The present invention relates to a method for providing fail-safe data transmission between a numerically controlled machine and a spatially separate controller unit. In particular, the invention relates to high speed fail-safe data transmission between a numerically controlled machine and a spatially separate controller unit.
It is known, for example from German Utility Model Patent G 82 36 366.8, that machine tools can be equipped not only with an operator""s panel, but also with a supplemental, mobile wrist-extension manipulator device used to remotely control certain special functions of the machine. The operator""s panel usually includes a display device from which the user is able to initiate and monitor all functions for controlling the machine. The mobile wrist-extension device can include an electronic handwheel operating a manual pulse generator, that enables the user to enter, for example, the movement commands for one or more axes of the machine not only when the user is at the operator""s panel but in a more limited manner from any other location. The mobile wrist-extension device of this patent has various keys for selecting functions, and a rotary position transducer operated by a handwheel. A cable having the requisite lines for signal transmission provides the link between the wrist-extension device and the controller of the machine, but this patent does not reveal a method for reliably transmitting input data from the wrist-extension device to the controller.
The German Patent 29710 026 describes a numerical control system having a spatially separate operator panel, which includes a handwheel for inputting position control commands. In this patent, the positioning commands are transmitted from the spatially separate operator panel to the system controller within a fixed time grid, using a wireless transmission device in accordance with the DECT standard. There is no mechanical link, such as a cable, between the system controller and the operator panel.
The drawback of this specific system is that it is easily disturbed by the electromagnetic fields present in a machine room. Therefore, when using the operator panel, there is the constant danger of the machine malfunctioning not only due to failure of electronic modules, but also due to interference with the radio transmission of commands.
Guidelines exist with respect to the requirements for fail-safe and fault-tolerant systems, in particular control systems. EN 954-1 stipulates that a category-3 fail-safe system must not enter into an unpredictable operating state because of one single fault, but rather that it continue to function as a fail-safe system in spite of the single fault. In cases where the system""s input unit is separate from the system""s control unit, the data transmission between the controller and the input unit also should include a fail-safe transmission method, to attain a fully fail-safe system. A variety of conventional transmission methods have been used toward this goal. For example, in one possible fail-safe transmission method, the input data received in the controller unit is retransmitted to the input unit, and compared there to the input data originally sent to the controller unit. If concordance between the signals is recognized, then no error has occurred during transmission, otherwise the error is communicated to the controller unit by the input unit, thereby requiring a renewed data transmission.
The disadvantage of this method is that it is necessary for data to be transmitted both by the input unit as well as by the controller, making it necessary to provide transmitting/receiving modules both in the input unit as well as in the controller. In addition, the controller must wait until it is certain that the input unit is no longer reporting any errors with respect to the input data. This leads to a delay in the processing of input data. A further disadvantage of this method is that if an error first occurs during retransmission of the input data from the controller unit to the input unit, the system will interpret the resulting lack of concordance as a faulty transmission from the input unit to the controller, and initiate an error routine.
Another approach is described in EP 182 134 BI for operating a multi-computer system which is fail-safe in terms of signal engineering, and is used in particular for railway safety installations. As soon as interferences are recognized in this multi-computer system, so-called xe2x80x9clong telegramsxe2x80x9d for the data exchange are transmitted between the computers. A feature of these long telegrams is that they are made up of two telegrams having the same content and standardized length, and that they are transmitted over transmission channels that have not been recognized as being interfered until that point in time. As a result, the data transmission is characterized by higher redundancy. In this context, one of the two customary telegrams can be transmitted as inverted telegrams. The drawback of this method is that a long telegram is produced and transmitted by one single computer. Therefore, it is not possible to detect disturbances affecting only one computer.
The present invention is directed to a method for providing fail-safe data transmission between a numerically controlled machine and a spatially separate input unit that substantially obviates one or more of the problems due to limitations and disadvantages of the related art, and that provides high speed transmission of data. Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and obtained by the apparatus and method particularly pointed out in the written description and claims hereof, as well as the appended drawings.
To achieve these and other advantages and in accordance with the purpose of the invention, as embodied and broadly described, the invention is a method for a most rapid possible data transmission between the machine controller and input unit which requires as little additional outlay as possible to render the data transmission fail-safe.
The method for providing fail-safe transmission of data between a numerically controlled device and a spatially separate input unit includes providing the data to at least two input processors of the input unit, which are independent of one another, encoding the data in the at least two input processors of the input unit using different encoding algorithms in each of the at least two input processors, and transmitting the encoded data from the least two input processors to a controller of the device. Next, the method includes providing the encoded data to at least two control processors, corresponding to each of the at least two input processors, decoding the encoded data in the at least two control processors of the controller, using different decoding algorithms that are the inverse of the different encoding algorithms, and checking the decoded data for parity, so an error routine can be executed in response to a result of non-parity.
In another embodiment, the invention further comprises transmitting the encoded data from a second input processor to a first input processor of the input unit, transmitting a unitary message containing the encoded data of the first and second input processors from the first input processor, via an interface, to a first control processor of the controller, and routing one of the encoded data of the first and second input processors to a second control processor of the controller.
An advantage of the method according to the present invention is that a fail-safe data transmission is implemented between the input unit and the machine controller in an especially simple manner. The input commands entered by the user are variably coded independently of one another by the two processors of the input unit, and are transmitted in succession to the machine controller. Existing data transmission paths are used in the controller without any danger of unauthorized altering of the transmission data. An especially high degree of fail-safeness is advantageously achieved if codes for safeguarding against errors are used to encode the messages.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed.