Siemens SIMATIC S7 F Скачать руководство пользователя страница 162 | Manualshive

Страница: 162 / 354

Siemens SIMATIC S7 F Скачать руководство пользователя страница 162

Operation and Maintenance

Fail-Safe Systems

6-2

A5E00085588-03

Fiber-Optic Cables Between the Synchronization Modules in the S7-400 FH

!

Safety Note – Duplicate Masters must be avoided

In a fail-safe and fault-tolerant S7 FH System, you must prevent both CPUs from
being master at the same time, since this may result in hazardous faults.

Such a state (the two CPUs are both masters at the same time) can occur if the
two fiber-optic cables used to connect the CPUs are removed or interrupted
simultaneously when the S7-400 FH is in a redundant configuration. This must be
prevented by laying separate fiber-optic cables.

This state (two CPUs both masters at the same time) can also occur after a CPU is
repaired if the CPUs have not been connected via both fiber-optic cables before
the power supply is switched back on.

Take organizational steps to ensure that, after a CPU has been replaced, both
fiber-optic cable connections are established before the power supply is switched
on.

You can find information on replacing components in fault-tolerant systems in
manual /4/. Please refer to the references in Appendix B.)

6.3

Working with the Safety Program

You must take into account the following when working with the Safety Program:

•

You must not operate Safety Programs directly when safety mode is activated!
You can enter safety parameters:

-

by means of fail-safe conversion blocks.

-

in CFC test mode.

•

Access to the CPU must be protected with a password.

•

The offline project in the programming device/ES must always be kept
consistent with the CPU. In other words, no old programs, charts or blocks
should be copied to a project.

!

Safety Note – Safety measures must be followed

If you don’t follow the above safety measures, this may result in errors in the
execution of the safety program and in the Safety Program Shutdown.

«
...
160
161
162
163
164
...
»

Содержание SIMATIC S7 F

Страница 1: ...ration 4 Programming 5 Operation and Maintenance 6 Safety 7 Fail Safe Function Blocks 8 Appendices Check Lists A References B Glossary Index SIMATIC Programmable Controllers S7 F FH Systems Manual This manual is part of the documentation package with the order number 6ES7988 8FA10 8BA0 Edition 02 2003 A5E00085588 03 ...

Страница 2: ...safety related use of the product Warning indicates that death severe personal injury or substantial property damage can result if proper precautions are not taken Caution indicates that minor personal injury can result if proper precautions are not taken Note draws your attention to particularly important information on the product handling the product or to a particular part of the documentation...

Страница 3: ... Contents This manual describes how to work with the S7 F FH Systems using S7 F Systems V5 2 software It consists of instructive chapters and reference chapters descriptions of the fail safe function blocks and check lists for acceptance The manual covers the following topics Safety Mechanisms Configuration Programming Maintenance Safety Fail Safe Blocks Scope of the Manual Module Order Number As ...

Страница 4: ...to the following levels Requirement classes AK1 to AK6 in accordance with DIN V 19250 DIN V VDE 0801 SIL1 to SIL3 Safety Integrity Level in accordance with IEC 61508 Categories 1 to 4 in accordance with EN 954 1 Place in the Information Landscape This manual is part of the documentation package for the S7 F FH System System Documentation Package Order Number S7 F Systems Safety Engineering in SIMA...

Страница 5: ...ons about the use of products presented in this manual contact your local Siemens representative http www siemens com automation partner Training Center We offer courses to help you get started with the S7 automation system Contact your regional training center or the central training center in Nuremberg 90327 Federal Republic of Germany Telephone 49 911 895 3200 http www sitrain com H F Competenc...

Страница 6: ...00 a m to 5 00 p m Telephone 49 0 180 5050 222 Fax 49 0 180 5050 223 E mail adsupport siemens com GMT 1 00 United States Johnson City Technical Support and Authorization Local time M F 8 00 a m to 5 00 p m Telephone 1 0 770 740 3505 Fax 1 0 770 740 3699 E mail isd callcenter sea siemens com GMT 5 00 Asia Australia Beijing Technical Support and Authorization Local time M F 8 00 a m to 5 00 p m Tele...

Страница 7: ...will find the following information Newsletter providing the latest information on your products Exact documents for your requirements which you can access by performing an online search in Service Support Forum in which users and experts worldwide exchange ideas Your local Automation Drives contact who can be accessed in our Contacts database Information about local service repair and replacement...

Страница 8: ...Important Information Fail Safe Systems viii A5E00085588 03 ...

Страница 9: ...le 5 25 Startup Protection to handle short power failures in the F I O 5 26 Automatic Reintegration through F_QUITES 5 27 Default MAX_CYC 5 30 Safety Program must be re compiled if S7 connections used for CPU CPU Communication have changed 5 32 Use F_LIM_R for plausibility check of standard to F data conversion 5 37 When Deactivating Safety Mode 5 40 F Blocks outputs always use the preset initial ...

Страница 10: ...nstalled in OB 3x ONLY 8 8 Do NOT change CRC_IMP input 8 26 Use F_LIM_R for plausibility check of standards to F data conversion 8 35 Reintegration through User Acknowledgement with F_QUITES 8 45 PD_FLAG not to be interconnected 8 56 F_SHUTDN in slowest configured OB 8 74 ...

Страница 11: ...S7 FH System Getting Started 2 13 2 3 1 Fault Tolerant S7 FH System Setting Up the Hardware 2 13 2 3 2 Configuring the Fault Tolerant S7 FH System 2 15 2 3 3 Fault Tolerant S7 FH System Creating a Fail Safe User Program 2 16 2 3 4 Starting Up a Fault Tolerant S7 FH System 2 16 2 3 5 Fault Tolerant S7 FH System Monitoring Errors 2 17 3 Safety Mechanisms 3 1 3 1 Introduction to the Safety Mechanisms...

Страница 12: ...ks 5 10 5 3 2 Automatically Inserted F Blocks 5 11 5 3 3 Interconnecting and Assigning Parameters to F Blocks 5 12 5 3 4 Defining the Run Sequence 5 14 5 3 5 Interconnecting F Driver Blocks 5 16 5 3 6 Passivation and Reintegration of the Input and Output Channels 5 24 5 3 7 Programming Startup Protection 5 28 5 3 8 Example Reintegration after Startup of the Safety Program 5 29 5 3 9 Assigning Para...

Страница 13: ...hanges to the Safety Program 7 20 7 5 3 Acceptance of F Block Types 7 22 7 5 4 Responsibilities and Qualifications 7 22 8 Fail Safe Blocks 8 1 8 1 Overview 8 1 8 1 1 Fail Safe Blocks 8 1 8 1 2 F Data Types 8 2 8 1 3 Block I Os 8 4 8 1 4 Block Numbers 8 6 8 1 5 Installation in Cyclic Interrupt OBs 8 8 8 2 Driver Blocks for F I Os 8 9 8 2 1 F_CH_DI 8 10 8 2 2 F_CH_DO 8 13 8 2 3 F_CH_AI 8 16 8 2 4 Co...

Страница 14: ... 5 F_2OUT3 8 89 8 7 6 F_XOUTY 8 91 8 8 Comparison Blocks for Two Input Values of the Same Type 8 92 8 8 1 F_LIM_HL 8 92 8 8 2 F_LIM_LL 8 94 8 8 3 F_2oo3_R 8 96 8 8 4 F_1oo2_R 8 98 8 9 Flip Flop Blocks 8 100 8 9 1 F_RS_FF 8 100 8 9 2 F_SR_FF 8 102 8 10 IEC Pulse and Counter Blocks 8 103 8 10 1 F_CTUD 8 103 8 10 2 F_TP 8 105 8 10 3 F_TON 8 107 8 10 4 F_TOF 8 109 8 11 Pulse Blocks 8 111 8 11 1 F_F_TR...

Страница 15: ...tputs of the Driver Blocks 8 132 8 15 3 Errror Information in the Diagnostic Buffer 8 134 8 15 4 Error Information at the Output RETVAL 8 140 8 16 Run Times 8 141 8 16 1 Run Times of the Fail Safe Blocks 8 141 A Check Lists A 1 A 1 Life Cycle of the Fail Safe Programmable Controllers A 1 A 2 Check List of the Certified Modules A 5 A 3 Check List of the Certified F Blocks A 7 A 4 Check List of the ...

Страница 16: ...Contents Fail Safe Systems xvi A5E00085588 03 ...

Страница 17: ...ed by means of safety functions primarily in the software Safety functions are executed by the S7 F FH programmable controller in order to return the system to a safe state or keep it in a safe state when a hazardous event occurs The safety function for the process can be executed by means of a user safety function or a fault reaction function If the F System can no longer execute its actual user ...

Страница 18: ...wntimes as a result of failures in the F System fail safe systems can be optionally configured for high availability fault tolerance This increased availability can be achieved by means of redundant components power supply central processing unit and communication and I O systems The fail safe and fault tolerant S7 F FH Systems allow production to continue without causing any harm to people or the...

Страница 19: ...rd Ethernet Industrial Ethernet or PROFIBUS S7 F Sys S7 400H S7 FH Sys S7 400 Standard F SMs Standard SMs Standard SMs F SMs Boiler prot Emerg stop F SMs ET 200M ET 200M Burner coal mill Central engineering system ES Operator Stations OS ET 200M ET 200M Standard SMs ET 200S ...

Страница 20: ...H that can run a fail safe F user program One or more fail safe inputs outputs F I Os in a distributed I O device redundancy optional The following figure shows the hardware and software components of an F System You can expand the configuration with standard S7 400 and S7 300 modules Programmable controller S7 F System ET 200M distributed I O device Fail safe signal modules optionally redundant E...

Страница 21: ...s F I Os in a distributed I O device redundancy optional The following figure shows an example of an S7 FH configuration with a redundant CPU shared switched distributed I O modules connected via a redundant system bus Redundant PROFIBUS DP Programmable controller S7 FH System ET 200M distributed I O device Fail safe signal modules optionally redundant ET 200M distributed I O device Standard modul...

Страница 22: ... fact that fail safe F fault tolerant H and standard components can be combined has the following advantages You can set up a fully integrated automation system in which you can make use of the innovation of the standard CPUs and at the same time use fail safe components independently of standard components such as FMs or CPs You can configure and program the whole system using standard tools such...

Страница 23: ...ith the sensors and actuators in such a way as to ensure that the desired safety level can be achieved Configuring the Hardware The configuration set using HWCONFIG must correspond to the hardware configuration in other words the circuit diagram of the I O system must be reflected in the parameter settings The F capable CPU must be configured Creating the F User Program You create the fail safe us...

Страница 24: ... CPU 417 4 H as of V2 0 with an F Copy License is used either individually or as a fault tolerant master standby system The F Copy License permits you to use the CPU as an F CPU i e to run a fail safe user program on it An F capable CPU is a CPU that is approved for use in the S7 F FH It only becomes an F CPU if there is an F user program running on it Otherwise a standard S7 program runs on the C...

Страница 25: ... Standard Components The restrictions for fault tolerant systems apply to the use of standard components You will find the restrictions for standard components in safety mode of fail safe signal modules in the safety information in Chapter 3 of the S7 300 Programmable Controller Fail Safe Signal Modules Additional Information You can find detailed descriptions of the hardware components for the S7...

Страница 26: ...fe blocks contain fault detection and fault reaction functions as well as functions for programming safety functions In other words they ensure that failures and faults are detected and that an appropriate reaction is initiated that will keep the F system in a safe state or return it to a safe state The user program on the CPU can be made up of safety related sections Safety Program and not safety...

Страница 27: ...ting projects based on Failsafe Blocks V1_2 1 6 1 Getting Started Information Applicable to All Use Case Scenarios Installing the Optional Package 1 Start the PC Programming Device Workstation that has the STEP 7 basic software package installed Make sure that there are no open STEP 7 applications 2 Insert the optional package product CD 3 Run the SETUP EXE program on the CD 4 Follow the setup pro...

Страница 28: ...he same way as STEP 7 and the optional packages You can find information on how to install and work with the authorization component in the readme file and in STEP 7 s main help system Note SIMATIC S7 F Systems V5 0 license also supports V5 2 F Copy License An F Copy License permits you to use the CPU as an F CPU e g to run a Safety Program on it 1 6 2 Use case scenarios Scenario 1 Compiling Editi...

Страница 29: ...g S7 F Systems V5 2 on a New PC to Support Failsafe Blocks V1_1 Projects Use this scenario if you have Purchased a new PC Programming Device Workstation and you wish to use projects based on Failsafe Blocks V1_1 library Software Requirements The following software packages must be installed on the PC programming device in order to use modify or create projects based on Failsafe Blocks V1_1 library...

Страница 30: ...ust have the minimum software requirements to allow this Software Firmware Requirements The following software packages must be installed on the PC Programming Device Workstation in order to upgrade projects based on Failsafe Blocks V1_1 library to Failsafe Blocks V1_2 S7 F Systems V5 2 STEP7 V5 2 or higher S7 H Systems Optional Package V5 1 or higher required for S7 FH Systems CFC V5 2 4 CPU S7 4...

Страница 31: ... within the Manage dialog box in SIMATIC Manager a Within SIMATIC Manager open the Manage dialog box by choosing File Manage b Verify Failsafe Blocks V1_2 is in the list If it is then go to step 3 c Open the library within SIMATIC Manager by choosing File Open and press the Browse button d Open the folder SIEMENS STEP7 S7LIBS and select Failsafe Blocks V1_2 and press OK This will open the Failsafe...

Страница 32: ... a 3 Choose the Options Edit Safety Program menu command 4 Press the Library Version Button 5 Select the Library to which you wish to upgrade to and press the OK button 6 Open a CFC Chart from the Program 7 Choose the Options Block Types menu command 8 Select all blocks in the Charts Folder pane ...

Страница 33: ...e after upgrading the library to insure all blocks are up to date Failure to Import new block types may result in a failed compile Important Note Unplaced F Blocks from the block container are automatically deleted when the safety program is compiled Important Note Run time groups containing F Blocks in task OB1 must be moved to OB3x because OB1 is no longer supported ...

Страница 34: ...ents to allow this Software Firmware Requirements The following software packages must be installed on the PC Programming Device Workstation in order to modify or create projects based on Failsafe Blocks V1_2 library S7 F Systems V5 2 STEP7 V5 2 or higher S7 H Systems Optional Package V5 1 or higher required for S7 FH Systems CFC V5 2 4 CPU S7 417F FH V3 1 or higher ET 200S fail safe module driver...

Страница 35: ...t creating a measuring point list defining a structure etc are not described here When you plan the system specify the required safety functions with the corresponding Safety Integrity Levels SILs From these derive the demands on the components in order to implement the safety functions PLCs sensors actuators These decisions affect other tasks such as hardware installation configuration and progra...

Страница 36: ...ize CPU for safety program Parameterize F I Os according to safety class and circuit diagram Create Safety Program Place interconnect and parameterize F function blocks Generate executable code and load to the CPU of the S7 F FH Commission the system Have safety related sections accepted by expert before safety mode is operational Maintain system Replace hardware components Change Safety Program U...

Страница 37: ...nges if only the changes are to be compiled 4 If the F module drivers are not yet placed select the Generate Module Drivers check box in the Compile Charts as Program dialog box This automatically inserts and interconnects the required F module drivers in separate charts Fx Result The Safety Program is compiled and can be downloaded to the CPU Safety functions are added to the charts of the Safety...

Страница 38: ...Product Overview Fail Safe Systems 1 22 A5E00085588 03 ...

Страница 39: ...ocks within it The Step 7 definition of run time groups Run time groups are used to structure tasks The blocks are installed sequentially in the run time groups Run time groups can be activated and deactivated separately If a run time group is deactivated the blocks it contains will no longer be activated Safety Program This is the collection of all F run time groups within the project Force Full ...

Страница 40: ...sed to provide information to the shutdown logic and these include F_Init1 F_CycCo OB35 and F_TestMode At the center of the shutdown logic is the F_SHUTDN function block in the F_ShutDn chart The F_SHUTDN block provides you with the following action You can force a manual shutdown of the entire Safety Program or you can restart the shutdown Safety Program You can use the SHUTDOWN input to set eith...

Страница 41: ...and the S7 H Systems Optional Package Version 5 1 You can find two sample projects in step7 Examples ZEN32 01_FSystem_Fproj For an F System ZEN32 02_FHSystem_FHProj For a fault tolerant FH System You can use the examples to check the results of similar project sessions described below Passwords The passwords for the projects provided are CPU password anna Safety Program password otto ...

Страница 42: ...sisting of 1 mounting rack UR2 H 1 power supply PS 407 10A 1 CPU 417 4H An ET 200M distributed I O device with an active backplane bus consisting of 1 power supply PS307 5A 1 IM 153 2 Bus Interface Module 1 Safety Protector Module 1 fail safe digital input module SM 326F DI 24xDC24V 1 fail safe digital output module SM 326F DO10xDC24V 2A Other accessories PROFIBUS cables and connectors Set the DIL...

Страница 43: ...tor in SIL 3 in ET 200M you can use all the available IM 153 2 interface modules and you can set up the PROFIBUS DP with the copper cable as in standard mode If you don t use a safety protector in SIL 3 in ET 200M you must connect the PROFIBUS DP lines the S7 F System and the S7 400H programmable controllers with fiber optic cables as described in the S7 F FH Programmable Controllers Additional In...

Страница 44: ...on created you can change the name by double clicking the hardware object or right click the Open Object pop up menu command 4 Insert the individual hardware components of the SIMATIC 400 from the Hardware Catalog window you can open the catalog with View Catalog by dragging and dropping them to the station window 5 First place the UR2 mounting rack from the RACK 400 catalog 6 Insert the standard ...

Страница 45: ... module Right click to choose Edit Symbols from the pop up menu and enter symbolic names for all the channels You will need the symbolic names for the channels to create the user program 12 Double click to open the properties dialog box and select Enable Diagnostic Interrupt and Safety Mode with 1oo1 Evaluation on the Inputs tab 13 Insert the output module SM 326F DO10xDC24V 2A from the DO 300 cat...

Страница 46: ...nction blocks must be inserted in run time groups Function Blocks have not been placed yet However you can setup a run time group to be the default destination for new F Blocks 1 Within your project in SIMATIC Manager click on the Charts folder 2 Open the F Blocks chart by double clicking on it 3 Open the Run Sequence either by pressing Control F11 or selecting Edit Run Sequence within the CFC Edi...

Страница 47: ...odule channels 0 and 1 input value is at the Q output of the F_CH_DI FB 4 Interconnect the VALUE input with the symbolic names for channel 0 e g E24 0 and channel 1 e g E24 1 using the right mouse button and Interconnection to Address 5 Assign a value of 1 to the ACK_NEC input in the event of an error user acknowledgment at ACK_REI is required for reintegration 6 Place two F_CH_DO F channel driver...

Страница 48: ...word will be requested on future compiles You will be prompted for MAX_CYC time for every OB3x with a failsafe program After the charts have been compiled the following control blocks are integrated automatically by the S7 F Systems option package In the F CycCo Obxx chart F_CYC_CO F_TEST and F_TESTC for tests In chart F_TestMode the F_TESTM for Test Mode management In chart F_RtgDiagxx the F_PLK ...

Страница 49: ... safe blocks are yellow and marked with an F to distinguish them from standard charts Downloading the Program to the CPU Download the CFC charts to the CPU by means of the PLC Download to Module menu command 2 2 4 Starting Up the S7 F System Start the programmable controller by switching the mode selector to RUN P and carrying out a warm restart on the CPU PLC Operating Mode If you apply voltage t...

Страница 50: ...e front connector in the SM 326F DI24xDC24V again After a reintegration time of approx 1 minute the SAFE LED comes on again and the SF LED goes out The EXTF LED on the CPU goes out The module is reported as OK in the diagnostic buffer of the CPU In test mode you can still see that the driver block is reporting an error If for example you apply voltage at terminal 5 for input 8 0 the Q output of th...

Страница 51: ...us DP Cable Safety Protector Module For this example you need the following hardware components A programmable logic controller consisting of 1 mounting rack UR2 H 2 power supplies PS 407 10A 2 CPU 417 4H 4 synchronization modules 2 fiber optic cables An ET 200M distributed I O device with an active backplane bus consisting of 1 power supply PS307 5A 2 IM 153 2 Bus Interface Modules 1 Safety Prote...

Страница 52: ...de depends on the safety class and the use of a safety protector in the ET 200M configuration If you comply with the requirements of safety class SIL 2 or use a safety protector in SIL 3 in ET 200 M you can use the IM 153 2 for S7 F FH Systems or the IM 153 3 only for the S7 FH Systems and you can set up the PROFIBUS DP with the copper cable as in standard mode If you don t use a safety protector ...

Страница 53: ...g rack 5 Insert the standard power supply PS 407 10 A in slot 1 6 Place the CPU 417 4H V3 1 in slot 3 and create a subnet Insert two synchronization modules H Sync module at IF1 and IF2 7 Open the properties dialog box of the CPU enter a password for the CPU on the Protection tab and select the CPU Contains Safety Program check box 8 Duplicate the entire mounting rack and connect the CPU to a seco...

Страница 54: ...s are generated and stored in the program container 17 Download the hardware configuration to the CPU of rack 0 or CPU0 for short Note that in SIMATIC Manager all the blocks are stored only in CPU0 the upper one of the two 2 3 3 Fault Tolerant S7 FH System Creating a Fail Safe User Program Procedure 1 Create the same fail safe CFC user program as described for the S7 F Systems 2 After the charts h...

Страница 55: ... DO10xDC24V 2A with User Acknowledgment 1 Break the connection to your actuator or load resistor for example on channel 0 2 Apply voltage to channel 0 of the input module e g from the terminal Vs Your output should be set now but if the output module reports a fault the SF LED comes on and the channel LED is off 3 Display the diagnostic buffer of the CPU and of the output module by means of Diagno...

Страница 56: ...Getting Started Fail Safe Systems 2 18 A5E00085588 03 ...

Страница 57: ...bed in the STEP 7 and hardware manuals Which Safety Mechanisms Are Relevant to You The safety related mechanisms in the CPU hardware and operating system are Access protection for F Systems which helps to avoid faults Self tests which help to detect and identify faults The safety related functions for fault detection and fault reaction are mainly located in the Safety Program and in the F I Os The...

Страница 58: ...e parameter assignment of the F I Os in the online help system and in the section Configuring Parameter Assignment of F I Os Safety Mode of the Safety Program The Safety Program usually runs on the CPU in safety mode In other words all the safety mechanisms for fault detection and fault reaction are activated It is not possible to change the Safety Program during operation when it is in safety mod...

Страница 59: ... failure occurs is disabled leaving other run time groups activated Full and Partial Safety Program Shutdown F_SHUTDN input SHUTDOWN Full and all F run time groups disabled This state can be reversed by two methods restarting the shutdown logic through the RESTART input on the F_SHUTDN block or by stopping the F CPU and forcing a coldstart You can find information on restart behavior startup prote...

Страница 60: ...m or Cold Start of the Safety Program additional blocks DB_RES and calls that must not be changed are automatically inserted in the OB 100 and blocks DB_INIT are automatically placed into F_DbInit at compile time Startup Protection A startup of the Safety Program using the initial values can also be triggered by a handling error or an internal error If the process does not permit this a reaction t...

Страница 61: ...t result are checked in the Safety Program by an F test block F_TESTC that is inserted automatically when the Safety Program is compiled Command Tests Some commands are tested in the quickest cycle of the Safety Program These command tests are implemented in the F_TEST block which is included automatically when the Safety Program is compiled 3 6 Logical and Timed Based Program Execution Monitoring...

Страница 62: ... for OBs with F run time groups is assigned in CFC as an input parameter of the F Block F_CYC_CO An F_CYC_CO F Block must be present in each F cycle i e in each cyclic interrupt OB with F Blocks This Block is placed automatically during compilation In the event of an F cycle time overrun the associated F run time groups will become disabled causing all associated outputs to revert to the safe stat...

Страница 63: ...he two counters is less than 10 ms within a time period of 50 s the time is considered correct If the discrepancy is larger a hardware fault is assumed and the Safety Program is disabled The maximum inaccuracy of user times can be calculated on the basis of the following table User Times From To Max Inaccuracy 10 ms 50 s 5 ms 50 s 100 s 10 ms n 50 s n 1 50 s n 1 5 ms The actual inaccuracy is consi...

Страница 64: ...ng and deletion of F Blocks from SIMATIC Manager Downloading to the EPROM memory card on the CPU from SIMATIC Manager Memory reset from CFC or SIMATIC Manager Modification of F constants in CFC test mode Password Validity Legitimization is valid without restrictions until explicitly withdrawn via the corresponding SIMATIC Manager function or until all Step 7 applications have been terminated Passw...

Страница 65: ...CPU 6 2 Safety Program F run time group F run time group F CPU F I O F driver 1 5 3 4 Safety Program F CPU 6 2 Standard program Legend Safety related Non safety related Number Communication Between And Safety Related 1 Safety Program in F CPU Standard program No 2 Standard program Safety Program No 3 F run time group RTG F run time group RTG Yes 4 Safety Program in F CPU F I O Yes 5 Safety Program...

Страница 66: ...y Program for monitoring purposes for example then a block for the conversion of data F_Fdata type_data type must be inserted in CFC to convert the F data types to standard data types These blocks can be found in the Failsafe Blocks User Blocks library The F_Fdata type_data type blocks must be called in the standard user program CFC chart standard run time group If data from the standard user prog...

Страница 67: ..._S_BO and F_R_BO or F_S_R and F_R_R is established by means of interconnection in CFC The F_R_BO and F_R_R blocks have inputs to supply substitute values for the ouptuts when a fault is detected e g Timeout See Also Programming Communication Between F Run Time Groups Within a CPU 3 9 3 Communication Between the F CPU and F I Os Safety Related Communication Between the F CPU and F I Os Via PROFIsaf...

Страница 68: ...ommunication From To Connection Type Safety Related 1 S7 FH Systems S7 FH Systems S7 connection fault tolerant Yes 2 S7 F FH Systems S7 F Systems S7 connection fault tolerant Yes 3 S7 F Systems S7 F Systems S7 connection Yes The fail safe blocks F_SENDBO and F_RCVBO or F_SENDR F_RCVR are available for safety related communication between safety programs on different F CPUs This means a fixed numbe...

Страница 69: ...red between them Communication with Standard CPUs Direct communication between a Safety Program and a standard CPU is not possible Communication can only take place in a standard program on the F CPU after the F data types have been converted into standard data types by means of a conversion block Communication in the standard program uses the standard communication functions See Also Programming ...

Страница 70: ...Safety Mechanisms Fail Safe Systems 3 14 A5E00085588 03 ...

Страница 71: ...an F System Rules for F Systems In addition to the rules that generally apply to the arrangement of modules in an S7 400 the following conditions must be complied with in the case of an F System Note An ET 200S can contain Fail Safe Modules and Standard Modules In safety mode fail safe signal modules can only be used in an ET 200M with the IM 153 2 FO or a Safety Protector Module Exception The S7 ...

Страница 72: ...which can be used in safety mode depends on the safety class and the use of a safety protector in the ET 200M configuration If you comply with the requirements of safety class SIL 2 or use a safety protector in SIL 3 in ET 200M you can use the IM 153 2 for S7 F FH Systems or the IM 153 3 only for the S7 FH Systems and you can set up the PROFIBUS DP with the copper cable as in standard mode If you ...

Страница 73: ...elect the CPU Contains Safety Program option on the Protection tab Important Parameters for the CPU in the S7 FH System To prevent time monitoring during a master standby switchover you must configure the OB3x provided for Safety Programs with a priority 15 on the Cyclic Interrupts tab The cyclic interrupt OB of the Safety Program must be configured as a Cyclic Interrupt OB with Special Handling O...

Страница 74: ...ans of SFC calls is only possible in standard mode for the F SM It is not possible to change to safety mode in this way You can find more information on the parameter assignment of F I Os in manual 1 refer to the references in Appendix B and in the context sensitive help information in HWCONFIG Symbolic Names Note Enter a symbolic name for each input or output channel of the configured F I Os In t...

Страница 75: ...nd off the transmission of channel specific diagnostic messages e g wire break short circuit of the F signal modules to the CPU The group diagnosis can be switched off on unused input or output channels in the interests of availability This results in the following behavior Fail Safe Input Modules If the group diagnoses of the input channels are switched off safe 0 values are also sent to the CPU ...

Страница 76: ...e Select the Safety Mode option on the Inputs tab and set any additional parameters 3 Assign parameters to the second module Select the Safety Mode option on the Inputs tab and set the same parameters as for the first module 4 For the second module set the Redundancy 2x option on the Redundancy tab 5 In the Find Redundant Module dialog box select the module you want 6 You can set the discrepancy t...

Страница 77: ...the protection level set Downloading of the whole program from CFC or SIMATIC Manager Downloading of Safety Program changes from CFC Downloading and deletion of F Blocks from SIMATIC Manager Downloading to the EPROM memory card on the programming device Memory reset from CFC or SIMATIC Manager Safety Note Modify Variables can cause Shutdown You cannot change variables and values on F Block I Os on...

Страница 78: ... people with authorization People with authorization must explicitly cancel the authorization when they exit the ES programming device If this is not rigorously adhered to a screen saver with a password accessible only to authorized people must also be used When the standard program is changed in safety mode access rights should not be obtained using the CPU password because otherwise the Safety P...

Страница 79: ...afety Program You must enter the existing password in the Old Password field Use the Cancel Access Rights button to immediately stop the one hour persistence of Access Rights since the last time the password was entered Following this any user must provide the Safety Program Password explicitly for any operation that normally requires it regardless of how much time has passed since the last entry ...

Страница 80: ... of the specified actions during a session is more than an hour ago Safety Note Authorized use of Password If access to the ES or programming device is not limited by means of access protection to those individuals authorized to modify Safety Programs the efficacy of the password protection must be ensured by means of the following organizational measures on the ES programming device The password ...

Страница 81: ... recalculate the monitoring time by reducing the CiR Synchronization Time To reduce the CiR Synchronization Time you have the following possibilities reduce the amount of input and output bytes of the master system reduce the amount of guaranteed slaves of the master systems to be changed reduce the amount of changing master systems within one CiR event To calculate the safety monitoring times use...

Страница 82: ...Deactivating Safety Mode Download your safety program Download your configuration via CiR Activate safety mode see Activating Safety Mode Deleting F I O s via CiR To delete an already existing F I O from your System follow these steps Delete the F I O within HWCONFIG according to the manual How to Modify the System during Operation with CiR handle it like a standard module Modify your safety progr...

Страница 83: ...and CPU schematically S7 F System F SMs Standard SMs User STEP 7 project CFC Standard F System F User s Charts Libraries Programming device ES Hardware Failsafe Blocks V1_2 Control Blocks Simulation Blocks User Blocks Standard Program Safety Program The user program in the CPU is usually made up of a standard and a fail safe section The safety functions are programmed in CFC using fail safe blocks...

Страница 84: ...d output signals of the F I Os Conversion F_BO_FBO F_I_FI F_R_FR F_TI_FTI Conversion from standard to F data types F_FBO_BO F_FI_I F_FR_R F_FTI_TI Conversion from F to standard data types F_QUITES Fail safe acknowledgment via the ES OS F_FR_FI Conversion from F_REAL to F_INT RTG RTG Communication F_S_BO F_S_R F_R_BO F_R_R Communication between F run time groups CPU CPU Communication F_SENDBO F_SEN...

Страница 85: ...data flow monitoring F_TESTC Monitoring of the self tests of the operating system F_TEST Self tests executed in each cyclic interrupt cycle F_TESTM Switching of safety mode on and off F_SHUTDN DB_INIT RTG_LOGIC FAIL_MSG Safety Program shutdown and restart logic blocks Simulation blocks F simulation blocks that are used in the offline simulation of the Safety Program with PLCSim 5 0 PLCSim 5 1 does...

Страница 86: ... The hardware components of the project and in particular the CPU and the F signal modules must be configured and assigned parameters Basic Procedure The following basic procedure applies when creating a Safety Program Insert F function blocks Parameterize and interconnect F function blocks Insert CFC charts Compile Safety Program Load Safety Program Test Safety Program Change Safety Program On si...

Страница 87: ...of F data types must not be manipulated Control blocks inserted automatically must not be changed Parameters not visible in F blocks and parameters marked as non interconnectable UDA s7_visible s7_link must not be interconnected or parameterized Fail safe blocks must not be manipulated deleted inserted offline or online in the block container Online modifications of the fail safe I Os in SIMATIC M...

Страница 88: ...rogram has to be compressed carry out the compression before it is accepted The fail safe blocks in the Fail safe Blocks library are highlighted in color in the CFC chart They are colored yellow to indicate that it is a safety program The CFC charts and run time groups with F Blocks are yellow and marked with an F to differentiate them from the charts and run time groups of the standard program ...

Страница 89: ...ble in the safe data format As of about 1000 blocks you have to distribute the Safety Program to several F run time groups otherwise it can t be compiled 110 Run time groups maximum Specifications for the Safety Program When you design a user program for the S7 F FH Systems you must also make the following decisions in addition to what is required for a standard system Which sections of the user p...

Страница 90: ...s in the chart folder in the usual way By choosing the Insert S7 Software CFC menu command in SIMATIC Manager By choosing the Chart New menu command in the CFC editor Chart in Chart In order to structure a program according for example to process related aspects you can use a CFC chart within a CFC chart Chart in Chart This enables you to use solutions already in existence as often as you want You...

Страница 91: ...during compilation We recommend the following to achieve F cycles of an equal length If F and standard run time groups are combined in a cyclic interrupt OB the F run time groups should be executed before the standard run time groups Note A Failsafe Run time group must keep the default values for the Scan and Offset Run Time Properties as follows Scan 1 Offset 0 It is unsafe to change these values...

Страница 92: ...F module drivers Fail safe block s instances must not be placed in multiple F run time groups This may occur due to an F run time group being copied to or inserted in another task You must not use the names of the fail safe blocks for other blocks or rename the fail safe blocks Safety Note Symbol Table Entries for F Blocks cannot be changed The names of the fail safe blocks in the Symbol column of...

Страница 93: ...RTG_LOGIC block type DB_RES F_CYC_CO F_PLK F_PLK_O F_TEST F_TESTC F_TESTM The following F module drivers can be inserted automatically through generate module drivers or manually F_M_DI24 F_M_DI8 F_M_AI6 F_M_DO8 F_M_DO10 Safety Note Do not change automatically inserted F Control Blocks The automatically inserted F Control Blocks are visible after compilation You must not delete or change these blo...

Страница 94: ...piled By default these I Os are not visible but they can be made visible You must not change the I Os that are supplied automatically You can find out whether an I O is automatically supplied in the block description under Fail Safe Blocks or in the online help system EN ENO I Os of the F blocks and run time group enables must not be interconnected EN must not be assigned the value 0 FALSE We reco...

Страница 95: ...fail safe I O of an F Block proceed as follows 1 Open the sheet view of the F Block 2 Select the I O and open Object Properties by double clicking it for example Result The Select Structure Element dialog box appears 3 Double click the first structure element in the Select Structure Element dialog box Result The Properties Inputs Outputs dialog box appears 4 Enter the desired value in the Value te...

Страница 96: ...ts at a later date Run Sequence Within a Run time Group Note The run sequence is checked at the beginning of compilation of the Safety Program The following F Blocks are placed in the correct run sequence automatically when the Safety Program is compiled F Control Blocks including F Module Driver Blocks Blocks for F Communication Between CPUs F System Blocks Blocks for Converting Data Between Stan...

Страница 97: ...lthough the CFC Editor automatically creates the necessary logic for the user s Safety Program it may not delete it once the user deletes the Safety Program If the user wishes to delete the Safety Program the user may have to manually delete the Safety Program s system level run time groups You may arrange your fail safe user logic in any run time order following the above guidelines You may mix s...

Страница 98: ... is required for each input or output channel of an F signal module used Exception Only one F channel driver is required for two redundant channels You must insert the required F channel drivers in the CFC chart F module drivers for PROFIsafe communication between the safety program and the F I Os One F module driver is required for each module You can insert and interconnect the required F module...

Страница 99: ... for the digital input module SM 326 DI 24xDC24V and for the analog input module SM 336 AI 6x13Bit normally have the same configuration with the corresponding number of channels Example F Driver for Digital Output Module SM 326 DO 10xDC24V 2A F channel driver F module driver Channel 00 F_CH_DO CHADDR VALUE I Symb addr Chan 00 Module diagnostic F_M_DO10 TIMEOUT LADDR LADDR_R CHADDR00 CHADDR09 DIAG_...

Страница 100: ...n the symbol table as reserved or not used Procedure When working with F driver blocks proceed as follows 1 Insert the correct F channel driver for each configured input output channel You only have to insert one F channel driver for each pair of redundant channels 2 Interconnect the VALUE I O in each F channel driver with the symbolic name of the associated channel This step is required for all F...

Страница 101: ...the F module drivers F_M_DI8 or F_M_DI24 if you want to evaluate in the standard program whether discrepancy errors have occurred optional see Descriptions of the F Driver Blocks You can use this information to program messages about discrepancy errors to the OS 11 Place and interconnect the F module drivers manually or automatically Note You can read out byte 0 of DIAG_1 DIAG_2 for service purpos...

Страница 102: ...ail Safe Systems 5 20 A5E00085588 03 At compilation of the Safety Program In CFC choose the Chart Compile Charts as Program menu command Select the Generate Module Drivers check box in the dialog box Confirm with OK ...

Страница 103: ...of redundant modules allocate the logical start address of the second module to the LADDR_R I O in addition We recommend that you use the same instance name for the F module as you used in HWCONFIG for the associated F I O F_Name_x See the chapter entitled Parameterization of the F I Os Simulation Mode For each input channel you can specify a simulation value instead of the current one received fr...

Страница 104: ...In the event of an error with digital or analog input channels if SIM ON TRUE then simulation values are placed on the block s output instead of the substitute values Error Handling and Diagnostics You can find information on the diagnostic outputs of the F driver blocks under Error Handling of Driver Blocks Error Information at the Outputs of the Driver Blocks ...

Страница 105: ...NAMUR MOD_D1 FB 93 SM 326F DI 24xDC24V MOD_D2 FB 93 SM 336F AI 6x13Bit MOD_D1 FB 93 SM 326F DO 10xDC24V 2A MOD_D1 FB 93 Per DP master system SUBNET FB 106 Per rack RACK FB 107 In contrast to the standard drivers the F driver blocks are not interconnected with the PCS 7 blocks Note Messages about the following are issued from the MOD SUBNET and RACK blocks parameter assignment errors module removed...

Страница 106: ...es are forwarded to the safety program regardless of the current process signal The F channel driver of a passivated digital input channel outputs the substitute value 0 with the quality code QUALITY 16 48 and the output QBAD 1 is set Depending on the parameterization at the input SUBS_ON the F channel driver of an analog input channel outputs a substitute value with the quality code QUALITY 16 48...

Страница 107: ...caused by setting PASS_ON 1 no user acknowledgment is required for reintegration Automatic Reintegration If the input ACK_NEC is not set after the correction of the fault error with the exception of communication errors reintegration depassivation of the affected channel is carried out automatically In the case of input modules immediately In the case of output modules within minutes due to the ne...

Страница 108: ...tion of the F I O after Communication Errors Reintegration After User Acknowledgment If the input ACK_NEC is set the reintegration of the input or output channel does not take place until after a user acknowledgment with a positive edge at the input ACK_REI of the F channel drivers At the output ACK_REQ of the F channel driver a value of 1 indicates that the error has gone and that a user acknowle...

Страница 109: ...ntegration through F_QUITES The non safety related input IN of F_QUITES must not be interconnected with a signal or defined by a signal that automatically produces the above mentioned condition change from 6 to 9 within a minute for a fail safe acknowledgment The fail safe acknowledgment can only be produced by means of conscious manual input on the ES OS not automatically in the program Behavior ...

Страница 110: ...the initial values are as follows Programming an interlock of the outputs after startup via the passivation inputs PASS_ON at F_CH_DO This entails the COLDSTRT output of the F FB F_START being interconnected with the S input of an SR flipflop F_SR_FF and the Q output of F_SR_FF being interconnected with PASS_ON of F_CH_DO This interlock can then be enabled manually Using a switch that is requested...

Страница 111: ...loop you can ensure that all the F channel drivers in a group output substitute values for an identical length of time after startup of the Safety Program with the initial values see also group passivation If you don t want group passivation don t interconnect PASS_OUT outputs with F_OR4 and only use the wait loop via F_START and F_TP If you use group passivation you only need the wait loop via F_...

Страница 112: ...default value of the dialog box will be a suggested value Safety Note Default MAX_CYC The default setting for the maximum cycle monitoring time is 3s Please check whether this setting is suitable for your process and if required change it Changing the F Cycle Time After the OB3x cycle times have been changed the Safety Program must be recompiled This is necessary at least if as a result an F_TESTM...

Страница 113: ...ks The following fail safe blocks are available for communication between Safety Programs on different CPUs Block Description F_SENDBO F_RCVBO Safe transfer of 20 parameters of the F data type F_BOOL F_SENDR F_RCVR Safe transfer of 20 parameters of the F data type F_REAL This means a fixed number of up to 20 F parameters of the F data type F_BOOL or F_REAL can be safely transferred Prerequisites T...

Страница 114: ... inputs of the send and receive blocks with the desired monitoring time You can find information on how to calculate this in the section entitled Configuring the Monitoring Times for S7 F FH Systems Note It can only be guaranteed with fail safety that a signal level to be transferred will be detected on the sender side and transferred to the recipient if it is present for at least as long as the s...

Страница 115: ...Programming Fail Safe Systems A5E00085588 03 5 33 Examples Receive Block Send Block ...

Страница 116: ...type F_BOOL Procedure 1 Insert an F Block of the type F_S_x F_S_R or F_S_BO in the F run time group from which data is to be transferred 2 Insert an F Block of the type F_R_x F_R_R or F_R_BO in the F run time group to which data is to be transferred 3 Interconnect the SD_R_xx input of the F_S_R or the SD_BO_xx input of the F_S_BO with the send data 4 Interconnect the RD_R_xx outputs of the F_R_R o...

Страница 117: ...Programming Fail Safe Systems A5E00085588 03 5 35 Example Extract from the Chart of the Sender Run Time Group Example Extract from the Chart of the Receiving Run Time Group ...

Страница 118: ... to standard TIME Rules for F Conversion Blocks If data is to be exchanged between the F and the standard user programs you must not interconnect the inputs and outputs directly Instead you must use separate F conversion blocks from the F library for these functions that can convert to and from the safety data type Please comply with the following rules when you insert and interconnect F conversio...

Страница 119: ...nect the inputs and outputs of the standard data type with the same type of signals from the standard user program in each case Safety Note Use F_LIM_R for plausibility check of standard to F data conversion The F_BO_FBO F_I_FI F_TI_FTI and F_R_FR blocks only carry out data conversion This means you must program additional measures for plausibility checks in the Safety Program for example using F_...

Страница 120: ...8 03 Example Converting Standard Data Types to F Data Types Section from an F chart showing conversion from REAL to F_REAL Example Converting F Data Types to Standard Data Types Section from a standard chart showing conversion from F_BOOL to BOOL ...

Страница 121: ...vating Safety Mode Activating Safety Mode Compiling a Safety Program Creating Fail Safe Block Types Downloading a Safety Program Downloading the Entire Safety Program Changes to the Safety Program in RUN Mode Downloading Changes Testing the Safety Program Displaying Information Saving reference data Comparing Safety Programs Logging the Safety Program Printing the Safety Program ...

Страница 122: ...ffects can occur The information on the downloading sequence for download changes in the section entitled Changing the Safety Program in RUN Mode will give you an overview of this Wherever possible the standard program and the Safety Program should only be changed separately and the changes downloaded because otherwise an error could be downloaded at the same time into the standard program and the...

Страница 123: ...r Active is displayed in the Safety Mode text box If yes continue to the next step if not terminate the procedure because safety mode is already inactive 6 Click the Safety Mode button and enter the password for the safety program if necessary Note If the validity time of one hour has elapsed the password for the safety program is requested again the next time safety mode is deactivated and is the...

Страница 124: ...ct the online view in the dialog box that appears 4 Enter the CPU password if it is requested 5 Check whether Inactive is displayed in the Safety Mode text box If yes continue to the next step if not terminate the procedure because safety mode is already active 6 Click the Safety Mode button 7 Confirm that safety mode is to be activated again with OK Result Safety mode is activated again and Activ...

Страница 125: ...anges are detected in fail safe blocks Unplaced F Blocks from the block container are automatically deleted when the safety program is compiled Password Protection During Compilation of the Safety Program If changes to fail safe blocks are detected at compilation the password for the safety program is requested If the password entered is correct the entire Safety Program is compiled or alternative...

Страница 126: ...locks must not be used in new block types The system blocks F_S_BO F_S_R F_R_BO F_R_R All control blocks Nesting of newly created fail safe block types is not permitted An output of an F Block must not be connected to two chart I Os The run sequence is not corrected automatically at compilation The sequence defined during creation is retained Note If the run sequence is different to the data flow ...

Страница 127: ...block type Select the options Compile for PLC S7 400 and Optimize Code for Downloading Changes in RUN Mode and confirm with OK Result A new block type is created that can be used in safety programs 5 Insert the new block type in a Safety Program and test it there 6 Accept the Safety Program of the new F Block type Using a New Block Type in the Safety Program If you use a fail safe block of a newly...

Страница 128: ... the rules for the standard case and the rules for Safety Programs apply to the downloading of changes When you use a new version of the Fail safe Blocks library you must also recompile the F Block type after you have imported the new blocks In this way you ensure that the F Blocks in the Safety Program all have the same library version F Channel Drivers in F Block Types If F channel drivers are u...

Страница 129: ...ire Safety Program is downloaded there should be a memory reset of the CPU if it contains an old Safety Program The hardware configuration data of the station is downloaded to the CPU The user program is compiled without error You have access rights to the PLC There is an online connection between the CPU and your programming device ES Rules for Downloading The Safety Program can only be downloade...

Страница 130: ...th the overall signature in the accepted printout see Checking the Overall Signatures in the section entitled Initial Acceptance of a Safety Program In the case of S7 FH systems you have to make this comparison for both CPUs Working With Programs on a Memory Card If you use the Safety Program on a memory card remember the following Safety Note Safety Program on Memory Card Before you switch the S7...

Страница 131: ...d run time groups or tasks These blocks are downloaded in sequence in such a way that called blocks are available for every phase i e the CPU continues to run For example new run time group FCs are only downloaded when newly called blocks in them have already been downloaded All blocks that are no longer required are deleted during this downloading phase All changed input or output parameters of b...

Страница 132: ...ses The monitoring times must be taken into consideration see below Changes to the OB cycle time parameter assignment of the CPU is supported for the S7 400FH with the CPU 417 4H V2 0 and above Movement of run time groups deletion and insertion to new tasks OBs Safety Note OB Cycle Times Changes Restricted You must not change OB cycle times or move run time groups unless the time and speed relatio...

Страница 133: ...f the F_CYC_CO is invalid a new value will be requested at compile time Moving run time groups This corresponds to changing the OB cycle time for the run time group to be moved see above Direct changing of monitoring times for F Blocks The monitoring times must fit the OB cycle time In the case of F driver blocks it is not possible to make changes during operation see Impermissible Changes First C...

Страница 134: ...n the old one as the source This change can be downloaded and results in a consistent switch to the new data paths Finally the now superfluous interconnection to the old input parameter of the send block can be deleted on the sending side The situation is particularly crucial if a communication partner is replaced i e if communication is supposed to go to another run time group or to another CPU T...

Страница 135: ... can only receive the modified parameter assignment in the S7 FH System as well after removal and insertion The F I Os detect a CRC error after the first change has been downloaded and output substitute values Like parameter changes in HWCONFIG changes to the properties of existing CPU CPU connections are not bumpless if properties are modified that go to the network addresses In this case as well...

Страница 136: ...d to be a change Safety Note Password Protection Level When the standard program is changed in safety mode access rights should not be obtained using the CPU password because otherwise the Safety Program can also be changed The protection level must instead be set accordingly Changes to the Safety Program You can only download changes to the CPU in RUN mode if safety mode is inactive Note If simul...

Страница 137: ...se the Options Edit Safety Program menu command in SIMATIC Manager In the Safety Program S7 Program dialog box activate the Online and Offline options one after another and check whether the overall signatures online and offline match see Checking the Overall Signatures in the section entitled Initial Acceptance of a Safety Program If they match downloading has been successfully completed If not r...

Страница 138: ... in CFC test mode and change non interconnected inputs of fail safe blocks Online changes to fail safe outputs and automatically assigned I Os are not permitted and result in a Safety Program disable Safety Note ES changes can change signature When you use the ES changes to non safety related parameters can result in a change to the overall signature of the offline Safety Program This means that t...

Страница 139: ...safety mode deactivated transferred to the CPU using Download Changes To make sure that all the changes made in the test project have been made correctly in the original project as well you can use the chart comparison function in the F add on package to compare the original project with the simulation project in SIMATIC Manager via Options Edit Safety Program see Comparing Safety Programs Dependi...

Страница 140: ... you want the F Blocks to be replaced by the simulation blocks 6 In the Copy dialog box that appears confirm that individual objects are to be overwritten with Yes or that all objects are to be overwritten with All Result The F Blocks of the Safety Program are overwritten by simulation blocks of the same name from the Failsafe Blocks F Simulation Blocks library Inactive is displayed in the text bo...

Страница 141: ...st not have access rights by means of the CPU password When the simulation is switched on all the F Blocks in the offline block container of the program are replaced with a simulation capable version from the Fail safe Blocks F Simulation Blocks library The blocks in this library are only suitable for simulation purposes and must not be downloaded to the CPU These blocks have the same interface as...

Страница 142: ...r simulation on the toolbar of SIMATIC Manager or by choosing the Options Simulate Modules menu command PLCSim then processes all the programming device functions such as downloading module status etc instead of the real modules You can find information on working with S7 PLCSim in manual 12 2 The system data must be downloaded to PLCSIM via HWCONFIG 3 When downloading the Safety Program into PLCS...

Страница 143: ... the simulation takes place on a programming device or ES with a physical online connection to the CPU you must not deactivate safety mode and you must not have access rights by means of the CPU password The driver blocks do not access the I O Input signals of F input modules can be modified in the process input image PII of PLCSim Communication between CPUs cannot be simulated ...

Страница 144: ...RID You must not change output parameters and automatically supplied I Os Prerequisites Before you switch on CFC test mode make sure that the following prerequisites are met The CPU must be in RUN Safety mode of the Safety Program must be deactivated If it is not you will be requested to deactivate safety mode when you try to change the first parameter Note Changing fail safe constants in safety m...

Страница 145: ...of the F Block 3 Select the block I O that you want to change and open Object Properties with a double click for example Result The Select Structure Element dialog box appears 4 Double click the DATA structure element in the Select Structure Element dialog box Result The Properties Inputs Outputs dialog box appears 5 Enter the desired value in the Value text box and confirm with OK ...

Страница 146: ... is not possible you will receive a message requesting you to eliminate the cause of the error You then have to repeat steps 3 to 6 Result The new value is downloaded to the CPU and displayed at the I O It is not possible to compile and download changes after CFC test mode has been deactivated until safety mode has been activated because all the necessary changes were made when each individual par...

Страница 147: ...menu command Result The Safety Program S7 Program dialog box appears The following information on the online on the CPU or offline in the programming device ES Safety Program is displayed A list of all the blocks with signatures and signatures of the initial values Date and signature of the last compilation and the most recently saved reference data An indication of whether the source code load me...

Страница 148: ...gram folder e g S7 Program in SIMATIC Manager 2 Choose the Options Edit Safety Program menu command The Safety Program S7 Program dialog box appears 3 Click the Save Reference button You will then be asked again if you want to save the reference data You have two options Confirm with Yes if you want all the information on the blocks of the current project to be saved as reference information Any e...

Страница 149: ...ms Programs available for comparison include the online program in the F CPU the current offline program the previous compilation of the current program and the saved reference program This dialog may be used as a tool to indicate that a program has not changed for example when compared to a saved reference program Program Reference Choose one of these option buttons to specify whether the current...

Страница 150: ...Project the current offline program Before Last Generation the previous compilation of this program Online this program as currently loaded in the F CPU Other Project any offline program use Browse button to select Browse Button Use this button and the Open dialog box to select the offline program of any project that you want to compare Start Button Click this button to start the comparison View O...

Страница 151: ... group information is available Difference Display Chart View The differences between the two charts are displayed in a hierarchical structure as in Explorer All the blocks in this structure are displayed under the assigned task and run time group Information on possible differences is displayed for each block These differences refer to the task run time group in which the block is used the parame...

Страница 152: ...B1 to I DB2 Block has another instance DB Run position changed Block in different run position within the run time group Interface changed Number of parameters changed Interconnection changed from Connect1 to Connect2 Interconnection of a parameter changed Result of the Comparison of the Safety Blocks online program If the Compare with field selects the online program only the Block View differenc...

Страница 153: ... only used when the overall signatures already match indicating that the offline program has not changed since the last download to the F CPU Checking this option allows the more thorough check for any parameters that may have been changed online by a method other than compile and download View option Filter F System checksums This option suppresses the display of expected differences that will oc...

Страница 154: ...Programming Fail Safe Systems 5 72 A5E00085588 03 ...

Страница 155: ...NOT IDENTICAL are appended to the caption of this group of windows to indicate clearly whether the overall signatures of the two programs match or differ Print Button Click this button to print the result of the comparison Go to Button When Chart View is selected you may select any block or parameter in the displayed differences window and click this button to go to the block in question in the CF...

Страница 156: ...pare with Reference Reference of this program Before Last Generation Status before the last generation of this program Online Online status of this program Program Any offline program Reference Compare with Current project Offline program Before Last Generation Status before the last generation of this program Online Online status of this program Program Any offline program ...

Страница 157: ... view You can also see here if the signatures of the F Blocks have changed Safety Note Allowable F Control Block comparison changes At the F_CNT_W input of the F_TESTC block the number of F code blocks FB and run time group FC in working memory is displayed If changes are made to the Safety Program changes to this parameter can be expected in the section of the program that has already been accept...

Страница 158: ...ing the Safety Program To request logs on the Safety Program proceed as follows 1 Select the program folder e g S7 Program in SIMATIC Manager 2 Choose the Options Edit Safety Program menu command The Safety Program S7 Program dialog box appears 3 Select the Log button The Logs dialog box appears The following logs are displayed on the individual tabs Consistency check Log of the last consistency c...

Страница 159: ... module parameters Chart data all the charts of the program are printed graphically Safety Program data printed report contains Offline Online report status Safety Program name Current Safety Program datestamp and overall signature of Safety Program blocks in the Safety Program block folder Reference program datestamp and overall signature Blocks in the Safety Program as shown in the dialog list b...

Страница 160: ...or the on site acceptance of the Safety Program e g by an outside expert The overall signature of the compiled Safety Program appears twice in the printout once in the program information section as a value of the block container and once in the footer as a value from the source see Checking the Overall Signatures in the section entitled Initial Acceptance of a Safety Program ...

Страница 161: ... to replace software and hardware components How to uninstall the S7 F FH Systems 6 2 Rules for Operation Below you can find the rules and safety notes for the operation of the S7 F FH Systems PROFIsafe Nodes Safety Note Simulation of PROFIsafe devices not permitted No devices that simulate PROFIsafe nodes can be used on PROFIsafe in safety mode A log analyzer must not for example execute a functi...

Страница 162: ...hed back on Take organizational steps to ensure that after a CPU has been replaced both fiber optic cable connections are established before the power supply is switched on You can find information on replacing components in fault tolerant systems in manual 4 Please refer to the references in Appendix B 6 3 Working with the Safety Program You must take into account the following when working with ...

Страница 163: ...ges to the Safety Program can be made during operation RUN only if safety mode is deactivated Changing the CFC charts compiling and downloading the changes to the CPU Changing fail safe constants in CFC test mode Changing the Safety Program After making changes to the Safety Program proceed as follows 1 Compile the modified Safety Program 2 Test the Safety Program 3 Check whether the signatures of...

Страница 164: ...libraries Compare the overall signature of the newly compiled Safety Program with the overall signature of the accepted Safety Program see Checking the Overall Signatures in the section entitled Initial Acceptance of a Safety Program 2 If the overall signatures are identical the programs are the same 3 If the overall signatures are not identical the program has been changed Proceed in the same way...

Страница 165: ...sensors and actuators Passivating Fail Safe Output Modules Passive over the Long Term If a fail safe output module is passivated for an extended period 72h and the fault is not eliminated it is possible for the module to be activated by a second fault thus putting the system in a dangerous state Although the probability of such hardware faults occurring is very slight such unwanted activation of p...

Страница 166: ...Operation and Maintenance Fail Safe Systems 6 6 A5E00085588 03 ...

Страница 167: ...the accompanying report and Annex 1 of the certificate report entitled Safety Related Programmable Systems SIMATIC S7 400F and S7 400FH on request from Ms Petra Bleicher A D AS RD 423 Fax no 49 9621 80 3146 Note Annex 1 of the certificate report contains permissible version numbers and signatures of fail safe components of the S7 F FH System that have to be checked when the program is accepted The...

Страница 168: ...ion in Open Transmission Systems Process Engineering Standard Title Description DIN V 19251 Process and Control Technology MC Protection Equipment Requirements and Measures for Safeguarded Function VDI VDE 2180 1 2 and 5 Safeguarding of Industrial Processing Plants by Means of Process Instrumentation and Control Technology NE 31 NAMUR recommendation Equipment Safety Using Process Instrumentation a...

Страница 169: ... 61131 2 Programmable Controllers Equipment Requirements and Tests EN 50178 Electronic Equipment for Use in Power Installations DIN VDE 0110 Insulation Coordination for Equipment within Low Voltage Systems EN 60068 Environmental Testing EN 55011 Limits and Methods of Measurement of Radio Disturbance Characteristics of Industrial Scientific and Medical ISM Radio Frequency Equipment EN 50081 2 Elect...

Страница 170: ...IN V 19250 The requirements of the process can be worked out using the risk parameters The requirement class AK to be complied with by the controller can be established using the risk chart This procedure results in an AK requirement class for applications without a product standard Using DIN V VDE 0801 the basic safety requirements can then be established If there is a product standard for an app...

Страница 171: ... Safety Integrity Level SIL IEC 61508 defines the probability of failure of a safety function allocated to a safety related system as a target measure Safety integrity level Low Demand Mode of Operation Average probability of failure to perform its design function on demand High Demand or Continuous Mode of Operation Probability of a hazardous failure per hour 4 10 5 to 10 4 10 9 to 10 8 3 10 4 to...

Страница 172: ...c Module 1 00 E 05 1 00 E 10 10 years ET 200S PM D F 24VDC PROFIsafe Power Module 1 00 E 05 1 00 E 10 10 years SM 326 DI 24 x DC 24V with diagnostic interrupt 6ES7 326 1BK00 0AB0 1 55E 06 at SIL 2 4 99E 08 at SIL 3 1 77E 11 at SIL 2 5 70E 13 at SIL 3 10 years SM 326 DI 8 x NAMUR with diagnostic interrupt 6ES7 326 1RF00 0AB0 2 74E 06 at SIL 2 4 83E 08 at SIL 3 3 13E 11 at SIL 2 5 51E 13 at SIL 3 10...

Страница 173: ... Hour F capable CPU 1 Yes 1 42E 09 SM 326 DO 10 x DC 24V 2A with diagnostic interrupt 6ES7 326 2BF00 0AB0 1 Yes 1 59E 10 SM 326 DI 24 x DC 24V with diagnostic interrupt 6ES7 326 1BK00 0AB0 2 Yes 2 28E 12 Safety related communication 1 00E 09 Total 2 58E 09 7 3 System Configuration The limits for the system configuration of the S7 F FH System are set mainly by the CPU used You can find the relevant...

Страница 174: ...eded the monitoring times selected must be sufficiently short Monitoring Times of an F System You must configure the following monitoring times for the F system Parameters of the fail safe blocks Monitoring Block Parameter Monitoring of the F cycle time of the cyclic interrupt OB that contains the safety program F_CYC_CO MAX_CYC Monitoring of safety related communication between F run time groups ...

Страница 175: ... should be considerably longer than the minimum monitoring times You can find approximation formulas in the information on calculating the minimum monitoring times or in the Excel table STEP7 S7BIN S7ftimeb xls 3 Use the Excel table STEP7 S7BIN S7ftimeb xls to calculate the maximum response time and check whether the maximum fault tolerance time for the process has been exceeded Safety Note Pulse ...

Страница 176: ...e Description Where to Find it TCI Configured cycle time of the cyclic interrupt OB HWCONFIG CPU properties Cyclic Interrupt Execution TP15 Maximum disabling time for priority classes 15 HWCONFIG CPU Properties H Parameters TCiR CiR Synchronization Time From the CiR Object parameters in STEP7 Summarize all CiR Object synchronization times of the simultaneously changing DP buses and place total her...

Страница 177: ...upt OB HWCONFIG CPU properties Cyclic Interrupt Execution TCImax Maximum cycle time of the relevant cyclic interrupt OB Monitoring the F Cycle Time section TTR Max target rotation time for the DP master system Properties of the DP master system bus parameters in HWCONFIG TDP_FD Max DP fault detection time Properties of the DP master system bus parameters H Parameters tab in HWCONFIG TDP_SO Max DP ...

Страница 178: ... F_RCVR and F_RCVBO when there are no errors the TIMEOUT monitoring time selected must be sufficiently long TIMEOUT T CI F_SEND T CI F_RCV MAX TDelay F_SEND TDelay F_RCV 2 TUSEND MAX MIN TCiR F_SEND 2500 MIN TCiR F_RCV 2500 Note the following Time Description Where to Find it TCI F_SEND Configured cycle time of the cyclic interrupt OB with the call of F_SENDBO or F_SENDR HWCONFIG CPU properties Cy...

Страница 179: ...D value from the Internet at http www4 ad siemens de view cs de 1651770 Contribution ID 1651770 Note To activate the monitoring of the maximum communication delay when the standby in the FH system is updated you must assign this parameter a value in HWCONFIG CPU properties H Parameters tab Simultaneous updating in both CPUs is not assumed 7 4 2 4 Monitoring of Safety Related Communication Between ...

Страница 180: ...d project in STEP 7 and create a new project for changes When the system is accepted all requirements contained in the report on the certificate that require approval must be taken into account You can archive all data relevant to the acceptance of the F System in SIMATIC Manager File Archive and print it out as required Check Lists for Acceptance You can find the following check lists in the appe...

Страница 181: ...nment of the F I Os you can carry out initial acceptance of the configuration of the F I Os The hardware configuration data must be printed out saved and archived along with the whole STEP 7 project Print the Safety Program from SIMATIC Manager using the File Print menu command Select the print range and options as illustrated below to receive a complete printout After a check of the safety releva...

Страница 182: ... be printed out and archived together with the STEP 7 project You can find out how to save and archive S7 projects in the basic STEP 7 help system Checking the Printout Print out the whole project as described in the section entitled Printing the Safety Program The printout contains the overall signature as a reference The overall signature appears twice in the printout once in the program informa...

Страница 183: ...ed input parameters that are not automatically assigned must be checked in the printout either in the CFC charts or in the section on safety related parameters Input parameters that are not visible in the CFC charts are printed out in the section on safety related parameters If it is easier to check the parameters in the chart than in the section on safety related parameters the parameters should ...

Страница 184: ...NEC Acknowledgment required for reintegration F_LIM_HL QH 1 Upper limit violated F_LIM_LL QL 1 Lower limit violated F_RS_FF Q Output F_SR_FF Q Output F_CTUD CV Current count value Switched output parameters are marked with an asterisk on the printout Checking the Signatures Overall signature After the program has been downloaded to the CPU see the sections entitled Downloading the Whole Safety Pro...

Страница 185: ...in SIMATIC Manager and activate Online in the dialog box The signature displayed in the dialog box must match the signatures in the accepted printout in the text and in the footer 2 To detect impermissible manipulation e g via test mode in CFC in the working memory of the CPU choose Compare and compare the accepted program with the online program in the dialog box Any manipulated parameters are di...

Страница 186: ...m to the CPU 5 Carry out a functional test of the changes When you check the printout and carry out the functional test only the new sections and sections with changes have to be checked To identify these the new program is compared with the accepted program The accepted program must be saved in another project Click Browse and enter the path of the accepted program Changes to the safety relevant ...

Страница 187: ...vant F channel driver F_CH_xx Changes to the network configuration in NetPro can be recognized by the change to the CRC_IMP parameter of the relevant F communication blocks F_RCVxx and F_SENDxx You can find rules and information on how to proceed in the case of changes to the Safety Program in the section entitled Operation and Maintenance Modifying the Safety Program ...

Страница 188: ...ibilities and Qualifications Safety requirements relating to the system specific use of the S7 F FH Systems can be met by allocating responsibilities as follows The process experts and the operators for the safety concept of the system including the definition of safety relevant and non safety relevant functions The independent expert for the safety related acceptance testing of the system The pla...

Страница 189: ...group Fail safe blocks are available in the following block families DRIVER Driver Blocks for F I Os COM_FUNC Blocks for F Communication Between CPUs F_SYSTEM F system blocks CONVERT Blocks for converting data between standard and safety sections F_CTRL F Control Blocks BIT_LGC Logic blocks with the BOOL data type COMPARE Comparison blocks for two input values of the same type FLIPFLOP Flipflop bl...

Страница 190: ...LEM parameters You must not change the PAR_ID and COMPLEM components after the Safety Program has been compiled since this might result in serious errors remaining undetected If errors are detected in the safety data format during execution of the Safety Program the Safety Program will be disabled and may require the Safety Program to be recompiled and downloaded to the CPU Possible Data Types The...

Страница 191: ...nly specifies the first structural component DATA The other two structure elements required for safety are automatically added when CFC charts are compiled The same applies to the assignment of constants See Also Blocks for Converting Data Between Standard and Safety Sections ...

Страница 192: ...s The CRC_IMP CRC_IMP1 and CRC_IMP2 I Os are automatically supplied You must not change them Note You must not change any I Os that have the entry Supplied Automatically in the Default column You can rectify any changes made to I Os that are supplied automatically by recompiling the Safety Program Safety Note Do not change automatically supplied FB inputs Online changes to inputs that are supplied...

Страница 193: ...t described e g error on channel x is active Making Block I Os Visible Proceed as follows 1 Double click the block s header 2 Select the Inputs Outputs tab in the Properties dialog box 3 Scroll to the right until the Invisible column appears 4 Right click the Invisible selection cross of the block I O Result The invisible block I O becomes visible in CFC ...

Страница 194: ...OT FB 305 F_2OUT3 FB 306 F_XOUTY FB 307 F_RS_FF FB 308 F_SR_FF FB 314 F_LIM_HL FB 315 F_LIM_LL FB 321 F_ADD_R FB 322 F_SUB_R FB 323 F_MUL_R FB 324 F_DIV_R FB 325 F_ABS_R FB 326 F_MAX3_R FB 327 F_MID3_R FB 328 F_MIN3_R FB 329 F_LIM_R FB 330 F_SQRT FB 331 F_AVEX_R FB 332 F_MUX2_R FB 333 F_SMP_AV FB 341 F_CTUD FB 342 F_TP FB 343 F_TON FB 344 F_TOF FB 345 F_LIM_TI FB 346 F_R_TRIG FB 347 F_F_TRIG FB 35...

Страница 195: ... FB 385 F_M_DI24 FB 386 F_M_DO10 FB 387 F_M_AI6 FB 388 F_M_DO8 FB 390 F_S_BO FB 391 F_R_BO FB 392 F_S_R FB 393 F_R_R FB 394 F_START FB 395 F_CYC_CO FB 396 F_PLK FB 397 F_PLK_O FB 398 F_TEST FB 399 F_TESTC FB 400 F_TESTM FB 456 F_2oo3_R FB 457 F_1oo2_R FB 458 F_SHUTDN FB 459 RTG_LOGIC FB 461 F_FR_FI Safety Note Fail safe FB numbers Numbers FB396 to FB400 must be kept free The numbers of the fail sa...

Страница 196: ... Safety Program can be installed in OB 3x ONLY Fail safe blocks can only be installed in a cyclic interrupt OB 3x Installation in the OB 1 is not permissible The cycle time of the cyclic interrupt OB is assigned parameters in HWCONFIG CPU parameters Cyclic Interrupts Execution See Monitoring the F Cycle Time ...

Страница 197: ...nnel Drivers Block Description F_CH_DI F channel driver for digital input F_CH_DO F channel driver for digital output F_CH_AI F channel driver for analog input F Module Drivers Block Description F_M_DI8 F module driver for 8 channel digital input F_M_DI24 F module driver for 24 channel digital input F_M_DO10 F module driver for 10 channel digital output F_M_DO8 F module driver for 8 channel digita...

Страница 198: ...g on the parameterization and error type Alternatively a simulation value can be output at the output Q For the process value at the output Q a value status quality code is generated at the output QUALITY that can take on the following states State Quality Code Valid value 16 80 Simulation value 16 60 Substitute value 16 48 I Os Name Data Type Explanation Default Inputs ADDR_CODE DWORD Address cod...

Страница 199: ...the output Q with the quality code QUALITY 16 80 Simulation Value A simulation value can be output at the output Q instead of the normal value read from the module When the input parameter SIM_ON 1 the value of the input parameter SIM_I is output with the quality code QUALITY 16 60 and the output QSIM 1 is set In the event of an error the output of the simulation value takes precedence over the ou...

Страница 200: ..._CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description...

Страница 201: ... For the reintegration of the process value after an error is corrected a user acknowledgment is required depending on the parameterization and error type Alternatively a simulation value can be output at the module output if there is no error For the digital value I output to the module a value status quality code is generated at the QUALITY output that can take on the following states State Qual...

Страница 202: ... process value at the input I is made available for the associated F module driver F_M_DOx 16 80 is output as the quality code QUALITY Simulation Value At the output a simulation value can be output instead of the value at the input I e g for hardware tests When the input parameter SIM_ON 1 the value of the input parameter SIM_I is made available to the associated F module driver F_M_DOx 16 80 is ...

Страница 203: ...In this time the substitute value 0 is output with the quality code QUALITY 16 48 and the outputs QBAD 1 and PASS_OUT 1 are set as well At ACK_REQ 1 the ACK_REI acknowledgement must follow even if ACK_NEC 0 Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve ...

Страница 204: ... error is corrected a user acknowledgment is required depending on the parameterization and error type Alternatively a simulation value can be output at the output V For the process value at the output V a value status quality code is generated at the output QUALITY that can take on the following states State Quality Code Valid value 16 80 Simulation value 16 60 Substitute value 16 48 Last valid v...

Страница 205: ...ASS_OUT F_BOOL Passivation output 0 QCHF_HL F_BOOL 1 input value in overrange 0 QCHF_LL F_BOOL 1 input value in underrange 0 QBAD F_BOOL 1 process value invalid 0 QSIM F_BOOL 1 simulation active 0 QSUBS F_BOOL 1 value substitution active 0 OVHRANGE F_REAL Upper limit of the process value copy 0 0 OVLRANGE F_REAL Lower limit of the process value copy 0 0 V F_REAL Process value 0 0 V_DATA REAL DATA ...

Страница 206: ...dule outputs 16 7FFF overflow as a non linearized value Accordingly the F channel driver F_CH_AI detects an overflow and sets the output QCHF_HL 1 and QBAD 1 NAMUR Limit Value Checking In the NAMUR guidelines for analog signal processing limit values are defined for life zero 4 to 20 mA analog signals where there is a channel fault 3 6 mA analog signal 21 mA By default the above NAMUR limits are s...

Страница 207: ...input module is carried out in HWCONFIG and is applied at compilation automatically to the parameter MODE_xx of the associated F module driver F_M_AIx F_CH_AI reads the value from the associated F module driver MODE can take on the following values Measurement Type Measurement Range MODE Decimal Hex 4 wire measuring transducer 4 to 20 mA 515 16 0203 2 wire measuring transducer 4 to 20 mA 771 16 03...

Страница 208: ...e QUALITY 16 48 and the output QSUBS 1 is set Startup Characteristics After a startup cold restart or warm restart communication must first be established between the F module driver and the analog input module In this time regardless of the parameter assignment at the input SUBS_ON the substitute value SUBS_V is output with the quality code QUALITY 16 48 and the outputs QBAD 1 QSUBS 1 and PASS_OU...

Страница 209: ...he error is corrected there is no switch back instead work continues with the last valid analog value If an error only occurs on one of the redundant modules automatic reintegration takes place in the F channel driver F_CH_AI after the error is corrected Report Characteristics The block has no reporting behavior See Also Common Features of the Driver Blocks Passivation and Reintegration ...

Страница 210: ...I 24 x DC 24 V Module redundancy The F module drivers are able to address two redundant signal modules The settings necessary for this are made when parameters are assigned to the modules in HWCONFIG Module redundancy The processing of redundant modules comprises the following functions In the case of problem free operation In the case of digital input modules the input signals are ORed per channe...

Страница 211: ...s to increase availability For this purpose the input DISC_ON is assigned automatically and the assigned discrepancy time is stored at the input DISCTIME when CFC charts are compiled In the discrepancy analysis the F module driver compares two corresponding input signals in each case If a discrepancy between the signals lasts longer than the configured discrepancy time it detects a discrepancy err...

Страница 212: ...s been installed in more than one cyclic interrupt OB If appropriate a corresponding error message is output All the F channel drivers that belong to a module must be integrated into the same F run time group Startup Characteristics After a startup cold restart or warm restart communication must first be established between the F module driver and the F I O Until this happens substitute values are...

Страница 213: ...tion NetPro The I O ID must be assigned parameters on the sending side F_SENDBO F_SENDR and on the receiving side F_RCVBO F_RCVR Via R_ID you can define that a sending and a receiving fail safe block belong together The associated fail safe blocks receive the same value for R_ID The value R_ID is a freely selectable odd number but it must be unique for a sending receiving F block pair Note The val...

Страница 214: ...ding the error see the section entitled Error Information at the Output RETVAL CRC_IMP Parameter Safety Note Do NOT change CRC_IMP input Do not make any changes to the CRC_IMP I O because this I O is supplied automatically As a result of online changes to this I O errors can occur during transmission of fail safe data when the Safety Program is executed For example data may be sent to the wrong re...

Страница 215: ...e recipient s side before the values sent are output again Startup Characteristics After a startup cold restart or warm restart communication must first be established between the communication partners F_SENDBO indicates this at the SUBS_ON parameter with 1 The recipient F_RCVBO outputs substitute values during this time until communication between F_SENDBO and F_RCVBO has started up via the safe...

Страница 216: ...ion between the connection partners is reestablished Note Once communication has been set up without errors compliance with the assigned monitoring time TIMEOUT parameter is checked In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the ma...

Страница 217: ...the outputs RD_BO_xx The substitute values can be stored at the inputs SUBBO_xx I Os Name Data Type Explanation Default Inputs ID WORD ID addressing parameter 0000 R_ID DWORD R_ID addressing parameter 00000000 CRC_IMP DWORD Address reference CRC Supplied automatically TIMEOUT F_TIME Monitoring time in ms for vital sign monitoring T 0 ms ACK_REI F_BOOL Acknowledgment for reintegration of process va...

Страница 218: ...s been set up without errors compliance with the assigned monitoring time TIMEOUT parameter is checked Communication between the connection partners is reestablished The data received with valid safety frames is not applied to the outputs reintegrated until the input ACK_REI had a rising edge e g via F_QUITES The block sets the output ACK_REQ to indicate that acknowledgment is required In the even...

Страница 219: ...ipient s side before the values sent are output again Startup Characteristics After a startup cold restart or warm restart communication must first be established between the communication partners The F_SENDR signals this at the SUBS_ON parameter with 1 The recipient F_RCVR outputs substitute values during this time until communication between F_SENDR and F_RCVR via the safety frame has started u...

Страница 220: ...he recipient F_RCVR then outputs substitute values An error code is displayed at the output RETVAL Communication between the connection partners is reestablished Note Once communication has been set up without errors compliance with the assigned monitoring time TIMEOUT parameter is checked In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the...

Страница 221: ...he outputs RD_R_xx The substitute values can be applied at the inputs SUBR_xx I Os Name Data Type Explanation Default Inputs ID WORD ID addressing parameter 0000 R_ID DWORD R_ID addressing parameter 00000000 CRC_IMP DWORD Address reference CRC Supplied automatically TIMEOUT F_TIME Monitoring time in ms for vital sign monitoring T 0 ms ACK_REI F_BOOL Acknowledgment for reintegration of process valu...

Страница 222: ...cation between the connection partners is reestablished The data received with valid safety frames is not applied to the outputs reintegrated until the input ACK_REI had a rising edge e g via F_QUITES The block sets the output ACK_REQ to indicate that acknowledgment is required In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in th...

Страница 223: ... safe acknowledgment via the ES OS Safety Note Use F_LIM_R for plausibility check of standards to F data conversion The F_BO_FBO F_I_FI F_TI_FTI and F_R_FR blocks only carry out data conversion This means you must program additional measures for plausibility checks in the Safety Program for example using F_LIM_R to ensure that only safe operation is possible Plausibility Checking The simplest form...

Страница 224: ...pe into the corresponding F_BOOL F data type This enables signals formed in the standard program section to be further processed in the safety program section following a plausibility check I Os Name Data Type Explanation Default Input IN BOOL Input variable 0 Output OUT F_BOOL Output variable 0 Error Handling None ...

Страница 225: ...INT F data type This enables signals formed in the standard program section to be processed further in the safety program section following a plausibility check to be added by the user with F block F_LIM_I for example I Os Name Data Type Explanation Default Input IN INT Input variable 0 Output OUT F_INT Output variable 0 Error Handling None ...

Страница 226: ...ata type This enables signals formed in the standard program section to be further processed in the safety program section following a plausibility check to be added in the Safety Program with F block F_LIM_R for example I Os Name Data Type Explanation Default Input IN REAL Input variable 0 0 Output OUT F_REAL Output variable 0 0 Error Handling None ...

Страница 227: ... data type This enables signals formed in the standard program section to be further processed in the safety program section following a plausibility check to be added by the user with F block F_LIM_TI for example I Os Name Data Type Explanation Default Input IN TIME Input variable T 0 ms Output OUT F_TIME Output variable T 0 ms Error Handling None ...

Страница 228: ...ture elements of the F data type cannot be accessed separately in the CFC chart This enables signals formed in the Safety Program section to be further processed in the standard program section This block must be placed in the standard program section I Os Name Data Type Explanation Default Input IN F_BOOL Input variable 0 Output OUT BOOL Output variable 0 Error Handling None ...

Страница 229: ...ure elements of the F data type cannot be accessed separately in the CFC chart This enables signals formed in the Safety Program section to be further processed in the standard program section This block must be placed in the standard program section I Os Name Data Type Explanation Default Input IN F_INT Input variable 0 Output OUT INT Output variable 0 Error Handling None ...

Страница 230: ...e elements of the F data type cannot be accessed separately in the CFC chart This enables signals formed in the Safety Program section to be further processed in the standard program section This block must be placed in the standard program section I Os Name Data Type Explanation Default Input IN F_REAL Input variable 0 0 Output OUT REAL Output variable 0 0 Error Handling None ...

Страница 231: ...e F data type F_REAL data type into the F_INT F data type This enables signals formed within the safety program section to be converted and maintain the safety data format I Os Name Data Type Explanation Default Input IN F_REAL Input variable 0 0 Output OUT F_INT Output variable 0 Error Handling None ...

Страница 232: ...elements of the F data type cannot be accessed separately in the CFC chart This enables signals formed in the Safety Program section to be further processed in the standard program section This block must be placed in the standard program section I Os Name Data Type Explanation Default Input IN F_TIME Input variable T 0 ms Output OUT TIME Output variable T 0 ms Error Handling None ...

Страница 233: ...n as the input IN has accepted the value 9 or if there has not been a change within a minute Q is reset to 0 Note Because the fail safe output OUT is only set for one cycle a separate F_QUITES is required for each cyclic interrupt If there is only one block for different run time groups in a cyclic interrupt the blocks F_S_BO and F_R_BO must be used for the exchange of data between the run time gr...

Страница 234: ...vent in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in the safety data fo...

Страница 235: ...10 data items of the data type F_BOOL from another F run time group F_S_R Fail safe transmission of 5 data items of the data type F_ to another F run time group F_R_R Fail safe receipt of 5 data items of the data type F_REAL from another F run time group F_START Startup detection cold restart or warm restart Integration in Block Types With the exception of F_START the system blocks must not be int...

Страница 236: ...e received there by the F_R_BO block The data to be sent e g outputs from other blocks is stored at the inputs SD_BO_xx The output S_DB must be connected with the input of the same name in the received block I Os Name Data Type Explanation Default Inputs SD_BO_00 F_BOOL Send date 00 0 SD_BO_09 F_BOOL Send data 09 0 Output S_DB F_WORD Separate instance DB no 0 Error Handling None ...

Страница 237: ...cation Between F Run Time Groups Startup Characteristics In the first cycle after a cold or warm restart the block outputs the substitute values configured at the SUBBO_xx inputs The output of the substitute values depends on the configured execution times of the cyclic interrupts and occurs as long as the value F_TRUE is at the output SUBS_ON but only until the monitoring time TIMEOUT elapses I O...

Страница 238: ...f the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in the safety data format of the input TIMEOUT error due to online modification of the Safety...

Страница 239: ...be received there by the F_R_R block The data to be sent e g outputs from other blocks is stored at the inputs SD_R_xx The output S_DB must be connected with the input of the same name in the received block I Os Name Data Type Explanation Default Inputs SD_R_00 F_REAL Send date 00 0 SD_R_04 F_REAL Send data 04 0 Output S_DB F_WORD Separate instance DB no 0 Error Handling None ...

Страница 240: ...ation Between F Run Time Groups Startup Characteristics In the first cycle after a cold or warm restart the block outputs the substitute values configured at the SUBR_xx inputs The output of the substitute values depends on the configured execution times of the cyclic interrupts and occurs as long as the value F_TRUE is at the output SUBS_ON but only until the monitoring time TIMEOUT elapses I Os ...

Страница 241: ...f the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in the safety data format of the input TIMEOUT error due to online modification of the Safety...

Страница 242: ...ock indicates by means of a value of 1 at the output COLDSTRT that a startup cold or warm restart has been carried out COLDSTRT remains present until the next call of F_START The F_START must be called before the evaluating blocks I Os Name Data Type Explanation Default Output COLDSTRT F_BOOL Startup identifier cold restart or warm restart 1 Error Handling None ...

Страница 243: ...e driver for 6 channel analog input F_PLK Program execution monitoring before output blocks F_PLK_O Program execution monitoring after output blocks F_SHUTDN Manage F run time group shutdown and restart in the event shutdown errors occur F_TEST Self test for commands not backed up by diversity F_TESTC Control block for the background self test of the CPU F_TESTM Activate deactivate safety mode DB_...

Страница 244: ...nected The invisible output PD_FLAG must not be interconnected I Os Name Data Type Explanation Default Inputs MAX_CYC F_TIME Maximum permissible F cycle time T 0s PD OFF F_BOOL Power Down Monitoring 0 Outputs PD FLAG F_BOOL Power off code 0 DIFF F_DINT Time difference since the last cycle in ms 0 CYC_SQ F_INT Sequence number 0 FAILED BOOL Failure of the OB Indicator 0 Error Handling In the event o...

Страница 245: ...Description 75DAH Error in the safety data format of the input MAX_CYC or the output DIFF error due to online modification of the Safety Program or internal CPU fault 75E1H Power failure 75E1H 75E1H Internal CPU fault 75E1H Maximum permissible F cycle time exceeded or internal CPU fault 75E1H Internal CPU fault ...

Страница 246: ...G_2 at which error information is output are important I Os Name Data Type Explanation Default Inputs CRC_IMP1 WORD CRC via implicit data SM1 Supplied automatically CRC_IMP2 WORD CRC via implicit data SM2 only when RED 1 Supplied automatically DISC_ON BOOL Carry out discrepancy analysis Supplied automatically DISCTIME DINT Discrepancy time in ms Supplied automatically TIMEOUT F_DINT Monitoring tim...

Страница 247: ...yte 0 Byte 0 Bit 0 TIMEOUT error on SM1 Bit 0 TIMEOUT error on SM2 Bit 1 Common error on SM1 Bit 1 Common error on SM2 Bit 2 CRC value watchdog error on SM1 Bit 2 CRC value watchdog error on SM2 Bit 3 Reserved Bit 3 Reserved Bit 4 TIMEOUT error on CPU Bit 4 TIMEOUT error on CPU Bit 5 Watchdog error on CPU Bit 5 Watchdog error on CPU Bit 6 Check value error CRC on CPU Bit 6 Check value error CRC on...

Страница 248: ...ch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in the safety data format error due to online modification of the Safe...

Страница 249: ...G_2 at which error information is output are important I Os Name Data Type Explanation Default Inputs CRC_IMP1 WORD CRC via implicit data SM1 Supplied automatically CRC_IMP2 WORD CRC via implicit data SM2 only when RED 1 Supplied automatically DISC_ON BOOL Carry out discrepancy analysis Supplied automatically DISCTIME DINT Discrepancy time in ms Supplied automatically TIMEOUT F_DINT Monitoring tim...

Страница 250: ...n SM1 Bit 1 Common error on SM2 Bit 2 CRC value watchdog error on SM1 Bit 2 CRC value watchdog error on SM2 Bit 3 Reserved Bit 3 Reserved Bit 4 TIMEOUT error on CPU Bit 4 TIMEOUT error on CPU Bit 5 Watchdog error on CPU Bit 5 Watchdog error on CPU Bit 6 Check value error CRC on CPU Bit 6 Check value error CRC on CPU Bit 7 Reserved Bit 7 Reserved Byte 1 Byte 1 Bit 0 Discrepancy error on channel 0 o...

Страница 251: ... This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in...

Страница 252: ... supplied with values The outputs DIAG_1 and DIAG_2 at which error information is output are important I Os Name Data Type Explanation Default Inputs CHADDR00 F_WORD Interconnection with the F channel driver of channel 0 Interconnected automatically CHADDR07 F_WORD Interconnection with the F channel driver of channel 7 Interconnected automatically CRC_IMP1 WORD CRC via implicit data SM1 Supplied a...

Страница 253: ...4 TIMEOUT error on CPU Bit 4 TIMEOUT error on CPU Bit 5 Watchdog error on CPU Bit 5 Watchdog error on CPU Bit 6 Check value error CRC on CPU Bit 6 Check value error CRC on CPU Bit 7 Reserved Bit 7 Reserved Byte 1 Byte 1 Reserved Reserved Byte 2 Byte 2 Reserved Reserved Byte 3 Byte 3 Reserved Reserved Note In byte 0 of DIAG_1 2 the most recent error information remains stored until a new error occu...

Страница 254: ...channel driver F_CH_DO The I Os of the F module driver are automatically interconnected and supplied with values The outputs DIAG_1 and DIAG_2 at which error information is output are important I Os Name Data Type Explanation Default Inputs CHADDR00 F_WORD Interconnection with the F channel driver of channel 0 Interconnected automatically CHADDR09 F_WORD Interconnection with the F channel driver o...

Страница 255: ...4 TIMEOUT error on CPU Bit 4 TIMEOUT error on CPU Bit 5 Watchdog error on CPU Bit 5 Watchdog error on CPU Bit 6 Check value error CRC on CPU Bit 6 Check value error CRC on CPU Bit 7 Reserved Bit 7 Reserved Byte 1 Byte 1 Reserved Reserved Byte 2 Byte 2 Reserved Reserved Byte 3 Byte 3 Reserved Reserved Note In byte 0 of DIAG_1 2 the most recent error information remains stored until a new error occu...

Страница 256: ...er F_CH_AI The I Os of the F block driver are automatically interconnected and supplied with values The outputs DIAG_1 and DIAG_2 at which error information is output are important I Os Name Data Type Explanation Default Inputs CRC_IMP1 WORD CRC via implicit data SM1 Supplied automatically CRC_IMP2 WORD CRC via implicit data SM2 only when RED 1 Supplied automatically TIMEOUT F_DINT Monitoring time...

Страница 257: ...ation at the Output DIAG_1 2 DIAG_1 DIAG_2 Byte 0 Byte 0 Bit 0 TIMEOUT error on SM1 Bit 0 TIMEOUT error on SM2 Bit 1 Common error on SM1 Bit 1 Common error on SM2 Bit 2 CRC value watchdog error on SM1 Bit 2 CRC value watchdog error on SM2 Bit 3 Reserved Bit 3 Reserved Bit 4 TIMEOUT error on CPU Bit 4 TIMEOUT error on CPU Bit 5 Watchdog error on CPU Bit 5 Watchdog error on CPU Bit 6 Check value err...

Страница 258: ... run time group failure indication 0 Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either d...

Страница 259: ...ror that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Info...

Страница 260: ... connected to the DB_INIT functionsstored in the F_DbInit1 is placed in the slowest Organizational Block OB3x in a run time group named F_ShutDn Note No other logic shall be permitted to be placed within the F_ShutDn CFC Connections may only be made to specified inputs and outputs of the F_SHUTDN function block see the table of I Os below Any logic placed within the F_ShutDn CFC will automatically...

Страница 261: ... reported are Full Shutdown Partial Shutdown Restart of Shutdown Logic and Safety Mode enabled or disabled 1 Outputs FULL_SD BOOL Entire Safety Program shutdown when TRUE Latched output resettable through RESTART input 0 EN_INIT BOOL Required for Safety Program initialization logic Immediately following the RESTART request EN_INIT will remain TRUE while the function block initialization logic exec...

Страница 262: ...t OB34 is 200ms and OB35 is 100ms The consequence of this is that a shutdown for the faster F Run time group may not occur until the next scan of the slowest configured OB in this example OB34 The F Run time group that encounters the detected fault regardless of the SHUTDOWN value will be shutdown Request Safety Program Shutdown Under certain circumstances the user may wish to manually request a c...

Страница 263: ...k tripped diagnostic Full Shutdown Outgoing Alarm Message F_SHUTDN block exited the Full Shutdown state because of a user requested restart Partial Shutdown Incoming Alarm Message If the F_SHUTDN function block is configured with RQ_FULL set to FALSE the first detected shutdown F run time group will be alarmed as a FAILURE While there remain shutdown F run time groups subsequent failures of this F...

Страница 264: ...as been requested If the RQ_FULL is TRUE and a FAILURE is detected the Safety Program will be disabled through the FULL_SD output and this will also trigger an event indicating a full system shutdown Startup Characteristics The F_SHUTDN function block is intended to be available upon startup with the entire Safety Program enabled Error Information in Diagnostic Buffer Error Code W 16 Description 7...

Страница 265: ... Fail safe Blocks V1_2 or higher the manual procedure has been eliminated The user is no longer allowed to manually place the F_CYC_CO function blocks it is now a system function I Os The inputs and outputs will not be explained here since this is logic that the system automatically generates Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is calle...

Страница 266: ...e system automatically generates Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disab...

Страница 267: ...de active 1 Safety mode inactive Report Characteristics When safety mode is activated deactivated the block issues the message PLC not in safety mode to the OS using SFB 33 ALARM The messages can be switched off via the invisible input EN_MSG 0 MSG_STAT output parameter remains unchanged if a suitable report system is not available The ALARM block is called if message suppression is not activated ...

Страница 268: ...ms 8 80 A5E00085588 03 8 6 13 DB_RES Function This block supports the startup characteristics in the event of a cold restart warm restart of the CPU The block is inserted automatically at compilation I Os The block has no visible I Os ...

Страница 269: ...tomatically placed by the compiler in a CFC chart named F_DbInit Connections between the DB_INIT function and the shutdown logic are also created automatically Note No other logic shall be permitted to be placed within the F_DbInit CFC Connections may not be made to any inputs or outputs of these blocks Any logic placed within the F_DbInit CFC will automatically be deleted during the compile I Os ...

Страница 270: ...085588 03 8 6 15 FAIL_MSG Function This block is used by the RTG_LOGIC block type The block is inserted automatically at compilation I Os The inputs and outputs will not be explained here since this is logic that the system automatically generates ...

Страница 271: ...wn logic The RTG_LOGIC function block is automatically placed by the compiler in a CFC chart named F_ShutDn Note No other logic shall be permitted to be placed within the F_ShutDn CFC Connections may not be made to any inputs or outputs of these blocks Any logic placed within the F_ShutDn CFC will automatically be deleted during the compile I Os The inputs and outputs will not be explained here si...

Страница 272: ...iagnostic failure to the diagnostic buffer for users to observe as the cause of failure 2 In an S7 F H system to force a switchover if the fault is detected in the master only As you can see from the two purposes above SFC F_CTRL is used for diagnostic purposes and for availability by forcing the CPU with the detected failure to become the reserve CPU SFC F_CTRL is not responsible for any switchov...

Страница 273: ...y selection 2 out of 3 F_XOUTY Binary selection X out of Y 8 7 1 F_AND4 Function This block links the inputs by means of AND The output OUT is 1 if all the inputs are 1 Otherwise the output is 0 The output OUTN corresponds to the negating output OUT Truth Table IN1 IN2 IN3 IN4 OUT OUTN 0 0 0 0 0 1 0 0 0 1 0 1 0 0 1 0 0 1 0 0 1 1 0 1 0 1 0 0 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 1 1 0 1 1 0 0 0 0 1 1 0 0...

Страница 274: ...tems 8 86 A5E00085588 03 I Os Name Data Type Explanation Default Inputs IN1 F_BOOL Input 1 1 IN2 F_BOOL Input 2 1 IN3 F_BOOL Input 3 1 IN4 F_BOOL Input 4 1 Output OUT F_BOOL Output 1 OUTN F_BOOL Negating output 0 Error Handling None ...

Страница 275: ... output OUT Truth Table IN1 IN2 IN3 IN4 OUT OUTN 0 0 0 0 0 1 0 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 1 0 0 1 0 0 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 1 1 1 0 1 0 0 0 1 0 1 0 0 1 1 0 1 0 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 0 1 1 0 1 1 0 1 1 1 0 1 0 1 1 1 1 1 0 I Os Name Data Type Explanation Default Inputs IN1 F_BOOL Input 1 0 IN2 F_BOOL Input 2 0 IN3 F_BOOL Input 3 0 IN4 F_BOOL Input 4 0 Output OUT F_BOOL Output 0 O...

Страница 276: ... OR The output OUT is 1 if exactly one input is 1 The output OUTN corresponds to the negating output OUT Truth Table IN1 IN2 OUT OUTN 0 0 0 1 0 1 1 0 1 0 1 0 1 1 0 1 I Os Name Data Type Explanation Default Inputs IN1 F_BOOL Input 1 0 IN2 F_BOOL Input 2 0 Output OUT F_BOOL Output 0 OUTN F_BOOL Negating output 1 Error Handling None ...

Страница 277: ...BOOL Input 0 Output OUT F_BOOL Output 1 Error Handling None 8 7 5 F_2OUT3 Function This block monitors three binary inputs for signal state 1 The output OUT is 1 if at least two inputs are 1 Otherwise the output is 0 The output OUTN corresponds to the negating output OUT Truth Table IN1 IN2 IN3 OUT OUTN 0 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 0 0 1 1 0 1 1 0 1 1 0 1 0 1 1 1 1 0 ...

Страница 278: ...l Safe Systems 8 90 A5E00085588 03 I Os Name Data Type Explanation Default Inputs IN1 F_BOOL Input 1 0 IN2 F_BOOL Input 2 0 IN3 F_BOOL Input 3 0 Output OUT F_BOOL Output 0 OUTN F_BOOL Negating output 1 Error Handling None ...

Страница 279: ... F_BOOL Input 1 0 IN2 F_BOOL Input 2 0 IN3 F_BOOL Input 3 0 IN16 F_BOOL Input 16 0 X F_INT Minimum number of inputs with 1 0 X 16 0 Y F_INT Number of inputs to be monitored 0 Y 16 0 Output OUT F_BOOL Output 0 OUTN F_BOOL Negating output 1 Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and r...

Страница 280: ...r limit the output QH 1 U_HL HYS U U_HL QH remains unchanged in this range U U_HL HYS In the event of violation of the lower limit hysteresis the output QH 0 The limit and hysteresis are also available as non fail safe data at the outputs U_HL_O and HYS_O for further processing in the standard program The hysteresis can be used to avoid fluttering of QH if the input value U fluctuates by the limit...

Страница 281: ... in the printout of the CFC chart They must be checked in the printout of the safety program Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in bo...

Страница 282: ...program The hysteresis can be used to avoid fluttering of QL if the input value U fluctuates by the limit value U_LL If either input variable U U_LL or HYS contains an invalid REAL number the Substitute Input SUBS_IN will be passed directly to the output QL If an invalid REAL number is generated during the calculations involving U U LL and HYS the output QL 1 The output QLN corresponds to the nega...

Страница 283: ...em function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code...

Страница 284: ... F_REAL Input variable 2 0 0 IN3 F_REAL Input variable 3 0 0 QBAD1 F_BOOL IN1 invalid 0 QBAD2 F_BOOL IN2 invalid 0 QBAD3 F_BOOL IN3 invalid 0 DELTA REAL Allowable difference 0 0 Outputs OUT F_REAL Median value 0 0 QBAD BOOL Invalid median value 0 DIS1 BOOL IN1 DELTA Discrepancy 0 DIS2 BOOL IN2 DELTA Discrepancy 0 DIS3 BOOL IN3 DELTA Discrepancy 0 The block employs a two out of three selection sche...

Страница 285: ...rivers detect a failure output their SUBS_V value and set their QBAD to 1 the F_2oo3_R block s QBAD output will be 1 indicating that the selected analog output V is no longer valid Therefore a configuration using the F_CH_AI and F_2oo3_R blocks would have the following connections The V outputs of the three F_CH_AI connected to the three IN inputs of the F_2oo3_R The QBAD outputs of the three F_CH...

Страница 286: ...ta Type Explanation Default Inputs IN1 F_REAL Input variable 1 0 0 IN2 F_REAL Input variable 2 0 0 QBAD1 F_BOOL IN1 invalid 0 QBAD2 F_BOOL IN2 invalid 0 DELTA REAL Allowable difference 0 0 Outputs OUT F_REAL Selected value 0 0 QBAD BOOL Invalid selected value 0 DIS1 BOOL IN1 DELTA Discrepancy 0 DIS2 BOOL IN2 DELTA Discrepancy 0 The block employs a one out of two selection scheme and is often used ...

Страница 287: ... as its analog output If both channel drivers detect a failure output their SUBS_V value and set their QBAD to 1 the F_1oo2_R block s QBAD output will be 1 indicating that the selected analog output V is no longer valid Therefore a configuration using the F_CH_AI and F_1oo2_R blocks would have the following connections The V outputs of the two F_CH_AI connected to the two IN inputs of the F_1oo2_R...

Страница 288: ...nt F_SR_FF SR flipflop setting dominant 8 9 1 F_RS_FF Function The block executes the function of an RS flipflop resetting dominant The RS flipflop is reset if the signal state at the input R 1 and at the input S 0 The flipflop is set if the input R 0 and the input S 1 If the result of the logic operation is 1 at both inputs the flipflop is reset Truth Table R S QN QNn 0 0 Qn 1 QNn 1 0 1 1 0 1 0 0...

Страница 289: ...or Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the...

Страница 290: ...te the program you preset the Q output in CFC with the initial value 1 it will remain set after startup cold restart or warm restart until the signal state at the R input changes to 1 at input S 0 Note that the initial values of output parameters do not appear in the printout of the CFC chart They must be checked in the printout of the safety program Error Handling In the event of an error that is...

Страница 291: ...D and R CU CV is increased by 1 If the count value reaches the upper limit 32 767 it is not increased any further CD CV is decreased by 1 If the count value reaches the lower limit 32 768 it is not decreased any further LOAD 1 CV is preset with the value of the input PV The values at the inputs CU and CD are ignored R 1 CV is reset to 0 The values at the inputs CU CD and LOAD are ignored If in a c...

Страница 292: ...cremented or decremented as of this value Note that the initial values of output parameters do not appear in the printout of the CFC chart They must be checked in the printout of the safety program Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if th...

Страница 293: ...output Q has already been set The maximum value it can adopt is that of the input PT It is reset if the input IN changes to 0 but not before the time PT has elapsed If PT 0 the outputs Q and ET are reset Timing Diagram scasc Q IN PT ET PT PT PT Startup Characteristics In the first cycle after a cold or warm restart or in the case of a first call the timer is reset I Os Name Data Type Explanation D...

Страница 294: ...ccurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in the safety data format of the inputs PT and IN and the output ET error due to online modification of th...

Страница 295: ...e output ET indicates the time that has elapsed since the last rising edge at the input IN but only up to the value of the input PT ET is reset if the input IN changes to 0 If PT 0 the outputs Q and ET are reset Timing Diagram scasc Q IN PT ET PT PT Startup Characteristics In the first cycle after a cold or warm restart or in the case of a first call the timer is reset I Os Name Data Type Explanat...

Страница 296: ...ccurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in the safety data format of the inputs PT and IN and the output ET error due to online modification of th...

Страница 297: ...he output ET indicates the time that has elapsed since the last falling edge at the input IN but only up to the value at the input PT ET is reset if the input IN changes to 1 If PT 0 the outputs Q and ET are reset Timing Diagram Q IN PT ET PT PT Startup Characteristics In the first cycle after a cold or warm restart or in the case of a first call the timer is reset I Os Name Data Type Explanation ...

Страница 298: ...ccurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75DAH Error in the safety data format of the inputs PT and IN and the output ET error due to online modification of th...

Страница 299: ...e input variable for the occurrence of a falling edge and indicates at the output whether an edge has been detected At a falling edge of the input pulse CLK the output Q is set to 1 until the next call of the block Timing Diagram CLK Q Startup Characteristics In the first cycle after a cold or warm restart or in the case of a first call no edge is detected I Os Name Data Type Explanation Default I...

Страница 300: ... At a rising edge of the input pulse CLK the output Q is set to 1 until the next call of the block Timing Diagram CLK Q Startup Characteristics If the input CLK has a value of 1 in the first cycle after a cold or warm restart a rising edge is detected and the output Q is set to 1 until the next call of the block I Os Name Data Type Explanation Default Input CLK F_BOOL Input pulse 0 Output Q F_BOOL...

Страница 301: ...puts OUTU and OUTL are set to 1 If IN is MAX the upper limit has been violated OUT MAX OUTU 1 and OUTL 0 If IN is MIN the lower limit has been violated OUT MIN OUTU 0 and OUTL 1 If IN is between MIN and MAX OUT IN OUTU 0 and OUTL 0 are set I Os Name Data Type Explanation Default Inputs IN F_TIME Input variable T 0 ms MIN F_TIME Lower limit T 0 ms MAX F_TIME Upper limit T 24d 20h 31m 23s 647ms Outp...

Страница 302: ...er than or equal to the upper limit MAX the output OUT MAX and the outputs OUTU and OUTL are set to 1 If IN is MAX the upper limit has been violated OUT MAX OUTU 1 and OUTL 0 If IN is MIN the lower limit has been violated OUT MIN OUTU 0 and OUTL 1 If IN is between MIN and MAX OUT IN OUTU 0 and OUTL 0 are set I Os Name Data Type Explanation Default Inputs IN F_INT Input variable 0 MIN F_INT Lower l...

Страница 303: ... Medium of three REAL values F_MIN3_R Minimum of three REAL values F_LIM_R Asymmetrical limiter of REAL values F_SQRT Calculation of the square root F_AVEX_R Mean value of a maximum of nine REAL values F_SMP_AV Sliding mean value 8 13 1 F_ADD_R Function This block adds the inputs and outputs the sum at the output OUT IN1 IN2 I Os Name Data Type Explanation Default Inputs IN1 F_REAL Addend 1 0 0 IN...

Страница 304: ...from the input IN1 and outputs the difference at the output OUT IN1 IN2 I Os Name Data Type Explanation Default Inputs IN1 F_REAL Minuend 0 0 IN2 F_REAL Subtrahend 0 0 Output OUT F_REAL Difference 0 0 Error Handling If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer Error Information in Diagnostic Buffer Error Code W 16 Description 75D9H Invalid R...

Страница 305: ... Os Name Data Type Explanation Default Inputs IN1 F_REAL Multiplicand 0 0 IN2 F_REAL Multiplier 0 0 Output OUT F_REAL Product 0 0 Error Handling If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer Error Information in Diagnostic Buffer Error Code W 16 Description 75D9H Invalid REAL number generated by the operation ...

Страница 306: ...tion Default Inputs IN1 F_REAL Dividend 0 0 IN2 F_REAL Divisor 1 0 Output OUT F_REAL Quotient 0 0 Error Handling If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer Error Information in Diagnostic Buffer Error Code W 16 Description 75D9H Invalid REAL number generated by the operation Note Use the F block F_LIM_R to prevent errors as a result of div...

Страница 307: ...588 03 8 119 8 13 5 F_ABS_R Function This block outputs the absolute value amount of the input at the output OUT IN I Os Name Data Type Explanation Default Input IN F_REAL Input value 0 0 Output OUT F_REAL Absolute value 0 0 Error Handling None ...

Страница 308: ...from only two inputs OUT MAX IN1 IN2 IN3 I Os Name Data Type Explanation Default Inputs IN1 F_REAL Input variable 1 3 402823e 38 IN2 F_REAL Input variable 2 3 402823e 38 IN3 F_REAL Input variable 3 3 402823e 38 Output OUT F_REAL Maximum value 3 402823e 38 Error Handling If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer Error Information in Diagno...

Страница 309: ...ata Type Explanation Default Inputs IN1 F_REAL Input variable 1 0 0 IN2 F_REAL Input variable 2 0 0 IN3 F_REAL Input variable 3 0 0 Output OUT F_REAL Mean value 0 0 Error Handling If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer Error Information in Diagnostic Buffer Error Code W 16 Description 75D9H Invalid REAL number generated by the operatio...

Страница 310: ...from only two inputs OUT MIN IN1 IN2 IN3 I Os Name Data Type Explanation Default Inputs IN1 F_REAL Input variable 1 3 402823e 38 IN2 F_REAL Input variable 2 3 402823e 38 IN3 F_REAL Input variable 3 3 402823e 38 Output OUT F_REAL Minimum value 3 402823e 38 Error Handling If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer Error Information in Diagno...

Страница 311: ...tput OUT and both OUTH 1 and OUTL 1 I Os Name Data Type Explanation Default Inputs IN F_REAL Input variable 0 0 MIN F_REAL Lower limit 100 0 MAX F_REAL Upper limit 100 0 SUBS_IN F_REAL Substitute Input 0 0 Outputs OUT F_REAL Output variable 0 0 OUTU F_BOOL Upper limit violation 0 OUTL F_BOOL Lower limit violation 0 Error Handling In the event of an error that is critical to safety the system funct...

Страница 312: ...UT IN The input IN must be positive I Os Name Data Type Explanation Default Input IN F_REAL Radicand 0 0 Output OUT F_REAL Root 0 0 Error Handling If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer Error Information in Diagnostic Buffer Error Code W 16 Description 75D9H Invalid REAL number generated by the operation ...

Страница 313: ... 0 0 IN2 F_REAL Input variable 2 0 0 IN3 F_REAL Input variable 3 0 0 IN4 F_REAL Input variable 4 0 0 IN5 F_REAL Input variable 5 0 0 IN6 F_REAL Input variable 6 0 0 IN7 F_REAL Input variable 7 0 0 IN8 F_REAL Input variable 8 0 0 IN9 F_REAL Input variable 9 0 0 VALIDIN1 F_BOOL IN1 valid 1 VALIDIN2 F_BOOL IN2 valid 1 VALIDIN3 F_BOOL IN3 valid 1 VALIDIN4 F_BOOL IN4 valid 1 VALIDIN5 F_BOOL IN5 valid 1...

Страница 314: ...tch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run time group or the entire Safety Program Error Information in Diagnostic Buffer Error Code W 16 Description 75D9H Invalid REAL number generated by the operation 75DAH Error in the safety da...

Страница 315: ...the startup are not taken into account Error Handling If the condition 0 N 33 is not fulfilled OUT INk is set If the operation generates an invalid REAL number the event will be recorded in the Diagnostic Buffer In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the...

Страница 316: ...Output 0 0 Error Handling In the event of an error that is critical to safety the system function SFC F_CTRL is called This records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only on the master CPU For non redundant systems or a common cause error occurring in both CPUs the shutdown logic can be configured to either disable the erred F run tim...

Страница 317: ...thout incident If a fail safe block generates an invalid REAL number the system function SFC 65097 WRSYMSG is called to record the event in the Diagnostic Buffer Once generated invalid REAL numbers will be accepted and used by subsequent fail safe blocks without incident Remedy check the values using for example F_LIM_R Error Information in Diagnostic Buffer In the event of an error error informat...

Страница 318: ...or sent the expected response to the CPU with the new consecutive number Discrepancy errors in the case of redundant digital input modules Module faults reported by the F I Os Channel faults reported by the F I Os ET 200M only if the Group Diagnosis parameter is set Error Reaction F channel drivers for digital input modules output the substitute value 0 at the outputs F channel drivers for analog ...

Страница 319: ... diagnostic messages and possible remedies in the section entitled Error Information at the Outputs of the Driver Blocks Error in the Safety Data Format If an error is detected in the safety data format the system function SFC F_CTRL is called automatically The system function SFC F_CTRL records the event in the Diagnostic Buffer and requests a switch to the reserve CPU if the error occurred only ...

Страница 320: ...d them again and carry out a cold restart Switch the voltage off and on at the F I O Check the PROFIBUS connection between the CPU and F I O Read out the module diagnosis Bit 3 Reserved Bit 4 TIMEOUT error on CPU or internal CPU fault Check the PROFIBUS connection between the CPU and F I O Download the configuration from HWCONFIG compile the changes to the Safety Program download them again and ca...

Страница 321: ...pancy error on channel 7 of SMn Byte 2 in the case of F_M_DI24 only Bit 0 Discrepancy error on channel 8 of SMn Bit 7 Discrepancy error on channel 15 of SM1 Byte 3 in the case of F_M_DI24 only Bit 0 Discrepancy error on channel 16 of SM1 Bit 7 Discrepancy error on channel 23 of SMn n 1 Diagnostic information for module SM1 n 2 Diagnostic information for redundant module SM2 Note In byte 0 of DIAG_...

Страница 322: ...lculations such as infinity This event contains the Instance DB number of the function block that encountered this invalid calculation Use the DB number to identify the function block within the project that has this failure 1 Open the CFC Editor and click on the cross reference button 2 Choose Edit Find and enter DB xxx where xxx is the DB number being reported in the error event Once you identif...

Страница 323: ... RTG_LOGIC FBs are in the CFC chart F_ShutDn The number at the end of the RTG_LOGIC FB s Name is the instance DB number finding the F FB with the DB xx reported in event will lead to discovering the Run time Group Name and chart location Identify the cause of the shutdown and resolve the issue You may restart all of the shutdown F run time Groups through the RESTART input of the FB F_SHUTDN locate...

Страница 324: ...dies 74DEH The FB F_SHUTDN has completed a re initialization of the whole Safety Program all F run time groups are enabled This would happen after the User causes a 0 1 transition on the RESTART input of the FB F_SHUTDN located in the CFC chart F_ShutDn Safety Program Initialization Start End Reported from Shutdown Logic F_SHUTDN Error Code W 16 Cause Remedies 75DFH This would happen after the Use...

Страница 325: ...essing F_CYC_CO internal CPU fault Error processing F_TEST internal CPU fault Error processing F_TESTC internal CPU fault Error due to online modification of the Safety Program or internal CPU fault Restart the Shutdown logic or Stop and ColdStart F CPU or Full Download of the complete program to F CPU or Replace the F CPU Error Detected in F_PLK_O Program Data Flow Control Error After Output Bloc...

Страница 326: ... CPU or Increase the cycle time of the OB3x containing your F run time Group experiencing the maximum cycle time exceeded or Move functionality out of the OB3x to another OB3x This includes standard and F Blocks that are running within said F run time the OB3x Error Detected in F_TEST Command Test Error Code W 16 Cause Remedies 75E1H Internal CPU fault Restart the Shutdown logic or Stop and ColdSt...

Страница 327: ...he CPU or Error due to online modification of the Safety Program or internal CPU fault Check whether tests of the F CPU have been switched off by SFC90 H_CTRL The tests must not be switched off Insure that the F CPU s Test Cycle Time has been set 12h in CPU s H Parameters properties or Restart the Shutdown logic or Stop and ColdStart F CPU or Full Download of the complete program to F CPU or Repla...

Страница 328: ...necting cable 3 ERROR bit of USEND set Communication problems see high byte Check the connection configuration and download it again Check the connecting cable 4 ERROR bit of URCV set Communication problems see high byte Check the connection configuration and download it again Check the connecting cable 5 Check value error CRC or internal error in the sender or recipient CPU or in the CP Check whe...

Страница 329: ...CPU one F I O Redundant CPU one F I O One CPU redundant F I O Redundant CPU redundant F I O 465 520 740 814 F_M_DI8 FB 384 F module driver for 8 channel digital input One CPU one F I O Redundant CPU redundant F I O One CPU redundant F I O Redundant CPU redundant F I O 518 570 1046 1155 F_M_DI24 FB 385 F module driver for 24 channel digital input One CPU one F I O Redundant CPU one F I O One CPU re...

Страница 330: ...I FB 461 Convert from F_REAL to F_INT 13 F_FR_R FC 304 Convert from F_REAL to REAL 10 F_FTI_TI FC 306 Convert from F_TIME to TIME 10 F_I_FI FB 369 Converts from INT to F_INT 11 F_LIM_HL FB 314 Monitoring of upper limit value violation of a REAL value 24 F_LIM_I FB 350 Asymmetrical limiter of INT values 21 F_LIM_LL FB 315 Monitoring of lower limit violation of a REAL value 24 F_LIM_R FB 329 Asymmet...

Страница 331: ...ion of the square root 58 F_SR_FF FB 308 SR flipflop setting dominant 16 F_START FB 394 Startup detection cold restart or warm restart 11 F_SUB_R FB 322 Subtraction of two REAL values 16 F_TEST FB 398 Self test for commands not backed up by diversity 362 F_TESTC FB 399 Control block for the background self test of the CPU 445 F_TESTM FB 400 Switching of Safety Mode on and off 178 F_TI_FTI FB 368 C...

Страница 332: ...Fail Safe Blocks Fail Safe Systems 8 144 A5E00085588 03 ...

Страница 333: ...afe Modules Check List Phase Note Refer to Check Planning Prerequisite A Safety requirements specification must be available for the planned application Depends on the process Specification of the system architecture Depends on the process Allocation of functions and subfunctions to the system components Depends on the process F SYS Sect 1 7 F SYS Sect 7 3 Selection of the sensors and actuators Re...

Страница 334: ...g Verification of the hardware components used on the basis of the check list of the certified F function blocks F SYS Sect 5 2 1 F SYS App A 3 Creation of the CFC charts Rules for the CFC charts of the Safety Program F SYS Sect 5 2 4 Creation of the run time groups Rules for the run time groups of the Safety Program F SYS Sect 5 2 5 Placement and interconnection of the F function blocks Rules for...

Страница 335: ...loading Rules for testing Creating Block Types F SYS Sect 5 4 4 F SYS Sect 5 4 7 F SYS Sect 5 4 11 5 4 12 F SYS Sect 5 4 6 Installation Hardware setup Rules for installation Rules for wiring F SM Chap 4 F ET 200S Chap 5 and 6 F SM Chap 4 F ET 200S Chap 5 and 6 Downloading of the fail safe program Rules for downloading F SYS Sect 5 4 7 to 5 4 10 ...

Страница 336: ...es to faults errors and events F SYS Sect 8 15 Replacement of hardware components Rules for the replacement of modules F SM Sect 3 6 F ET 200S Sect 6 4 Modifications to the Safety Program Rules for deactivating safety mode Rules for modifying the Safety Program F SYS Sect 5 4 2 F SYS Sect 6 3 Updating of the operating system Rules for the updating of the operating system as in the standard case St...

Страница 337: ...3Bit Analog input module 6ES7 336 1HE00 0AB0 PM E F 24 VDC PROFIsafe Power Module 6ES7 138 4CF00 0AB0 4 8 F DI 24 VDC PROFIsafe Digital Electronic Module 6ES7 138 4FA00 0AB0 4 F DO 24 VDC 2 A PROFIsafe Digital Electronic Module 6ES7 138 4FB00 0AB0 PM D F 24 VDC PROFIsafe Power Module 3RK 1903 3BA00 F Copy License Downloading F blocks to an F or FH destination system is only permitted if you have a...

Страница 338: ...cluded in safety considerations the following check list ought to be of assistance when you configure the F system with sensors and actuators Demands on Sensors and Actuators Check Are your sensors and actuators of adequate quality and suitable for environments with polluted air and corrosive fumes Do you make use of the possibilities of double redundancy for sensors where appropriate Do you make ...

Страница 339: ...386 F module driver for 10 channel digital output F_CH_DI FB 377 F channel driver for digital input F_CH_DO FB 378 F channel driver for digital output F_CH_AI FB 379 F channel driver for analog input Further Blocks in Alphabetical Order F_1oo2_R FB 457 1 out of 2 analog voter block Block Type F_2OUT3 FB 305 Binary selection 2 out of 3 F_2oo3_R FB 456 2 out of 3 analog voter block Bock Type F_ABS_R...

Страница 340: ...her F run time group F_R_FR FB 362 Convert from REAL to F_REAL F_R_R FB 393 Fail safe receipt of 5 data items of the data type F_REAL from another F run time group F_R_TRIG FB 346 Detection of the rising edge F_RCVBO FB 371 Receives F_BOOL data from another CPU F_RCVR FB 373 Receives F_REAL data from another CPU F_RS_FF FB 307 RS flipflop resetting dominant F_S_BO FB 390 Fail safe transmission of ...

Страница 341: ... Supports the startup characteristics in the event of a cold restart warm restart of the CPU FAIL_MSG FC 181 F run time group shutdown diagnostic error reporting RTG_LOGIC FB 459 F run time group shutdown and restart logic interface Even though these blocks aren t yellow they are safety critical and are placed automatically by the CFC editor The user may not place or remove these blocks Changes ar...

Страница 342: ... be compared with the parameters of the F I Os from the hardware configuration F Driver Type Safety Parameter Value Check Call of the F driver block F_M_DI8 F_M_DI24 F_M_AI6 F_M_DO10 or F_M_D08 LADDR LADDR_R TIMEOUT etc Value from the printout of the Safety Program information Example F Driver Type Safety Parameter Value Check F 1 F_M_DI8 TIMEOUT 1000 LADDR 24 LADDR_R 0 F 4 F_M_DI24 TIMEOUT 2000 L...

Страница 343: ...7 300 Programmable Controllers Reference Manual 7 ET 200M Distributed I O Device 8 ET 200S Distributed I O System Fail Safe Modules 9 STEP 7 manuals 10 PCS 7 manuals 11 CFC manuals 12 Testing S7 Programs with S7 PLCSIM You can find manuals 2 to 8 in the SIMATIC Electronic Manuals collection on CD ROM Manuals 9 to 12 are included with the products in electronic form Some of them can be obtained by ...

Страница 344: ...References Fail Safe Systems B 2 A5E00085558 03 ...

Страница 345: ...nnel is automatically depassivated after the problem is eliminated Cyclic redundancy check CRC A test procedure to check the integrity of data By means of a generator polynominal a check sum is formed that is characteristic for the relevant data volume in the sense of being a signature A CRC check sum is formed for example for the process values contained in the safety frame or for the safety rela...

Страница 346: ...gurable time for the discrepancy analysis E ES Engineering system F F Abbreviation for fail safe F Copy License Formal permission to use the CPU as an F compatible CPU for S7 F FH systems F CPU F capable CPU containing a safety program F cycle time Cyclic interrupt time for OBs with F run time groups F Data Types Fail safe data types F FBs Fail safe function blocks F I Os Fail safe Input Output mo...

Страница 347: ...ault Module wide fault Module faults can be external faults e g no load voltage or internal faults e g processor failure An internal error always requires module replacement Module redundancy An additional identical module is operated redundantly to increase availability O OS Operator station P Passivation Passivation of digital output channels means that the outputs are deenergized Passivation of...

Страница 348: ...r between the CPU and the fail safe signal modules Safety function In accordance with IEC 61508 A function implemented by a safety system to ensure that the system is kept in a safe state or brought into a safe state in the event of a problem All of the hardware and software components that are involved in implementing a certain process subfunction Safety integrity level Safety level between 4 and...

Страница 349: ...ion chambers If this is achieved with multi channel systems the safety system consists of all the channels and monitoring equipment that contribute to safety Safety related Fail safe Sensor Evaluation There are two types of sensor evaluation 1oo1 evaluation The sensor signal is read once 1oo2 evaluation To increase availability the sensor signal is read in twice from the same module and compared i...

Страница 350: ...Glossary Fail Safe Systems Glossary 6 A5E00085588 03 ...

Страница 351: ...ommunication between F run time groups 3 11 Communication between standard and Safety Program s 5 31 Communication between the CPU and F I Os 3 11 Compare Safety Programs 5 67 Comparison Blocks for Two Input Values of the Same Type 8 92 Compiling a Safety Program 5 43 COMPLEM component 8 2 Components of an S7 F System 1 7 Configuration and parameter assignment of hardware 4 1 Configuring CIR 4 11 ...

Страница 352: ...11 F_FBO_BO 5 36 5 37 8 40 F_FI_I 5 36 5 37 8 41 F_FR_FI 8 43 F_FR_R 5 36 5 37 8 42 F_FTI_TI 5 36 5 37 8 44 F_I_FI 8 37 F_LIM_HL 8 92 F_LIM_I 8 114 F_LIM_LL 8 94 F_LIM_R 8 123 F_LIM_TI 8 113 F_M_AI6 8 68 F_M_DI24 8 61 F_M_DI8 8 58 F_M_DO10 8 66 F_M_DO8 8 64 F_MAX3_R 8 120 F_MID3_R 8 121 F_MIN3_R 8 122 F_MUL_R 8 117 F_MUX2_R 8 128 F_NOT 8 89 F_OR4 8 87 F_PLK 8 70 F_PLK_O 8 71 F_QUITES 8 45 F_R_BO 5...

Страница 353: ... requirement mode 7 4 Optional package installing 1 11 1 13 OR logic operation 8 87 Overview 4 1 Overview of fault control measures 3 3 P Parameter assignment of F I Os 4 4 Passivating fail safe output modules 6 5 Passivation 5 24 5 25 5 26 Password 3 8 4 3 5 47 Performance enhancement 5 7 Placing and interconnecting F blocks 5 4 5 5 Plausibility check 6 3 8 35 Plausibility checking 5 36 PLCSim 5 ...

Страница 354: ...ated communication between CPUs 3 12 Safety related parameters 7 17 Save reference data 5 66 Self tests 3 5 Sending F_BOOL data 8 27 F_REAL data 8 31 Setting up Access Rights for the CPU 4 8 Setting up the hardware 2 4 SFC F_CTRL 8 84 Simulating an Safety Program with S7 PLCSIM 5 57 Simulating PROFIsafe nodes 6 1 Simulating Safety Programs 5 57 Simulation 5 57 5 58 5 59 5 60 5 61 Simulation blocks...

Отзывы:

Нет отзывов