Search

EP-4502738-B1 - CIRCUIT ARRANGEMENT FOR CONTROLLING A MACHINE AND MACHINE SYSTEM

EP4502738B1EP 4502738 B1EP4502738 B1EP 4502738B1EP-4502738-B1

Inventors

  • FRÖHLICH, Joachim
  • ROTHBAUER, STEFAN
  • STÜCKJÜRGEN, Christoph
  • ZELLER, MARC

Dates

Publication Date
20260513
Application Date
20230731

Claims (10)

  1. Circuit arrangement (14) for controlling a machine (12), comprising at least one first electronic computing device (18) having a control function (20) for generating a control signal (28) for the machine (12), wherein the first electronic computing device (18) has at least one internal data sensor (22) for generating a first safety signal (30) for a safety device (16) for the machine (12), wherein the internal data sensor (22) is part of the control function (20), wherein the internal data sensor (22) is designed to monitor the control function (20), characterized in that an external data sensor (26) which is coupled to the internal data sensor (22) is provided, wherein the external data sensor (26) is designed to generate a second safety signal (32) for the safety device (16), wherein the external data sensor (26) is provided externally to the control function (20), wherein the external data sensor (26) is designed to monitor the control function (20).
  2. Circuit arrangement (14) according to Claim 1, characterized in that the external data sensor (26) is formed on a second electronic computing device (24) of the circuit arrangement (14).
  3. Circuit arrangement (14) according to Claim 1, characterized in that the external data sensor (26) is formed on the first electronic computing device (18).
  4. Circuit arrangement (14) according to any one of the preceding claims, characterized in that the internal data sensor (22) is designed to adapt the control function (20).
  5. Circuit arrangement (14) according to any one of the preceding claims, characterized in that the internal data sensor (22) is designed to test the function of the control function (20).
  6. Circuit arrangement according to any one of the preceding claims, characterized in that the external data sensor (26) is designed to adapt the control function (20).
  7. Circuit arrangement (14) according to any one of the preceding claims, characterized in that the external data sensor (26) is designed to test the function of the control function (20).
  8. Circuit arrangement (14) according to any one of the preceding claims, characterized in that the first safety signal (30) can be transmitted to the safety device (16) via a first data line (24) and the second safety signal (32) can be transmitted via a second data line (36) independent of the first data line (34).
  9. Circuit arrangement (14) according to any one of the preceding claims, characterized in that the internal data sensor (22) and the external data sensor (26) are coupled to one another via a communication line (38).
  10. Machine system (10) comprising at least one machine (12), a safety device (16) and comprising a circuit arrangement (14) for controlling the machine (12) according to any one of Claims 1 to 9.

Description

The invention relates to a circuit arrangement for controlling a machine, comprising at least one first electronic computing unit with a control function for generating a control signal for the machine, wherein the electronic computing unit includes at least one internal data sensor for generating a first safety signal for a safety device for the machine. The invention further relates to a machine system. To perform safety-critical automation tasks that require continuous monitoring and control, automation software must run reliably. It must be ensured at all times that a safe system state can be reached in the event of a fault, for example, an emergency stop of a machine or a restart point without interrupting the controlled process. For this purpose, dedicated hardware, such as a fail-safe PLC, and software for fault-tolerant systems are typically used. For safety reasons, safety-critical automation tasks cannot be performed on commercially available standard hardware in the prior art. The printed matter EP 1 589 386 A1 Disclosing a process unit to be controlled. The process unit to be controlled is controlled by at least one process module and at least one safety module. The process module transmits non-safety-related process signals. The safety module transmits safety signals relating to process safety. The signals are logically combined, and the result provided at a control output of a control unit to which the process equipment to be controlled is connected. The printed matter DE 10 2014 100970 A1 This relates to a device for the safe disconnection of an electrical load. I/O units with inputs and/or outputs are disclosed, which serve for signal acquisition and/or output, i.e., for reading sensors and controlling actuators. The printed matter DE 10 2015 118151A1 reveals a safety sensor for monitoring the operational safety of a system. The object of the present invention is to create a circuit arrangement and a machine system by means of which safety-critical functions can be tested during operation and, if necessary, safety measures can be taken. This problem is solved by a circuit arrangement according to claim 1. Advantageous embodiments are specified in the dependent claims. One aspect of the invention relates to a circuit arrangement for controlling a machine, comprising at least one first electronic computing device with a control function for generating a control signal for the machine, wherein the electronic computing device has at least one internal data sensor for generating a first safety signal for a safety device for the machine. An external data sensor is provided, which is coupled to the internal data sensor, with the external data sensor being designed to generate a second safety signal for the safety device. In particular, this makes it possible to test safety-critical functions during operation using appropriate standard hardware and, if necessary, to take safety measures. The invention takes advantage of the fact that emergency control can be performed via both the internal and the external data sensor. The internal data sensor is understood to be one that is provided as part of the control function. The external data sensor is understood to be one that is provided externally for the control function. In particular, the invention relates to a distributed, time-controlled circuit arrangement with control functions, which is used on the first electronic computing device. The control function controls the machine via a corresponding connection. The circuit arrangement can include a safety device that can put the machine into a safe state. Compared to the prior art, the invention offers the advantages of eliminating the costs of external test systems, including the costs of test system integration, since all necessary components are integrated directly into the circuit arrangement. Furthermore, safety-related functions with higher integrity levels can be supported. In particular, by using the external and internal data sensors on different electronic computing devices, certain classes of random errors can be detected, especially those that do not require comparison with another redundant control function. The internal and external data sensors can monitor each other and detect certain classes of errors in either the internal or external data sensor. Additionally, time-critical tests can be performed more efficiently due to the elimination of communication delays. Cycle times between the external and internal data sensors can be performed when the internal data sensor conducts the test locally within the control function. Furthermore, time-critical safety interventions can be carried out. This includes, in particular, emergency stops, as time-critical tests can be performed as part of a safety monitor. Additionally, tests can be deployed flexibly depending on the purpose, scope, and requirements. Tests can be integrated locally with the control function via the internal data sensor, fo