|
This is the web edition of the original ⮫ AC500-S safety user manual, version 1.3.2. This web edition is provided for quick reference only. The original safety user manual must be used to meet functional safety application requirements. |
|
Standards |
Requirements |
|---|---|
|
IEC 61496-1:2012 |
4.2.2.3 Particular requirements for a type 2 ESPE A type 2 ESPE shall have an means of periodic test to reveal a failure to danger (for example, loss of detection capability, response time exceeding that specified). The test shall be performed at power-on of the ESPE before going to the ON state and at each reset as a minimum. Note: Depending on the application, the periodic test may need to be performed more often to achieve a desired safety performance. A single fault resulting in the loss of detection capability or the increase in response time beyond the specified time or preventing one or more of the OSSDs going to the OFF state, shall result in a lock-out condition as a result of the next periodic test. Where the periodic test is intended to be initiated by an external (for example, machine) safety-related control system, the ESPE shall be provided with suitable input facilities (for example, terminals). The duration of the periodic test shall be such that the intended safety function is not impaired. Note: If the type 2 ESPE is intended for use as a trip device (for example, when used as a perimeter guard), and the duration of the periodic test is greater than 150 ms, it is possible for a person to pass through the detection zone without being detected. In this case, a restart interlock should be included. If the periodic test is automatically initiated, the correct functioning of the periodic test shall be monitored. In the event of a fault, the OSSD(s) shall be signalled to go to the OFF state. If one or more OSSDs do not go to the OFF state, a lock-out condition shall be initiated. An ESPE with only one OSSD shall have a minimum of one SSD (see clause A.4). |
|
ISO 13849-1:2015 |
5.2.2 Manual reset function |
|
ISO 12100-2:2010 |
6.2.11.4: Restart following power failure/spontaneous restart |
This function block detects, for example, the loss of the sensing unit detection capability, the response time exceeding that specified, and static ON signal in single-channel sensor systems. It can be used for external testable safety sensors (ESPE: electro-sensitive protective equipment, such as a light beam).
|
Name |
Data type |
Initial value |
Description, parameter values |
|---|---|---|---|
|
VAR_INPUT |
|||
|
Activate |
BOOL |
FALSE |
|
|
S_OSSD_In |
BOOL |
FALSE |
Variable. Status of sensor output, e.g., light curtain. FALSE: Safety sensor in test state or demand for safety-related response. TRUE: Sensor in the state for normal operating conditions. |
|
StartTest |
BOOL |
FALSE |
Variable. Input to start sensor test. Sets "S_TestOut" and starts the internal time monitoring function in the FB. FALSE: No test requested. TRUE: Test requested. |
|
NoExternalTest |
BOOL |
FALSE |
Constant. Indicates if external manual sensor test is supported. FALSE: The external manual sensor test is supported. Only after a complete manual sensor switching sequence, an automatic test is possible again after a faulty automatic sensor test. TRUE: The external manual sensor test is not supported. An automatic test is possible again without a manual sensor switching sequence after faulty automatic sensor test. |
|
S_StartReset |
BOOL |
FALSE |
|
|
S_AutoReset |
BOOL |
FALSE |
|
|
Reset |
BOOL |
FALSE |
|
|
TestTime |
TIME |
T#10ms |
Constant. Range: 0 ... 150ms. Test time of safety sensor. |
|
VAR_OUTPUT |
|||
|
Ready |
BOOL |
FALSE |
|
|
S_OSSD_Out |
BOOL |
FALSE |
Safety related output indicating the status of the ESPE. FALSE: The sensor has a safety-related action request or test error. TRUE: The sensor has no safety-related action request and no test error. |
|
S_TestOut |
BOOL |
TRUE |
Coupled with the test input of the sensor. FALSE: Test request issued. TRUE: No test request. |
|
TestPossible |
BOOL |
FALSE |
Feedback signal to the process. FALSE: An automatic sensor test is not possible. TRUE: An automatic sensor test is possible. |
|
TestExecuted |
BOOL |
FALSE |
A positive signal edge indicates the successful execution of the automatic sensor test. FALSE:
TRUE: A sensor test was executed successfully. |
|
SafetyDemand |
BOOL |
FALSE |
Optional. |
|
ResetRequest |
BOOL |
FALSE |
Optional. |
|
Error |
BOOL |
FALSE |
|
|
DiagCode |
WORD |
16#0000 |
|
Typical timing diagram
Error detection
The following conditions force a transition to the error state:
-
Test time overrun without delayed sensor feedback.
-
Test without sensor signal feedback.
-
Invalid static reset signal in the process.
-
Plausibility check of the monitoring time setting.
Error behavior
In the event of an error, the S_OSSD_Out output is set to FALSE and remains in this safe state.
Once the error has been removed and the sensor is on (S_OSSD_In = TRUE) - a reset removes the error state and sets the S_OSSD_Out output to TRUE.
If S_AutoReset = FALSE, a rising trigger is required at Reset.
After transition of S_OSSD_In to TRUE, the optional startup inhibit can be reset by a rising edge at the Reset input.
After block activation, the optional startup inhibit can be reset by a rising edge at the Reset input.
Function block-specific error and status codes
|
DiagCode |
State name |
State description and output setting |
|---|---|---|
|
C000 |
Parameter Error |
Invalid value at the TestTime parameter. Values between 0 ms and 150 ms are possible. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
C001 |
Reset Error 1 |
Static Reset condition detected after FB activation. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
C011 |
Reset Error 2 |
Static Reset condition detected in state 8402. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
C021 |
Reset Error 3 |
Static Reset condition detected in state Cx10. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
C031 |
Reset Error 4 |
Static Reset condition detected in state 8404. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
C041 |
Reset Error 5 |
Static Reset condition detected in state C000. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
C051 |
Reset Error 6 |
Static Reset condition detected in state 8406. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = TRUE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
Cx10 |
Test Error 1 |
Test time elapsed in state 8020 or 8030. IF S_OSSD_IN = TRUE AND NoExternalTest = TRUE THEN x = 4 ELSE x = 0; |
|
Output signals for x = 4 (C410): Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = TRUE Error = TRUE |
||
|
Output signals for x = 0 (C010): Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = TRUE |
|
DiagCode |
State name |
State description and output setting |
|---|---|---|
|
0000 |
Idle |
The function block is not active (initial state). Ready = FALSE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
|
8401 |
Init |
An activation has been detected by the FB. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = TRUE Error = FALSE |
|
8802 |
ESPE Interrupted 1 |
The FB has detected a safety demand. The switch has not been automatically tested yet. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = TRUE ResetRequest = FALSE Error = FALSE |
|
8402 |
Wait for Reset 1 |
Wait for rising trigger of Reset after state 8802. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = TRUE Error = FALSE |
|
8002 |
External Function Test |
The automatic sensor test was faulty. An external manual sensor test is necessary. The support for the necessary external manual sensor test has been activated at the FB (NoExternalTest = FALSE). A negative signal edge at the sensor is required. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
|
8804 |
ESPE Interrupted External Test |
The automatic sensor test was faulty. An external manual sensor test is necessary. The support for the necessary external manual sensor test has been activated at the FB (NoExternalTest = FALSE). A TRUE signal at the sensor is required. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = TRUE ResetRequest = FALSE Error = FALSE |
|
8404 |
End External Test |
The automatic sensor test was faulty. An external manual sensor test is necessary. The support for the necessary external manual sensor test has been activated at the FB (NoExternalTest = FALSE). The external manual test is complete. The FB detected a complete sensor switching cycle (externally controlled). Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = TRUE Error = FALSE |
|
8010 |
ESPE Free No Test |
The FB has not detected a safety demand. The sensor has not been tested automatically. Ready = TRUE S_OSSD_Out = TRUE S_TestOut = TRUE TestPossible = TRUE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
|
8806 |
ESPE Interrupted 2 |
The FB has detected a safety demand. The switch was automatically tested. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = TRUE SafetyDemand = TRUE ResetRequest = FALSE Error = FALSE |
|
8406 |
Wait for Reset 2 |
Wait for rising trigger of Reset after state 8806. Ready = TRUE S_OSSD_Out = FALSE S_TestOut = TRUE TestPossible = FALSE TestExecuted = TRUE SafetyDemand = FALSE ResetRequest = TRUE Error = FALSE |
|
8020 |
Test Request |
The automatic sensor test is active. Test Timer is started first time. The transmitter signal of the sensor is switched off by the FB. The signal of the receiver must follow the signal of the transmitter. Ready = TRUE S_OSSD_Out = TRUE S_TestOut = FALSE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
|
8030 |
Test Active |
The automatic sensor test is active. Test Timer is started second time. Timer 1 is stopped. The transmitter signal of the sensor is switched on by the FB. The signal of the receiver must follow the signal of the transmitter. Ready = TRUE S_OSSD_Out = TRUE S_TestOut = TRUE TestPossible = FALSE TestExecuted = FALSE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |
|
8000 |
ESPE Free Test ok |
The FB has not detected a safety demand. Timer 2 is stopped. The sensor was automatically tested. Ready = TRUE S_OSSD_Out = TRUE S_TestOut = TRUE TestPossible = TRUE TestExecuted = TRUE SafetyDemand = FALSE ResetRequest = FALSE Error = FALSE |