路101用于确定输出电路13至伺服控制器30的传输路径是否故障。The diagnostic circuit 101 is used to determine whether the transmission path from the output circuit 13 to the servo controller 30 is faulty.

本实施例安全控制器10设置输入电路11、逻辑电路12、输出电路13以及诊断电路101,通过硬件逻辑电路实现安全逻辑控制,满足Category 3和Performance Level d的安全标准要求。同时,使用诊断电路101对输出电路13至伺服控制器30的传输路径进行反馈监控,保证伺服控制器30能够有效的停止,提高安全控制器10的安全可靠性。The safety controller 10 of this embodiment is provided with an input circuit 11, a logic circuit 12, an output circuit 13, and a diagnostic circuit 101, and realizes safety logic control through hardware logic circuits, meeting the safety standard requirements of Category 3 and Performance Level d. At the same time, the diagnostic circuit 101 is used to monitor the transmission path from the output circuit 13 to the servo controller 30 to ensure that the servo controller 30 can effectively stop and improve the safety and reliability of the safety controller 10 .

结合图1,进一步参阅图2,图2是本申请安全控制器第二实施例的结构示意图。在本实施例中,输出电路13的数量为二,诊断电路101进一步用于对两个输出电路13的输出信号进行交叉验证。具体地,响应于两个输出电路13的输出信号不一致,确定输出电路13发生故障。In combination with FIG. 1 , further refer to FIG. 2 . FIG. 2 is a schematic structural diagram of a second embodiment of the safety controller of the present application. In this embodiment, the number of output circuits 13 is two, and the diagnosis circuit 101 is further used for cross-validating the output signals of the two output circuits 13 . Specifically, in response to the inconsistent output signals of the two output circuits 13, it is determined that the output circuit 13 is faulty.

其中,诊断电路101还用于与伺服控制器30连接,且用于基于任意一路输出电路13输出的第一安全指令与伺服控制器30对该第一安全指令的反馈信号确定该输出电路13与伺服控制器30之间的信号传输通道是否故障。进一步地,诊断电路101可同时对两个输出电路13与伺服控制器30之间的信号传输通道进行故障检测。Wherein, the diagnostic circuit 101 is also used to connect with the servo controller 30, and is used to determine the output circuit 13 and Whether the signal transmission channel between the servo controllers 30 is faulty. Further, the diagnostic circuit 101 can simultaneously detect faults in the signal transmission channels between the two output circuits 13 and the servo controller 30 .

进一步地,诊断电路101还用于与逻辑电路12连接,用于将输出电路13输出的第一安全控制指令与逻辑电路12输出的第一安全指令进行比较。具体地,响应于输出电路13输出的第一安全控制指令与逻辑电路12输出的第一安全指令不一致,诊断电路101确定输出电路13发生故障。同时,诊断电路101可将验证结果反馈至逻辑电路12,进而通过逻辑电路12 上报至工业机器人的主控制器40。Further, the diagnosis circuit 101 is also used for connecting with the logic circuit 12 , for comparing the first safety control instruction output by the output circuit 13 with the first safety instruction output by the logic circuit 12 . Specifically, in response to the fact that the first safety control command output by the output circuit 13 is inconsistent with the first safety control command output by the logic circuit 12 , the diagnosis circuit 101 determines that the output circuit 13 is faulty. At the same time, the diagnostic circuit 101 can feed back the verification result to the logic circuit 12 , and then report to the main controller 40 of the industrial robot through the logic circuit 12 .

进一步地,诊断电路101还用于将信号传输通道的故障信息或输出电路13的故障信息反馈给输出电路13,输出电路13将相应的故障信息反馈给逻辑电路12,以通过逻辑电路12将故障信息上报给工业机器人的主控制器40,使得主控制器40禁能伺服控制器30;或者,诊断电路101进一步用于切断伺服控制器30的电源。Further, the diagnostic circuit 101 is also used to feed back the fault information of the signal transmission channel or the fault information of the output circuit 13 to the output circuit 13, and the output circuit 13 feeds back the corresponding fault information to the logic circuit 12, so that the fault can be detected by the logic circuit 12. The information is reported to the main controller 40 of the industrial robot, so that the main controller 40 disables the servo controller 30 ; or, the diagnosis circuit 101 is further used to cut off the power supply of the servo controller 30 .

具体地,由于安全控制器10包括两个输出电路13,形成有两路输出电路13至伺服控制器30的传输路径,响应于两路传输路径均发生故障时,主控制器40禁能伺服控制器30或诊断电路101切断伺服控制器30的电源。Specifically, since the safety controller 10 includes two output circuits 13, there are two transmission paths from the two output circuits 13 to the servo controller 30, and when the two transmission paths fail, the main controller 40 disables the servo control The controller 30 or the diagnostic circuit 101 cuts off the power of the servo controller 30.

当其中任意一路传输路径均发生故障,且另一传输路径正常工作时,安全控制器10仍能输出第一安全指令至伺服控制器30,以控制伺服控制器30执行第一安全指令,此时无需禁能伺服控制器30或切断伺服控制器30的电源。When any one of the transmission paths fails and the other transmission path works normally, the safety controller 10 can still output the first safety instruction to the servo controller 30 to control the servo controller 30 to execute the first safety instruction. There is no need to disable the servo controller 30 or cut off the power of the servo controller 30 .

本实施例通过使用两个输出电路13,保证其中任一输出电路13发生故障时,仍能正常工作,提高安全控制器10的安全可靠性,同时满足Category 3和Performance Level d的安全标准要求。In this embodiment, two output circuits 13 are used to ensure that any one of the output circuits 13 can still work normally when a failure occurs, thereby improving the safety and reliability of the safety controller 10 and meeting the safety standards of Category 3 and Performance Level d.

结合图2,进一步参阅图3,图3是本申请安全控制器第三实施例的结构示意图。如图3所示,本实施例进一步包括安全保护电路102,分别与输出电路13及伺服控制器30连接,用于实现对输出电路13的故障保护,并将经安全保护电路102输出的第一安全指令传输给诊断电路101及伺服控制器30。In combination with FIG. 2 , further refer to FIG. 3 . FIG. 3 is a schematic structural diagram of a third embodiment of the safety controller of the present application. As shown in Figure 3, the present embodiment further includes a safety protection circuit 102, which is respectively connected with the output circuit 13 and the servo controller 30, and is used to realize the failure protection of the output circuit 13, and the first The safety command is transmitted to the diagnosis circuit 101 and the servo controller 30 .

具体地,安全保护电路102的数量为二,一安全保护电路102分别连接一输出电路13与伺服控制器30,另一安全保护电路102分别连接另一输出电路13与伺服控制器30。其中,安全保护电路102可实现对输出电路13的过流、短路等故障保护功能以及输出反馈采集功能。Specifically, the number of safety protection circuits 102 is two, one safety protection circuit 102 is respectively connected to an output circuit 13 and the servo controller 30 , and the other safety protection circuit 102 is respectively connected to another output circuit 13 and the servo controller 30 . Among them, the safety protection circuit 102 can realize the function of protecting the output circuit 13 from failures such as overcurrent and short circuit, as well as the function of collecting output feedback.

本实施例通过设置两个安全保护电路102,分别用于对两个输出电路13进行故障保护,进一步提高安全控制器10的安全可靠性。In this embodiment, two safety protection circuits 102 are provided to respectively protect the two output circuits 13 from failure, so as to further improve the safety and reliability of the safety controller 10 .

结合图3,进一步参阅图4,图4是本申请安全控制器第四实施例的结构示意图。如图4所示,本实施例逻辑电路12包括初级电路121以及次级电路122。In combination with FIG. 3 , further refer to FIG. 4 . FIG. 4 is a schematic structural diagram of a fourth embodiment of the safety controller of the present application. As shown in FIG. 4 , the logic circuit 12 of this embodiment includes a primary circuit 121 and a secondary circuit 122 .

其中,初级电路121与输入电路11连接,用于将多个安全输入设备50的状态信息进行整合处理,并将整合处理后的状态信息传输至次级电路122。Wherein, the primary circuit 121 is connected with the input circuit 11 , and is used for integrating the status information of multiple safety input devices 50 , and transmitting the integrated status information to the secondary circuit 122 .

具体地,初级电路121可对多个安全输入设备50的状态信息进行并行-串行转换。其中,每一安全输入设备50的状态信息可为一脉冲信号,多个脉冲信号的波形不同,初级电路121对多个脉冲信号进行整合,以输出一个包含多个脉冲信号信息的信号。Specifically, the primary circuit 121 can perform parallel-to-serial conversion on state information of a plurality of safety input devices 50 . The state information of each safety input device 50 can be a pulse signal, and the waveforms of the multiple pulse signals are different, and the primary circuit 121 integrates the multiple pulse signals to output a signal containing the information of the multiple pulse signals.

次级电路122分别与初级电路121及输出电路13连接,用于基于整合处理后的状态信息产生第一安全指令,并将第一安全指令传输给输出电路13,进而通过输出电路13将第一安全指令传输至伺服控制器30。The secondary circuit 122 is respectively connected with the primary circuit 121 and the output circuit 13, and is used to generate a first safety instruction based on the integrated and processed state information, and transmit the first safety instruction to the output circuit 13, and then transmit the first safety instruction through the output circuit 13. The safety command is transmitted to the servo controller 30 .

其中,次级电路122接收初级电路121输出的信号,通过判断该信号与正常状态下的多个脉冲信号整合信号相是否同,若不相同,则证明至少一个安全输入设备50的状态信息发生变化,同时基于该判断产生第一安全指令。并且,次级电路122还可进一步判断是由具体哪一安全输入设备50的状态信息发生变化。Wherein, the secondary circuit 122 receives the signal output by the primary circuit 121, by judging whether the signal is the same as the multiple pulse signal integration signals in the normal state, if not, it proves that the state information of at least one safety input device 50 has changed , and at the same time generate a first safety instruction based on the judgment. Moreover, the secondary circuit 122 can further determine which specific safety input device 50 has its state information changed.

进一步地,在本实施例中,安全控制器10还包括交互电路14,交互电路14用于与次级电路122以及工业机器人的主控制器40连接,用于从主控制器40获取工业机器人的工作模式,以使次级电路122在对应的工作模式下基于整合后的状态信息产生第一安全指令。其中, 次级电路122还可通过交互电路14将整合后的状态信息、第一安全指令、次级电路122的故障信息及初级电路121的故障信息的任一或其组合上报给主控制器40。Further, in this embodiment, the safety controller 10 also includes an interactive circuit 14, the interactive circuit 14 is used to connect with the secondary circuit 122 and the main controller 40 of the industrial robot, and is used to obtain the information of the industrial robot from the main controller 40. the working mode, so that the secondary circuit 122 generates the first security instruction based on the integrated state information in the corresponding working mode. Wherein, the secondary circuit 122 can also report any one or a combination of the integrated status information, the first safety instruction, the fault information of the secondary circuit 122 and the fault information of the primary circuit 121 to the main controller 40 through the interactive circuit 14 .

其中,交互电路14包括与次级电路122连接的第一端以及与主控制器40连接的第二端,第二端的接口与主控制器40的接口匹配设置,不需要额外设置转接端口,提高了安全控制器10的适用性。Wherein, the interactive circuit 14 includes a first end connected to the secondary circuit 122 and a second end connected to the main controller 40, the interface of the second end is matched with the interface of the main controller 40, and no additional transfer ports are required. The applicability of the safety controller 10 is improved.

诊断电路101进一步连接次级电路122,以通过与次级电路122连接的交互电路14将输出电路13至伺服控制器30的信号传输通道的故障信息或输出电路13的故障信息上报至主控制器40。The diagnostic circuit 101 is further connected to the secondary circuit 122 to report the fault information of the signal transmission channel from the output circuit 13 to the servo controller 30 or the fault information of the output circuit 13 to the main controller through the interactive circuit 14 connected to the secondary circuit 122 40.

本实施例安全控制器10通过设置交互电路14获取主控制器40下发的工业机器人的工作模式,同时上报故障信息至主控制器40,满足Category 3和Performance Level d的安全标准要求。In this embodiment, the safety controller 10 acquires the working mode of the industrial robot issued by the main controller 40 by setting the interactive circuit 14, and reports the fault information to the main controller 40 at the same time, meeting the safety standard requirements of Category 3 and Performance Level d.

其中,工业机器人的工作模式包括自动模式和手动模式,当工业机器人的工作模式为自动模式时,次级电路122基于整合后的状态信息产生第一安全指令的流程示意图如图3所示,当工业机器人的工作模式为手动模式时,次级电路122基于整合后的状态信息产生第一安全指令的流程示意图如图4所示。Wherein, the working mode of the industrial robot includes an automatic mode and a manual mode. When the working mode of the industrial robot is the automatic mode, the flow diagram of the secondary circuit 122 generating the first safety instruction based on the integrated state information is shown in FIG. 3 , when When the working mode of the industrial robot is the manual mode, the flowchart of the secondary circuit 122 generating the first safety command based on the integrated state information is shown in FIG. 4 .

结合图4,进一步参阅图7,图7是本申请安全控制器输出第一安全指令的第一流程示意图。具体而言,本实施例安全控制器10输出第一安全指令可以包括以下步骤:In combination with FIG. 4 , further refer to FIG. 7 . FIG. 7 is a schematic diagram of a first flow chart of the safety controller outputting the first safety instruction in the present application. Specifically, in this embodiment, the safety controller 10 outputting the first safety instruction may include the following steps:

步骤S11:判断工业机器人是否处于自动模式。Step S11: Determine whether the industrial robot is in automatic mode.

其中,次级电路122通过交互电路14与主控制器40连接,以通过主控制器40获取工业机器人的工作模式。当次级电路122获取工业机器人的工作模式为自动模式,则执行步骤S12。Wherein, the secondary circuit 122 is connected with the main controller 40 through the interactive circuit 14 , so as to obtain the working mode of the industrial robot through the main controller 40 . When the secondary circuit 122 acquires that the working mode of the industrial robot is the automatic mode, step S12 is executed.

步骤S12:根据相关输入信息进行处理。Step S12: Process according to relevant input information.

其中,在本实施例中,安全输入设备50具体为急停开关与安全门,次级电路122还用于接收输出电路13的反馈信息以及伺服控制器30的反馈信息,则相关输入信息可包括急停开关的状态信息、安全门的状态信息、输出电路13的反馈信息以及伺服控制器30的反馈信息。Wherein, in this embodiment, the safety input device 50 is specifically an emergency stop switch and a safety door, and the secondary circuit 122 is also used to receive feedback information from the output circuit 13 and the feedback information from the servo controller 30, and the relevant input information may include emergency The state information of the stop switch, the state information of the safety door, the feedback information of the output circuit 13 and the feedback information of the servo controller 30.

具体地,次级电路122获取相关输入信息,进一步执行步骤S13、步骤14与步骤15。其中,步骤S13、步骤14与步骤15可同时或按顺序执行,步骤S13、步骤14与步骤15之间的顺序可根据实际需要调整,本实施例对此不做限定。Specifically, the secondary circuit 122 acquires relevant input information, and further executes step S13 , step 14 and step 15 . Wherein, step S13, step 14, and step 15 may be performed simultaneously or sequentially, and the order of step S13, step 14, and step 15 may be adjusted according to actual needs, which is not limited in this embodiment.

步骤S13:判断急停开关是否发生故障。Step S13: Determine whether the emergency stop switch is faulty.

其中,急停开关包括断开状态与接通状态,具体可为断开设置与按下设置。当急停开关处于正常状态时,急停开关为断开设置,此时急停开关的状态信息则为正常状态信息;当急停开关发生故障时,急停开关为按下设置,此时急停开关的状态信息则为危险触发状态信息。Wherein, the emergency stop switch includes an off state and an on state, which can specifically be an off setting and a pressing setting. When the emergency stop switch is in the normal state, the emergency stop switch is disconnected, and the state information of the emergency stop switch is normal state information; when the emergency stop switch fails, the emergency stop switch is set to be pressed, and the emergency The state information of the stop switch is the danger trigger state information.

具体地,若次级电路122通过急停开关的状态信息判断急停开关为正常状态时,则返回步骤S12。Specifically, if the secondary circuit 122 judges that the emergency stop switch is in a normal state according to the status information of the emergency stop switch, then return to step S12.

步骤S14:判断安全门是否发生故障。Step S14: Determine whether the safety door is faulty.

其中,安全门具体包括打开状态与闭合状态。当安全门处于正常状态时,安全门为闭合状态,此时安全门的状态信息则为正常状态信息;当安全门发生故障时,安全门为打开状态,此时安全门的状态信息则为危险触发状态信息。Wherein, the safety door specifically includes an open state and a closed state. When the safety door is in a normal state, the safety door is closed, and the state information of the safety door is normal state information; when the safety door fails, the safety door is in an open state, and the state information of the safety door is dangerous trigger state information.

具体地,若次级电路122通过安全门的状态信息判断安全门为正常状态时,则返回步骤S12。Specifically, if the secondary circuit 122 judges that the safety door is in a normal state according to the state information of the safety door, it returns to step S12.

步骤S15:判断输出电路的反馈信息与伺服控制器的反馈信息是否不一致。Step S15: judging whether the feedback information of the output circuit is inconsistent with the feedback information of the servo controller.

其中,输出电路13的反馈信息可为输出电路13接收次级电路122输出的指令信息,具体可包括接收到第一安全指令,以及未接收到第一安全指令。Wherein, the feedback information of the output circuit 13 may be the instruction information output by the output circuit 13 received from the secondary circuit 122 , which specifically may include receiving the first safety instruction and not receiving the first safety instruction.

伺服控制器30的反馈信息可为伺服控制器30的状态信息,具体可包括正常工作状态以及STO停机状态。其中,区别于接收禁能指令,STO停机状态下的伺服控制器30仍然接收主控制器40的使能输出,当工业机器人完成安全停机并解决故障后,伺服控制器30可直接控制工业机器人启动,此时伺服控制器30能够正常工作,没有断电。The feedback information of the servo controller 30 may be status information of the servo controller 30 , specifically, may include a normal working state and an STO shutdown state. Among them, different from receiving the disabling command, the servo controller 30 in the STO shutdown state still receives the enable output of the main controller 40. When the industrial robot completes a safe shutdown and solves the fault, the servo controller 30 can directly control the industrial robot to start. , at this moment, the servo controller 30 can work normally without power failure.

具体地,次级电路122接收到输出电路13的反馈信息为未接收到第一安全指令,且接收到伺服控制器30的反馈信息为正常工作状态时;或次级电路122接收到输出电路13的反馈信息为接收到第一安全指令,且接收到伺服控制器30的反馈信息为STO停机状态时,则次级电路122判断输出电路13的反馈信息与伺服控制器30的反馈信息一致,并返回步骤S12。Specifically, when the secondary circuit 122 receives the feedback information from the output circuit 13 that it has not received the first safety instruction, and receives the feedback information from the servo controller 30 that it is in a normal working state; or the secondary circuit 122 receives the output circuit 13 The feedback information is that the first safety instruction is received, and the feedback information received from the servo controller 30 is the STO stop state, the secondary circuit 122 judges that the feedback information of the output circuit 13 is consistent with the feedback information of the servo controller 30, and Return to step S12.

次级电路122接收到输出电路13的反馈信息为接收到第一安全指令,且接收到伺服控制器30的反馈信息为正常工作状态时,则次级电路122判断输出电路13的反馈信息与伺服控制器30的反馈信息不一致。When the secondary circuit 122 receives the feedback information from the output circuit 13 as receiving the first safety instruction, and receives the feedback information from the servo controller 30 as a normal working state, then the secondary circuit 122 judges that the feedback information of the output circuit 13 is consistent with the servo The feedback information from the controller 30 is inconsistent.

次级电路122响应于安全输入设备50的急停开关及安全门的状态信息均为危险触发状态信息,且输出电路13的反馈信息与伺服控制器30的反馈信息不一致时,执行步骤S16。When the secondary circuit 122 responds that the state information of the emergency stop switch and the safety door of the safety input device 50 are dangerous trigger state information, and the feedback information of the output circuit 13 is inconsistent with the feedback information of the servo controller 30, step S16 is executed.

步骤S16:产生第一安全指令。Step S16: Generate a first security instruction.

其中,第一安全指令具体为STO停机命令,伺服控制器30基于第一安全指令控制工业机器人的转矩关断,进而控制工业机器人停止工作。Wherein, the first safety command is specifically an STO shutdown command, and the servo controller 30 controls the torque off of the industrial robot based on the first safety command, and then controls the industrial robot to stop working.

本实施例次级电路122通过基于工业机器人的自动模式输出第一安全指令,进一步通过第一安全指令对工业机器人实现转矩关断,能够满足Category 3和Performance Level d的安全标准要求。In this embodiment, the secondary circuit 122 outputs the first safety instruction based on the automatic mode of the industrial robot, and further implements the torque off of the industrial robot through the first safety instruction, which can meet the safety standard requirements of Category 3 and Performance Level d.

结合图4,进一步参阅图8,图8是本申请安全控制器输出第一安全指令的第二流程示意图。具体而言,本实施例安全控制器10输出第一安全指令可以包括以下步骤:In combination with FIG. 4 , further refer to FIG. 8 . FIG. 8 is a schematic diagram of a second flow chart of the safety controller outputting the first safety command in the present application. Specifically, in this embodiment, the safety controller 10 outputting the first safety instruction may include the following steps:

步骤S21:判断工业机器人是否处于手动模式。Step S21: Determine whether the industrial robot is in manual mode.

其中,次级电路122通过交互电路14与主控制器40连接,以通过主控制器40获取工业机器人的工作模式。当次级电路122获取工业机器人的工作模式为手动模式,则执行步骤S22。Wherein, the secondary circuit 122 is connected with the main controller 40 through the interactive circuit 14 , so as to obtain the working mode of the industrial robot through the main controller 40 . When the secondary circuit 122 obtains that the working mode of the industrial robot is the manual mode, step S22 is executed.

步骤S22:根据相关输入信息进行处理。Step S22: Process according to relevant input information.

其中,在本实施例中,安全输入设备50具体为急停开关与使能开关,次级电路122还用于接收输出电路13的反馈信息以及伺服控制器30的反馈信息,则相关输入信息可包括急停开关的状态信息、使能开关的状态信息、输出电路13的反馈信息以及伺服控制器30的反馈信息。Wherein, in this embodiment, the safety input device 50 is specifically an emergency stop switch and an enable switch, and the secondary circuit 122 is also used to receive feedback information from the output circuit 13 and the feedback information from the servo controller 30, and the relevant input information can be It includes the state information of the emergency stop switch, the state information of the enabling switch, the feedback information of the output circuit 13 and the feedback information of the servo controller 30 .

具体地,次级电路122获取相关输入信息,进一步执行步骤S23、步骤24与步骤25。其中,步骤S23、步骤24与步骤25可同时或按顺序执行,步骤S23、步骤24与步骤25之间的顺序可根据实际需要调整,本实施例对此不做限定。Specifically, the secondary circuit 122 obtains relevant input information, and further executes step S23 , step 24 and step 25 . Wherein, step S23, step 24, and step 25 may be performed simultaneously or sequentially, and the order of step S23, step 24, and step 25 may be adjusted according to actual needs, which is not limited in this embodiment.

步骤S23:判断急停开关是否发生故障。Step S23: Determine whether the emergency stop switch is faulty.

其中,急停开关包括断开状态与接通状态,具体可为断开设置与按下设置。当急停开关处于正常状态时,急停开关为断开设置,此时急停开关的状态信息则为正常状态信息;当急停开关发生故障时,急停开关为按下设置,此时急停开关的状态信息则为危险触发状态信息。Wherein, the emergency stop switch includes an off state and an on state, which can specifically be an off setting and a pressing setting. When the emergency stop switch is in the normal state, the emergency stop switch is disconnected, and the state information of the emergency stop switch is normal state information; when the emergency stop switch fails, the emergency stop switch is set to be pressed, and the emergency stop switch is The state information of the stop switch is the danger trigger state information.

具体地,若次级电路122通过急停开关的状态信息判断急停开关为正常状态时,则返回步骤S22。Specifically, if the secondary circuit 122 judges that the emergency stop switch is in a normal state according to the state information of the emergency stop switch, then return to step S22.

步骤S24:判断使能开关是否发生故障。Step S24: Judging whether the enabling switch fails.

其中,使能开关具体包括断开状态与接通状态,具体可为释放设置与按下设置。当使能开关处于正常状态时,使能开关为按下设置,此时使能开关的状态信息则为正常状态信息;当使能开关发生故障时,使能开关为释放设置,此时使能开关的状态信息则为危险触发状态信息。Wherein, the enabling switch specifically includes an off state and an on state, which can specifically be a release setting and a pressing setting. When the enabling switch is in the normal state, the enabling switch is set to be pressed, and the state information of the enabling switch is normal state information at this time; when the enabling switch fails, the enabling switch is set to be released, and the enabling The state information of the switch is the state information of danger triggering.

具体地,若次级电路122通过使能开关的状态信息判断使能开关为正常状态时,则返回步骤S22。Specifically, if the secondary circuit 122 judges that the enabling switch is in a normal state according to the status information of the enabling switch, then return to step S22.

步骤S25:判断输出电路的反馈信息与伺服控制器的反馈信息是否不一致。Step S25: judging whether the feedback information of the output circuit is inconsistent with the feedback information of the servo controller.

其中,输出电路13的反馈信息可为输出电路13接收次级电路122输出的指令信息,具体可包括接收到第一安全指令,以及未接收到第一安全指令。Wherein, the feedback information of the output circuit 13 may be the instruction information output by the output circuit 13 received from the secondary circuit 122 , which specifically may include receiving the first safety instruction and not receiving the first safety instruction.

伺服控制器30的反馈信息可为伺服控制器30的状态信息,具体可包括正常工作状态以及STO停机状态。The feedback information of the servo controller 30 may be status information of the servo controller 30 , specifically, may include a normal working state and an STO shutdown state.

具体地,次级电路122接收到输出电路13的反馈信息为未接收到第一安全指令,且接收到伺服控制器30的反馈信息为正常工作状态时;或次级电路122接收到输出电路13的反馈信息为接收到第一安全指令,且接收到伺服控制器30的反馈信息为STO停机状态时,则次级电路122判断输出电路13的反馈信息与伺服控制器30的反馈信息一致,并返回步骤S22。Specifically, when the secondary circuit 122 receives the feedback information from the output circuit 13 that it has not received the first safety instruction, and receives the feedback information from the servo controller 30 that it is in a normal working state; or the secondary circuit 122 receives the output circuit 13 The feedback information is that the first safety instruction is received, and the feedback information received from the servo controller 30 is the STO stop state, the secondary circuit 122 judges that the feedback information of the output circuit 13 is consistent with the feedback information of the servo controller 30, and Return to step S22.

次级电路122接收到输出电路13的反馈信息为接收到第一安全指令,且接收到伺服控制器30的反馈信息为正常工作状态时,则次级电路122判断输出电路13的反馈信息与伺服控制器30的反馈信息不一致。When the secondary circuit 122 receives the feedback information from the output circuit 13 as receiving the first safety instruction, and receives the feedback information from the servo controller 30 as a normal working state, then the secondary circuit 122 judges that the feedback information of the output circuit 13 is consistent with the servo The feedback information from the controller 30 is inconsistent.

次级电路122响应于安全输入设备50的急停开关及使能开关的状态信息均为危险触发状态信息,且输出电路13的反馈信息与伺服控制器30的反馈信息不一致时,执行步骤S26。When the secondary circuit 122 responds that the state information of the emergency stop switch and the enable switch of the safety input device 50 are dangerous trigger state information, and the feedback information of the output circuit 13 is inconsistent with the feedback information of the servo controller 30, step S26 is executed.

步骤S26:产生第一安全指令。Step S26: Generate a first security instruction.

其中,第一安全指令具体为STO停机命令,伺服控制器30基于第一安全指令控制工业机器人的转矩关断,进而控制工业机器人停止工作。Wherein, the first safety command is specifically an STO shutdown command, and the servo controller 30 controls the torque off of the industrial robot based on the first safety command, and then controls the industrial robot to stop working.

结合图4,进一步参阅图5,图5是本申请安全控制器第五实施例的结构示意图。如图5所示,在第四实施例的基础上,本实施例次级电路122的数量为二,每个次级电路122分别与初级电路121、输出电路13以及诊断电路101连接。In combination with FIG. 4 , further refer to FIG. 5 . FIG. 5 is a schematic structural diagram of a fifth embodiment of the safety controller of the present application. As shown in FIG. 5 , on the basis of the fourth embodiment, the number of secondary circuits 122 in this embodiment is two, and each secondary circuit 122 is connected to the primary circuit 121 , the output circuit 13 and the diagnostic circuit 101 respectively.

本实施例次级电路122通过基于工业机器人的手动模式输出第一安全指令,进一步通过第一安全指令对工业机器人实现转矩关断,能够满足Category 3和Performance Level d的安全标准要求。In this embodiment, the secondary circuit 122 outputs the first safety instruction based on the manual mode of the industrial robot, and further implements the torque off of the industrial robot through the first safety instruction, which can meet the safety standard requirements of Category 3 and Performance Level d.

进一步地,安全控制器10还包括交叉验证电路15,分别与两个次级电路122连接,用于对两个次级电路122的输出信号进行交叉验证,以确定次级电路122是否发生故障。其中,次级电路122的输出信号至少包括整合后的状态信息以及第一安全指令。Further, the safety controller 10 also includes a cross-validation circuit 15 , which is respectively connected to the two secondary circuits 122 and used for cross-validating the output signals of the two secondary circuits 122 to determine whether the secondary circuit 122 is faulty. Wherein, the output signal of the secondary circuit 122 at least includes the integrated status information and the first safety instruction.

具体地,交叉验证电路15获取两个次级电路122的输出信号,并对两个输出信号所包含的整合后的状态信息以及第一安全指令进行比较,具体进行两个整合后的状态信息之间的比较以及两个第一安全指令之间的比较。Specifically, the cross-validation circuit 15 obtains the output signals of the two secondary circuits 122, and compares the integrated state information contained in the two output signals and the first security instruction, and specifically performs a comparison between the two integrated state information. comparison between and between two first safety instructions.

本实施例通过交叉验证电路15对两个次级电路122的输出信号进行交叉验证,进一步提高安全控制器10的安全可靠性,同时满足Category 3和Performance Level d的安全标准要求。In this embodiment, the cross-validation circuit 15 performs cross-validation on the output signals of the two secondary circuits 122 to further improve the safety and reliability of the safety controller 10 and meet the safety standards of Category 3 and Performance Level d.

结合图5,进一步参阅图6,图6是本申请安全控制器第六实施例的结构示意图。如图6所示,在第五实施例的基础上,本实施例初级电路121的数量为二,一初级电路121分别与 输入电路11及一次级电路122连接,另一初级电路121分别与输入电路11及另一次级电路122连接。In combination with FIG. 5 , further refer to FIG. 6 . FIG. 6 is a schematic structural diagram of a sixth embodiment of the safety controller of the present application. As shown in Figure 6, on the basis of the fifth embodiment, the number of primary circuits 121 in this embodiment is two, one primary circuit 121 is connected to the input circuit 11 and one secondary circuit 122 respectively, and the other primary circuit 121 is connected to the input circuit 121 respectively. The circuit 11 and another secondary circuit 122 are connected.

交叉验证电路15分别与两个初级电路121连接,用于对两个初级电路121的输出信号进行交叉验证,以确定初级电路121是否发生故障。其中,初级电路121的输出信号包括整合后的状态信息。本实施例通过交叉验证电路15对两个初级电路121的输出信号进行交叉验证,进一步提高安全控制器10安全可靠性。The cross-validation circuit 15 is connected to the two primary circuits 121 respectively, and is used for cross-validating the output signals of the two primary circuits 121 to determine whether the primary circuit 121 is faulty. Wherein, the output signal of the primary circuit 121 includes the integrated state information. In this embodiment, the cross-validation circuit 15 performs cross-validation on the output signals of the two primary circuits 121 to further improve the safety and reliability of the safety controller 10 .

结合图6,进一步参阅图9,图9是本申请安全控制器第七实施例的结构示意图。如图9所示,本实施例安全控制器10进一步包括复位输入采集电路16以及电源保护电路17,通过复位输入采集电路16对工业机器人进行复位以及通过电源保护电路17对安全控制器10的供电电源进行安全监控,进一步提高安全控制器10的安全可靠性,同时满足Category 3和Performance Level d的安全标准要求。In combination with FIG. 6 , further refer to FIG. 9 . FIG. 9 is a schematic structural diagram of a seventh embodiment of the safety controller of the present application. As shown in FIG. 9 , the safety controller 10 of this embodiment further includes a reset input acquisition circuit 16 and a power protection circuit 17. The industrial robot is reset through the reset input acquisition circuit 16 and the power supply to the safety controller 10 is provided through the power protection circuit 17. The safety monitoring of the power supply further improves the safety and reliability of the safety controller 10 and meets the safety standard requirements of Category 3 and Performance Level d.

其中,复位输入采集电路16与次级电路122连接,用于输入复位信号,次级电路122接收到复位信号后,基于整合后的状态信息为正常未触发而清空第一安全指令。具体地,复位输入采集电路16分别与两个次级电路122连接,分别向两个次级电路122输入复位信号,以使安全控制器10进行复位操作,两个次级电路122根据整合后的状态信息为正常未触发而清空第一安全指令。Wherein, the reset input acquisition circuit 16 is connected with the secondary circuit 122 for inputting a reset signal, and after receiving the reset signal, the secondary circuit 122 clears the first security instruction based on the integrated state information as normal and not triggered. Specifically, the reset input acquisition circuit 16 is respectively connected to the two secondary circuits 122, and respectively inputs reset signals to the two secondary circuits 122, so that the safety controller 10 performs a reset operation, and the two secondary circuits 122 The state information is that the first safety instruction is cleared because it is not triggered normally.

具体地,次级电路122清空第一安全指令具体可为停止输出第一安全指令,或输出一正常工作指令以替换第一安全指令。Specifically, clearing the first safety command by the secondary circuit 122 may specifically stop outputting the first safety command, or output a normal working command to replace the first safety command.

可选地,在本实施例中,复位输入采集电路16与外接的复位按键直接连接,通过对复位按键的操作以获取复位信号。可选地,在其他实施例中,复位输入采集电路16还可与输入电路11连接,输入电路11进一步连接复位按键,通过输入电路11获取复位信号。Optionally, in this embodiment, the reset input acquisition circuit 16 is directly connected to an external reset button, and a reset signal is obtained by operating the reset button. Optionally, in other embodiments, the reset input collection circuit 16 can also be connected to the input circuit 11 , and the input circuit 11 is further connected to a reset button, and the reset signal can be obtained through the input circuit 11 .

结合图9,进一步参阅图10,图10是本申请安全控制器进行复位操作的流程示意图。具体而言,本实施例安全控制器10进行复位操作可以包括以下步骤:In combination with FIG. 9 , further refer to FIG. 10 . FIG. 10 is a schematic flowchart of a reset operation performed by the security controller of the present application. Specifically, the reset operation of the safety controller 10 in this embodiment may include the following steps:

步骤S31:获取工业机器人的工作状态。Step S31: Obtain the working status of the industrial robot.

其中,次级电路122通过交互电路14与主控制器40连接,以通过主控制器40获取工业机器人的工作模式。Wherein, the secondary circuit 122 is connected with the main controller 40 through the interactive circuit 14 , so as to obtain the working mode of the industrial robot through the main controller 40 .

具体地,次级电路122判断工业机器人为自动模式时,则执行步骤S32;次级电路122判断工业机器人为手动模式时,则执行步骤S37。Specifically, when the secondary circuit 122 judges that the industrial robot is in the automatic mode, step S32 is executed; when the secondary circuit 122 judges that the industrial robot is in the manual mode, step S37 is executed.

步骤S32:根据相关输入信息进行处理。Step S32: Process according to relevant input information.

其中,在本实施例中,相关输入信息可包括机器人工作模式为自动模式、急停开关的状态信息、安全门的状态信息以及复位信号。Wherein, in this embodiment, the relevant input information may include whether the working mode of the robot is automatic mode, status information of the emergency stop switch, status information of the safety door, and a reset signal.

步骤S33:判断是否接收到复位信号。Step S33: Determine whether a reset signal is received.

其中,当次级电路122判断接收到复位信号时,则执行步骤S34;当次级电路122判断未接收到复位信号时,则返回步骤S32。Wherein, when the secondary circuit 122 judges that the reset signal is received, step S34 is performed; when the secondary circuit 122 judges that the reset signal is not received, the process returns to step S32.

步骤S34:判断急停开关是否处于正常工作状态。Step S34: Judging whether the emergency stop switch is in a normal working state.

其中,急停开关的正常工作状态为释放状态,具体可为断开设置,此时状态信息则为正常状态信息。而急停开关发生故障时,此时状态信息则为危险触发状态信息。Wherein, the normal working state of the emergency stop switch is the released state, which can be specifically set to be disconnected, and the state information at this time is the normal state information. When the emergency stop switch fails, the state information at this time is the danger trigger state information.

具体地,当次级电路122获取急停开关的状态信息,通过状态信息判断急停开关处于正常工作状态且无发生故障时,则执行步骤S35,否则则返回步骤S32。Specifically, when the secondary circuit 122 obtains the state information of the emergency stop switch, and judges that the emergency stop switch is in a normal working state and no fault occurs according to the state information, then step S35 is executed, otherwise, step S32 is returned.

步骤S35:判断安全门是否处于正常工作状态。Step S35: Judging whether the safety door is in a normal working state.

其中,安全门的正常工作状态为闭合状态,具体可为关闭设置,此时状态信息则为正常状态信息。而安全门发生故障时,此时状态信息则为危险触发状态信息。Wherein, the normal working state of the safety door is the closed state, which can be specifically set to be closed, and the state information at this time is the normal state information. When the safety door fails, the state information at this time is the danger trigger state information.

具体地,当次级电路122获取安全门的状态信息,通过状态信息判断安全门处于正常工作状态且无发生故障时,则执行步骤S36,否则则返回步骤S32。Specifically, when the secondary circuit 122 obtains the status information of the safety door, and judges that the safety door is in a normal working state and no fault occurs according to the status information, step S36 is executed, otherwise, step S32 is returned.

步骤S36:清空第一安全指令。Step S36: Empty the first security instruction.

其中,当次级电路122判断以已收到复位信号,且急停开关与安全门均处于无故障的正常状态时,则判断工业机器人已恢复正常工作状态,进一步清空第一安全指令,防止第一安全指令输出影响工业机器人正常工作。Wherein, when the secondary circuit 122 judges that the reset signal has been received, and the emergency stop switch and the safety door are in a normal state without failure, it is judged that the industrial robot has returned to the normal working state, and the first safety instruction is further cleared to prevent the first The output of safety instructions affects the normal operation of industrial robots.

步骤S37:根据相关输入信息进行处理。Step S37: Process according to relevant input information.

其中,在本实施例中,相关输入信息可包括机器人工作模式为手动模式、急停开关的状态信息以及是否接收到复位信号。Wherein, in this embodiment, the relevant input information may include whether the working mode of the robot is the manual mode, status information of the emergency stop switch, and whether a reset signal is received.

步骤S38:判断是否接收到复位信号。Step S38: Judging whether a reset signal is received.

其中,当次级电路122判断接收到复位信号时,则执行步骤S39;当次级电路122判断未接收到复位信号时,则返回步骤S37。Wherein, when the secondary circuit 122 judges that the reset signal is received, step S39 is performed; when the secondary circuit 122 judges that the reset signal is not received, the process returns to step S37.

步骤S39:判断急停开关是否处于正常工作状态。Step S39: Judging whether the emergency stop switch is in a normal working state.

其中,次级电路122获取急停开关的状态信息,通过状态信息判断急停开关处于正常工作状态且无发生故障时,则执行步骤S36,否则则返回步骤S32。Wherein, the secondary circuit 122 acquires the state information of the emergency stop switch, and if it is judged from the state information that the emergency stop switch is in a normal working state and no fault occurs, then step S36 is executed; otherwise, step S32 is returned.

本实施例通过复位输入采集电路16输入复位信号,判断解决工业机器人的故障之后,实现对工业机器人工作状态的复位,满足Category 3和Performance Level d的安全标准要求。In this embodiment, the reset signal is input through the reset input acquisition circuit 16, and after the fault of the industrial robot is judged and resolved, the working state of the industrial robot is reset, meeting the safety standard requirements of Category 3 and Performance Level d.

如图9所示,电源保护电路17分别与输出电路13及供电电源18连接,电源保护电路17基于供电电源18的故障产生第二安全指令,输出电路13将第二安全指令传输给伺服控制器30,以使伺服控制器30执行第二安全指令。其中,第二安全指令具体可为STO停机命令,伺服控制器30基于第二安全指令控制工业机器人的转矩关断,进而控制工业机器人停止工作。As shown in Figure 9, the power protection circuit 17 is connected with the output circuit 13 and the power supply 18 respectively, the power protection circuit 17 generates a second safety instruction based on the failure of the power supply 18, and the output circuit 13 transmits the second safety instruction to the servo controller 30, so that the servo controller 30 executes the second safety instruction. Wherein, the second safety command may specifically be an STO stop command, and the servo controller 30 controls the torque off of the industrial robot based on the second safety command, and then controls the industrial robot to stop working.

可选地,在本实施例中,供电电源18用于为安全控制器10提供工作电压,电源保护电路17用于对供电电源18进行过流、短路、过压以及欠压故障检测。具体地,供电电源18可为集成于控制柜20的内部电源,也可为外接电源。Optionally, in this embodiment, the power supply 18 is used to provide an operating voltage for the safety controller 10 , and the power protection circuit 17 is used to detect overcurrent, short circuit, overvoltage and undervoltage faults on the power supply 18 . Specifically, the power supply 18 may be an internal power supply integrated in the control cabinet 20 or an external power supply.

结合图9,进一步参阅图11,图11是本申请安全控制器输出停机控制指令的流程示意图。具体而言,本实施例安全控制器10输出停机控制指令可以包括以下步骤:In combination with FIG. 9 , further refer to FIG. 11 . FIG. 11 is a schematic flowchart of a safety controller outputting a shutdown control command in the present application. Specifically, in this embodiment, the safety controller 10 outputting the shutdown control instruction may include the following steps:

步骤S41:判断工业机器人是否处于运行状态。Step S41: Determine whether the industrial robot is in a running state.

其中,安全控制器10对工业机器人的工作状态进行判断,只有判断工业机器人处于运行状态时,才需要对工业机器人进行安全逻辑控制,进一步执行步骤S42。Wherein, the safety controller 10 judges the working state of the industrial robot, and only when it is judged that the industrial robot is in the running state, it needs to perform safety logic control on the industrial robot, and step S42 is further executed.

步骤S42:根据相关输入信息进行处理。Step S42: Process according to relevant input information.

其中,本实施例相关输入信息包括是否接收到第一安全指令与第二安全指令。Wherein, the relevant input information in this embodiment includes whether the first safety instruction and the second safety instruction are received.

具体地,输出电路13获取相关输入信息,进一步执行步骤S43与步骤44。其中,步骤S43与步骤44可同时或按顺序执行,步骤S43与步骤44之间的顺序可根据实际需要调整,本实施例对此不做限定。Specifically, the output circuit 13 acquires relevant input information, and further executes step S43 and step 44 . Wherein, step S43 and step 44 may be performed simultaneously or sequentially, and the sequence between step S43 and step 44 may be adjusted according to actual needs, which is not limited in this embodiment.

步骤S43:判断是否收到第一安全指令。Step S43: Determine whether the first security instruction is received.

其中,当输出电路13判断接收到第一安全指令时,则执行步骤S45;当输出电路13判断未接收到第一安全指令时,则返回步骤S42。Wherein, when the output circuit 13 judges that the first safety instruction is received, step S45 is executed; when the output circuit 13 judges that the first safety instruction is not received, the step S42 is returned.

步骤S44:判断是否收到第二安全指令。Step S44: Determine whether the second security instruction is received.

其中,当输出电路13判断接收到第二安全指令时,则执行步骤S45;当输出电路13判断未接收到第二安全指令时,则返回步骤S42。Wherein, when the output circuit 13 judges that the second security instruction is received, step S45 is performed; when the output circuit 13 judges that the second security instruction is not received, the process returns to step S42.

步骤S45:输出停机控制指令至伺服控制器。Step S45: Outputting a shutdown control command to the servo controller.

其中,由于第一安全指令与第二安全指令均为STO停机命令,输出电路13可根据其中任一者对伺服控制器30输出停机控制指令,也可根据两者对伺服控制器30输出停机控制指令。Wherein, since both the first safety instruction and the second safety instruction are STO shutdown commands, the output circuit 13 can output a shutdown control instruction to the servo controller 30 according to any one of them, and can also output a shutdown control instruction to the servo controller 30 according to both. instruction.

本实施例分别或同时通过第一安全指令与第二安全指令实现对伺服控制器30输出停机控制指令,进一步提高安全控制器10的安全可靠性,满足Category 3和Performance Level d的安全标准要求。In this embodiment, the first safety instruction and the second safety instruction are used to output the shutdown control instruction to the servo controller 30 separately or simultaneously, so as to further improve the safety and reliability of the safety controller 10 and meet the safety standards of Category 3 and Performance Level d.

在IEC 60204-1定义中,安全停机包括停机类别0和停机类别1,本实施例提供两种具体安全逻辑控制方式,以使安全控制器10分别实现停机类别0和停机类别1的安全停机。In the definition of IEC 60204-1, safe shutdown includes shutdown category 0 and shutdown category 1. This embodiment provides two specific safety logic control modes, so that the safety controller 10 can respectively realize the safe shutdown of shutdown category 0 and shutdown category 1.

具体地,逻辑电路12配置有第一工作模式与第二工作模式。一方面,在第一工作模式下,逻辑电路12将第一安全指令通过输出电路13传输给伺服控制器30以及主控制器40,以使伺服控制器30执行第一安全指令,且使主控制器40禁能伺服控制器30,则安全控制器10实现停机类别0的安全停机。Specifically, the logic circuit 12 is configured with a first working mode and a second working mode. On the one hand, in the first working mode, the logic circuit 12 transmits the first safety instruction to the servo controller 30 and the main controller 40 through the output circuit 13, so that the servo controller 30 executes the first safety instruction, and the main controller If the controller 40 disables the servo controller 30, the safety controller 10 realizes a safety shutdown of the shutdown category 0.

具体安全逻辑控制步骤请结合图9,进一步参阅图12,图12是本申请安全控制器进行安全逻辑控制的第一流程示意图。具体而言,本实施例安全控制器10进行安全逻辑控制可以包括以下步骤:Please refer to FIG. 9 for specific safety logic control steps, and further refer to FIG. 12 . FIG. 12 is a schematic diagram of a first flowchart of safety logic control performed by the safety controller of the present application. Specifically, the safety logic control performed by the safety controller 10 in this embodiment may include the following steps:

步骤S51:触发第一类别安全停机。Step S51: triggering a first category safety shutdown.

其中,在本实施例中,第一类别安全停机即为停机类别0的安全停机。在判断触发第一类别安全停机,安全控制器10进一步执行步骤S52以及步骤S54。其中,步骤S52以及步骤S54可同时或按顺序执行,步骤S52以及步骤S54之间的顺序可根据实际需要调整,本实施例对此不做限定。Wherein, in this embodiment, the first category of safety shutdown is the safety shutdown of shutdown category 0. After judging that the safety shutdown of the first category is triggered, the safety controller 10 further executes steps S52 and S54. Wherein, step S52 and step S54 may be performed simultaneously or sequentially, and the sequence between step S52 and step S54 may be adjusted according to actual needs, which is not limited in this embodiment.

步骤S52:输出第一安全指令至伺服控制器。Step S52: Outputting the first safety command to the servo controller.

其中,安全控制器10触发第一类别安全停机,逻辑电路12工作于第一工作模式,并且将第一安全指令通过输出电路13输出至伺服控制器30,伺服控制器30进一步执行步骤S53。Wherein, the safety controller 10 triggers the first type of safety shutdown, the logic circuit 12 works in the first working mode, and outputs the first safety instruction to the servo controller 30 through the output circuit 13, and the servo controller 30 further executes step S53.

步骤S53:执行第一安全指令。Step S53: Execute the first security instruction.

其中,伺服控制器30接收到第一安全指令,执行第一安全指令,实现工业机器人的扭矩关断,以使工业机器人停止工作。Wherein, the servo controller 30 receives the first safety instruction, executes the first safety instruction, and realizes the torque off of the industrial robot, so that the industrial robot stops working.

步骤S54:反馈第一停机触发状态至主控制器。Step S54: Feedback the first shutdown trigger state to the main controller.

其中,当工业机器人停止工作后,安全控制器10将伺服控制器30的状态信息反馈至主控制器40,此时伺服控制器30的状态信息为第一停机触发状态,主控制器40进一步执行步骤S55。Wherein, when the industrial robot stops working, the safety controller 10 feeds back the state information of the servo controller 30 to the main controller 40, and the state information of the servo controller 30 is the first shutdown trigger state, and the main controller 40 further executes Step S55.

步骤S55:禁能伺服控制器。Step S55: Disable the servo controller.

其中,主控制器40根据安全控制器10反馈的第一停机触发状态,禁能伺服控制器30,即停止对伺服控制器30的使能输出,以使伺服控制器30停止接收使能输入。Wherein, the main controller 40 disables the servo controller 30 according to the first shutdown trigger state fed back by the safety controller 10 , that is, stops the enable output to the servo controller 30 so that the servo controller 30 stops receiving the enable input.

另一方面,在第二工作模式下,逻辑电路12启动计时,且将第一安全指令通过输出电路13传输给伺服控制器30以及主控制器40,以使主控制器40控制伺服控制器30停机,且在计时的结果达到阈值后,使伺服控制器30执行第一安全指令,则安全控制器10实现停机类别1的安全停机。On the other hand, in the second working mode, the logic circuit 12 starts timing, and transmits the first safety instruction to the servo controller 30 and the main controller 40 through the output circuit 13, so that the main controller 40 controls the servo controller 30 Shutdown, and after the timing result reaches the threshold value, the servo controller 30 is made to execute the first safety instruction, and the safety controller 10 implements a safety shutdown of shutdown category 1.

具体安全逻辑控制步骤请结合图9,进一步参阅图13,图13是本申请安全控制器进行安全逻辑控制的第二流程示意图。具体而言,本实施例安全控制器10进行安全逻辑控制可以包括以下步骤:Please refer to FIG. 9 for specific safety logic control steps, and further refer to FIG. 13 . FIG. 13 is a second flow diagram of the safety logic control performed by the safety controller of the present application. Specifically, the safety logic control performed by the safety controller 10 in this embodiment may include the following steps:

步骤S61:触发第二类别安全停机。Step S61: triggering the second type of safety shutdown.

其中,在本实施例中,第二类别安全停机即为停机类别1的安全停机。在判断触发第二类别安全停机,安全控制器10进一步执行步骤S62。Wherein, in this embodiment, the safety shutdown of the second category is the safety shutdown of shutdown category 1 . After judging that the safety shutdown of the second category is triggered, the safety controller 10 further executes step S62.

步骤S62:启动定时并反馈第二停机触发状态至主控制器。Step S62: Start the timing and feed back the trigger state of the second shutdown to the main controller.

其中,安全控制器10触发第二类别安全停机,逻辑电路12工作于第二工作模式,此时安全控制器10启动定时,并且安全控制器10进一步执行步骤S63。Wherein, the safety controller 10 triggers the second type of safety shutdown, and the logic circuit 12 works in the second working mode. At this time, the safety controller 10 starts timing, and the safety controller 10 further executes step S63.

同时,安全控制器10将伺服控制器30的状态信息反馈至主控制器40,此时伺服控制器30的状态信息为第二停机触发状态,主控制器40进一步执行步骤S65。At the same time, the safety controller 10 feeds back the state information of the servo controller 30 to the main controller 40. At this time, the state information of the servo controller 30 is the second shutdown trigger state, and the main controller 40 further executes step S65.

其中,步骤S63以及步骤S65可同时或按顺序执行,步骤S63以及步骤S65之间的顺序可根据实际需要调整,本实施例对此不做限定。Wherein, step S63 and step S65 may be performed simultaneously or sequentially, and the sequence between step S63 and step S65 may be adjusted according to actual needs, which is not limited in this embodiment.

步骤S63:判断定时是否到达阈值。Step S63: Determine whether the timing reaches the threshold.

其中,在本实施例中,安全控制器10判断定时是否到达阈值,具体地,阈值可为主控制器40控制伺服控制器30实现禁能的总时长。可选地,在其他实施例中,定时还可由伺服控制器30进行判断。Wherein, in this embodiment, the safety controller 10 judges whether the timing reaches a threshold value, specifically, the threshold value may be the total duration for which the main controller 40 controls the servo controller 30 to realize disabling. Optionally, in other embodiments, the timing can also be judged by the servo controller 30 .

当安全控制器10判断定时到达阈值,进一步执行步骤S64,否则返回步骤S63。When the safety controller 10 judges that the timing reaches the threshold, step S64 is further executed, otherwise, step S63 is returned.

步骤S64:输出第一安全指令至伺服控制器。Step S64: Outputting the first safety instruction to the servo controller.

其中,安全控制器10将第一安全指令通过输出电路13输出至伺服控制器30,伺服控制器30进一步执行步骤S69。Wherein, the safety controller 10 outputs the first safety instruction to the servo controller 30 through the output circuit 13, and the servo controller 30 further executes step S69.

步骤S65:规划伺服控制器进行停机。Step S65: Planning the servo controller to stop.

其中,主控制器40基于第二停机触发状态,对伺服控制器30的停机进行规划,输出停机指令至伺服控制器30,进一步执行步骤S66。Wherein, the main controller 40 plans the shutdown of the servo controller 30 based on the second shutdown trigger state, outputs a shutdown command to the servo controller 30, and further executes step S66.

步骤S66:判断伺服控制器是否停机。Step S66: Judging whether the servo controller is stopped.

其中,伺服控制器30接收到主控制器40输出的停机指令,并执行该停机指令。主控制器40判断伺服控制器30是否停机,当判断伺服控制器30已停机时,执行步骤S67,否则返回步骤S66。Wherein, the servo controller 30 receives the shutdown instruction output by the main controller 40, and executes the shutdown instruction. The main controller 40 judges whether the servo controller 30 is shut down, and when it is judged that the servo controller 30 is shut down, executes step S67, otherwise returns to step S66.

步骤S67:输出禁能指令至伺服控制器。Step S67: Outputting a disable command to the servo controller.

其中,主控制器40进一步输出禁能指令至伺服控制器30,用于控制伺服控制器30禁能。Wherein, the main controller 40 further outputs a disabling instruction to the servo controller 30 for controlling the disabling of the servo controller 30 .

步骤S68:执行禁能指令。Step S68: Execute the disabling command.

其中,伺服控制器30接收到禁能指令,执行禁能指令,以使伺服控制器30停止接收主控制器40的使能输出。Wherein, the servo controller 30 receives the disabling instruction and executes the disabling instruction, so that the servo controller 30 stops receiving the enabling output of the main controller 40 .

步骤S69:执行第一安全指令。Step S69: Execute the first security instruction.

其中,伺服控制器30接收到第一安全指令,执行第一安全指令,实现工业机器人的扭矩关断,以使工业机器人停止工作。Wherein, the servo controller 30 receives the first safety instruction, executes the first safety instruction, and realizes the torque off of the industrial robot, so that the industrial robot stops working.

可选地,本申请安全控制器10还可包括示教器,并将安全输入设备50集成于示教器上,通过示教器进行相应的安全控制操作,同时通过示教器还可以操作工业机器人运动、完成示教编程以及实现对系统的设定,能够满足申请满足Category 3和Performance Level d的安全标准要求。Optionally, the safety controller 10 of the present application can also include a teaching pendant, and the safety input device 50 is integrated on the teaching pendant, and the corresponding safety control operation can be performed through the teaching pendant, and at the same time, the industrial The movement of the robot, the completion of the teaching programming and the realization of the setting of the system can meet the safety standard requirements of Category 3 and Performance Level d.

本申请通过将安全控制器10用于集成在工业机器人的控制柜20中,使用小体积的安全控制器10实现对工业机器人的安全逻辑控制,同时提高系统的集成度,降低成本。此外,本申请安全控制器10由输入电路11、逻辑电路12以及输出电路13等硬件逻辑电路组成,不同于使用微处理器进行逻辑控制的情况,不需要软件或固件的支持,能够最大限度的降低失效率,并且硬件逻辑电路的响应速度快,成本低,开发与验证的周期短,安全认证的流程快。In this application, the safety controller 10 is integrated in the control cabinet 20 of the industrial robot, and the small-sized safety controller 10 is used to realize the safety logic control of the industrial robot, while improving the integration degree of the system and reducing the cost. In addition, the safety controller 10 of the present application is composed of hardware logic circuits such as an input circuit 11, a logic circuit 12, and an output circuit 13, which is different from the case of using a microprocessor for logic control, and does not require the support of software or firmware, and can maximize Reduce the failure rate, and the response speed of the hardware logic circuit is fast, the cost is low, the cycle of development and verification is short, and the process of safety certification is fast.

本申请还提供一种工业机器人的安全控制系统,请参阅图14,图14是本申请安全控制系统一实施例的结构示意图。如图14所示,工业机器人的安全控制系统100包括安全输入设备110、控制柜120、伺服控制器130、主控制器140以及安全控制器150。其中,该安全输入设备110、控制柜120、伺服控制器130、主控制器140以及安全控制器150为上述实施例所揭示的安全输入设备50、控制柜20、伺服控制器30、主控制器40以及安全控制器10,在此不再赘述。The present application also provides a safety control system for an industrial robot, please refer to FIG. 14 , which is a schematic structural diagram of an embodiment of the safety control system of the present application. As shown in FIG. 14 , a safety control system 100 for an industrial robot includes a safety input device 110 , a control cabinet 120 , a servo controller 130 , a main controller 140 and a safety controller 150 . Wherein, the safety input device 110, the control cabinet 120, the servo controller 130, the main controller 140, and the safety controller 150 are the safety input device 50, the control cabinet 20, the servo controller 30, and the main controller disclosed in the above-mentioned embodiments. 40 and the safety controller 10, which will not be repeated here.

具体地,安全输入设备110用于采集危险触发信号。其中,危险触发信号可包括急停信号、安全门关闭信号以及使能停止信号等等。Specifically, the safety input device 110 is used to collect hazard trigger signals. Wherein, the hazard trigger signal may include an emergency stop signal, a safety door closing signal, an enabling stop signal, and the like.

伺服控制器130、主控制器140以及安全控制器150设置在控制柜120内,伺服控制器130用于控制工业机器人,主控制器140用于控制伺服控制器130。The servo controller 130 , the main controller 140 and the safety controller 150 are arranged in the control cabinet 120 , the servo controller 130 is used to control the industrial robot, and the main controller 140 is used to control the servo controller 130 .

其中,安全输入设备110与伺服控制器130以及主控制器140连接,用于在主控制器140的控制下基于危险触发信号产生安全转矩关断指令,伺服控制器130执行安全转矩关断指令,以控制工业机器人停机。Wherein, the safety input device 110 is connected with the servo controller 130 and the main controller 140, and is used to generate a safe torque off instruction based on a dangerous trigger signal under the control of the main controller 140, and the servo controller 130 executes the safe torque off command. Instructions to control the shutdown of industrial robots.

以上所述仅为本申请的实施方式,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above is only the implementation of the application, and does not limit the patent scope of the application. Any equivalent structure or equivalent process conversion made by using the specification and drawings of the application, or directly or indirectly used in other related technologies fields, are all included in the scope of patent protection of this application in the same way.

Claims (17)

一种工业机器人的安全控制器,其特征在于,用于集成在所述工业机器人的控制柜中,所述安全控制器包括:A safety controller for an industrial robot is characterized in that it is used to be integrated in the control cabinet of the industrial robot, and the safety controller includes: 逻辑电路,用于基于所述工业机器人的安全输入设备的状态信息产生第一安全指令;a logic circuit, configured to generate a first safety instruction based on state information of a safety input device of the industrial robot; 输出电路,用于与所述逻辑电路连接,以及用于与所述工业机器人的伺服控制器连接,用于将所述第一安全指令传输给所述伺服控制器,以使所述伺服控制器执行所述第一安全指令;an output circuit, for connecting with the logic circuit, and for connecting with the servo controller of the industrial robot, for transmitting the first safety instruction to the servo controller, so that the servo controller executing said first security instruction; 诊断电路,用于与所述输出电路连接,以确定所述输出电路至所述伺服控制器的传输路径是否故障。The diagnostic circuit is used to connect with the output circuit to determine whether the transmission path from the output circuit to the servo controller is faulty. 根据权利要求1所述的安全控制器,其特征在于,所述输出电路的数量为二,所述诊断电路进一步用于对所述两个输出电路的输出信号进行交叉验证;The safety controller according to claim 1, wherein the number of the output circuits is two, and the diagnostic circuit is further used for cross-validating the output signals of the two output circuits; 响应于所述两个输出电路的输出信号不一致,确定所述输出电路发生故障。In response to the inconsistency of the output signals of the two output circuits, it is determined that the output circuit fails. 根据权利要求1所述的安全控制器,其特征在于,所述诊断电路进一步用于与所述伺服控制器连接,且用于基于所述输出电路输出的第一安全指令与所述伺服控制器对所述第一安全指令的反馈信号确定所述输出电路与所述伺服控制器之间的信号传输通道是否故障。The safety controller according to claim 1, wherein the diagnosis circuit is further used for connecting with the servo controller, and for communicating with the servo controller based on the first safety command output by the output circuit A feedback signal to the first safety instruction determines whether a signal transmission channel between the output circuit and the servo controller is faulty. 根据权利要求1所述的安全控制器,其特征在于,所述诊断电路进一步用于与所述逻辑电路连接,用于将所述输出电路输出的第一安全控制指令与所述逻辑电路输出的第一安全指令进行比较;The safety controller according to claim 1, wherein the diagnosis circuit is further used to connect with the logic circuit, and is used to compare the first safety control command output by the output circuit with the output of the logic circuit. The first security instruction is compared; 响应于所述输出电路输出的第一安全控制指令与所述逻辑电路输出的所述第一安全指令不一致,所述诊断电路确定所述输出电路发生故障。The diagnostic circuit determines that the output circuit is malfunctioning in response to the first safety control command output by the output circuit not consistent with the first safety control command output by the logic circuit. 根据权利要求1所述的安全控制器,其特征在于,所述诊断电路进一步用于将所述信号传输通道的故障信息或所述输出电路的故障信息反馈给所述输出电路,所述输出电路将所述故障信息反馈给所述逻辑电路,以通过所述逻辑电路将所述故障信息上报给所述工业机器人的主控制器,使得所述主控制器禁能所述伺服控制器;或者,The safety controller according to claim 1, wherein the diagnostic circuit is further used to feed back the fault information of the signal transmission channel or the fault information of the output circuit to the output circuit, and the output circuit feeding back the fault information to the logic circuit, so as to report the fault information to the main controller of the industrial robot through the logic circuit, so that the main controller disables the servo controller; or, 所述诊断电路进一步用于切断所述伺服控制器的电源。The diagnostic circuit is further used to cut off the power supply of the servo controller. 根据权利要求5所述的安全控制器,其特征在于,所述输出电路的数量为二,以形成两路所述传输路径,响应于所述两路传输路径均发生故障,禁能所述伺服控制器或切断所述伺服控制器的电源。The safety controller according to claim 5, wherein the number of the output circuits is two, so as to form two transmission paths, and in response to failure of the two transmission paths, the servo is disabled. controller or cut off the power to the servo controller. 根据权利要求1所述的安全控制器,其特征在于,所述安全控制器进一步包括:安全保护电路,分别与所述输出电路及所述伺服控制器连接,用于实现对所述输出电路的故障保护,并将经所述安全保护电路输出的第一安全指令传输给所述诊断电路及所述伺服控制器。The safety controller according to claim 1, characterized in that, the safety controller further comprises: a safety protection circuit, connected to the output circuit and the servo controller respectively, for realizing the control of the output circuit fault protection, and transmit the first safety command output by the safety protection circuit to the diagnosis circuit and the servo controller. 根据权利要求1所述的安全控制器,其特征在于,所述逻辑电路包括:The safety controller according to claim 1, wherein the logic circuit comprises: 初级电路,与所述输入电路连接,用于将多个所述安全输入设备的所述状态信息进行整合处理;a primary circuit, connected to the input circuit, for integrating and processing the state information of a plurality of the safety input devices; 次级电路,分别与所述初级电路及所述输出电路连接,用于基于所述状态信息产生所述第一安全指令,并将所述第一安全指令传输给所述输出电路。The secondary circuit is respectively connected to the primary circuit and the output circuit, and is used to generate the first safety instruction based on the state information, and transmit the first safety instruction to the output circuit. 根据权利要求8所述的安全控制器,其特征在于,所述次级电路数量为二,每个所述次级电路分别与所述初级电路及所述输出电路连接。The safety controller according to claim 8, wherein the number of said secondary circuits is two, and each of said secondary circuits is respectively connected to said primary circuit and said output circuit. 根据权利要求9所述的安全控制器,其特征在于,所述安全控制器进一步包括:交叉 验证电路,分别与所述两个次级电路连接,用于对所述两个次级电路的输出信号进行交叉验证,以确定所述次级电路是否发生故障,所述输出信号至少包括所述状态信息及所述第一安全指令。The safety controller according to claim 9, characterized in that, the safety controller further comprises: a cross-validation circuit, respectively connected to the two secondary circuits, for outputting the two secondary circuits The signal is cross-validated to determine whether the secondary circuit fails, and the output signal includes at least the status information and the first safety instruction. 根据权利要求10所述的安全控制器,其特征在于,所述初级电路数量为二,一所述初级电路分别与所述输入电路及一所述次级电路连接,另一所述初级电路分别与所述输入电路及另一所述次级电路连接。The safety controller according to claim 10, wherein the number of said primary circuits is two, one said primary circuit is respectively connected to said input circuit and one said secondary circuit, and the other said primary circuit is respectively Connected to the input circuit and another of the secondary circuits. 根据权利要求11所述的安全控制器,其特征在于,所述交叉验证电路分别与所述两个初级电路连接,用于对所述两个初级电路的输出信号进行交叉验证,以确定所述初级电路是否发生故障,The safety controller according to claim 11, wherein the cross-validation circuit is connected to the two primary circuits respectively, and is used for cross-validating the output signals of the two primary circuits to determine the if the primary circuit fails, 所述输出信号包括所述整合后的所述状态信息。The output signal includes the integrated state information. 根据权利要求8所述的安全控制器,其特征在于,所述安全控制器进一步包括:交互电路,分别与所述次级电路及所述主控制器连接,用于从所述主控制器获取所述工业机器人的工作模式,以使所述次级电路在所述工作模式下基于所述状态信息产生所述第一安全指令。The safety controller according to claim 8, characterized in that, the safety controller further comprises: an interactive circuit, respectively connected to the secondary circuit and the main controller, for obtaining from the main controller The working mode of the industrial robot, so that the secondary circuit generates the first safety instruction based on the state information in the working mode. 根据权利要求13所述的安全控制器,其特征在于,所述次级电路用于接收所述输出电路的反馈信息,所述次级电路通过所述交互电路将所述状态信息、所述第一安全指令、所述次级电路的故障信息及所述初级电路的故障信息的任一或其组合上报给所述主控制器。The safety controller according to claim 13, wherein the secondary circuit is used to receive feedback information from the output circuit, and the secondary circuit transfers the state information, the second Any one or a combination of a safety command, the fault information of the secondary circuit and the fault information of the primary circuit is reported to the main controller. 根据权利要求8所述的安全控制器,其特征在于,所述安全控制器进一步包括:复位输入采集电路,与所述次级电路连接,用于输入复位信号,所述次级电路接收到所述复位信号后,基于所述状态信息为正常未触发而清空所述第一安全指令。The safety controller according to claim 8, characterized in that, the safety controller further comprises: a reset input acquisition circuit connected to the secondary circuit for inputting a reset signal, and the secondary circuit receives the After the reset signal is received, the first security instruction is cleared based on the status information being normally not triggered. 根据权利要求1所述的安全控制器,其特征在于,所述安全控制器进一步包括:电源保护电路,分别与所述输出电路及供电电源连接,所述电源保护电路基于所述供电电源故障产生第二安全指令,所述输出电路将所述第二安全指令传输给所述伺服控制器,以使所述伺服控制器执行所述第二安全指令。The safety controller according to claim 1, characterized in that, the safety controller further comprises: a power protection circuit connected to the output circuit and the power supply respectively, and the power protection circuit generates a fault based on the failure of the power supply A second safety instruction, the output circuit transmits the second safety instruction to the servo controller, so that the servo controller executes the second safety instruction. 一种工业机器人的安全控制系统,其特征在于,包括:A safety control system for an industrial robot, characterized in that it comprises: 安全输入设备,用于采集危险触发信号;Safety input device for collecting hazard trigger signals; 控制柜;Control cabinet; 伺服控制器,设置在所述控制柜内,用于控制工业机器人;A servo controller, arranged in the control cabinet, is used to control the industrial robot; 主控制器,设置在所述控制柜内,用于控制所述伺服控制器;a main controller, arranged in the control cabinet, for controlling the servo controller; 安全控制器,设置在所述控制柜内;A safety controller is arranged in the control cabinet; 其中,所述安全控制器为权利要求1至16任一项所述的安全控制器。Wherein, the safety controller is the safety controller according to any one of claims 1-16.
PCT/CN2021/129099 2021-11-05 2021-11-05 Safety control system and safety controller for industrial robot Ceased WO2023077457A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/129099 WO2023077457A1 (en) 2021-11-05 2021-11-05 Safety control system and safety controller for industrial robot

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/129099 WO2023077457A1 (en) 2021-11-05 2021-11-05 Safety control system and safety controller for industrial robot

Publications (1)

Publication Number Publication Date
WO2023077457A1 true WO2023077457A1 (en) 2023-05-11

Family

ID=86240450

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/129099 Ceased WO2023077457A1 (en) 2021-11-05 2021-11-05 Safety control system and safety controller for industrial robot

Country Status (1)

Country Link
WO (1) WO2023077457A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103955160A (en) * 2014-05-08 2014-07-30 安徽埃夫特智能装备有限公司 Safety protection module for industrial robot
US20200073359A1 (en) * 2018-08-29 2020-03-05 Denso Wave Incorporated Functional safety module for industrial devices
CN111736514A (en) * 2020-06-10 2020-10-02 杭州凯尔达机器人科技股份有限公司 Robot Control System Based on General Computer
CN111781891A (en) * 2020-06-10 2020-10-16 杭州凯尔达机器人科技股份有限公司 Robot safety logic control system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103955160A (en) * 2014-05-08 2014-07-30 安徽埃夫特智能装备有限公司 Safety protection module for industrial robot
US20200073359A1 (en) * 2018-08-29 2020-03-05 Denso Wave Incorporated Functional safety module for industrial devices
CN111736514A (en) * 2020-06-10 2020-10-02 杭州凯尔达机器人科技股份有限公司 Robot Control System Based on General Computer
CN111781891A (en) * 2020-06-10 2020-10-16 杭州凯尔达机器人科技股份有限公司 Robot safety logic control system

Similar Documents

Publication Publication Date Title
US20230226692A1 (en) General-purpose computer-based robot control system
US20030050735A1 (en) Safety circuit with automatic recovery
RU2175451C2 (en) Method and device for checking system incorporating more than one functional unit
CN102880523B (en) Watchdog circuit and failure monitoring method for same
CN106346479A (en) Controller and a safety protection system of robot
EP4645003A1 (en) Industrial robot safety control system, circuit and method
CN201829929U (en) Novel hard trip loop for large-scale thermal power unit MFT (main fuel trip)
CN110647102B (en) Intelligent safe output module
CA3118932A1 (en) Operation enabling control system and robot-assisted surgical device with the system
WO2018137142A1 (en) Nuclear power plant priority management system
WO2023077457A1 (en) Safety control system and safety controller for industrial robot
WO2023077458A1 (en) Safety control system for industrial robot and safety controller
WO2023077459A1 (en) Safety control system and safety controller for industrial robot
CN109555888B (en) Control system and test method for main steam isolation valve of nuclear power platform
CN214670219U (en) Safety control system of hydrogenation machine
CN114347025B (en) Collaborative robot functional safety control circuit, control method and collaborative robot
JP2005161486A (en) Robot system
CN106452203A (en) Reliable drive control system, and control method thereof
CN107791252A (en) Control device, control system, control method and recording medium
WO2021127805A1 (en) Functional safety device for frequency converter
CN116598032B (en) Digital protection system of nuclear power plant based on FPGA
CN115657575B (en) Safety control method, safety control circuit and safety control system of robot
CN110286634A (en) A kind of lock-in control preferred module for nuclear power plant's I&C system
CN207367002U (en) A kind of device for preventing electric operator malfunction
CN116079763B (en) Robot, safety torque turn-off circuit and safety torque control method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21962970

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23.09.2024)

122 Ep: pct application non-entry in european phase

Ref document number: 21962970

Country of ref document: EP

Kind code of ref document: A1