SF_Equivalent
Help version 2.0 / Issue date: 2024.03
The following description is valid for the function block SF_Equivalent_V2_0z, Version 2.0z (where z = 0 to 9).
|
Short Description
| The safety-related SF_Equivalent function block monitors the signals of two safety-related input terminals for the same signal states. Typically, these signals come from two-channel sensors or switches such as an emergency-stop control device.The enable signal S_EquivalentOut becomes SAFETRUE when the function block is activated, has not detected an error and the S_ChannelA and S_ChannelB inputs both show the SAFETRUE state within the time set at DiscrepancyTime.For this to happen, the function block must be activated (Activate = TRUE) and it must not have detected any errors (Error = FALSE).
Note
Always connect both inputs to either N/C contacts or N/O contacts. |
|
|
Block Icon
|  |
|
Inputs
|  Activate
| Short description | Value |
State-controlled input for activating the function block. Data type: BOOL
Initial value: FALSE |
-
FALSE: Function block inactive.
-
TRUE: Function block activated.
|
Refer to the topic "Activate" for details.
S_ChannelA
| Short description | Value |
State-controlled input for the A channel of the connected two-channel switch or sensor.Data type: SAFEBOOL
Initial value: SAFEFALSE |
-
SAFEFALSE: Request to switch S_EquivalentOut to SAFEFALSE.
-
SAFETRUE: Request to switch S_EquivalentOut to SAFETRUE.
|
Refer to the topic "S_ChannelA" for details.
S_ChannelB
| Short description | Value |
State-controlled input for the B channel of the connected two-channel switch or sensor.Data type: SAFEBOOL
Initial value: SAFEFALSE |
-
SAFEFALSE: Request to switch S_EquivalentOut to SAFEFALSE.
-
SAFETRUE: Request to switch S_EquivalentOut to SAFETRUE.
|
Refer to the topic "S_ChannelB" for details.
DiscrepancyTime
| Short description | Value |
Input for specifying the maximum permissible discrepancy time in seconds. During this discrepancy time the signals at S_ChannelA und S_ChannelB may switch differently.Data type: TIME
Initial value: #0msThe discrepancy time is exceeded if different states are present at the inputs once the set duration has elapsed. This results in an error message (if output Error = TRUE, output S_EquivalentOut = SAFEFALSE). | Enter a time value according to your risk analysis.Refer to the warning below this table. |
Non-conformance to safety function requirements
- Verify that the time value set at DiscrepancyTime corresponds to your risk analysis.
- Be sure that your risk analysis includes an evaluation for incorrectly setting the time value at the DiscrepancyTime parameter.
- Validate the overall safety-related function with regard to the set DiscrepancyTime value and thoroughly test the application.
|
Refer to the topic "DiscrepancyTime" for details.
|
|
Outputs
| Ready
| Short description | Value |
| Output for signaling "Function block activated/not activated".Data type: BOOL |
-
FALSE: Function block is not activated (Activate = FALSE) and all outputs of the function block are switched to FALSE/SAFEFALSE.
-
TRUE: Function block is activated (Activate = TRUE) and the output parameters represent the state of the safety-related function.
|
Refer to the topic "Ready" for details.
S_EquivalentOut
| Short description | Value |
| Output for enable signal of the function block.Data type: SAFEBOOLRefer to the warning below this table. |
-
SAFEFALSE:
- At least one input shows the state SAFEFALSE
-
or the function block has detected an error
-
or the function block is not activated.
-
SAFETRUE:
- The function block is activated
-
and both inputs show the state SAFETRUE
-
and the function block has not detected an error.
|
The function block supports a safety-related monitoring function but not a safety-related control function.
Unintended machine operation
- Verify that the S_EquivalentOut enable signal does not directly control the safety process.
- Validate the overall safety-related function, including the start-up behavior of the process, and thoroughly test the application.
|
Refer to the topic "S_EquivalentOut" for details.
SafetyDemand
| Short description | Value |
Output for signaling "safety-related function requested".
This output displays whether the safety chain is interrupted and as a result, the attention of the operator is required. Data type: BOOL |
-
FALSE: Safety-related function is not requested.
-
TRUE: The safety-related function is requested.
|
Refer to the topic "SafetyDemand" for details.
Error
| Short description | Value |
| Output for error message.Data type: BOOL |
-
FALSE: No error is present (that is to say, the FB is not in an error state) or the FB is not active.
-
TRUE: The function block has detected an error. The error state is shown at the DiagCode output.
|
Refer to the topic "Error" for details.
DiagCode
| Short description | Value |
| Output for diagnostic message.Data type: WORD | Diagnostic message of the function block.
The possible values are listed and described in the topic "Diagnostic codes". |
Refer to the topic "DiagCode" for details.
|
| Detailed information | Signal sequence diagram
The example below shows the signal curve which occurs if both inputs switch to SAFETRUE or SAFEFALSE within the discrepancy time.
| 0 | The function block is not yet activated (Activate = FALSE). As a result, all outputs are FALSE or SAFEFALSE. |
| 1 | Function block activation (Activate = TRUE) during which SAFEFALSE is present at both the S_ChannelA and S_ChannelB inputs. |
| 2 | S_ChannelA switches to SAFETRUE. When the state of an input switches, the discrepancy time measurement starts. |
| 3 | S_EquivalentOut switches to SAFETRUE as both inputs (S_ChannelA and S_ChannelB) switch from SAFEFALSE to SAFETRUE within the time set at DiscrepancyTime. |
| 4 | S_EquivalentOut switches to SAFEFALSE, as S_ChannelB switches to SAFEFALSE. The discrepancy time measurement starts when the state at S_ChannelB modifies. |
| 5 | S_EquivalentOut remains SAFEFALSE and Error FALSE, as input S_ChannelA switches to SAFEFALSE during the discrepancy time. |
| 6 | The discrepancy time measurement starts when the state at S_ChannelB modifies again. |
| 7 | S_EquivalentOut switches to SAFETRUE as both inputs (S_ChannelA and S_ChannelB) switch from SAFEFALSE to SAFETRUE within the time set at DiscrepancyTime. |
| 8 | S_EquivalentOut switches to SAFEFALSE, as S_ChannelA switches to SAFEFALSE. The discrepancy time measurement starts when the state at S_ChannelA modifies.
S_EquivalentOut remains SAFEFALSE, as S_ChannelB also switches to SAFEFALSE within the time set at DiscrepancyTime. |
Application example
This example illustrates two-channel control of the safety-related SF_EmergencyStop function block with the help of the safety-related SF_Equivalent function block. The emergency-stop control device is connected to the inputs 1.1 and 2.1 of the safety-related input device PSDI with an ID of 1.
The N/C contacts of the emergency-stop control device are connected to the safety-related SF_Equivalent function block for evaluation purposes. The S_EquivalentOut enable signal of the SF_Equivalent function block resulting from this is connected to the safety-related SF_EmergencyStop function block for further evaluation.
Note
The enable output S_EStopOut of the SF_EmergencyStop function block is directly connected to a global I/O variable or to an output terminal of the application via additional safety-related functions/function blocks.
Connect the S_EStopOut enable output of the SF_EmergencyStop function block to the S_OutControl input of the SF_EDM function block, for example, thus implementing a two-channel output connection. |
| S1 | Emergency-stop |
| S2 | Reset |
 | See note above the illustration |
Function block instantiation
The IEC 61131-3 standard defines function block instantiation. Instantiation means, a function block is defined once and can be used (instantiated) several times. This applies to all standard and safety-related FBs (local POUs as well as firmware and user library FBs).
Why instantiation?
A function block has an internal memory where it stores its own processing data (local variables). As a consequence, the output values calculated by the FB depend on the internally stored values. The same input values applied to an FB instance do not necessarily deliver the same results in another FB instance.
Therefore, it is necessary to store the internal data of the FB to a separated memory area each time the function block is processed, i.e., for each FB instance. To uniquely identify each FB instance and to clearly separate its memory area, instance names are used. The instance name of a function block has to be declared in the 'Variables' table of the POU where the FB is going to be used.
The following applies:
- Function blocks can be instantiated in other function blocks or in program POUs. Calling FBs in function POUs is not possible.
- Functions are called without instantiation because they do not have an internal memory.
Safety-related and standard (non-safety-related) code is strictly distinguished in PLCnext Engineer. If a Safety PLC is included in your project, the following applies:
- Safety-related FBs can only be instantiated in safety-related POUs but not in standard (non-safety-related) POUs.
- User-defined standard FBs can only be instantiated in standard POUs. They cannot be called in safety-related POUs.
- Particular standard firmware FBs can be instantiated in both safety-related and standard POUs.
Note
When inserting a standard FB into a safety-related SNOLD network, the rules for implicit type conversion (safety-related to standard) apply. |
Example for the instantiation of a safety-related PLCopen function block
The safety-related PLCopen function block 'SF_EmergencyStop_V2_00' was inserted into the project via a library. It is then available in the 'Programming' category of the COMPONENTS area. There is a folder with the same name as the library that provides the FBs for insertion into the safety-related code.
The FB is to be called twice in the code of the safety-related program 'S_Main' to evaluate the status of two safety-related emergency stop command devices. For each FB instance, an instance name is declared in the 'Variables' table of the calling program: EStop_M1 and EStop_M2. The FB instances have been inserted into the code worksheet, each instance with different variables connected to its input and output formal parameters.
Additional information is available in the following sections:
|