You are here: GSI Wiki>Z6 Web>SafetySystem (2008-11-20, UweThiemer)Edit Attach
<- Z6 home


The Z6 control system use Beckhoff TwinSAFE® modules. They can be integrated in stations with standard modules.

SAFETY hardware

TwinSAFE ® overview
The safety logic module is KL6904 . In this module are two different microcontrollers to themselves supervise mutually. All stations have ONE KL6904 and a lot of safety inputs (KL1904) and safety outputs (KL2904). The logic of safety must be programmed in the logic module KL6904. For programming you use also TwinCAT SystemManager.
Datasheets and user guides you find in this folder ... folder.

SAFETY plan (schematic)

The programming user guide you find by Beckhoff: TwinSAFE®-FBs.
I would like to explain the system with the help of an example.
You find the schematic in E³ under the folder SAFETY-Logik:
E3 SAFETY Ordner

A small detail from the Z6 safety system shows the principle of programming and documentation. Sheet 9101 contains the doorlock, warning and high voltage interlock:
The first logic block ES_Keller_verriegelt gives a signal to the doorlock output, if:
  • SAFE_LEVEL_1 signal came from the control panel (this signal is true, if the operating mode is not in "service mode")
  • safety key switch ("Keller sicher") inputs must be true (key switch false stand for "cellar safe" -> no doorlock, no High Voltage)
  • EDM-Input controls the relays feedback
These inputs are going to the logic block Emergency Stop (ES_xxx). It starts, if the key switch gives a true impulse to the start input.

The next logic block is AND_High_Voltage. The output controls a "High Voltage" warning light relays, if:
  • operating mode is "shot"
  • safety key switch ("Keller sicher") inputs must be true
  • door feedback must be "door locked"
The last logic block MachineMonitoring (MM_IL_Cilas) controls the Interlock (IL) for high voltage power supply units:
  • warning light must be on
  • door feedback must be closed
  • feedback from IL relays will be controlled
  • The "Switch on" signal (impuls) comes from the PLC.

SAFETY software

This plan you can realize in TwinSAFE®-configurator. Let's have a look to the first safety logic:
Emergency Stop ES_Keller_verriegelt has the number FB100 in the group 10 = cellar, G10. In the System Manager you find the logic in KL6904 :
SystemManager SAFETY Keller
You can see the inputs are linked with SAFETY inputs (Restart: A4.K3) or signals from other stations over decoupler (1D_in4.1). The output is linked to A3.K1.


To use the safety inputs and outputs the library ConnectionDiagnose.lib is included:

In the PLC program you find the variable definition in the modul TwinSAFE_IO . there is an instance definition for every TwinSAFE® modul. The I/O function modules (FBs) have the variable names. TSo_ for output and TSi_ for input variable.

-- UweThiemer - 20 Nov 2008
Topic revision: r4 - 2008-11-20, UweThiemer - This page was cached on 2021-09-28 - 09:44.

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding GSI Wiki? Send feedback | Imprint (german) | Privacy Policy (german)