dl-breadcrumbs__homedl-breadcrumb-item__separatorAC500-S safety PLCdl-breadcrumb-item__separatorSafety user manual V1.3.2dl-breadcrumb-item__separator...dl-breadcrumb-item__separatorConfiguration and programmingdl-breadcrumb-item__separatorAC500-S librariesdl-breadcrumb-item__separatorSafetyBlocks_PLCopen_LV200_AC500_v22.libdl-breadcrumb-item__separatorSF_OutControl
dl-pagination__prev-inactivedl-pagination__prev-activedl-pagination__next-inactivedl-pagination__next-active
SF_OutControl

This is the web edition of the original ‎⮫ AC500-S safety user manual, version 1.3.2. This web edition is provided for quick reference only. The original safety user manual must be used to meet functional safety application requirements.

Standards

Requirements

IEC 60204-1:2009

9.2.2: Stop functions: Stop function categories; category 0 - stopping by immediate removal of power to the machine actuators (i.e., an uncontrolled stop ...)

9.2.5.2: Start: The start of an operation shall be possible only when all of the relevant safety functions and/or protective measures are in place and are operational except for conditions as described in 9.2.4. Suitable interlocks shall be provided to secure correct sequential starting.

ISO 13849-1:2015

5.2.1 Safety-related stop function

A safety-related stop function (e.g., initiated by a safeguard) shall, as soon as necessary after actuation, put the machine in a safe state. Such a stop shall have priority over a stop for operational reasons.

5.2.3 Start/restart function

A restart shall take place automatically only if a hazardous situation cannot exist.

5.2.8 Fluctuations, loss and restoration of power sources

When fluctuations in energy levels outside the design operating range occur, including loss of energy supply, the SRP/CS shall continue to provide or initiate output signal(s) which will enable other parts of the machine system to maintain a safe state.

ISO 12100:2010

6.2.11.2 Starting of an internal power source/switching on an external power supply

6.2.11.4 Restart after power interruption

ISO 13849-1:2015

5.2.2 Manual reset function
SF_OutControl

Control of a safety output with a signal from the functional application and a safety signal with an optional startup inhibit.

The SF_OutControl FB is an output driver for a safety output.

The safety output is controlled via S_OutControl using a signal from the functional application (ProcessControl to control the process) and a signal from the safety application (S_SafeControl to control the safety function).

Optional conditions for process control (ProcessControl):

  • An additional function start (ProcessControl FALSE => TRUE) is required following block activation or feedback of the safe signal (S_SafeControl). A static TRUE signal at ProcessControl does not set S_OutControl to TRUE.

  • An additional function start (ProcessControl FALSE => TRUE) is not required following block activation or feedback of the safe signal (S_SafeControl). A static TRUE signal at ProcessControl sets S_OutControl to TRUE if the other conditions have been met.

Optional startup inhibits:

  • Startup inhibit after function block activation.

  • Startup inhibit after interruption of the protective device.

The StaticControl, S_StartReset and S_AutoReset inputs shall only be activated if it is ensured that no hazardous situation can occur when the PES is started.

Table 1057: FB name: SF_OutControl

Name

Data type

Initial value

Description, parameter values

VAR_INPUT

Activate

BOOL

FALSE

⮫ Table 992 “General input parameters”

S_SafeControl

BOOL

FALSE

Variable.

Control signal of the preceding safety FB.

Typical function block signals from the library (e.g., SF_EStop, SF_Guard, SF_TwoHandControlTypeII, and/or others).

FALSE: The preceding safety FBs are in safe state.

TRUE: The preceding safety FBs enable safety control.

ProcessControl

BOOL

FALSE

Variable or constant.

Control signal from the functional application.

FALSE: Request to set S_OutControl to FALSE.

TRUE: Request to set S_OutControl to TRUE.

StaticControl

BOOL

FALSE

Constant.

Optional conditions for process control.

FALSE: Dynamic change at ProcessControl (FALSE => TRUE) required after block activation or triggered safety function. Additional function start required.

TRUE: No dynamic change at ProcessControl (FALSE => TRUE) required after block activation or triggered safety function.

S_StartReset

BOOL

FALSE

⮫ Table 992 “General input parameters”

S_AutoReset

BOOL

FALSE

⮫ Table 992 “General input parameters”

Reset

BOOL

FALSE

⮫ Table 992 “General input parameters”

VAR_OUTPUT

Ready

BOOL

FALSE

⮫ Table 993 “General output parameters”

S_OutControl

BOOL

FALSE

Controls connected actuators.

FALSE: Disable connected actuators.

TRUE: Enable connected actuators.

SafetyDemand

BOOL

FALSE

Optional.

⮫ Table 993 “General output parameters”

ResetRequest

BOOL

FALSE

Optional.

⮫ Table 993 “General output parameters”

Error

BOOL

FALSE

⮫ Table 993 “General output parameters”

DiagCode

WORD

16#0000

⮫ Table 993 “General output parameters”

Typical timing diagrams

Fig. 525: Timing diagram for SF_OutControl: S_StartReset = FALSE
SF_OutControl_TimingDiagram_1
Fig. 526: Timing diagram for SF_OutControl: S_StartReset = TRUE
SF_OutControl_TimingDiagram_2

Error detection

The following conditions force a transition to the Error state:

  • Invalid static Reset signal in the process.

  • Invalid static ProcessControl signal.

  • ProcessControl and Reset are incorrectly interconnected due to programming error.

Error behavior

In the event of an error, the S_OutControl output is set to FALSE and remains in this safe state.

To leave the Reset, Init or Lock error states, the Reset input must be set to FALSE. To leave the control error state, the ProcessControl input must be set to FALSE.

After transition of S_SafeControl to TRUE, the optional startup inhibit can be reset by a rising edge at the Reset input.

After block activation, the optional startup inhibit can be reset by a rising edge at the Reset input.

Function block-specific error and status codes

Table 1058: FB-specific error codes

DiagCode

State name

State description and output setting

C001

Reset Error 1

Static Reset signal in state 8401.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = TRUE

C011

Reset Error 2

Static Reset signal in state 8404.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = TRUE

C010

Control Error

Static signal at ProcessControl in state 8006.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = TRUE

C020

Init Error

Simultaneous rising trigger at Reset and ProcessControl in state 8401.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = TRUE

C030

Lock Error

Simultaneous rising trigger at Reset and ProcessControl in state 8404.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = TRUE
Table 1059: FB-specific status codes (no error):

DiagCode

State name

State description and output setting

0000

Idle

The function block is not active (initial state).

Ready = FALSE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = FALSE

8401

Init

Block activation startup inhibit is active. Reset required.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = TRUE

Error = FALSE

8802

Safe

Triggered safety function.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = TRUE

ResetRequest = FALSE

Error = FALSE

8404

Lock

Safety function startup inhibit is active. Reset required.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = TRUE

Error = FALSE

8006

Output Disable

Process control is not active.

Ready = TRUE

S_OutControl = FALSE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = FALSE

8000

Output Enable

Process control is active and safety is enabled.

Ready = TRUE

S_OutControl = TRUE

SafetyDemand = FALSE

ResetRequest = FALSE

Error = FALSE