SF_SafetyRequest block
Function block
This function block is used to support function "safety function request" (e.g. safe stop, safely reduced speed) in an application.
Interface
I/O |
Name |
Data type |
Initial value |
Description |
IN |
Activate |
BOOL |
FALSE |
|
IN |
S_OpMode |
SAFEBOOL |
SAFEFALSE |
Variable. Requested mode of a generic safe actuator. SAFEFALSE: Safe mode is requested. SAFETRUE: Operating mode is requested. |
IN |
S_Acknowledge |
SAFEBOOL |
SAFEFALSE |
Variable. Confirmation of the generic actuator when the actuator is in safe state. SAFEFALSE: Operating mode (non safe state). SAFETRUE: Safe mode. |
IN |
MonitoringTime |
TIME |
T#0s |
Constant. Monitoring the response time between the safety function request (S_OpMode = SAFEFALSE) and the actuator acknowledgment (S_Acknowledge changes to SAFETRUE). |
IN |
S_StartReset |
SAFEBOOL |
FALSE |
|
IN |
Reset |
BOOL |
FALSE |
With function for acknowledgment of error correction. |
OUT |
Ready |
BOOL |
FALSE |
|
OUT |
S_SafetyActive |
SAFEBOOL |
SAFEFALSE |
Confirmation of the safe state. SAFEFALSE: Non safe state. SAFETRUE: Safe state. |
OUT |
S_SafetyRequest |
SAFEBOOL |
SAFEFALSE |
Request to set the actuator in a safe state. SAFEFALSE: Safe state is requested. SAFETRUE: Non safe state. |
OUT |
SafetyDemand |
BOOL |
FALSE |
|
OUT |
ResetRequest |
BOOL |
FALSE |
|
OUT |
Error |
BOOL |
FALSE |
|
OUT |
DiagCode |
WORD |
16#0000 |
Function description
This function block serves as an interface between the safety application / safety controller and the connected safe peripheral (e.g. safe drive). The safety function for the safe peripheral connected to the function block can be requested by the function block from the program on the safety controller. The function block monitors the reaction to the request for a safety function via the feedback signal of the safe peripheral (input parameter S_Acknowledge).
The data exchange for requesting a safe operating mode and feedback about the current operating mode is handled by an I/O coupling between the safety application and safe peripheral. The I/O signals are connected to the function block via inputs and outputs.
The function block outputs the state of the connected safe peripheral via a binary input parameter for further processing in the safety application.
Note
It must be noted that the function block DOES NOT execute the safety function of the connected safe peripheral. The safe peripheral executes the safety function itself independently of the function block. The function block only requests the safety function and confirms that it has received feedback about the active safe state from the safe peripheral.
Use suitable corrective measures to ensure that no hazard can arise from the safe peripheral when the safe peripheral executes the safety function!
The function block receives via input S_OpMode the request from the upstream safety application that the connected safe peripheral should execute or not execute a safety function. The function block forwards this request to the connected safe peripheral via output S_SafetyRequest.
When the connected safe peripheral receives the request to execute a safe operating mode: A SAFEFALSE signal at S_OpMode sets S_SafetyRequest to SAFEFALSE if the function block is active. If the function block receives feedback (signal SAFETRUE) on input S_Acknowledge from the safe peripheral within the specified time (input parameter MonitoringTime) that the peripheral is executing the safety function, then the function block generates confirmation (signal SAFETRUE) on output parameter S_SafetyActive. Otherwise, the function block outputs an error message on output parameter DiagCode.
When the connected safe peripheral receives the request to not execute a safe operating mode:
Signal SAFETRUE on S_OpMode sets S_SafetyRequest to SAFETRUE and S_SafetyActive to SAFEFALSE when the function block is active.
Additional information
1) Start
2) Normal operation
3) Error
Error detection
The function block detects ...
whether the actuator does not go into the safe state within the monitoring time.
whether the confirmation signal is lost during an active request.
a static reset signal.
External function block error
There are no external errors, as the generic actuator provides no error bits/information.
Error behavior
In the event of an error, output S_SafetyActive is set to SAFEFALSE.
An error must be acknowledged by a rising trigger at the inputReset. To continue the function block after this reset, the request S_OpMode must be set to SAFETRUE or S_Acknowledge must become SAFETRUE.
Error and status messages
Function block specific error codes
DiagCode |
Name |
Description and output settings |
C010 |
Acknowledge lost |
Confirmation lost in safe state. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = TRUE Error = TRUE |
C020 |
MonitoringTime elapsed |
S_OpMode request could not be completed within the monitoring time. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = TRUE Error = TRUE |
C001 |
Reset error 1 |
Static reset detected in status 8401 Init. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
C014 |
Reset error 2 |
Acknowledge lost status detected in C010. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
C011 |
Reset error 3 |
Monitoring time elapsed status detected in C020. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
Function block-specific status codes (no error)
DiagCode |
Name |
Description and output settings |
0000 |
Idle |
Function block is not active (initial state). Ready = FALSE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
8000 |
Safe mode |
Actuator is in the safe state. Ready = TRUE S_SafetyActive = SAFETRUE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
8401 |
Init |
The status is set to TRUE after Activate or after a rising trigger on Reset. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = TRUE Error = FALSE |
8802 |
Operation mode |
Operating mode without confirmation of safe mode. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFETRUE SafetyDemand = TRUE ResetRequest = FALSE Error = FALSE |
8804 |
Wait for confirmation OpMode |
Operating mode with confirmation of safe mode.. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFETRUE SafetyDemand = TRUE ResetRequest = FALSE Error = FALSE |
8002 |
Wait for Confirmation |
Waiting for confirmation from the drive (system interface). Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
8004 |
Wait for OpMode |
Error was removed. However, S_OpMode must be set to SAFETRUE or S_Acknowledge must become SAFETRUE before the function block can be resumed. Ready = TRUE S_SafetyActive = SAFEFALSE S_SafetyRequest = SAFEFALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |