Details of the application example

In this chapter, a possible application is described of how the safety-related SF_SafetyRequest function block can be used to support a safety-related function request.

The function block must only be used in an actual application once a risk analysis has been conducted.

Details of the risk category/SIL/PL have not been included here, as classification is always based on the application in which the function block is used.

Note
The use of the function block alone is not sufficient to execute the safety-related function according to the Cat./SIL/PL determined by the risk analysis. In conjunction with the safety-related I/O device used, additional measures must be taken to meet the requirements of the safety-related function. These include, for example, the appropriate wiring and parameterization of the inputs and outputs as well as measures to exclude (design out) errors that cannot be detected. For additional information, please refer to the documentation provided with the safety-related I/O device used.

Note
Please refer to the notes in the User Manual on proper electrical connection of the Safety PLC and the extension modules (e.g., connecting the emergency-stop control device).

Connection of safety-related drive using two channels

This example shows the use of the SF_SafetyRequest function block when requesting the safety-related function "safely limited speed" (SLS).

The function blocks involved are perpetually activated by the TRUE constant at the Activate input.

The request of the safety-related function originates from the upstream function block SF_ModeSelector, which evaluates a connected three-stage mode selector switch. This is connected to the S_Mode0 to S_Mode2 inputs via three assigned global I/O variables. No lock for the selected operating mode as well as automatic switching of the operating mode is parameterized for SF_ModeSelector.

Connecting the safety-related SF_SafetyRequest function block:

The S_OpMode input of the SF_SafetyRequest function block is directly connected to the S_Mode0Sel enable signal of the upstream SF_ModeSelector function block. The request for the safety-related function (of the evaluated mode selector switch) is consequently the selection of the operating mode 0. In our example this is the commissioning or maintenance mode in which the drive is operated with safely limited speed.
The S_SafetyRequest output is connected to the global I/O variable SReq_SafePerph_2, which in turn is assigned to the output 1.1 of the safety-related output device PSDO 1. The safety-related drive module is connected to the output terminals 1.1 and 2.1 using two channels here.
The feedback signal for confirming the selected operating mode of the safety-related drive is connected as two-channel signal to the inputs 1.1 and 2.1 of the safety-related input device PSDI 1. The signal evaluated for equivalence by the safety-related input device is assigned to the global I/O variable SafePerph_Feedb and connected to the S_Acknowledge input of the SF_SafetyRequest function block for evaluation.
The S_SafetyActive enable output is connected to the S_SafetyActive input of the SF_EnableSwitch function block. If the requested safely limited speed is confirmed by the safety-related drive at the S_Acknowledge input within the time interval specified at MonitoringTime, S_SafetyActive switches to SAFETRUE and thus signals the defined safe mode to the subsequent SF_EnableSwitch function block.
A time value of 250 ms is set at MonitoringTime for the permitted time interval between request and confirmation of a safety-related function.
The SF_SafetyRequest function block provides a start-up inhibit and restart inhibit which cannot be deactivated. Both inhibits are only removed with a positive signal edge at the Reset input. To this end, the S1 reset button is connected to input 1.1 of the standard input device DI 1.

The subsequent function block SF_EnableSwitch evaluates the output signal S_SafetyActive of SF_SafetyRequest (status of the safety-related function). Its output S_EnableSwitchOut is assigned to the global I/O variable S_EnableSwitch_OutVar_3, which is further processed in the safety-related application and used to control the process.

Further Info
For more detailed information, please refer to the description of the corresponding safety-related function block.