• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    Shaping system (1) or peripheral device for a shaping system (1), comprising at least one non-safe control device (2), which at least one signal input (3) and at least one signal output (4) for non-safe control of non-safety-relevant actuators (5) of the shaping system (1) or peripheral device, at least one safe control device (6), which has at least one safe signal input (7) and at least one safe signal output (8) and in which a safety program (9) is stored, for safe control of safety-relevant actuators (11) of the shaping system (1) or peripheral device is executable, wherein the safety program (9) by the secure control device (6) executable, compiled by a compiler version of a circuit diagram (19).
    公开号:AT516652A1
    申请号:T50902/2014
    申请日:2014-12-12
    公开日:2016-07-15
    发明作者:
    申请人:Engel Austria Gmbh;
    IPC主号:
    专利说明:

    The invention relates to a shaping system or a peripheral device for a shaping system according to the preamble of claim 1.
    In the molding machine and injection molding machine industry, the entire control issue has become increasingly important for years. Above all, the complexity of the controls and the demands on user safety have continued to increase. At the same time, however, the user-friendliness should not be worsened, but if possible even improved.
    A common area in almost any molding equipment or almost any peripheral equipment for a molding machine is the so-called non-secure controller. This usually has at least one signal input and at least one signal output for non-safe control of non-safety-relevant actuators of the shaping system. Such actuators may be injection molding machines, security doors, conveyor systems, planing robots, injection units, separation systems, floatation stations, metering systems, temperature control devices, tool heaters, etc. In this context, it should be explained that "not sure" does not mean that they would be "uncertain", but that this "non-safe" control device is of less importance with regard to the safety criteria than the "safe" actuators explained later. The non-safe control device is seen at most as a proven component and can meet additional safety criteria of safety-related actuators by an implemented monitoring function - one speaks in this context of the diagnostic coverage - but in no case, the non-secure control device only the safety of actuators according to relevant standards, for example ISO 13849-1 or applicable Machinery Directive RL2006 / 42 / EC for the specified machines or systems. Note: These standards are therefore relevant for safe control devices and try to ensure safe operation of the machinery or systems mentioned, while for non-safe control devices only electromagnetic regulations (EMC Directive RL2004 / 108 / EC) or the
    Low Voltage Directive RL2006 / 95EG in general form.
    This general area in shaping systems also includes a computing unit on which a user interface (HMI) with a visualization unit and an input device for visualizing signals of the at least one non-secure control device and for entering parameters for the at least one non-secure control device is configured. In other words, at least one operating device is provided in or on the shaping system, via which the normal control of the shaping system by an operator takes place, especially during full operation of the shaping system.
    A special area of the controls for forming equipment and peripheral equipment for forming systems affects the entire installation, commissioning and security. This means that the step from the manufacturer to the first full operation of the molding plant is as simple as possible and at the same time all safety-related aspects are considered.
    In safety engineering, there are basically two different ways of ensuring that the entire safety interconnection of the different safety-relevant actuators or safety modules (eg drive controllers, modules with digital and / or analog output signals, special modules, for example, for guard locking) and requesting a protective door, a wide variety of sensors such as rotary or position sensor, etc.) is correct and meets all safety standards. On the one hand, there is the discreetly dual-channel safety technology and, on the other hand, diversified functional safety technology.
    A disadvantage of the discrete two-channel safety technology is that a very large amount of effort for wiring and contact duplication (eg EMERGENCY-STOP circuits or protective door circuits using contactors for contact duplication) must be driven. Another disadvantage is the limited life of this
    Contacts. Especially with unknown contact loads, these must be replaced accordingly early.
    Especially in the field of special plant but you meet already on functionally constructed safety technology, this at least one safe control device (Safety Master) includes, which has at least one safe signal input and at least one safe signal output and in which a safety program is stored, which means for safe control by a user specifiable safety parameters of safety-related actuators (safety slaves) of the shaping system or peripheral device is executable. This functional safety is also called Functional Safety, which is typically used or manufactured in lot size 1 or at least for very small lot sizes. As a result, on-site engineering is usually possible and the tooling (toolchain) for commissioning and diagnostics developed by the suppliers of the Functional Safety components is sufficient.
    "Functional safety" is a modern, diversified safety control (short: safe control device or safe programmable logic controller (SSPS)) understood, which with the distributed in the system safety-related actuators via a signal-transmitting connection device (for example a, preferably secure, bus system ) communicates securely. In this case, both this safe control device and the non-secure control device is connected to this connection device. The mentioned "secure communication" is secured by various test additives in the form of consecutive telegram numbers, checksums, timeouts, etc. and has been proven to be safe within the meaning of the standards for injection molding machines or handling systems (SILIN according to EN61508 or category 4 and PLd or PLe according to EN ISO 13489 -1). According to a risk assessment, this information is generally considered sufficient for the present application. The safe control device (SSPS) is normally programmable in a special "Safety Engineering Tool" of the manufacturer. The security program generated by this tool is stored, verified and executed from this tool with a direct connection to the secure control device (or by means of a storage medium to be connected to the secure control device). In a subsequent test run, the commissioning engineer (at the factory) or the service technician (in the field) must verifiably check the safety functions. Only then can the shaping system or the peripheral device be released for use.
    It is also possible to use in a system several independent safe control devices, which then communicate with each other via definable interfaces. Analogously, then the individual subtasks (eg security programming, download, verification, tests, etc.) are performed multiple times or automatically. The actual creation of the safe control device (SSPS) program must be done by a design engineer - in the "old" world of discrete safety engineering, these are electrical engineers who define the safety circuits.
    However, this procedure via a "safety engineering tool" is not very useful for a series machine builder. In particular, the connection of the "Safety Engineering Tools" with the safe control device in the molding plant as well as the operation of this most complex tool with the ability to make changes for the wide use by commissioning / service technicians a great error potential or it requires a lot of training, for example a worldwide roll-out.
    In series machine construction with significantly larger quantities and in particular with worldwide use and the associated servicing and maintenance by persons qualified for this purpose, special emphasis must be placed on particularly high user and diagnostic friendliness. Such series systems are typically created in a modular design, so that there is always the need to change the system within defined limits, for example, system components to disable (due to a fault) or remove because they are needed on another system. While using discrete safety technology a system component was relatively easy to do by unplugging the safety interface and attaching a dummy plug bridging the safety signals, a solution for functional safety systems today is only possible via additional electromechanical selector switch or by importing a new safety program , Both activities are very specialized and require accurate knowledge of the safety documentation so that these activities are not feasible for non-specialist personnel. In particular, use of the standard toolchain for the service technician or even for the customer due to the great complexity i. A. unreasonable. Even a selector switch is often hardly accessible to a non-electrician, because mounted in the electrical cabinet, and because the documentation is at best in a circuit diagram on the machine.
    Current flow diagrams are intended to represent the switched-off, energy-free situation of the machine or system. Circuit diagrams are part of the function-related documents according to DIN EN 61082. These plans are created at the beginning of the design of a plant or machine and are later also required for repairs and maintenance. Circuit diagrams must include the electrical safety devices.
    Even with functional safety technology, it is expedient to display the non-electrical safety circuit in the circuit diagram, since it can usually be carried out by the already trained group of electrical design engineers.
    The state of the art is that the electrical designer or another designer has to make a further representation of this safety circuit in the engineering tool of the supplier of the safety control at the time of construction. These two representations are usually not identical. Therefore, further processing is error-prone and represents an additional workload. Furthermore, the commissioning is complicated by the two representations and for the correction of errors more specialists are necessary, which in turn very complex.
    In the prior art for the selection of security options, there are no programmatic possibilities of intervention in the function of the safety program which the electrician can define in the circuit diagram. That is, it can not respond to missing components (eg, start-up without a robot) or defective components (eg, operation of the machine without robot with machine hood when the robot door is broken). Furthermore, one would like to have the hand-held operating device only in the process setup phase, for example, and then be able to remove it again from the shaping system. For these and similar cases, a special safety program should always be available. You can already see that they can be many. The selection of special configurations via secure hardware selectors is also problematic and not very user friendly.
    Therefore, the object of the present invention is to provide a molding system that is improved over the prior art or an improved peripheral device for a molding installation and an improved method. In particular, the stated problems should be remedied as possible.
    This is achieved by a shaping system or by a peripheral device for a shaping system with the features of claim 1. According to the invention, it is accordingly provided that the safety program is a version of a circuit diagram compiled by the secure control device and compiled by a compiler. Preferred embodiments are specified in the subclaims.
    To generate the compiled version of the circuit diagram, the circuit diagram should ideally use the same library of symbols used by the secure control supplier's engineering tool.
    The same applies to the safety parameters assigned to each symbol. In the next step, the individual symbols with the assigned safety parameters, the interconnections between the symbols and the connections to the safe signal inputs and outputs are exported in a structured data format (eg XML). In the next step, the file (eg XML file) in the structured data format is imported into the engineering tool, where the compilation process is initiated by a compiler of the engineering tool. After completion of the compilation process, the compiled version of the circuit diagram (eg by means of software generators based on scripts or by manual copying of the file) is stored as a safety program executable by the safe control device, for example by a safety loader.
    Preferably, this deposition can be done via the non-secure control device as an intermediate station, usually not shared with the compiled version of the circuit diagram, the non-secure parts of programs to the non-secure control device.
    In other words, an improvement in the state of the art is achieved by the fact that the safety connection, as hitherto, the electrical engineer performs in his familiar environment in an ECAD tool (electronic computer-aided design). This circuit (circuit diagram) is imported from the ECAD Tool by suitable conversion (compilation) into the Safety Engineering Tool and (ideally by pressing a button) creates the necessary safety program. This will now be brought to the desired system via existing automatisms of software development. For this purpose, the plant software is extended according to a preferred embodiment by an additional tool in the form of a loader (safety loader called), which checks the security programs for legitimacy over simple dialogs, selects and stores on the connected SSPS or verifies this process and then for execution brings. For this purpose, the functions previously contained in the Safety Engineering Tool are extracted into the safety loader.
    The safety loader is further enhanced with customizing functions. This enables the authorized user to execute certain prepared variants of the security program. Such a variant could allow the operation of the machine (without a robot) without a robot safety door with the machine concealed at the same time, or permit the disconnection of a manual control device. Now it is comparatively easy changes in
    Conduct safety behavior - it no longer needs to be a new safety program to be installed, with the result that again all functions would be tested.
    Of course, the safety loader on the system, including the stored safety program and, if necessary, additional information from the safety program creation, offers the option of providing additional functions. An obvious extension is the diagnosis of the safety program by displaying (animated) signal states in the program logic, the visualization of error codes, etc. It is a goal to represent the program logic based on the familiar form from the ECAD.
    According to a preferred embodiment, a computing unit is provided on which a user interface is configured with a visualization unit and an input device for visualizing signals of the at least one non-secure control device and for inputting parameters for the at least one non-secure control device. Furthermore, it can be provided that the safety program can be executed by means of a security parameter which can be predetermined by a user via the input device of the user interface of the arithmetic unit. Flier can be provided that the arithmetic unit is physically identical to the non-secure control device.
    It is particularly preferable to provide that the safety parameters for the safety program of the safe control device can be input via the input device of the user interface of the arithmetic unit. As a result, it is now possible to operate the safe control device via the already existing input device of the user interface and to enter the corresponding safety parameters for the diversified functional safety technology. This means that the security check no longer has to be made via a separate safety program that is only elaborately installed for commissioning. Rather, it is preferably provided that the security program on the secure control device can be verifiably installed via the input device of the user interface of the non-secure control device.
    With particular preference, it is now possible via the "normal" user interface (operating device) by means of the safety parameters for the safety program of the safe control device to select the number and / or positioning of the safety-relevant actuators or the specified safety level of at least one safety-relevant actuator.
    The safety program is typically - as is generally the case with the diversified functional safety technology - also modular. So it is relatively easy to map the modular functionality. This can be used to allow the interfaces between the functions to be set to precisely defined signals when an equipment component (actuator) is removed. For example, the "EMERGENCY-FIALT" signal of a remote guard may be set to okay, while the "guard closed" signal of the same remote door must be set to faulty. Ultimately, this is exactly the function which has taken over the discrete case of the ironing plug.
    The next step is now that you can activate or deactivate this virtual ironing plug (or you could also call it a "security option") on the plant operating terminal (input device of the user interface). This has the advantage that one can use the typically existing infrastructure in the form of a user access system (login), status displays and error messages for diagnostic purposes or documenting (logging). Thus, the idea of a single-point-of-operation is retained for these service activities.
    Another optional possibility is that the changes also initiate the corresponding verification measures by switching security options, since it is usually essential to verify the functionalities after changes to the security technology. By appropriate knowledge of the signal effects of the interfaces on the actuators, modified interface signals can be specifically tested. It is not necessary to re-check all safety functions of the entire system. So it is sufficient to check those sliding protection, which prevents parallel to the remote protective door access to a hazardous area, and you do not have to check even more protective doors, which have already been verified. In this way, a smart system can be set up and the operator is interactively guided through the necessary verifications in case of changes (guided commissioning). All these activities can in turn be documented with the data of the logged-in user.
    In other words, it should again be stated in general terms that the safety program is assigned to the safe control device and its runtime system is executed and the operation of the safety-relevant actuators is carried out in a predefined (or also partially adjustable) manner. The individual safety-relevant actuators (safety program elements) are linked to one another via the signal-transmitting connection device and communicate via the safe signal inputs and outputs. For communication, security parameters (eg watchdog times, safe speeds, etc.) are used. The safety program also has predetermined configuration options that can be selected by a user via the user interface and an adaptation to a variable operating situation (= not permanently existing safety function, for example, a protective door or temporary restriction in the form of working or restricted areas) of the actuators or the shaping system represents.
    According to one exemplary embodiment, it is preferably provided that a diagnostic tool for the at least one secure control device is implemented in the user interface of the non-secure control device.
    In order to be able to guarantee the clarity for an operator, it is preferably provided that the visualization unit of the user interface for displaying diagnostic signals of the diagnostic tool is configured in the form of a circuit diagram. For ease and convenience of operation, it is preferably provided that the user interface visualization unit is configured to individually display a block or a group of blocks of the electroplane diagram, wherein the user interface input device is configured to switch between the individual representations according to a signal flow direction of the circuit diagram , A block can be a classic switching element or a function of a safety program. The individual safety-relevant actuators can also be represented on the circuit diagram using the visualization unit. Even between these illustrated safety-relevant actuators, a stepwise navigation (also over several screen pages) according to the signal flow direction via a simple user action is possible. It is also possible to implement an independent diagnostic option for the communication between the safety master and the at least one safety slave. Furthermore, an overview display can be present on one screen page, with all the safety controllers (safety masters), all safety-relevant actuators (safety slaves), the safety program and / or the user configuration being displayed.
    Another trend-setting feature is a didactically supported commissioning of the safety program. At the same time, the logic states can be monitored during commissioning and thus the tested or still to be tested program areas can be marked. For this purpose, the diagnostic tool is preferably configured to test a multi-block signal connection of the circuit diagram and to mark blocks that have already been tested. This ensures that all program areas are actually tested (similar to Codecoverage programming). Furthermore, this test phase should be logged automatically (user, date and time, tested function). Only the parts of the "Safety Engineering Tool" with the described extensions are integrated into the system software. It is consciously valued for intuitive operation and dispenses with unnecessary functions (modification of the safety program). Thus, the complexity is manageable even for inexperienced operators or only sporadic use.
    It is now particularly possible with the diagnostic tool to determine whether an input signal present at the at least one safe signal input of the safe control device triggers a predetermined output signal via the at least one safe signal output of the safe control device. So far, only indirectly on the functionality of the signal could be deduced, z. B by whether a controlled motor was actually turned on or off. Now this is done by directly testing the signal output. In addition, it is preferably possible for the diagnostic tool to monitor the complete signal path between the at least one safe signal output and the at least one safe signal input.
    With regard to the basic design of the safe control device, two different variants are possible. On the one hand, the at least one secure control device may be present as a component that is physically separate from the non-secure control device, or on the other hand may be implemented directly in the non-secure control device. Basically, a mixed form is conceivable. According to one exemplary embodiment, it may be provided that the software running on the non-secure control device is subdivided into a main application and a service application functioning as a secure control device, wherein the switching between the two takes place in a transparent manner. The configuration of the safety program can be made in the main application or in the service application. In addition, a possibility for transmission (= download eg by safety loader) of the at least one safety program into the safety master runtime environment and / or the check of the safety program executed by the safety master runtime environment can also be made (= verification eg by safety loader) in the main application or in the service application.
    With regard to the configuration options, two examples are given below: If a guard door programmed in the safety program is not present as an actuator, this is described by substitution signals via the configuration options in the safety program. If a safety gate (non-safety-relevant actuator) programmed in the safety program and the safety slave (safety-relevant actuator) controlling this safety gate are not present in the forming system, both are described via the configuration options in the safety program with substitute signals.
    The access to the secure control device is preferably granted only via a suitable authorization device. In this case, the authentication (login) of the user can be made via the input device of the non-secure control device, wherein the user enters a user name and a password. However, the authentication can also take place via a suitable interface, such as an RFID chip, a magnetic card, a chip card, a transponder, an optical system, a barcode, a QR code, etc. There may also be an additional security barrier implemented in the user interface by the access to the secure control device being protected by a separate additional password. Thus, an operator responsible for normal operation can not make changes in the safe controller and its safety program.
    The internal structure of the safe control device is preferably such that the at least one secure control device uses at least one core of the computing unit of the non-secure control device which communicates via a bus with the at least one secure signal input and the at least one secure signal output. The safe control device can also run on a completely separate CPU. For checking or controlling the entire security-relevant processes, it is preferably provided that an input of security parameters for the secure control device made via the input device of the user interface of the non-secure control device can be stored in a log file. Changes to or in the safety program itself are also logged. In addition, configuration changes can be logged.
    In principle, several secure control devices can be provided. It is possible to cyclically exchange defined interface signals between one safety master and one safety slave acting second safety master.
    With regard to commissioning and the associated safety check, automated tests (guided safety commissioning) are carried out. In this case, it can preferably be provided that an additional support for the performance of functional tests in the form of own screen contents is provided. In particular, this is done by a test list to be processed, wherein the present test results and the still open test points are displayed. Furthermore, it can be provided that the reaction to the user interaction (trigger sensor or change configuration) is automatically checked and taken over into the test result. In addition, it can be provided that the success of the desired reaction is checked by the state of one or more safety-relevant actuators. Thus, the motors do not have to be switched on / off with every EMERGENCY STOP. It can also be provided that the tests carried out and the associated detected changes in the signal and program states are used for presentation in the form of a codecoverage view on the one hand and for checking the completeness of the test. For safe operation it is envisaged that only limited operation of the plant / component with reduced operating values will be permitted unless all tests have been successfully performed (reduced speed, no AUTOMATIC operation, etc.). Conversely, this means that unrestricted operation of all shaping machine actuators is allowed only after all tests have been completed and logged by a logged operator. As a further level of security can be provided that the exchange of components from the molding plant, which are recognized by changed serial or batch numbers, requires the repetition of tests and in turn activates the limited operation.
    With regard to the arithmetic unit can be provided according to an embodiment that the user interface via a remote access to the
    Computing unit is connected. This means that the operator is not localized and thus can perform a remote installation or security check.
    It can be provided that the shaping system or peripheral device has no permanent user interface, but is connected as needed.
    Protection is also desired for a method having the features of claim 20.
    Further details and advantages of the present invention will be explained in more detail below with reference to the description of the figures with reference to the exemplary embodiments illustrated in the drawings. Show:
    1 shows schematically the essential control components of a molding plant,
    Fig. 2 shows schematically a circuit diagram and
    Fig. 3 is a flowchart with the compilation of the circuit diagram.
    1 shows schematically the essential control components of a shaping installation 1 (eg injection molding installation) or a peripheral building of a molding installation 1. As with each molding installation 1, this molding installation 1 also has a computing unit 12 which forms the basis of a user interface 13 (FIG. Operating device). In turn, this user interface 13 is composed of the visualization unit 14 (screen) and the input device 15 (keyboard, mouse, etc.). Optionally, the visualization unit 14 and the input device 15 may be designed as a structural unit in the form of a touchscreen. About the user interface 13 and the arithmetic unit 12, the non-safety-relevant actuators 5 are moved by an operator in normal operation. Examples of such non-safety-relevant actuators 5 are conveyor belts, injection units, doors, handling robots, ejectors, core pullers, and much more. For the control of these movements, the non-safe control device 2 is provided. Via the input device 15 of the user interface 13, parameters are input or selected and corresponding signals are forwarded to the non-secure control device 2. From this in turn corresponding signals are output via the signal-transmitting connecting device 17 (bus system) and the signal output 4 and reach the non-safety-relevant actuators 5, whereby they are moved according to the parameters. A feedback to the non-secure control device 2 via the signal input 3. As far as a previously known control of a shaping system 1 works.
    Now there are, as already explained, especially for the commissioning of a new shaping system 1 or when adding or removing non-safety-relevant actuators 5 additional prescribed security checks, so that after successful review of the shaping system 1 of full operation can be included. In the last few years, an approach in the form of a so-called diversified functional safety technology has become more and more popular. For this purpose, an additional safe control device 6 (SSPS) is used, via which the safety-relevant actuators 11 of the shaping installation 1 are checked. Such safety-relevant actuators 11 are, for example, drives, IO modules, protective door modules, sensors, and much more. With such a safe control device 6, an operator checks the functionality, the number and the security level of the existing or necessary safety-relevant actuators 11. However, this results in the specific application of various problems in terms of complexity and especially in terms of time, especially if In modern shaping systems 1 is often a conversion of various actuators 5 done. Further disadvantages are already mentioned above.
    In order to remedy these disadvantages, it is provided that the secure control device 6 can be operated via the already existing computing unit 12 and its user interface 13. Accordingly, security parameters 10 are input or selected via the input device 15 of the user interface 12, after which corresponding signals are forwarded to the secure control device 6. In this safe control device 6, a safety program 9 is stored, which is executable for the safe control of the safety-related actuators 11 by means of the user-specified or selected safety parameter 10. In particular, an output signal created by the safety program 9 is transmitted via the signal output 8 and / or via a secure bus module 26 to the at least one safety-relevant actuator 11. In order to enable a check by the safe control device 6 at all, a reaction is carried out by the at least one safety-relevant actuator 11, which is transmitted in the form of an input signal via the signal input 7 to the safe control device 6. The safe control device 6 itself can have one or more cores 20 for the calculation. This at least one core 20 is connected to the signal output 8 and the signal input 7 of the safe control device 6. However, it can also be provided that the arithmetic unit 12 has one or more cores (CPUs), wherein the non-secure control device 2 and / or the secure control device 6 run on one or more of these cores.
    In addition, a diagnostic tool 18 is implemented in the safe control device 6 and / or in the arithmetic unit 12 as shown. By means of this diagnostic tool 18, preferably one after the other, the individual safety-relevant actuators 11 along the signal flow direction can be tested for their functionality. In order to make this comprehensible for an operator as well, a circuit diagram 19 corresponding to the interconnection of the safety-relevant actuators 11 is shown on the visualization unit 14. This consists of individual blocks 23 or groups of blocks. Through this display of a circuit diagram 19, it is also possible in a rapid way to detect which block 23 or which safety-relevant actuator 11 functions. This can be signaled by an appropriate marking or highlighting the operator.
    To further increase security, an authorization device can also be provided, via which an operator logs in. In addition, any input via the input device 15 can also be stored in a log file 22 for subsequent checking.
    FIG. 2 shows an example of a circuit diagram 19 which is known per se to the person skilled in the art and which is divided here on three screen pages of the visualization unit 14.
    FIG. 3 shows how, starting from the circuit diagram 19 shown in FIG. 2, a compiled version of the circuit diagram 19 is generated. In a first step, an export file 28 (here XML file) is created from the circuit diagram 19, which can here be enriched or reduced to information 29. In the next step, the XML file is imported into the engineering tool 27, where the compilation process is initiated by a compiler of the engineering tool 27. After completion of the compilation process the compiled version of the circuit diagram 19 and the safety parameters 10 are stored by means of the safety loader 30 in the safe control device 6 as executable by the safe control device 6 safety program 9. As can be seen from FIGS. 2 and 3, in the illustration of the circuit diagram 19, a stored identification 31 of the shaping installation 1 or the peripheral device for the shaping installation 1, preferably in the form of a fabrication number, is deposited, so that a confusion of the safety program 9 can be prevented
    In the embodiment shown can be achieved by the approaches described again a very similar installation workflow as in the discrete safety technology. However, additional benefit is obtained above all by the simple operability via the user interface of the non-secure control device. Furthermore, a comfortable diagnosis and a structured functional test is possible. This can even reduce the cost of designing and commissioning safety functions. This is particularly advantageous in special machine construction and for complex systems. Often, commissioning in the conventional case consumes a lot of time and is difficult to plan.
    In the exemplary embodiment shown, the safety function can continue to be created in the ECAD and be automatically brought to the safe control device with the aid of the manufacturer-specific safety engineering tool and a safety loader integrated on the system. This route is extremely efficient both during in-house commissioning and in the field (sending the safety program via e-mail, etc.). By automating the steps as well as additional accompanying measures such as input of safety parameters, diagnostics, guided commissioning, documentation results in an optimized installation workflow that is more efficient than the discrete workflow and reduces the complexity.
    Innsbruck, December 12, 2014
    权利要求:
    Claims (20)
    [1]
    claims
    1. shaping system (1) or peripheral device for a shaping system (1), comprising: - at least one non-safe control device (2) having at least one signal input (3) and at least one signal output (4) for non-safe control of non-safety-relevant actuators ( 5) of the shaping installation (1) or peripheral device, - at least one safe control device (6) which has at least one safe signal input (7) and at least one safe signal output (8) and in which a safety program (9) is stored safe control of safety-related actuators (11) of the shaping system (1) or peripheral device is executable, characterized in that the safety program (9) by the secure control device (6) executable, compiled by a compiler version of a circuit diagram (19).
    [2]
    2. shaping system or peripheral device according to claim 1, characterized by at least one signal transmitting connecting device (17) to which the at least one non-secure control device (2) and the at least one safe control device (6) are connected.
    [3]
    3. shaping system or peripheral device according to claim 2, characterized in that the at least one signal-transmitting connection device (17) as a bus, preferably as a secure bus, is formed.
    [4]
    4. shaping system or peripheral device according to one of claims 1 to 3, characterized by a computing unit (12) on which a user interface (13) with a visualization unit (14) and an input device (15) for visualization of signals of the at least one non-secure control device (2) and configured to input parameters for the at least one non-secure control device (2).
    [5]
    5. shaping system or peripheral device according to claim 4, characterized in that the safety program (9) by means of a user via the input device (15) of the user interface (13) of the arithmetic unit (12) specifiable safety parameters (10) is executable.
    [6]
    6. shaping system or peripheral device according to claim 5, characterized in that the security parameters (10 for the safety program (9) of the safe control device (6) via the input device (15) of the user interface (13) of the arithmetic unit (12) can be entered
    [7]
    7. shaping system or peripheral device according to claim 5 or 6, characterized in that by means of the safety parameters (10) for the safety program (9) of the safe control device (6) - the number and / or positioning of the safety-related actuators (11) or the predetermined security level of at least one safety-relevant actuator (11) can be selected.
    [8]
    8. shaping system or peripheral device according to at least one of the preceding claims, characterized in that on the input device (15) of the user interface (13) of the non-safe control device (2) the safety program (9) on the safe control device (6) verifiable installable.
    [9]
    9. shaping system or peripheral device according to at least one of the preceding claims, characterized in that in the user interface (13) of the non-secure control device (2) or in the safe control device (6) a diagnostic tool (18) for the at least one secure control device (6 ) is implemented.
    [10]
    10. shaping system or peripheral device according to claim 9, characterized in that the visualization unit (14) of the user interface (13) for displaying diagnostic signals of the diagnostic tool (18) in the form of the circuit diagram (19) is configured.
    [11]
    11 .Modulation system or peripheral device according to claim 10, characterized in that the visualization unit (14) of the user interface (13) is configured for the individual display of a block (23) or a group of blocks (23) of the circuit diagram (19), wherein the input device ( 15) of the user interface (13) is configured for switching between the individual representations in accordance with a signal flow direction of the circuit diagram (19).
    [12]
    12. Forming system or peripheral device according to at least one of claims 9 to 11, characterized in that the diagnostic tool (18) is configured to test a multiple blocks (23) comprehensive signal connection of the circuit diagram (19) and to mark already tested blocks (23) ,
    [13]
    13. Forming system or peripheral device according to claim 9, characterized in that the diagnostic tool is configured to determine whether an input signal present at the at least one safe signal input of the safe control device has a predetermined output signal via the input signal at least one safe signal output (8) of the safe control device (6) triggers.
    [14]
    14. Forming system or peripheral device according to claim 13, characterized in that the diagnostic tool (18) monitors the complete signal path between the at least one safe signal output (8) and the at least one safe signal input (7).
    [15]
    15. Forming system or peripheral device according to claim 1, characterized in that the at least one secure control device (6) is physically separate from the non-secure control device (2) or implemented in the non-secure control device (2).
    [16]
    16, shaping device or peripheral device according to at least one of the preceding claims, characterized in that the at least one safe control device (6) via a secure bus module (26) with the at least one safe signal input (7) and / or the at least one safe signal output (8 ) communicates.
    [17]
    17, shaping device or peripheral device according to at least one of the preceding claims, characterized in that via the input device (15) of the user interface (13) of the non-secure control device (2) made entering safety parameters (10) for the safe control device (6 ) can be stored in a log file (22).
    [18]
    18, shaping device or peripheral device according to at least one of the preceding claims, characterized in that via the input device (15) of the user interface (13) of the non-secure control device (2) the input of safety parameters (10) for the safe control device (6). can be restricted to values which have already been provided in the circuit diagram with an intended safety-compliant reaction.
    [19]
    19. A molding installation or peripheral device according to claim 1, characterized in that an additional identification in the circuit diagram (19) of the shaping installation (1) or the peripheral device for the shaping installation (1), preferably in the form of a fabrication number, is deposited and in the safety program (9) executable by the safe control device (6) is taken over, so that a confusion of the safety program can be prevented.
    [20]
    20. A method for operating a shaping system (1) or a peripheral device for a shaping system (1), wherein - at least one non-safe control device (2), which via input and output signals non-safety actuators (5) of the shaping system (1) or peripheral device not sure controls, - at least one safe control device (6), which safely controls input and output signals by means of a safety program (9) safety actuators (11) of the shaping system (1) or peripheral device, characterized in that the safe control device (6) via the Safety program (9) executes a compiler-compiled version of a circuit diagram (19). Innsbruck, December 12, 2014
    类似技术:
    公开号 | 公开日 | 专利标题
    EP2422271B1|2013-06-19|Method and apparatus for creating an application program for a safety-related control unit
    EP2363770B1|2012-03-21|Safety device with a configurable controller
    WO2014111417A1|2014-07-24|Microprocessor-controlled control device for an injection molding system, comprising a simulation computer
    EP2098924A1|2009-09-09|Method and device for programming and/or configuring a safety controller
    DE102004020994B4|2013-07-04|Method and apparatus for computer-aided design of a safety-related electrical circuit
    EP2246756B1|2019-03-06|Method and operating device for operating a security-oriented industrial automation component
    EP2835699B1|2015-05-06|Method and device for configuring and/or programming a safety controller
    EP2356527B1|2013-09-25|Safety control and method for controlling an automated system having a plurality of system hardware components
    AT516652B1|2017-09-15|forming plant
    DE202008017893U1|2010-10-28|Device for programming and / or configuring a safety controller
    WO2006125405A2|2006-11-30|Method for operating an electrical device of an automation system
    EP3056955A1|2016-08-17|Planning and engineering method, software tool and system for a processing assembly
    DE102005007477B4|2015-06-11|Programmable control for machine and / or plant automation with standard control and safety functions and communication with a safety I / O and method for operating the programmable controller
    DE102013010783A1|2014-12-31|Method and control device for testing an automation solution based on a PLC control
    DE102012016269A1|2014-02-20|Electric machine with a monitoring device
    EP2360540B1|2013-07-03|Data carrier with pictures for the configuration of drive systems and computer with graphical user interface
    EP3470939A1|2019-04-17|Method and devices for monitoring the security integrity of a security function provided by a security system
    EP3470937A1|2019-04-17|Method and devices for monitoring the response time of a security function provided by a security system
    EP2482154A1|2012-08-01|Method and operating device for operating a security-oriented industrial automation component
    DE10140763A1|2003-03-06|Method and arrangement for the configuration of assemblies in a data processing system
    EP3650970A1|2020-05-13|Method and device for the computer-assisted simulation of a modular technical system
    DE202013103586U1|2014-11-13|Device for configuring and / or programming a safety controller
    WO2012139638A1|2012-10-18|Method for automatically determining the error probability of a security application
    EP2913728B1|2016-12-14|Method for operating an automation device and automation device
    EP3026514A1|2016-06-01|Automation system and method for external control of a self-testing algorithm in a decentralised safety device
    同族专利:
    公开号 | 公开日
    US20160167277A1|2016-06-16|
    AT516652B1|2017-09-15|
    CN105739463A|2016-07-06|
    DE102015015963A1|2016-06-16|
    US10606239B2|2020-03-31|
    CN105739463B|2019-11-19|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    DE102005046686A1|2005-09-29|2007-04-05|Heidelberger Druckmaschinen Ag|Printing machine operating device, has control processor, where operating state is determined during input of operating command that is executed and is not executed based on pre-condition, where non-execution is signaled to operating person|
    DE102011122337A1|2010-12-24|2012-06-28|Sumitomo Heavy Industries, Ltd.|Injection molding machine has judgment unit to determine whether operation is continued by using electric power stored in power storage device, when power failure is occurred|
    KR100635975B1|2000-02-14|2006-10-20|동경 엘렉트론 주식회사|Apparatus and method for plasma treatment|
    US7269468B2|2003-09-05|2007-09-11|Fisher-Rosemount Systems, Inc.|State machine function block with a user modifiable output configuration database|
    CA2551045C|2005-06-30|2008-04-22|Hitachi, Ltd.|Input-output control apparatus, input-output control method, process control apparatus and process control method|
    US7539550B2|2006-02-23|2009-05-26|Rockwell Automation Technologies, Inc.|Safety versus availability graphical user interface|
    DE102008002266B4|2007-06-12|2019-03-28|Omron Corp.|Program development support device of a safety controller|
    JP4888717B2|2007-06-12|2012-02-29|オムロン株式会社|Program development support device for safety controller|
    AT529789T|2007-07-05|2011-11-15|Sick Ag|PROCESS FOR PROGRAMMING A SAFETY CONTROL|
    US7869889B2|2008-07-02|2011-01-11|Saudi Arabian Oil Company|Distributed and adaptive smart logic with multi-communication apparatus for reliable safety system shutdown|
    US8469693B2|2010-08-24|2013-06-25|Athena Automation Ltd.|Low profile stack mold carrier|
    WO2012159207A1|2011-05-26|2012-11-29|Athena Automation Ltd.|Integrated electrical cabinet for an injection unit|
    CN203217346U|2013-04-12|2013-09-25|三一重工股份有限公司|Batching control system and engineering machinery|
    EP2835699B1|2013-08-09|2015-05-06|Sick Ag|Method and device for configuring and/or programming a safety controller|US10254734B2|2016-11-21|2019-04-09|Avaya Inc.|Testing user interface functionality through actuation by a piezoelectric grid|
    AT521134B1|2018-04-20|2019-11-15|Engel Austria Gmbh|industrial plant|
    法律状态:
    优先权:
    申请号 | 申请日 | 专利标题
    ATA50902/2014A|AT516652B1|2014-12-12|2014-12-12|forming plant|ATA50902/2014A| AT516652B1|2014-12-12|2014-12-12|forming plant|
    DE102015015963.1A| DE102015015963A1|2014-12-12|2015-12-08|forming plant|
    US14/963,747| US10606239B2|2014-12-12|2015-12-09|Shaping plant and safety program|
    CN201511036270.9A| CN105739463B|2014-12-12|2015-12-11|Molding equipment and peripheral equipment for molding equipment|
    [返回顶部]