Warnings
Section 1 Safety Operator Warnings
16
2PAA110888-600 - Warnings based on 3BNP004865-600 RevA
Use of Retain Variables
A philosophy for using retain/cold retain values shall be developed based on the
characteristics of the process to be controlled. The philosophy shall be followed
consistently for the whole plant.
Power Failure
If automatic restart of the process after a power failure is not desired, the application
program shall contain mechanisms to achieve the desired behavior.
I/O Signal Failure
The input modules certified for use in safety critical applications can be configured
to enter a predefined safe value upon a detected failure. The modules can also be
configured to “keep current value” upon a failure. When this option is used, the
application shall be designed to handle the process safely upon faulty input signals.
Keep current value is not allowed in Machine Safety applications.
The application program shall be designed to handle faulty input and output signals
in accordance with the safety requirements for the plant.
To avoid dangerous situations at controller restart, care shall be taken during
application design, e.g. by using the IO Status value to interlock unwanted start-up
actions.
Usage of Compact Flash Card
The Compact Flash Card must be removed from the High Integrity controller before
the reset button is pressed to perform a cold restart.
Exceptional values in arithmetic operators and functions
When working with arithmetic operators and Mathematical System functions, the
user must take care to avoid illegal parameters, out-of-range, and overflow
situations. This can be facilitated by using the RealInfo function for variables of
data type Real.
The RealInfo should be used when there is a risk of overflow when making
calculation with the data type Real. The function RealInfo should be used just after