The present disclosure relates to a device and method for failsafe monitoring a number of passes of a moving machine part through a defined movement region.
The present disclosure relates in particular to the field of machine and facility safety. Generally, operating modern machines and facilities comes along with an extensive safety concept, no matter if it relates to machine tools such as processing centers, presses, assembly facilities or to robots. However, many risks to persons, products, and processes arise from machines and facilities as a result of the rapid, high degree of automation, which are hardly recognizable at first glance. Therefore, there is a number of guidelines, standards, and laws, which define specific safety requirements, which are to be considered in the implementation of technical facilities.
Relevant standards are, inter alia, EN ISO 12100:2010 as the central standard for machine safety, EN ISO 13849-1 (successor of EN 954-1) as the central standard for the design of safety-oriented controllers in the field of “machine safety” and IEC 61508, which defines requirements for safety systems of a facility independently of the application. The present disclosure relates in particular to devices which, with regard to functional safety, achieve a safety integrity level (SIL) classification of at least SIL-2 or a performance level greater than PLc, wherein the performance level, according to EN ISO 13849-1, defines the probability of a dangerous failure per hour.
Different safety aspects have to be taken into account for technical facilities that operate automatically. On the one hand, it has to be ensured that no unauthorized access or entry by persons or products into an assigned region of action of the machine takes place, or that the moving machine part is safely transferred into a safe state in such a case. Furthermore, it has to be ensured that the moving machine part does not itself leave the assigned region of action, for example, in that the moving machine part passes beyond end points of its movement axes or breaks out of a predefined mechanical delimitation in another manner. In this way, on the one hand, parts of the technical facilities or the moving machine part itself can be entirely or partially damaged or destroyed, whereby time-consuming and costly repairs could become necessary. On the other hand, a moving machine part exiting from its region of action can represent additional hazards to persons and products, which are not detected by the above-mentioned access monitoring.
The monitoring of a technical facility which has moving machine parts, from which a risk can originate, therefore regularly requires two monitoring units, which are often separate from one another. On the one hand, spatial securing takes place to restrict the access by persons or to monitor passage or pass-through regions, wherein walls, stable protective gratings, or electromechanical or optoelectronic safety devices are regularly used. On the other hand, a moving machine part itself has to be monitored as to whether it is located within its region of action. This is generally carried out using position switches, light grids, or camera-based safety devices, with which the boundaries of the region of action can be monitored, in order to register an exit from the region of action. Alternatively, the respective position of the moving machine part may be directly determined in a failsafe manner.
In large facilities, for example, production lines in automobile manufacturing, in which a variety of technical facilities having moving machine parts have to be monitored, monitoring and the associated safety concept can become very complex and costly. This is in particular because safety-relevant, failsafe monitoring is often implemented by redundant monitoring, whereby the number of safety devices used, in particular the number of sensors and actuators, regularly doubles. Generally, it is desirable to reduce the number of safety devices to a minimum and at the same time ensure safety according to the standards.
In addition, the monitoring of a region of action of a technical facility is becoming more and more complex as a result of increasingly intelligent machines, for example, computer-controlled, automatically operating robots, because the region of action thereof can often no longer be defined using clear boundaries. For complex segmentation of the region of action, in which also subregions have to be monitored, the number of required sensors can increase rapidly, in particular if every physical and any freely-defined boundary has to be redundantly monitored due to fail-safety requirements, as mentioned above.
In addition, in some fields of application, a use of simple position sensors at the boundaries of the region of action is not possible at all, for example, if a critical state first occurs after a movement region has been passed through multiple times. In particular in the case of circular movements about an axis, in which multiple complete revolutions are enabled, but a maximum number is predefined, monitoring using simple position sensors is not possible or is only to be managed using additional evaluation units, which in turn also have to be failsafe per se.