KST SafeOperation 32 En

KUKA System Technology KUKA Roboter GmbHKUKA.SafeOperation 3.2 For KUKA System Software 8.3 Assembly and Operating Instructions KUKA.SafeOp- eration 3.2 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 KUKA.SafeOperation 3.2 © Copyright 2016 KUKA Roboter GmbH Zugspitzstraße 140 D-86165 Augsburg Germany This documentation or excerpts therefrom may not be reproduced or disclosed to third parties without the express permission of KUKA Roboter GmbH. Other functions not described in this documentation may be operable in the controller. The user has no claims to these functions, however, in the case of a replacement or service work. We have checked the content of this documentation for conformity with the hardware and software described. Nevertheless, discrepancies cannot be precluded, for which reason we are not able to guarantee total conformity. The information in this documentation is checked on a regular basis, however, and necessary corrections will be incorporated in the subsequent edition. Subject to technical alterations without an effect on the function. Translation of the original documentation KIM-PS5-DOC Publication: Pub KST SafeOperation 3.2 (PDF) en Book structure: KST SafeOperation 3.2 V6.2 Version: KST SafeOperation 3.2 V7 2 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 Contents Contents 1 Introduction .................................................................................................. 9 1.1 Target group .............................................................................................................. 9 1.2 Industrial robot documentation ................................................................................... 9 1.3 Representation of warnings and notes ...................................................................... 9 1.4 Terms used ................................................................................................................ 10 2 Product description ..................................................................................... 13 2.1 Overview of SafeOperation ........................................................................................ 13 2.2 Monitoring spaces ...................................................................................................... 14 2.2.1 Coordinate systems .............................................................................................. 16 2.2.1.1 Special cases ................................................................................................... 18 2.2.2 Cell area ............................................................................................................... 19 2.2.3 Cartesian workspaces .......................................................................................... 20 2.2.4 Cartesian protected spaces .................................................................................. 21 2.2.5 Axis-specific workspaces ...................................................................................... 22 2.2.6 Axis-specific protected spaces ............................................................................. 23 2.2.7 Space-specific velocity ......................................................................................... 25 2.2.8 Reference stop ..................................................................................................... 25 2.3 Safe tools ................................................................................................................... 26 2.4 Velocity monitoring functions ..................................................................................... 27 2.5 Safe operational stop for axis groups ........................................................................ 28 2.6 Reference switch module ........................................................................................... 28 2.7 Connecting cables ..................................................................................................... 29 3 Technical data .............................................................................................. 31 3.1 Service life ................................................................................................................. 31 3.2 Reference switch ....................................................................................................... 31 3.3 Connector pin assignment of reference cable X42-XS Ref ....................................... 32 3.4 Circuit digram of reference switch XS Ref ................................................................. 33 3.5 Hole pattern for actuating plate .................................................................................. 33 4 Safety ............................................................................................................ 35 4.1 General ...................................................................................................................... 35 4.1.1 Liability .................................................................................................................. 35 4.1.2 Intended use of the industrial robot ...................................................................... 35 4.1.3 EC declaration of conformity and declaration of incorporation ............................. 36 4.1.4 Terms used ........................................................................................................... 36 4.2 Personnel ................................................................................................................... 38 4.3 Workspace, safety zone and danger zone ................................................................. 39 4.3.1 Determining stopping distances ............................................................................ 39 4.4 Triggers for stop reactions ......................................................................................... 40 4.5 Safety functions ......................................................................................................... 40 4.5.1 Overview of the safety functions ........................................................................... 40 4.5.2 Safety controller .................................................................................................... 41 4.5.3 Selecting the operating mode ............................................................................... 41 4.5.4 “Operator safety” signal ........................................................................................ 42 4.5.5 EMERGENCY STOP device ................................................................................ 43 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 3 / 205 KUKA.SafeOperation 3.2 4.5.6 Logging off from the higher-level safety controller ................................................ 43 4.5.7 External EMERGENCY STOP device .................................................................. 44 4.5.8 Enabling device .................................................................................................... 44 4.5.9 External enabling device ...................................................................................... 45 4.5.10 External safe operational stop .............................................................................. 45 4.5.11 External safety stop 1 and external safety stop 2 ................................................. 45 4.5.12 Velocity monitoring in T1 ...................................................................................... 45 4.6 Additional protective equipment ................................................................................ 45 4.6.1 Jog mode .............................................................................................................. 45 4.6.2 Software limit switches ......................................................................................... 46 4.6.3 Mechanical end stops ........................................................................................... 46 4.6.4 Mechanical axis range limitation (optional) ........................................................... 46 4.6.5 Axis range monitoring (optional) ........................................................................... 46 4.6.6 Options for moving the manipulator without drive energy .................................... 47 4.6.7 Labeling on the industrial robot ............................................................................ 47 4.6.8 External safeguards ............................................................................................. 47 4.7 Overview of operating modes and safety functions ................................................... 48 4.8 Safety measures ........................................................................................................ 48 4.8.1 General safety measures ..................................................................................... 48 4.8.2 Transportation ...................................................................................................... 50 4.8.3 Start-up and recommissioning .............................................................................. 50 4.8.3.1 Checking machine data and safety configuration ............................................ 51 4.8.3.2 Start-up mode .................................................................................................. 53 4.8.4 Manual mode ........................................................................................................ 54 4.8.5 Simulation ............................................................................................................. 54 4.8.6 Automatic mode ................................................................................................... 55 4.8.7 Maintenance and repair ........................................................................................ 55 4.8.8 Decommissioning, storage and disposal .............................................................. 56 4.8.9 Safety measures for “single point of control” ........................................................ 56 4.9 Applied norms and regulations .................................................................................. 57 5 Installation .................................................................................................... 61 5.1 System requirements ................................................................................................. 61 5.2 Installing or updating SafeOperation ......................................................................... 61 5.3 Uninstalling SafeOperation ........................................................................................ 62 6 Operation ...................................................................................................... 63 6.1 User groups ............................................................................................................... 63 6.2 Opening the safety configuration ............................................................................... 63 6.3 Overview of buttons ................................................................................................... 63 6.4 Display functions ....................................................................................................... 64 6.4.1 Displaying information about the safety configuration .......................................... 64 6.4.2 Displaying the change log .................................................................................... 65 6.4.3 Displaying machine data ...................................................................................... 65 6.5 Importing the safety configuration (XML import) ........................................................ 65 6.6 Exporting the safety configuration (XML export) ....................................................... 67 6.7 Safe robot retraction in case of space violation ......................................................... 68 7 Start-up and configuration .......................................................................... 69 4 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 Contents 7.1 System safety instructions ......................................................................................... 69 7.2 Jogging the robot without a higher-level safety controller .......................................... 69 7.3 Start-up and configuration – overview ....................................................................... 70 7.4 Information about the safety configuration ................................................................. 71 7.4.1 Safe definition of Cartesian protected spaces ...................................................... 72 7.4.2 Unexpected protected space violation at space corners ...................................... 74 7.5 Configuring safety monitoring functions ..................................................................... 75 7.5.1 Activating safe monitoring ..................................................................................... 75 7.5.2 Defining global parameters ................................................................................... 75 7.5.3 Defining a cell area ............................................................................................... 77 7.5.4 Defining Cartesian monitoring spaces .................................................................. 79 7.5.5 Defining axis-specific monitoring spaces .............................................................. 84 7.5.6 Defining axis-specific velocity monitoring ............................................................. 87 7.5.6.1 Parameter Braking time ................................................................................. 90 7.5.7 Defining the safe operational stop for axis groups ................................................ 91 7.5.8 Defining safe tools ................................................................................................ 93 7.5.9 Defining the reference position ............................................................................. 95 7.5.10 Saving the safety configuration ............................................................................. 97 7.6 Mastering test ............................................................................................................ 98 7.6.1 Overview, mastering test ...................................................................................... 98 7.6.2 Programs for the mastering test ........................................................................... 99 7.6.3 Variables for the mastering test ............................................................................ 100 7.6.4 Selecting a reference position .............................................................................. 101 7.6.4.1 Installing the reference switch and actuating plate .......................................... 101 7.6.4.2 Connecting a reference switch ........................................................................ 102 7.6.5 Teaching positions for the mastering test ............................................................. 103 7.6.6 Checking the reference position (actuation with tool) ........................................... 105 7.6.7 Performing a mastering test manually .................................................................. 105 7.7 Brake test ................................................................................................................... 106 7.7.1 Overview of the brake test .................................................................................... 106 7.7.2 Activating the brake test ....................................................................................... 107 7.7.3 Programs for the brake test .................................................................................. 107 7.7.4 Configuring input and output signals for the brake test ........................................ 108 7.7.4.1 Signal diagram of the brake test – examples ................................................... 110 7.7.5 Teaching positions for the brake test .................................................................... 111 7.7.6 Performing a manual brake test ............................................................................ 112 7.7.7 Checking that the brake test is functioning correctly ............................................ 113 7.8 Override reduction for velocity and workspace limits ................................................. 113 7.8.1 Override reduction with spline .............................................................................. 115 7.8.2 Examples of override reduction with spline .......................................................... 115 7.8.3 Variables for override reduction in $CUSTOM.DAT ............................................. 117 7.9 Safety acceptance overview ...................................................................................... 117 7.10 Checking that the safety functions are functioning correctly ...................................... 118 7.10.1 Testing Cartesian velocity limits ........................................................................... 119 7.10.2 Testing axis-specific velocity limits ....................................................................... 119 7.10.3 Testing Cartesian monitoring spaces ................................................................... 120 7.10.4 Testing axis-specific monitoring spaces ............................................................... 121 7.10.5 Testing the safe operational stop for an axis group .............................................. 122 7.11 Activating a new safety configuration ......................................................................... 122 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 5 / 205 KUKA.SafeOperation 3.2 7.12 Deactivating safe monitoring ..................................................................................... 123 8 Interfaces to the higher-level controller .................................................... 125 8.1 Safety functions via Ethernet safety interface ........................................................... 125 8.1.1 SafeOperation via Ethernet safety interface (optional) ......................................... 129 8.1.2 Diagnostic signals via Ethernet interface .............................................................. 133 8.2 SafeOperation via interface X13 ................................................................................ 136 9 Diagnosis ...................................................................................................... 139 9.1 Displaying safe I/Os ................................................................................................... 139 9.2 Variables for diagnosis .............................................................................................. 139 9.3 Outputs for space monitoring .................................................................................... 140 10 Messages ...................................................................................................... 141 10.1 Information about the messages ............................................................................... 141 10.2 System messages from module: CrossMeld (KSS) .................................................. 141 10.2.1 KSS15016 ............................................................................................................ 141 10.2.2 KSS15017 ............................................................................................................ 141 10.2.3 KSS15018 ............................................................................................................ 142 10.2.4 KSS15019 ............................................................................................................ 143 10.2.5 KSS15033 ............................................................................................................ 144 10.2.6 KSS15034 ............................................................................................................ 144 10.2.7 KSS15035 ............................................................................................................ 145 10.2.8 KSS15036 ............................................................................................................ 145 10.2.9 KSS15037 ............................................................................................................ 146 10.2.10 KSS15039 ............................................................................................................ 146 10.2.11 KSS15040 ............................................................................................................ 148 10.2.12 KSS15041 ............................................................................................................ 149 10.2.13 KSS15042 ............................................................................................................ 151 10.2.14 KSS15043 ............................................................................................................ 152 10.2.15 KSS15044 ............................................................................................................ 154 10.2.16 KSS15045 ............................................................................................................ 155 10.2.17 KSS15046 ............................................................................................................ 158 10.2.18 KSS15047 ............................................................................................................ 159 10.2.19 KSS15048 ............................................................................................................ 159 10.2.20 KSS15049 ............................................................................................................ 159 10.2.21 KSS15050 ............................................................................................................ 160 10.2.22 KSS15051 ............................................................................................................ 160 10.2.23 KSS15052 ............................................................................................................ 161 10.2.24 KSS15053 ............................................................................................................ 163 10.2.25 KSS15054 ............................................................................................................ 164 10.2.26 KSS15065 ............................................................................................................ 165 10.2.27 KSS15066 ............................................................................................................ 165 10.2.28 KSS15079 ............................................................................................................ 168 10.2.29 KSS15081 ............................................................................................................ 169 10.2.30 KSS15083 ............................................................................................................ 170 10.2.31 KSS15127 ............................................................................................................ 170 11 Appendix ...................................................................................................... 171 11.1 Checklists .................................................................................................................. 171 6 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 Contents 11.1.1 Precondition for safety acceptance based on the checklists ................................ 171 11.1.2 Checklist for robot and system ............................................................................. 171 11.1.3 Checklist for safety functions ................................................................................ 172 11.1.4 Checklist for Cartesian velocity monitoring functions ........................................... 175 11.1.5 Checklist for axis-specific velocity monitoring functions ....................................... 176 11.1.6 Checklist for safe operational stop for axis groups ............................................... 180 11.1.7 Checklist for cell area ........................................................................................... 182 11.1.8 Checklist for Cartesian monitoring spaces ........................................................... 183 11.1.9 Checklist for axis-specific monitoring spaces ....................................................... 185 11.1.10 Checklist for safe tools .......................................................................................... 190 11.2 Applied norms and directives ..................................................................................... 192 12 KUKA Service .............................................................................................. 193 12.1 Requesting support .................................................................................................... 193 12.2 KUKA Customer Support ........................................................................................... 193 Index ............................................................................................................. 201 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 / 205 KUKA.SafeOperation 3.2 8 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 1 Introduction 1 Introduction t 1.1 Target group t This documentation is aimed at users with the following knowledge and skills:  Advanced knowledge of the robot controller system  Advanced KRL programming skills For optimal use of our products, we recommend that our customers take part in a course of training at KUKA College. Information about the training program can be found at www.kuka.com or can be obtained directly from our subsidiaries. 1.2 Industrial robot documentation The industrial robot documentation consists of the following parts:  Documentation for the manipulator  Documentation for the robot controller  Operating and programming instructions for the System Software  Instructions for options and accessories  Parts catalog on storage medium Each of these sets of instructions is a separate document. 1.3 Representation of warnings and notes Safety These warnings are relevant to safety and must be observed. These warnings mean that it is certain or highly probable that death or severe injuries will occur, if no precautions are taken. These warnings mean that death or severe injuries may occur, if no precautions are taken. These warnings mean that minor injuries may occur, if no precautions are taken. These warnings mean that damage to property may occur, if no precautions are taken. These warnings contain references to safety-relevant information or general safety measures. These warnings do not refer to individual hazards or individual pre- cautionary measures. This warning draws attention to procedures which serve to prevent or remedy emergencies or malfunctions: Procedures marked with this warning must be followed exactly. Notices These notices serve to make your work easier or contain references to further information. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 9 / 205 KUKA.SafeOperation 3.2 Tip to make your work easier or reference to further information. 1.4 Terms used Term Description Axis range Range of an axis in degrees or millimeters within which the axis moves. The axis range is defined by a lower and an upper axis limit. Axis limit An axis has 2 axis limits which define the axis range. There is an upper and a lower axis limit. Stopping distance Stopping distance = reaction distance + braking distance The stopping distance is part of the danger zone. Workspace Monitoring space that the defined axes or the safe tool are not allowed to leave. The axes or the safe tool must always move within the limits of the workspace. (>>> 2.2.3 "Cartesian workspaces" Page 20) (>>> 2.2.5 "Axis-specific workspaces" Page 22) CIP Safety CIP Safety is an Ethernet/IP-based safety interface for connecting a safety PLC to the robot controller. (PLC = master, robot controller = slave) (>>> 8.1.1 "SafeOperation via Ethernet safety interface (optional)" Page 129) CK Customer-built Kinematics EtherNet/IP EtherNet/IP is an Ethernet-based field bus (Ethernet interface). (>>> 8.1.2 "Diagnostic signals via Ethernet interface" Page 133) Danger zone The danger zone consists of the workspace and the stopping distances. Mastering test The mastering test verifies whether the current position of the robot and the additional axes matches a reference position. (>>> 7.6 "Mastering test" Page 98) KL KUKA linear unit Alarm space An alarm space signals a workspace violation by setting an output. The alarm spaces are permanently assigned to the configurable outputs of the interface options PROFIsafe, CIP Safety or X13 (Extended SIB). Monitoring time During the monitoring time, the user is prompted to perform the mastering test. Polygon, convex A convex polygon is a polygon consisting of at least 3 different corners. Triangles and squares are examples of convex polygons. (>>> 2.2.2 "Cell area" Page 19) 10 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 1 Introduction Term Description PROFINET PROFINET is an Ethernet-based field bus (Ethernet interface). (>>> 8.1.2 "Diagnostic signals via Ethernet interface" Page 133) PROFIsafe PROFIsafe is a PROFINET-based safety interface for connecting a safety PLC to the robot controller. (PLC = master, robot controller = slave) (>>> 8.1.1 "SafeOperation via Ethernet safety interface (optional)" Page 129) Reference group A reference group contains the axes of a kinematic system that are required for moving to a reference position and are to be subjected to safe monitoring. Reference position The reference position is a Cartesian position to which the robot moves during the mastering test. (>>> 7.6.4 "Selecting a reference position" Page 101) Reference stop Safety stop that is triggered if the mastering test has not been performed. The reference stop can be activated for monitoring spaces. (>>> 2.2.8 "Reference stop" Page 25) Reference switch To perform the mastering test, a reference button is required. The reference position is confirmed using the reference button. (>>> 2.6 "Reference switch module" Page 28) Protected space Monitoring space into which the defined axes or the safe tool are not allowed to intrude. The axes or the safe tool must always move outside the limits of the protected space. (>>> 2.2.4 "Cartesian protected spaces" Page 21) (>>> 2.2.6 "Axis-specific protected spaces" Page 23) SIB Safety Interface Board Safety STOP 0 A stop that is triggered and executed by the safety controller. The safety controller immediately switches off the drives and the power supply to the brakes. Note: This stop is called safety STOP 0 in this document. Safety STOP 1 A stop that is triggered and monitored by the safety controller. The braking operation is carried out by the non-safety-oriented section of the robot controller and monitored by the safety controller. As soon as the manipulator is has stopped, the safety controller deactivates the drives and the power supply of the brakes. Note: This stop is called safety STOP 1 in this document. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 / 205 KUKA.SafeOperation 3.2 Term Description Safety STOP 2 A stop that is triggered and monitored by the safety controller. The braking operation is carried out by the non-safety-oriented section of the robot controller and monitored by the safety controller. The drives remain activated and the brakes released. Note: This stop is called safety STOP 2 in this document. Safe operational In the event of a safe operational stop, the system stop monitors standstill of the axes for which the safe operational stop is configured. When the axes are at a monitored standstill, they may move within the configured axis angle or distance tolerances. (>>> 2.5 "Safe operational stop for axis groups" Page 28) Safe tools A safe tool can be modeled using up to 6 configurable spheres. These spheres are monitored against the limits of the Cartesian monitoring spaces. Each safe tool has a safe TCP against which the configured velocity limits are monitored. (>>> 2.3 "Safe tools" Page 26) Monitoring space A monitoring space can be defined in Cartesian terms or axis-specifically and as a workspace or protected space. (>>> 2.2 "Monitoring spaces" Page 14) Cell area Cartesian workspace that forms a convex polygon with 3 … 10 vertices (corners) and is limited in ±Z direction. The cell area is the maximum permitted working range of the robot. (>>> 2.2.2 "Cell area" Page 19) 12 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description 2 Product description 2 2.1 t Overview of SafeOperation Functions SafeOperation is a safety option with software and hardware components and s the following functions:  Safe monitoring of a maximum of 16 user-defined, axis-specific or Carte- sian monitoring spaces  Safe monitoring of a user-defined cell area  Safe monitoring of axis-specific velocities  Safe monitoring of space-specific velocities  Safe monitoring of Cartesian velocities  Modeling of up to 16 safe tools with safe TCP  Safe stop via safety controller  Safe operational stop for up to 6 axis groups  Connection to a higher-level controller, e.g. to a safety PLC  Safe inputs for activation of the monitoring functions  Safe outputs for status messages of the monitoring functions  Creation and editing of the safety configuration on the robot controller or in WorkVisual. Information about the safety configuration in WorkVisual is contained in the WorkVisual documentation. Areas of appli-  Human-robot cooperation cation  Direct loading of workpieces without an intermediate support  Replacement of conventional axis range monitoring systems SafeOperation cannot and must not be used in conjunction with a CK. Decouplable external axes are not supported by SafeOperation. In the case of decouplable external axes, safe position sensing is not possible, as the machine data change while the controller is running. Functional The components of the industrial robot move within the limits that have been principle configured and activated. The actual positions are continuously calculated and monitored against the safety parameters that have been set. The safety controller monitors the industrial robot by means of the safety parameters that have been set. If a component of the industrial robot violates a monitoring limit or a safety parameter, the robot and external axes (optional) are stopped. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 13 / 205 KUKA.SafeOperation 3.2 Fig. 2-1: Example of a cell with SafeOperation 1 Reference switch 5 System control panel 2 Robot 6 Robot controller 3 Loading station 7 Bending machine 4 Safety mat Components These software components are included in the SafeOperation package:  KUKA.SafeOperation 3.2 These hardware components are included in the SafeOperation package:  Reference switch module Brake test The brake test serves as a diagnostic measure for the robot axis and external axis brakes. The brakes are activated for the stop reactions safety stop 0 and safety stop 1. If a safety option is installed and the safe monitoring is active, the brake test is automatically active. Interfaces Various interfaces are available for connection to a higher-level controller. The safe I/Os of these interfaces can be used, for example, to signal a violation of safety monitoring functions.  Ethernet safety interfaces:  PROFINET/PROFIsafe  EtherNet/IP/CIP Safety  Discrete safety interface for safety options:  X13 via Extended SIB 2.2 Monitoring spaces A maximum of 16 monitoring spaces can be configured. A cell area must also be configured. 14 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description Monitoring space A monitoring space can be defined as a Cartesian cuboid or by means of individual axis ranges. Each monitoring space can be set as a workspace or protected space. (>>> 2.2.3 "Cartesian workspaces" Page 20) (>>> 2.2.4 "Cartesian protected spaces" Page 21) (>>> 2.2.5 "Axis-specific workspaces" Page 22) (>>> 2.2.6 "Axis-specific protected spaces" Page 23) For every monitoring space, a space-specific Cartesian velocity can be defined inside or outside the monitoring space. (>>> 2.2.7 "Space-specific velocity" Page 25) For each monitoring space, a reference stop can be set that stops the robot if no mastering test has been carried out. (>>> 2.2.8 "Reference stop" Page 25) Monitoring can be activated and deactivated for each individual monitoring space, or activated by means of safe inputs. Safe outputs are permanently assigned to the monitoring spaces. The safe outputs are set if a monitoring space is violated. Whether or not a stop is triggered at the space limit is a function that can be configured. Cell area The cell area is a Cartesian workspace in the form of a convex polygon with 3 to 10 corners and is limited in the ±Z direction. (>>> 2.2.2 "Cell area" Page 19) The cell area is permanently monitored and always active. The corners can be configured, activated and deactivated individually. A safety stop 0 is always triggered at the space limit. Stopping If the robot is stopped by a monitoring function, it requires a certain stopping distance distance before coming to a standstill. The stopping distance depends primarily on the following factors:  Robot type  Velocity of the robot  Position of the robot axes  Payload The stopping distance when a monitoring function is triggered varies according to the specific robot type. This aspect must be taken into account by the system integrator during parameterization of the monitoring functions as part of the safety assessment. Further information about the stopping distances and stopping times can be found in the assembly or operating instructions of the relevant robot. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 15 / 205 KUKA.SafeOperation 3.2 Stop reactions Stop reaction Description Example Safety stop 0 The stop is triggered in T2, AUT or Robot exceeds the limit of an acti- AUT EXT mode if a monitoring func- vated workspace in Automatic mode. tion is already activated and the robot then exceeds the monitoring space limit. Safety stop 1 The stop is triggered if the robot Robot exceeds the limit of an acti- exceeds a monitoring space limit in vated workspace in T1 mode. T1 mode. The stop is triggered if a monitoring A protected space in which the robot function is just being activated and is currently situated is activated by a the robot has already exceeded the safety mat. monitoring space limit. The stop is triggered if a reference After a restart of the robot controller, stop is activated for an activated the safety controller requests a mas- monitoring space and the robot tering test. The robot continues to exceeds the monitoring space limit move during the monitoring time and after an internal mastering test exceeds in T2 mode the limit of an request in T2, AUT or AUT EXT activated protected space for which mode. the reference stop is activated. 2.2.1 Coordinate systems Overview The following Cartesian coordinate systems are defined in the robot controller:  WORLD  ROBROOT  BASE  TOOL Fig. 2-2: Overview of coordinate systems 16 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description Description WORLD The WORLD coordinate system is a permanently defined Cartesian coordinate system. It is the root coordinate system for the ROBROOT and BASE coordinate systems. By default, the WORLD coordinate system is located at the robot base. ROBROOT The ROBROOT coordinate system is a Cartesian coordinate system, which is always located at the robot base. It defines the position of the robot relative to the WORLD coordinate system. By default, the ROBROOT coordinate system is identical to the WORLD coordinate system. $ROBROOT allows the definition of an offset of the robot relative to the WORLD coordinate system. BASE The BASE coordinate system is a Cartesian coordinate system that defines the position of the workpiece. It is relative to the WORLD coordinate system. By default, the BASE coordinate system is identical to the WORLD coordinate system. It is offset to the workpiece by the user. TOOL The TOOL coordinate system is a Cartesian coordinate system which is located at the tool center point. By default, the origin of the TOOL coordinate system is located at the flange center point. (In this case it is called the FLANGE coordinate system.) The TOOL coordinate system is offset to the tool center point by the user. Angles of rotation of the robot coordinate systems Angle Rotation about axis Angle A Rotation about the Z axis Angle B Rotation about the Y axis Angle C Rotation about the X axis Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 17 / 205 KUKA.SafeOperation 3.2 2.2.1.1 Special cases Fig. 2-3: ROBROOT coordinate system Jet In the case of Jet robots, the ROBROOT coordinate system is fixed. They do not move with the robot. Fig. 2-4: ROBROOT coordinate system KL In the case of a KL, the relationship between the ROBROOT coordinate system and the WORLD coordinate system changes. The ROBROOT coordinate system moves with the robot on the KL. 18 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description 2.2.2 Cell area Description The cell area is a Cartesian monitoring space that is limited in the ±Z direction. The safe tool on the mounting flange of the robot is modeled using up to 6 configurable spheres; when the robot moves, these spheres move with it. These spheres are monitored against the cell area and must only move within this cell area. If a sphere violates the limits of the cell area, the robot stops with a safety stop 0. Cartesian monitoring spaces are only monitored against the spheres used to model the safe tool. Robot components situated outside the tool spheres are not monitored and a space violation by these components is not detected. Cartesian monitoring spaces and tool spheres must therefore be designed and configured in such a manner that the unmonitored robot components do not pose any threat. The cell area is configured in the WORLD coordinate system as a convex polygon with 3 to 10 corners. A convex polygon is a polygon consisting of at least 3 different corners. The line segments between any 2 corners must not be outside the polygon. Trian- gles and squares are examples of convex polygons. Fig. 2-5 1 Example of a convex polygon with 6 corners 2 Example of a non-convex polygon with 6 corners Example The diagram shows an example of a configured cell area. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 19 / 205 KUKA.SafeOperation 3.2 Fig. 2-6: Example of a cell area 1 Cell area 2 Safely monitored tool spheres 3 Robot 2.2.3 Cartesian workspaces Description The safe tool on the mounting flange of the robot is modeled using up to 6 configurable spheres; when the robot moves, these spheres move with it. These spheres are simultaneously monitored against the activated Cartesian workspaces and must move within the workspaces. If a sphere violates the limit of a workspace, the following reactions can occur:  A safe output is reset (state: “logic 0”). The safe outputs are set if a monitoring space is not violated (state: “logic 1”). If interface X13 is used, safe outputs are only available for monitoring spaces 1 … 6.  The robot is stopped (configurable).  Cartesian velocity monitoring is activated (configurable). Cartesian monitoring spaces are only monitored against the spheres used to model the safe tool. Robot components situated outside the tool spheres are not monitored and a space violation by these components is not detected. Cartesian monitoring spaces and tool spheres must therefore be designed and configured in such a manner that the unmonitored robot components do not pose any threat. Only KUKA linear units are supported as ROBROOT kinematic systems. Example The diagram shows an example of a configured Cartesian workspace. 20 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description Fig. 2-7: Example of a Cartesian workspace 1 Working space 2 Safely monitored tool spheres 3 Robot 2.2.4 Cartesian protected spaces Description The safe tool on the mounting flange of the robot is modeled using up to 6 configurable spheres; when the robot moves, these spheres move with it. These spheres are simultaneously monitored against the activated Cartesian protected spaces and must move outside the protected spaces. The length, width and height of a protected space must not fall below the predefined minimum value. This value depends on the global maximum Cartesian velocity and the radius of the smallest sphere of the safe tool. (>>> "Minimum protected space dimensions" Page 72) If a sphere violates the limit of a protected space, the following reactions can occur:  A safe output is reset (state: “logic 0”). The safe outputs are set if a monitoring space is not violated (state: “logic 1”). If interface X13 is used, safe outputs are only available for monitoring spaces 1 … 6.  The robot is stopped (configurable).  Cartesian velocity monitoring is activated (configurable). Cartesian monitoring spaces are only monitored against the spheres used to model the safe tool. Robot components situated outside the tool spheres are not monitored and a space violation by these components is not detected. Cartesian monitoring spaces and tool spheres must therefore be designed and configured in such a manner that the unmonitored robot components do not pose any threat. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 21 / 205 KUKA.SafeOperation 3.2 Only KUKA linear units are supported as ROBROOT kinematic systems. Example The diagram shows an example of a Cartesian protected space. Fig. 2-8: Example of a Cartesian protected space 1 Protected space 2 Safely monitored tool spheres 3 Robot 2.2.5 Axis-specific workspaces Description The axis limits can be set and monitored individually for each axis via the software. The resulting axis range is the permissible range of an axis within which the robot may move. The individual axis ranges together make up the overall workspace, which may consist of up to 8 axis ranges. A maximum of 8 axes or, in the case of kinematic systems with master/slave axes, a maximum of 8 drives can be configured for each monitoring space. If the robot violates an axis limit, the following reactions can occur:  A safe output is reset (state: “logic 0”). The safe outputs are set if a monitoring space is not violated (state: “logic 1”). If interface X13 is used, safe outputs are only available for monitoring spaces 1 … 6.  The robot is stopped (configurable).  Cartesian velocity monitoring is activated (configurable). 22 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description Example The diagram shows an example of an axis-specific workspace. The workspace of axis 1 is configured from -110° to +130° and corresponds to the permissible motion range of the robot. Fig. 2-9: Example of an axis-specific workspace 1 Workspace 3 Stopping distance 2 Robot 4 Protected space 2.2.6 Axis-specific protected spaces Description The axis limits can be set and monitored individually for each axis via the software. The resulting axis range is the protected range of an axis within which the robot may not move. The individual axis ranges together make up the protected space, which may consist of up to 8 axis ranges. A maximum of 8 axes or, in the case of kinematic systems with master/slave axes, a maximum of 8 drives can be configured for each monitoring space. If the robot violates an axis limit, the following reactions can occur:  A safe output is reset (state: “logic 0”). The safe outputs are set if a monitoring space is not violated (state: “logic 1”). If interface X13 is used, safe outputs are only available for monitoring spaces 1 … 6.  The robot is stopped (configurable).  Cartesian velocity monitoring is activated (configurable). In the case of axes that can rotate more than 360°, e.g. axis 1, the configured axis ranges refer to the position of the axis (including sign) and not to the sector of a circle. Serious injury and severe damage to the robot can be caused. If, for example, a protected space of +90° to +270° is configured, the robot can move through the protected space in the other direction from -90° to -185°. In this case, it is advisable to configure a workspace from -90° to +90°. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 23 / 205 KUKA.SafeOperation 3.2 Fig. 2-10: Example of an axis-specific protected space through which the robot can move 1 Workspace 3 Protected space 2 Robot 4 Protected space through which the robot can move Example The diagram shows an example of an axis-specific protected space. The safeguarded space and the stopping distances correspond to the configured protected space. The motion range of axis 1 is limited to -185° to +185° by means of software limit switches. The protected space is configured from -110° to -10°. This results in 2 permissible motion ranges for the robot, separated by the configured protected space. Fig. 2-11: Example of an axis-specific protected space 1 Permissible range 1 4 Protected space 2 Robot 5 Permissible range 2 3 Stopping distance 24 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description 2.2.7 Space-specific velocity Description For Cartesian and axis-specific monitoring spaces, a Cartesian velocity can be defined which is monitored if the space is violated or not violated. A safe TCP is defined for every safe tool. This safe TCP is monitored against a configured velocity limit. If the safe TCP exceeds the velocity limit, the robot is stopped safely. Example The diagram shows an example of a Cartesian workspace. If the safe TCP on the safe tool exceeds the velocity limit inside the workspace, the robot is stopped with a safety stop 0. Fig. 2-12: Space-specific velocity example 1 Working space 2 Safely monitored tool spheres 3 Robot 2.2.8 Reference stop Description A reference stop can be activated for monitoring spaces. (= function Stop if mastering test not yet done) If the reference stop is activated and the following conditions are met, the robot can only be moved in T1 mode:  Monitoring space is activated.  Mastering test is requested internally. If the reference stop is activated and the following preconditions are met, the robot stops with a safety stop 1:  Monitoring space is activated.  Mastering test is requested internally.  Operating mode T2, AUT or AUT EXT Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 25 / 205 KUKA.SafeOperation 3.2 To be able to move the robot again in the stop-triggering operating modes, the following possibilities are available:  Perform mastering test in T1 mode.  Deactivate monitoring spaces.  Deactivate reference stop. 2.3 Safe tools Description Up to 16 safe tools can be defined. A safe TCP is defined for each safe tool and monitored against the configured velocity limits. A safe tool can be modeled using up to 6 configurable spheres. These spheres are monitored against the limits of the Cartesian monitoring spaces. The sphere radius must not fall below the predefined minimum value. This radius is dependent on the global maximum Cartesian velocity. (>>> "Minimum sphere radius" Page 72) The safe tools are activated using safe inputs. Only one safe tool may be active at any time. If interface X13 is used, tool 1 is always active. The tool cannot be activated via a safe input. An automated, safely monitored tool change is thus not possible. The safe TCP for the velocity monitoring can be freely configured in the safety configuration. It is independent of the current TCP that is set in the KUKA System Software with the variable $TOOL. Cartesian monitoring spaces are only monitored against the spheres used to model the safe tool. Robot components situated outside the tool spheres are not monitored and a space violation by these components is not detected. Cartesian monitoring spaces and tool spheres must therefore be designed and configured in such a manner that the unmonitored robot components do not pose any threat. Example The diagram shows an example of a safe tool. 2 spheres and a safe TCP are defined on the safe tool of the robot by means of the FLANGE coordinate system. 26 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description Fig. 2-13: Safe tool 2.4 Velocity monitoring functions Axis-specific and Cartesian velocities can be monitored. Axis velocity The velocity of every axis is monitored against a limit value:  Limit value for reduced axis velocity (optional)  Limit value for maximum axis velocity for T1 mode Monitoring of the maximum axis velocity in T1 mode is part of the standard safety configuration and always active.  Limit value for maximum axis velocity (valid globally for every axis) Cartesian velocity The Cartesian velocity at the safe TCP of the active safe tool is monitored. The velocity monitoring is always relative to $WORLD:  Limit value for the reduced velocity at the safe TCP (optional)  Limit value for the reduced velocity at the safe TCP for T1 mode  Limit value for the global maximum velocity at the safe TCP and at the sphere center points of the safe tool (not space-dependent)  Space-specific velocity (>>> 2.2.7 "Space-specific velocity" Page 25) Stop reactions Stop reaction Description Example Safety stop 0 The stop is triggered if a monitoring In automatic operation, the robot function is already activated and the exceeds the activated limit value for robot then exceeds the monitoring reduced axis velocity. limit. Safety stop 1 The stop is triggered if a monitoring The safe reduced velocity, for which function is just being activated and the limit value has already been the robot has already exceeded the exceeded by the robot, is activated monitoring limit. by a safety mat. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 27 / 205 KUKA.SafeOperation 3.2 2.5 Safe operational stop for axis groups Description The global safe operational stop is one of the standard safety functions. If it is activated via the safety interface, the standstill of all axes of the kinematic system is monitored. The axes may still move within the configured axis angle or distance tolerances. These can be configured individually for each axis. With SafeOperation, the safe operational stop can additionally be configured for up to 6 axis groups. An axis group comprises the axes that are to be monitored when the safe operational stop is activated for this axis group. Before monitoring is activated, the corresponding axes must be stopped under program control. A maximum of 8 axes or, in the case of kinematic systems with master/slave axes, a maximum of 8 drives can be configured for each axis group. If the safe operational stop is activated for an axis group, the standstill of the axes for which it has been configured is monitored using failsafe technology. The axes may still move within the configured axis angle or distance tolerances. If the safe operational stop is violated, i.e. if the position tolerance for an axis is exceeded or the velocity of an axis exceeds the maximum permitted level, a safety stop 0 is triggered in response. The safety stop 0 affects all axes, not just those for which the operational stop is configured. This means that an unintended motion of an axis relevant for the safe operational stop causes the machine to stop. 2.6 Reference switch module Description A reference switch module consists of the following components:  Inductive reference switch XS Ref  Straight or angled actuating plate  Reference cable X42 - XS Ref  Reference connector X42 Fig. 2-14: Reference group hardware components 1 Inductive reference switch 2 Straight actuating plate In combination with a straight or angled actuating plate, reference switch mod- ules are available with different cable lengths. 28 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 2 Product description Length Actuating plate 7m Straight or angled 15 m 25 m 40 m 2.7 Connecting cables Overview The diagram shows an example of the connecting cables of the industrial robot with connected reference switch. The reference switch is connected via the reference cable to the robot controller. The maximum hose length is 40 m. In the case of a KR C4, only 1 reference switch can be connected directly to the robot controller. If multiple reference groups are required, the reference switches can be connected to the safety PLC and activated via PROFIsafe or CIP Safety. The safety PLC must evaluate the reference switches and set the input Mastering test accordingly. A KR C4 compact is not equipped with a connection allowing a reference switch to be connected to the robot controller. Reference switches must be connected to the safety PLC and activated via PROFIsafe or CIP Safety. The safety PLC must evaluate the reference switches and set the input Mastering test accordingly. Fig. 2-15: Overview of connecting cables Pos. Description 1 Robot controller 2 Robot 3 Reference switch XS Ref 4 Reference cable X42 - XS Ref (maximum cable length 40 m) 5 Data cable X21 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 29 / 205 KUKA.SafeOperation 3.2 Cables must not be connected and disconnected during operation. Only the reference cable X42 - XS Ref supplied by KUKA Roboter GmbH may be used. Reference cable X42 - XS Ref is suitable for use in a cable carrier. The minimum bending radii must be observed when routing cables. Type of routing Bending radius Fixed installation Min. 5xØ of cable Installation in cable carrier Min. 10xØ of cable 30 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 3 Technical data 3 T Technical data 3.1 Service life t The maximum permissible service life of safety-relevant hardware components is 20 years. Once this time has been reached, the safety-relevant hardware components must be exchanged. 3.2 Reference switch Basic data Designation Values Ambient temperature -25 °C to +70 °C Switching function Break contact DC operating voltage or HIGH level in the case 24 V of pulsed operating voltage of the reference switch Permissible range for the DC operating voltage 20 … 33 V or HIGH level UB(HIGH) for pulsed voltage LOW level UB(LOW) for pulsed voltage 0…5V Required pulse duty factor T(HIGH):T(LOW) for Min. 4:1 pulsed voltage Supported pulse duration T(LOW) for pulsed 0.1 … 20 ms voltage Protection rating IP67 Operating current (power consumption) without 5 mA load Permissible load current max. 250 mA Permissible switching frequency max. 500 Hz Permissible switching distance at the proximity 0 … 4 mm switch surfaces Short circuit and overload protection, pulsed Yes Outputs  PNP  LOW-active  Dual-channel LED function indicator Yes Hysteresis when installed 0.2 … 1 mm EMC conformity IEC 60947-5-2 Pulse duty factor Fig. 3-1: Pulse duty factor for pulsed voltage Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 31 / 205 KUKA.SafeOperation 3.2 Hole pattern Fig. 3-2: Hole pattern for reference switch 1 2 holes for fastening elements, Ø 6.6 mm 2 2 holes for roll pins, Ø 4 mm 3.3 Connector pin assignment of reference cable X42-XS Ref Fig. 3-3: Connector pin allocation for reference cable X42 - XS Ref Fig. 3-4: Wiring diagram for reference cable X42 - XS Ref 32 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 3 Technical data 3.4 Circuit digram of reference switch XS Ref Fig. 3-5: Circuit diagram of reference switch XS Ref 1 Switching element, channel A 2 Switching element, channel B 3.5 Hole pattern for actuating plate Fig. 3-6: Hole pattern for actuating plate 1 2 M6 threaded holes for fastening elements 2 2 holes for fastening elements, Ø 9 mm Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 33 / 205 KUKA.SafeOperation 3.2 34 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety 4 Safety 4 f t 4.1 General y 4.1.1 Liability The device described in this document is either an industrial robot or a component thereof. Components of the industrial robot:  Manipulator  Robot controller  Teach pendant  Connecting cables  External axes (optional) e.g. linear unit, turn-tilt table, positioner  Software  Options, accessories The industrial robot is built using state-of-the-art technology and in accordance with the recognized safety rules. Nevertheless, misuse of the industrial robot may constitute a risk to life and limb or cause damage to the industrial robot and to other material property. The industrial robot may only be used in perfect technical condition in accordance with its designated use and only by safety-conscious persons who are fully aware of the risks involved in its operation. Use of the industrial robot is subject to compliance with this document and with the declaration of incorporation supplied together with the industrial robot. Any functional disorders af- fecting safety must be rectified immediately. Safety infor- Safety information cannot be held against KUKA Roboter GmbH. Even if all mation safety instructions are followed, this is not a guarantee that the industrial robot will not cause personal injuries or material damage. No modifications may be carried out to the industrial robot without the autho- rization of KUKA Roboter GmbH. Additional components (tools, software, etc.), not supplied by KUKA Roboter GmbH, may be integrated into the industrial robot. The user is liable for any damage these components may cause to the industrial robot or to other material property. In addition to the Safety chapter, this document contains further safety instructions. These must also be observed. 4.1.2 Intended use of the industrial robot The industrial robot is intended exclusively for the use designated in the “Pur- pose” chapter of the operating instructions or assembly instructions. Any use or application deviating from the intended use is deemed to be misuse and is not allowed. The manufacturer is not liable for any damage resulting from such misuse. The risk lies entirely with the user. Operation of the industrial robot in accordance with its intended use also requires compliance with the operating and assembly instructions for the individual components, with particular reference to the maintenance specifications. Misuse Any use or application deviating from the intended use is deemed to be misuse and is not allowed. This includes e.g.: Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 35 / 205 KUKA.SafeOperation 3.2  Transportation of persons and animals  Use as a climbing aid  Operation outside the specified operating parameters  Use in potentially explosive environments  Operation without additional safeguards  Outdoor operation  Underground operation 4.1.3 EC declaration of conformity and declaration of incorporation The industrial robot constitutes partly completed machinery as defined by the EC Machinery Directive. The industrial robot may only be put into operation if the following preconditions are met:  The industrial robot is integrated into a complete system. or: The industrial robot, together with other machinery, constitutes a complete system. or: All safety functions and safeguards required for operation in the complete machine as defined by the EC Machinery Directive have been added to the industrial robot.  The complete system complies with the EC Machinery Directive. This has been confirmed by means of an assessment of conformity. Declaration of The system integrator must issue a declaration of conformity for the complete conformity system in accordance with the Machinery Directive. The declaration of conformity forms the basis for the CE mark for the system. The industrial robot must always be operated in accordance with the applicable national laws, regulations and standards. The robot controller is CE certified under the EMC Directive and the Low Volt- age Directive. Declaration of The partly completed machinery is supplied with a declaration of incorporation incorporation in accordance with Annex II B of the EC Machinery Directive 2006/42/EC. The assembly instructions and a list of essential requirements complied with in accordance with Annex I are integral parts of this declaration of incorporation. The declaration of incorporation declares that the start-up of the partly completed machinery is not allowed until the partly completed machinery has been incorporated into machinery, or has been assembled with other parts to form machinery, and this machinery complies with the terms of the EC Machinery Directive, and the EC declaration of conformity is present in accordance with Annex II A. 4.1.4 Terms used STOP 0, STOP 1 and STOP 2 are the stop definitions according to EN 60204- 1:2006. Term Description Axis range Range of each axis, in degrees or millimeters, within which it may move. The axis range must be defined for each axis. Stopping distance Stopping distance = reaction distance + braking distance The stopping distance is part of the danger zone. Workspace Area within which the robot may move. The workspace is derived from the individual axis ranges. 36 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety Term Description User The user of the industrial robot can be the management, employer or delegated person responsible for use of the industrial robot. Danger zone The danger zone consists of the workspace and the stopping distances of the manipulator and external axes (optional). Service life The service life of a safety-relevant component begins at the time of delivery of the component to the customer. The service life is not affected by whether the component is used or not, as safety-relevant components are also subject to aging during storage. KUKA smartPAD see “smartPAD” Manipulator The robot arm and the associated electrical installations Safety zone The safety zone is situated outside the danger zone. Safe operational stop The safe operational stop is a standstill monitoring function. It does not stop the robot motion, but monitors whether the robot axes are stationary. If these are moved during the safe operational stop, a safety stop STOP 0 is triggered. The safe operational stop can also be triggered externally. When a safe operational stop is triggered, the robot controller sets an output to the field bus. The output is set even if not all the axes were stationary at the time of triggering, thereby causing a safety stop STOP 0 to be triggered. Safety STOP 0 A stop that is triggered and executed by the safety controller. The safety controller immediately switches off the drives and the power supply to the brakes. Note: This stop is called safety STOP 0 in this document. Safety STOP 1 A stop that is triggered and monitored by the safety controller. The braking operation is carried out by the non-safety-oriented section of the robot controller and monitored by the safety controller. As soon as the manipulator is has stopped, the safety controller deactivates the drives and the power supply of the brakes. When a safety STOP 1 is triggered, the robot controller sets an output to the field bus. The safety STOP 1 can also be triggered externally. Note: This stop is called safety STOP 1 in this document. Safety STOP 2 A stop that is triggered and monitored by the safety controller. The braking operation is carried out by the non-safety-oriented section of the robot controller and monitored by the safety controller. The drives remain activated and the brakes released. As soon as the manipulator is at a standstill, a safe operational stop is triggered. When a safety STOP 2 is triggered, the robot controller sets an output to the field bus. The safety STOP 2 can also be triggered externally. Note: This stop is called safety STOP 2 in this document. Safety options Generic term for options which make it possible to configure additional safe monitoring functions in addition to the standard safety functions. Example: SafeOperation smartPAD Programming device for the robot controller The smartPAD has all the operator control and display functions required for operating and programming the industrial robot. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 37 / 205 KUKA.SafeOperation 3.2 Term Description Stop category 0 The drives are deactivated immediately and the brakes are applied. The manipulator and any external axes (optional) perform path-oriented braking. Note: This stop category is called STOP 0 in this document. Stop category 1 The manipulator and any external axes (optional) perform path-maintaining braking.  Operating mode T1: The drives are deactivated as soon as the robot has stopped, but no later than after 680 ms.  Operating mode T2, AUT (not available for VKR C4), AUT EXT: The drives are switched off after 1.5 s. Note: This stop category is called STOP 1 in this document. Stop category 2 The drives are not deactivated and the brakes are not applied. The manipulator and any external axes (optional) are braked with a path- maintaining braking ramp. Note: This stop category is called STOP 2 in this document. System integrator The system integrator is responsible for safely integrating the industrial (plant integrator) robot into a complete system and commissioning it. T1 Test mode, Manual Reduced Velocity (<= 250 mm/s) T2 Test mode, Manual High Velocity (> 250 mm/s permissible) External axis Motion axis which is not part of the manipulator but which is controlled using the robot controller, e.g. KUKA linear unit, turn-tilt table, Posiflex. 4.2 Personnel The following persons or groups of persons are defined for the industrial robot:  User  Personnel All persons working with the industrial robot must have read and un- derstood the industrial robot documentation, including the safety chapter. User The user must observe the labor laws and regulations. This includes e.g.:  The user must comply with his monitoring obligations.  The user must carry out briefing at defined intervals. Personnel Personnel must be instructed, before any work is commenced, in the type of work involved and what exactly it entails as well as any hazards which may ex- ist. Instruction must be carried out regularly. Instruction is also required after particular incidents or technical modifications. Personnel includes:  System integrator  Operators, subdivided into:  Start-up, maintenance and service personnel  Operating personnel  Cleaning personnel Installation, exchange, adjustment, operation, maintenance and repair must be performed only as specified in the operating or assembly instructions for the relevant component of the industrial robot and only by personnel specially trained for this purpose. 38 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety System integrator The industrial robot is safely integrated into a complete system by the system integrator. The system integrator is responsible for the following tasks:  Installing the industrial robot  Connecting the industrial robot  Performing risk assessment  Implementing the required safety functions and safeguards  Issuing the declaration of conformity  Attaching the CE mark  Creating the operating instructions for the complete system Operator The operator must meet the following preconditions:  The operator must be trained for the work to be carried out.  Work on the industrial robot must only be carried out by qualified personnel. These are people who, due to their specialist training, knowledge and experience, and their familiarization with the relevant standards, are able to assess the work to be carried out and detect any potential hazards. Work on the electrical and mechanical equipment of the industrial robot may only be carried out by specially trained personnel. 4.3 Workspace, safety zone and danger zone Workspaces are to be restricted to the necessary minimum size. A workspace must be safeguarded using appropriate safeguards. The safeguards (e.g. safety gate) must be situated inside the safety zone. In the case of a stop, the manipulator and external axes (optional) are braked and come to a stop within the danger zone. The danger zone consists of the workspace and the stopping distances of the manipulator and external axes (optional). It must be safeguarded by means of physical safeguards to prevent danger to persons or the risk of material damage. 4.3.1 Determining stopping distances The system integrator’s risk assessment may indicate that the stopping distances must be determined for an application. In order to determine the stopping distances, the system integrator must identify the safety-relevant points on the programmed path. When determining the stopping distances, the robot must be moved with the tool and loads which are also used in the application. The robot must be at operating temperature. This is the case after approx. 1 h in normal operation. During execution of the application, the robot must be stopped at the point from which the stopping distance is to be calculated. This process must be repeated several times with a safety stop 0 and a safety stop 1. The least favor- able stopping distance is decisive. A safety stop 0 can be triggered by a safe operational stop via the safety interface, for example. If a safety option is installed, it can be triggered, for in- stance, by a space violation (e.g. the robot exceeds the limit of an activated workspace in Automatic mode). A safety stop 1 can be triggered by pressing the EMERGENCY STOP device on the smartPAD, for example. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 39 / 205 KUKA.SafeOperation 3.2 4.4 Triggers for stop reactions Stop reactions of the industrial robot are triggered in response to operator ac- tions or as a reaction to monitoring functions and error messages. The following table shows the different stop reactions according to the operating mode that has been set. Trigger T1, T2 AUT, AUT EXT Start key released STOP 2 - STOP key pressed STOP 2 Drives OFF STOP 1 “Motion enable” input STOP 2 drops out Power switched off via STOP 0 main switch or power failure Internal error in non- STOP 0 or STOP 1 safety-oriented part of the (dependent on the cause of the error) robot controller Operating mode changed Safety stop 2 during operation Safety gate opened (oper- - Safety stop 1 ator safety) Enabling switch released Safety stop 2 - Enabling switch pressed Safety stop 1 - fully down or error E-STOP pressed Safety stop 1 Error in safety controller Safety stop 0 or periphery of the safety controller 4.5 Safety functions 4.5.1 Overview of the safety functions The following safety functions are present in the industrial robot:  Selecting the operating mode  Operator safety (= connection for the monitoring of physical safeguards)  EMERGENCY STOP device  Enabling device  External safe operational stop  External safety stop 1  External safety stop 2  Velocity monitoring in T1 The safety functions of the industrial robot meet the following requirements:  Category 3 and Performance Level d in accordance with EN ISO 13849- 1 The requirements are only met on the following condition, however:  The EMERGENCY STOP device is pressed at least once every 12 months. The following components are involved in the safety functions: 40 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety  Safety controller in the control PC  KUKA smartPAD  Cabinet Control Unit (CCU)  Resolver Digital Converter (RDC)  KUKA Power Pack (KPP)  KUKA Servo Pack (KSP)  Safety Interface Board (SIB) (if used) There are also interfaces to components outside the industrial robot and to other robot controllers. In the absence of operational safety functions and safeguards, the industrial robot can cause personal injury or material damage. If safety functions or safeguards are dismantled or deactivated, the industrial robot may not be operated. During system planning, the safety functions of the overall system must also be planned and designed. The industrial robot must be integrated into this safety system of the overall system. 4.5.2 Safety controller The safety controller is a unit inside the control PC. It links safety-relevant signals and safety-relevant monitoring functions. Safety controller tasks:  Switching off the drives; applying the brakes  Monitoring the braking ramp  Standstill monitoring (after the stop)  Velocity monitoring in T1  Evaluation of safety-relevant signals  Setting of safety-oriented outputs 4.5.3 Selecting the operating mode Operating modes The industrial robot can be operated in the following modes:  Manual Reduced Velocity (T1)  Manual High Velocity (T2)  Automatic (AUT)  Automatic External (AUT EXT) Do not change the operating mode while a program is running. If the operating mode is changed during program execution, the industrial robot is stopped with a safety stop 2. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 41 / 205 KUKA.SafeOperation 3.2 Operat- Use Velocities ing mode  Program verification: Programmed velocity, maxi- For test operation, pro- mum 250 mm/s T1 gramming and teaching  Jog mode: Jog velocity, maximum 250 mm/s  Program verification: T2 For test operation Programmed velocity  Jog mode: Not possible For industrial robots  Program mode: AUT without higher-level Programmed velocity controllers  Jog mode: Not possible For industrial robots  Program mode: AUT EXT with higher-level con- Programmed velocity trollers, e.g. PLC  Jog mode: Not possible Mode selector The user can change the operating mode via the connection manager. The switch connection manager is a view that is called by means of the mode selector switch on the smartPAD. The mode selector switch may be one of the following variants:  With key It is only possible to change operating mode if the key is inserted.  Without key If the smartPAD is fitted with a switch without a key: An additional device must be present to ensure that the relevant functions cannot be executed by all users, but only by a restricted group of people. The device itself must not trigger motions of the industrial robot or other hazards. If this device is missing, death or severe injuries may result. The system integrator is responsible for ensuring that such a device is implemented. 4.5.4 “Operator safety” signal The “operator safety” signal is used for monitoring physical safeguards, e.g. safety gates. Automatic operation is not possible without this signal. In the event of a loss of signal during automatic operation (e.g. safety gate is opened), the manipulator stops with a safety stop 1. Operator safety is not active in modes T1 (Manual Reduced Velocity) and T2 (Manual High Velocity). 42 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety Following a loss of signal, automatic operation may only be resumed when the safeguard has been closed and when the closing has been acknowledged. This acknowledgement is to prevent automatic operation from being resumed inadvertently while there are still persons in the danger zone, e.g. due to the safety gate closing acciden- tally. The acknowledgement must be designed in such a way that an actual check of the danger zone can be carried out first. Other acknowledgement functions (e.g. an acknowlegement which is automatically triggered by closure of the safeguard) are not permitted. The system integrator is responsible for ensuring that these criteria are met. Failure to met them may result in death, severe injuries or considerable damage to property. 4.5.5 EMERGENCY STOP device The EMERGENCY STOP device for the industrial robot is the EMERGENCY STOP device on the smartPAD. The device must be pressed in the event of a hazardous situation or emergency. Reactions of the industrial robot if the EMERGENCY STOP device is pressed:  The manipulator and any external axes (optional) are stopped with a safety stop 1. Before operation can be resumed, the EMERGENCY STOP device must be turned to release it. Tools and other equipment connected to the manipulator must be integrated into the EMERGENCY STOP circuit on the system side if they could constitute a potential hazard. Failure to observe this precaution may result in death, severe injuries or considerable damage to property. There must always be at least one external EMERGENCY STOP device installed. This ensures that an EMERGENCY STOP device is available even when the smartPAD is disconnected. (>>> 4.5.7 "External EMERGENCY STOP device" Page 44) 4.5.6 Logging off from the higher-level safety controller If the robot controller is connected to a higher-level safety controller, this connection will inevitably be terminated in the following cases:  Switching off the voltage via the main switch of the robot Or power failure  Shutdown of the robot controller via the smartHMI  Activation of a WorkVisual project in WorkVisual or directly on the robot controller  Changes to Start-up > Network configuration  Changes to Configuration > Safety configuration  I/O drivers > Reconfigure  Restoration of an archive Effect of the interruption:  If a discrete safety interface is used, this triggers an EMERGENCY STOP for the overall system. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 43 / 205 KUKA.SafeOperation 3.2  If the Ethernet interface is used, the KUKA safety controller generates a signal that prevents the higher-level controller from triggering an EMER- GENCY STOP for the overall system. If the Ethernet safety interface is used: In his risk assessment, the system integrator must take into consideration whether the fact that switching off the robot controller does not trigger an EMERGENCY STOP of the overall system could constitute a hazard and, if so, how this hazard can be countered. Failure to take this into consideration may result in death, injuries or damage to property. If a robot controller is switched off, the E-STOP device on the smartPAD is no longer functional. The user is responsible for ensuring that the smartPAD is either covered or removed from the system. This serves to prevent operational and non-operational EMER- GENCY STOP devices from becoming interchanged. Failure to observe this precaution may result in death, injuries or damage to property. 4.5.7 External EMERGENCY STOP device Every operator station that can initiate a robot motion or other potentially hazardous situation must be equipped with an EMERGENCY STOP device. The system integrator is responsible for ensuring this. There must always be at least one external EMERGENCY STOP device installed. This ensures that an EMERGENCY STOP device is available even when the smartPAD is disconnected. External EMERGENCY STOP devices are connected via the customer interface. External EMERGENCY STOP devices are not included in the scope of supply of the industrial robot. 4.5.8 Enabling device The enabling devices of the industrial robot are the enabling switches on the smartPAD. There are 3 enabling switches installed on the smartPAD. The enabling switches have 3 positions:  Not pressed  Center position  Panic position In the test modes, the manipulator can only be moved if one of the enabling switches is held in the central position.  Releasing the enabling switch triggers a safety stop 2.  Pressing the enabling switch down fully (panic position) triggers a safety stop 1.  It is possible to hold 2 enabling switches in the center position simultaneously for up to 15 seconds. This makes it possible to adjust grip from one enabling switch to another one. If 2 enabling switches are held simultaneously in the center position for longer than 15 seconds, this triggers a safety stop 1. If an enabling switch malfunctions (e.g. jams in the central position), the industrial robot can be stopped using the following methods:  Press the enabling switch down fully. 44 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety  Actuate the EMERGENCY STOP device.  Release the Start key. The enabling switches must not be held down by adhe- sive tape or other means or tampered with in any other way. Death, injuries or damage to property may result. 4.5.9 External enabling device External enabling devices are required if it is necessary for more than one person to be in the danger zone of the industrial robot. External enabling devices are not included in the scope of supply of the industrial robot. Which interface can be used for connecting external enabling devices is described in the “Planning” chapter of the robot controller operating instructions and assembly instructions. 4.5.10 External safe operational stop The safe operational stop can be triggered via an input on the customer interface. The state is maintained as long as the external signal is FALSE. If the external signal is TRUE, the manipulator can be moved again. No acknowledgement is required. 4.5.11 External safety stop 1 and external safety stop 2 Safety stop 1 and safety stop 2 can be triggered via an input on the customer interface. The state is maintained as long as the external signal is FALSE. If the external signal is TRUE, the manipulator can be moved again. No acknowledgement is required. If interface X11 is selected as the customer interface, only the signal Safety stop 2 is available. 4.5.12 Velocity monitoring in T1 The velocity at the mounting flange is monitored in T1 mode. If the velocity exceeds 250 mm/s, a safety stop 0 is triggered. 4.6 Additional protective equipment 4.6.1 Jog mode In the operating modes T1 (Manual Reduced Velocity) and T2 (Manual High Velocity), the robot controller can only execute programs in jog mode. This means that it is necessary to hold down an enabling switch and the Start key in order to execute a program.  Releasing the enabling switch triggers a safety stop 2.  Pressing the enabling switch down fully (panic position) triggers a safety stop 1.  Releasing the Start key triggers a STOP 2. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 45 / 205 KUKA.SafeOperation 3.2 4.6.2 Software limit switches The axis ranges of all manipulator and positioner axes are limited by means of adjustable software limit switches. These software limit switches only serve as machine protection and must be adjusted in such a way that the manipulator/positioner cannot hit the mechanical end stops. The software limit switches are set during commissioning of an industrial robot. Further information is contained in the operating and programming instructions. 4.6.3 Mechanical end stops Depending on the robot variant, the axis ranges of the main and wrist axes of the manipulator are partially limited by mechanical end stops. Additional mechanical end stops can be installed on the external axes. If the manipulator or an external axis hits an obstruction or a mechanical end stop or axis range limitation, the manipulator can no longer be operated safely. The manipulator must be taken out of operation and KUKA Roboter GmbH must be consulted before it is put back into operation . 4.6.4 Mechanical axis range limitation (optional) Some manipulators can be fitted with mechanical axis range limitation in axes A1 to A3. The adjustable axis range limitation systems restrict the working range to the required minimum. This increases personal safety and protection of the system. In the case of manipulators that are not designed to be fitted with mechanical axis range limitation, the workspace must be laid out in such a way that there is no danger to persons or material property, even in the absence of mechanical axis range limitation. If this is not possible, the workspace must be limited by means of photoelectric barriers, photoelectric curtains or obstacles on the system side. There must be no shearing or crushing hazards at the loading and transfer areas. This option is not available for all robot models. Information on specific robot models can be obtained from KUKA Roboter GmbH. 4.6.5 Axis range monitoring (optional) Some manipulators can be fitted with dual-channel axis range monitoring systems in main axes A1 to A3. The positioner axes may be fitted with additional axis range monitoring systems. The safety zone for an axis can be adjusted and monitored using an axis range monitoring system. This increases personal safety and protection of the system. This option is not available for all robot models. Information on specific robot models can be obtained from KUKA Roboter GmbH. 46 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety 4.6.6 Options for moving the manipulator without drive energy The system user is responsible for ensuring that the training of personnel with regard to the response to emergencies or exceptional situations also includes how the manipulator can be moved without drive energy. Description The following options are available for moving the manipulator without drive energy after an accident or malfunction:  Release device (optional) The release device can be used for the main axis drive motors and, depending on the robot variant, also for the wrist axis drive motors.  Brake release device (option) The brake release device is designed for robot variants whose motors are not freely accessible.  Moving the wrist axes directly by hand There is no release device available for the wrist axes of variants in the low payload category. This is not necessary because the wrist axes can be moved directly by hand. Information about the options available for the various robot models and about how to use them can be found in the assembly and operating instructions for the robot or requested from KUKA Roboter GmbH. Moving the manipulator without drive energy can damage the motor brakes of the axes concerned. The motor must be replaced if the brake has been damaged. The manipulator may therefore be moved without drive energy only in emergencies, e.g. for rescu- ing persons. 4.6.7 Labeling on the industrial robot All plates, labels, symbols and marks constitute safety-relevant parts of the industrial robot. They must not be modified or removed. Labeling on the industrial robot consists of:  Identification plates  Warning signs  Safety symbols  Designation labels  Cable markings  Rating plates Further information is contained in the technical data of the operating instructions or assembly instructions of the components of the industrial robot. 4.6.8 External safeguards The access of persons to the danger zone of the industrial robot must be prevented by means of safeguards. It is the responsibility of the system integrator to ensure this. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 47 / 205 KUKA.SafeOperation 3.2 Physical safeguards must meet the following requirements:  They meet the requirements of EN 953.  They prevent access of persons to the danger zone and cannot be easily circumvented.  They are sufficiently fastened and can withstand all forces that are likely to occur in the course of operation, whether from inside or outside the en- closure.  They do not, themselves, represent a hazard or potential hazard.  The prescribed minimum clearance from the danger zone is maintained. Safety gates (maintenance gates) must meet the following requirements:  They are reduced to an absolute minimum.  The interlocks (e.g. safety gate switches) are linked to the operator safety input of the robot controller via safety gate switching devices or safety PLC.  Switching devices, switches and the type of switching conform to the requirements of Performance Level d and category 3 according to EN ISO 13849-1.  Depending on the risk situation: the safety gate is additionally safeguarded by means of a locking mechanism that only allows the gate to be opened if the manipulator is safely at a standstill.  The button for acknowledging the safety gate is located outside the space limited by the safeguards. Further information is contained in the corresponding standards and regulations. These also include EN 953. Other safety Other safety equipment must be integrated into the system in accordance with equipment the corresponding standards and regulations. 4.7 Overview of operating modes and safety functions The following table indicates the operating modes in which the safety functions are active. Safety functions T1 T2 AUT AUT EXT Operator safety - - Active Active EMERGENCY STOP device Active Active Active Active Enabling device Active Active - - Reduced velocity during pro- Active - - - gram verification Jog mode Active Active - - Software limit switches Active Active Active Active 4.8 Safety measures 4.8.1 General safety measures The industrial robot may only be used in perfect technical condition in accordance with its intended use and only by safety-conscious persons. Operator errors can result in personal injury and damage to property. It is important to be prepared for possible movements of the industrial robot even after the robot controller has been switched off and locked out. Incorrect 48 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety installation (e.g. overload) or mechanical defects (e.g. brake defect) can cause the manipulator or external axes to sag. If work is to be carried out on a switched-off industrial robot, the manipulator and external axes must first be moved into a position in which they are unable to move on their own, whether the payload is mounted or not. If this is not possible, the manipulator and external axes must be secured by appropriate means. In the absence of operational safety functions and safeguards, the industrial robot can cause personal injury or material damage. If safety functions or safeguards are dismantled or deactivated, the industrial robot may not be operated. Standing underneath the robot arm can cause death or injuries. For this reason, standing underneath the robot arm is prohibited! The motors reach temperatures during operation which can cause burns to the skin. Contact must be avoided. Appropriate safety precautions must be taken, e.g. protective gloves must be worn. smartPAD The user must ensure that the industrial robot is only operated with the smart- PAD by authorized persons. If more than one smartPAD is used in the overall system, it must be ensured that each smartPAD is unambiguously assigned to the corresponding industrial robot. They must not be interchanged. The operator must ensure that decoupled smartPADs are immediately removed from the system and stored out of sight and reach of personnel working on the industrial robot. This serves to prevent operational and non-operational EMERGENCY STOP devices from becoming interchanged. Failure to observe this precaution may result in death, severe injuries or considerable damage to property. Modifications After modifications to the industrial robot, checks must be carried out to ensure the required safety level. The valid national or regional work safety regulations must be observed for this check. The correct functioning of all safety functions must also be tested. New or modified programs must always be tested first in Manual Reduced Ve- locity mode (T1). After modifications to the industrial robot, existing programs must always be tested first in Manual Reduced Velocity mode (T1). This applies to all components of the industrial robot and includes modifications to the software and configuration settings. Faults The following tasks must be carried out in the case of faults in the industrial robot:  Switch off the robot controller and secure it (e.g. with a padlock) to prevent unauthorized persons from switching it on again.  Indicate the fault by means of a label with a corresponding warning (tag- out).  Keep a record of the faults.  Eliminate the fault and carry out a function test. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 49 / 205 KUKA.SafeOperation 3.2 4.8.2 Transportation Manipulator The prescribed transport position of the manipulator must be observed. Trans- portation must be carried out in accordance with the operating instructions or assembly instructions of the robot. Avoid vibrations and impacts during transportation in order to prevent damage to the manipulator. Robot controller The prescribed transport position of the robot controller must be observed. Transportation must be carried out in accordance with the operating instructions or assembly instructions of the robot controller. Avoid vibrations and impacts during transportation in order to prevent damage to the robot controller. External axis The prescribed transport position of the external axis (e.g. KUKA linear unit, (optional) turn-tilt table, positioner) must be observed. Transportation must be carried out in accordance with the operating instructions or assembly instructions of the external axis. 4.8.3 Start-up and recommissioning Before starting up systems and devices for the first time, a check must be carried out to ensure that the systems and devices are complete and operational, that they can be operated safely and that any damage is detected. The valid national or regional work safety regulations must be observed for this check. The correct functioning of all safety functions must also be tested. The passwords for the user groups must be changed in the KUKA System Software before start-up. The passwords must only be com- municated to authorized personnel. The robot controller is preconfigured for the specific industrial robot. If cables are interchanged, the manipulator and the external axes (optional) may receive incorrect data and can thus cause personal injury or material damage. If a system consists of more than one manipulator, always connect the connecting cables to the manipulators and their corresponding robot controllers. If additional components (e.g. cables), which are not part of the scope of supply of KUKA Roboter GmbH, are integrated into the industrial robot, the user is responsible for ensuring that these components do not adversely affect or disable safety functions. If the internal cabinet temperature of the robot controller differs greatly from the ambient temperature, condensa- tion can form, which may cause damage to the electrical components. Do not put the robot controller into operation until the internal temperature of the cabinet has adjusted to the ambient temperature. Function test The following tests must be carried out before start-up and recommissioning: General test: It must be ensured that:  The industrial robot is correctly installed and fastened in accordance with the specifications in the documentation. 50 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety  There is no damage to the robot that could be attributed to external forces. Examples: Dents or abrasion that could be caused by an impact or collision. In the case of such damage, the affected components must be exchanged. In particular, the motor and counterbalancing system must be checked carefully. External forces can cause non-visible damage. For example, it can lead to a gradual loss of drive power from the motor, resulting in unintended movements of the manipulator. Death, injuries or considerable damage to property may otherwise result.  There are no foreign bodies or loose parts on the industrial robot.  All required safety equipment is correctly installed and operational.  The power supply ratings of the industrial robot correspond to the local supply voltage and mains type.  The ground conductor and the equipotential bonding cable are sufficiently rated and correctly connected.  The connecting cables are correctly connected and the connectors are locked. Test of the safety functions: A function test must be carried out for the following safety functions to ensure that they are functioning correctly:  Local EMERGENCY STOP device  External EMERGENCY STOP device (input and output)  Enabling device (in the test modes)  Operator safety  All other safety-relevant inputs and outputs used  Other external safety functions 4.8.3.1 Checking machine data and safety configuration The industrial robot must not be moved if incorrect machine data or an incorrect controller configuration are loaded. Death, severe injuries or considerable damage to property may otherwise result. The correct data must be loaded.  It must be ensured that the rating plate on the robot controller has the same machine data as those entered in the declaration of incorporation. The machine data on the rating plate of the manipulator and the external axes (optional) must be entered during start-up.  The practical tests for the machine data must be carried out within the scope of the start-up procedure.  Following modifications to the machine data, the safety configuration must be checked.  After activation of a WorkVisual project on the robot controller, the safety configuration must be checked!  If machine data are adopted when checking the safety configuration (re- gardless of the reason for the safety configuration check), the practical tests for the machine data must be carried out.  System Software 8.3 or higher: If the checksum of the safety configuration has changed, the safe axis monitoring functions must be checked. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 51 / 205 KUKA.SafeOperation 3.2 Information about checking the safety configuration and the safe axis monitoring functions is contained in the Operating and Programming Instructions for System Integrators. If the practical tests are not successfully completed in the initial start-up, KUKA Roboter GmbH must be contacted. If the practical tests are not successfully completed during a different procedure, the machine data and the safety-relevant controller configuration must be checked and corrected. General practical test: If practical tests are required for the machine data, this test must always be carried out. The following methods are available for performing the practical test:  TCP calibration with the XYZ 4-point method The practical test is passed if the TCP has been successfully calibrated. or: 1. Align the TCP with a freely selected point. The point serves as a reference point. It must be located so that reorien- tation is possible. 2. Move the TCP manually at least 45° once in each of the A, B and C directions. The movements do not have to be accumulative, i.e. after motion in one direction it is possible to return to the original position before moving in the next direction. The practical test is passed if the TCP does not deviate from the reference point by more than 2 cm in total. Practical test for axes that are not mathematically coupled: If practical tests are required for the machine data, this test must be carried out when axes are present that are not mathematically coupled. 1. Mark the starting position of the axis that is not mathematically coupled. 2. Move the axis manually by a freely selected path length. Determine the path length from the display Actual position on the smartHMI.  Move linear axes a specific distance.  Move rotational axes through a specific angle. 3. Measure the length of the path covered and compare it with the value displayed on the smartHMI. The practical test is passed if the values differ by no more than 10%. 4. Repeat the test for each axis that is not mathematically coupled. Practical test for couplable axes: If practical tests are required for the machine data, this test must be carried out when axes are present that can be physically coupled and uncoupled, e.g. a servo gun. 1. Physically uncouple the couplable axis. 2. Move all the remaining axes individually. The practical test is passed if it has been possible to move all the remaining axes. 52 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety 4.8.3.2 Start-up mode Description The industrial robot can be set to Start-up mode via the smartHMI user interface. In this mode, the manipulator can be moved in T1 without the external safeguards being put into operation. When Start-up mode is possible depends on the safety interface that is used. Discrete safety interface  System Software 8.2 or earlier: Start-up mode is always possible if all input signals at the discrete safety interface have the state “logic zero”. If this is not the case, the robot controller prevents or terminates Start-up mode. If an additional discrete safety interface for safety options is used, the inputs there must also have the state “logic zero”.  System Software 8.3 or higher: Start-up mode is always possible. This also means that it is independent of the state of the inputs at the discrete safety interface. If an additional discrete safety interface is used for safety options: The states of these inputs are also irrelevant. Ethernet safety interface The robot controller prevents or terminates Start-up mode if a connection to a higher-level safety system exists or is established. Effect When the Start-up mode is activated, all outputs are automatically set to the state “logic zero”. If the robot controller has a peripheral contactor (US2), and if the safety configuration specifies for this to switch in accordance with the motion enable, then the same also applies in Start-up mode. This means that if motion enable is present, the US2 voltage is switched on – even in Start-up mode. Hazards Possible hazards and risks involved in using Start-up mode:  A person walks into the manipulator’s danger zone.  In a hazardous situation, a disabled external EMERGENCY STOP device is actuated and the manipulator is not shut down. Additional measures for avoiding risks in Start-up mode:  Cover disabled EMERGENCY STOP devices or attach a warning sign indicating that the EMERGENCY STOP device is out of operation.  If there is no safety fence, other measures must be taken to prevent persons from entering the manipulator’s danger zone, e.g. use of warning tape. Use Intended use of Start-up mode:  Start-up in T1 mode when the external safeguards have not yet been installed or put into operation. The danger zone must be delimited at least by means of warning tape.  Fault localization (periphery fault).  Use of Start-up mode must be minimized as much as possible. Use of Start-up mode disables all external safeguards. The service personnel are responsible for ensuring that there is no-one in or near the danger zone of the manipulator as long as the safeguards are disabled. Failure to observe this precaution may result in death, injuries or damage to property. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 53 / 205 KUKA.SafeOperation 3.2 Misuse Any use or application deviating from the intended use is deemed to be misuse and is not allowed. KUKA Roboter GmbH is not liable for any damage resulting from such misuse. The risk lies entirely with the user. 4.8.4 Manual mode Manual mode is the mode for setup work. Setup work is all the tasks that have to be carried out on the industrial robot to enable automatic operation. Setup work includes:  Jog mode  Teaching  Programming  Program verification The following must be taken into consideration in manual mode:  New or modified programs must always be tested first in Manual Reduced Velocity mode (T1).  The manipulator, tooling or external axes (optional) must never touch or project beyond the safety fence.  Workpieces, tooling and other objects must not become jammed as a result of the industrial robot motion, nor must they lead to short-circuits or be liable to fall off.  All setup work must be carried out, where possible, from outside the safeguarded area. If the setup work has to be carried out inside the safeguarded area, the following must be taken into consideration: In Manual Reduced Velocity mode (T1):  If it can be avoided, there must be no other persons inside the safeguarded area. If it is necessary for there to be several persons inside the safeguarded area, the following must be observed:  Each person must have an enabling device.  All persons must have an unimpeded view of the industrial robot.  Eye-contact between all persons must be possible at all times.  The operator must be so positioned that he can see into the danger area and get out of harm’s way. In Manual High Velocity mode (T2):  This mode may only be used if the application requires a test at a velocity higher than that possible in T1 mode.  Teaching and programming are not permissible in this operating mode.  Before commencing the test, the operator must ensure that the enabling devices are operational.  The operator must be positioned outside the danger zone.  There must be no other persons inside the safeguarded area. It is the responsibility of the operator to ensure this. 4.8.5 Simulation Simulation programs do not correspond exactly to reality. Robot programs created in simulation programs must be tested in the system in Manual Reduced Velocity mode (T1). It may be necessary to modify the program. 54 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety 4.8.6 Automatic mode Automatic mode is only permissible in compliance with the following safety measures:  All safety equipment and safeguards are present and operational.  There are no persons in the system.  The defined working procedures are adhered to. If the manipulator or an external axis (optional) comes to a standstill for no ap- parent reason, the danger zone must not be entered until an EMERGENCY STOP has been triggered. 4.8.7 Maintenance and repair After maintenance and repair work, checks must be carried out to ensure the required safety level. The valid national or regional work safety regulations must be observed for this check. The correct functioning of all safety functions must also be tested. The purpose of maintenance and repair work is to ensure that the system is kept operational or, in the event of a fault, to return the system to an operational state. Repair work includes troubleshooting in addition to the actual repair itself. The following safety measures must be carried out when working on the industrial robot:  Carry out work outside the danger zone. If work inside the danger zone is necessary, the user must define additional safety measures to ensure the safe protection of personnel.  Switch off the industrial robot and secure it (e.g. with a padlock) to prevent it from being switched on again. If it is necessary to carry out work with the robot controller switched on, the user must define additional safety measures to ensure the safe protection of personnel.  If it is necessary to carry out work with the robot controller switched on, this may only be done in operating mode T1.  Label the system with a sign indicating that work is in progress. This sign must remain in place, even during temporary interruptions to the work.  The EMERGENCY STOP devices must remain active. If safety functions or safeguards are deactivated during maintenance or repair work, they must be reactivated immediately after the work is completed. Before work is commenced on live parts of the robot system, the main switch must be turned off and secured against being switched on again. The system must then be checked to ensure that it is deenergized. It is not sufficient, before commencing work on live parts, to execute an EMERGENCY STOP or a safety stop, or to switch off the drives, as this does not disconnect the robot system from the mains power supply. Parts remain energized. Death or severe injuries may result. Faulty components must be replaced using new components with the same article numbers or equivalent components approved by KUKA Roboter GmbH for this purpose. Cleaning and preventive maintenance work is to be carried out in accordance with the operating instructions. Robot controller Even when the robot controller is switched off, parts connected to peripheral devices may still carry voltage. The external power sources must therefore be switched off if work is to be carried out on the robot controller. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 55 / 205 KUKA.SafeOperation 3.2 The ESD regulations must be adhered to when working on components in the robot controller. Voltages in excess of 50 V (up to 780 V) can be present in various components for several minutes after the robot controller has been switched off! To prevent life-threatening injuries, no work may be carried out on the industrial robot in this time. Water and dust must be prevented from entering the robot controller. Counterbal- Some robot variants are equipped with a hydropneumatic, spring or gas cylin- ancing system der counterbalancing system. The hydropneumatic and gas cylinder counterbalancing systems are pressure equipment and, as such, are subject to obligatory equipment monitoring and the provisions of the Pressure Equipment Directive. The user must comply with the applicable national laws, regulations and standards pertaining to pressure equipment. Inspection intervals in Germany in accordance with Industrial Safety Order, Sections 14 and 15. Inspection by the user before commissioning at the installation site. The following safety measures must be carried out when working on the counterbalancing system:  The manipulator assemblies supported by the counterbalancing systems must be secured.  Work on the counterbalancing systems must only be carried out by qualified personnel. Hazardous The following safety measures must be carried out when handling hazardous substances substances:  Avoid prolonged and repeated intensive contact with the skin.  Avoid breathing in oil spray or vapors.  Clean skin and apply skin cream. To ensure safe use of our products, we recommend regularly requesting up-to-date safety data sheets for hazardous substances. 4.8.8 Decommissioning, storage and disposal The industrial robot must be decommissioned, stored and disposed of in accordance with the applicable national laws, regulations and standards. 4.8.9 Safety measures for “single point of control” Overview If certain components in the industrial robot are operated, safety measures must be taken to ensure complete implementation of the principle of “single point of control” (SPOC). The relevant components are:  Submit interpreter  PLC  OPC server  Remote control tools  Tools for configuration of bus systems with online functionality  KUKA.RobotSensorInterface 56 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety The implementation of additional safety measures may be required. This must be clarified for each specific application; this is the responsibility of the system integrator, programmer or user of the system. Since only the system integrator knows the safe states of actuators in the periphery of the robot controller, it is his task to set these actuators to a safe state, e.g. in the event of an EMERGENCY STOP. T1, T2 In modes T1 and T2, the components referred to above may only access the industrial robot if the following signals have the following states: Signal State required for SPOC $USER_SAF TRUE $SPOC_MOTION_ENABLE TRUE Submit inter- If motions, (e.g. drives or grippers) are controlled with the submit interpreter or preter, PLC the PLC via the I/O system, and if they are not safeguarded by other means, then this control will take effect even in T1 and T2 modes or while an EMER- GENCY STOP is active. If variables that affect the robot motion (e.g. override) are modified with the submit interpreter or the PLC, this takes effect even in T1 and T2 modes or while an EMERGENCY STOP is active. Safety measures:  In T1 and T2, the system variable $OV_PRO must not be written to by the submit interpreter or the PLC.  Do not modify safety-relevant signals and variables (e.g. operating mode, EMERGENCY STOP, safety gate contact) via the submit interpreter or PLC. If modifications are nonetheless required, all safety-relevant signals and variables must be linked in such a way that they cannot be set to a dan- gerous state by the submit interpreter or PLC. This is the responsibility of the system integrator. OPC server, These components can be used with write access to modify programs, outputs remote control or other parameters of the robot controller, without this being noticed by any tools persons located inside the system. Safety measure: If these components are used, outputs that could cause a hazard must be determined in a risk assessment. These outputs must be designed in such a way that they cannot be set without being enabled. This can be done using an external enabling device, for example. Tools for configu- If these components have an online functionality, they can be used with write ration of bus access to modify programs, outputs or other parameters of the robot control- systems ler, without this being noticed by any persons located inside the system.  WorkVisual from KUKA  Tools from other manufacturers Safety measure: In the test modes, programs, outputs or other parameters of the robot controller must not be modified using these components. 4.9 Applied norms and regulations Name Definition Edition Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 57 / 205 KUKA.SafeOperation 3.2 2006/42/EC Machinery Directive: 2006 Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Direc- tive 95/16/EC (recast) 2014/30/EU EMC Directive: 2014 Directive 2014/30/EC of the European Parliament and of the Council of 26 February 2014 on the approximation of the laws of the Member States concerning electromagnetic compatibility 2014/68/EC Pressure Equipment Directive: 2014 Directive 2014/68/EC of the European Parliament and of the Council of 15 May 2014 on the approximation of the laws of the Member States concerning pressure equipment (Only applicable for robots with hydropneumatic counterbalancing system.) This directive is valid from the 19/07/2016 on. 97/23/EC Pressure Equipment Directive: 1997 Directive 97/23/EC of the European Parliament and of the Council of 29 May 1997 on the approximation of the laws of the Member States concerning pressure equipment (Only applicable for robots with hydropneumatic counterbalancing system.) This directive is valid until 18/07/2016. EN ISO 13850 Safety of machinery: 2008 Emergency stop - Principles for design EN ISO 13849-1 Safety of machinery: 2008 Safety-related parts of control systems - Part 1: General principles of design EN ISO 13849-2 Safety of machinery: 2012 Safety-related parts of control systems - Part 2: Validation EN ISO 12100 Safety of machinery: 2010 General principles of design, risk assessment and risk reduction EN ISO 10218-1 Industrial robots – Safety requirements 2011 Part 1: Robot Note: Content equivalent to ANSI/RIA R.15.06-2012, Part 1 EN 614-1 + A1 Safety of machinery: 2009 Ergonomic design principles - Part 1: Terms and general principles 58 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 4 Safety EN 61000-6-2 Electromagnetic compatibility (EMC): 2005 Part 6-2: Generic standards; Immunity for industrial environments EN 61000-6-4 + A1 Electromagnetic compatibility (EMC): 2011 Part 6-4: Generic standards; Emission standard for industrial environments EN 60204-1 + A1 Safety of machinery: 2009 Electrical equipment of machines - Part 1: General requirements Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 59 / 205 KUKA.SafeOperation 3.2 60 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 5 Installation 5 Installation s t 5.1 System requirements t Hardware  KR C4 or KR C4 compact  Reference switch module Software  KUKA System Software 8.3 With a KR C4 compact, PROFIsafe or CIP Safety is always required for the purpose of connecting a reference switch.  KR C4 PROFINET 3.0 for connection via PROFIsafe  KR C4 EtherNet/IP 2.0 for connection via CIP Safety Compatibility  KUKA.SafeOperation must not be installed on a robot controller together with other safety options:  KUKA.SafeRangeMonitoring  KUKA.SafeSingleBrake 5.2 Installing or updating SafeOperation It is advisable to archive all relevant data before updating a software package. Precondition  “Expert” user group  T1 or T2 mode  No program is selected.  USB stick with the software to be installed  ZIP files must be unzipped.  There must be no other files in the directory in which the individual files are located. We recommend using a KUKA USB stick. Data may be lost if a stick from a different manufacturer is used. Procedure 1. Connect the USB stick to the robot controller or smartPAD. 2. In the main menu, select Start-up > Additional software. 3. Press New software: The entry SafeOperation must be displayed in the Name column and drive E:\ or K:\ in the Path column. If not, press Refresh. 4. If the specified entries are now displayed, continue with step 5. Otherwise, the path from which the software is to be installed must be configured first: a. Press the Configure button. b. Select a line in the Installation paths for options area. Note: If the line already contains a path, this path will be overwritten. c. Press Path selection. The available drives are displayed. d. If the stick is connected to the robot controller: On E:\, select the directory in which the software is located. If the stick is connected to the smartPAD: K:\ instead of E:\ e. Press Save. The Installation paths for options area is displayed again. It now contains the new path. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 61 / 205 KUKA.SafeOperation 3.2 f. Mark the line with the new path and press Save again. 5. Mark the entry SafeOperation and click on Install. Answer the request for confirmation with Yes. 6. Confirm the reboot prompt with OK. 7. Remove the stick. 8. Reboot the robot controller. LOG file A LOG file is created under C:\KRC\ROBOTER\LOG. 5.3 Uninstalling SafeOperation It is advisable to archive all relevant data before uninstalling a software package. Precondition  “Expert” user group  T1 or T2 mode  Safe monitoring has been deactivated. If the safe monitoring is not deactivated before uninstallation, the safety configuration remains active after the software has been unin- stalled. (>>> 7.12 "Deactivating safe monitoring" Page 123) Procedure 1. In the main menu, select Start-up > Additional software. 2. Mark the entry SafeOperation and click on Uninstall. Reply to the request for confirmation with Yes. Uninstallation is prepared. 3. Reboot the robot controller. Uninstallation is resumed and completed. LOG file A LOG file is created under C:\KRC\ROBOTER\LOG. 62 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 6 Operation 6 Operation 6.1 User groups t Different functions are available in the KSS, depending on the user group. The following user groups are relevant for the safety configuration of the robot:  Safety recovery This user can activate an existing safety configuration of the robot using an activation code. If no safety option is installed, the safety recovery personnel have more extensive rights. In this case he is authorized, for example, to configure the standard safety functions. This user group is protected by means of a password.  Safety maintenance User group for the start-up technician. This user can edit the safety configuration and make safety-relevant changes. This user group is protected by means of a password. The safety maintenance technician must be specially trained in the configuration of safety functions. For this, we recommend training courses at KUKA Col- lege. Information about the training program can be found at www.kuka.com or can be obtained directly from our subsidiaries. The password for the “Safety Maintenance” and “Safety Recovery” user groups must be changed before start-up and must only be com- municated to authorized personnel. 6.2 Opening the safety configuration Procedure 1. Select Configuration > Safety configuration in the main menu. 2. The safety configuration checks whether there are any relevant deviations between the data in the robot controller and those in the safety controller.  If there are no deviations, the Safety configuration window is opened.  If there are deviations, the Troubleshooting wizard window is opened. A description of the problem and a list of possible causes is displayed. The user can select the applicable cause. The wizard then suggests a solution. Further information about checking the safety configuration is contained in the Operating and Programming Instructions for System In- tegrators. 6.3 Overview of buttons The following buttons are available: Button Description Reset all to defaults Resets all parameters of the safety configuration to the default values. Revert changes Resets all changes since the last time the configuration was saved. Change log The log of changes to the safety configuration is displayed. View The safety-relevant machine data are displayed. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 63 / 205 KUKA.SafeOperation 3.2 Button Description Properties The properties of a monitoring space or safe tool can be defined. Export Parts of the safety configuration can be exported into an XML file (XML export). Import Parts of the safety configuration can be imported as an XML file (XML export). Communication parameters The safety ID of the PROFINET device can be changed. Note: Further information is contained in the Operating and Programming Instructions for System Integrators. Global parameters The global parameters of the safety configuration can be defined. Hardware options The hardware settings can be defined. Note: Further information is contained in the Operating and Programming Instructions for System Integrators. Check machine data It is possible to check whether the machine data of the safety configuration are up to date. Safe operational stop The safe operational stop can be defined. Save Saves and activates the safety configuration for the robot. Touch-up Saves the current robot position as a corner of a cell area. OR Saves the current axis angle as the lower limit or upper limit of the axis-specific monitoring space. Touch-up reference position Saves the current robot flange position or the position of the for group axes of a reference group as a reference position. Cell configuration The cell area can be defined. Back Back to the tab 6.4 Display functions 6.4.1 Displaying information about the safety configuration Procedure  In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. Description The General tab contains the following information: Parameter Description Robot Serial number of the robot Safety controller  Installed safety option version  Safety controller version (internal) Parameter data set  Checksum of the safety configuration  Time stamp of the safety configuration (date and time last saved)  Safety configuration version  Activation code of the safety configuration Machine data Time stamp of the safety-relevant machine data (date and time last saved) 64 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 6 Operation Parameter Description Brake test  State of brake test (activated, deactivated or forced)  Checksum of the brake test configuration Current configuration  Name of the safety interface  State of Cartesian monitoring (= velocity monitoring in T1) (activated or deactivated)  State of safe monitoring (activated or deactivated)  Number of velocity-monitored axes  Number of monitoring spaces  Number of protected spaces  Number of safe tools 6.4.2 Displaying the change log Every modification to the safety configuration and every saving operation is automatically logged. The log can be displayed. Procedure  In the main menu, select Configuration > Safety configuration. The Safety configuration window opens.  Press Change log. 6.4.3 Displaying machine data The safety-relevant machine data can be displayed. Procedure 1. In the main menu, select Configuration > Safety configuration. The Safety configuration window opens. 2. Press View. 6.5 Importing the safety configuration (XML import) Description Parts of the safety configuration can be imported as an XML file. The import- able parameters depend on the installed safety option: SafeOperation SafeRangeMonitoring SafeSingleBrake Cell configuration Cartesian monitoring spaces Axis-specific monitoring spaces Tools Global parameters In order to generate an XML file for importing, the user has the following options:  Export the current safety configuration of the robot controller to an XML file and edit it. In this way it is possible to ensure that the format of the XML file is correct for a subsequent import. (>>> 6.6 "Exporting the safety configuration (XML export)" Page 67) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 65 / 205 KUKA.SafeOperation 3.2  Generate the XML file on the basis of the XML schema C:\KRC\SmartH- MI\Schemes\SafetyConfigImport.xsd, e.g. using a script programmed by the user. The following points must be observed when editing the XML files:  The XML schema defines the structure of the XML file for the import. For individual parameters, the XML schema allows higher values than the installed version of the safety option.  The XML file to be imported should only contain parameters and values which are supported by the current safety option. If this is not the case, it can prevent the XML import from occurring. It is also possible to import safety configurations in WorkVisual. Infor- mation about this can be found in the WorkVisual documentation. Precondition  Safety option is installed.  User group “Safety maintenance”  T1 or T2 mode  No program is selected. Procedure 1. In the main menu, select Configuration > Safety configuration. The Safety configuration window opens. 2. Press Import. The available drives are displayed. 3. Navigate to the directory where the XML file to be imported is located. 4. Select the XML file and press Next. The parameters configured in the XML file are compared with the current parameters of the safety configuration. 5. If notification, warning or error messages occur, these are displayed in the Safety configuration window. To continue with the XML import, press Next. The Next button is deactivated in the event of error messages. Analyze errors and cancel the XML import.  Rectify the error in the XML file and repeat the XML import.  OR: Select the correct XML file and repeat the XML import. 6. A tree view provides an overview of the parameters to be imported. By default, only those nodes which contain changes to the current safety configuration are expanded in the tree view. The parameters which are changed by the XML import are displayed in blue text. 7. Check the parameters. If not all of the required safety functions are configured correctly, or if the wrong XML file was selected, cancel the XML import.  Rectify the error in the XML file and repeat the XML import.  OR: Select the correct XML file and repeat the XML import. 8. Press Import. The safety configuration is imported. 9. Save the safety configuration. (>>> 7.5.10 "Saving the safety configuration" Page 97) 10. If plausibility errors are detected while saving, the user is informed of this by a dialog. Close the dialog with OK. 11. Rectify errors directly in the safety configuration and save the safety configuration. OR Rectify the error in the XML file, repeat the XML import and save the safety configuration. 66 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 6 Operation Following a change to the safety configuration, safety acceptance must be carried out. (>>> 7.9 "Safety acceptance overview" Page 117) Overview The display with the overview of the parameters to be imported has the following columns: Column Description Parameter name Name of the parameter in the Safety configuration window Result Value of the parameter following import of the safety configuration Current Value of the parameter in the current safety configuration Imported Value of the parameter in the XML file to be imported The column is hidden when the display opens. The following buttons are available for changing the display: Button Description Display import col- Displays or hides the Imported column. umn Check box active: Column is displayed. Check box not active: Column is hidden. Collapse all All nodes in the tree view are collapsed. Expand all All nodes in the tree view are expanded. Expand changes Only those nodes which contain changes to the current safety configuration are expanded in the tree view. 6.6 Exporting the safety configuration (XML export) Description Parts of the safety configuration can be exported into an XML file:  Cell configuration  Monitoring spaces  Tools  Global parameters The XML file always contains all the parameters which are contained in the exported parts of the safety configuration. Exporting is always possible, irrespective of whether a safety option is installed or not. However, an export only makes sense if a safety option is installed. The current safety configuration of the robot controller is exported. If the safety configuration contains unsaved changes, these are also exported. If invalid values are entered in the safety configuration, the export is aborted with an error message (plausibility error). It is also possible to export safety configurations in WorkVisual. Infor- mation about this can be found in the WorkVisual documentation. Procedure 1. In the main menu, select Configuration > Safety configuration. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 67 / 205 KUKA.SafeOperation 3.2 The Safety configuration window opens. 2. Press Export. The available drives are displayed. 3. Select the desired file path and press Export. The safety configuration is saved in an XML file. The file name is generated automatically. 6.7 Safe robot retraction in case of space violation Description If the robot has violated a monitoring space, it is stopped by the safety controller (precondition: function Stop at boundaries is active). The robot must be moved out of the violated space in T1 mode. After a “Stop at boundaries”, the robot can only be moved in T1 mode. No other operating mode can be set until the robot has left the violated space. If the space is violated in T2 or Automatic mode, only a status message is displayed. The status message indicates which space has been violated. If the space is violated in T1 mode, the acknowledgement message Ackn.: Stop because workspace exceeded is additionally displayed. Precondition  Operating mode T1 Procedure 1. When the acknowledgement message is displayed, confirm it with OK. 2. Press and hold down the enabling switch. 3. Move the robot out of the violated space:  Using the jog keys (manual mode)  Using the Start and Start backwards keys (program mode) The status message is cleared when the robot has left the violated space. 68 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration 7 Start-up and configuration t t 7.1 System safety instructions During system planning, the safety functions must be planned. Re- quired safety functions that are not implemented with the SafeOper- ation safety option must be implemented using different safety measures. The stopping distance when a monitoring function is triggered varies according to the specific robot type. This aspect must be taken into account by the system integrator during parameterization of the monitoring functions as part of the safety assessment. Further information about the stopping distances and stopping times can be found in the assembly or operating instructions of the relevant robot. Serious system errors, severe damage to the robot and injury or death can result from not carrying out the risk analysis. Risk analysis must be carried out before start-up and after any safety-relevant modification.  Define axes that must be tested in the brake test.  Determine brake test cycle time.  Determine axis-specific and Cartesian limit values for the reduced velocity.  Define axis-specific and Cartesian monitoring spaces.  Define axes that must be configured for a safe operational stop. Incorrect configuration of the safe monitoring functions may result in death or severe injuries and major damage to property. Consequently, safety options may not be operated until after safety acceptance has been carried out in accordance with the checklists. The checklists must be completed fully and confirmed in writing. (>>> 11.1 "Checklists" Page 171) If safe monitoring is deactivated, the configured safety monitoring functions are inactive. Serious injury and severe damage to the robot can be caused by changing the machine data. Modifying the machine data may deactivate monitoring functions. Machine data may only be modified by authorized personnel. 7.2 Jogging the robot without a higher-level safety controller Description To jog the robot without a higher-level safety controller, Start-up mode must first be activated. The robot can then be jogged in T1 mode. Tool 1 is always active in Start-up mode. In Start-up mode, all monitoring functions of the safety configuration that can be activated via safe inputs are deactivated. (>>> 8.1.1 "SafeOperation via Ethernet safety interface (optional)" Page 129) (>>> 8.2 "SafeOperation via interface X13" Page 136) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 69 / 205 KUKA.SafeOperation 3.2 The following monitoring functions remain active:  Monitoring of the cell area  Monitoring of global maximum Cartesian velocity  Monitoring of global maximum axis velocity  Workspace monitoring functions that are configured as always active  Monitoring of the workspace-specific velocity in workspaces that are configured as always active  Velocity monitoring in T1 External safeguards are disabled in Start-up mode. Ob- serve the safety instructions relating to Start-up mode. (>>> 4.8.3.2 "Start-up mode" Page 53) Precondition  Operating mode T1  If the Ethernet safety interface is used: No connection to a higher-level safety controller Procedure  In the main menu, select Start-up > Service > Start-up mode. Menu Description Start-up mode is active. Touching the menu item deactivates the mode. Start-up mode is not active. Touch- ing the menu item activates the mode. 7.3 Start-up and configuration – overview Step Description 1 Set up brake test. (>>> 7.7 "Brake test" Page 106) 2 Install reference switch and actuating plate. (>>> 7.6.4.1 "Installing the reference switch and actuating plate" Page 101) 3 Connect the reference switch. (>>> 7.6.4.2 "Connecting a reference switch" Page 102) 4 Only if a safety PLC is being used: Configure the communication via the interface. (>>> 8 "Interfaces to the higher-level controller" Page 125) 5 Master the robot. Note: Further information on mastering is contained in the operating and programming instructions for the System Software. 6 Activate safe monitoring. (>>> 7.5.1 "Activating safe monitoring" Page 75) 7 Define global parameters.  Mastering test input  Cartesian velocity monitoring functions (>>> 7.5.2 "Defining global parameters" Page 75) 70 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Step Description 8 Define monitoring spaces. (>>> 7.5.3 "Defining a cell area" Page 77) (>>> 7.5.4 "Defining Cartesian monitoring spaces" Page 79) (>>> 7.5.5 "Defining axis-specific monitoring spaces" Page 84) 9 Define axis-specific velocity monitoring. (>>> 7.5.6 "Defining axis-specific velocity monitoring" Page 87) (>>> 7.5.7 "Defining the safe operational stop for axis groups" Page 91) 10 Define safe tools. (>>> 7.5.8 "Defining safe tools" Page 93) 11 Program mastering test. (>>> 7.6.5 "Teaching positions for the mastering test" Page 103) 12 Define reference position. (>>> 7.5.9 "Defining the reference position" Page 95) 13 Only if the reference switch is actuated by a ferromagnetic part of the tool or following a tool change: Check the accuracy of the reference position. (>>> 7.6.6 "Checking the reference position (actuation with tool)" Page 105) 14 Save safety configuration. (>>> 7.5.10 "Saving the safety configuration" Page 97) 15 Perform mastering test. (>>> 7.6.7 "Performing a mastering test manually" Page 105) 16 Carry out safety acceptance. (>>> 7.9 "Safety acceptance overview" Page 117) (>>> 7.10 "Checking that the safety functions are functioning correctly" Page 118) 17 Archive safety configuration. Note: Further information on archiving is contained in the operating and programming instructions for the System Software. 18 Only if a new safety configuration is activated: Compare the checksum displayed when the safety configuration is archived with the checksum documented in the checklist for safety functions. (>>> 7.11 "Activating a new safety configuration" Page 122) 7.4 Information about the safety configuration Cartesian monitoring spaces are only monitored against the spheres used to model the safe tool. Robot components situated outside the tool spheres are not monitored and a space violation by these components is not detected. Cartesian monitoring spaces and tool spheres must therefore be designed and configured in such a manner that the unmonitored robot components do not pose any threat. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 71 / 205 KUKA.SafeOperation 3.2 Minimum sphere The sphere radius must not fall below the predefined minimum value. This ra- radius dius is dependent on the global maximum Cartesian velocity. The minimum sphere radius is calculated as follows:  rmin [mm] >= 0.5 * (maximum Cartesian velocity [mm/s] * 0.012 s) The smallest possible radius is 10 mm. A radius smaller than 10 mm cannot be configured, even if the calculation gives a smaller value. If values that are too small are configured, a message is displayed when saving and the configuration is prevented from being saved. Minimum The length, width and height of a protected space must not fall below the pre- protected space defined minimum value. This value depends on the global maximum Cartesian dimensions velocity and the radius of the smallest sphere of the safe tool. The minimum space dimensions (= minimum length, width and height) are calculated as follows:  amin [mm] ≥ 0.018 s * maximum Cartesian velocity [mm/s] − 2 * rsphere [mm] A precondition for a correct result is that the sphere radius has been configured correctly. (>>> "Minimum sphere radius" Page 72) The smallest permissible length, width and height is 10 mm. Values smaller than 10 mm cannot be configured, even if the calculation gives a smaller value. If values that are too small are configured, a message is displayed when saving and the configuration is prevented from being saved. 7.4.1 Safe definition of Cartesian protected spaces Here, different constellations are covered which can cause a protected space violation to not be detected:  Narrow protected spaces  Motion across corners Narrow protected With narrow protected spaces, there is a risk that the robot may be able to spaces move through the protected space without the space violation being detected. The risk is partially reduced by the specified minimum value for the sphere radius and space dimensions. To further reduce the risk, the following rules must be observed in the configuration of protected spaces:  An area to be protected must always lie completely within a protected space, i.e. be enclosed by the protected space.  Shielding an area to be protected using a narrow protected space (e.g. by replicating a light curtain) is not permitted.  The stopping distances of the robot must also be taken into account when defining a protected space. The protected space must overlap with the area to be protected on all sides so that the robot can under no circum- stances enter the area to be protected. 72 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Fig. 7-1: Definition of protected space 1 Area to be protected 2 Protected space shields the area to be protected (not allowed) 3 Protected space encloses the entire area to be protected Motion across If a sphere is moved across the corner of a protected space at a high velocity, corners there is a risk of the space violation not being detected. To ensure that a signal is always reliably triggered on violation of an alarm space, this space must be made large enough to ensure that its full width, length or height is passed through. Fig. 7-2: Protected space as an alarm space 1 Target area 2 Sphere moves across corner of protected space (signal not triggered) 3 Protected space is passed through completely (signal reliably triggered) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 73 / 205 KUKA.SafeOperation 3.2 7.4.2 Unexpected protected space violation at space corners At the corners of a Cartesian protected space, unexpected space violations can occur even though the tool sphere is clearly outside the space boundary. The following figure depicts the closest path along which a tool sphere can the- oretically move about a Cartesian protected space. It can be moved along this closest path and reoriented without violating the protected space. Fig. 7-3: Path of a tool sphere along the space surface 1 Protected space 3 Tool spheres reoriented 2 Tool spheres The monitoring responds earlier than expected at the corners because of the virtually expanded space boundaries. Depending on the radius of the tool sphere, the protected space is expanded virtually on all sides (X, Y, Z) by pre- cisely this radius. As long as the tool sphere infringes the expanded space boundaries in only one direction, the protected space is not violated. If, however, the expanded protected space is infringed in 2 planes simultaneously, this is evaluated as a space violation. 74 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Fig. 7-4: Protected space violation at space corners 1 Protected space 2 Protected space expanded by the radius of the tool sphere 3 Space violation in the X direction 4 Space violation in the Y direction In the figure, a simplified depiction is used. Only the space expansion in the directions X and Y is shown. 7.5 Configuring safety monitoring functions 7.5.1 Activating safe monitoring Configuration of the safety monitoring functions is only possible if safe monitoring has been activated. Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. Open the safety configuration. 2. Press Global parameters. 3. Set the check mark at Safe monitoring. 4. Save the safety configuration or continue configuration. 7.5.2 Defining global parameters Precondition  User group “Safety maintenance”  Operating mode T1 or T2  A safety configuration is open.  Safe monitoring is active. Procedure  Press Global parameters and set parameters. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 75 / 205 KUKA.SafeOperation 3.2 Description Fig. 7-5: Defining global parameters Defining global parameters: Parameter Description Safe monitoring Activation of safe monitoring Check box active: Safe monitoring is activated. Check box not active: Safe monitoring is not activated. Default: Safe monitoring not activated. Mastering test input at cabinet = reference switch is connected to the robot controller. via bus interface = reference switch is connected via Ethernet interface. Default: to control cabinet Maximum Cartesian velocity Limit value for global maximum Cartesian velocity (not space- dependent)  0.5 … 30,000 mm/s Default: 10,000 mm/s 76 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Parameter Description Reduced Cartesian velocity Limit value for safely reduced Cartesian velocity  0.5 … 30,000 mm/s Default: 30,000 mm/s Reduced Cartesian velocity Limit value for safely reduced Cartesian velocity in T1 mode T1  0.5 … 250 mm/s Default: 250 mm/s 7.5.3 Defining a cell area Precondition  User group “Safety maintenance”  Operating mode T1 or T2  A safety configuration is open.  Safe monitoring is active. Procedure 1. Select the Monitoring spaces tab and press Cell configuration. The Cell configuration window opens. 2. Enter the upper and lower bounds of the cell area. 3. Select a corner from the list. The parameters of the corner are displayed. 4. Activate the corner of the cell area if necessary. Set the check mark for the corner to do so. Corners 1 to 4 are activated by default. 5. Move the robot to one corner of the cell area. 6. Press Touch-up. The X and Y coordinates of the corner are saved. The taught point refers to $WORLD and the tool $TOOL that is being used. 7. Repeat steps 3 to 6 to define further corners. There must be at least 3 corners activated. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 77 / 205 KUKA.SafeOperation 3.2 Description Fig. 7-6: Defining a cell area Defining a cell area: Parameter Description Reference system Reference coordinate system  $WORLD Z min Lower limit of the cell area  -100,000 mm … +100,000 mm Default: -30,000 mm Z max Upper limit of the cell area  -100,000 mm … +100,000 mm Default: 30,000 mm 78 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Parameter Description Activated Check box active: Corner of cell area is activated. (corner) Check box not active: Corner of cell area is not activated. Default corner 1 to 4: Activated Default corner 5 to 10: Not activated X, Y X, Y coordinate of corner 1 to 10 relative to the WORLD coordinate system (corner)  -100,000 mm … +100,000 mm Default corner 1 or 4: +100,000 mm Default corner 2 or 3: -100,000 mm Default corner 5 to 10: 0 mm 7.5.4 Defining Cartesian monitoring spaces Precondition  User group “Safety maintenance”  Operating mode T1 or T2  A safety configuration is open.  Safe monitoring is active. Procedure 1. Select the Monitoring spaces tab and select the monitoring space from the list. The parameters of the monitoring space are displayed. 2. Enter the name of the monitoring space (max. 24 characters). 3. Select the space type Cartesian space and set the parameters of the monitoring space. 4. Press Properties. The Cartesian properties of {0} window is opened. 5. Select the reference coordinate system and enter Cartesian positions. Monitoring space Fig. 7-7: Defining a Cartesian monitoring space Defining a Cartesian monitoring space: Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 79 / 205 KUKA.SafeOperation 3.2 Parameter Description Type Type of monitoring space working space = The safe tool must move within the configured limits of the monitoring space. (Space violation if the safe tool leaves the monitoring space.) protected space = The safe tool must move outside the configured limits of the monitoring space. (Space violation if the safe tool enters the monitoring space.) Default: working space Activation Activation of monitoring space always off = monitoring space is not active. always active = monitoring space is always active. by input = monitoring space is activated by a safe input. If interface X13 is used, safe inputs are only available for monitoring spaces 12 … 16. (>>> 8.2 "SafeOperation via interface X13" Page 136) Default: always off Space type Type of monitoring space Cartesian space = Cartesian monitoring space Axis space = axis-specific monitoring space Default: Cartesian space Stop at boundaries A stop is triggered if the space is violated. Check box active: Robot stops if the monitoring space limits are exceeded. Check box not active: Robot does not stop if the monitoring space limits are exceeded. Default: Robot stops at boundaries. V max Limit value of the space-specific velocity  0.5 … 30,000 mm/s Default: 30,000 mm/s 80 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Parameter Description Vmax valid if Validity of the space-specific velocity not used = space-specific velocity is not monitored. Space not violated = space-specific velocity is monitored if the monitoring space is not violated. Space violated = space-specific velocity is monitored if the monitoring space is violated. Default: Deactivated Stop if mastering test Activation of reference stop not yet done Check box active: Reference stop is activated for the monitoring space. Check box not active: Reference stop is not activated for the monitoring space. Default: Reference stop activated. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 81 / 205 KUKA.SafeOperation 3.2 Properties Fig. 7-8: Defining Cartesian properties Defining properties: Parameter Description Reference system Reference coordinate system  $WORLD  $ROBROOT Default: $WORLD Space dimensions Length, width and height of the monitoring space (display only) The length, width and height of a protected space must not fall below the predefined minimum value. This value depends on the global maximum Cartesian velocity and the radius of the smallest sphere of the safe tool. (>>> "Minimum protected space dimensions" Page 72) 82 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Parameter Description Origin X, Y, Z Offset of the origin of the Cartesian monitoring space in X, Y and Z relative to the selected reference coordinate system.  -100,000 mm … +100,000 mm Default: 0 mm Origin A, B, C Orientation in A, B and C at the origin of the Cartesian monitoring space relative to the selected reference coordinate system. Origin A, C:  -180° … +180° Origin B:  -90° … +90° Default: 0° Distance to origin Minimum X, Y and Z coordinates of the Cartesian monitoring space relative to the origin XMin, YMin, ZMin  -100,000 mm … +100,000 mm Default: 0 mm Distance to origin Maximum X, Y and Z coordinates of the Cartesian monitoring space relative to the origin XMax, YMax, ZMax  -100,000 mm … +100,000 mm Default: 0 mm Example The example shows a Cartesian monitoring space whose origin is offset in the X, Y and Z directions (yellow arrow) relative to the $ROBROOT system. The orientation A, B, C at the origin of the Cartesian monitoring space is identical to the orientation at the origin of $ROBROOT. Fig. 7-9: Example of a Cartesian monitoring space Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 83 / 205 KUKA.SafeOperation 3.2 7.5.5 Defining axis-specific monitoring spaces Precondition  User group “Safety maintenance”  Operating mode T1 or T2  A safety configuration is open.  Safe monitoring is active. Procedure 1. Select the Monitoring spaces tab and select the monitoring space from the list. The parameters of the monitoring space are displayed. 2. Enter the name of the monitoring space (max. 24 characters). 3. Select the space type Axis space and set the parameters of the monitoring space. 4. Press Properties. The Axis-specific properties of {0} window opens. 5. Select axis from the list. The axis-specific properties are displayed. 6. Activate the monitoring of axis limits by setting the check mark at Monitor- ing. 7. Move the axis to the upper axis limit in axis-specific mode. 8. Press Touch-up to save the current axis position. 9. Move the axis to the lower axis limit in axis-specific mode. 10. Press Touch-up to save the current axis position. 11. Repeat steps 5 to 10 to define the axis limits for additional axis ranges. A maximum of 8 axes or, in the case of kinematic systems with master/slave axes, a maximum of 8 drives can be configured for each monitoring space. Monitoring space Fig. 7-10: Defining an axis-specific monitoring space Defining an axis-specific monitoring space: 84 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Parameter Description Type Type of monitoring space working space = The axes must move within the configured limits of the monitoring space. (Space violation if the axes leave the monitoring space.) protected space = The axes must move outside the configured limits of the monitoring space. (Space violation if the axes enter the monitoring space.) Default: working space Activation Activation of monitoring space always off = monitoring space is not active. always active = monitoring space is always active. by input = monitoring space is activated by a safe input. If interface X13 is used, safe inputs are only available for monitoring spaces 12 … 16. (>>> 8.2 "SafeOperation via interface X13" Page 136) Default: always off Space type Type of monitoring space Cartesian space = Cartesian monitoring space Axis space = axis-specific monitoring space Default: Cartesian space Stop at boundaries A stop is triggered if the space is violated. Check box active: Robot stops if the monitoring space limits are exceeded. Check box not active: Robot does not stop if the monitoring space limits are exceeded. Default: Robot stops at boundaries. V max Limit value of the space-specific velocity  0.5 … 30,000 mm/s Default: 30,000 mm/s Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 85 / 205 KUKA.SafeOperation 3.2 Parameter Description Vmax valid if Validity of the space-specific velocity not used = space-specific velocity is not monitored. Space not violated = space-specific velocity is monitored if the monitoring space is not violated. Space violated = space-specific velocity is monitored if the monitoring space is violated. Default: not used Stop if mastering test Activation of reference stop not yet done Check box active: Reference stop is activated for the monitoring space. Check box not active: Reference stop is not activated for the monitoring space. Default: Reference stop activated. Properties Fig. 7-11: Defining axis-specific properties 86 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Icon Description Icon for rotational and infinitely rotating axes Icon for linear axes Defining properties: Parameter Description Monitoring Activation of monitoring Check box active: Monitoring is activated. Check box not active: Monitoring is not activated. Default: Monitoring is not activated. Lower limit Lower limit of the axis-specific monitoring space (lower axis limit)  Rotational axes: -360° … +360° Default: -360°  Linear axes: -30,000 mm … +30,000 mm Default: -30,000 mm The lower limit of an axis-specific workspace must be at least 0.5° or 1.5 mm less than the upper limit. The axis-specific protected space is dependent on the maximum axis velocity. The minimum size for the axis-specific protected space is equal to the distance that the relevant axis can travel at maximum axis velocity in an interval of 18 ms. If this minimum value is violated, a message is displayed. Current position Axis-specific actual position (display only)  Red: axis position not allowed, as monitoring space is violated  Green: axis position allowed Upper limit Upper limit of the axis-specific monitoring space (upper axis limit)  Rotational axes: -360° … +360° Default: 360°  Linear axes: -30,000 mm … +30,000 mm Default: 30,000 mm The upper limit of an axis-specific workspace must be at least 0.5° or 1.5 mm greater than the lower limit. The axis-specific protected space is dependent on the maximum axis velocity. The minimum size for the axis-specific protected space is equal to the distance that the relevant axis can travel at maximum axis velocity in an interval of 18 ms. If this minimum value is violated, a message is displayed. 7.5.6 Defining axis-specific velocity monitoring Precondition  User group “Safety maintenance”  T1 or T2 mode  A safety configuration is open.  To modify option-specific monitoring functions: Safe monitoring is active. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 87 / 205 KUKA.SafeOperation 3.2 Monitoring of the braking time and the maximum axis velocity in T1 is part of the standard safety configuration and always active. The corresponding parameters can also be modified if safe monitoring is deactivated. Procedure 1. Select the Axis monitoring tab. 2. Edit the parameters of the standard safety configuration as required. 3. If necessary, activate monitoring of the safely reduced axis velocity for one axis. To do so, select the desired axis and set the check mark at Monitor- ing. 4. Change the limit value for the safely reduced axis velocity if necessary. 5. Modify the maximum velocity for rotational axes and linear axes (valid globally for every axis). Description Fig. 7-12: Defining axis velocities 88 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Icon Description Icon for rotational and infinitely rotating axes Icon for linear axes Defining axis velocities: Parameter Description Monitoring Activation of monitoring Check box active: Axis is monitored. Check box not active: Axis is not monitored. Default: Axis is not monitored. Braking time Duration of the monitored axis-specific braking ramp for safety stop 1 and safety stop 2  500 … 15,000 ms Default: 1,500 ms (>>> 7.5.6.1 "Parameter Braking time" Page 90) Maximum velocity T1 Maximum axis velocity in T1  Rotational axes: 1.0 … 100.00 °/s Default: 30 °/s  Linear axes: 1.0 … 1,500 mm/s Default: 250 mm/s This parameter enables a servo gun, for example, to be calibrated in T1 with a higher velocity than 250 mm/s. Note: The Cartesian velocities at the flange and at the TCP are monitored independently of this parameter and cannot exceed 250 mm/s. Reduced velocity Limit value for safely reduced axis velocity  Rotational axes: 0.5 … 5,000 °/s Default: 5,000°/s  Linear axes: 1.5 … 10,000 mm/s Default: 10,000 mm/s Maximum velocity rotational Limit value for global maximum velocity for rotational axes axis  0.5 … 5,000 °/s Default: 1,000°/s The axis-specific protected space is dependent on the global maximum axis velocity. A defined minimum size for the axis- specific protected space is derived from the global maximum axis velocity; the size must not fall below this value. If this minimum value is violated, a message is displayed. Maximum velocity transla- Limit value for global maximum velocity for translational axes tional axis  0.5 … 30,000 mm/s Default: 5,000 mm/s The axis-specific protected space is dependent on the global maximum axis velocity. A defined minimum size for the axis- specific protected space is derived from the global maximum axis velocity; the size must not fall below this value. If this minimum value is violated, a message is displayed. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 89 / 205 KUKA.SafeOperation 3.2 7.5.6.1 Parameter Braking time Description If a safety stop 1 or 2 occurs, the safety controller monitors the braking process. Among other things, it monitors whether the axis-specific velocity remains below its monitoring ramp. If the velocity is too high, i.e. if the ramp is violated, then the safety controller triggers a safety stop 0. The monitoring ramp can be specified using the parameter Braking time. The parameter Braking time modifies the monitoring ramp. It does not modify the actual time required by the kinematic system for braking. Only alter the default time if it is necessary to do so. This might be required, for example, in the case of very heavy machines and/or very heavy loads as these cannot stop within the default time. The safety recovery technician must check whether and to what extent the Braking time value needs to be modified in each specific application. He must also check whether the modification makes additional safety measures necessary, e.g. installation of a gate lock. The monitoring ramp is determined as follows:  The robot controller subtracts 200 ms from the value of the parameter Braking time (taking into account the brake closing time). The result is the monitoring time. For example, the default value of 1 500 ms results in a monitoring time of 1 300 ms. When this time has elapsed, another monitoring function begins:  The ramp has plateaus of 300 ms at the start and end. The plateau at the start is always 106% of the rated speed of the axis. The plateau at the end is always 10.6 %. Fig. 7-13: Monitoring ramp 1 Velocity profile during braking (example) 2 Monitoring ramp (default value Braking time 1 500 ms) 3 From this moment on, standstill monitoring begins. vrs Rated speed of the axis (rs = "rated speed") t Time The value “0” on the time axis is the moment at which the safety stop 1 or 2 begins. 90 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Limitations  Braking time can be configured separately for each axis; at the moment of braking, however, the value used for all axes is always the highest value entered. Recommendation: for greater transparency, enter the same value for all axes.  The parameter Braking time usually has no effect in T1, since it refers to the axis-specific monitoring. In T1, however, there is another (non-configurable) monitoring function for the Cartesian velocity on the flange. This is usually stricter. Value increased If the value Braking time is increased, this has the following effect: The monitoring ramp becomes longer and flatter, i.e. monitoring is now less strict. There is now a lower probability that a braking process will violate the ramp. Fig. 7-14: Example: value is increased 1 Velocity profile during braking (example) 2 Monitoring (lower Braking time value) 3 Monitoring (higher Braking time value) Value reduced If the value “Braking time” is reduced, this has the following effect: The monitoring ramp becomes shorter and steeper, i.e. monitoring is now stricter. There is now a higher probability that a braking process will violate the ramp. 7.5.7 Defining the safe operational stop for axis groups Precondition  User group “Safety maintenance”  Operating mode T1 or T2  A safety configuration is open.  Safe monitoring is active. Procedure 1. Select the Axis monitoring tab and press Safe operational stop. The Safe operational stop window opens. 2. Select axis from the list. 3. Enter the position tolerance for this axis. The position tolerance configured here also applies to the global safe operational stop, with which all axes are monitored. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 91 / 205 KUKA.SafeOperation 3.2 The global safe operational stop is one of the standard safety functions. The position tolerances can also be modified if safe monitoring is deactivated. 4. Activate one or more axis groups in which the axis is to be monitored by activating the corresponding check box (set the check mark). 5. Repeat steps 2 to 4 to define further monitoring functions. A maximum of 8 axes or, in the case of kinematic systems with master/slave axes, a maximum of 8 drives can be configured for each axis group. Description Fig. 7-15: Defining a safe operational stop Icon Description Icon for rotational and infinitely rotating axes Icon for linear axes Defining the safe operational stop: 92 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Parameter Description Monitoring in axis groups 1-6 Safe operational stop for axis group 1 … 6 Check box active: Axis is monitored in axis group. Check box not active: Axis is not monitored in axis group. Default: No monitoring Position tolerance Tolerance for standstill monitoring in the case of safe operational stop. The axis may still move within this tolerance when a safe operational stop is active.  Rotational axes: 0.001° … 1° Default: 0.01°  Linear axes: 0.003 … 3 mm Default: 0.1 mm 7.5.8 Defining safe tools Precondition  User group “Safety maintenance”  Operating mode T1 or T2  A safety configuration is open.  Safe monitoring is active. Procedure 1. Select the Tools tab and select a tool from the list. The parameters of the safe tool are displayed. 2. Activate safe tool. To do so, set the check mark at Activation. 3. Enter a name for the tool (max. 24 characters). 4. Define the safe TCP of the tool. 5. Press Properties. The Properties of {0} window opens. 6. Select a sphere from the list and activate monitoring of the sphere. To do so, set the check mark at Monitoring. 7. Enter the coordinates of the center of the sphere and the radius of the sphere. 8. Repeat steps 6 to 7 to define additional spheres for the safe tool. Tool Fig. 7-16: Defining a safe tool Defining a safe tool: Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 93 / 205 KUKA.SafeOperation 3.2 Parameter Description Activation Activation of the safe tool Check box active: Safe tool is activated. Check box not active: Safe tool is not activated. Default tool 1: Activated Default tool 2 … 16: Not activated Note: If interface X13 is used, tool 1 is always active. The tool cannot be activated via a safe input. An automated, safely monitored tool change is thus not possible. TCP X, Y, Z X, Y and Z coordinates of the safe TCP for velocity monitoring  -10,000 mm … +10,000 mm Default: 0 mm Properties Fig. 7-17: Defining the properties of the safe tool 94 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Defining properties: Parameter Description Monitoring Activation of monitoring of the sphere Check box active: Sphere is monitored. Check box not active: Sphere is not monitored. Default sphere 1: Monitoring active Default spheres 2 to 6: Monitoring deactivated X, Y, Z X, Y and Z coordinates of the sphere center point relative to the FLANGE coordinate system  -10,000 mm … +10,000 mm Default: 0 mm Radius Radius of the sphere at the safe tool  10 … 10,000 mm Default: 250 mm The sphere radius must not fall below the predefined minimum value. This radius is dependent on the global maximum Cartesian velocity. (>>> "Minimum sphere radius" Page 72) 7.5.9 Defining the reference position Precondition  User group “Safety maintenance”  Operating mode T1 or T2  A safety configuration is open.  Safe monitoring is active. Procedure 1. Select the tool and base for Cartesian jogging. 2. Select the Reference position tab. 3. Move robot to the reference position. 4. Select one of the robot axes. 5. Press Touch-up reference position for group to accept the current flange position of the robot as the reference position for the axes in reference group 1. The coordinates of the Cartesian reference position are displayed in the configuration window. 6. If external axes are configured, enter the number of the corresponding reference group for each external axis. 7. If present, move external axes in reference group 2 to the reference position and save with Touch-up reference position for group. 8. If present, move external axes in reference group 3 to the reference position and save with Touch-up reference position for group. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 95 / 205 KUKA.SafeOperation 3.2 Description Fig. 7-18: Defining the reference position Icon Description Icon for rotational and infinitely rotating axes Icon for linear axes Defining the reference position: 96 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Parameter Description Reference group Each axis that is to be subjected to safe monitoring must be assigned to a reference group. Robot axes are always assigned to reference group 1. External axes can be assigned to other reference groups, but also to reference group 1, e.g. in the case of a KL.  1: Robot axes  1 … 3: External axes Default: 1 Reference position Axis-specific coordinates of the reference position To monitor the mastering, the axis angles of the robot axes are defined for a specific Cartesian reference position. During the mastering test, the robot moves to the Cartesian reference position and the actual position of the axes is compared with the command position.  Rotational axes: -360° … +360° Default: 45°  Linear axes: -30,000 mm … +30,000 mm Default: 1,000 mm Current position Axis-specific actual position (display only)  Red: reference position not allowed, as too near mastering position  Green: reference position allowed Mastering position The axis angles at the mastering position are defined in the machine data. (display only) Cartesian reference position X, Y and Z coordinates of the Cartesian reference position rela- X, Y, Z tive to the WORLD coordinate system (display for reference group 1) The coordinates of the Cartesian reference position refer to the center point of the mounting flange.  -30,000 mm … +30,000 mm Default: 0 mm 7.5.10 Saving the safety configuration Serious injury and severe damage to the robot can be caused by an error during saving or a failed reinitializa- tion. If an error message is displayed after saving, the safety configuration must be checked and saved again. Precondition  User group “Safety maintenance”  A safety configuration is open.  Safety configuration is completed. Procedure 1. Press Save and answer the request for confirmation with Yes. The safety configuration is saved on the hard drive and the checksum of the safety configuration is saved to the RDC. The robot controller is automatically reinitialized. 2. The checksum and activation code of the safety configuration are displayed on the General tab. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 97 / 205 KUKA.SafeOperation 3.2 Note the checksum and activation code in the checklist for safety functions. (>>> 11.1.3 "Checklist for safety functions" Page 172) 7.6 Mastering test 7.6.1 Overview, mastering test Description The mastering test is used to check whether the current position of the robot and the external axes corresponds to a reference position. Infinitely rotating axes are taken into consideration in the mastering test with modulo 360°, i.e. the reference position is always relative to the circle. If the deviation between the current position and the reference position is too great, the mastering test has failed. The robot stops with a safety stop 1 and can only be moved in T1 mode. If the mastering test run was successful, the robot can be safely monitored using the safety controller. The position to be monitored is not verified until a mastering test has been carried out. It is advisable to perform the mastering test as quickly as possible. The safety maintenance personnel must determine, by means of a risk assessment, whether additional system-specific safety measures are required, e.g. reference stop if the mastering test has not been carried out. Reference group Each axis that is to be subjected to safe monitoring must be assigned to a reference group. Robot axes are always assigned to reference group 1. External axes can be assigned to other reference groups, but also to reference group 1, e.g. in the case of a KL.  1: Robot axes  1 … 3: External axes All axes of a reference group are mastered together. During the mastering test, all axes of a reference group must be in the reference position in order to actuate the reference switch. If not all the axes of a reference group are involved in actuating the reference switch, the position of the axes cannot be checked. Requirement The following events cause a mastering test to be requested:  Robot controller is rebooted (internal request)  Robot is remastered (internal request)  I/O driver is reconfigured (internal request)  Input $MASTERINGTEST_REQ_EXT is set externally, e.g. by a safety PLC (external request) Monitoring time Once the robot controller has booted, the robot can be moved for 2 hours without a mastering test. Once the monitoring time has elapsed, the robot stops with a safety stop 1 and the safety controller generates the following message: Ackn.: Mastering test time interval expired. Execution The mastering test is carried out using the program MasRef_Main.SRC. It can be started in the following ways: 98 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration  Automatic Integrate MasRef_Main.SRC into the application program in such a way that it is cyclically called as a subprogram. If a mastering test is requested, the robot detects this and starts the mastering test.  Manual For this, start the program MasRef_Main.SRC manually. If the reference switch is activated via PROFIsafe or CIP Safety, the PLC input Mastering test must only be reset if the reference switch is actuated on both channels. This prevents a single-channel mastering test. Overview Step Description 1 Select reference position. (>>> 7.6.4 "Selecting a reference position" Page 101) 2 Install reference switch and actuating plate. (>>> 7.6.4.1 "Installing the reference switch and actuating plate" Page 101) 3 Connect the reference switch. (>>> 7.6.4.2 "Connecting a reference switch" Page 102) 4 Configure the input signal $MASTERINGTEST_REQ_EXT for the external mastering test request. This signal is declared in the file $machine.dat in the directory KRC:\ROBOTER\KRC\STEU\MADA and must be assigned to a suitable input. By default, the signal is routed to $IN[1026]. 5 Teach positions for the mastering test in the program MasRef_USER.SRC. The reference position must be taught in the program MasRef_USER.SRC and in the safety configuration. (>>> 7.6.5 "Teaching positions for the mastering test" Page 103) (>>> 7.5.9 "Defining the reference position" Page 95) 6 Only if the reference switch is actuated by a ferromagnetic part of the tool or following a tool change:  Check the accuracy of the reference position. (>>> 7.6.6 "Checking the reference position (actuation with tool)" Page 105) 7 If the mastering test is to be executed automatically: Integrate MasRef_Main.SRC into the application program in such a way that it is cyclically called as a subprogram. 8 If the mastering test is to be executed manually: Start the program MasRef_Main.SRC manually. (>>> 7.6.7 "Performing a mastering test manually" Page 105) 7.6.2 Programs for the mastering test The following programs are used for the mastering test: Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 99 / 205 KUKA.SafeOperation 3.2 Program Directory Description MasRef_Main.SRC R1\System The program checks whether a mastering test is required and must be executed as soon as possible after an internal request. If the program is not executed within 2 hours, the robot stops and the robot controller generates a message. If a mastering test is required, the robot performs it immediately. The program calls the program MasRef_USER.SRC that is used to address the reference position. MasRef_USER.SRC R1\Program The program contains 3 subprograms for moving to reference positions 1 to 3 and 3 subprograms for the motion away from reference positions 1 to 3 after the mastering test has been performed. If the motion away from the reference position is not taught, the robot and external axes remain stationary after the mastering test. The robot controller generates an error message. 7.6.3 Variables for the mastering test Variable Description $MASTERINGTEST_ACTIVE State of the mastering test TRUE = mastering test is active. FALSE = no mastering test is active. $MASTERINGTEST_GROUP Number of the reference group that is currently in the reference position  0: No reference group in reference position  1 … 3: Reference group with this number in reference position $MASTERINGTEST_REQ_INT Internal mastering test request from the safety controller TRUE = mastering test is requested. FALSE = mastering test is not requested. $MASTERINGTEST_REQ_EXT Input for the external request for mastering test, e.g. from the safety PLC TRUE = mastering test is requested. FALSE = mastering test is not requested. Note: This signal is declared in the file $machine.dat in the directory KRC:\ROBOTER\KRC\STEU\MADA and must be assigned to a suitable input. By default, the signal is routed to $IN[1026]. $MASTERINGTEST_SWITCH_ Check of the function of the reference switch OK TRUE = reference switch is OK. FALSE = reference switch is defective. 100 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration 7.6.4 Selecting a reference position Description The reference position can be approached with the actuating plate or with a ferromagnetic part of the tool as follows: Fig. 7-19: Example: position of the actuating plate on the reference switch 1 Tool 2 Actuating plate 3 Reference switch 4 Mechanical mounting fixture for the reference switch 5 Actuated reference switch Selection criteria The reference run must be selected in accordance with the following criteria:  The position of the reference switch and actuating plate does not interfere with the work sequence of the robot.  The reference position is not a position in which the axes are in a singularity.  In the reference position, both proximity switch surfaces of the reference switch are actuated by the switching surface (actuating plate or tool).  All axes of a reference group are in the reference position in order to actuate the reference switch.  In the reference position, the robot axes are at least ±5° (rotational axes) or ±15 mm (linear axes) away from the mastering position.  The position of the reference switch is within the motion range of the robot. 7.6.4.1 Installing the reference switch and actuating plate Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  The reference run has been selected in accordance with the required criteria. (>>> "Selection criteria" Page 101) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 101 / 205 KUKA.SafeOperation 3.2 Procedure 1. Prepare a mechanical mounting fixture for mounting the reference switch. 2. Attach the reference switch to the mounting fixture. 3. If the actuating plate is being used, fasten the actuating plate to the robot flange or tool. Example Fig. 7-20: Example of an actuating plate on the tool 1 Robot 2 Actuating plate on tool 3 Tool 4 Reference switch on mounting fixture 7.6.4.2 Connecting a reference switch The robot controller is preconfigured for the specific industrial robot. If cables are interchanged, the manipulator and the external axes (optional) may receive incorrect data and can thus cause personal injury or material damage. If a system consists of more than one manipulator, always connect the connecting cables to the manipulators and their corresponding robot controllers. In the case of a KR C4, only 1 reference switch can be connected directly to the robot controller. If multiple reference groups are required, the reference switches can be connected to the safety PLC and activated via PROFIsafe or CIP Safety. The safety PLC must evaluate the reference switches and set the input Mastering test accordingly. A KR C4 compact is not equipped with a connection allowing a reference switch to be connected to the robot controller. Reference switches must be connected to the safety PLC and activated via PROFIsafe or CIP Safety. The safety PLC must evaluate the reference switches and set the input Mastering test accordingly. 102 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  Reference switch is installed.  Reference cable X42 - XS Ref (maximum cable length 40 m) The following procedure applies only to connection of the reference switch to a KR C4. Procedure 1. Route the reference cable X42 - XS Ref correctly (in a fixed installation or cable carrier). When routing the cable, avoid mechanical damage and observe the minimum bending radii. The following bending radii serve as guide values: Type of routing Bending radius Fixed installation Min. 5xØ of cable Installation in cable carrier Min. 10xØ of cable 2. Connect the reference cable: Connect X42 to the robot controller and XS Ref to the reference switch. 7.6.5 Teaching positions for the mastering test Description The following points must be taught for each reference group:  Motion to the reference switch  Reference position The reference position must additionally be taught in the safety configuration.  Motion away from the reference switch Precondition  Reference switch is installed and connected.  User group “Safety maintenance”  T1 or T2 operating mode Procedure 1. Open the program MasRef_USER.SRC. 2. Insert a HALT statement in the subprograms MASREFSTARTGX() and MASREFBACKGX(). 3. Close the program MasRef_USER.SRC. 4. Select the program MasRef_Main.SRC. 5. Perform block selection to the subprogram RunTest_Group(X). 6. Press the Start key. The subprogram MASREFSTARTGX() of the program MasRef_USER.SRC is called. 7. In the subprogram MASREFSTARTGX(), program a motion to a point approx. 10 cm before the reference switch and teach the required points. 8. Program a LIN motion to the reference switch so that it is actuated. This position is the reference position. The distance from the reference switch must not exceed 2 mm in the reference position. If the distance is greater, the reference switch will not be actuated. 9. Teach the reference position. 10. Do not move the robot. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 103 / 205 KUKA.SafeOperation 3.2 11. Teach the reference position in the safety configuration. (>>> 7.5.9 "Defining the reference position" Page 95) 12. Return to the subprogram MASREFSTARTGX() and perform a block selection to the END line. 13. Press the Start key. The subprogram MASREFBACKGX() of the program MasRef_USER.SRC is called. 14. In the subprogram MASREFBACKGX(), program the motion away from the reference position and teach the required points. 15. Deselect the program and save the changes. 16. For automatic operation, delete all HALT statements from the program MasRef_USER.SRC once again. 17. Cyclically call the program MasRef_Main.SRC at a suitable point and enable execution of the mastering test after an internal request. Program 1 DEF MasRef_USER() 2 END 3 4 GLOBAL DEF MASREFSTARTG1() 5 Teach path and reference position for group 1 6 7 END 8 9 GLOBAL DEF MASREFSTARTG2() 10 Teach path and reference position for group 2 11 12 END 13 14 GLOBAL DEF MASREFSTARTG3() 15 Teach path and reference position for group 3 16 17 END 18 19 GLOBAL DEF MASREFBACKG1() 20 Teach path back for group 1 21 22 END 23 24 GLOBAL DEF MASREFBACKG2() 25 Teach path back for group 2 26 27 END 28 29 GLOBAL DEF MASREFBACKG3() 30 Teach path back for group 3 31 32 END Line Description 5 Program the motion to the reference position of reference group 1 and teach the reference position. 10 Program the motion to the reference position of reference group 2 and teach the reference position. 15 Program the motion to the reference position of reference group 3 and teach the reference position. 20 Teach the motion away from the reference position of reference group 1. 104 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Line Description 25 Teach the motion away from the reference position of reference group 2. 30 Teach the motion away from the reference position of reference group 3. 7.6.6 Checking the reference position (actuation with tool) The robot can move beyond the configured limits if the reference switch is actuated by a ferromagnetic part of the tool and the accuracy at the reference position is exceeded. Severe physical injuries or damage to property may result. The accuracy of the reference position must be checked. If the tool is exchanged, the reference position and the accuracy of the reference position must be checked. If required, the reference position must be adapted to the new tool. Failure to observe this precaution may result in severe physical injuries or considerable damage to property. Precondition  Reference switch is installed and connected.  The reference position has been taught in the program MasRef_USER.SRC and in the safety configuration.  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. Open the program MasRef_USER.SRC. 2. In the subprogram MASREFSTARTGX(), insert a HALT statement immediately before the END line. 3. Close the program MasRef_USER.SRC. 4. Select the program MasRef_Main.SRC. 5. Perform block selection to the subprogram RunTest_Group(X). 6. Press the Start key. The subprogram MASREFSTARTGX() of the program MasRef_USER.SRC is called and the robot moves to the reference position. 7. Jog each axis individually in the positive and negative directions using the jog keys and observe when the reference switch is no longer actuated. 8. Analyze the axis-specific tolerances determined in this way for the mastering test relative to the application and select a different reference position if necessary. 9. For automatic operation, delete all HALT statements from the program MasRef_USER.SRC once again. 7.6.7 Performing a mastering test manually Precondition  Reference switch is installed and connected. If the reference switch is connected to the robot controller via interface X42, the mastering test can be executed in Start-up mode.  The reference position has been taught in the program MasRef_USER.SRC and in the safety configuration.  T1 or T2 mode Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 105 / 205 KUKA.SafeOperation 3.2 The robot moves in T2 mode at the programmed velocity and can cause personal injury or material damage. Make sure that the robot cannot collide and that no persons are in the motion range of the robot. Procedure  Select and execute the program MasRef_Main.SRC to the end of the program. 7.7 Brake test 7.7.1 Overview of the brake test Description Each robot axis has a holding brake integrated into the motor. The brake test checks every axis at low speed and at the current temperature to see if the braking torque is sufficiently high, i.e. whether it exceeds a certain minimum value. The minimum value for the individual axes is stored in the machine data. (The brake test does not calculate the absolute value of the braking torque.) Request If the brake test is active, the following events cause a brake test to be requested:  Input $BRAKETEST_REQ_EX is set externally, e.g. by a PLC (external request)  Robot controller boots with a cold start (internal request)  Function test of the brake test (internal request)  Brake test cycle time has elapsed (internal request) Cycle time The cycle time is 46 h. It is deemed to have elapsed when the drives have been under servo-control for a total of 46 h. The robot controller then requests a brake test and generates the following message: Brake test required. The robot can be moved for another 2 hours. It then stops and the robot controller generates the following acknowledgement message: Cyclical check for brake test request not made. Once the message has been acknowledged, the robot can be moved for another 2 hours. Execution A precondition for the brake test is that the robot is at operating temperature. This is the case after approx. 1 h in normal operation. The brake test is carried out using the program BrakeTestReq.SRC. It can be started in the following ways:  Automatically Integrate BrakeTestReq.SRC into the application program in such a way that it is cyclically called as a subprogram. If a brake test is requested, the robot detects this and starts the brake test.  Manually Start the program BrakeTestReq.SRC manually. Sequence The brake test checks all brakes one after the other. 1. The robot accelerates to a defined velocity. (The velocity cannot be influ- enced by the user.) 2. Once the robot has reached the velocity, the brake is applied and the result for this braking operation is displayed in the message window. 3. If a brake has been identified as being defective, the brake test can be repeated for confirmation or the robot can be moved to the parking position. If a brake has reached the wear limit, the robot controller indicates this by means of a message. A worn brake will soon be identified as defective. Until then, the robot can be moved without restrictions. 106 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration If a brake has been identified as being defective, the drives remain under servo-control for 2 hours following the start of the brake test (= monitoring time). The robot controller then switches the drives off. Overview Step Description In WorkVisual: 1 If required: Activate the brake test in WorkVisual. (>>> 7.7.2 "Activating the brake test" Page 107) On the robot controller: 2 Configure input and output signals for the brake test. (>>> 7.7.4 "Configuring input and output signals for the brake test" Page 108) 3 Teach positions for the brake test. The parking position must be taught. The start position and end position can be taught. (>>> 7.7.5 "Teaching positions for the brake test" Page 111) 4 If the brake test is to be carried out automatically: Integrate BrakeTestReq.SRC into the application program in such a way that it is cyclically called as a subprogram. 5 If the brake test is to be carried out manually: Start the program BrakeTestReq.SRC manually. (>>> 7.7.6 "Performing a manual brake test" Page 112) 6 If required: Test the function of the brake test. (>>> 7.7.7 "Checking that the brake test is functioning correctly" Page 113) 7.7.2 Activating the brake test  If a safety option is installed and the safe monitoring is active, the brake test is automatically active.  If the brake test is not automatically active, the user has the option of manually activating it. This must be carried out in WorkVisual. If the brake test is not automatically active, the user must carry out a risk assessment to determine whether it is necessary to activate the brake test for the specific application. Further information about activating the brake test is contained in the WorkVisual documentation. 7.7.3 Programs for the brake test The programs are located in the directory C:\KRC\ROBOT- ER\KRC\R1\TP\BrakeTest. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 107 / 205 KUKA.SafeOperation 3.2 Program Description BrakeTestReq.SRC This program performs the brake test. It can be performed in the following ways:  Integrate the program into the application program in such a way that it is cyclically called as a subprogram. If a brake test is requested, the robot detects this and performs the brake test immediately.  Execute the program manually.  Test the function of the brake test. The robot controller executes Bra- keTestReq.SRC with special parameterization. BrakeTestPark.SRC The parking position of the robot must be taught in this program. The robot can be moved to the parking position if a brake has been identified as being defective. Alternatively, the brake test can be repeated for confirmation. BrakeTestStart.SRC The start position of the brake test can be taught in this program. The robot starts the brake test from this position. If the start position is not taught, the robot performs the brake test at the actual position. BrakeTestBack.SRC The end position of the brake test can be taught in this program. The robot moves to this position after the brake test. If the end position is not taught, the robot remains at the actual position after the brake test. BrakeTestSelfT- The program checks whether the brake test has correctly detected a est.SRC defective brake. For this purpose, the robot controller executes BrakeT- estReq.SRC with special parameterization. 7.7.4 Configuring input and output signals for the brake test Description All signals for the brake test are declared in the file $machine.dat in the directory KRC:\STEU\MADA. These signals are not redundant in design and can supply incorrect information. Do not use these signals for safety-relevant applications. Precondition  “Expert” user group Procedure 1. Open the file $machine.dat in the directory KRC:\STEU\MADA in the Nav- igator. 2. Assign inputs and outputs. 3. Save and close the file. $machine.dat Extract from the file $machine.dat (with default settings, without comments): ... SIGNAL $BRAKETEST_REQ_EX $IN[1026] SIGNAL $BRAKETEST_MONTIME FALSE ... SIGNAL $BRAKETEST_REQ_INT FALSE SIGNAL $BRAKETEST_WORK FALSE SIGNAL $BRAKES_OK FALSE SIGNAL $BRAKETEST_WARN FALSE ... Signals There is 1 input signal. By default, it is routed to $IN[1026]. 108 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration The output signals are preset to FALSE. There is no compelling need to assign output numbers to them. It is only necessary to assign numbers if there is a need to be able to read the signals (e.g. via the variable correction function or program execution.) Signal Description $BRAKETEST_REQ_EX Input  TRUE = brake test is being requested externally (e.g. by PLC). The robot controller confirms the signal with $BRAKETEST_REQ_INT = TRUE and generates message 27004.  FALSE = brake test is not being requested externally. $BRAKETEST_MONTIME Output  TRUE = robot was stopped due to elapsed monitoring time. Acknowledgement message 27002 is generated.  FALSE = acknowledgement message 27002 is not active. (Not generated, or has been acknowledged.) $BRAKETEST_REQ_INT Output  TRUE = message 27004 is active. The signal is not set to FALSE again until a brake test is carried out with a positive result, i.e. with message 27012.  FALSE = brake test is not requested (either internally or externally). $BRAKETEST_WORK Output  TRUE = brake test is currently being performed.  FALSE = brake test is not being performed. If no defective brakes have been detected, message 27012 is generated. Edge TRUE → FALSE:  Test was successfully completed. No brake is defective. Mes- sage 27012 is generated.  Or at least 1 defective brake was detected and the robot has moved to the parking position.  Or the program was canceled during execution of the brake test. $BRAKES_OK Output  Edge FALSE → TRUE: Output was set to FALSE by the pre- vious brake test. The brake test was carried out again and no defective brake was detected.  Edge TRUE → FALSE: A brake has just been detected as defective. Message 27007 is generated. $BRAKETEST_WARN Output  Edge FALSE → TRUE: At least 1 brake has been detected as having reached the wear limit. Message 27001 is generated at the same time.  Edge TRUE → FALSE: Output was set to TRUE by the previ- ous brake test. The brake test was carried out again and no worn brake was detected. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 109 / 205 KUKA.SafeOperation 3.2 Messages No. Message 27001 Brake {Brake no.}{Axis no.} has reached the wear limit 27002 Cyclical check for brake test request not made 27004 Brake test required 27007 Insufficient holding torque of brake {Brake no.}{Axis no.} 27012 Brake test successful 7.7.4.1 Signal diagram of the brake test – examples Example 1 The signal diagram for the brake test applies in the following case:  No brake has reached the wear limit.  No brake is defective. Fig. 7-21: Signal diagram: brakes OK Item Description 1 The brake test is requested. 2 Automatic call of the program BrakeTestReq.SRC Start of the brake test 3 The brake test is completed. Example 2 The signal diagram for the brake test applies in the following case:  Brake A2 is worn.  Brake A4 is defective. Fig. 7-22: Signal diagram: brakes not OK 110 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration Item Description 1 The brake test is requested. $BRAKETEST_REQ_INT is not set to FALSE again until a brake test is carried out with a positive result. 2 Automatic call of the program BrakeTestReq.SRC Start of the brake test 3 Brake A2 is tested: brake is worn. 4 Brake A4 is tested: brake is defective. 5 The robot has been moved to the parking position or the program has been canceled. 7.7.5 Teaching positions for the brake test Description The parking position must be taught. The start position and end position can be taught.  If the start position is not taught, the robot performs the brake test at the actual position.  If the end position is not taught, the robot remains at the actual position after the brake test. Parking position If a brake is identified as being defective, the robot can be moved to the parking position. Alternatively, the brake test can be repeated for confirmation. The parking position must be selected in a position where no persons are endangered if the robot sags because of the defective brake. The transport position, for example, can be selected as the parking position. Further information about the transport position is contained in the robot operating or assembly instructions. Precondition  All output signals are assigned to outputs.  “Expert” user group  Operating mode T1 Procedure 1. Open the program BrakeTestStart.SRC in the directory R1\TP\BrakeTest. 2. Teach the motions to the start position of the brake test.  The motions must be taught in such a way that the robot cannot cause a collision on the way to the start position.  In the start position, every robot axis must have an available motion range of ±10°. 3. Save and close the program. 4. Open the program BrakeTestBack.SRC in the directory R1\TP\BrakeTest. 5. Teach the motions from the start position to the end position of the brake test. The start and end position may be identical. 6. Save and close the program. 7. Open the program BrakeTestPark.SRC in the directory R1\TP\BrakeTest. 8. Program the motions from the end position to the parking position of the robot. 9. Save and close the program. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 111 / 205 KUKA.SafeOperation 3.2 7.7.6 Performing a manual brake test If a brake is identified as being defective and the drives are deactivated, the robot may sag. For this reason, no stop may be triggered during the motion to the parking position. The monitoring functions that can trigger a stop in this range (e.g. monitoring spaces) must be deactivated beforehand. No safety functions may be executed that would trigger a stop (e.g. E-STOP, opening the safety gate, change of operating mode, etc.). If a brake has been identified as being defective, the parking position must be approached no faster than at 10% of maximum velocity. Program override for the test is automatically set to 100%. The robot moves at high velocity. Make sure that the robot cannot collide and that no persons are in the motion range of the robot. Precondition  No persons or objects are present within the motion range of the robot.  In the start position, every robot axis has an available motion range of ±10°. (Or, if no start position has been taught, in the actual position.)  The parking position has been taught in the program BrakeTestPark.SRC.  “Expert” user group  Program run mode GO  AUT mode  The robot is at operating temperature (= after approx. 1 h in normal operation). Procedure 1. Select the program BrakeTestReq.SRC in the directory R1\TP\BrakeTest and press the Start key. 2. The following message is displayed: Performing manual brake test - please acknowledge. Acknowledge the message. 3. Press the Start key. The message Programmed path reached (BCO) is displayed. 4. Press the Start key. The brakes are tested, starting with A1. 5. Possible results:  If a brake is OK, this is indicated by the following message: Brake {Brake no.}{Axis no.} OK. If all brakes are OK, this is indicated after the brake test by the following message: Brake test successful. (It is possible that one or more brakes may have reached the wear limit. This is also indicated by a message.) Deselect the program BrakeTestReq.SRC.  If a brake is defective, this is indicated by the following message: In- sufficient holding torque of brake {Brake no.}{Axis no.}. Once all brakes have been tested, either press Repeat to repeat the brake test for checking purposes or press Park pos. to move the robot to the parking position. If a brake has been identified as being defective, the drives remain under servo-control for 2 hours following the start of the brake test (= monitoring time). The robot controller then switches the drives off. 112 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration 7.7.7 Checking that the brake test is functioning correctly Description It is possible to check whether the brake test has correctly detected a defective brake: the program BrakeTestSelfTest.SRC simulates a fault in the brakes and triggers a brake test. If the brake test detects the simulated fault, it is functioning correctly. Program override for the test is automatically set to 100%. The robot moves at high velocity. Make sure that the robot cannot collide and that no persons are in the motion range of the robot. Precondition  No persons or objects are present within the motion range of the robot.  In the start position, every robot axis has an available motion range of ±10°. (Or, if no start position has been taught, in the actual position.)  The parking position has been taught in the program BrakeTestPark.SRC.  “Expert” user group  Program run mode GO  AUT mode  The robot is at operating temperature (= after approx. 1 h in normal operation). Procedure 1. Select the program BrakeTestSelfTest.SRC in the directory R1\TP\Bra- keTest and press the Start key. 2. The following message is displayed: Performing self-test for brake test - please acknowledge. Confirm the message by pressing Ackn.. 3. Press the Start key. 4. Result of the function test:  Message Insufficient holding torque of brake 3: The brake test has correctly detected the simulated fault. The brake test is functioning correctly. Deselect the program BrakeTestSelfTest.SRC. Perform a manual brake test. This ensures that the simulated fault does not remain active.  Any other message, or no message, means: The brake test has not detected the simulated fault. The brake test is not functioning correctly. If the function test establishes that the brake test is not functioning correctly:  The robot must no longer be moved.  KUKA Roboter GmbH must be contacted. 7.8 Override reduction for velocity and workspace limits Override reduction for velocity and workspace limits is not a safety function. Description Override reduction can be activated for the velocities and workspaces monitored by the safety controller: Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 113 / 205 KUKA.SafeOperation 3.2  Override reduction for the velocity ($SR_VEL_RED = TRUE) If override reduction is active, the velocity is automatically reduced so that the lowest currently monitored velocity limit is not exceeded. The variable $SR_OV_RED specifies the reduction factor for the override reduction as a percentage. The velocity is reduced to the following value: lowest velocity limit * reduction factor (>>> "Example" Page 114)  Override reduction for monitoring spaces ($SR_WORKSPACE_RED = TRUE) Override reduction is only relevant for monitoring spaces for which the function Stop at boundaries is active, and the robot is stopped with a safety stop if it violates the space limit. The override reduction for monitoring spaces is only effective in modes T2, AUT and AUT EXT. In T1 mode, the override reduction for monitoring spaces is generally deactivated, i.e. it is also deactivated if $SR_WORKSPACE_RED = TRUE. If override reduction is active and the robot approaches the workspace limit, the velocity is continuously reduced. When the robot moves over the workspace limit and is stopped, the velocity has already been greatly reduced. The stopping distance is short and the robot quickly comes to a standstill. If override reduction is not active and the robot approaches the workspace limit, the velocity is not reduced. The robot is still moving at full velocity when it is stopped at the workspace limit. The robot does not come to a standstill as quickly as with override reduction active, as the stopping distance is greater due to the higher velocity. The variables for override reduction can be modified in the $CUSTOM.DAT file, in a KRL program or via the variable correction function. If a variable is modified, an advance run stop is triggered. (>>> 7.8.3 "Variables for override reduction in $CUSTOM.DAT" Page 117) Example Override reduction for the velocity:  $SR_VEL_RED = TRUE  $SR_OV_RED = 95 The lowest Cartesian velocity limit active on the safety controller is a space- specific velocity of 1,000 mm/s. The override reduction function reduces the Cartesian velocity at the safe TCP of the active tool to 950 mm/s. The override reduction function is only triggered if it is foreseeable that the limit of 950 mm/s would be exceeded without velocity reduction. Fig. 7-23: Example: Override reduction with $SR_VEL_RED v3 Maximum Cartesian velocity; v3 = 1,200 mm/s v2 Space-specific velocity; v2 = 1,000 mm/s v1 Velocity v2 * reduction factor; v1 = 1,000 mm/s * 95% = 950 mm/s 114 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration t1 Override reduction is triggered: without velocity reduction, the limit v1 would be exceeded. t2 Override reduction is no longer triggered. 7.8.1 Override reduction with spline Overview If motion is carried out without spline, override reduction takes effect before workspace limits and at Cartesian velocity limits. If motion is carried out with spline, override reduction also affects axis-specific velocity limits. Override reduction has an effect … Without With spline spline before workspace Cartesian limits Axis-specific (in T2, AUT and AUT EXT modes) on space-specific Cartesian space velocity Axis-specific space on velocity limits Cartesian velocity  Maximum velocity (not space-dependent)  Reduced velocity  Reduced velocity for T1 Axis velocity  Maximum velocity (valid globally for every axis)  Reduced velocity  Maximum velocity for T1 Spline is a motion type that is suitable for particularly complex, curved paths. Such paths can also be generated using approximated LIN and CIRC motions, but splines have advantages, however. The advantages of spline include:  The path always remains the same, irrespective of the override setting, velocity or acceleration.  Circles and tight radii are executed with great precision. It is advisable to use spline for optimal override reduction, e.g. in the case of frequent motion along the workspace limits. Information about motion programming with spline is contained in the “Operating and Programming Instructions for System Integrators”. 7.8.2 Examples of override reduction with spline Changing A change of workspace is carried out from one Cartesian workspace to anoth- workspace er Cartesian workspace with a lower space-specific velocity vmax. The following preconditions are met: System variables:  $SR_VEL_RED = TRUE Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 115 / 205 KUKA.SafeOperation 3.2  $SR_OV_RED = 80 Safety configuration:  Safe monitoring is active.  At least one tool sphere on the active tool is monitored.  The workspace with the lower space-specific velocity vmax is switched to active (permanently for preference).  The space-specific velocity vmax is valid if the workspace is not violated. With spline (red line), override reduction reduces the Cartesian velocity at the safe TCP of the active tool in good time in the old workspace and moves into the new workspace with the lower space-specific velocity. Without spline (blue line), the Cartesian velocity is reduced in the old workspace, but the override reduction function is not usually triggered early enough. The lower space-specific velocity of the new workspace has not yet been reached at the workspace limit and the robot stops with a safety stop 0. Fig. 7-24: Changing to a workspace with a lower vmax 1 Cartesian workspace with vmax = 1,000 mm/s, reduced to 800 mm/s 2 Cartesian workspace with vmax = 500 mm/s, reduced to 400 mm/s Due to override reduction with $SR_OV_RED = 80, a maximum of 80 percent of the configured space-specific velocity vmax is reached in the workspaces. Moving into a A Cartesian protected space is configured into which the robot may not move. protected space If the robot approaches the protected space, override reduction is triggered and reduces the velocity. If the robot wishes to enter the protected space, a safety stop 0 is triggered at the workspace limit. The following preconditions are met: System variables:  $SR_WORKSPACE_RED = TRUE Safety configuration:  Safe monitoring is active.  The function Stop at boundaries is active.  At least one tool sphere on the active tool is monitored.  The protected space is switched to active. With spline (red line), override reduction reduces the Cartesian velocity at the safe TCP of the active tool to a value that roughly corresponds to a program 116 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration override of 1% while it is still in the permissible range. The robot enters the Cartesian protected space with this velocity and is stopped with a safety stop 0. Without spline (blue line), the Cartesian velocity is reduced while in the permissible range, but the override reduction function is not usually triggered early enough. The robot enters the Cartesian protected space at a higher velocity than with spline. Here, once again, the robot stops with a safety stop 0, but the braking reaction is more abrupt and the stopping distance greater. Fig. 7-25: Moving into a protected space 1 Permissible range 2 Cartesian protected space 7.8.3 Variables for override reduction in $CUSTOM.DAT The variables for override reduction can be modified in the $CUSTOM.DAT file, in a KRL program or via the variable correction function. If a variable is modified, an advance run stop is triggered. Variable Description $SR_VEL_RED Override reduction for the velocity TRUE = override reduction is activated. FALSE = override reduction is not activated. Default: TRUE $SR_OV_RED Reduction factor for override reduction as a percentage The currently monitored velocity limit is reduced to this percentage value.  10 … 95 % Default: 75 % $SR_WORKSPACE_RED Override reduction for monitoring spaces TRUE = override reduction is activated. FALSE = override reduction is not activated. Default: TRUE 7.9 Safety acceptance overview SafeOperation must not be put into operation until the safety acceptance procedure has been completed successfully. For successful safety acceptance, the points in the checklists must be completed fully and confirmed in writing. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 117 / 205 KUKA.SafeOperation 3.2 The completed checklists, confirmed in writing, must be kept as doc- umentary evidence. Safety acceptance must be carried out in the following cases:  Following initial start-up or recommissioning of the industrial robot  After a change to the industrial robot  After a change to the safety configuration  After a software update, e.g. of the system software Safety acceptance after a software update is only necessary if the checksum of the safety configuration changes as a result of the update. The safety configuration must be archived and the change log checked after every modification. It is also advisable to print out the data set containing the safety parameters using WorkVisual. The following checklists can be found in the Appendix:  Checklist for robot and system (>>> 11.1.2 "Checklist for robot and system" Page 171)  Checklist for safety functions (>>> 11.1.3 "Checklist for safety functions" Page 172)  Checklist for Cartesian velocity monitoring functions (>>> 11.1.4 "Checklist for Cartesian velocity monitoring functions" Page 175)  Checklist for axis-specific velocity monitoring functions (>>> 11.1.5 "Checklist for axis-specific velocity monitoring functions" Page 176)  Checklist for safe operational stop for axis groups (>>> 11.1.6 "Checklist for safe operational stop for axis groups" Page 180)  Checklist for cell area (>>> 11.1.7 "Checklist for cell area" Page 182)  Checklist for Cartesian monitoring spaces (>>> 11.1.8 "Checklist for Cartesian monitoring spaces" Page 183)  Checklist for axis-specific monitoring spaces (>>> 11.1.9 "Checklist for axis-specific monitoring spaces" Page 185)  Checklist for safe tools (>>> 11.1.10 "Checklist for safe tools" Page 190) 7.10 Checking that the safety functions are functioning correctly The configured velocity limits, the limits of the monitoring spaces and the space-specific velocities must be checked with override reduction deactivated. For this, the following variables must be set to FALSE in $CUSTOM.DAT:  $SR_VEL_RED  $SR_WORKSPACE_RED To check the configured limits, the space and velocity limits are deliberately exceeded by means of test programs. If the safety configuration stops the robot, the limits are correctly configured. If the robot is stopped by the safety controller, a message with message number 15xxx is displayed. If no message is displayed, or if a message from a different number range is displayed, the safety controller must be checked. 118 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration 7.10.1 Testing Cartesian velocity limits (>>> 11.1.4 "Checklist for Cartesian velocity monitoring functions" Page 175) Description The following Cartesian velocities must be tested:  Reduced Cartesian velocity for T1  Reduced Cartesian velocity  Global maximum Cartesian velocity Precondition  Override reduction is deactivated. The following procedure must be followed exactly! Procedure 1. Create a test program in which the Cartesian velocity is to be exceeded deliberately, e.g. configured with 1000 mm/s, moved at 1100 mm/s. When testing the Cartesian velocity on a KL, the linear unit must also be moved. 2. To test the reduced Cartesian velocity for T1, execute the test program in operating mode T1. 3. To test the reduced Cartesian velocity and the maximum Cartesian velocity, execute the test program in operating mode T2. Death, serious injuries or major damage to property may occur. If a program is executed in test mode T2, the operator must be in a position outside the danger zone. 7.10.2 Testing axis-specific velocity limits (>>> 11.1.5 "Checklist for axis-specific velocity monitoring functions" Page 176) Description The following axis-specific velocity limits must be tested:  Maximum axis velocity for T1  Reduced axis velocity  Maximum axis velocity (valid globally for every axis) It is only necessary to test the global maximum axis velocity if an axis must not exceed a defined velocity. If the global maximum axis velocity is only to limit the minimum axis-specific protected space, no test is required. Precondition  Override reduction is deactivated. Procedure Testing linear axes: The following procedure must be followed exactly! 1. Create a test program in which the axis velocity is exceeded deliberately, e.g. KL configured with 1000 mm/s, moved at 1100 mm/s. 2. To test the maximum axis velocity for T1, execute the test program in operating mode T1. 3. To test the reduced axis velocity and the global maximum axis velocity, execute the test program in operating mode T2. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 119 / 205 KUKA.SafeOperation 3.2 Death, serious injuries or major damage to property may occur. If a program is executed in test mode T2, the operator must be in a position outside the danger zone. Testing rotational axes: The following procedure must be followed exactly! 1. Look up the maximum axis velocity Vmax in the data sheet of the robot used. 2. Create a test program in which the axis velocity is to be exceeded deliberately, e.g. axis A1 configured with 190°/s, moved at 200°/s. 3. Calculate axis velocity $VEL_AXIS[x]. (>>> "Calculation of $VEL_AXIS" Page 120) 4. Enter the axis velocity $VEL_AXIS[x] in the test program. 5. To test the maximum axis velocity for T1, execute the test program in operating mode T1. 6. To test the reduced axis velocity and the maximum axis velocity, execute the test program in operating mode T2. Death, serious injuries or major damage to property may occur. If a program is executed in test mode T2, the operator must be in a position outside the danger zone. Calculation of The axis velocity $VEL_AXIS[x] is calculated using the following formula: $VEL_AXIS $VEL_AXIS[x] = (VTest / Vmax) * 100 = (200 °/s / 360 °/s) * 100 = 56 Element Description x Number of the axis Vtest Test velocity Unit: °/s Vmax Maximum axis velocity Unit: °/s The calculated axis velocity $VEL_AXIS[x] is entered in the test program: ... PTP {A1 -30} HALT $VEL_AXIS[1] = 56 PTP {A1 30} ... 7.10.3 Testing Cartesian monitoring spaces (>>> 11.1.8 "Checklist for Cartesian monitoring spaces" Page 183) (>>> 11.1.7 "Checklist for cell area" Page 182) Description The configuration of the boundaries and the space-specific velocity must be checked. If “Stop at boundaries” is not configured, an alarm space is used for this. The space surfaces can have any orientation. The robot must be moved to each of the 6 space surfaces of a Cartesian monitoring space at 3 different points to check whether the limits have been programmed correctly. An excep- 120 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration tion is made here for space surfaces that cannot be addressed due to circum- stances in the system. The cell area is a Cartesian monitoring space and is tested in the same way. Depending on the configuration, the cell area consists of 5, 6 or more space surfaces. Each addressable space surface must be addressed at 2 different points to check whether the limits have been programmed correctly. Fig. 7-26: Moving to space surfaces Precondition  Override reduction is deactivated. Procedure Testing space limits: The following procedure must be followed exactly! 1. Create a test program in which all positions addressed for checking the space surfaces are taught. 2. Execute test program in T1 mode. When testing a Cartesian monitoring space on a KL, the linear unit must also be moved. It must be ensured that the monitoring space moves with the linear unit and comes to a standstill. Testing the space-specific velocity: The following procedure must be followed exactly! 1. Create a test program in which the space-specific velocity is deliberately exceeded, either inside or outside the monitoring space, e.g. 180 mm/s configured, moved at 200 mm/s. 2. Execute test program in T2 mode. Death, serious injuries or major damage to property may occur. If a program is executed in test mode T2, the operator must be in a position outside the danger zone. 7.10.4 Testing axis-specific monitoring spaces (>>> 11.1.9 "Checklist for axis-specific monitoring spaces" Page 185) Description The configuration of the boundaries and the space-specific velocity must be checked. If “Stop at boundaries” is not configured, an alarm space is used for this. Precondition  Override reduction is deactivated. Procedure Testing space limits: The following procedure must be followed exactly! Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 121 / 205 KUKA.SafeOperation 3.2  Jog each axis (that is to be monitored) once to the upper and lower boundaries of the monitoring space in T1 mode using the jog keys or Space Mouse. Testing the space-specific velocity: The following procedure must be followed exactly! 1. Create a test program in which the space-specific velocity is deliberately exceeded, either inside or outside the monitoring space, e.g. 180 mm/s configured, moved at 200 mm/s. 2. Execute test program in T2 mode. Death, serious injuries or major damage to property may occur. If a program is executed in test mode T2, the operator must be in a position outside the danger zone. 7.10.5 Testing the safe operational stop for an axis group (>>> 11.1.6 "Checklist for safe operational stop for axis groups" Page 180) Forces acting on the robot in the production process may result in a violation of the safe operational stop, e.g. when loading a workpiece into a gripper. To remedy this, the position tolerance for the affected axis must be increased. Precondition  Operating mode T1 The following procedure must be followed exactly! Procedure 1. Activate safe operational stop for the axis group. 2. Jog the first axis in the axis group in the positive or negative direction using the jog keys and with a jog override of 1%. A robot stop must be triggered (safety stop 0). 3. Deactivate safe operational stop for the axis group and reactivate it. 4. Repeat steps 2 to 3 to test additional axes of the axis group. 7.11 Activating a new safety configuration Description If the safety configuration is updated by transferring a project from WorkVisual to the robot controller or by restoring an archive, the safety controller signals that the checksum of the safety configuration is incorrect. The safety maintenance technician must check the new safety configuration on the robot controller and is responsible for ensuring that the correct safety configuration is activated. The displayed checksum must match the expected checksum from the checklist for safety functions. (>>> 11.1.3 "Checklist for safety functions" Page 172) A new safety configuration can also be activated by the safety recovery technician. The safety recovery technician requires the 8-digit activation code of the safety configuration for this. The correct activation code must be commu- nicated by the safety maintenance technician. Precondition  User group “Safety recovery” or “Safety maintenance” Procedure 1. Select Configuration > Safety configuration in the main menu. 122 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 Start-up and configuration The safety configuration checks whether there are any relevant deviations between the robot controller and the safety controller. The Troubleshoot- ing wizard window is opened. 2. A description of the problem and a list of possible causes is displayed. Se- lect the cause from the list, e.g. restoration of an archive. 3. Press Activate to activate the updated safety configuration on the robot controller. 4. Only in the user group “Safety Recovery”: enter the activation code and press Activate again. 7.12 Deactivating safe monitoring If safe monitoring is deactivated, the configured safety monitoring functions are inactive. Description The following monitoring functions are part of the standard safety configuration and always active. This means that these monitoring functions remain active when safe monitoring is deactivated:  Monitoring of the braking time  Monitoring of the maximum axis velocity in T1  Monitoring of the axis positions during a global safe operational stop (all axes) Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. Open the safety configuration. 2. Press Global parameters. 3. Remove the check mark from Safe monitoring. 4. Click on Save and answer the request for confirmation with Yes. The robot controller is automatically reinitialized. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 123 / 205 KUKA.SafeOperation 3.2 124 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 8 Interfaces to the higher-level contr... 8 Interfaces to the higher-level controller t f The robot controller can communicate with the higher-level controller, e.g. a PLC, via the Ethernet safety interface (PROFIsafe or CIP Safety) or via the s discrete safety interface for safety options (X13 via Extended SIB). t The safe I/Os of the Ethernet safety interface are permanently assigned to the safety monitoring functions of SafeOperation: input and output bytes 2 to 7. (Input and output bytes 0 to 1 are assigned to the standard safety functions.) The safe I/Os of the discrete safety interface only offer a reduced range of signals. If the interface X13 (Extended SIB) is used, the relay outputs of the Standard SIB and Extended SIB must be checked cyclically. The checking instructions are contained in the robot controller operating instructions. Further information about Extended SIB and interface X13 can be found in the operating or assembly instructions for the robot controller and in the Optional Interfaces assembly and operating instructions for the robot controller. 8.1 Safety functions via Ethernet safety interface Description The exchange of safety-relevant signals between the controller and the system is carried out via the Ethernet safety interface (e.g. PROFIsafe or CIP Safety). The assignment of the input and output states within the Ethernet safety interface protocol are listed below. In addition, non-safety-oriented information from the safety controller is sent to the non-safe section of the higher-level controller for the purpose of diagnosis and control. Reserved bits Reserved safe inputs can be pre-assigned by a PLC with the values 0 or 1. In both cases, the manipulator will move. If a safety function is assigned to a reserved input (e.g. in the case of a software update) and if this input is preset with the value 0, then the manipulator either does not move or comes unexpectedly to a standstill. KUKA recommends pre-assignment of the reserved inputs with 1. If a reserved input has a new safety function assigned to it, and the input is not used by the customer’s PLC, the safety function is not activated. This prevents the safety controller from unexpectedly stopping the manipulator. Input byte 0 Bit Signal Description 0 RES Reserved 1 The value 1 must be assigned to the input. 1 NHE Input for external Emergency Stop 0 = external E-STOP is active 1 = external E-STOP is not active 2 BS Operator safety 0 = operator safety is not active, e.g. safety gate open 1 = operator safety is active Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 125 / 205 KUKA.SafeOperation 3.2 Bit Signal Description 3 QBS Acknowledgement of operator safety Precondition for acknowledgment of operator safety is the signal "Operator safety active" set in the BS bit. Note: If the “BS” signal is acknowledged by the system, this must be specified under Hardware options in the safety configuration. Information is contained in the Operating and Programming Instructions for Sys- tem Integrators. 0 = operator safety has not been acknowledged Edge 0 ->1 = operator safety has been acknowledged 4 SHS1 Safety STOP 1 (all axes)  FF (motion enable) is set to 0.  Voltage US2 is switched off.  AF (drives enable) is set to 0 after 1.5 s. Cancelation of this function does not require acknowledgement. This function is not permissible for the EMERGENCY STOP function. 0 = safety stop is active 1 = safety stop is not active 5 SHS2 Safety STOP 2 (all axes)  FF (motion enable) is set to 0.  Voltage US2 is switched off. Cancelation of this function does not require acknowledgement. This function is not permissible for the EMERGENCY STOP function. 0 = safety stop is active 1 = safety stop is not active 6 RES - 7 RES - 126 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 8 Interfaces to the higher-level contr... Input byte 1 Bit Signal Description 0 US2 Supply voltage US2 (signal for switching the second supply voltage, US2, without battery backup) If this output is not used, it should be set to 0. 0 = switch off US2 1 = Switch on US2 Note: Whether and how input US2 is used must be specified under Hardware options in the safety configuration. Information is contained in the Operating and Programming Instructions for System Integra- tors. 1 SBH Safe operational stop (all axes) Prerequisite: All axes are stationary Cancelation of this function does not require acknowledgement. This function is not permissible for the EMERGENCY STOP function. 0 = safe operational stop is active. 1 = safe operational stop is not active. 2 RES Reserved 11 The value 1 must be assigned to the input. 3 RES Reserved 12 The value 1 must be assigned to the input. 4 RES Reserved 13 The value 1 must be assigned to the input. 5 RES Reserved 14 The value 1 must be assigned to the input. 6 RES Reserved 15 The value 1 must be assigned to the input. 7 SPA System Powerdown Acknowledge The system confirms that it has received the powerdown signal. A second after the “SP” (System Power- down) signal has been set by the controller, the requested action is executed, without the need for confirmation from the PLC, and the controller shuts down. 0 = confirmation is not active 1 = confirmation is active Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 127 / 205 KUKA.SafeOperation 3.2 Output byte 0 Bit Signal Description 0 NHL Local E-STOP (local E-STOP triggered) 0 = local E-STOP is active 1 = local E-STOP is not active 1 AF Drives enable (the internal safety controller in the KRC has enabled the drives so that they can be switched on) 0 = drives enable is not active (the robot controller must switch the drives off) 1 = drives enable is active (the robot controller must switch the drives to servo-control) 2 FF Motion enable (the internal safety controller in the KRC has enabled robot motions) 0 = motion enable is not active (the robot controller must stop the current motion) 1 = motion enable is active (the robot controller may trigger a motion) 3 ZS One of the enabling switches is in the center position (enabling in test mode) 0 = enabling is not active 1 = enabling is active 4 PE The signal “Peri enabled” is set to 1 (active) if the following conditions are met:  Drives are switched on.  Safety controller motion enable signal present.  The message “Operator safety open” must not be active. 5 AUT The manipulator is in AUT or AUT EXT mode. 0 = AUT or AUT EXT mode is not active 1 = AUT or AUT EXT mode is active 6 T1 The manipulator is in Manual Reduced Velocity mode. 0 = T1 mode is not active 1 = T1 mode is active 7 T2 The manipulator is in Manual High Velocity mode. 0 = T2 mode is not active 1 = T2 mode is active 128 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 8 Interfaces to the higher-level contr... Output byte 1 Bit Signal Description 0 NHE External E-STOP has been triggered. 0 = external E-STOP is active 1 = external E-STOP is not active 1 BSQ Operator safety acknowledged 0 = operator safety is not assured 1 = operator safety is assured (input BS = 1 and, if configured, input QBS acknowledged) 2 SHS1 Safety stop 1 (all axes) 0 = Safety stop 1 is not active 1 = Safety stop 1 is active (safe state reached) 3 SHS2 Safety stop 2 (all axes) 0 = Safety stop 2 is not active 1 = Safety stop 2 is active (safe state reached) 4 RES Reserved 13 5 RES Reserved 14 6 PSA Safety interface active Precondition: An Ethernet interface must be installed on the controller, e.g. PROFINET or Ethernet/IP 0 = safety interface is not active 1 = safety interface is active 7 SP System Powerdown (controller will be shut down) One second after the SP signal has been set, the PSA output is reset by the robot controller, without confirmation from the PLC, and the controller is shut down. 0 = controller on safety interface is active. 1 = controller will be shut down 8.1.1 SafeOperation via Ethernet safety interface (optional) Description The components of the industrial robot move within the limits that have been configured and activated. The actual positions are continuously calculated and monitored against the safety parameters that have been set. The safety controller monitors the industrial robot by means of the safety parameters that have been set. If a component of the industrial robot violates a monitoring limit or a safety parameter, the manipulator and external axes (optional) are stopped. The Ethernet safety interface can be used, for example, to signal a violation of safety monitoring functions. In the case of the KR C4 compact robot controller, safety options such as Sa- feOperation are only available via the Ethernet safety interface from KSS/VSS 8.3 onwards. Reserved bits Reserved safe inputs can be pre-assigned by a PLC with the values 0 or 1. In both cases, the manipulator will move. If a safety function is assigned to a reserved input (e.g. in the case of a software update) and if this input is preset with the value 0, then the manipulator either does not move or comes unexpectedly to a standstill. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 129 / 205 KUKA.SafeOperation 3.2 KUKA recommends pre-assignment of the reserved inputs with 1. If a reserved input has a new safety function assigned to it, and the input is not used by the customer’s PLC, the safety function is not activated. This prevents the safety controller from unexpectedly stopping the manipulator. Input byte 2 Bit Signal Description 0 JR Mastering test (input for the reference switch of the mastering test) 0 = reference switch is active (actuated). 1 = reference switch is not active (not actuated). 1 VRED Reduced axis-specific and Cartesian velocity (activation of reduced velocity monitoring) 0 = reduced velocity monitoring is active. 1 = reduced velocity monitoring is not active. 2…7 SBH1 … 6 Safe operational stop for axis group 1 ... 6 Assignment: Bit 2 = axis group 1 … bit 7 = axis group 6 Signal for safe operational stop. The function does not trigger a stop, it only activates the safe standstill monitoring. Cancelation of this function does not require acknowledgement. 0 = safe operational stop is active. 1 = safe operational stop is not active. Input byte 3 Bit Signal Description 0…7 RES Reserved 25 ... 32 The value 1 must be assigned to the inputs. Input byte 4 Bit Signal Description 0…7 UER1 … 8 Monitoring spaces 1 … 8 Assignment: Bit 0 = monitoring space 1 … bit 7 = monitoring space 8 0 = monitoring space is active. 1 = monitoring space is not active. Input byte 5 Bit Signal Description 0…7 UER9 … 16 Monitoring spaces 9 … 16 Assignment: Bit 0 = monitoring space 9 … bit 7 = monitoring space 16 0 = monitoring space is active. 1 = monitoring space is not active. 130 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 8 Interfaces to the higher-level contr... Input byte 6 Bit Signal Description 0…7 WZ1 … 8 Tool selection 1 … 8 Assignment: Bit 0 = tool 1 … bit 7 = tool 8 0 = tool is not active. 1 = tool is active. Exactly one tool must be selected at all times. Input byte 7 Bit Signal Description 0…7 WZ9 … 16 Tool selection 9 … 16 Assignment: Bit 0 = tool 9 … bit 7 = tool 16 0 = tool is not active. 1 = tool is active. Exactly one tool must be selected at all times. Output byte 2 Bit Signal Description 0 SO Safety option active Activation status of the safety option 0 = safety option is not active 1 = safety option is active 1 RR Manipulator referenced Mastering test display 0 = mastering test required. 1 = mastering test performed successfully. 2 JF Mastering error Space monitoring is deactivated because at least one axis is not mastered. 0 = mastering error. Space monitoring has been deactivated. 1 = no error. 3 VRED Reduced axis-specific and Cartesian velocity (activation status of reduced velocity monitoring) 0 = reduced velocity monitoring is not active. 1 = reduced velocity monitoring is active. 4…7 SBH1 … 4 Activation status of safe operational stop for axis group 1 ... 4 Assignment: Bit 4 = axis group 1 … bit 7 = axis group 4 0 = safe operational stop is not active. 1 = safe operational stop is active. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 131 / 205 KUKA.SafeOperation 3.2 Output byte 3 Bit Signal Description 0…1 SBH5 … 6 Activation status of safe operational stop for axis group 5 ... 6 Assignment: Bit 0 = axis group 5 … bit 1 = axis group 6 0 = safe operational stop is not active. 1 = safe operational stop is active. 2 SOS Safe Operation Stop 0 = a safety function has triggered a stop. The output remains in the “0” state for at least 200 ms. 1 = none of the safety functions has triggered a stop. Note: The output SOS is available in System Software 8.3 or higher. In System Software 8.2 or lower, bit 2 is a spare bit. 3…7 RES Reserved 28 ... 32 Output byte 4 Bit Signal Description 0…7 MR1 … 8 Alarm space 1 … 8 Assignment: Bit 0 = alarm space 1 (associated monitoring space 1) … bit 7 = alarm space 8 (associated monitoring space 8) 0 = monitoring space is violated. 1 = monitoring space is not violated. Note: An inactive monitoring space is considered to be violated by default, i.e. in this case the associated safe output MRx has the state “0”. Output byte 5 Bit Signal Description 0…7 MR9 … 16 Alarm space 9 … 16 Assignment: Bit 0 = alarm space 9 (associated monitoring space 9) … bit 7 = alarm space 16 (associated monitoring space 16) 0 = monitoring space is violated. 1 = monitoring space is not violated. Note: An inactive monitoring space is considered to be violated by default, i.e. in this case the associated safe output MRx has the state “0”. Output byte 6 Bit Signal Description 0…7 RES Reserved 49 ... 56 Output byte 7 Bit Signal Description 0…7 RES Reserved 57 ... 64 132 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 8 Interfaces to the higher-level contr... 8.1.2 Diagnostic signals via Ethernet interface Description Some signal states are extended to ensure that they can be detected reliably. In the case of extended signal states, the minimum duration of the extension is specified in square brackets. Values are specified in milliseconds, e.g. [200]. The diagnostic signals available via the Ethernet interface are not safe signals and may only be used for diagnostic purposes. Output byte 0 Bit Signal Description 0 DG Validity for non-safety-oriented signals and data on this interface 0 = data are not valid 1 = data are valid 1 IFS Internal error in safety controller 0 = no error 1 = error [200] 2 FF Motion enable 0 = motion enable not active [200] 1 = motion enable active 3 AF Drives enable 0 = drives enable not active [200] 1 = drives enable active 4 IBN Start-up mode Start-up mode enables jogging of the manipulator without a higher-level controller. 0 = Start-up mode is not active. 1 = Start-up mode is active. 5 US2 Peripheral voltage 0 = US2 switched off 1 = US2 switched on 6…7 RES Reserved Output byte 1 Bit Signal Description 0 SO Activation status of the safety option 0 = safety option is not active 1 = safety option is active 1 JF Mastering error (optional) 0 = no error 1 = mastering error, space monitoring deactivated. 2 VRED Reduced velocity (optional) 0 = reduced velocity monitoring is not active. 1 = reduced velocity monitoring is active. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 133 / 205 KUKA.SafeOperation 3.2 Bit Signal Description 3 VKUE At least one Cartesian velocity limit exceeded (optional) 0 = no error 1 = velocity exceeded [200] 4 VAUE At least one axis velocity limit exceeded (optional) 0 = no error 1 = velocity exceeded [200] 5 ZBUE Cell area exceeded (optional) 0 = no error 1 = cell area exceeded [200] 6…7 RES Reserved Output byte 2 Bit Signal Description 0 SHS1 Safety stop (all axes) STOP 0 or STOP 1 0 = safety stop is not active. 1 = safety stop is active. 1 ESV External stop request violated Safe operational stop SBH1, SBH2 or safety stop SHS1, SHS2 violated Braking ramp was not maintained or a monitored axis has moved. 0 = no error 1 = violated 2 SHS2 Safety stop 2 0 = safety stop is not active. 1 = safety stop is active. 3 SBH1 Safe operational stop (axis group 1) (optional) 0 = safe operational stop is not active. 1 = safe operational stop is active. 4 SBH2 Safe operational stop (axis group 2) (optional) 0 = safe operational stop is not active. 1 = safe operational stop is active. 5 WFK Tool error (no tool) (optional) 0 = no error 1 = no tool selected. 6 WFME Tool error (more than one tool) (optional) 0 = no error 1 = more than one tool selected. 7 RES Reserved 134 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 8 Interfaces to the higher-level contr... Output byte 3 Bit Signal Description 0 JR Mastering test (optional) 0 = mastering test is not active. 1 = mastering test is active. 1 RSF Reference switch error (optional) 0 = reference switch OK 1 = reference switch defective [200] 2 JRA Mastering test request (optional) 0 = mastering test not requested. 1 = mastering test requested. 3 JRF Mastering test failed (optional) 0 = mastering test OK. 1 = mastering test failed. 4 RS Reference stop (optional) Reference run is only possible in T1 mode. 0 = no error 1 = reference stop due to impermissible operating mode 5 RIA Referencing interval (optional) 0 = no reminder 1 = reminder interval expired [200] 6…7 RES Reserved Output byte 4 Bit Signal Description 0…7 WZNR Tool number (8-bit word) (optional) 0 = error (see WFK and WFME) 1 = tool 1 2 = tool 2, etc. Output byte 5 Bit Signal Description 0…7 UER1 … 8 Monitoring spaces 1 … 8 (optional) Assignment: Bit 0 = monitoring space 1 … bit 7 = monitoring space 8 0 = monitoring space is not active. 1 = monitoring space is active. Output byte 6 Bit Signal Description 0…7 UER9 … 16 Monitoring spaces 9 … 16 (optional) Assignment: Bit 0 = monitoring space 9 … bit 7 = monitoring space 16 0 = monitoring space is not active. 1 = monitoring space is active. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 135 / 205 KUKA.SafeOperation 3.2 Output byte 7 Bit Signal Description 0…7 UERV1 … 8 Stop in the event of a violation of monitoring spaces 1 … 8 (optional) Assignment: Bit 0 = monitoring space 1 … bit 7 = monitoring space 8 0 = monitoring space is not violated, or monitoring space is violated but “Stop at boundaries” has not been configured. 1 = monitoring space is violated and robot stops with a safety stop [200]. Precondition: “Stop at boundaries” has been configured. Output byte 8 Bit Signal Description 0…7 UERV9 … 16 Stop in the event of a violation of monitoring spaces 9 … 16 (optional) Assignment: Bit 0 = monitoring space 9 … bit 7 = monitoring space 16 0 = monitoring space is not violated, or monitoring space is violated but “Stop at boundaries” has not been configured. 1 = monitoring space is violated and robot stops with a safety stop [200]. Precondition: “Stop at boundaries” has been configured. 8.2 SafeOperation via interface X13 If interface X13 is used, tool 1 is always active. The tool cannot be activated via a safe input. An automated, safely monitored tool change is thus not possible. Further information about connection to interface X13 and the required safety measures can be found in the Optional Interfaces assembly and operating instructions for the robot controller. Inputs Some of the inputs can be configured in WorkVisual. By default, the configurable inputs are used to activate the monitoring space UER13 … UER16. Al- ternatively, these inputs can be configured to activate the safe operational stop SBH3 … SBH6. It is not permissible to assign an input twice, i.e. to use it simultaneously for activating a monitoring space and a safe operational stop. 136 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 8 Interfaces to the higher-level contr... X13 Pin Signal Description 1, 2 (A) VRED Reduced axis-specific and Cartesian velocity (activation of reduced velocity monitor- 19, 20 (B) ing) 0 = reduced velocity monitoring is active. 1 = reduced velocity monitoring is not active. 3, 4 (A) UER12 Monitoring space 12 21, 22 (B) 0 = monitoring space is active. 1 = monitoring space is not active. 5, 6 (A) UER13 Monitoring space 13 (default) 23, 24 (B) 0 = monitoring space is active. 1 = monitoring space is not active. SBH3 Safe operational stop (axis group 3) 0 = safe operational stop is active. 1 = safe operational stop is not active. 7, 8 (A) UER14 Monitoring space 14 (default) 25, 26 (B) 0 = monitoring space is active. 1 = monitoring space is not active. SBH4 Safe operational stop (axis group 4) 0 = safe operational stop is active. 1 = safe operational stop is not active. 9, 10 (A) UER15 Monitoring space 15 (default) 27, 28 (B) 0 = monitoring space is active. 1 = monitoring space is not active. SBH5 Safe operational stop (axis group 5) 0 = safe operational stop is active. 1 = safe operational stop is not active. 11, 12 (A) UER16 Monitoring space 16 (default) 29, 30 (B) 0 = monitoring space is active. 1 = monitoring space is not active. SBH6 Safe operational stop (axis group 6) 0 = safe operational stop is active. 1 = safe operational stop is not active. 13, 14 (A) SBH1 Safe operational stop (axis group 1) 31, 32 (B) 0 = safe operational stop is active. 1 = safe operational stop is not active. 15, 16 (A) SBH2 Safe operational stop (axis group 2) 33, 34 (B) 0 = safe operational stop is active. 1 = safe operational stop is not active. The signal for the safe operational stop does not trigger a stop, it only activates the safe standstill monitoring. Cancelation of this function does not require acknowledgement. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 137 / 205 KUKA.SafeOperation 3.2 Outputs An inactive monitoring space is considered to be violated by default, i.e. in this case the associated safe output MRx has the state “0”. X13 Pin Signal Description 37, 38 (A) MR1 Alarm space 1 (associated monitoring space 1) 55, 56 (B) 0 = space is violated. 1 = space is not violated. 39, 40 (A) MR2 Alarm space 2 (associated monitoring space 2) 57, 58 (B) 0 = space is violated. 1 = space is not violated. 41, 42 (A) MR3 Alarm space 3 (associated monitoring space 3) 59, 60 (B) 0 = space is violated. 1 = space is not violated. 43, 44 (A) MR4 Alarm space 4 (associated monitoring space 4) 61, 62 (B) 0 = space is violated. 1 = space is not violated. 45, 46 (A) MR5 Alarm space 5 (associated monitoring space 5) 63, 64 (B) 0 = space is violated. 1 = space is not violated. 47, 48 (A) MR6 Alarm space 6 (associated monitoring space 6) 65, 66 (B) 0 = space is violated. 1 = space is not violated. 49, 50 (A) SO Activation status of the safety option 67, 68 (B) 0 = safety option is not active 1 = safety option is active 51, 52 (A) RR Manipulator referenced 69, 70 (B) Mastering test display 0 = mastering test required. 1 = mastering test performed successfully. 138 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 9 Diagnosis 9 Diagnosis 9.1 s Displaying safe I/Os s Procedure 1. Select Diagnosis > Diagnostic monitor in the main menu. 2. Select the Bus process data image[Name of bus/interface] module in the Module box. 9.2 Variables for diagnosis Variable Description $SR_ACTIVETOOL Number of the active safe tool  0: no safe tool or multiple safe tools are selected.  1 … 16: Safe tool 1 … 16 is active. $SR_AXISSPEED_OK Reduced axis acceleration exceeded TRUE = axis velocity has not been exceeded. FALSE = axis velocity has been exceeded. The variable is set to FALSE when the excessive value is detected and then set immediately back to TRUE. $SR_CARTSPEED_OK Cartesian velocity exceeded TRUE = Cartesian velocity has not been exceeded. FALSE = Cartesian velocity has been exceeded. The variable is set to FALSE when the excessive value is detected and then set immediately back to TRUE. $SR_DRIVES_ENABLE Enabling of the drives by the safety controller TRUE = drives are enabled. FALSE = drives are not enabled. $SR_MOVE_ENABLE Enabling by the safety controller TRUE = motion enable FALSE = no motion enable $SR_RANGE_ACTIVE[1] Activation status of monitoring spaces 1...16 … TRUE = monitoring space is active. $SR_RANGE_ACTIVE[16] FALSE = monitoring space is not active. $SR_RANGE_OK[1] Violation of monitoring spaces 1...16 … TRUE = monitoring space is not violated. $SR_RANGE_OK[16] FALSE = monitoring space has been violated and the robot has been stopped. Note: The variable depends on whether a stop has been configured for the monitoring space in the event of a violation. If no stop is configured, the variable is always TRUE. $SR_SAFEMON_ACTIVE State of safe monitoring TRUE = monitoring is activated. FALSE = monitoring is not activated. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 139 / 205 KUKA.SafeOperation 3.2 Variable Description $SR_SAFEOPSTOP_ACTIVE[Ind State of the safe operational stop ex] TRUE = safe operational stop is activated. FALSE = safe operational stop is not activated. Index:  1: state of the global safe operational stop (all axes) The global operational stop is a standard safety function of the Ethernet safety interface. (Input byte 1, bit 1, safe operational stop)  2 … 7: state of the safe operational stop in relation to axis group 1 … 6 (safe operational stop 1 …safe operational stop 6) $SR_SAFEOPSTOP_OK Violation of an externally activated operational stop TRUE = no violation FALSE = safe operational stop has been violated. $SR_SAFEREDSPEED_ACTIVE State of the monitoring of the reduced velocity TRUE = monitoring is activated. FALSE = monitoring is not activated. 9.3 Outputs for space monitoring In the following error situations, outputs that signal a space violation likewise switch to the “violated” state (precondition: monitoring space is active.):  In the case of a Cartesian monitoring space, the Cartesian position is invalid. The Cartesian position is invalid if one of the robot axes has an invalid position. This applies in the following cases:  An axis is unmastered.  An encoder error has occurred.  A communication error has occurred.  In the case of an axis-specific monitoring space, the position of one of the monitored axes is invalid. This applies in the following cases:  An axis is unmastered.  An encoder error has occurred.  A communication error has occurred.  In the case of a Cartesian monitoring space, no tool is selected or several tools are selected simultaneously. Signal states in error situations: Output / variable Logic state MRx (safe outputs) 0 UERVx 1 $SR_RANGE_OK[x] 0 (FALSE) 140 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages 10 Messages s s 10.1 Information about the messages s The “Messages” chapter contains selected messages. It does not cover all the messages displayed in the message window. 10.2 System messages from module: CrossMeld (KSS) 10.2.1 KSS15016 Message code  KSS15016 Message text  Ackn.: Stop due to standstill monitoring violation Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Safe operational stop violated (>>> Page 141) Solution: Acknowledge message (>>> Page 141) Cause: Safe operational stop violated Description At least one of the axes monitored for standstill has moved outside the configured position tolerance. Solution: Acknowledge message Description The program can be resumed once the message has been acknowledged. Procedure  An acknowledgeable message can be acknowledged with OK.  All acknowledgeable messages can be acknowledged at once with All OK. 10.2.2 KSS15017 Message code  KSS15017 Message text  Ackn.: The braking ramp of the robot has been violated. Message type  Acknowledgement message Effect  Short-circuit braking  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Braking ramp for STOP 1 or safe operational stop not maintained (>>> Page 142) Solution: Acknowledge message (>>> Page 142) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 141 / 205 KUKA.SafeOperation 3.2 Cause: Braking ramp for STOP 1 or safe operational stop not maintained Description The robot controller has not triggered strong enough braking in the case of a STOP 1 or a safe operational stop. Solution: Acknowledge message Description The program can be resumed once the message has been acknowledged. Procedure  An acknowledgeable message can be acknowledged with OK.  All acknowledgeable messages can be acknowledged at once with All OK. 10.2.3 KSS15018 Message code  KSS15018 Message text  Ackn.: Maximum Cartesian velocity in T1 mode exceeded Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: $SR_VEL_RED is FALSE (>>> Page 142) Solution: Change value of the variable (>>> Page 142)  Cause: $SR_OV_RED set too high (>>> Page 143) Solution: Change value of the variable (>>> Page 143) Cause: $SR_VEL_RED is FALSE Description The variable $SR_VEL_RED is used to activate the override reduction for monitored velocities. If override reduction is active, the velocity is automatically reduced so that the lowest currently monitored velocity limit is not exceeded. This override reduction is deactivated if the variable is FALSE. Further information on override reduction is contained in the assembly and operating instructions of the safety option. The procedure for checking the current value of the variable is as follows: Checking instruc- 1. In the main menu, select Display > Variable > Single. tions The Variable display – Single window opens. 2. Enter the variable name in the Name box and confirm with the Enter key. The current value of the variable is displayed. Solution: Change value of the variable Precondition  “Expert” user group Procedure 1. In the main menu, select Display > Variable > Single. The Variable display – Single window opens. 142 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages 2. Enter the variable name in the Name box and confirm with the Enter key. The current value of the variable is displayed. 3. Enter the new value in the New value box. 4. Press the Set value button. The new value is displayed in the Current value box. Cause: $SR_OV_RED set too high Description The override reduction for monitored velocities is activated ($SR_VEL_RED = TRUE), but the value of the variable $SR_OV_RED is set too high. The lower the value of $SR_OV_RED, the more a monitored velocity limit is reduced by the override reduction. Further information on override reduction is contained in the assembly and operating instructions of the safety option. The procedure for checking the value of the variable is as follows: Checking instruc- 1. In the main menu, select Display > Variable > Single. tions The Variable display – Single window opens. 2. Enter the variable name in the Name box and confirm with the Enter key. The current value of the variable is displayed. Solution: Change value of the variable Precondition  “Expert” user group Procedure 1. In the main menu, select Display > Variable > Single. The Variable display – Single window opens. 2. Enter the variable name in the Name box and confirm with the Enter key. The current value of the variable is displayed. 3. Enter the new value in the New value box. 4. Press the Set value button. The new value is displayed in the Current value box. 10.2.4 KSS15019 Message code  KSS15019 Message text  Ackn.: Maximum axis-specific velocity in T1 mode exceeded Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Override for T1 too high (>>> Page 143) Solution: Reduce jog or program override. (>>> Page 144) Cause: Override for T1 too high Description The jog override (HOV) was too high for jogging or the program override (POV) was too high for program motion in T1 mode. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 143 / 205 KUKA.SafeOperation 3.2 Solution: Reduce jog or program override. Procedure  Reduce the jog override or the program override for jogging in T1. 10.2.5 KSS15033 Message code  KSS15033 Message text  More then one tool activated in the safety controller Message type  Status message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Follow-up message  KSS15034 (>>> Page 144) Possible cause(s)  Cause: More then one tool activated in the safety controller (>>> Page 144) Solution: Deactivate invalid tools (>>> Page 144) Cause: More then one tool activated in the safety controller Description There is more than one tool activated in the safety controller. Only one safe tool may be active. Solution: Deactivate invalid tools Procedure  Deactivate invalid tools and activate only the safe tool that is currently being used. 10.2.6 KSS15034 Message code  KSS15034 Message text  Ackn.: More than one tool activated in the safety controller Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Original message  KSS15033 (>>> Page 144) Possible cause(s)  Cause: Error cause of the original message has been eliminated. (>>> Page 144) Solution: Acknowledge message (>>> Page 145) Cause: Error cause of the original message has been eliminated. Description This follow-up message is displayed if the error cause of the original message has been eliminated. 144 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Solution: Acknowledge message Description The program can be resumed once the message has been acknowledged. Procedure  An acknowledgeable message can be acknowledged with OK.  All acknowledgeable messages can be acknowledged at once with All OK. 10.2.7 KSS15035 Message code  KSS15035 Message text  No tool activated in safety controller Message type  Status message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Follow-up message  KSS15036 (>>> Page 145) Possible cause(s)  Cause: No tool activated in safety controller (>>> Page 145) Solution: Activate safe tool (>>> Page 145) Cause: No tool activated in safety controller Description There is no tool activated in the safety controller. Solution: Activate safe tool Procedure  Activate the safe tool that is currently being used. If KUKA.SafeRangeMonitoring is used, tool 1 must always be activated. 10.2.8 KSS15036 Message code  KSS15036 Message text  Ackn.: No tool activated in safety controller Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Original message  KSS15035 (>>> Page 145) Possible cause(s)  Cause: Error cause of the original message has been eliminated. (>>> Page 146) Solution: Acknowledge message (>>> Page 146) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 145 / 205 KUKA.SafeOperation 3.2 Cause: Error cause of the original message has been eliminated. Description This follow-up message is displayed if the error cause of the original message has been eliminated. Solution: Acknowledge message Description The program can be resumed once the message has been acknowledged. Procedure  An acknowledgeable message can be acknowledged with OK.  All acknowledgeable messages can be acknowledged at once with All OK. 10.2.9 KSS15037 Message code  KSS15037 Message text  Cell area exceeded Message type  Status message Effect  No braking reaction  No interlock of motions or commands Possible cause(s)  Cause: Cell area exceeded (>>> Page 146) Solution: Move the robot out of the violated space: (>>> Page 146) Cause: Cell area exceeded Description The active safe tool has left the cell area. There is a space violation. Solution: Move the robot out of the violated space: Description The robot must be moved out of the violated space in T1 mode. No other operating mode can be set until the robot has left the violated space. If the space is violated in T1 mode, the acknowledgement message Ackn.: Stop because workspace exceeded is additionally displayed. Precondition  Operating mode T1 Procedure 1. When the acknowledgement message is displayed, confirm it with OK. 2. Press and hold down the enabling switch. 3. Move the robot out of the violated space:  Using the jog keys (manual mode)  Using the Start and Start backwards keys (program mode) 10.2.10 KSS15039 Message code  KSS15039 Message text  Ackn.: Maximum global Cartesian velocity exceeded Message type  Acknowledgement message 146 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Limit value for global maximum Cartesian velocity exceeded (>>> Page 147) Solution: Change the safety configuration (>>> Page 147)  Cause: Limit value for global maximum Cartesian velocity exceeded (>>> Page 147) Solution: Adapt the program in such a way that limit value is not reached (>>> Page 148) Cause: Limit value for global maximum Cartesian velocity exceeded Description The limit value defined in the safety configuration for the global maximum Car- tesian velocity was exceeded. Possible reasons:  An incorrect limit value is entered in the safety configuration, e.g. a value other than that specified by the system integrator.  The programmed path or programming method causes the limit value to be exceeded. The procedure for checking which value is configured for the parameter Car- tesian maximum velocity is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Press Global parameters. The global parameters are displayed. 3. Search for the parameter and check the value. Solution: Change the safety configuration Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. 2. Select the corresponding tab and modify the configuration as required. 3. Save safety configuration. Following a change to the safety configuration, safety acceptance must be carried out and documented by means of checklists. Further information on safety acceptance is contained in the assembly and operating instructions of the safety option. Cause: Limit value for global maximum Cartesian velocity exceeded Description The limit value defined in the safety configuration for the global maximum Car- tesian velocity was exceeded. Possible reasons: Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 147 / 205 KUKA.SafeOperation 3.2  An incorrect limit value is entered in the safety configuration, e.g. a value other than that specified by the system integrator.  The programmed path or programming method causes the limit value to be exceeded. The procedure for checking which value is configured for the parameter Car- tesian maximum velocity is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Press Global parameters. The global parameters are displayed. 3. Search for the parameter and check the value. Solution: Adapt the program in such a way that limit value is not reached 10.2.11 KSS15040 Message code  KSS15040 Message text  Ackn.: Maximum global axis velocity exceeded Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Limit value for maximum global axis velocity exceeded (>>> Page 148) Solution: Change the safety configuration (>>> Page 149)  Cause: Limit value for maximum global axis velocity exceeded (>>> Page 149) Solution: Adapt the program in such a way that limit value is not reached (>>> Page 149) Cause: Limit value for maximum global axis velocity exceeded Description The limit value for the maximum global velocity for rotational axes or the limit value for the maximum global velocity for linear axes defined in the safety configuration was exceeded. Possible reasons:  An incorrect limit value is entered in the safety configuration, e.g. a value other than that specified by the system integrator.  The programmed path or programming method causes the limit value to be exceeded. The procedure for checking which values are configured for the maximum global axis velocities is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Select the Axis monitoring tab. 3. Check the values of the following parameters:  Maximum velocity rotational axis 148 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages  Maximum velocity translational axis Solution: Change the safety configuration Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. 2. Select the corresponding tab and modify the configuration as required. 3. Save safety configuration. Following a change to the safety configuration, safety acceptance must be carried out and documented by means of checklists. Further information on safety acceptance is contained in the assembly and operating instructions of the safety option. Cause: Limit value for maximum global axis velocity exceeded Description The limit value for the maximum global velocity for rotational axes or the limit value for the maximum global velocity for linear axes defined in the safety configuration was exceeded. Possible reasons:  An incorrect limit value is entered in the safety configuration, e.g. a value other than that specified by the system integrator.  The programmed path or programming method causes the limit value to be exceeded. The procedure for checking which values are configured for the maximum global axis velocities is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Select the Axis monitoring tab. 3. Check the values of the following parameters:  Maximum velocity rotational axis  Maximum velocity translational axis Solution: Adapt the program in such a way that limit value is not reached 10.2.12 KSS15041 Message code  KSS15041 Message text  Ackn.: Maximum safe reduced Cartesian velocity exceeded Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 149 / 205 KUKA.SafeOperation 3.2 Possible cause(s)  Cause: Limit value for safe reduced Cartesian velocity exceeded (>>> Page 150) Solution: Change the safety configuration (>>> Page 150)  Cause: Limit value for safe reduced Cartesian velocity exceeded (>>> Page 150) Solution: Adapt the program in such a way that limit value is not reached (>>> Page 151) Cause: Limit value for safe reduced Cartesian velocity exceeded Description The limit value defined in the global parameters of the safety configuration for the safe reduced Cartesian velocity was exceeded. Possible reasons:  An incorrect limit value is entered in the safety configuration, e.g. a value other than that specified by the system integrator.  The programmed path or programming method causes the limit value to be exceeded. The procedure for checking which value is configured for the parameter Re- duced Cartesian velocity is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Press Global parameters. The global parameters are displayed. 3. Search for the parameter and check the value. Solution: Change the safety configuration Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. 2. Select the corresponding tab and modify the configuration as required. 3. Save safety configuration. Following a change to the safety configuration, safety acceptance must be carried out and documented by means of checklists. Further information on safety acceptance is contained in the assembly and operating instructions of the safety option. Cause: Limit value for safe reduced Cartesian velocity exceeded Description The limit value defined in the global parameters of the safety configuration for the safe reduced Cartesian velocity was exceeded. Possible reasons:  An incorrect limit value is entered in the safety configuration, e.g. a value other than that specified by the system integrator. 150 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages  The programmed path or programming method causes the limit value to be exceeded. The procedure for checking which value is configured for the parameter Re- duced Cartesian velocity is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Press Global parameters. The global parameters are displayed. 3. Search for the parameter and check the value. Solution: Adapt the program in such a way that limit value is not reached 10.2.13 KSS15042 Message code  KSS15042 Message text  Ackn.: Safe reduced axis velocity exceeded Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Limit value for safe reduced axis velocity incorrectly configured (>>> Page 151) Solution: Change the safety configuration (>>> Page 151)  Cause: Limit value for safe reduced axis velocity exceeded by programming (>>> Page 152) Solution: Correcting the programming in the SRC file (>>> Page 152) Cause: Limit value for safe reduced axis velocity incorrectly configured Description The limit value defined in the safety configuration for the safe reduced Carte- sian velocity was exceeded. An incorrect limit value is entered in the safety configuration, e.g. a value other than that specified by the system integrator. The procedure for checking which value is configured for the safe reduced velocity is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Select the Axis monitoring tab. 3. Check the value entered for the parameter Reduced velocity. Solution: Change the safety configuration Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 151 / 205 KUKA.SafeOperation 3.2 2. Select the corresponding tab and modify the configuration as required. 3. Save safety configuration. Following a change to the safety configuration, safety acceptance must be carried out and documented by means of checklists. Further information on safety acceptance is contained in the assembly and operating instructions of the safety option. Cause: Limit value for safe reduced axis velocity exceeded by programming Description The programmed path or programming method causes the limit value defined in the safety configuration for the safe reduced axis velocity to be exceeded. If an override reduction is activated by $SR_VEL_RED=TRUE, but the robot moves without spline, the axis velocities are not reduced. The override reduction then only has an effect on axis velocities if spline motions are programmed. Example Axis 5 is moved into a singularity position. Axes 4 and 6 are therefore consid- erably accelerated and the safe reduced axis velocity is exceeded. Fig. 10-1: Wrist axis singularity (α5 position) Solution: Correcting the programming in the SRC file Procedure  Correct the programming in the SRC file Further information is contained in the documentation for the relevant software. 10.2.14 KSS15043 Message code  KSS15043 Message text  External safe operational stop violated (axis group {Number of axis group}) Message type  Status message 152 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Effect  Short-circuit braking  Input of active commands (robot motions, program start) is blocked. Follow-up message  KSS15044 (>>> Page 154) Possible cause(s)  Cause: Value configured for position tolerance too low (>>> Page 153) Solution: Change the safety configuration (>>> Page 153)  Cause: Axis group incorrectly configured (>>> Page 153) Solution: Change the safety configuration (>>> Page 154) Cause: Value configured for position tolerance too low Description The value configured in the safety configuration for the position tolerance of at least one axis in the axis group is too low. The values specified by the system builder must be configured. The procedure for checking what values are configured is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. 2. Select the Axis monitoring tab and press Safe operational stop. The Safe operational stop window opens. 3. For each axis in the axis group, check whether the value entered for Po- sition tolerance matches the specified value. Solution: Change the safety configuration Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. 2. Select the corresponding tab and modify the configuration as required. 3. Save safety configuration. Following a change to the safety configuration, safety acceptance must be carried out and documented by means of checklists. Further information on safety acceptance is contained in the assembly and operating instructions of the safety option. Cause: Axis group incorrectly configured Description The axis group is incorrectly configured in the safety configuration, i.e. the group contains axes which are not to be monitored here. The axes specified by the system builder must be monitored. The procedure for checking whether an axis is monitored in the correct axis group is as follows: Checking instruc- 1. In the main menu, select Configuration > Safety configuration. tions The safety configuration opens with the General tab. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 153 / 205 KUKA.SafeOperation 3.2 2. Select the Axis monitoring tab and press Safe operational stop. The Safe operational stop window opens. 3. Select the axis that is to be checked from the list. The check mark must be activated in the check box with the number of the axis group in which the axis is to be monitored. Solution: Change the safety configuration Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. 2. Select the corresponding tab and modify the configuration as required. 3. Save safety configuration. Following a change to the safety configuration, safety acceptance must be carried out and documented by means of checklists. Further information on safety acceptance is contained in the assembly and operating instructions of the safety option. 10.2.15 KSS15044 Message code  KSS15044 Message text  Ackn.: External safe operational stop violated (axis group {Number of axis group}) Message type  Acknowledgement message Effect  Short-circuit braking  Input of active commands (robot motions, program start) is blocked. Original message  KSS15043 (>>> Page 152) Possible cause(s)  Cause: Error cause of the original message has been eliminated. (>>> Page 154) Solution: Acknowledge message (>>> Page 154) Cause: Error cause of the original message has been eliminated. Description This follow-up message is displayed if the error cause of the original message has been eliminated. Solution: Acknowledge message Description The program can be resumed once the message has been acknowledged. Procedure  An acknowledgeable message can be acknowledged with OK.  All acknowledgeable messages can be acknowledged at once with All OK. 154 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages 10.2.16 KSS15045 Message code  KSS15045 Message text  Error at mastering reference switch Message type  Status message Effect  No braking reaction  No interlock of motions or commands Follow-up message  KSS15046 (>>> Page 158) Possible cause(s)  Cause: Reference cable X42 - XS Ref not correctly connected (>>> Page 155) Solution: Connect cable correctly (>>> Page 155)  Cause: Reference position taught incorrectly (>>> Page 156) Solution: Reteach reference position and check accuracy (>>> Page 156)  Cause: Reference switch installed incorrectly or moved (>>> Page 156) Solution: Reinstall or realign reference switch (>>> Page 156)  Cause: Reference cable X42 - XS Ref defective (>>> Page 157) Solution: Exchange reference cable X42 - XS Ref (>>> Page 158) Cause: Reference cable X42 - XS Ref not correctly connected Description The reference switch is connected to interface X42 on the robot controller via the reference cable. The procedure for checking whether the reference cable is correctly connected is as follows: Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  The power cable is de-energized.  Observe the ESD guidelines. Checking instruc- 1. Check whether the connectors of the cable are connected firmly enough. tions 2. Check whether pins are bent when connected. Solution: Connect cable correctly Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  The power cable is de-energized.  Observe the ESD guidelines. Procedure  Connect cable correctly. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 155 / 205 KUKA.SafeOperation 3.2 Cause: Reference position taught incorrectly Description The reference position to which the robot moves in the mastering test has been taught incorrectly. This results in single-channel referencing. Checking instruc- 1. Move to reference position. tions 2. Check whether both proximity switch surfaces of the reference switch are actuated by the switching surface (actuating plate or tool). Solution: Reteach reference position and check accuracy Description The reference position must be taught in the subprogram that is executed during the mastering test and in the safety configuration. If the reference switch is actuated by the ferromagnetic part of a tool, the accuracy of the newly taught reference position must be checked. The reference position must be taught and checked in accordance with the procedure described in the operating and assembly instructions. Cause: Reference switch installed incorrectly or moved Description The taught reference position has been addressed correctly. Single-channel mastering occurs because the reference switch has been installed in an incorrect position or has been moved. Checking instruc- 1. Move to reference position. tions 2. Check whether both proximity switch surfaces of the reference switch are actuated by the switching surface (actuating plate or tool). Solution: Reinstall or realign reference switch Description The reference switch must installed or aligned in such a way that both proximity switch surfaces of the reference switch are actuated simultaneously when the robot is in the reference position. 156 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Fig. 10-2: Installation position of reference switch on external axis Cause: Reference cable X42 - XS Ref defective Description The reference switch is connected to interface X42 on the robot controller via the reference cable. The procedure for checking whether the reference cable is defective is as follows: Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  The power cable is de-energized.  Observe the ESD guidelines. Inspection 1. Check whether the connectors are correctly connected. Particular atten- instructions tion must be paid to:  Pins pushed in  Corrosion  Scorched contacts  Connector insert pushed back  Connector on correct slot 2. Check whether the cable is mechanically damaged. Causes of squashed cables or wires can include the following:  Cable straps too tight  Clips too tight  Trapped when closing a cover  Bend radius too tight 3. Check whether the cable still conducts electricity. Particular attention must be paid to:  Cross-connection of individual wires  Short-circuit of individual wires with the ground conductor  Correct wiring in accordance with circuit diagram Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 157 / 205 KUKA.SafeOperation 3.2 Solution: Exchange reference cable X42 - XS Ref Description The reference cable must be exchanged. When routing the cable, avoid mechanical damage and observe the minimum bending radii. The following bending radii serve as guide values: Type of routing Bending radius Fixed installation Min. 5xØ of cable Installation in cable carrier Min. 10xØ of cable Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  The power cable is de-energized.  Observe the ESD guidelines. Procedure 1. Disconnect and remove the defective reference cable. 2. Route the new reference cable correctly (in a fixed installation or cable carrier). 3. Connect the reference cable. Connect connector X42 to interface X42 on the robot controller and connector XS Ref to the reference switch. 10.2.17 KSS15046 Message code  KSS15046 Message text  Ackn.: Error at mastering reference switch Message type  Acknowledgement message Effect  No braking reaction  No interlock of motions or commands Original message  KSS15045 (>>> Page 155) Possible cause(s)  Cause: Error cause of the original message has been eliminated. (>>> Page 158) Solution: Acknowledge message (>>> Page 158) Cause: Error cause of the original message has been eliminated. Description This follow-up message is displayed if the error cause of the original message has been eliminated. Solution: Acknowledge message Description The program can be resumed once the message has been acknowledged. Procedure  An acknowledgeable message can be acknowledged with OK.  All acknowledgeable messages can be acknowledged at once with All OK. 158 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages 10.2.18 KSS15047 Message code  KSS15047 Message text  Mastering test required (internal) Message type  Status message Effect  No braking reaction  No interlock of motions or commands 10.2.19 KSS15048 Message code  KSS15048 Message text  Ackn.: Mastering test time interval expired Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Monitoring time elapsed (>>> Page 159) Solution: Perform mastering test and acknowledge message (>>> Page 159) Cause: Monitoring time elapsed Description Following an internal mastering test request, the robot can be moved for another 2 hours. This time has elapsed. It is possible to acknowledge the message without performing a mastering test beforehand. The robot can then be moved for another 2 hours without referenced axes (not recommended). The safety integrity of the safety functions based upon safe axis positions is limited until the mastering test has been performed and confirmed. The safety functions may behave differently from how they were configured, creating additional hazards in the system. Solution: Perform mastering test and acknowledge message Description Following a successful mastering test, the message can be acknowledged. Procedure 1. Perform mastering test. 2. Acknowledge the message with OK. 10.2.20 KSS15049 Message code  KSS15049 Message text  Mastering test failed Message type  Status message Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 159 / 205 KUKA.SafeOperation 3.2 Effect  No braking reaction  No interlock of motions or commands Possible cause(s)  Cause: Mastering test failed (>>> Page 160) Solution: Eliminate cause of error and carry out mastering test (>>> Page 160) Cause: Mastering test failed Description The mastering test has failed. The cause of the error is indicated in an additional message. Solution: Eliminate cause of error and carry out mastering test Description The error cause specified in the additional message must be eliminated and the mastering test must then be performed again. 10.2.21 KSS15050 Message code  KSS15050 Message text  Reference stop Message type  Status message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Mastering test not yet performed successfully (>>> Page 160) Solution: Perform mastering test in T1 mode (>>> Page 160) Cause: Mastering test not yet performed successfully Description The mastering test has not yet been performed successfully. The reference stop is triggered by an activated monitoring space for which the option Stop if mastering test not yet done is configured. Solution: Perform mastering test in T1 mode Description The mastering test must be performed in T1 mode. 10.2.22 KSS15051 Message code  KSS15051 Message text  Ackn.: Mastering test position not reached Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. 160 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Possible cause(s)  Cause: Mastering test interrupted (>>> Page 161) Solution: Acknowledge message and resume program (>>> Page 161) Cause: Mastering test interrupted Description The mastering test was interrupted before the reference position was reached:  Operating mode T1 or T2: The operator released the Start key.  AUT EXT mode: The Start signal from the higher-level controller was can- celled. Solution: Acknowledge message and resume program Description The program can be resumed once the message has been acknowledged. Procedure 1. Acknowledge the message with OK. 2. Operating mode T1 or T2: Press and hold down the Start key to resume the program. AUT EXT mode: Send the Start signal from the higher-level controller to resume the program. 10.2.23 KSS15052 Message code  KSS15052 Message text  Ackn.: Mastering reference switch not actuated Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Reference switch fouled (>>> Page 162) Solution: Clean the reference switch (>>> Page 162)  Cause: Reference switch moved (>>> Page 162) Solution: Realign the reference switch (>>> Page 162)  Cause: Actuating plate bent (>>> Page 162) Solution: Realign the actuating plate (>>> Page 162)  Cause: Referencing with incorrectly mastered robot (>>> Page 162) Solution: Restore the mastering or remaster (>>> Page 162)  Cause: Reference switch defective (>>> Page 163) Solution: Exchange the reference switch (>>> Page 163) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 161 / 205 KUKA.SafeOperation 3.2 Cause: Reference switch fouled Description The reference switch was not actuated at the reference position because the proximity switch surfaces of the reference switch are fouled. Solution: Clean the reference switch Procedure  Clean the proximity switch surfaces of the reference switch. Do not use aggressive cleaning agents. Cause: Reference switch moved Description The taught reference position has been addressed correctly, but the reference switch not actuated. The reference switch or the device on which the reference switch is installed has been moved. Checking instruc- 1. Move to reference position. tions 2. Check whether both proximity switch surfaces of the reference switch are actuated by the switching surface (actuating plate or tool). Solution: Realign the reference switch Description The reference switch must aligned in such a way that both proximity switch surfaces of the reference switch are actuated simultaneously when the robot is in the reference position. Cause: Actuating plate bent Description The taught reference position has been addressed correctly, but the reference switch not actuated. The actuating plate fastened to the robot flange or robot tool was bent. Checking instruc- 1. Move to reference position. tions 2. Check whether both proximity switch surfaces of the reference switch are actuated by the actuating plate. Solution: Realign the actuating plate Description The actuating plate must be aligned so that both proximity switch surfaces of the reference switch are actuated simultaneously when the robot is in the reference position. Cause: Referencing with incorrectly mastered robot Description The reference switch was not actuated in the reference position. The reference position was not reached because the current mastering deviates from the one used to teach the reference run. Solution: Restore the mastering or remaster Description Restore the mastering with which the reference run was taught or remaster the robot. 162 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Cause: Reference switch defective Description The taught reference position has been addressed correctly, but the reference switch is defective. Solution: Exchange the reference switch Description The reference switch must be exchanged. Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  The power cable is de-energized.  Observe the ESD guidelines. Procedure 1. Unplug the reference cable. 2. Unscrew the reference switch. 3. Screw on the new reference switch. 4. Plug the reference cable into the new reference switch. 5. Perform a mastering test in order to check whether all reference groups are referenced by the new switch. 10.2.24 KSS15053 Message code  KSS15053 Message text  Ackn.: Not all mastering reference groups referenced Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Reference group not taught (>>> Page 163) Solution: Teach reference group (>>> Page 164) Cause: Reference group not taught Description One of the configured reference groups has not been taught. The following points must be taught for each reference group:  Motion to the reference switch  Reference position The reference position must additionally be taught in the safety configuration.  Motion away from the reference switch With KSS, the points are taught in the following file: File Directory C:\KRC\Roboter\KRC\R1\Program Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 163 / 205 KUKA.SafeOperation 3.2 File MasRef_USER.src The file contains 2 subprograms each for reference groups 1 … 3. MASREFSTARTG1() … MASREFSTARTG3() The motion to the reference switch and the reference position are taught here. MASREFBACKG1() … MASREFBACKG3() The motion away from the reference switch is taught here. With VSS, the points are taught in the following file: File Directory C:\KRC\Roboter\KRC\R1\UPs File User-specific subprogram The procedure for checking which reference groups are configured is as follows: Checking instruc- 1. Open the safety configuration: For this, select Configuration > Safety tions configuration in the main menu. 2. Select the Reference position tab. For each axis, the reference group to which it is assigned is indicated in the Reference group column. It is then possible to check whether the configured reference groups have been taught: Checking instruc- 1. Select the file in the Navigator and press Open. The file is displayed in the tions editor. 2. Check whether the points required for addressing a reference group have been taught. Solution: Teach reference group Description The points required for addressing the reference group must be taught. This activity must be carried out in accordance with the procedure described in the assembly and operating instructions. 10.2.25 KSS15054 Message code  KSS15054 Message text  Workspace monitoring functions deactivated (mastering error) Message type  Status message Effect  No braking reaction  No interlock of motions or commands Possible cause(s)  Cause: Axes unmastered (>>> Page 165) Solution: Master unmastered axes (>>> Page 165) 164 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Cause: Axes unmastered Description At least one axis is unmastered. Solution: Master unmastered axes Procedure  Remaster all unmastered axes. 10.2.26 KSS15065 Message code  KSS15065 Message text  Ackn.: Level at mastering reference switch is unexpectedly "low" Message type  Acknowledgement message Effect  No braking reaction  No interlock of motions or commands Original message  KSS15066 (>>> Page 165) Possible cause(s)  Cause: Error cause of the original message has been eliminated. (>>> Page 165) Solution: Acknowledge message (>>> Page 165) Cause: Error cause of the original message has been eliminated. Description This follow-up message is displayed if the error cause of the original message has been eliminated. Solution: Acknowledge message Description The program can be resumed once the message has been acknowledged. Procedure  An acknowledgeable message can be acknowledged with OK.  All acknowledgeable messages can be acknowledged at once with All OK. 10.2.27 KSS15066 Message code  KSS15066 Message text  Level at mastering reference switch is unexpectedly "low" Message type  Status message Effect  No braking reaction  No interlock of motions or commands Follow-up message  KSS15065 (>>> Page 165) Possible cause(s)  Cause: Reference switch fouled (>>> Page 166) Solution: Clean the reference switch (>>> Page 166) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 165 / 205 KUKA.SafeOperation 3.2  Cause: Mastering test input incorrectly configured (>>> Page 166) Solution: Change the safety configuration (>>> Page 166)  Cause: Reference switch installed incorrectly or moved (>>> Page 167) Solution: Reinstall or realign reference switch (>>> Page 167)  Cause: Reference switch defective (>>> Page 167) Solution: Exchange the reference switch (>>> Page 167) Cause: Reference switch fouled Description The reference switch was actuated for at least 5 minutes outside the mastering test because the proximity switch surfaces of the reference switch are fouled, e.g. with metal dust or weld spatter. Solution: Clean the reference switch Procedure  Clean the proximity switch surfaces of the reference switch. Do not use aggressive cleaning agents. Cause: Mastering test input incorrectly configured Description The reference switch for the mastering test can be connected either to the robot controller via interface X42, or to a higher level safety PLC that is linked to the robot controller using an Ethernet safety interface. The mastering test input must be configured accordingly in the safety configuration. The procedure for checking how the mastering test input is configured is as follows: Checking instruc- 1. Open the safety configuration: For this, select Configuration > Safety tions configuration in the main menu. 2. On the General tab, press Global parameters. 3. Check the parameter Mastering test input:  at cabinet = reference switch is connected to the robot controller.  via bus interface = reference switch is connected via Ethernet interface. Solution: Change the safety configuration Precondition  User group “Safety maintenance”  Operating mode T1 or T2 Procedure 1. In the main menu, select Configuration > Safety configuration. The safety configuration opens with the General tab. 2. Select the corresponding tab and modify the configuration as required. 3. Save safety configuration. 166 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Following a change to the safety configuration, safety acceptance must be carried out and documented by means of checklists. Further information on safety acceptance is contained in the assembly and operating instructions of the safety option. Cause: Reference switch installed incorrectly or moved Description The reference switch was actuated outside of the mastering test for at least 5 minutes. The reference switch is installed in the wrong position or has been moved. Checking instruc- 1. Move to reference position. tions 2. Check whether both proximity switch surfaces of the reference switch are actuated by the switching surface (actuating plate or tool). Solution: Reinstall or realign reference switch Description The reference switch must installed or aligned in such a way that both proximity switch surfaces of the reference switch are actuated simultaneously when the robot is in the reference position. Fig. 10-3: Installation position of reference switch on external axis Cause: Reference switch defective Description The reference switch was actuated outside of the mastering test for at least 5 minutes. The reference switch is defective. Solution: Exchange the reference switch Description The reference switch must be exchanged. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 167 / 205 KUKA.SafeOperation 3.2 Precondition  The robot controller is switched off and secured to prevent unauthorized persons from switching it on again.  The power cable is de-energized.  Observe the ESD guidelines. Procedure 1. Unplug the reference cable. 2. Unscrew the reference switch. 3. Screw on the new reference switch. 4. Plug the reference cable into the new reference switch. 5. Perform a mastering test in order to check whether all reference groups are referenced by the new switch. 10.2.28 KSS15079 Message code  KSS15079 Message text  Monitoring space no. {Number of monitoring space} violated Message type  Status message Effect  No braking reaction  No interlock of motions or commands Possible cause(s)  Cause: Monitoring space violated in T1 or T2 (>>> Page 168) Solution: Move the robot out of the violated space: (>>> Page 168) Cause: Monitoring space violated in T1 or T2 Description The monitoring space has been violated in T1 or T2 mode. The active safe tool, or at least one of the robot axes, is no longer situated in the permissible range of the monitoring space. The monitoring space is considered to have been violated if the monitoring was only activated after the robot had moved over the space limit. The permissible range depends on the type of monitoring space: Space type Workspace Protected space Cartesian space The active safe tool must move The active safe tool must move out- within the limits of the monitoring side the limits of the monitoring space. space. The space is violated if the safe tool The space is violated if the safe tool leaves the monitoring space. enters the monitoring space. Axis space The axes must move within the limits The axes must move outside the lim- of the monitoring space. its of the monitoring space. The space is violated if the axes The space is violated if the axes leave the monitoring space. enter the monitoring space. Solution: Move the robot out of the violated space: Description The robot must be moved out of the violated space in T1 mode. No other operating mode can be set until the robot has left the violated space. If the space is violated in T1 mode, the acknowledgement message Ackn.: Stop because workspace exceeded is additionally displayed. 168 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 10 Messages Precondition  Operating mode T1 Procedure 1. When the acknowledgement message is displayed, confirm it with OK. 2. Press and hold down the enabling switch. 3. Move the robot out of the violated space:  Using the jog keys (manual mode)  Using the Start and Start backwards keys (program mode) 10.2.29 KSS15081 Message code  KSS15081 Message text  Monitoring space no. {Number of monitoring space} exceeded Message type  Status message Effect  No braking reaction  No interlock of motions or commands Possible cause(s)  Cause: Monitoring space exceeded in T1 or T2 (>>> Page 169) Solution: Move the robot out of the violated space: (>>> Page 169) Cause: Monitoring space exceeded in T1 or T2 Description The monitoring space has been exceeded in T1 or T2 mode. The active safe tool, or at least one of the robot axes, is no longer situated in the permissible range of the monitoring space. The monitoring space is considered to have been exceeded if the monitoring was already activated when the robot moved over the space limit. The permissible range depends on the type of monitoring space: Space type Workspace Protected space Cartesian space The active safe tool must move The active safe tool must move out- within the limits of the monitoring side the limits of the monitoring space. space. The space is exceeded if the safe The space is exceeded if the safe tool leaves the monitoring space. tool enters the monitoring space. Axis space The axes must move within the limits The axes must move outside the lim- of the monitoring space. its of the monitoring space. The space is exceeded if the axes The space is exceeded if the axes leave the monitoring space. enter the monitoring space. Solution: Move the robot out of the violated space: Description The robot must be moved out of the violated space in T1 mode. No other operating mode can be set until the robot has left the violated space. If the space is violated in T1 mode, the acknowledgement message Ackn.: Stop because workspace exceeded is additionally displayed. Precondition  Operating mode T1 Procedure 1. When the acknowledgement message is displayed, confirm it with OK. 2. Press and hold down the enabling switch. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 169 / 205 KUKA.SafeOperation 3.2 3. Move the robot out of the violated space:  Using the jog keys (manual mode)  Using the Start and Start backwards keys (program mode) 10.2.30 KSS15083 Message code  KSS15083 Message text  Ackn.: Cartesian velocity in monitoring space no. {Number of monitoring space} exceeded Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. 10.2.31 KSS15127 Message code  KSS15127 Message text  Ackn.: Stop because workspace exceeded Message type  Acknowledgement message Effect  Ramp stop  Input of active commands (robot motions, program start) is blocked. Possible cause(s)  Cause: Monitoring space violated or exceeded in T1 (>>> Page 170) Solution: Acknowledge the message and move the robot out of the violated space (>>> Page 170) Cause: Monitoring space violated or exceeded in T1 Description The robot has violated or exceeded a monitoring space in T1 mode. A status message additionally indicates the affected space. Solution: Acknowledge the message and move the robot out of the violated space Description The robot must be moved out of the violated space in T1 mode. This is only possible once the message has been acknowledged. Precondition  Operating mode T1 Procedure 1. Acknowledge the message with OK. 2. Press and hold down the enabling switch. 3. Move the robot out of the violated space:  Using the jog keys (manual mode)  Using the Start and Start backwards keys (program mode) 170 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix 11 Appendix A 11.1 Checklists x The checklists here serve merely as examples of checklists for safety acceptance. It is permissible to carry out and document safety acceptance using user-specific checklists. 11.1.1 Precondition for safety acceptance based on the checklists  Mechanical and electrical installation of the industrial robot have been completed.  Safety configuration is completed.  Safety maintenance technician is trained (training at KUKA Roboter GmbH) The system integrator is responsible for the design of the cell. The safety maintenance technician uses the values and configurations supplied by the system integrator to configure the robot and tests whether the safety functions work as specified. The safety maintenance technician does not perform a safety assessment of the system. 11.1.2 Checklist for robot and system The inspection points of this checklist must be completed and confirmed in writing by the system builder. Checklist  Serial number of the robot: ____________________  Serial number of the robot controller: ____________________  Name of system builder: ____________________ No. Inspection point OK 1 The industrial robot is in flawless mechanical condition and correctly installed and fastened in accordance with the assembly or operating instructions of the robot. 2 The permissible rated payload of the robot has not been exceeded. 3 There are no foreign bodies or loose parts on the industrial robot. 4 All safety equipment required for the system and robot is correctly installed and operational. 5 The power supply ratings of the industrial robot correspond to the local supply voltage and mains type, and the machine data correspond to these. 6 The connecting cables are correctly connected and the connectors are locked. 7 The ground conductor and the equipotential bonding cable are sufficiently rated and correctly connected. 8 The system meets all the relevant laws, regulations and norms valid for the installation site. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 171 / 205 KUKA.SafeOperation 3.2 Remarks / deviations Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.3 Checklist for safety functions The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. Checklist  Serial number of the robot: ____________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: ____________________  Checksum of the safety configuration: ____________________  Activation code of the safety configuration: ____________________  Name of safety maintenance technician: ____________________ No. Inspection item OK Not relevant 1 Safe monitoring is activated. 2 Robot is mastered. 3 The machine data have been checked and are appropriate for the robot used. (>>> 4.8.3.1 "Checking machine data and safety configuration" Page 51) The machine data loaded must match the machine data on the identification plate of the robot. 4 The machine data of the external axes have been correctly entered and checked. Checking instructions:  Move each external axis a defined distance by means of a PTP_REL motion, e.g. 90°. Carry out a visual inspection and check whether this distance is covered.  In the case of a KL, move the external axis a defined distance by means of a PTP_REL motion, e.g. 500 mm. Carry out a visual inspection and additionally monitor the display of the Cartesian actual position to check whether this distance is covered. 5 The local and external safety functions have been checked and are functioning correctly. (>>> 4.8.3 "Start-up and recommissioning" Page 50) 172 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Inspection item OK Not relevant 6 The reference position has been taught in the mastering test program and in the safety configuration. 7 Was the mastering test successful? 8 Was the brake test successful? Axis A1 Axis A2 Axis A3 Axis A4 Axis A5 Axis A6 External axes 9 Operator safety acknowledgement has been checked and is functioning correctly. (>>> 4.5.4 "“Operator safety” signal" Page 42) 10 Peripheral contactor (US2) has been checked and switches at the right time. Note: Further information about checking the peripheral contactor is contained in the “Operating and Programming Instruc- tions for System Integrators”. 11 Have the Cartesian and axis-specific velocities been configured correctly and checked? The corresponding checklists must be completed and confirmed in writing for the Cartesian and axis-specific velocity monitoring functions. (>>> 11.1.4 "Checklist for Cartesian velocity monitoring functions" Page 175) (>>> 11.1.5 "Checklist for axis-specific velocity monitoring functions" Page 176) 12 Has the correct configuration of the safe operational stop been checked by moving all axes? Each axis in an axis group must be tested individually. The corresponding checklist must be completed and confirmed in writing for every axis group. (>>> 11.1.6 "Checklist for safe operational stop for axis groups" Page 180) 13 Has the correct configuration of the cell area been checked by moving to all reachable limits? The corresponding checklist must be completed and confirmed in writing for the cell area. (>>> 11.1.7 "Checklist for cell area" Page 182) Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 173 / 205 KUKA.SafeOperation 3.2 No. Inspection item OK Not relevant 14 Has the correct configuration of the monitoring spaces used been checked by moving to all reachable limits? Each space surface of a Cartesian monitoring space must be addressed at 3 different points. The axis of an axis-specific monitoring space must be moved to the upper and lower limits of the space. The corresponding checklist must be completed and confirmed in writing for each monitoring space used. (>>> 11.1.8 "Checklist for Cartesian monitoring spaces" Page 183) (>>> 11.1.9 "Checklist for axis-specific monitoring spaces" Page 185) Monitoring space 1 Monitoring space 2 Monitoring space 3 Monitoring space 4 Monitoring space 5 Monitoring space 6 Monitoring space 7 Monitoring space 8 Monitoring space 9 Monitoring space 10 Monitoring space 11 Monitoring space 12 Monitoring space 13 Monitoring space 14 Monitoring space 15 Monitoring space 16 174 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Inspection item OK Not relevant 15 Have the safe tools used been configured correctly and checked? At least one monitoring space and one velocity must be checked with each safe tool. The corresponding checklist must be completed and confirmed in writing for each safe tool used. (>>> 11.1.10 "Checklist for safe tools" Page 190) Tool 1 Tool 2 Tool 3 Tool 4 Tool 5 Tool 6 Tool 7 Tool 8 Tool 9 Tool 10 Tool 11 Tool 12 Tool 13 Tool 14 Tool 15 Tool 16 16 The safety configuration has been archived. 17 If an existing safety configuration has been changed: A change log has been created and checked. Remarks / deviations : Must be checked by system integrator Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.4 Checklist for Cartesian velocity monitoring functions The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 175 / 205 KUKA.SafeOperation 3.2 The Cartesian velocity monitoring functions cannot be tested against a discrete value. It is possible to carry out a test using an exaggerated value in order to check whether velocity monitoring is triggered. Precondition  Override reduction for the velocity is deactivated: $SR_VEL_RED = FALSE Checklist  Serial number of the robot: ____________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: ____________________  Safe tool used in test: ____________________  Name of safety maintenance technician: ____________________ Specified value:  Value specified by cell planner, design engineer Configured value:  Value entered in the safety configuration No. Inspection item OK Not relevant 1 The global maximum Cartesian velocity has been correctly configured and checked. Specified value: __________ mm/s Configured value: __________ mm/s 2 The safe reduced Cartesian velocity has been correctly configured and checked. Specified value: __________ mm/s Configured value: __________ mm/s 3 The safe reduced Cartesian velocity for T1 has been correctly configured and checked. Specified value: __________ mm/s Configured value: __________ mm/s Remarks / deviations : Must be checked by system integrator Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.5 Checklist for axis-specific velocity monitoring functions The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. 176 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix The trace function (oscilloscope) can be used to determine the axis velocities. Precondition  Override reduction for the velocity is deactivated: $SR_VEL_RED = FALSE Checklist  Serial number of the robot: ____________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: ____________________  Name of safety maintenance technician: ____________________ Specified value:  Value specified by cell planner, design engineer Configured value:  Value entered in the safety configuration Test value:  Value with which the test was carried out 1. Checking the global maximum axis velocity It is only necessary to test the global maximum axis velocity if an axis must not exceed a defined velocity. If the global maximum axis velocity is only to limit the minimum axis-specific protected space, no test is required. No. Axis name Inspection item OK Not relevant The global maximum axis velocity has been correctly entered and checked using at least one axis. 1 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2. Checking the reduced axis velocity No. Axis name Inspection item OK Not relevant The reduced axis velocity has been correctly configured and checked for each axis. 2.1 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.2 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.3 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.4 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 177 / 205 KUKA.SafeOperation 3.2 No. Axis name Inspection item OK Not relevant 2.5 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.6 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: _________ °/s or mm/s 2.7 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.8 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: ________ °/s or mm/s 2.9 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.10 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.11 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.12 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.13 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: ________ °/s or mm/s 2.14 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.15 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 2.16 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3. Checking the maximum axis velocity for T1 178 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Axis name Inspection item OK Not relevant The maximum axis velocity for T1 has been correctly configured and checked for each axis. 3.1 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.2 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.3 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.4 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.5 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.6 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: _________ °/s or mm/s 3.7 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.8 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: ________ °/s or mm/s 3.9 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.10 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.11 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.12 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.13 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: ________ °/s or mm/s Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 179 / 205 KUKA.SafeOperation 3.2 No. Axis name Inspection item OK Not relevant 3.14 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.15 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s 3.16 Specified value: ________ °/s or mm/s Configured value: ________ °/s or mm/s Test value: __________ °/s or mm/s Remarks / deviations : Must be checked by system integrator Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.6 Checklist for safe operational stop for axis groups The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. A separate checklist must be completed for each axis group. Precondition  Operating mode T1 Checklist  Serial number of the robot: ____________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: ____________________  Axis group number: ____________________  Name of safety maintenance technician: ____________________ Specified value:  Value specified by cell planner, design engineer Configured value:  Value entered in the safety configuration 180 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Axis name Inspection item OK Not relevant 1 1st axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm 2 2nd axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm 3 3rd axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm 4 4th axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm 5 5th axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm 6 6th axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm 7 7th axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm 8 8th axis of the axis group has been correctly configured and checked. Position tolerance (specified value): __________ ° or mm Position tolerance (configured value): __________ ° or mm Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 181 / 205 KUKA.SafeOperation 3.2 Remarks / deviations : Must be checked by system integrator Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.7 Checklist for cell area The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. The accessible surfaces resulting from the configuration must be violated one after the other, each at 2 different points, to demonstrate the correct configuration of the cell area. Precondition  The monitoring spaces that can be activated by means of safe inputs have been deactivated.  Override reduction for monitoring spaces is deactivated: $SR_WORKSPACE_RED = FALSE Checklist  Serial number of the robot: ________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: ________________  Safe tool used in test: ________________  Name of safety maintenance technician: ____________________ No. Inspection item OK Not relevant 1 The limit in the Z direction has been configured correctly and checked. Z min: ____________mm Z max: ____________mm 2 Corner 1 has been correctly configured and checked. X coordinate: __________ mm Y coordinate: __________ mm 3 Corner 2 has been correctly configured and checked. X coordinate: __________ mm Y coordinate: __________ mm 4 Corner 3 has been correctly configured and checked. Y coordinate: __________ mm X coordinate: __________ mm 182 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Inspection item OK Not relevant 5 Corner 4 has been correctly configured and checked. Y coordinate: __________ mm X coordinate: __________ mm 6 Corner 5 has been correctly configured. X coordinate: __________ mm Y coordinate: __________ mm 7 Corner 6 has been correctly configured and checked. Y coordinate: __________ mm X coordinate: __________ mm 8 Corner 7 has been correctly configured and checked. X coordinate: __________ mm Y coordinate: __________ mm 9 Corner 8 has been correctly configured and checked. Y coordinate: __________ mm X coordinate: __________ mm 10 Corner 9 has been correctly configured and checked. X coordinate: __________ mm Y coordinate: __________ mm 11 Corner 10 has been correctly configured and checked. X coordinate: __________ mm Y coordinate: __________ mm Remarks / deviations : Must be checked by system integrator Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.8 Checklist for Cartesian monitoring spaces The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. A separate checklist must be completed for each monitoring space. Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 183 / 205 KUKA.SafeOperation 3.2 The accessible surfaces resulting from the configuration must be violated one after the other, each at 3 different points, to demonstrate the correct configuration of the monitoring space. Precondition  The monitoring space to be checked is activated.  The monitoring spaces that can be activated by means of safe inputs have been deactivated.  Override reduction is deactivated:  $SR_WORKSPACE_RED = FALSE  $SR_VEL_RED = FALSE Checklist  Serial number of the robot: ____________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: ____________________  Monitoring space checked (name, number): __________  Type of space (protected space or workspace): ____________________  Stop at boundaries (TRUE|FALSE): __________  Reference stop (TRUE|FALSE): __________  Space-specific velocity __________mm/s  Space-specific velocity valid in: __________  Safe tool used in test of velocity or space limit: _________________  Always active (TRUE|FALSE): __________  Reference coordinate system: _____________  Name of safety maintenance technician: ____________________ No. Inspection item OK Not relevant 1 The coordinates of the monitoring space have been correctly configured and checked. Origin X: __________ mm Origin Y: __________ mm Origin Z: __________ mm Origin A: __________ ° Origin B: __________ ° Origin C: __________ ° Distance to origin XMin: __________ mm Distance to origin YMin: __________ mm Distance to origin ZMin: __________ mm Distance to origin XMax: __________ mm Distance to origin YMax: __________ mm Distance to origin ZMax: __________ mm The following preconditions must be met to demonstrate the correct functioning of the reference stop:  Reference stop is active.  Mastering test is requested.  Monitored monitoring space is activated. No. Inspection item OK Not relevant 2 The correct functioning of the reference stop has been checked. 184 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix The following preconditions must be met to demonstrate the correct functioning of the space-specific velocity:  Space-specific velocity is active.  The configured limit value of the space-specific velocity is less than the limit value of the maximum Cartesian velocity.  Checked monitoring space is activated.  Robot exceeds the configured space-specific velocity.  Override reduction for the velocity is deactivated: $SR_VEL_RED = FALSE Specified value:  Value specified by cell planner, design engineer Configured value:  Value entered in the safety configuration No. Inspection item OK Not relevant 3 The space-specific velocity has been correctly configured and checked. Specified value: __________ mm/s Configured value: __________ mm/s Remarks / deviations : Must be checked by system integrator Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.9 Checklist for axis-specific monitoring spaces The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. A separate checklist must be completed for each monitoring space. The configured limit values must successively be violated to demonstrate the correct functioning of the monitoring space. Precondition  The monitoring space to be checked is activated.  The monitoring spaces that can be activated by means of safe inputs have been deactivated.  Override reduction is deactivated:  $SR_WORKSPACE_RED = FALSE Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 185 / 205 KUKA.SafeOperation 3.2  $SR_VEL_RED = FALSE Checklist  Serial number of the robot: ____________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: ____________________  Monitoring space checked (name, number): _________________  Type of space (protected space or workspace): ____________________  Stop at boundaries (TRUE|FALSE):_________________  Reference stop (TRUE|FALSE): _________________  Space-specific velocity _________________ mm/s  Space-specific velocity valid in: _________________  Safe tool used in test of velocity or space limit: _________________  Always active (TRUE|FALSE): _________________  Name of safety maintenance technician: ____________________ Specified value:  Value specified by cell planner, design engineer Configured value:  Value entered in the safety configuration Determined value:  Value determined during the test No. Axis name Inspection item OK Not relevant 1 1st axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm 186 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Axis name Inspection item OK Not relevant 2 2nd axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm 3 3rd axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm 4 4th axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 187 / 205 KUKA.SafeOperation 3.2 No. Axis name Inspection item OK Not relevant 5 5th axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm 6 6th axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm 7 7th axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm 188 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Axis name Inspection item OK Not relevant 8 8th axis of the monitoring space has been correctly configured and checked. Lower limit (specified value): __________ ° or mm Lower limit (configured value): __________ ° or mm Lower limit (determined value): __________ ° or mm Upper limit (specified value): __________ ° or mm Upper limit (configured value): __________ ° or mm Upper limit (determined value): __________ ° or mm The following preconditions must be met to demonstrate the correct functioning of the reference stop:  Reference stop is active.  Mastering test is requested.  Monitored monitoring space is activated. No. Inspection item OK Not relevant 9 The correct functioning of the reference stop has been checked. The following preconditions must be met to demonstrate the correct functioning of the space-specific velocity:  Space-specific velocity is active.  The configured limit value of the space-specific velocity is less than the limit value of the maximum Cartesian velocity.  Checked monitoring space is activated.  Robot exceeds the configured space-specific velocity.  Override reduction for the velocity is deactivated: $SR_VEL_RED = FALSE No. Inspection item OK Not relevant 10 The space-specific velocity has been correctly configured and checked. Specified value: __________ mm/s Configured value: __________ mm/s Remarks / deviations : Must be checked by system integrator Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 189 / 205 KUKA.SafeOperation 3.2 Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.1.10 Checklist for safe tools The inspection items of this checklist must be completed and confirmed in writing by the safety maintenance technician. A separate checklist must be completed for each safe tool. A monitoring space must be violated by each configured sphere to demonstrate the correct functioning of the safe tool. Checklist  Serial number of the robot: _________________  Serial number of the robot controller: ____________________  Time stamp of the safety configuration: _________________  Safe tool checked (name, number): _______________  Monitoring space used in sphere test (name, number): ________________  Name of safety maintenance technician: ____________________ Specified value:  Value specified by cell planner, design engineer Configured value:  Value entered in the safety configuration No. Inspection item OK Not relevant 1 Safe TCP of the tool The X, Y and Z coordinates of the safe TCP are correctly configured and checked. TCP X (specified value): __________ mm TCP X (configured value): __________ mm TCP Y (specified value): __________ mm TCP Y (configured value): __________ mm TCP Z (specified value): __________ mm TCP Z (configured value): __________ mm 190 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 Appendix No. Inspection item OK Not relevant 2 1st sphere on tool The X, Y and Z coordinates of the sphere center point and the sphere radius are correctly configured and checked. X (specified value): __________ mm X (configured value): __________ mm Y (specified value): __________ mm Y (configured value): __________ mm Z (specified value): __________ mm Z (configured value): __________ mm Radius (specified value): __________ mm Radius (configured value): __________ mm 3 2nd sphere on tool The X, Y and Z coordinates of the sphere center point and the sphere radius are correctly configured and checked. X (specified value): __________ mm X (configured value): __________ mm Y (specified value): __________ mm Y (configured value): __________ mm Z (specified value): __________ mm Z (configured value): __________ mm Radius (specified value): __________ mm Radius (configured value): __________ mm 4 3rd sphere on tool The X, Y and Z coordinates of the sphere center point and the sphere radius are correctly configured and checked. X (specified value): __________ mm X (configured value): __________ mm Y (specified value): __________ mm Y (configured value): __________ mm Z (specified value): __________ mm Z (configured value): __________ mm Radius (specified value): __________ mm Radius (configured value): __________ mm 5 4th sphere on tool The X, Y and Z coordinates of the sphere center point and the sphere radius are correctly configured and checked. X (specified value): __________ mm X (configured value): __________ mm Y (specified value): __________ mm Y (configured value): __________ mm Z (specified value): __________ mm Z (configured value): __________ mm Radius (specified value): __________ mm Radius (configured value): __________ mm Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 191 / 205 KUKA.SafeOperation 3.2 No. Inspection item OK Not relevant 6 5th sphere on tool The X, Y and Z coordinates of the sphere center point and the sphere radius are correctly configured and checked. X (specified value): __________ mm X (configured value): __________ mm Y (specified value): __________ mm Y (configured value): __________ mm Z (specified value): __________ mm Z (configured value): __________ mm Radius (specified value): __________ mm Radius (configured value): __________ mm 7 6th sphere on tool The X, Y and Z coordinates of the sphere center point and the sphere radius are correctly configured and checked. X (specified value): __________ mm X (configured value): __________ mm Y (specified value): __________ mm Y (configured value): __________ mm Z (specified value): __________ mm Z (configured value): __________ mm Radius (specified value): __________ mm Radius (configured value): __________ mm Remarks / deviations : Must be checked by system integrator Place, date Signature By signing, the signatory confirms the correct and complete performance of the safety acceptance test. 11.2 Applied norms and directives The safety functions of KUKA.SafeOperation meet the requirements of Cate- gory 3 and Performance Level d in accordance with EN ISO 13849-1:2008. 192 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 12 KUKA Service 12 2 KUKA Service A 12.1 Requesting support v Introduction This documentation provides information on operation and operator control, and provides assistance with troubleshooting. For further assistance, please contact your local KUKA subsidiary. Information The following information is required for processing a support request:  Description of the problem, including information about the duration and frequency of the fault  As comprehensive information as possible about the hardware and software components of the overall system The following list gives an indication of the information which is relevant in many cases:  Model and serial number of the kinematic system, e.g. the manipulator  Model and serial number of the controller  Model and serial number of the energy supply system  Designation and version of the system software  Designations and versions of other software components or modifications  Diagnostic package KRCDiag Additionally for KUKA Sunrise: Existing projects including applications For versions of KUKA System Software older than V8: Archive of the software (KRCDiag is not yet available here.)  Application used  External axes used 12.2 KUKA Customer Support Availability KUKA Customer Support is available in many countries. Please do not hesi- tate to contact us if you have any questions. Argentina Ruben Costantini S.A. (Agency) Luis Angel Huergo 13 20 Parque Industrial 2400 San Francisco (CBA) Argentina Tel. +54 3564 421033 Fax +54 3564 428877 [email protected] Australia KUKA Robotics Australia Pty Ltd 45 Fennell Street Port Melbourne VIC 3207 Australia Tel. +61 3 9939 9656 [email protected] www.kuka-robotics.com.au Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 193 / 205 KUKA.SafeOperation 3.2 Belgium KUKA Automatisering + Robots N.V. Centrum Zuid 1031 3530 Houthalen Belgium Tel. +32 11 516160 Fax +32 11 526794 [email protected] www.kuka.be Brazil KUKA Roboter do Brasil Ltda. Travessa Claudio Armando, nº 171 Bloco 5 - Galpões 51/52 Bairro Assunção CEP 09861-7630 São Bernardo do Campo - SP Brazil Tel. +55 11 4942-8299 Fax +55 11 2201-7883 [email protected] www.kuka-roboter.com.br Chile Robotec S.A. (Agency) Santiago de Chile Chile Tel. +56 2 331-5951 Fax +56 2 331-5952 [email protected] www.robotec.cl China KUKA Robotics China Co., Ltd. No. 889 Kungang Road Xiaokunshan Town Songjiang District 201614 Shanghai P. R. China Tel. +86 21 5707 2688 Fax +86 21 5707 2603 [email protected] www.kuka-robotics.com Germany KUKA Roboter GmbH Zugspitzstr. 140 86165 Augsburg Germany Tel. +49 821 797-1926 Fax +49 821 797-41 1926 [email protected] www.kuka-roboter.de 194 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 12 KUKA Service France KUKA Automatisme + Robotique SAS Techvallée 6, Avenue du Parc 91140 Villebon S/Yvette France Tel. +33 1 6931660-0 Fax +33 1 6931660-1 [email protected] www.kuka.fr India KUKA Robotics India Pvt. Ltd. Office Number-7, German Centre, Level 12, Building No. - 9B DLF Cyber City Phase III 122 002 Gurgaon Haryana India Tel. +91 124 4635774 Fax +91 124 4635773 [email protected] www.kuka.in Italy KUKA Roboter Italia S.p.A. Via Pavia 9/a - int.6 10098 Rivoli (TO) Italy Tel. +39 011 959-5013 Fax +39 011 959-5141 [email protected] www.kuka.it Japan KUKA Robotics Japan K.K. YBP Technical Center 134 Godo-cho, Hodogaya-ku Yokohama, Kanagawa 240 0005 Japan Tel. +81 45 744 7691 Fax +81 45 744 7696 [email protected] Canada KUKA Robotics Canada Ltd. 6710 Maritz Drive - Unit 4 Mississauga L5W 0A1 Ontario Canada Tel. +1 905 670-8600 Fax +1 905 670-8604 [email protected] www.kuka-robotics.com/canada Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 195 / 205 KUKA.SafeOperation 3.2 Korea KUKA Robotics Korea Co. Ltd. RIT Center 306, Gyeonggi Technopark 1271-11 Sa 3-dong, Sangnok-gu Ansan City, Gyeonggi Do 426-901 Korea Tel. +82 31 501-1451 Fax +82 31 501-1461 [email protected] Malaysia KUKA Robot Automation (M) Sdn Bhd South East Asia Regional Office No. 7, Jalan TPP 6/6 Taman Perindustrian Puchong 47100 Puchong Selangor Malaysia Tel. +60 (03) 8063-1792 Fax +60 (03) 8060-7386 [email protected] Mexico KUKA de México S. de R.L. de C.V. Progreso #8 Col. Centro Industrial Puente de Vigas Tlalnepantla de Baz 54020 Estado de México Mexico Tel. +52 55 5203-8407 Fax +52 55 5203-8148 [email protected] www.kuka-robotics.com/mexico Norway KUKA Sveiseanlegg + Roboter Sentrumsvegen 5 2867 Hov Norway Tel. +47 61 18 91 30 Fax +47 61 18 62 00 [email protected] Austria KUKA Roboter CEE GmbH Gruberstraße 2-4 4020 Linz Austria Tel. +43 7 32 78 47 52 Fax +43 7 32 79 38 80 [email protected] www.kuka.at 196 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 12 KUKA Service Poland KUKA Roboter Austria GmbH Spółka z ograniczoną odpowiedzialnością Oddział w Polsce Ul. Porcelanowa 10 40-246 Katowice Poland Tel. +48 327 30 32 13 or -14 Fax +48 327 30 32 26 [email protected] Portugal KUKA Robots IBÉRICA, S.A. Rua do Alto da Guerra n° 50 Armazém 04 2910 011 Setúbal Portugal Tel. +351 265 729 780 Fax +351 265 729 782 [email protected] www.kuka.com Russia KUKA Robotics RUS Werbnaja ul. 8A 107143 Moskau Russia Tel. +7 495 781-31-20 Fax +7 495 781-31-19 [email protected] www.kuka-robotics.ru Sweden KUKA Svetsanläggningar + Robotar AB A. Odhners gata 15 421 30 Västra Frölunda Sweden Tel. +46 31 7266-200 Fax +46 31 7266-201 [email protected] Switzerland KUKA Roboter Schweiz AG Industriestr. 9 5432 Neuenhof Switzerland Tel. +41 44 74490-90 Fax +41 44 74490-91 [email protected] www.kuka-roboter.ch Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 197 / 205 KUKA.SafeOperation 3.2 Spain KUKA Robots IBÉRICA, S.A. Pol. Industrial Torrent de la Pastera Carrer del Bages s/n 08800 Vilanova i la Geltrú (Barcelona) Spain Tel. +34 93 8142-353 Fax +34 93 8142-950 [email protected] www.kuka.es South Africa Jendamark Automation LTD (Agency) 76a York Road North End 6000 Port Elizabeth South Africa Tel. +27 41 391 4700 Fax +27 41 373 3869 www.jendamark.co.za Taiwan KUKA Robot Automation Taiwan Co., Ltd. No. 249 Pujong Road Jungli City, Taoyuan County 320 Taiwan, R. O. C. Tel. +886 3 4331988 Fax +886 3 4331948 [email protected] www.kuka.com.tw Thailand KUKA Robot Automation (M)SdnBhd Thailand Office c/o Maccall System Co. Ltd. 49/9-10 Soi Kingkaew 30 Kingkaew Road Tt. Rachatheva, A. Bangpli Samutprakarn 10540 Thailand Tel. +66 2 7502737 Fax +66 2 6612355 [email protected] www.kuka-roboter.de Czech Republic KUKA Roboter Austria GmbH Organisation Tschechien und Slowakei Sezemická 2757/2 193 00 Praha Horní Počernice Czech Republic Tel. +420 22 62 12 27 2 Fax +420 22 62 12 27 0 [email protected] 198 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 12 KUKA Service Hungary KUKA Robotics Hungaria Kft. Fö út 140 2335 Taksony Hungary Tel. +36 24 501609 Fax +36 24 477031 [email protected] USA KUKA Robotics Corporation 51870 Shelby Parkway Shelby Township 48315-1787 Michigan USA Tel. +1 866 873-5852 Fax +1 866 329-5852 [email protected] www.kukarobotics.com UK KUKA Robotics UK Ltd Great Western Street Wednesbury West Midlands WS10 7LL UK Tel. +44 121 505 9970 Fax +44 121 505 6589 [email protected] www.kuka-robotics.co.uk Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 199 / 205 KUKA.SafeOperation 3.2 200 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 Index Index Symbols Axis velocity, maximum in T1 27, 89, 119 $BRAKES_OK 109 Axis velocity, reduced 27, 89, 119 $BRAKETEST_MONTIME 109 Axis-specific monitoring spaces, defining 84 $BRAKETEST_REQ_EX 109 Axis-specific monitoring spaces, testing 121 $BRAKETEST_REQ_INT 109 Axis-specific protected spaces 23 $BRAKETEST_WARN 109 Axis-specific velocity limits, testing 119 $BRAKETEST_WORK 109 Axis-specific velocity monitoring, defining 87 $MASTERINGTEST_ACTIVE 100 Axis-specific workspaces 22 $MASTERINGTEST_GROUP 100 $MASTERINGTEST_REQ_EXT 100 B $MASTERINGTEST_REQ_INT 100 BASE coordinate system 16 $MASTERINGTEST_SWITCH_OK 100 Brake defect 49 $ROBROOT, special cases 18 Brake release device 47 $SR_ACTIVETOOL 139 Brake test 14, 65, 106 $SR_AXISSPEED_OK 139 Brake test cycle time 106 $SR_CARTSPEED_OK 139 Brake test, function test 113 $SR_DRIVES_ENABLE 139 Brake test, programs 107 $SR_MOVE_ENABLE 139 Brake test, signals 108, 110 $SR_OV_RED 114, 117 Brake test, teaching positions 111 $SR_RANGE_ACTIVE 139 Brake, defective 112 $SR_RANGE_OK 139 BrakeTestBack.SRC 108, 111 $SR_SAFEMON_ACTIVE 139 BrakeTestPark.SRC 108, 111 $SR_SAFEOPSTOP_ACTIVE 140 BrakeTestReq.SRC 108, 112 $SR_SAFEOPSTOP_OK 140 BrakeTestSelfTest.SRC 108, 113 $SR_SAFEREDSPEED_ACTIVE 140 BrakeTestStart.SRC 108, 111 $SR_VEL_RED 114, 117, 118 Braking distance 10, 36 $SR_WORKSPACE_RED 114, 117, 118 Braking time 89 Buttons, overview 63 Numbers 2006/42/EC 58 C 2014/30/EU 58 Cable lengths, reference switch module 28 2014/68/EC 58 Cartesian monitoring spaces, defining 79 95/16/EC 58 Cartesian monitoring spaces, testing 120 97/23/EC 58 Cartesian protected spaces 21 Cartesian velocity limits, testing 119 A Cartesian velocity, maximum 76, 119 Accessories 35 Cartesian velocity, reduced 77, 119 Activating a new safety configuration 122 Cartesian velocity, reduced for T1 77, 119 Activation code, safety configuration 64 Cartesian workspaces 20 Activation, monitoring space 80, 85 CE mark 36 Activation, reference stop 81, 86 Cell area 12, 15, 19, 20 Actuating plate, hole pattern 33 Cell area, defining 77 Actuating plate, installation 101 Change log 65 Alarm space 10 Checking the reference position 105 Ambient temperature, reference switch 31 Checklists 171 ANSI/RIA R.15.06-2012 58 Checksum, brake test configuration 65 Appendix 171 Checksum, safety configuration 64 Applied norms and regulations 57 CIP Safety 10, 14, 61 Areas of application 13 Circuit diagram, reference switch 33 Automatic mode 55 CK 10, 13 Axis angle, lower limit 87 Cleaning work 55 Axis angle, upper limit 87 Compatibility 61 Axis limit 10, 22, 23 Components 14 Axis range 10, 22, 23, 36 Configuration 69 Axis range limitation 46 Configuration, overview 70 Axis range monitoring 46 Connecting cables 35 Axis velocity, maximum 27, 89 Connecting cables, overview 29 Axis velocity, maximum global 119 Connecting, reference switch 102 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 201 / 205 KUKA.SafeOperation 3.2 Connector pin assignment, reference cable X42- Hole pattern, actuating plate 33 XS Ref 32 Hole pattern, reference switch 32 Coordinate systems 16 Hysteresis, reference switch 31 Coordinate systems, angles 17 Coordinate systems, orientation 17 I Counterbalancing system 56 I/Os, interface X13 136 Industrial robot 35 D Installation 61 Danger zone 10, 37 Intended use 35 Declaration of conformity 36 Interface, X13 136 Declaration of incorporation 35, 36 Interface, X13 14 Decommissioning 56 Interfaces 125 Diagnosis 139 Introduction 9 Diagnostic monitor (menu item) 139 Diagnostic signals via Ethernet interface 133 J Directives 192 Jog mode 45, 48 Discrete safety interface, for safety options 14 Displaying machine data 65 K Displaying, change log 65 KL 10 Disposal 56 Knowledge, required 9 Documentation, industrial robot 9 KUKA Customer Support 193 KUKA smartPAD 37 E EC declaration of conformity 36 L Electromagnetic compatibility (EMC) 59 Labeling 47 EMC conformity, reference switch 31 Liability 35 EMC Directive 36, 58 Linear unit 35 EMERGENCY STOP device 43, 44, 48 Low Voltage Directive 36 EMERGENCY STOP, external 44, 51 EMERGENCY STOP, local 51 M EN 60204-1 + A1 59 Machine data 51, 64, 65 EN 61000-6-2 59 Machinery Directive 36, 58 EN 61000-6-4 + A1 59 Maintenance 55 EN 614-1 + A1 58 Manipulator 35, 37 EN ISO 10218-1 58 Manual mode 54 EN ISO 12100 58 Mastering position, reference position 97 EN ISO 13849-1 58 Mastering test 10, 98 EN ISO 13849-2 58 Mastering test input 76 EN ISO 13850 58 Mastering test, performing manually 105 Enabling device 44, 48 Mastering test, programs 99 Enabling device, external 45 Mastering test, teaching positions 103 Enabling switches 44 Mastering test, variables 100 Ethernet interface 10, 11, 133 Mechanical axis range limitation 46 EtherNet/IP 10, 14, 61 Mechanical end stops 46 Extended SIB 14 Messages 141 External axes 35, 38 Monitoring space 12 Monitoring space, axis-specific 84 F Monitoring space, Cartesian 79 Faults 49 Monitoring spaces 14 FLANGE coordinate system 17 Monitoring time 10, 98 Function test 50 Monitoring, physical safeguards 42 Functional principle 13 Monitoring, velocity 45 Functions, SafeOperation 13 N G Norms 192 General safety measures 48 Global parameters, defining 75 O Operating current, reference switch 31 H Operating voltage, reference switch 31 Hardware 14, 61 Operation 63 Hazardous substances 56 Operator 39 202 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 Index Operator safety 40, 42, 48 S Options 35 Safe I/Os, displaying 139 Outputs, reference switch 31 Safe monitoring 76 Overload 49 Safe monitoring, activating 75 Override reduction 113 Safe monitoring, deactivating 123 Override reduction, spline 115 Safe operational stop 12, 28, 37, 45 Override reduction, variables 117 Safe operational stop, axis group 1 to 6 93 Overview, buttons 63 Safe operational stop, defining 91 Overview, SafeOperation 13 Safe operational stop, testing 122 Overview, safety acceptance 117 Safe robot retraction 68 Safe TCP 26 P Safe tools 12, 26 Panic position 44 Safe tools, defining 93 Performance Level 40 Safeguards, external 47 Performing a manual brake test 112 SafeOperation via Ethernet safety interface 129 Peripheral contactor 53 SafeOperation, overview 13 Permissible load current, reference switch 31 Safety 35 Permissible switching distance, reference switch Safety acceptance, overview 117 31 Safety acceptance, precondition 171 Permissible switching frequency, reference swit- Safety configuration, displaying information 64 ch 31 Safety configuration, export 67 Personnel 38 Safety configuration, import 65 Plant integrator 38 Safety configuration, new, activating 122 Polygon, convex 10, 15, 19 Safety configuration, opening 63 Position tolerance 93 Safety configuration, saving 97 Positioner 35 Safety controller 41 Pressure Equipment Directive 56, 58 Safety functions 40, 48 Preventive maintenance work 55 Safety functions, Ethernet safety interface 125 Product description 13 Safety functions, overview 40 PROFINET 11, 14, 61 Safety functions, test 118 PROFIsafe 11, 14, 61 Safety instructions 9, 69 Protected space 11, 15, 21, 23 Safety of machinery 58, 59 Protection rating 31 Safety options 37 Protective equipment 45 Safety STOP 0 11, 37 Pulse duration, reference switch 31 Safety STOP 1 11, 37 Pulse duty factor, reference switch 31 Safety STOP 2 12, 37 Safety STOP 0 37 R Safety STOP 1 37 Radius, tool sphere 72 Safety STOP 2 37 Reaction distance 10, 36 Safety stop, external 45 Recommissioning 50 Safety zone 37, 39 Reference cable X42-XS Ref, connector pin as- Safety, general 35 signment 32 Selecting the operating mode 40, 41 Reference group 11, 97, 98 Serial number, robot 64 Reference position 11, 98 Service life 31, 37 Reference position, axis angle 97 Service, KUKA Roboter GmbH 193 Reference position, Cartesian 97 SIB 11 Reference position, defining 95 Signals, brake test 108 Reference position, selecting 101 Signals,brake test 110 Reference stop 11, 25 Simulation 54 Reference switch 11 Single point of control 56 Reference switch module 28 smartPAD 37, 49 Reference switch, connecting 102 Software 14, 35, 61 Reference switch, installation 101 Software limit switches 46, 48 Reference switch, technical data 31 Space dimensions 82 Reference system 78, 82 Space type 80, 85 Release device 47 Space-specific velocity 25, 80, 81, 85, 86 Repair 55 Special cases, $ROBROOT 18 Robot controller 35 Sphere, radius 72 ROBROOT coordinate system 16 Spline, override reduction 115 SPOC 56 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 203 / 205 KUKA.SafeOperation 3.2 Standstill monitoring 28, 93 X Start-up 50, 69 XML export 67 Start-up mode 53, 69 XML import 65 Start-up, overview 70 STOP 0 36, 38 STOP 1 36, 38 STOP 2 36, 38 Stop at boundaries 80, 85 Stop category 0 38 Stop category 1 38 Stop category 2 38 Stop reactions 16, 27, 40 Stopping distance 10, 15, 36, 39 Storage 56 Support request 193 Switching function, reference switch 31 System integrator 36, 38, 39 System requirements 61 System variables 100, 117, 139 T T1 38 T2 38 Target group 9 Teach pendant 35 Technical data 31 Technical data, reference switch 31 Terms used 10 Terms used, safety 36 Time stamp, machine data 64 Time stamp, safety configuration 64 TOOL coordinate system 16 Tool sphere, radius 72 Training 9 Transportation 50 Turn-tilt table 35 Type of monitoring space 80, 85 U Uninstallation, SafeOperation 62 Update, SafeOperation 61 US2 53 Use, contrary to intended use 35 Use, improper 35 User 37, 38 User groups 63 V Velocity monitoring 45 Velocity monitoring functions 27 Velocity monitoring, axis-specific 87 Velocity, space-specific 25 Version, safety configuration 64 Version, safety option 64 W Warnings 9 Working range limitation 46 Workspace 10, 15, 20, 22, 36, 39 WORLD coordinate system 16 204 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 KUKA.SafeOperation 3.2 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 205 / 205

Comments

Description