Use case: Saving the status of a safety-related start-up inhibit beyond a Safety PLC restart

A pair of SF_RecipeWrite and SF_RecipeRead instances can be used to restore a startup inhibit in a safety-related application after a Safety PLC restart. This can be useful for applications in which an acknowledgement by a user is always required, even after a power down event of the Safety PLC.

Some safety-related PLCopen function blocks (e.g. SF_ESPE for evaluation of a light curtain) have an input formal parameter for setting a start inhibit after switching on the Safety PLC. For an active start inhibit, the value SAFEFALSE must be applied to the formal parameter S_StartReset.
If this input is controlled with a variable (instead of the SAFEFALSE literal), it must be ensured that after a restart of the Safety PLC following a safety request, the value at S_StartReset is SAFEFALSE and thus a manual acknowledgement is required to enable operation. This means, the status of the startup inhibit must outlast the Safety PLC reboot. Similarly, after a restart of the Safety PLC without a previous safety request, operation without manual confirmation must be possible.

Using recipe files, restoring the status of a startup inhibit could be implemented as follows:

The startup behavior of the application can be controlled via the S_StartReset formal parameter of a PLCopen function block.
In the safety application, the execution of a SF_RecipeWrite instance is triggered (at the CommandWrite input) by a state change of an enable signal. This could be, for example, the safety-related output signal of a PLCopen function block. Via this enable signal, the defined safe state is requested. This state change forces the SF_RecipeWrite FB to write the current state of the enable signal into the recipe file.
Example: The request of the safety function switches the enable signal of an SF_ESPE function block (S_ESPE_Out) to SAFEFALSE. This SAFEFALSE value is written to a recipe file and thus saved in the flash memory.
Then, a power down event of the Safety PLC follows.
When (re)starting the safety application, a SF_RecipeRead function block "restores" this value from the recipe file. The read value is then applied to the S_StartReset input of the corresponding PLCopen function block.
As the value represents the status of the safety function before the power down event, the state of the startup inhibit outlasts the restart of the Safety PLC.

In such a use case, it is recommended to activate the validation of the Safety PLC serial number (CheckSerialNumber of the RecipeRead FB = SAFETRUE).