• Home
• Funktionen/Funktionsbausteine - Referenz
• Safety FBs in PLCopen_SF_V2_00 Library
• SF_GuardLocking 2

SF_GuardLocking 2

Help version 2.0 / Issue date: 2024.04
The following description is valid for the function block SF_GuardLocking_V2_0z, Version 2.0z (where z = 0 to 9).

Short Description	The safety-related SF_GuardLocking 2 function block supports the monitoring of a guard with guard locking (door monitoring with a four-stage interlocking ‣ Verriegelungen gemäß DIN EN ISO 14119/14120 ×‣ Interlocking in Accordance with DIN EN ISO 14119/14120 × according to the DIN EN ISO 14119 standard). S_StartReset can be used to specify a start-up inhibit and S_AutoReset can be used to specify a restart inhibit. Hinweis All the safety-related switches used in your application must meet the requirements of the DIN EN ISO 14119 standard.
Block Icon
Inputs	Activate Short description Value State-controlled input for activating the function block. Data type: BOOL Initial value: FALSE FALSE: Function block inactive. TRUE: Function block activated. Refer to the topic "Activate" for details. S_Guard Short description Value State-controlled input for signaling open or closed safety equipment (e.g., by means of a position switch on the door). Data type: SAFEBOOL Initial value: SAFEFALSE SAFEFALSE: Safety equipment is open SAFETRUE: Safety equipment is closed Refer to the topic "S_Guard" for details. S_SafetyActive Short description Value State-controlled input for the status of the zone of operation. This input indicates whether the zone of operation is in the defined safe state. (Monitoring using standstill monitor, for example). Data type: SAFEBOOL Initial value: SAFEFALSE SAFEFALSE: The zone of operation signals the non-safe state SAFETRUE: The zone of operation signals the defined safe state Refer to the topic "S_SafetyActive" for details. S_GuardLock Short description Value State-controlled input for the status of the guard locking on the safety equipment. This input processes the feedback signal for locking/unlocking the safety equipment (single-channel or two-channel). Data type: SAFEBOOL Initial value: SAFEFALSE SAFEFALSE: The door is not locked. The safety equipment can be opened. SAFETRUE: The door is locked Refer to the topic "S_GuardLock" for details. UnlockRequest Short description Value State-controlled and edge-triggered input for the request signal to unlock the door (or the guard locking). Data type: BOOL Initial value: FALSE FALSE: No request to unlock the door Edge FALSE > TRUE: Request to unlock the door TRUE: The TRUE signal must be maintained for as long as the guard locking is unlocked via S_UnlockGuard (e.g., opening the safety equipment) Refer to the topic "UnlockRequest" for details. S_StartReset Short description Value State-controlled input for specifying the start-up inhibit after the Sicherheitssteuerung has been started up or the function block has been activated. An active start-up inhibit must be removed manually by means of a positive signal edge at the Reset input. A deactivated start-up inhibit causes the S_GuardLocked output to switch to SAFETRUE automatically when the function block is activated and the safety-related function is not requested. Data type: SAFEBOOL Initial value: SAFEFALSE SAFEFALSE: With start-up inhibit SAFETRUE: Without start-up inhibit WARNUNG Non-conformance to safety function requirements Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation. Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit. Verify that a suitable start-up inhibit is in place at another location or using other means. Refer to the topic "S_StartReset" for details. S_AutoReset Short description Value State-controlled input for specifying the restart inhibit after the safety equipment has been closed (S_Guard = SAFETRUE) and locked (S_GuardLock = SAFETRUE). Data type: SAFEBOOL Initial value: SAFEFALSE An active restart inhibit must be removed manually by means of a positive signal edge at the Reset input. A deactivated restart inhibit causes the S_GuardLocked output to switch to SAFETRUE automatically when the function block is activated and the safety-related function is no longer requested. SAFEFALSE: With restart inhibit SAFETRUE: Without restart inhibit WARNUNG Non-conformance to safety function requirements Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation. Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit. Verify that a suitable start-up inhibit is in place at another location or using other means. Refer to the topic "S_AutoReset" for details. Reset Short description Value Edge-triggered input for the reset signal: Resetting error messages when the cause of the error is no longer present. Manual resetting of an active start-up/restart inhibit (depending on which type(s) of inhibit the function block provides). Data type: BOOL Initial value: FALSE FALSE: Reset is not requested Edge FALSE > TRUE: Reset is requested Hinweis Resetting does not occur with a negative (falling) edge, as specified by standard EN ISO 13849-1, but with a positive (rising) edge. To implement the reset with a falling edge (with regard to the mandatory acceptance procedure), use the function block SF_Reset. Resetting the function block by means of a positive signal edge at the Reset input can cause the S_GuardLocked output to switch to SAFETRUE immediately (depending on the status of the other inputs). WARNUNG Unintended start-up Include in your risk analysis the impact of the reset by means of a positive signal edge at the Reset input. Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when resetting. Do not enter the zone of operation when resetting. Ensure that no other persons can access the zone of operation when resetting. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Refer to the topic "Reset" for details.
Outputs	Ready Short description Value Output for signaling "Function block activated/not activated". Data type: BOOL FALSE: Function block is not activated (Activate = FALSE) and all outputs of the function block are switched to FALSE/SAFEFALSE. TRUE: Function block is activated (Activate = TRUE) and the output parameters represent the state of the safety-related function. Refer to the topic "Ready" for details. S_GuardLocked Short description Value Output for enable signal of the function block. Data type: SAFEBOOL SAFEFALSE: Guard is open or closed but not locked or the function block is not activated or the start-up/restart inhibit is active or an error message is present.   SAFETRUE: Guard is closed and locked and function block is activated and the start-up/restart inhibit is not active and no error message is present. Refer to the topic "S_GuardLocked" for details. S_UnlockGuard Short description Value Output of the unlock signal for the guard locking on the safety equipment (used for controlling the coil on the door switch with guard locking). Data type: SAFEBOOL SAFEFALSE: Request to lock the guard locking (safety equipment is guarded) SAFETRUE: Request to unlock the guard locking (safety equipment is not guarded) Refer to the topic "S_UnlockGuard" for details. SafetyDemand Short description Value Output for signaling "safety-related function requested". This output displays whether the safety chain is interrupted and as a result, the attention of the operator is required. Data type: BOOL FALSE: Safety-related function is not requested. TRUE: The safety-related function is requested. Refer to the topic "SafetyDemand" for details. ResetRequest Short description Value Output for signaling "reset is required". This output indicates whether a reset by the operator is required. Data type: BOOL FALSE: No reset required. TRUE: A reset is required: to remove an active start-up or restart inhibit (if available for this function block) or to reset an error. Refer to the topic "ResetRequest" for details. Error Short description Value Output for error message. Data type: BOOL FALSE: No error is present. TRUE: The function block has detected an error. The S_GuardLocked and S_UnlockGuard outputs are switched to SAFEFALSE as a result. Refer to the topic "Error" for details. DiagCode Short description Value Output for diagnostic message. Data type: WORD Diagnostic message of the function block. The possible values are listed and described in the topic "Diagnostic codes". Refer to the topic "DiagCode" for details.
Detailed information	Signal sequence diagram The diagram below shows the signal sequence of a typical application, based on the following assumptions: S_StartReset = SAFEFALSE: Start-up inhibit after the function block has been activated and the Sicherheitssteuerung has started up. S_AutoReset = SAFEFALSE: Restart inhibit after the guard locking on the closed safety equipment has been locked (i.e., once the SAFETRUE signal has returned at the S_GuardLock input).   0 The function block is not yet activated (Activate = FALSE). As a result, all outputs are FALSE or SAFEFALSE. 1 Function block activated by Activate = TRUE. Even though the safety equipment is closed (S_Guard = SAFETRUE) and locked (S_GuardLock = SAFETRUE) and the zone of operation signals the defined safe state (S_SafetyActive = SAFETRUE), the S_GuardLocked output  = SAFEFALSE, as a start-up inhibit (S_StartReset = SAFEFALSE) is specified. 2 A positive edge at the Reset input removes the start-up inhibit and the S_GuardLocked output switches to SAFETRUE. The S_GuardLocked output remains SAFETRUE, although the S_SafetyActive input is SAFEFALSE for some time (zone of operation is temporarily no longer in the defined safe state). 3 The request to unlock the guard locking triggered by UnlockRequest = TRUE and the confirmation that the zone of operation is in the defined safe state again (S_SafetyActive = SAFETRUE) cause the S_GuardLocked output to switch to SAFEFALSE and the S_UnlockGuard output to SAFETRUE. The S_UnlockGuard output remains SAFETRUE for as long as the unlock request is present at the UnlockRequest input. 4 The safety equipment is opened (S_Guard and S_GuardLock both become SAFEFALSE) and closed again (S_Guard becomes SAFETRUE again), but not locked after closing (S_GuardLock remains SAFEFALSE). Therefore, the S_GuardLocked output remains SAFEFALSE. 5 The S_UnlockGuard output switches to SAFEFALSE, as input UnlockRequest is now also FALSE. The safety equipment is not yet locked (S_GuardLock is still SAFEFALSE). Hinweis The other signal sequence diagram can be taken into account. Application example: Single-channel connection of door switch and guard locking interlock This example describes the connection of a single-channel guard with lockable guard locking ‣ Verriegelungen gemäß DIN EN ISO 14119/14120 ×‣ Interlocking in Accordance with DIN EN ISO 14119/14120 × to the safety-related SF_GuardLocking 2 function block. A start-up inhibit and a restart inhibit are specified. In this example, the arrangement of the switch meets the requirements of DIN EN ISO 14119, Appendix F. The door switch and the contact for confirmation of locking have a single-channel connection to the inputs of the Sicherheitssteuerung. The coil for opening the interlock also has a single-channel connection to an output of the Sicherheitssteuerung. The sensors/actuators are connected to the Sicherheitssteuerung and function block as follows: The mechanically actuated position switch B1 (door switch) is connected to input terminal 1.1 of the safety-related input device PSDI 1. Its signal is assigned to the global I/O variable B1_GMON_In and connected to the S_Guard input of the function block. The guard locking feedback signal is connected to input terminal 3.1 of the safety-related PSDI 1 input device. Its signal is assigned to the global I/O variable K1_GLOC_In and connected to the S_GuardLock input of the function block. Button S2 is connected to input terminal 1.1 of the standard input device DI 1; the TRUE signal of this button triggers a request to unlock the door. The assigned global I/O variable S2_UREQ_In is connected to the UnlockRequest input of the function block. Reset button S3 is connected to the input terminal 3.1 of the standard input device DI 1. Its signal is assigned to the global I/O variable S3_Reset_GL and connected to the Reset input of the function block. The signal of this button is used to reset error states of the function block and to remove the start-up inhibit/restart inhibit (see below). The S_UnlockGuard output signal of the function block controls the coil for opening the interlock via the connected global I/O variable K1_ULOCK_Out. This coil K1 is connected to the output terminal 1.1 of the safety-related output device PSDO, which is in turn assigned to K1_ULOCK_Out. S_StartReset and S_AutoReset are both switched to SAFEFALSE, in other words: S_StartReset = SAFEFALSE: Start-up inhibit after the Sicherheitssteuerung has been started up and the function block has been activated. S_AutoReset = SAFEFALSE: Restart inhibit after the SAFETRUE signal has returned at the S_GuardLock input. Hinweis The "Machine stopped"' signal is connected to input S_SafetyActive of the SF_GuardLocking 2 function block; this signal originates from a standstill monitor, for example.   The enable output S_GuardLocked of the SF_GuardLocking 2 function block is directly connected to a global I/O variable or to an output terminal of the application via further safety-related functions/function blocks. Connect the S_GuardLocked enable output of the SF_GuardLocking 2 function block to the S_OutControl input of the SF_EDM function block, for example, thus implementing a two-channel output connection.   S1 Safety-related switch with guard locking, contains    - Door switch (B1), single-channel    - Lock monitoring of the guard locking (contact -K1) and    - Coil (K1) for opening the interlock (*1) Guard locking of S1: open (*2) Guard locking of S1: closed S2 Request to unlock the door S3 Reset button for resetting errors and removing an active start-up inhibit/restart inhibit S4 Button for stopping the machine. S4i Signal for stopping the machine. See note above the illustration. Function block instantiation The IEC 61131-3 standard defines function block instantiation. Instantiation means, a function block is defined once and can be used (instantiated) several times. This applies to all standard and safety-related FBs (local POUs as well as firmware and user library FBs). Why instantiation? A function block has an internal memory where it stores its own processing data (local variables). As a consequence, the output values calculated by the FB depend on the internally stored values. The same input values applied to an FB instance do not necessarily deliver the same results in another FB instance. Therefore, it is necessary to store the internal data of the FB to a separated memory area each time the function block is processed, i.e., for each FB instance. To uniquely identify each FB instance and to clearly separate its memory area, instance names are used. The instance name of a function block has to be declared in the 'Variables' table of the POU where the FB is going to be used. The following applies: Function blocks can be instantiated in other function blocks or in program POUs. Calling FBs in function POUs is not possible. Functions are called without instantiation because they do not have an internal memory. Safety-related and standard (non-safety-related) code is strictly distinguished in PLCnext Engineer. If a Safety PLC is included in your project, the following applies: Safety-related FBs can only be instantiated in safety-related POUs but not in standard (non-safety-related) POUs. User-defined standard FBs can only be instantiated in standard POUs. They cannot be called in safety-related POUs. Particular standard firmware FBs can be instantiated in both safety-related and standard POUs. Hinweis When inserting a standard FB into a safety-related SNOLD network, the rules for implicit type conversion (safety-related to standard) apply. Example for the instantiation of a safety-related PLCopen function block The safety-related PLCopen function block 'SF_EmergencyStop_V2_00' was inserted into the project via a library. It is then available in the 'Programming' category of the COMPONENTS area. There is a folder with the same name as the library that provides the FBs for insertion into the safety-related code. The FB is to be called twice in the code of the safety-related program 'S_Main' to evaluate the status of two safety-related emergency stop command devices. For each FB instance, an instance name is declared in the 'Variables' table of the calling program: EStop_M1 and EStop_M2. The FB instances have been inserted into the code worksheet, each instance with different variables connected to its input and output formal parameters.   Additional information is available in the following sections: Functional description Additional signal sequence diagrams Fault avoidance Implementation of safety requirements from applicable standards