Functional description
The safety-related SF_SafetyRequest function block supports the function "Request of a safety-related function" in an application, for example safe stop or safely limited speed. The function block executes stop category 0 at its interface.
The function block serves as interface between the functional safety system (consisting of the Safety PLC and safety-related input/output modules) and the connected safety-related periphery:
- With the function block, the safety-related function can be requested in the connected safety-related periphery from the Safety PLC application.
- The response to the request of a safety-related function is monitored by the function block via a feedback signal from the safety-related periphery. Depending on this confirmation the safety-related function block controls its S_SafetyActive enable signal.
- This enable signal can be used for evaluating the state of the safety-related periphery by additional safety-related function blocks like for example SF_EnableSwitch or SF_GuardMonitoring.
Request of the safety-related function
The function block receives the request via the S_OpMode input for the connected safety-related periphery to execute or not execute a safety-related function.
If required, the input signal at S_OpMode can also originate directly from the connected periphery: If for example a connected emergency-stop control device is connected to the S_OpMode input, the safety-related SF_SafetyRequest function block takes over its evaluation instead of an upstream safety-related SF_EmergencyStop function block.
This request at the S_OpMode input is forwarded by the function block via the S_SafetyRequest output to the connected safety-related periphery.
The function block itself does not execute the safety-related function of the connected safety-related periphery. The safety-related periphery executes the safety-related function autonomously and independent of the function block. The function block just requests the safety-related function and confirms that it has received feedback from the periphery about the active safe state. Take suitable measures to ensure that there is no risk from the safety-related periphery when the safety-related periphery executes the safety-related function.
|
WARNING
|
Non-conformance to safety function requirements
|
Signaling: Safety-related function is executed
When the safety-related function is requested with input S_OpMode = SAFEFALSE and the connected safety-related periphery confirms its execution within the time interval parameterized at MonitoringTime (SAFETRUE at feedback input S_Acknowledge), the S_SafetyActive enable output switches to SAFETRUE.
If the confirmation message S_Acknowledge = SAFETRUE from the safety-related periphery does not occur within the time interval parameterized at MonitoringTime, the safety-related function block rates this as an error and switches S_SafetyActive = SAFEFALSE and Error = TRUE.
If the request for the safety-related function is removed at S_OpMode (SAFETRUE), the S_SafetyActive enable output switches to SAFEFALSE, even if the safety-related periphery still signals execution of the safety-related function at S_Acknowledge.
Start-up inhibit and restart inhibit are mandatory
A start-up inhibit and restart inhibit which cannot be deactivated are specified in the safety-related SF_SafetyRequest function block:
- The start-up inhibit is active after the Safety PLC has been started up or the function block has been activated.
- A restart inhibit is active after the error has been removed, i.e., once a valid combination of the input signals has returned.
Example: While the safety-related function is executed, the periphery switches S_Acknowledge to SAFEFALSE. Error switches to TRUE. Following the return of S_Acknowledge = SAFETRUE, the restart inhibit is active.
An active start-up inhibit/restart inhibit must be removed manually by a positive signal edge at the Reset input.