|
Short Description
| The safety-related SF_EnableSwitch function block evaluates the signals of a manually actuated three-stage enable switch (in accordance with IEC 60947-5-8) in order to identify its switching stage and direction.The connected enable switch can be used to remove safeguarding, provided that the appropriate operating mode (e.g., limitation of the speed or range of motion) is selected and active.
A restart inhibit can be specified via S_AutoReset. |
|
Block Icon
|  |
| Connection and switching diagram | Connect the signals of the enable switch connected to the Sicherheitssteuerung to the inputs of the safety-related SF_EnableSwitch function block as follows:
 | Pressure point |
 | Forcibly guided contacts |
Connect the signal resulting from N/O contacts E1 and E2 of the enable switch to function block input S_EnableSwitchCh1. Connect the signal resulting from N/C contacts E3 and E4 to function block input S_EnableSwitchCh2. By means of this defined signal sequence of the contacts, the safety-related function block can detect the switching stage and the switching direction of the enable switch. The used three-stage enable switch must support the switching sequence shown in the graphic below for its three switching stages. This sequence results in the signals also shown in the graphic at function block inputs S_EnableSwitchCh1 and S_EnableSwitchCh2.
Hinweis
The error state of the function block can only be exited if the cause of the error no longer exists. To leave the error state, release the enable switch to move it to switch position 1. If a restart inhibit has been set with S_AutoReset = SAFEFALSE, it must then be removed by pressing the reset button. |
|
|
Inputs
|  Activate
| Short description | Value |
State-controlled input for activating the function block. Data type: BOOL
Initial value: FALSE |
-
FALSE: Function block inactive.
-
TRUE: Function block activated.
|
Refer to the topic "Activate" for details.
S_SafetyActive
| Short description | Value |
State-controlled signal input for setting the selected operating mode to active (feedback signal, e.g., from safety-related SF_ModeSelector function block).Data type: SAFEBOOL
Initial value: SAFEFALSE |
-
SAFEFALSE: The selected operating mode is not active. The S_EnableSwitchOut output remains SAFEFALSE, irrespective of the other inputs.
-
SAFETRUE: The selected operating mode is active.
|
Refer to the topic "S_SafetyActive" for details.
S_EnableSwitchCh1
| Short description | Value |
Input for the signal resulting from contacts E1 and E2 of the connected enable switch.Data type: SAFEBOOL
Initial value: SAFEFALSE | Possible values are: SAFETRUE or SAFEFALSE, depending on the switching stage (see switching diagram above). |
Refer to the topic "S_EnableSwitchCh1" for details.
S_EnableSwitchCh2
| Short description | Value |
Input for the signal resulting from contacts E3 and E4 of the connected enable switch.Data type: SAFEBOOL
Initial value: SAFEFALSE | Possible values are: SAFETRUE or SAFEFALSE, depending on the switching stage (see switching diagram above). |
Refer to the topic "S_EnableSwitchCh2" for details.
S_AutoReset
| Short description | Value |
State-controlled input for specifying the restart inhibit after the connected enable switch has returned a valid signal sequence/combination at inputs S_EnableSwitchCh1 and/or S_EnableSwitchCh2.An active restart inhibit must be removed manually by a positive signal edge at the Reset input. A deactivated restart inhibit causes the S_EnableSwitchOut output to switch to SAFETRUE automatically when the function block is activated and the safety-related function is no longer requested.Refer to the first warning below this table.Data type: SAFEBOOL
Initial value: SAFEFALSE |
-
SAFEFALSE: With restart inhibit
-
SAFETRUE: Without restart inhibit
|
Non-conformance to safety function requirements
- Be sure that your risk analysis includes an evaluation if the restart inhibit is deactivated (S_AutoReset = SAFETRUE).
- Observe the regulations given by relevant sector standards regarding the restart inhibit.
- Verify that a suitable start-up inhibit is in place at another location or using other means if the restart inhibit is deactivated by setting S_AutoReset = SAFETRUE.
|
Refer to the topic "S_AutoReset" for details.
Reset
| Short description | Value |
Edge-triggered input for the reset signal:
- Resetting error messages when the cause of the error is no longer present.
- Manual resetting of an active start-up/restart inhibit (depending on which type(s) of inhibit the function block provides).
Data type: BOOL
Initial value: FALSE |
-
FALSE: Reset is not requested
- Edge FALSE > TRUE: Reset is requested
|
Hinweis
Resetting does not occur with a negative (falling) edge, as specified by standard EN ISO 13849-1, but with a positive (rising) edge.
To implement the reset with a falling edge (with regard to the mandatory acceptance procedure), use the function block SF_Reset. |
Resetting the function block by means of a positive signal edge at the Reset input can cause the S_EnableSwitchOut output to switch to SAFETRUE immediately (depending on the status of the other inputs).
Unintended start-up
- Include in your risk analysis the impact of the reset by means of a positive signal edge at the Reset input.
- Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when resetting.
- Do not enter the zone of operation when resetting.
- Ensure that no other persons can access the zone of operation when resetting.
- Use appropriate safety interlocks where personnel and/or equipment hazards exist.
|
Refer to the topic "Reset" for details.
|
|
Outputs
| Ready
| Short description | Value |
| Output for signaling "Function block activated/not activated".Data type: BOOL |
-
FALSE: Function block is not activated (Activate = FALSE) and all outputs of the function block are switched to FALSE/SAFEFALSE.
-
TRUE: Function block is activated (Activate = TRUE) and the output parameters represent the state of the safety-related function.
|
Refer to the topic "Ready" for details.
S_EnableSwitchOut
| Short description | Value |
| Output for enable signal of the function block.Data type: SAFEBOOL |
-
SAFEFALSE: No enable for removing safeguarding.
- The enable switch is not in switching stage 2
- or the function block is not activated
- or an error message is present
- or the operating mode is not active (S_SafetyActive = SAFEFALSE)
- or a restart inhibit is active.
-
SAFETRUE: Enable for removing safeguarding.
- The enable switch is in switching stage 2
- and the function block is activated
- and no error message is present
- and the operating mode is active (S_SafetyActive = SAFETRUE)
- and the restart inhibit is not active.
|
Refer to the topic "S_EnableSwitchOut" for details.
SafetyDemand
| Short description | Value |
Output for signaling "safety-related function requested".
This output displays whether the safety chain is interrupted and as a result, the attention of the operator is required. Data type: BOOL |
-
FALSE: Safety-related function is not requested.
-
TRUE: The safety-related function is requested.
|
Refer to the topic "SafetyDemand" for details.
ResetRequest
| Short description | Value |
Output for signaling "reset is required".
This output indicates whether a reset by the operator is required. Data type: BOOL |
-
FALSE: No reset required.
-
TRUE: A reset is required:
- to remove an active start-up or restart inhibit (if available for this function block)
-
or to reset an error.
|
Refer to the topic "ResetRequest" for details.
Error
| Short description | Value |
| Output for error message.Data type: BOOL |
-
FALSE: No error is present (that is to say, the FB is not in an error state) or the FB is not active.
-
TRUE: The function block has detected an error. The error state is shown at the DiagCode output.
|
Refer to the topic "Error" for details. If you have not activated a restart inhibit (S_AutoReset = SAFETRUE), a manual reset does not have to be performed following error removal. In such cases, the error message is confirmed automatically once the error is removed.
Unintended start-up
- Include in your risk analysis the impact of removing the cause of an error with regard to the automatic reset and restart of the machine if the restart inhibit is deactivated (S_AutoReset = SAFETRUE).
- Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when removing the source of an error if the restart inhibit is deactivated.
- Do not enter the zone of operation when removing an error under this condition.
- Ensure that no other persons can access the zone of operation when removing an error under this condition.
- Use appropriate safety interlocks where personnel and/or equipment hazards exist.
|
DiagCode
| Short description | Value |
| Output for diagnostic message.Data type: WORD | Diagnostic message of the function block.
The possible values are listed and described in the topic "Diagnostic codes". |
Refer to the topic "DiagCode" for details.
|
| Detailed information | Signal sequence diagram
This diagram shows the signal curve for a typical application with a set restart inhibit after an invalid signal sequence (S_AutoReset = SAFEFALSE).
| 0 | The function block is not yet activated (Activate = FALSE). As a result, all outputs are FALSE or SAFEFALSE. |
| 1 | The function block is active (Activate = TRUE). Switching stage 1 is present (input S_EnableSwitchCh1 = SAFEFALSE, input S_EnableSwitchCh2 = SAFETRUE). The operating mode is not active (S_SafetyActive = SAFEFALSE). The S_EnableSwitchOut output thus remains in the defined safe state (SAFEFALSE). |
| 2 | The operating mode is active (S_SafetyActive = SAFETRUE). |
| 3 | Change from switching stage 1 to switching stage 2 (S_EnableSwitchCh1 and S_EnableSwitchCh2 = SAFETRUE); the S_EnableSwitchOut output becomes SAFETRUE. |
| 4 | Change from switching stage 2 back to switching stage 1 (S_EnableSwitchCh1 becomes SAFEFALSE); the S_EnableSwitchOut output becomes SAFEFALSE. |
| 5 | Change from switching stage 1 to switching stage 2 (S_EnableSwitchCh1 becomes SAFETRUE again). However, as the operating mode is no longer active (S_SafetyActive = SAFEFALSE), the S_EnableSwitchOut output remains SAFEFALSE. |
| 6 | The operating mode is now active again and the function block initially expects switching stage 1. However, as switching stage 2 is present at this time (S_EnableSwitchCh1 and S_EnableSwitchCh2 = SAFETRUE), the Error output becomes TRUE.
The positive edge at the Reset input is ignored, as the impermissible switching stage 2 is still present (S_EnableSwitchCh1 = SAFETRUE and S_EnableSwitchCh2 = SAFETRUE). |
| 7 | Change to valid switching stage 1. However, the function block detects a static TRUE signal at the Reset input, so the Error output remains TRUE. |
| 8 | While the valid switching stage 1 is present (S_EnableSwitchCh1 = SAFEFALSE and S_EnableSwitchCh2 = SAFETRUE), the static signal disappears from the Reset input. However, the error state (Error = TRUE) then has to be reset by a positive edge at the Reset input. |
| 9 | The positive edge at the Reset input resets the Error output to FALSE and removes the restart inhibit. |
| 10 | Change from switching stage 1 to switching stage 2 (S_EnableSwitchCh2 and S_EnableSwitchCh1 = SAFETRUE), the S_EnableSwitchOut output becomes SAFETRUE. |
| 11 | Change from switching stage 2 to switching stage 3 (S_EnableSwitchCh1 and S_EnableSwitchCh2 = SAFEFALSE), the S_EnableSwitchOut output is SAFEFALSE. |
Application example
This example illustrates the typical connection of a three-stage enable switch S1 to the safety-related SF_EnableSwitch function block. The two signals resulting from the enable switch are connected to input terminals 1.1 and 2.1 of the safety-related input device PSDI 1.
- The signal of the safety-related input terminal 1.1 of the safety-related input device PSDI 1 is assigned to the global I/O variable SwitchControl1_In. This global I/O variable is connected to the S_EnableSwitchCh1 input of the function block for evaluation.
- Likewise, the following applies to the second channel of the enable switch: the signal of the safety-related input terminal 1.1 of the safety-related input device PSDI 1 is assigned to the global I/O variable SwitchControl2_In. This global I/O variable is connected to the S_EnableSwitchCh2 input of the function block for evaluation.
The function block is perpetually activated by the TRUE constant at the Activate input.
A restart inhibit is set via S_AutoReset. This inhibit becomes active after a valid signal sequence returns at the function block inputs S_EnableSwitchCh1 and/or S_EnableSwitchCh2. The Reset button S2 for removing the restart inhibit is connected to input terminal 1.1 of the standard input device DI 1.
Hinweis
Typically, you set the operating mode at input S_SafetyActive by means of a mode selector switch in conjunction with the safety-related SF_ModeSelector function block, as shown in the second application example. If it can be ensured that the operating mode is active without a confirmation, you can apply a constant SAFETRUE signal to input S_SafetyActive instead. |
Hinweis
In the example, the enable signal at the S_EnableSwitchOut output controls the removal of safeguarding. To this end, the S_EnableSwitchOut enable output is connected to other safety-related function blocks or functions. |
| S2 | Reset |
 | See second note above the illustration. |
Function block instantiation
The IEC 61131-3 standard defines function block instantiation. Instantiation means, a function block is defined once and can be used (instantiated) several times. This applies to all standard and safety-related FBs (local POUs as well as firmware and user library FBs).
Why instantiation?
A function block has an internal memory where it stores its own processing data (local variables). As a consequence, the output values calculated by the FB depend on the internally stored values. The same input values applied to an FB instance do not necessarily deliver the same results in another FB instance.
Therefore, it is necessary to store the internal data of the FB to a separated memory area each time the function block is processed, i.e., for each FB instance. To uniquely identify each FB instance and to clearly separate its memory area, instance names are used. The instance name of a function block has to be declared in the 'Variables' table of the POU where the FB is going to be used.
The following applies:
- Function blocks can be instantiated in other function blocks or in program POUs. Calling FBs in function POUs is not possible.
- Functions are called without instantiation because they do not have an internal memory.
Safety-related and standard (non-safety-related) code is strictly distinguished in PLCnext Engineer. If a Safety PLC is included in your project, the following applies:
- Safety-related FBs can only be instantiated in safety-related POUs but not in standard (non-safety-related) POUs.
- User-defined standard FBs can only be instantiated in standard POUs. They cannot be called in safety-related POUs.
- Particular standard firmware FBs can be instantiated in both safety-related and standard POUs.
Hinweis
When inserting a standard FB into a safety-related SNOLD network, the rules for implicit type conversion (safety-related to standard) apply. |
Example for the instantiation of a safety-related PLCopen function block
The safety-related PLCopen function block 'SF_EmergencyStop_V2_00' was inserted into the project via a library. It is then available in the 'Programming' category of the COMPONENTS area. There is a folder with the same name as the library that provides the FBs for insertion into the safety-related code.
The FB is to be called twice in the code of the safety-related program 'S_Main' to evaluate the status of two safety-related emergency stop command devices. For each FB instance, an instance name is declared in the 'Variables' table of the calling program: EStop_M1 and EStop_M2. The FB instances have been inserted into the code worksheet, each instance with different variables connected to its input and output formal parameters.
Additional information is available in the following sections:
|