Safety PLC Runtime Configuration

If a Safety PLC is included in your project, the standard (non-safety-related) controller and the Safety PLC are strictly separated. Each of it executes its own application, has its own global variables, and its own runtime configuration. Therefore, the Safety PLC is represented by a separate icon in the PLANT. Double-clicking this icon opens the safety-related editors.

This topic contains the following sections:

Safety Task

In contrast to the standard controller, the Safety PLC executes exactly one task in which exactly one program is instantiated which is always the safety-related program named S_Main. Both the safety-related task and the program instance are created automatically on insertion of a controller with a Safety PLC in the PLANT. The program instance can neither be deleted nor edited and only the task properties 'Interval (ms)' and 'Watchdog (ms)' can be modified (see second list item in section "Configuration steps..." below).

Note
Further safety-related programs can be created in the COMPONENTS area but they are not executed.

The safety-related task is triggered by the SafetyProxyTask which is an application of the standard PLCnext Technology controller. This means, the standard SafetyProxyTask triggers the execution of the Safety PLC and therefore of the safety-related task which is executed there.
The SafetyProxyTask is automatically created in the 'Tasks and Events' editor of the PLCnext Technology target when inserting a Safety PLC in the PLANT. The SafetyProxyTask cannot be edited or deleted.
For the SafetyProxyTask, no 'Program Type' can be selected. Instead, the task always executes the Safety Proxy application which triggers the execution of the Safety PLC.

Configuration steps for the Safety PLC runtime

The Safety PLC runtime configuration comprises the following steps.

Making sure that the S_Main program is available under 'COMPONENTS | Programming > Local > Programs' and contains the correct code. This program is instantiated by default and no other safety-related program can be instantiated additionally or instead.
Adjusting the execution interval as well as the watchdog time for the safety-related task, if required.
For that purpose, double-click the 'Safety PLC' PLANT node and open the 'Tasks and Events' editor. Edit the time value fields 'Interval (ms)' and 'Watchdog (ms)' of the 'SafetyTask' according to the results of your risk analysis.
When defining the values, observe the hazard message below this list.
Creating and editing global variables for the Safety PLC.
These may be variables of safety-related or standard (non-safety-related) data types.
Assigning (mapping) global/system variables of the Safety PLC to process data items (I/O terminals).
Assigning (mapping) standard global variables of the Safety PLC to global variables of the standard (non-safety-related) controller thus creating exchange variables. Exchange variables enable the communication between the Safety PLC and the standard controller.

WARNING

Non-conformance to safety function requirements

Verify that the time value set for the 'Interval (ms)' and 'Watchdog (ms)' of the SafetyTask correspond to your risk analysis.

Be sure that your risk analysis includes an evaluation for incorrectly setting the time values for the 'Interval (ms)' and 'Watchdog (ms)' of the SafetyTask.

Validate the overall safety-related function with regard to the set 'Interval (ms)' and 'Watchdog (ms)' value and thoroughly test the application.

'Safety PLC' PLANT node

Depending on the currently active mode, the 'Safety PLC' node appears different:

In programming mode, the 'Safety PLC' node can be doubled-clicked to edit the execution interval and the watchdog time of the SafetyTask.
Safety-related POU code worksheets and variables tables cannot be opened via the PLANT tree although the instances are visible below the task nodes. Double-clicking a program/FB instance in the PLANT opens the Data List of this instance in the editors area.
In monitoring mode or debug mode, you can directly open instance-related code worksheets by double-clicking a program/FB instance icon.
Refer to the topics "Monitoring the Safety PLC ‣ Monitoring/Debugging the Safety PLC
×‣ Monitoring Mode: Displaying Online Values
×" and "Debug Mode: Forcing/Overwriting".

Safety PLC runtime editors

The 'Safety PLC' node provides several editors for configuring the Safety PLC runtime.
Double-clicking the 'Safety PLC' node opens the following editors in the editors area:

Safety Cockpit for
- switching between simulation and real Safety PLC as target,
- writing and starting a project to the Safety PLC /simulation, and
- controlling the Safety PLC/simulation.
The commands in the Safety Cockpit are only available if a communication connection exists. See topic "Controlling the Safety Application from the 'Safety Cockpit'" for details.
Data List editor used to assign process data items and HMI tags to global variables and to create and edit global variables and HMI tags. The Safety PLC Data List contains the following data:
- All resource-global variables of the Safety PLC according to the IEC 61131-3 standard. These may be variables of both safety-related and standard (non-safety-related) data types. Safety-related variables are displayed with a yellow color marking. Variables of standard data types are shown without color marking.
- Variables of the standard PLC are listed in a separate column. The Safety PLC Data List shows all PLC variables that are already connected to a global standard variable of the Safety PLC.
  By assigning a standard variable of the Safety PLC to a variable of the standard PLC, an exchange variable is created. Refer to the topic "Role Mapping in Data Lists: I/O Variables and Exchange Variables" for details.
- All process data items (I/O terminals) that are already connected to a resource-global variable of the Safety PLC. This includes safety-related and standard process data items. Unconnected process data items can be selected and connected to a variable in the respective 'Select Process Data Item here' field.
- All HMI tags of all HMI pages in the project that are already connected to a global variable of the Safety PLC.
  
  Note
  In the Data List of the Safety PLC, HMI tags can only be created for exchange variables.
Refer to the "Data List-relating topics" ‣ Declaring Variables/FB Instances
×‣ Managing Declarations in Tables
×‣ Role Mapping in Data Lists: I/O Variables and Exchange Variables
×‣ HMI Tags Created From Controller Variables
× for details.