Error Management Everest
Summit servo drives have been designed to contain the capability to self-test the status of its elements in order to be itself protected in front of any error inside or outside the drive. This is divided into two error types:
- Operation errors. During normal operation, some modules are continuously checked.
- Register errors. The access to the drive registers is self-protected to avoid unreachable configurations.
Operation errors
Operation verification is done continuously after power is on. Errors are logged into a 32 size FIFO queue. The drive fills the queue until it is full, then the older error is overwritten by the new one. Therefore, the last error is the same than the error in the 0 position of the FIFO and the error in the last FIFO position (31) is removed if a new error appears. All these errors are accessible at any time. Furthermore, the last error is always monitored using a high-speed access register.
Error severity
Errors can have two severity levels: warning and fault. The behavior of each is different.
Warning
Warnings are considered to be non-critical errors, thus no reaction is applied. Warnings are logged in the error queue unless the same error code has been logged in the previous position or unless the drive has detected a fault error.
The error ID of a warning message is equal to an error code plus the bit 28 0x10000000. This bit of information is used to identify if the error code has been generated as a fault or a warning.
Fault
Faults are errors with higher priority than warnings, where generally the reaction is to shut down the driver's power stage for safety purposes. Only one fault can be logged in the error manager unless a new fault is generated with a more restrictive reaction. New faults can be logged as well when a fault reset is attempted, notifying the user in case some additional error is preventing the drive from exiting the fault state in the state machine.
Fault reaction and error masking
Some specific errors which are not excessively critical can have their reaction and severity level modified by means of user option codes. The option codes are the following:
| Severity | Reaction |
|---|---|
| Fault | Disable power stage |
| Warning | Do nothing |
| Fault | Slow down ramp |
| Fault | Quick stop ramp |
When using slow down ramp or quick stop ramp option codes, it is important to have the velocity loop operative and properly configured. In the option codes that also disable the power stage after detecting that the motor has stopped, velocity threshold and velocity threshold time have to be also configured.
Queues
Each element of the summit device architecture has the capability to detect errors and log them into its own error management queue. Additionally, an extra queue named "system" groups all the errors in a single table to provide a master single entry point.
Each error management queue logs the following events:
Axis Error queue | General Error queue | System Error queue | |
|---|---|---|---|
| Axis errors | ✔ | ✘ | ✔ |
| Axis warnings | ✔ | ✘ | ✘ |
| General errors | ✘ | ✔ | ✔ |
| General warnings | ✘ | ✔ | ✔ |
Axis error queue
When an error with severity fault is detected, the drive goes to the called Fault state until the error is removed and the user resets this status through a Fault reset command. In the Fault state, all power elements are disabled and normal operation is not allowed.
Note
Operation errors are not logged until the drive reaches the switch-on state. More details about the drive state machine are available in the Operation section.
On the other hand, when an error with warning severity level happens, the warning bit of the drive's Status Word is set. This bit is also cleared automatically whenever the error cause is gone.
The registers for accessing the axis error queue are:
- Last error
- Error total number
- Error list index request
- Error list requested code
General error queue
In this case, the warning severity does not affect any module of the drive, the warning is simply logged into the general queue. An error with fault severity sets an external fault to the axis.
The registers for accessing the general error queue are:
- Last error (subnode 0)
- Error total number (subnode 0)
- Error list index request (subnode 0)
- Error list requested code (subnode 0)
System error queue
The system queue collects all the errors detected on any subnode. It also adds information about which subnode is the origin of the error.
Note
System error code:
| Bit number | 31 .. 29 | 28 | 27 .. 24 | 23 .. 20 | 19 .. 16 | 15 .. 0 |
|---|---|---|---|---|---|---|
| Meaning | Reserved | Warning | Reserved | Subnode | Reserved | Error code |
Example: 0x0010XXXX means that subnode 1 (axis) has an errorcode XXXX.
A specific GPOs configuration is needed to collect the subnode 1 errors in the system queue. It is already configured by default. For further information see register error notification source.
CANopen and EtherCAT EMCY services use system error queue, they won't work if this configuration is not properly done.
The registers for accessing the system error queue are:
- System last error
- System error total number
- System error list index request
- System error list requested code
Operation error codes
Axis operation error codes
| Error Id | Default severity and reaction | Reaction configurable | Description | Meaning |
|---|---|---|---|---|
| 0x00000000 | None | No | No error | Drive is working correctly |
| 0x00001001 | Fault - Power stage shutdown | Yes | Communications watchdog error | No valid frames have been received during the configured communications watchdog window time |
| 0x00002280 | Fault - Power stage shutdown | No | Over-current detected (internal drive limit) | It indicates that a current value higher than the maximum absolute one allowed by the drive has been detected. There are several sources that produce this error:
|
| 0x00002281 | Fault - Power stage shutdown | No | Faulty gate driver | A failure has been detected in gate driver. The cause of the failure could be
|
| 0x00002282 | Fault - Power stage shutdown | No | Current A sensing reached upper saturation limit | Current A ADC counts have reached upper ADC saturation limit |
| 0x00002283 | Fault - Power stage shutdown | No | Current A sensing reached lower saturation limit | Current A ADC counts have reached lower ADC saturation limit |
| 0x00002284 | Fault - Power stage shutdown | No | Current B sensing reached upper saturation limit | Current B ADC counts have reached upper ADC saturation limit |
| 0x00002285 | Fault - Power stage shutdown | No | Current B sensing reached lower saturation limit | Current B ADC counts have reached lower ADC saturation limit |
| 0x00002286 | Fault - Power stage shutdown | No | Current C sensing reached upper saturation limit | Current C ADC counts have reached upper ADC saturation limit |
| 0x00002287 | Fault - Power stage shutdown | No | Current C sensing reached lower saturation limit | Current C ADC counts have reached lower ADC saturation limit |
| 0x00002288 | Fault - Power stage shutdown | Yes | User I2T limit detected without current control | The I2T algorithm is always enabled and generates a fault if the current loop is disabled when the user I2T limit is overcome |
| 0x00002289 | Fault - Power stage shutdown | Yes | Over-current detected (user limit) without current control | Indicates that a current reading higher than the configured max. current has been reached |
| 0x0000228A | Fault - Power stage shutdown | No | System I2T detected | The system I2T limit is reached (maximum drive limits) |
| 0x0000228B | Fault - Power stage shutdown | No | Derating without current control | Indicates that driver has started derating ramp without current control |
| 0x0000228C | Fault - Power stage shutdown | No | Current sensor calibration error | Indicates that the current sensor calibration offset is out of tolerance (abnormal situation during calibration). |
| 0x00002301 | Fault - Power stage shutdown | No | Brake over-current | The current in the brake is higher than the limit set by the user |
| 0x00002302 | Fault - Power stage shutdown | No | Brake tracking error | The brake current cannot follow the value set by the user |
| 0x00003210 | Fault - Power stage shutdown | No | Over-voltage detected (internal drive limit) | Maximum allowed voltage by the drive is overcome |
| 0x00003211 | Fault - Power stage shutdown | No | Over-voltage detected (redundant internal drive limit) | Maximum allowed voltage by the drive is overcome |
| 0x00003221 | Fault - Power stage shutdown | No | Under-voltage detected (internal drive limit) | Minimum allowed voltage by the drive is overcome |
| 0x00003231 | Fault - Power stage shutdown | Yes | Over-voltage detected (user limit) | User maximum voltage limit is overcome |
| 0x00003241 | Fault - Power stage shutdown | Yes | Under-voltage detected (user limit) | User minimum voltage limit is overcome |
| 0x00003280 | Fault - Power stage shutdown | Yes | STO is enabled | STO is active and could have disabled the power stage disabled |
| 0x00003281 | Fault - Power stage shutdown | No | STO supply fault | STO supply fault. Unit could be damaged |
| 0x00003282 | Critical - Power stage shutdown | No | STO abnormal fault | STO abnormal fault. STO1 and STO2 inputs differed more than latching time |
| 0x00003283 | Fault - Power stage shutdown | No | STO active in operation enabled | STO is active in operation enabled and has disabled the power stage |
| 0x00003290 | Fault - Power stage shutdown | No | Input stage problem | It indicates that the bus voltage is not being loaded correctly |
| 0x00004300 | Fault - Power stage shutdown | No | Over-Temperature detected (internal drive limit) | Maximum allowed drive temperature is overcome |
| 0x00004301 | Fault - Power stage shutdown | No | Under-Temperature detected (internal drive limit) | Minimum allowed drive temperature is overcome |
| 0x00004303 | Fault - Power stage shutdown | Yes | Over-temperature detected (user limit) | User maximum drive temperature is overcome |
| 0x00004304 | Fault - Power stage shutdown | Yes | Under-temperature detected (user limit) | User minimum drive temperature is overcome |
| 0x00004305 | Fault - Power stage shutdown | Yes | Wrong ADC measurements detection | ADC module is not working as expected and cannot be trusted |
| 0x00004400 | Fault - Power stage shutdown | Yes | Motor Over Temperature detected | Maximum temperature allowed by the actuator is overcome |
| 0x00004500 | Fault - Power stage shutdown | Yes | External fault | An external element has set to "high level" the external fault input. This error is only present in Everest family products (EVE) or CORE versions. The reaction of the device to this signal is configurable by means of the External fault option code and External error signal reaction registers. When External fault option code register is set to Fault, register External error signal reaction will decide what to do. In products as the Everest family (EVE), this fault is generated internally if certain errors are detected in subnode 0 to allow stopping safely the drive. Current implementation generates this error if:
|
| 0x00007370 | Fault - Power stage shutdown | Yes | Halls sequence error | Two of the 3 digital Halls signals have changed value simultaneously, leading to an unsupported sequence |
| 0x00007371 | Fault - Power stage shutdown | No | Halls combination error | Indicates that the read halls value combination is not possible (000 or 111) |
| 0x00007372 | Fault - Power stage shutdown | No | Feedback runaway error | Feedback reading over a mechanical cycle does not match with the specified encoder resolution. Review encoder resolution or encoder cabling |
| 0x0000737E | Fault - Power stage shutdown | No | Absolute encoder 1 disconnection or frame overlap | Absolute encoder 1 disconnection when using BiSS-C protocol, or frame overlap |
| 0x0000737F | Fault - Power stage shutdown | No | Absolute encoder 2 disconnection or frame overlap | Absolute encoder 2 disconnection when using BiSS-C protocol, or frame overlap |
| 0x00007380 | Fault - Power stage shutdown | No | Too many incorrect invalid position flags detected in SSI / BiSS - C readings | Indicates that the error bit of the absolute encoder is active and the amount of occurrences has exceeded the error tolerance parameter |
| 0x00007381 | Warning | No | BiSS-C warning bit active | Indicates that the warning bit of the BiSS-C encoder is active |
| 0x00007382 | Fault - Power stage shutdown | No | Too many incorrect CRC checks in SSI / BiSS-C readings | It indicates that the number of CRC errors detected is higher than the configured |
| 0x00007384 | Warning | No | Absolute encoder error bit active without exceeding error tolerance | Indicates that the error bit of the absolute encoder is active but the amount of occurrences has not exceeded the error tolerance parameter |
| 0x00007385 | Fault - Power stage shutdown | Yes | Position out of limits out of position modes | Indicates that position readings are out of the configured software limits when the position loop is not enabled |
0x00007386 | Fault - Power stage shutdown | Yes | Velocity out of limits out of velocity or position modes | It indicates that velocity readings are higher than the configured max. velocity when the velocity loop is not enabled |
| 0x00007387 | Fault - Power stage shutdown | Yes | In a position mode, following error overcomes the position following error window | The position demand can't be followed properly by the drive. Review controller, limits, and acceleration/velocities |
| 0x00007388 | Fault - Power stage shutdown | Yes | In a velocity mode, following error overcomes the velocity following error window | The velocity demand can't be followed properly by the drive. Review controller, limits, and acceleration/velocities |
| 0x0000738C | Fault - Power stage shutdown | No | Position out of limits in position mode | The drive is outside its position limits when being enabled in position mode |
| 0x00007390 | Fault - Power stage shutdown | No | Interpolation time is too small when PVT is enabled. | PVT movement has an interpolation time smaller than the drive loop update time |
| 0x00007391 | Fault - Power stage shutdown | No | Profiler parameters not valid. They should all have positive values. | Profiler parameters such as max. velocity, max. acceleration or max. deceleration has unsupported values that can cause undesired trajectories |
| 0x0000739A | Fault - Power stage shutdown | No | The electrical velocity limit has been exceeded | The motor motor cannot be operated over the electrical velocity limit of 600Hz. This limit only applies for non-position and non-velocity operation modes. |
General operation error codes
| Error Id | Default severity and reaction | Reaction configurable | Description | Meaning |
|---|---|---|---|---|
| 0x00000000 | None | No | No error | Drive is working correctly |
| 0x0000F011 | Info - Nothing | No | Cyclic mode mapping error | The mapping parameters of monitoring-disturbance are invalid |
There are some general errors that are specific to the communication field bus.
CANopen
The next table shows the supported CANopen specific operation error codes:
| Error Id | Default severity and reaction | Reaction configurable | Description |
|---|---|---|---|
| 0x00008100 | Info - Nothing | No | Communication – generic |
| 0x00008110 | Info - Nothing | No | CAN overrun (objects lost) |
| 0x00008120 | Info - Nothing | No | CAN in error passive mode |
| 0x00008130 | Fault - Power stage shutdown | Yes | Life guard error or heartbeat error |
| 0x00008140 | Go to pre-operational state (Change over CANopen state machine) | No | Recovered from bus off |
| 0x00008210 | Info - Nothing | No | PDO not processed due to length error |
| 0x00008220 | Info - Nothing | No | PDO length exceeded |
| 0x00008240 | Info - Nothing | No | Unexpected SYNC data length |
| 0x00008250 | Info - Nothing | No | RPDO timeout |
EtherCAT
The next table shows the supported EtherCAT specific operation error codes:
| Error Id | Default severity and reaction | Reaction configurable | Description |
|---|---|---|---|
| 0x0000FF42 | Fault - Power stage shutdown | Yes | EtherCAT cable disconnected |
| 0x0000FF43 | Fault - Power stage shutdown | Yes | Cyclic timeout EtherCAT PDO lifeguard |
Fault reaction timeout
To prevent situations where a poor configuration of the conditions to exit fault reaction active state might get the driver stuck in this state, a timeout is implemented to transition to the fault state.
Register error codes
Configuration verification is done on every access to a drive register. Some parameters are protected to avoid unreachable (or even dangerous) configurations, for example, selecting a nonexistent feedback.
Configuration errors do not generate any reaction to the system operation.
The following error codes help to understand why the requested register access failed:
| Error Id | Default severity and reaction | Reaction configurable | Description | Meaning |
|---|---|---|---|---|
| 0x0000738B | Info - Nothing | - | Trapezoidal commutation without digital halls not allowed | Trapezoidal commutation without digital halls not allowed. Review commutation sensor configuration and phasing |
| 0x00007400 | Info - Nothing | - | Unsupported synchronization method | The selected synchronization method doesn't exist or is not allowed in the current state |
| 0x00007500 | Info - Nothing | - | Number of active feedbacks is higher than allowed | The number of selected feedbacks to be enabled is higher than the allowed one by the drive |
| 0x00007503 | Info - Nothing | - | Access unsupported in the current state. | The register is usually accessible but the access is currently disabled due to the drive state. |
| 0x00007504 | Info - Nothing | - | Access unsupported because of local control | The register is accessible under certain conditions that are not being satisfied. |
| 0x05040000 | Info - Nothing | - | COMKIT Timeout. CORE device is not properly connected | Specific fault generated by COMKIT if the CORE product is not connected properly |
| 0x06010000 | Info - Nothing | - | Incorrect access type | It indicates that a read command has been requested to a write-only register of a write command has been requested to a read-only register |
| 0x06020000 | Info - Nothing | - | Object does not exist | It indicates that the requested register does not exist |
| 0x06040041 | Info - Nothing | - | Object isn't cyclic mappable as requested | It indicates that the register requested to be mapped into a cyclic frame is not cyclic |
| 0x06040042 | Info - Nothing | - | Cyclic mapping is too large | It indicates that the requested cyclic mapping is higher than the allowed space in the cyclic buffer |
| 0x06070010 | Info - Nothing | - | Mapped cyclic register size is wrong | The requested size for the mapped cyclic register differs from the expected one by the drive |
| 0x06090011 | Info - Nothing | - | Sub-Index does not exist | The requested Sub-Index is not present in the device |
| 0x060A0000 | Info - Nothing | - | Unsupported value introduced in register | Value to be written is outside the parameter range |
| 0x08000000 | Info - Nothing | - | Read / Write operation not executed | It indicates that the requested register read or write was not executed |
| 0x08010000 | Info - Nothing | - | Cyclic mapping key is wrong | It indicates that the requested cyclic register key doesn't exist |
| 0x08010010 | Info - Nothing | - | Communication state is unreachable | Transition from config to cyclic or from cyclic to config modes is unreachable in the current state |
| 0x08010020 | Info - Nothing | - | Communication setting is not modifiable in the current state | A new mapping has been requested when the drive is in cyclic mode |
| 0x08010030 | Info - Nothing | - | Invalid command | The command requested by the master is unrecognized |
| 0x08010040 | Info - Nothing | - | CRC error | A CRC error has been detected on the previous frame |
CANopen SDO abort codes
The next table shows the supported CANopen SDO abort codes:
| Error Id | Description |
|---|---|
| 0x06060000 | Access failed due to hardware error |
| 0x06090030 | Value range exceeded |
| 0x08000020 | Data can not be read or written |
| 0x08000022 | Data cannot be transferred or stored to the application because of the present device state |
| 0x08000024 | No data available |