This invention relates to a safety condition setting support device and a computer readable medium program product, as well as a method of controlling a device for obtaining safety conditions for a safety network.
As is well known, a network system connecting a programmable controller (PLC) and a slave through a network such as a device network is structured for a factory automation (FA) system. The slave is provided with a plurality of I/O units and sensors, relays and apparatus of various other kinds and connected to these I/O units such that sensing data detected by input devices (such as switches and sensors) connected to the slave, for example, are taken in by the PLC through the network. The PLC serves to analyze the obtained sensing data and to transmit control commands to the output devices (such as relays, valves and actuators) to be operated on the basis of these sensing results.
On the other hand, safety systems are recently coming to be introduced into the control by a PLC. This is to say that not only the PLC and individual apparatus but also the network itself is coming to be formed incorporating safety (failsafe) functions. In the above, the failsafe functions include duplexing the CPU and other operating parts such that correct outputs will be made, pressing an emergency stop button in the case of a network abnormality (such that normal communications cannot be made), and activating a failsafe function to stop an action for safety if a sensor such as a light curtain detects the entry of a person (or a part of a person's body) and a safety system cannot maintain a safe condition.
In the case of a safety system of the latter type making use of a network, the positional relationship (including safety distance) between the machine equipment to be controlled by a related output device and an input device becomes an important factor in order to carry out the failsafe function. FIG. 1 shows a robot as an example of machine equipment controlled by an output device where its range of operation becomes a danger area 1. In this situation, a pair consisting of a light transmitter 2a and a light receiver 2b is set as an input device in front of this danger area 1. It will be assumed that walls, etc. are so set up that a worker 3 will have to pass between this light transmitter 2a and the light receiver 2b in order to penetrate into the danger area 1.
This means that the worker 3 will necessarily pass through the optical axis 4 of the light transmitted from the light transmitter 2a before reaching the danger area 1. When the light receiver 2b becomes unable to receive light from the light transmitter 2a, the safety system for this case concludes that the worker 3 has passed this optical axis 4 and outputs a warning signal. A detection signal is eventually transmitted to the output device through the network and the output device serves to stop the operations of the machine equipment functioning within the danger area 1.
In other words, there is a certain delay from the moment when the light receiver 2b detects the worker 3 passing until the machine equipment is actually stopped. This delay necessarily includes at least the total of the internal processing times by the input device and the output device and the communication times of various data on the network.
Thus, if the aforementioned total time is shorter than the time required for the worker 3 to reach the danger area 1 after passing between the light transmitter 2a and the light receiver 2b (the distance of walking/the speed of walking), the machine equipment can be stopped before the worker 3 reaches the danger area 1. When the system is designed, therefore, this is taken into consideration such that the internal processing times of the input and output devices are set to become shorter or the distance of walking (from the position of detection by the input device to the danger area 1) such that the system (machine equipment) can be dependably stopped at the time of an abnormality.
If the necessary distance between the position of detection by the input device and the danger area 1 for carrying out a safety operation is defined as the minimum safety distance S, this may be obtained asS=K×T where K is the speed of walking such as 1 m/sec and T is the time required for stopping the operations (the aforementioned total time), orS=K×T+C where C is an additional distance.
Prior art systems of this type had problems of the following kind.
For example, when an actual safety system is be built by using a network, the delay time related to the communication and the processing times by the input and output devices must be reflected in the safety distance, as explained above. It is troublesome, however, to identify the devices that form the network system related to the machine equipment and to obtain times related to them. Moreover, there are many system structures even if one merely considers the communication route between the input and output devices because there are situations, for example, where a detection signal is directly transmitted from the input device to the output device as well as where it is first taken in by the PLC and processed by it and then the processed result is transmitted to the output device. Thus, it is cumbersome to determine the network routine for which a safety distance is now being sought and to consider the delay in the communication time based on it.
In view of the above, it is possible to consider all delays related to the network to be uniform and for the user to set up all machine apparatus by calculating safety distances for them all by taking into consideration their maximum delay but if the delay times and the processing times are uniform, there is no flexibility in the application and applicable applications become limited.
If the fastest response time (internal processing time) is required of all apparatus, furthermore, this will require an excessive communication capability of the safety network to be used and this will adversely affect the cost.