'Safety Cockpit' Editor (Safety PLC)
The following information refers to a specific, typical device type. Your screen may differ.
This help topic describes the 'Safety Cockpit' editor of the 'Safety PLC' PLANT node.
The 'Safety Cockpit' editor displays diagnostic information and can be used to control the application via a toolbar. On the left side on the 'Safety Cockpit' page, several editor categories can be selected. These are described below in detail.
Note
The information shown in these categories is only available if a communication connection is established between PLCnext Engineer and the Safety PLC. For that purpose, click the following toolbar button in the 'Safety Cockpit' toolbar:
It is not necessary to be attached to the controller application (no
debug mode required). |
This topic contains the following sections:
Toolbar of the editor
Click here to show the toolbar description
| Toolbar button | Keyboard shortcut | Description |
| - | Establishes/disconnects a communication connection between PLCnext Engineer and the Safety PLC.While connected to the Safety PLC,
- you can write and start the project.
- the Safety Cockpit shows diagnostic information and the Safety PLC icon in the PLANT indicates the Safety PLC state.
- you can activate the monitoring mode to transfer online values from the Safety PLC.
- you can activate the debug mode to transfer online values from and debug commands to the Safety PLC.
Note
If the debug mode is active when disconnecting from the Safety PLC using the button, the Safety PLC will be stopped 10 minutes after the disconnection. |
|
 | - | Activates the monitoring mode of the Safety PLC by attaching PLCnext Engineer to the running safety-related application process on the safety-related controller.This command is available, if a communication connection exists between PLCnext Engineer and the Safety PLC (see first table line).Monitoring mode allows read-only access to the Safety PLC. Therefore, monitoring mode is considered as safety-related mode as the execution of the application cannot be influenced by debug commands.While monitoring mode is active,
|
 | - | Activates the debug mode of the Safety PLC by attaching PLCnext Engineer to the running safety-related application process on the safety-related controller.This command is available, if a communication connection exists between PLCnext Engineer and the Safety PLC (see first table line). Monitoring mode may be active or not.
Note
Debug mode allows write access to the Safety PLC (in contrast to monitoring mode). Therefore, debug mode is considered as non-safety-related mode as the execution of the application can be influenced by debug commands.
Observe the hazard message below this table. |
When starting or terminating the debug mode, a dialog appears where you have to confirm the operation.While debug mode is active:While the debug mode is active, the status bar shows a red dot  next to the entry 'Safety PLC: Debug Mode Active'. |
 | - | "All in one" command 'Write and Start'. The following is executed:
- Build of the machine-readable binaries (project image).If the build was successful:
- Connection to the Safety PLC is established.
- The project image (binaries) is written to the Safety PLC and stored as Boot Project in the Flash memory and in the RAM.The project image contains the application logic as machine-readable code and all relevant configuration/parameterization data of the project.
- Project sources are stored on the Safety PLC.
- Safety PLC is reset.
- Project execution is started automatically and the Safety PLC executes the safety-related application in Safe Run state.
- PLCnext Engineer automatically switches to monitoring mode (attaches to the running application process).
The application is ready for and .To execute the command, it is not necessary to be connected to the Safety PLC, monitoring/debug mode is not required and the Safety PLC may run. |
 | - | Executes a cold start on the Safety PLC. During a cold start all data are initialized.The command is only available while the Safety PLC is running and the is active. It switches the Safety PLC from the Debug Stop to Debug Run state. This is indicated by the Safety PLC icon in the PLANT and in the Safety Cockpit. |
 | - | Stops the program execution on the Safety PLC.
The command is only available while the Safety PLC is running and the is active.The Safety PLC enters the Debug Stop state. This is indicated by the Safety PLC icon in the PLANT and in the Safety Cockpit. |
 | - | Activates the halt mode of the Safety PLC.This command is available if the debug mode is active (see previous table row), i.e., the Safey PLC is one of the states Debug Run or Debug Stop.
Note
In the Debug Halt state and during single cycle operation, PLCnext Engineer displays a simulation in its online worksheets. No outputs are set on the Safety PLC or connected safety-related I/O devices. This means that the safety-related application does not function during single cycle operation.
Observe the hazard message below this table. |
The program execution is halted and the single cycle operation of the Safety PLC is possible (see next table row).To exit the Debug Halt state, click the Halt mode button again. The Safety PLC switches into the state from which Debug Halt was entered before. |
 | - | Instructs the Safety PLC to execute exactly one single program cycle and then wait for the next command (which is either a further single cycle or exiting the Debug Halt state).This command is available if the debug mode is active and the Safety PLC is in Debug Halt state (see previous table row).
Note
In single cycle operation, PLCnext Engineer displays a simulation in its online worksheets. No outputs are set on the Safety PLC or connected safety-related I/O devices. This means that the safety-related application does not function during single cycle operation.
Observe the hazard message below this table. |
|
 | - | The command is only available while you are logged on the Safety PLC.Opens the dialog 'Safety PLC Password Definition' where you can replace the current Safety PLC password by a new one. |
 | - | The command is only available while you are logged on the Safety PLC.Reads the error messages from the Safety PLC error stack and displays them in the editor page 'Safety PLC messages' of the Safety Cockpit.In case of a runtime error, the Safety PLC writes an entry to the error stack of the safety-related runtime (SafeOS). The 'Fail' LED on the 'Overview' page of the Safety Cockpit indicates that an error has occurred and that you can read the errors from the error stack and display them on the 'Safety PLC messages' editor page. |
 | - | The command is only available while you are logged on to the Safety PLC and the Safety PLC is in Stop state.Reads the log book of the Safety PLC and displays the messages on the page 'Safety PLC log messages' of the Safety Cockpit. In its log book, the Safety PLC records device-related events such as state changes, errors, and so on. |
 | - | The command is only available while you are logged on the Safety PLC.Reads the information on the C-Function libraries that contain loadable C-Functions used on the Safety PLC. After reading this information from the Safety PLC it is displayed in the Safety Cockpit category 'C-Function Libraries'. |
Unintended machine operation
- Prior to forcing/overwriting variables during runtime, make certain that suitable organizational measures (according to applicable sector standards) have been taken to avoid hazardous situations if the application logic functions in an unintended or incorrect way.
- Verify the impact of forcing or overwriting variables.
- Prior to executing single cycle operations in Debug Halt state, make certain that suitable organizational measures (according to applicable sector standards) have been taken to avoid hazardous situations as the safety-related application does not function.
- Do not enter the zone of operation while executing single cycle operations in Debug Halt state.
- Ensure that no other persons can access the zone of operation while executing single cycle operations in Debug Halt state.
- Observe the regulations given by relevant sector standards while the machine is running in any other operating mode than "operational".
- Use appropriate safety interlocks where personnel and/or equipment hazards exist.
|
'Overview'
| Editor section | Parameter/field | Meaning | Refresh interval |
| Diagnostics and status indicators | Status | Indicates the operational Safety PLC state. The state is also reflected by the Safety PLC icon in the PLANT. | 500 ms |
| Safety PLC messages
| Indicates whether the Safety PLC has written an entry to the error stack of the safety-related runtime (SafeOS). If 'Message present on error or warning stack' is shown, you can read the errors from the error stack and display them in the 'Safety PLC messages' page of the Safety Cockpit. Refer to the description below. | 500 ms |
| Signals forced | Indicates whether currently I/O variables are forced on the Safety PLC. Details can be found in the topic "Debugging Safety-Related Code: Forcing/Overwriting". | 500 ms |
| Safety PLC cycle time | Indicates the cycle time of the Safety PLC. | Once after connecting to the Safety PLC. |
| Program execution time | Time period needed from the beginning of one control cycle to the beginning of the next cycle and pure execution time needed to process the safety-related program code.Using these values and further information contained in the Safety PLC manual, you are able to calculate the
overall system response time (SFRT). | Once after connecting to the Safety PLC and after writing a safety-related project. |
| Utilization | Program memory | Indicates the program memory usage of the Safety PLC runtime of the device as a percentage value. The code of your safety-related application is stored in the program memory. This information is useful to prevent the planned safety-related application program from becoming too large for the available memory. | Once after connecting to the Safety PLC and after writing a safety-related project. |
| Data memory | Indicates the data memory usage of the Safety PLC runtime of the device as a percentage value. The safety-related application stores the data to be processed at runtime in the data memory, such as variables (user-defined variables and intermediate variables generated by the compiler) as well as the stack for FB calls.This information is useful to prevent the amount of data to be processed from becoming too large for the available memory. If necessary, you can reduce the number of variables, avoid unnecessarily large fields and structures etc. | Once after connecting to the Safety PLC and after writing a safety-related project. |
| Safety PLC project information | Name | Safety-related project currently stored on the Safety PLC. | Once after connecting to the Safety PLC and after writing a safety-related project. |
| Last build date | Time stamp of the project currently stored on the Safety PLC. (Representation acc. to the system locale set for your PC.) | 1 |
| Checksum | Checksum of the project currently stored on the Safety PLC. | 1 |
| User | User who has written the project to the Safety PLC. | 1 |
| Engineering project information | Name | Safety-related project currently open in PLCnext Engineer. | Once after opening the Cockpit and the after 'Save As...' command. |
| Last build date | Time stamp of the project currently open in PLCnext Engineer. (Representation acc. to the system locale set for your PC.) | Once after opening the Cockpit (only if a valid compiled project is available at that point of time) and after each successful project build. |
| Checksum | Checksum of the project currently open in PLCnext Engineer. | Once after opening the Cockpit and after each modification of safety-related data in the project. |
| User | User who is currently logged-on to Windows. | Once after opening the Cockpit |
| Version information
| Firmware version | Version number of the safety-related firmware of the connected Safety PLC. | Once after connecting to the Safety PLC. |
| Serial number | Serial number of the connected Safety PLC. | Once after connecting to the Safety PLC. |
'Safety PLC messages'
The 'Safety PLC messages' page lists the errors which have been read from the error stack of the Safety PLC.
In case of a runtime error, the Safety PLC writes an entry to the error stack of the safety-related runtime (SafeOS). The 'Safety PLC message' entry on the 'Overview' page of the Safety Cockpit indicates that an error has occurred and that you can read the errors from the error stack and display them here in the 'Safety PLC messages' editor.
While you are logged on to the Safety PLC, click the button on the Safety Cockpit toolbar to read the error stack and display the messages in the Safety Cockpit.
The help chapter "Error Messages of the Safety PLC" in the Error Catalog provides information on the possible error messages.
'Safety PLC log messages'
The 'Safety PLC log messages' editor page lists the entries which have been read from the log book of the Safety PLC. In the log book, the Safety PLC records device-related events such as state changes, errors, and so on.
While you are logged on to the Safety PLC and the Safety PLC is in Stop state, click the button on the Safety Cockpit toolbar to read the log book and display the messages.
'C Function Libraries'
This page shows the read information on loadable C-Functions which have been referenced as C-Function libraries in the current project.
While you are logged on to the Safety PLC, click the button on the Safety Cockpit toolbar to read the information on the C function libraries that contain loadable C functions from the Safety PLC.
