Fail-Safe Blocks
Fail-Safe Systems
A5E00085588-03
8-97
Interaction with Channel Drivers
For proper operation of the F_2oo3_R block when the three analog inputs are
provided by F_CH_AI channel drivers, it is important to coordinate the
configuration parameters of the channel drivers and the F_2oo3_R block. The key
is to determine a typical, expected operating value for the values feeding the
F_2oo3_R block and set all three channel drivers’ SUBS_V inputs to a value that is
greater than the expected value by more than the F_2oo3_R block’s DELTA input.
The channel drivers’ SUBS_ON input must be set to 1 to enable outputting the
SUBS_V value when a channel fault is detected.
If one channel driver detects a failure, that F_CH_AI block will provide the
F_2oo3_R block with both the process value bad indicator (QBAD) and the
substitute value (SUBS_V). The F_2oo3_R block would set the corresponding DIS
output (since the substitute value differs from the F_2oo3_R block’s current analog
output by more than DELTA) and select one of the other two analog inputs as the
F_2oo3_R block’s analog output.
If two or more channel drivers detect a failure (output their SUBS_V value and set
their QBAD to 1), the F_2oo3_R block’s QBAD output will be 1 indicating that the
selected analog output V is no longer valid.
Therefore, a configuration using the F_CH_AI and F_2oo3_R blocks would have
the following connections:
•
The V outputs of the three F_CH_AI connected to the three IN inputs of the
F_2oo3_R
•
The QBAD outputs of the three F_CH_AI connected to the three QBAD inputs
of the F_2oo3_R
•
The SUBS_ON inputs of the three F_CH_AI blocks set to 1
•
The F_2oo3_R block’s DELTA input set to the largest acceptable difference
from the expected value
•
The SUBS_V inputs of the three F_CH_AI blocks set larger than the F_2oo3_R
block’s DELTA input
•
The F_2oo3_R block’s QBAD output connected to program logic to annunciate
2oo3 failure
•
The F_2oo3_R block’s three DIS outputs connected to program logic to
annunciate a sensor failure
Error Handling
In the event of an error that is critical to safety, the system function SFC F_CTRL
is called. This records the event in the Diagnostic Buffer and requests a switch to
the reserve CPU if the error occurred only on the master CPU. For non-redundant
systems or a common-cause error occurring in both CPUs, the shutdown logic can
be configured to either disable the erred F-run-time group or the entire Safety
Program.
Содержание SIMATIC S7 F
Страница 8: ...Important Information Fail Safe Systems viii A5E00085588 03 ...
Страница 16: ...Contents Fail Safe Systems xvi A5E00085588 03 ...
Страница 38: ...Product Overview Fail Safe Systems 1 22 A5E00085588 03 ...
Страница 56: ...Getting Started Fail Safe Systems 2 18 A5E00085588 03 ...
Страница 70: ...Safety Mechanisms Fail Safe Systems 3 14 A5E00085588 03 ...
Страница 115: ...Programming Fail Safe Systems A5E00085588 03 5 33 Examples Receive Block Send Block ...
Страница 154: ...Programming Fail Safe Systems 5 72 A5E00085588 03 ...
Страница 166: ...Operation and Maintenance Fail Safe Systems 6 6 A5E00085588 03 ...
Страница 332: ...Fail Safe Blocks Fail Safe Systems 8 144 A5E00085588 03 ...
Страница 344: ...References Fail Safe Systems B 2 A5E00085558 03 ...
Страница 350: ...Glossary Fail Safe Systems Glossary 6 A5E00085588 03 ...