|
This is the web edition of the original ⮫ AC500-S safety user manual, version 1.3.2. This web edition is provided for quick reference only. The original safety user manual must be used to meet functional safety application requirements. |
Generic parameters and diagnostic codes of PLCopen Safety POUs are presented below.
|
Name |
Type |
Description |
|---|---|---|
|
Activate |
BOOL |
Variable or constant. Activation of the FB. Initial value is FALSE. This parameter can be connected to the variable, which represents the status (active or not active) of the relevant safety device. This ensures no irrelevant diagnostic information is generated if a device is disabled. If FALSE, all output variables are set to the initial values. If no device is connected, a static TRUE signal must be assigned. |
|
S_StartReset |
BOOL |
Variable or constant. FALSE (= initial value): Manual reset when PES is started (warm or cold). TRUE: Automatic reset when PES is started (warm or cold). This function shall only be activated if it is ensured that no hazard can occur at the start of the PES. Therefore, the use of the automatic circuit reset feature of the function blocks requires implementation of other system or application measures to ensure that unexpected (or unintended) start-up does not occur. |
|
S_AutoReset |
BOOL |
Variable or constant. FALSE (= initial value): Manual reset when emergency stop button is released. TRUE: Automatic reset when emergency stop button is released. This function shall only be activated if it is ensured that no restart of the machine can occur through release of the emergency stop button. Therefore the use of the Automatic Circuit Reset feature of the function blocks requires implementation of other system or application measures to ensure that unexpected (or unintended) restart of the machine does not occur. |
|
Reset |
BOOL |
Variable. Initial value is FALSE. Depending on the function, this input can be used for different purposes:
This function is only active on a signal change from FALSE to TRUE. A static TRUE signal causes no further actions, but may be detected as an error in some FBs. The appropriate meaning must be described in every FB. |
|
Name |
Type |
Description |
|---|---|---|
|
Ready |
BOOL |
If TRUE, indicates that the FB is activated and the output results are valid (same as the "POWER" LED of a safety relay). If FALSE, the FB is not active and the program is not executed. Useful in debug mode or to activate/deactivate additional FBs, as well as for further processing in the functional program. |
|
SafetyDemand |
BOOL |
Optional output indicating that the FB is active and the primary safety function is demanded (e.g., related to the safety functionality). Other safety related input parameters are not considered (e.g., SafetyActive and EDM). The safety loop is not closed and the safe state is demanded for the related safety output. There is no error. TRUE: Safety demand FALSE: No Safety demand |
|
ResetRequest |
BOOL |
Optional output which can be used to signal the operator to press the reset functionality to continue. TRUE: Reset requested FALSE: Reset not requested |
|
Error |
BOOL |
Error flag (same as "K1/K2" LED of a safety relay). When TRUE, indicates that an error has occurred, and the FB is in an error state. The relevant error state is mirrored at the DiagCode output. If FALSE, there is no error and the FB is in another state. This again is mirrored by DiagCode (this means that DiagCode must be set in the same cycle as the state change). Useful in debug mode as well as for further processing in the functional program. |
|
DiagCode |
WORD |
Diagnostic register. All states of the FB (active, not active and error) are represented by this register. This information is encoded in hexadecimal format in order to represent more than 16 codes. Only one consistent code is represented at the same time. In the event of multiple errors, the DiagCode output indicates the first detected error. ⮫ Table 994 “General diagnostic code ranges”⮫ Table 995 “System or device-specific codes”⮫ Table 996 “General diagnostic codes” Useful in debug mode as well as for further processing in the functional program. |
A transparent and unique diagnostic concept forms the basis of all function blocks. Thus, it is ensured, that, regardless of the supplier's implementation, uniform diagnostic information is available to the user in the form of DiagCode. If no error is present, the internal status of the function block (state machine) is indicated. An error is indicated via a binary output (error). Detailed information about internal or external function block errors can be obtained via DiagCode. The function block must be reset via the different reset inputs.
Suppliers may add additional interfaces via function blocks with supplier-specific diagnostic information.
|
DiagCode |
Description |
|---|---|
|
0000_0000_0000_0000bin |
The FB is not activated or safety CPU is halted. |
|
10xx_xxxx_xxxx_xxxxbin |
Shows that the activated FB is in an operational state without an error. x = FB-specific code. |
|
11xx_xxxx_xxxx_xxxxbin |
Shows that the activated FB is in an error state. x = FB-specific code. |
|
DiagCode |
Description |
|---|---|
|
0xxx_xxxx_xxxx_xxxxbin |
x = system or device-specific message. This information contains the diagnostic information for the system or device, and is mapped directly to the DiagCode output. (Note: 0000hex is reserved) |
For all function blocks the following DIAG codes will be used in order to make the evaluation in software easier and more straightforward coupled to the outputs SafetyDemand and ResetRequest.
|
DiagCode |
Description |
|---|---|
|
0000_0000_0000_0000bin 0000hex |
The FB is not activated. This code represents the Idle state. For a generic example, the I/O setting could be: Activate = FALSE S_In = FALSE or TRUE Ready = FALSE Error = FALSE S_Out = FALSE SafetyDemand = FALSE ResetRequest = FALSE |
|
1000_0000_0000_0000bin 8000hex |
The FB is activated without an error or any other condition that sets the safety output to FALSE. This is the default operational state where the S_Out safety output = TRUE in normal operation. For a generic example, the I/O setting could be: Activate = TRUE S_In = TRUE Ready = TRUE Error = FALSE S_Out = TRUE SafetyDemand = FALSE ResetRequest = FALSE |
|
1000_0100_0000_0001bin 8401hex |
An activation has been detected by the FB and the FB is now activated, but the S_Out safety output is set to FALSE. This code represents the Init state of the operational mode. For a generic example, the I/O setting could be: Activate = TRUE S_In = TRUE Ready = TRUE Error = FALSE S_Out = FALSE SafetyDemand = FALSE ResetRequest = TRUE |
|
1000_0100_0000_0001bin 8801hex |
An activation has been detected by the FB and the FB is now activated, but the S_Out safety output is set to FALSE. This code represents the Init state of the operational mode. For a generic example, the I/O setting could be: Activate = TRUE S_In = FALSE Ready = TRUE Error = FALSE S_Out = FALSE SafetyDemand = TRUE ResetRequest = FALSE |
|
1000_1000_0000_0010bin 8802hex |
The activated FB detects a safety demand, e.g., S_In = FALSE. The safety output is disabled. This is an operational state where the S_Out safety output = FALSE. For a generic example, the I/O setting could be: Activate = TRUE S_In = FALSE Ready = TRUE Error = FALSE S_Out = FALSE SafetyDemand = TRUE ResetRequest = FALSE Note: The detected safety demand refers to the states that are not IDLE or SAFESTATE. |
|
1000_0100_0000_0011bin 8403hex |
The safety output of the activated FB has been disabled by a safety demand. The safety demand is now withdrawn, but the safety output remains FALSE until a reset condition is detected. This is an operational state where the S_Out safety output = FALSE. For a generic example, the I/O setting could be: Activate = TRUE S_In = FALSE => TRUE (continuing with static TRUE) Ready = TRUE Error = FALSE S_Out = FALSE SafetyDemand = TRUE ==> FALSE ResetRequest = R |