Safe Stop 1 (SS1)
This instruction only applies to the
Compact GuardLogix
5380 and GuardLogix
5580 controllers.The Safe Stop 1 (SS1) instruction initiates and monitors the motor deceleration within set limits to ensure the motor stops in a controlled manner.
Available Languages
Ladder Diagram
Function Block
This instruction is not available in function block.
Structured Text
This instruction is not available in structured text.
Safe Stop 1 Application
Safe Stop 1 is used with a CIP safety drive that supplies speed and position of an axis or motor, and a Safety Feedback Interface (SFX) instruction to scale the feedback. During operation the SS1 instruction signals when the motor speed is at or below the Standstill Speed. The output is then used to initiate Safe Torque Off (STO) in the drive.
Operands
IMPORTANT:
Unexpected operation may occur if:
- Output tag operands are overwritten.
- Members of a structure operand are overwritten.
- Structure operands are shared by multiple instructions.
WARNING:
The SS1 Safety Control structure contains internal state information. If any of the configuration operands are changed while in run mode, accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect.
The following table provides the operands used for configuring the instruction.
Operand | Data Type | Format | Description |
|---|---|---|---|
Safety Control | SAFE_STOP_1 | tag | Data structure required for proper operation of instruction. |
Restart Type | list item | This input selects the Restart Type for the instruction. MANUAL (0) A 0 to 1 transition of the Reset input is required after Request has been removed to enable the instruction to operate. AUTOMATIC (1) The instruction will reset when he Request has been removed and no fault is present [FP] = OFF(0). Once reset, the instruction will be able to operate.  ATTENTION: Only use Automatic Restart in application situations where it is determined that no unsafe conditions will occur from its use. | |
Cold Start Type | list item | This input selects the behavior when applying controller power or a controller mode change to Run. MANUAL (0) A 0 to 1 transition of the Reset input is required with the Request removed to enable the instruction to operate. AUTOMATIC (1) The instruction resets when the Request has been removed. |
The following table explains the instruction inputs.
Operand | Data Type | Format | Description |
|---|---|---|---|
Stop Monitor Delay | INT | immediate tag | This operand defines the delay time between the SS1 function Request input and the start of the deceleration monitoring Stop Delay. See timing diagrams in Normal Operation for illustration of Stop Monitor Delay and SS1 timing. Range: 0 to 32767 Units: milliseconds |
Stop Delay | DINT | immediate tag | This operand that defines the maximum time allowed for the motor to reach Standstill Speed after the Stop Monitor Delay time expires. This input is also used to compute a velocity ramp or deceleration that the axis must remain below during function execution. See timing diagrams in Normal Operation for illustration of Stop Delay and SS1 timing. Range: 1 to 3000000 Units: milliseconds |
Standstill Speed | REAL | immediate tag | This operand defines the speed limit that is used to declare motion as stopped. The drive is at standstill when the speed detected is less than or equal to the configured Standstill Speed. See timing diagrams in Normal Operation for illustration of Standstill Speed and SS1 timing. Range:  0Units: Position Units / Time Unit |
Decel Ref Speed | REAL | immediate tag | This operand is used to compute a velocity ramp or deceleration that the axis must remain below during function execution. See timing diagrams in Normal Operation for illustration of Decel Ref Speed and SS1 timing. Range: 0Units: Position Units / Time Unit |
Decel Speed Tolerance | REAL | immediate tag | This operand is used to compute a velocity tolerance around the velocity ramp that the axis must remain below during function execution. See timing diagrams in Normal Operation for illustration of Decel Speed Tolerance and SS1 timing. Range: 0Units: Position Units / Time Unit |
Feedback SFX | SAFETY_FEEDBACK_INTERFACE | tag | This operand provides velocity data. Assign this operand to the Safety Controller tag of the SFX instruction that is used with this SS1 instruction. The following members of the SFX Safety Controller tag are used: FeedbackSFX.ActualVelocity is provided in Position Unit / Time Unit |
Request | BOOL | tag | When set to ON(1) this operand initiates the SS1 function. Start Monitor Delay timer is started when SS1 begins. See diagrams in Normal Operation for illustrations of timing. |
Reset 1 | BOOL | tag | This operand resets the SS1 function. An OFF(0) to ON(1) transition resets the SS1 function and Fault Present [FP] provided the Request is OFF(0) and any fault condition has been removed. The Reset Required [RR] output indicates when a reset is required to reset the function. |
1
ISO 13849-1 stipulates instruction reset function must occur on falling edge signals. To comply with ISO 13849-1 requirements, add the logic immediately before this instruction. Rename the Reset_Signal tag in this example to the reset signal tag name. Then use the OSF instruction Output Bit tag as the instruction’s reset source.
This table explains the instruction outputs. The outputs are external tags (safety output modules) or internal tags used in other logic routines.
Operand | Data Type | Description |
|---|---|---|
Output 1 [O1] | BOOL | ON(1): Indicates the instruction is executing and the instruction is not faulted. OFF(0): Any of the conditions below:
This output is normally used to initiate Safe Torque Off in the drive that controls the axis being monitored the SS1 instruction. |
Reset Required [RR] | BOOL | ON(1): Indicates that an Reset is required to restart the instruction and or to clear faults. See Reset Input for Reset sequence. OFF(0): Normal operation under Automatic Restart operation. |
Fault Present [FP] | BOOL | ON(1): A fault is present in the instruction. OFF(0): The instruction is operating normally. |
Diagnostic Code | SINT | This output indicates the diagnostic status of the instruction. See Diagnostic Codes and Corrective Actions for specific codes and actions. |
Fault Type | SINT | This output indicates the type of fault that occurred. See the Fault Codes and Corrective Actions section for specific codes and actions. |
Stop Monitor Delay Active | BOOL | ON(1): Indicates that Stop Monitor Delay timer is active. |
Speed Limit | REAL | When Stop Delay is ON(1) this output indicates the real speed limit of the monitored axis. If this speed is exceeded then the instruction will fault. The speed limit will be a ramp function decreasing to zero during Stop Delay as shown in the figures in Normal Operation. Units: Position Unit/ Time Unit. |
Deceleration Ramp | REAL | This output indicates the real time ramp function without the Deceleration Speed Tolerance term as shown in the figures in Normal Operation. Units: Position Unit/ Time Unit. |
This table explains instruction outputs that are written to the user-specified tag.
Operand | Data Type | Format | Description |
|---|---|---|---|
SS1 Fault | BOOL | tag | SS1 instruction writes the SS1 Fault status to this tag. OFF(0): Not Faulted ON(1): Faulted SS1 Fault is set to ON(1) for the following fault types and corresponding conditions:
Tip: Assign the SS1 fault operand to the SS1 Fault member of the safety output tag structure corresponding to the motion safety instance of the drive module. The corresponding Axis Fault Status updates automatically in the drive axis tag structure to enable coordination of the motion task with the safety task. |
SS1 Active | BOOL | tag | The SS1 instruction writes the SS1 Active status to this tag. OFF(0): SS1 not active ON(1): SS1 active SS1 Active is set to ON(1) when SS1 is requested after being reset. SS1 Active is reset to OFF(0) when the SS1 function resets. Tip: Assign the SS1 Active operand to the SS1 Active member of the safety output tag structure corresponding to the motion safety instance of the drive module. The corresponding Axis Safety Status updates automatically in the drive axis tag structure to enable coordination of the motion task with the safety task. |
Standstill Speed.
IMPORTANT:
Do not write to any instruction output tag under any circumstances.
Affects Math Status Flags
No
Major/Minor Faults
None specific to this instruction. See Index Through Arrays for array-indexing faults.
Execution
Condition/State | Action Taken |
|---|---|
Prescan | The .01, .FP, .RR, .SS1Active, .SS1Fault, and .StopMonitorDelayDelayActive outputs are cleared to OFF(0). The Diagnostic Code output is set to OFF(0). The Fault Type output is set to ON(1). The .SpeedLimit and .DecelerationRamp outputs are set to OFF(0). |
Rung-condition-in is false | The .01, .SS1Active, and .StopMonitorDelayDelayActive outputs are cleared to OFF(0). The .SpeedLimit and .DecelerationRamp outputs are set to OFF(0). If an instruction fault is present when rung goes false the fault condition is maintained and the Diagnostic Code is displayed. |
Rung-condition-in is true | The instruction executes. |
Postscan | N/A |
Operation
Normal Operation
The SS1 function begins if it has been previously reset and the Request input is asserted ON(1). At this point the Stop Monitor Delay Timer will begin. When the Stop Monitor Delay Timer expires the current axis speed is captured and the Stop Delay timer begins. As the Stop Delay Timer runs, the speed of the axis is monitored in real time according to the Speed Limit function, S(t), starting with Stop Delay Timer:
Speed Limit Function
S(t) = S0 + St - (Sr/ Ts)(t)
Where:
S(t) = Speed Limit
S0 = Speed captured at the end of Stop Monitor Delay
St= Decel Speed Tolerance
Sr = Decel Ref Speed
Ts = Stop Delay
t = the Stop Delay Timer value
When the Standstill Speed is reached the output O1 is cleared to OFF(0). Standstill speed is reached before the Stop Delay timer expires in normal operation.
All speed values in the Speed Limit Function are expressed in Position Units / Time Unit. A position unit is user defined according to the particular application and is configured in the SFX instruction. Time units are also configured in the SFX instruction and may be selected as seconds or minutes.
Pass-Through Tags
A Safe Motion Monitoring Drive has one or more motion axes that are controlled by a motion task. The Safe Motion Monitoring Drive also has one or more motion safety instances that support safety functions used in a safety task of a safety controller. Some of the tags associated with a drives motion safety instance are pass-through tags. The following table shows the pass-through tags and the corresponding axis tags for the SS1 function:
SS1 Instruction Output | Pass-Through Tags for Motion Safety Instance | Safe Motion Monitoring Drive Action | Axis Tag |
|---|---|---|---|
SS1 Active | module 1 :SO.SS1Active[instance2 ] | updates tag | axis 3 .SS1ActiveStatus |
SS1 Fault | module 1 :SO.SS1Fault[instance2 ] | updates tag | axis 3 .SS1Fault |
1
module is the name for the drive module in Logix Designer I/O Configuration tree2
instance is 1 or 2 for dual axis drives otherwise null3
axis is the axis name in the Logix Designer Motion Group and is associated with module When assigning the SS1 Active and SS1 Fault instruction outputs to the motion safety instance pass-through tags, the corresponding Axis Safety Status and Axis Safety Faults tags automatically update in the motion controller. The motion control task of motion controller reads the Axis Safety Status and the Axis Safety Faults tags to coordinate operation between the safety task and motion task. The following is a typical sequence of events:
- The safety application receives an input to stop the axis.
- The safety application sets Request input ON(1) to request the SS1 function.
- The SS1 instruction sets SS1 Active output and writes the module:SO.SS1Active[instance] tag of the motion safety instance of the drive.
- The motion safety instance in the drive updates the Axis Safety Status tag read in the motion controller.
- Next the motion application stops the drive according to a stopping ramp profile
- The SS1 function monitors the axis to ensure the stopping speed vs time ramp is not exceeded
- When the SS1 function detects Standstill Speed the SSI Output1 is cleared OFF(0).
- The safety application is typically written so that the SS1 Output1 [O1] results in STO request in the motion safety instance of the drive.
Normal Operation, Automatic Restart
The following diagram shows a timing diagram for normal operation. In the diagram, the Speed Limit function is shown as a solid red line ramping towards zero speed. The speed must stay below the Speed Limit function to maintain normal operation. For automatic restart operation, the SS1 function will be reset when the Request is removed OFF(0) provided no SS1 faults have occurred. When the SS1 function is reset, the output O1 will be set to ON(1) indicating the function is ready to operate.
Normal Operation, Manual Restart
When manual restart is enabled then the SSI operation requires an OFF(0) to ON(1) transition of the Reset input to reset the instruction before subsequent operation. The Reset Required output indicates that the Reset input must make an OFF(0) to ON(1) transition to reset the instruction. The following diagram shows normal operation with Manual Restart. The Speed Limit Function is calculated according to the Speed Limit Equation.
Faulted Operation, Deceleration Fault
The following figure, a timing diagram of SS1 where a Deceleration Fault occurs, is shown. In the figure the axis speed being monitored exceeded the Speed Limit Function, resulting in a Deceleration Fault.
Faulted Operation, Maximum Time Fault
A timing diagram of SS1 where a Maximum Time Fault occurs is shown in the following figure. As shown, the axis speed being monitored did not reach the zero speed limit before the Stop Delay Timer expired and a Maximum Time Fault occurred.
Fault Codes and Corrective Actions
Fault Code | Description | Corrective Action |
|---|---|---|
1 | No fault. | None. |
2 | Invalid Configuration Fault |
|
3 | Deceleration Fault - the axis being monitored for stopping exceeded the speed limit ramp computed by the instruction. |
|
4 | Maximum Time Fault - the maximum time to reach standstill was exceeded. |
|
102 | SFX Instruction Not Ready Fault | Ensure that the SFX function that supplies inputs to this SS1 instance is running and not faulted before requesting SS1. |
Diagnostic Codes and Corrective Actions
Diagnostic Code | Description | Corrective Action |
|---|---|---|
0 | No diagnostic information. | None |
10 | Rung went false while instruction was executing. | Make sure this instruction is enabled. |
20 | Stop Monitor Delay value not valid. | Check the Stop Monitor Delay value to ensure it is within the allowed range. |
21 | Stop Delay value not valid. | Check the Stop Delay value to ensure it is within the allowed range. |
22 | Standstill Speed value not valid. | Check the Standstill Speed value to ensure it is within the allowed range. |
23 | Deceleration Reference Speed value not valid. | Check the Decel Ref Speed value to ensure it is within the allowed range. |
24 | Deceleration Speed Tolerance value not valid. | Check the Decel Speed Tolerance value to ensure it is within the allowed range. |
Example
Provide Feedback