Safe Stop 2 (SS2)

This instruction only applies to the

Compact GuardLogix

5380 and

GuardLogix

5580 controllers.

The Safe Stop 2 (SS2) instruction initiates and monitors the motor or axis deceleration within set limits to ensure the motor is brought to an operational stop. Once stopped, SS2 continues to monitor the operational stop of the motor.

Available Languages

Ladder Diagram

Function Block

This instruction is not available in function block.

Structured Text

This instruction is not available in structured text.

Safe Stop 2 Application

Safe Stop 2 is used with a CIP safety drive that supplies speed and position of a motor or axis and a Safe Feedback Interface (SFX) instruction to scale the feedback. During operation, the SS2 instruction signals when the axis speed is at or below the Standstill Speed. When standstill is reached, SS2 then initiates SOS (Safe Operational Stop) to continue standstill monitoring.

Operands

IMPORTANT:

Unexpected operation may occur if:

Output tag operands are overwritten.

Members of a structure operand are overwritten.

Structure operands are shared by multiple instructions.

WARNING:

The SS2 Safety Control structure contains internal state information. If any of the configuration operands are changed while in run mode, accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect.

The following table provides the operands used for configuring the instruction.

Operand	Data Type	Format	Description
Safety Control	SAFE_STOP_2	tag	Data structure required for proper operation of instruction.
Restart Type		list item	This input selects the Restart Type for the instruction. MANUAL (0) A 0 to 1 transition of the Reset input is required after Request has been removed to enable the instruction to operate. AUTOMATIC (1) The instruction will reset when the Request has been removed and no fault is present [FP=0]. Once reset, the instruction will be able to operate. ATTENTION: Only use Automatic Restart in applications where it is determined that no unsafe conditions occur from its use.
Cold Start Type		list item	This input selects the behavior when applying controller power or a controller mode change to Run. MANUAL (0) A 0 to 1 transition of the Reset input is required with the Request removed to enable the instruction to operate. AUTOMATIC (1) The instruction resets when the Request has been removed.

The following table explains the instruction inputs.

Operand	Data Type	Format	Description
Stop Monitor Delay	INT	immediate tag	This operand defines the delay time between the SS2 function request and the start of deceleration monitoring Stop Delay. See timing diagrams in Normal Operation for illustration of Stop Monitor Delay And SS2 timing. Range: 0 to 32767 Units: milliseconds
Stop Delay	DINT	immediate tag	This operand defines the maximum time allowed for the axis to reach Standstill Speed after the Stop Monitor Delay time expires. This input is also used to compute a speed ramp or deceleration that the axis must remain below during instruction execution. See timing diagrams in Normal Operation for illustration of Stop Delay and SS2 timing. Range: 1 to 3000000 Units: milliseconds
SS2 Standstill Speed	REAL	immediate tag	This operand defines the speed limit that is used to declare motion as stopped. The drive is at standstill when the speed detected is less than or equal to the configured Standstill Speed. When SS2 Standstill Speed is reached then SOS Standstill monitoring begins. See timing diagrams in Normal Operation for illustration of Standstill Speed and SS2 timing. Range: 0 Units: Position Units / Time Unit
Decel Ref Speed	REAL	immediate tag	This operand is used to compute a speed ramp or deceleration that the axis must remain below during function execution. The deceleration is computed internally by the SS2 instruction as Decel Ref Speed / Stop Delay. See timing diagrams in Normal Operation for illustration of Decel Ref Speed and SS2 timing. Range: 0 Units: Position Units / Time Unit Tip: Enter the maximum axis speed for Decel Ref Speed and the maximum time to decelerate to standstill for the Stop Delay.
Decel Speed Tolerance	REAL	immediate tag	This operand sets a speed tolerance around the speed ramp that the axis must remain below during function execution. See timing diagrams in Normal Operation for illustration of Decel Speed Tolerance and SS2 timing. Range: 0 Units: Position Units / Time Unit
Mode	SINT	immediate tag	This operand selects speed or position checking during SOS monitoring. Range: 1 or 2 1: Position Check 2: Speed Check
Check Delay	INT	immediate tag	This operand defines the delay time between the SOS function start and the start of standstill monitoring. Range: 0 to 32767 Units: milliseconds
SOS Standstill Speed	REAL	immediate tag	This operand sets the maximum speed that is allowed before the instruction will fault during SOS standstill monitoring when Speed Checking Mode is selected. Range: 0
Standstill Deadband	REAL	immediate tag	This operand sets the maximum incremental deviation from the position that is captured at the expiration of Check Delay. If the maximum deviation is exceeded then this instruction will fault. Range: 0
Feedback SFX	SAFETY_FEEDBACK_INTERFACE	tag	The Feedback SFX operand provides position and speed data. Assign this operand is to the Safety Control tag of the SFX instruction that is used with the SS2 instruction instance. The following members of the SFX Safety Control tag are used: FeedbackSFX.FeedbackPosition Units: Feedback Counts FeedbackSFX.ActualSpeed Units: Postion Unit / Time Unit FeedbackSFX.PositionScalingOut Units: Feedback Counts / Position Unit
Request	BOOL	tag	The Request input enables the SS2 function to operate. ON(1): Start SS2 function to execution. OFF(0): Allows function reset according to Restart Type
Reset¹	BOOL	tag	This operand resets the SS2 function. An OFF(0) to ON(1) transition resets the SS2 function and Fault Present [FP] provided the Request is OFF(0) and any fault condition has been removed. The Reset Required [RR] output indicates when a reset is required to reset the function.

¹ ISO 13849-1 stipulates instruction reset function must occur on falling edge signals. To comply with ISO 13849-1 requirements, add the logic immediately before this instruction. Rename the ‘Reset Signal’ tag in this example to the reset signal tag name. Then use the OSF instruction Output Bit tag as the instruction’s reset source.

This table explains the instruction outputs. The outputs are external tags (safety output modules) or internal tags used in other logic routines.

Operand	Data Type	Description
Output 1 [O1]	BOOL	ON(1) : Indicates the instruction is executing and the function is not faulted. OFF(0): Any of the conditions below: The rung in condition is no longer true An instruction fault has occurred
Reset Required [RR]	BOOL	ON(1) : Indicates that an Reset is required to restart the instruction and or to clear faults. See Reset Input for Reset sequence. OFF(0): Normal operation under Automatic Restart operation.
Fault Present [FP]	BOOL	ON(1): A fault is present in the instruction. OFF(0): The instruction is operating normally.
Diagnostic Code	SINT	This output indicates the diagnostic status of the instruction. See Diagnostic Codes and Corrective Actions for specific codes and actions.
SS2 Fault Type	SINT	This output indicates the type of SS2 fault that occurred. See the Fault Codes and Corrective Actions section for specific codes and actions.
SOS Fault Type	SINT	This output indicates the type of SOS fault that occurred. See the Fault Codes and Corrective Actions section for specific codes and actions.
Stop Monitor Delay Active	BOOL	ON(1): Indicates that Stop Monitor Delay timer is active.
Check Delay Active	BOOL	ON(1): Indicates that Check Delay timer is active.
Speed Limit	REAL	When Stop Delay is ON (1) this output indicates the real speed limit of the monitored axis. If this speed is exceeded then the instruction will fault. The speed limit will be a ramp function decreasing to zero during Stop Delay as shown in the figures in Normal Operation. Units: Position Unit/ Time Unit.
Deceleration Ramp	REAL	This output indicates the real time ramp function without the Deceleration Speed Tolerance term as shown in the figures in Normal Operation. Units: Position Unit/ Time Unit.
Standstill Set Point	REAL	This output is set to the Actual Position when SOS monitoring begins.

This table explains instruction outputs that are written to the user-specified tag.

Operand	Data Type	Format	Description
SS2 Active	BOOL	tag	The SS2 instruction writes the SS2 Active status to this tag. OFF(0): SS2 not active ON(1): SS2 active SS2 Active is set to ON(1) when SS2 is requested after being reset. SS2 Active is reset to OFF(0) when the SS2 function resets. Tip: Assign the SS2 Active operand to the SS2 Active member of the safety output tag structure corresponding to the motion safety instance of the drive module. The corresponding Axis Safety Status updates automatically in the drive axis tag structure to enable coordination of the motion task with the safety task.
SS2 Fault	BOOL	tag	The SS2 instruction writes the SS2 Fault status to this tag. OFF(0): Not faulted ON(1): Faulted SS2 Fault is set to ON (1) for the following fault types and corresponding conditions: Configuration Fault An instruction input operand value is out of range. Deceleration Fault The axis speed exceeded the defined speed limit value. Maximum Time Fault Stop Delay time expires and axis speed is greater than Standstill Speed. SFX Instruction Not Ready Fault The feedback used for monitoring is not valid or the SFX instruction is not running when SS2 is requested. Tip: Assign the SS2 Fault operand to the SS2 Fault member of the safety output tag structure corresponding to the motion safety instance of the drive module. The corresponding Axis Safety Faults tag updates automatically in the drive axis tag structure to enable coordination of the motion task with the safety task.
SOS Active	BOOL	tag	The SS2 instruction writes the SOS Active status to this tag. OFF(0): SOS not active ON(1): SOS active Tip: Assign the SOS Active operand to the SOS Active member of the safety output tag structure corresponding to the motion safety instance of the drive module. The corresponding Axis Safety Status updates automatically in the drive axis tag structure to enable coordination of the motion task with the safety task.
SOS Standstill	BOOL	tag	The SS2 instruction writes the SOS Standstill status to this tag. OFF(0): Speed or position not at standstill. ON(1): Speed or position is within standstill limits. Tip: Assign the SOS Standstill operand to the SOS Standstill member of the safety output tag structure corresponding to the motion safety instance of the drive module. The corresponding Axis Safety Status updates automatically in the drive axis tag structure to enable coordination of the motion task with the safety task.
SOS Fault	BOOL	tag	The SS2 instruction writes the SOS Fault status to this tag. OFF(0): Not faulted ON(1): Faulted SOS Fault is set to ON (1) state for the following fault types and corresponding conditions: Configuration Fault An instruction input operand value is out of range. Standstill Position Fault Standstill deadband was exceeded while monitoring. Standstill Speed Fault Standstill speed limit was exceeded while monitoring. SFX Instruction Not Ready Fault The feedback used for monitoring is not valid or the SFX instruction is not running when SS2 is requested. Tip: Assign the SOS Fault operand to the SOS Fault member of the safety output tag structure corresponding to the motion safety instance of the drive module. The corresponding Axis Safety Faults tag updates automatically in the drive axis tag structure to enable coordination of the motion task with the safety task.

IMPORTANT:

Do not write to any instruction output tag under any circumstances.

Affects Math Status Flags

Major/Minor Faults

None specific to this instruction. See Index Through Arrays for array-indexing faults.

Execution

Condition/State	Action Taken
Prescan	The .01, .FP, .RR, .SS2Active, .SS2Fault, .StopMonitorDelayActive, .SpeedLimit, .DecelerationRamp, .SOSActive, .SOSStandstill, .SOSFault, and .CheckDelayActive outputs are cleared to OFF(0). The Diagnostic Code output is set to 0. The Fault Type output is set to 1
Rung-condition-in is false	The .O1, .SS2Active, .SOSActive, .SOSStandstill, .StopMonitorDelayActive, .CheckDelayActive, are cleared to OFF(0). The Speed Limit output is set to 0 The Deceleration Ramp is set to 0 The Standstill Setpoint is set to 0 If an instruction fault is present when rung went false the fault condition will be maintained and Diagnostic Code displayed.
Rung-condition-in is true	The instruction executes.
Postscan	N/A

Operation

Normal Operation

The SS2 function begins if it has been previously reset and the Request input is asserted ON(1). At this point the Stop Monitor Delay Timer will begin. When the Stop Monitor Delay Timer expires the current axis speed is captured and the Stop Delay timer begins. As the Stop Delay Timer runs, the speed of the axis is monitored in real time according to the Speed Limit function, S(t), starting with Stop Delay Timer:

Speed Limit Function

S(t) = S0 + St - (Sr/ Ts)(t)

Where:

S(t) = Speed Limit

S0 = Speed captured at the end of Stop Monitor Delay

St= Decel Speed Tolerance

Sr = Decel Ref Speed

Ts = Stop Delay

t = the Stop Delay Timer value

When the SS2 Standstill Speed is reached then Safe Operating Stop (SOS) monitoring function within the SS2 function begins. Note that SS2 Standstill speed is reached before the Stop Delay timer expires in normal operation.

When the SOS monitoring begins, the Check Delay timer is started. After the check delay timer expires the position is captured. Either the speed or position, provided by an SFX instruction, is compared to the SOS Standstill Speed or Standstill Deadband according to the Mode setting. After Check Delay expires, Standstill output will be set to ON(1) as long as the speed is below the SOS Standstill Speed and the function is not faulted. The SOS monitoring remains active as long as it is not faulted and the Request input is ON(1). If the speed of the monitored axis exceeds the Standstill limit then the SOS function will Fault.

Position values used in the SS2 instruction are in Position Units. Speed values used in the SS2 instruction are in Position Units / Time Unit. A position unit is user defined according to the particular application and is configured in the SFX instruction. Time units are also configured in the SFX instruction and may be selected as seconds or minutes.

Pass-Through Tags

A Safe Motion Monitoring Drive has one or more motion axes that are controlled by a motion task. The Safe Motion Monitoring Drive also has one or more motion safety instances that support safety functions used in a safety task of a safety controller. Some of the tags associated with a drives motion safety instance are pass-through tags. The following table shows the pass-through tags and the corresponding axis tags for the SS2 function:

SS2 Instruction Output	Pass-Through Tags for Motion Safety Instance	Safe Motion Monitoring Drive Action	Axis Tags
SS2 Active	module¹:SO.SS2Active[instance²]	updates tag	axis3.SS2ActiveStatus
SS2 Fault	module¹:SO.SS2Fault[instance²]	updates tag	axis3.SS2Fault
SOS Active	module¹:SO.SOSActive[instance²]	updates tag	axis3.SOSActiveStatus
SOS Standstill	module¹:SO.SOSStandstill[instance²]	updates tag	axis3.SOSStandstillStatus
SOS Fault	module¹:SO.SOSFault[instance²]	updates tag	axis3.SOSFault

¹module is the name for the drive module in Logix Designer I/O Configuration tree.

²instance is 1 or 2 for dual axis drives otherwise null

³axis is the axis name in the Logix Designer Motion Group and is associated with module

When assigning the SS2 Active, SOS Active, SOS Standstill, SS2 Fault and SOS Fault outputs to the motion safety instance pass-through tags, the corresponding Axis Safety Status and Axis Safety Faults tags automatically update in the motion controller. The motion control task of motion controller reads the Axis Safety Status and the Axis Safety Faults tags to coordinate operation between the safety task and motion task. The following is a typical sequence of events:

The safety application receives an input to stop an axis.

The safety application sets the Request input ON(1) to request the SS2 function.

The SS2 instruction sets SS2 Active output and writes the module:SO.SS2Active[instance] tag of the motion safety instance in the drive.

The motion safety instance in the drive updates the Axis Safety Status tag read in the motion controller.

Next the motion application stops the drive according to a stopping ramp profile.

The SS2 function monitors the axis to ensure stopping speed vs time ramp is not exceeded.

When the SS2 function detects SS2 Standstill the SS2 instruction writes the module:SO.SOSActive[instance] tag of the motion safety instance of the drive.

When the SOS function detects SOS Standstill the SS2 instruction writes module:SO.SOSStandstill[instance] tag of the motion safety instance of the drive.

The motion application reads the Axis Safety Status tags and continues to hold the position or maintain zero speed.

Normal Operation, Automatic Restart

The following diagram shows a timing diagram for normal operation with Automatic Restart. In normal operation the SS2 Active output will remain ON(1) as long as the SS2 function has not been reset. For automatic restart operation, the SS2 function will be reset when the Request is removed OFF(0) provided no faults have occurred. When the SS2 function is reset the output O1 will be set to ON(1) indicating the function is ready to operate.

In the diagram, the Speed Limit function is shown as a solid red line ramping towards zero speed. The speed must stay below the Speed Limit function to maintain normal operation. After the SS2 Standstill Speed is reached the SOS Active Output is ON(1) indicating that the SOS function within SS2 is active and remains ON(1) as long as the Request remains ON(1).

Normal Operation, Manual Restart

When manual restart is configured, the SS2 function reset before subsequent operation. The Reset Required output indicates that the Reset input must make an OFF(0) to ON(1) transition to reset the instruction after the Request input is removed OFF(0). The following diagram shows normal operation with manual restart.

Faulted Operation

Faulted Operation, Deceleration Fault

The following diagram, a timing diagram of SS2 where a Deceleration Fault occurs, shows the axis speed exceeding the Speed Limit Function, resulting in a Deceleration Fault. Note that the timing diagram is shown for Manual Restart. For Automatic Restart the timing is similar except that the Reset Required [RR] output will not turn ON(1) until a fault occurs.

Faulted Operation, Standstill Speed Fault

The following diagram shows SS2 where a Standstill Speed Fault occurs. As shown, the axis speed reached SS2 and SOS Standstill Speed but during the SOS function the Speed increased until the SOS Standstill Speed was exceeded, resulting in a fault. Note that the timing diagram is shown for Manual Restart. For Automatic Restart, the timing is similar except that the Reset Required [RR] output will not turn ON(1) until the fault occurs.

Fault Codes and Corrective Actions

SS2 Fault Codes

Fault Code	Description	Corrective Action
1	No Fault	None.
2	Invalid Configuration Fault	Check the input values and correct inconsistencies or illegal values. Check the diagnostic code for more information Reset the fault.
3	Deceleration Fault - the axis being monitored for stopping exceeded the speed limit ramp computed by the instruction.	Reset the fault and check the motion application to ensure the axis is decelerated as required when SS2 Active is asserted ON(1).
4	Maximum Time Fault - the maximum time to reach SS2 standstill was exceeded.	Increase the allowable time, increase the deceleration, or reduce the initial speed of the axis Reset the fault.
102	SFX Instruction Not Ready Fault	Ensure that the SFX instruction that supplies inputs to this SS2 instance is running and not faulted before requesting SS2.

SOS Fault Codes

Fault Code	Description	Corrective Action
1	No Fault	None.
2	Invalid Configuration Fault	Check the input values and correct inconsistencies or illegal values. Check the diagnostic code for more information Reset the fault.
3	Standstill Position Fault	Ensure movement is within the Standstill Deadband after check delay time expires.
4	Standstill Speed Fault	Ensure speed is below the Standstill limit before check delay time expires.
101	Position Window Calculation Overflow Fault. The Position scaling from the Feedback SFX tag multiplied by the Position Window exceeds (2^31 – 1)	Ensure that the SFX instruction that supplies inputs to this SS2 instruction has correct values. Use a smaller Position Window value.

Diagnostic Codes and Corrective Actions

Diagnostic Code	Description	Corrective Action
0	No diagnostic information.	None
10	Rung went false while instruction was executing.	Make sure this instruction is enabled.
20	Stop Monitor Delay value not valid.	An INT value from 0 to 32767 must be used
21	Stop Delay value not valid.	A DINT value must be between 0 and 3,000,000 must be used
22	SS2 Standstill Speed value not valid.	SS2 Standstill Speed must be a non negative REAL
23	Deceleration Reference Speed value not valid.	Must be a non negative REAL
24	Deceleration Speed Tolerance value not valid.	Must be a non negative REAL
25	Mode value not valid.	An INT value of 1 (Speed Check) or 2 (Position Check) must be used.
26	Check Delay value not valid.	An INT value between 0 and 32767 must be used.
27	Standstill Deadband not valid	Must be a non negative REAL.
28	Standstill Speed not valid	Must be a non negative REAL.

Example

Drive Safety Instructions

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.