Function block
- Interface
Function description
Additional information
Error detection
- External function block error
Error behavior
Error and status messages
- Function block specific error codes
- Function block-specific status codes (no error)

Function block

This function block is used to support function "safety function request" (e.g. safe stop, safely reduced speed) in an application.

images/download/attachments/521704527/_sf_safetyrequest1-version-1-modificationdate-1686303108433-api-v2.png

Interface

I/O	Name	Data type	Initial value	Description
IN	Activate	BOOL	FALSE	see General parameters
IN	S_OpMode	SAFEBOOL	SAFEFALSE	Variable. Requested mode of a generic safe actuator. SAFEFALSE: Safe mode is requested. SAFETRUE: Operating mode is requested.
IN	S_Acknowledge	SAFEBOOL	SAFEFALSE	Variable. Confirmation of the generic actuator when the actuator is in safe state. SAFEFALSE: Operating mode (non safe state). SAFETRUE: Safe mode.
IN	MonitoringTime	TIME	T#0s	Constant. Monitoring the response time between the safety function request (S_OpMode = SAFEFALSE) and the actuator acknowledgment (S_Acknowledge changes to SAFETRUE).
IN	S_StartReset	SAFEBOOL	FALSE	see General parameters
IN	Reset	BOOL	FALSE	see General parameters With function for acknowledgment of error correction.
OUT	Ready	BOOL	FALSE	see General parameters
OUT	S_SafetyActive	SAFEBOOL	SAFEFALSE	Confirmation of the safe state. SAFEFALSE: Non safe state. SAFETRUE: Safe state.
OUT	S_SafetyRequest	SAFEBOOL	SAFEFALSE	Request to set the actuator in a safe state. SAFEFALSE: Safe state is requested. SAFETRUE: Non safe state.
OUT	SafetyDemand	BOOL	FALSE	see General parameters
OUT	ResetRequest	BOOL	FALSE	see General parameters
OUT	Error	BOOL	FALSE	see General parameters
OUT	DiagCode	WORD	16#0000	see General parameters

Function description

This function block serves as an interface between the safety application / safety controller and the connected safe peripheral (e.g. safe drive). The safety function for the safe peripheral connected to the function block can be requested by the function block from the program on the safety controller. The function block monitors the reaction to the request for a safety function via the feedback signal of the safe peripheral (input parameter S_Acknowledge).

The data exchange for requesting a safe operating mode and feedback about the current operating mode is handled by an I/O coupling between the safety application and safe peripheral. The I/O signals are connected to the function block via inputs and outputs.

The function block outputs the state of the connected safe peripheral via a binary input parameter for further processing in the safety application.

Note

It must be noted that the function block DOES NOT execute the safety function of the connected safe peripheral. The safe peripheral executes the safety function itself independently of the function block. The function block only requests the safety function and confirms that it has received feedback about the active safe state from the safe peripheral.

Use suitable corrective measures to ensure that no hazard can arise from the safe peripheral when the safe peripheral executes the safety function!

The function block receives via input S_OpMode the request from the upstream safety application that the connected safe peripheral should execute or not execute a safety function. The function block forwards this request to the connected safe peripheral via output S_SafetyRequest.

When the connected safe peripheral receives the request to execute a safe operating mode: A SAFEFALSE signal at S_OpMode sets S_SafetyRequest to SAFEFALSE if the function block is active. If the function block receives feedback (signal SAFETRUE) on input S_Acknowledge from the safe peripheral within the specified time (input parameter MonitoringTime) that the peripheral is executing the safety function, then the function block generates confirmation (signal SAFETRUE) on output parameter S_SafetyActive. Otherwise, the function block outputs an error message on output parameter DiagCode.
When the connected safe peripheral receives the request to not execute a safe operating mode:
Signal SAFETRUE on S_OpMode sets S_SafetyRequest to SAFETRUE and S_SafetyActive to SAFEFALSE when the function block is active.

Additional information

images/download/attachments/521704551/sf_safetyrequestzeitdiagramm1_EN-version-1-modificationdate-1695293129126-api-v2.png

1) Start

2) Normal operation

3) Error

Error detection

The function block detects ...

whether the actuator does not go into the safe state within the monitoring time.
whether the confirmation signal is lost during an active request.
a static reset signal.

External function block error

There are no external errors, as the generic actuator provides no error bits/information.

Error behavior

In the event of an error, output S_SafetyActive is set to SAFEFALSE.

An error must be acknowledged by a rising trigger at the inputReset. To continue the function block after this reset, the request S_OpMode must be set to SAFETRUE or S_Acknowledge must become SAFETRUE.

Error and status messages

Function block specific error codes

DiagCode	Name	Description and output settings
C010	Acknowledge lost	Confirmation lost in safe state. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = TRUE Error = TRUE
C020	MonitoringTime elapsed	S_OpMode request could not be completed within the monitoring time. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = TRUE Error = TRUE
C001	Reset error 1	Static reset detected in status 8401 Init. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE
C014	Reset error 2	Acknowledge lost status detected in C010. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE
C011	Reset error 3	Monitoring time elapsed status detected in C020. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE

Function block-specific status codes (no error)

DiagCode	Name	Description and output settings
0000	Idle	Function block is not active (initial state). Ready = FALSE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE
8000	Safe mode	Actuator is in the safe state. Ready = TRUE S_SafetyActive = SAFETRUE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE
8401	Init	The status is set to TRUE after Activate or after a rising trigger on Reset. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = TRUE Error = FALSE
8802	Operation mode	Operating mode without confirmation of safe mode. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFETRUE SafetyDemand = TRUE ResetRequest = FALSE Error = FALSE
8804	Wait for confirmation OpMode	Operating mode with confirmation of safe mode.. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFETRUE SafetyDemand = TRUE ResetRequest = FALSE Error = FALSE
8002	Wait for Confirmation	Waiting for confirmation from the drive (system interface). Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE
8004	Wait for OpMode	Error was removed. However, S_OpMode must be set to SAFETRUE or S_Acknowledge must become SAFETRUE before the function block can be resumed. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE