dl-breadcrumbs__homedl-breadcrumb-item__separatorAC500-S safety PLCdl-breadcrumb-item__separatorSafety user manual V1.3.2dl-breadcrumb-item__separator...dl-breadcrumb-item__separatorConfiguration and programmingdl-breadcrumb-item__separatorAC500-S librariesdl-breadcrumb-item__separatorSafetyBase_PROFIsafe_LV210_AC500_V22.lib
dl-pagination__prev-inactivedl-pagination__prev-activedl-pagination__next-inactivedl-pagination__next-active
SafetyBase_PROFIsafe_LV210_AC500_V22.lib

This is the web edition of the original ‎⮫ AC500-S safety user manual, version 1.3.2. This web edition is provided for quick reference only. The original safety user manual must be used to meet functional safety application requirements.

This library includes a PROFIsafe stack implementation (PROFISAFESTACK POU), which is a main F-Host component.

NOTICE

NOTICE
NOTICE
NOTICE

NOTICE

NOTICE

When updating this library in existing projects, consider the following.

The use of library version V2.1.0 (or higher) results in a higher data memory load for each instantiated F-Submodule, compared to older versions of the library, e.g., V2.0.0.

NOTICE

NOTICE
NOTICE
NOTICE

NOTICE

NOTICE

Only for PROFIsafe communication according to PROFIsafe protocol version V2.4:

Loop-back check via bit 7 in status / control byte of PROFIsafe telegram is implemented, which means that no further considerations against systematic loop-back configuration errors shall be performed by end-users (refer to ‎⮫ www.profisafe.net for further details).

DANGER

DANGER
DANGER
DANGER

DANGER

DANGER

Not more than one communication error (CE_CRC or Host_CE_CRC output signals become equal to TRUE) per 100 hours is allowed to be acknowledged by the operator using OA_C input signal without consulting the responsible safety personnel (refer to ‎⮫ www.profisafe.net for further details).

04.06.058_PROFISAFESTACK

This function block represents a PROFIsafe F-Host instance to control and monitor the status of the given F-Device (safety I/O module, etc.)⮫ [2].

Supported features (relating on the GSDML definitions of the F-Devices):

NOTICE

NOTICE
NOTICE
NOTICE

NOTICE

NOTICE

Both features "Reaction on Device_Fault" and "Disable F-(Sub)Module" can be operated simultaneously.

Table 991: FB name: PROFISAFESTACK

Name

Data type

Initial value

Description, parameter values

VAR_INPUT

activate_FV_C

BOOL

FALSE

Command (= TRUE) to activate fail-safe values in F-Device or (= FALSE) for normal F-Device operation

OA_C

BOOL

FALSE

Command (= TRUE) for operator acknowledgment and resume of safety function by F-Device

iPar_EN_C

BOOL

FALSE

This variable TRUE allows a safety control program to switch the F-Device into a mode during which it will accept iParameters. This mode is not supported by AC500-S safety I/O modules (DI581-S, DX581-S, AI581-S) and safety CPUs SM560-S-FD-1 / SM560-S-FD-4

pIODesc

POINTER

NULL

Internal input parameter (internal use only!)

OAD_Nec_C

BOOL

FALSE

⮫ “Feature "Reaction on Device_Fault"”

Disable_C

BOOL

FALSE

⮫ “Feature "Disable F-(Sub)Module"”

VAR_OUTPUT

cons_nr_R

BOOL

FALSE

This parameter is for debugging purposes only.

It is set when the F-Device has reset its consecutive number counter in PROFIsafe communication⮫ [2].

Toggle_d

BOOL

FALSE

This parameter is for debugging purposes only.

It is a device-based toggle bit indicating a trigger to increment the virtual consecutive number within the F-Host⮫ [2].

FV_activated_S

BOOL

FALSE

With input devices this variable indicates if TRUE that the driver is delivering fail-safe values "0" to the F-Host program for every input value.

With output devices this variable indicates if TRUE that every output is set to fail-safe values "0" (default behavior) or F-Output device specific value controlled by the "activate_FV" signal⮫ [2].

OA_Req_S

BOOL

FALSE

This variable indicates a request for acknowledgment prior to the resumption of a safety function. In case the F-Host driver or F-Device detects a communication error or F-Device fault, fail-safe values will be activated. F-Device driver then sets the variable OA_Req_S (= TRUE) as soon as the fault/error has been eliminated and operator acknowledgment is possible. Once the acknowledgment occurred (OA_C = TRUE) the F-Device driver will reset the request variable OA_Req_S (= FALSE)⮫ [2].

WD_timeout

BOOL

FALSE

This parameter is for debugging purposes only.

It is set to TRUE if the F-Device is recognizing a communication failure, i.e. if the watchdog time in the F-Device is exceeded⮫ [2].

CE_CRC

BOOL

FALSE

This parameter is for debugging purposes only.

It is set if the F-Device is recognizing a communication failure, i.e. if the consecutive number is wrong (detected via CRC2 error in V2-mode) or the data integrity is violated (CRC error)⮫ [2].

Device_Fault

BOOL

FALSE

This parameter is set to TRUE if there is a malfunction in the F-Device (e.g., under- or overvoltage)⮫ [2].

If RIOforFA profile is active (F_Passivation = 1), Device_Fault is always FALSE⮫ RIOforFA profile”.

iPar_OK_S

BOOL

FALSE

This parameter is set to TRUE when F-Device has new parameter values assigned⮫ [2].

Host_CE_CRC

BOOL

FALSE

This parameter is for debugging purposes only.

This parameter is set to TRUE if communication fault (CRC error on F-Host side) occurred.

HostTimeout

BOOL

FALSE

This parameter is for debugging purposes only.

This parameter is set to TRUE if communication fault (timeout on F-Host side) occurred.

tResponseTimeMS

TIME

16#0000

This parameter is for debugging purposes only.

It represents the current response time for F-Device in ms. This value shall be smaller than the defined F_WD_Time parameter for the given F-Device. If not, then the passivation of the given F-Device will happen.

Disable_S

BOOL

FALSE

⮫ “Feature "Disable F-(Sub)Module"”

The FB instances for all F-Devices are automatically generated and can be found in safety project in Resources  Global Variables  PROFIsafe (Fig.488). These FB instances, as normal global variables, can be accessed by end-users from their safety application programs.

DANGER

DANGER
DANGER
DANGER

DANGER

DANGER

Avoid unintended behavior

Only valid if input OAD_NEC_C = FALSE.

To avoid unintended behavior, e.g., unintended restart of 3rd party PROFIsafe devices, pay special attention to the description of PROFIsafe Device_Fault bit in the safety user manual for those devices.

It is highly recommended to continuously supervise Device_Fault bit of 3rd party PROFIsafe actuator devices like valves, etc. to avoid unintended restart of those after, e.g., power failure. If Device_Fault = 1 is detected for such devices, then the safety application shall passivate the module with activate_FV_C = 1. The permission for restart (activate_FV_C = 0) shall be handled in the safety application using the functionality similar to that of FB SF_OutControl⮫ “SF_OutControl”.

Fig. 488: FB instances for F-Devices
04.06.059_FB instances for F-Devices.png

Note, that SafetyBase_PROFIsafe_LV210_AC500_V22.lib library also includes a number of internal POUs (GetWord, MappingIn, MappingOut and SMemCpy) related to safety I/O handling. These POUs are for internal use only!

  • RIOforFA profile
  • Feature "Reaction on Device_Fault"
  • Feature "Disable F-(Sub)Module"