The following description is valid for the function block SF_EnableSwitch_V1_0z, Version 1.0z (where z = 0 to 9).
Short description
|
The safety-related SF_EnableSwitch function block evaluates the signals of a manually actuated three-stage enable switch (in accordance with EN 60204) in order to identify its switching stage and direction. The connected enable switch can be used to remove safeguarding, provided that the appropriate operating mode (e.g., limitation of the speed or range of motion) is selected and active. A restart inhibit can be specified via S_AutoReset. |
|
Connection and switching diagram
Connect the signals of the enable switch connected to the Safety Logic Controller to the inputs of the safety-related SF_EnableSwitch function block as follows:
|
|
Pressure point |
|
|
Forcibly guided contacts |
Connect the signal resulting from N/O contacts E1 and E2 of the enable switch to function block input S_EnableSwitchCh1. Connect the signal resulting from N/C contacts E3 and E4 to function block input S_EnableSwitchCh2. By means of this defined signal sequence of the contacts, the safety-related function block can detect the switching stage and the switching direction of the enable switch.
The used three-stage enable switch must support the switching sequence shown in the graphic below for its three switching stages. This sequence results in the signals also shown in the graphic at function block inputs S_EnableSwitchCh1 and S_EnableSwitchCh2.
NOTE:
The error state of the function block can only be exited if the cause of the error no longer exists. To leave the error state, release the enable switch to move it to switch position 1. If a restart inhibit has been set with S_AutoReset = SAFEFALSE, it must then be removed by pressing the reset button.
Function block inputs
Click the corresponding hyperlinks to obtain detailed information on the items below.
|
Name |
Short description |
Value |
|
State-controlled input for activating the function block. Data type: BOOL Initial value: FALSE |
|
|
|
State-controlled signal input for setting the selected operating mode to active (feedback signal, e.g., from safety-related SF_ModeSelector function block). Data type: SAFEBOOL Initial value: SAFEFALSE |
|
|
|
Input for the signal resulting from contacts E1 and E2 of the connected enable switch. Data type: SAFEBOOL Initial value: SAFEFALSE |
Possible values are: SAFETRUE or SAFEFALSE, depending on the switching stage (see diagram). |
|
|
Input for the signal resulting from contacts E3 and E4 of the connected enable switch. Data type: SAFEBOOL Initial value: SAFEFALSE |
Possible values are: SAFETRUE or SAFEFALSE, depending on the switching stage (see diagram). |
|
|
State-controlled input for specifying the restart inhibit after the connected enable switch has returned a valid signal sequence/combination at inputs S_EnableSwitchCh1 and/or S_EnableSwitchCh2. An active restart inhibit must be removed manually by a positive signal edge at the Reset input. A deactivated restart inhibit causes the S_EnableSwitchOut output to switch to SAFETRUE automatically when the function block is activated and the safety-related function is no longer requested. Refer to the first hazard message below this table. Data type: SAFEBOOL Initial value: SAFEFALSE |
|
|
|
Edge-triggered input for the reset signal:
Refer to the second hazard message below this table. Data type: BOOL Initial value: FALSE NOTE: Resetting does not occur with a negative (falling) edge, as specified by the EN ISO 13849-1 standard, but with a positive (rising) edge. |
|
WARNING
NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS
Be sure that your risk analysis includes an evaluation if the restart inhibit is deactivated (S_AutoReset = SAFETRUE).
Observe the regulations given by relevant sector standards regarding the restart inhibit.
Verify that a suitable start-up inhibit is in place at another location or using other means if the restart inhibit is deactivated by setting S_AutoReset = SAFETRUE.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Resetting the function block by means of a positive signal edge at the Reset input can cause the S_EnableSwitchOut output to switch to SAFETRUE immediately (depending on the status of the other inputs).
WARNING
UNINTENDED START-UP
Include in your risk analysis the impact of the reset by means of a positive signal edge at the Reset input.
Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when resetting.
Do not enter the zone of operation when resetting.
Ensure that no other persons can access the zone of operation when resetting.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Function block outputs
Click the corresponding hyperlinks to obtain detailed information on the items below.
|
Name |
Short description |
Value |
|
Output for signaling "Function block activated/not activated". Data type: BOOL |
|
|
|
Output for enable signal of the function block. Data type: SAFEBOOL |
|
|
|
Output for error message. Data type: BOOL Refer to the hazard message below this table. |
|
|
|
Output for diagnostic message. Data type: WORD |
Diagnostic message of the function block. The possible values are listed and described in the topic "Diagnostic codes". |
If you have not activated a restart inhibit (S_AutoReset = SAFETRUE), a manual reset does not have to be performed following error removal. In such cases, the error message is confirmed automatically once the error is removed.
WARNING
UNINTENDED START-UP
Include in your risk analysis the impact of removing the cause of an error with regard to the automatic reset and restart of the machine if the restart inhibit is deactivated (S_AutoReset = SAFETRUE).
Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when removing the source of an error if the restart inhibit is deactivated.
Do not enter the zone of operation when removing an error under this condition.
Ensure that no other persons can access the zone of operation when removing an error under this condition.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Signal sequence diagram
This diagram shows the signal curve for a typical application with a set restart inhibit after an invalid signal sequence (S_AutoReset = SAFEFALSE).
NOTE:
The signal sequence diagrams in this documentation possibly omit particular diagnostic codes. For example, a diagnostic code is possibly not shown if the related function block state is a temporary transition state and only active for one cycle of the Safety Logic Controller.
Only typical input signal combinations are illustrated. Other signal combinations are possible.
|
0 |
The function block is not yet activated (Activate = FALSE). As a result, all outputs are FALSE or SAFEFALSE. |
|
1 |
The function block is active (Activate = TRUE). Switching stage 1 is present (input S_EnableSwitchCh1 = SAFEFALSE, input S_EnableSwitchCh2 = SAFETRUE). The operating mode is not active (S_SafetyActive = SAFEFALSE). The S_EnableSwitchOut output thus remains in the defined safe state (SAFEFALSE). |
|
2 |
The operating mode is active (S_SafetyActive = SAFETRUE). |
|
3 |
Change from switching stage 1 to switching stage 2 (S_EnableSwitchCh1 and S_EnableSwitchCh2 = SAFETRUE); the S_EnableSwitchOut output becomes SAFETRUE. |
|
4 |
Change from switching stage 2 back to switching stage 1 (S_EnableSwitchCh1 becomes SAFEFALSE); the S_EnableSwitchOut output becomes SAFEFALSE. |
|
5 |
Change from switching stage 1 to switching stage 2 (S_EnableSwitchCh1 becomes SAFETRUE again). However, as the operating mode is no longer active (S_SafetyActive = SAFEFALSE), the S_EnableSwitchOut output remains SAFEFALSE. |
|
6 |
The operating mode is now active again and the function block initially expects switching stage 1. However, as switching stage 2 is present at this time (S_EnableSwitchCh1 and S_EnableSwitchCh2 = SAFETRUE), the Error output becomes TRUE. The positive edge at the Reset input is ignored, as the impermissible switching stage 2 is still present (S_EnableSwitchCh1 = SAFETRUE and S_EnableSwitchCh2 = SAFETRUE). |
|
7 |
Change to valid switching stage 1. However, the function block detects a static TRUE signal at the Reset input, so the Error output remains TRUE. |
|
8 |
While the valid switching stage 1 is present (S_EnableSwitchCh1 = SAFEFALSE and S_EnableSwitchCh2 = SAFETRUE), the static signal disappears from the Reset input. However, the error state (Error = TRUE) then has to be reset by a positive edge at the Reset input. |
|
9 |
The positive edge at the Reset input resets the Error output to FALSE and removes the restart inhibit. |
|
10 |
Change from switching stage 1 to switching stage 2 (S_EnableSwitchCh2 and S_EnableSwitchCh1 = SAFETRUE), the S_EnableSwitchOut output becomes SAFETRUE. |
|
11 |
Change from switching stage 2 to switching stage 3 (S_EnableSwitchCh1 and S_EnableSwitchCh2 = SAFEFALSE), the S_EnableSwitchOut output is SAFEFALSE. |
NOTE:
The other signal sequence diagram can be taken into account.
Application example
This example illustrates the typical connection of a three-stage enable switch S1 to the safety-related SF_EnableSwitch function block. The two signals resulting from the enable switch are connected to input terminals I0 and I1 of the safety-related input device SDI 1.
The signal of the safety-related input terminal I0 of the safety-related input device SDI 1 is assigned to the global I/O variable SwitchControl1_In. This global I/O variable is connected to the S_EnableSwitchCh1 input of the function block for evaluation.
Likewise, the following applies to the second channel of the enable switch: the signal of the safety-related input terminal I1 of the safety-related input device SDI 1 is assigned to the global I/O variable SwitchControl2_In. This global I/O variable is connected to the S_EnableSwitchCh2 input of the function block for evaluation.
The function block is perpetually activated by the TRUE constant at the Activate input.
A restart inhibit is set via S_AutoReset. This inhibit becomes active after a valid signal sequence returns at the function block inputs S_EnableSwitchCh1 and/or S_EnableSwitchCh2. The Reset button S2 for removing the restart inhibit is connected to input terminal NI0 of the standard input device DI 1.
NOTE:
In the example, the enable signal at the S_EnableSwitchOut output controls the removal of safeguarding. To this end, the S_EnableSwitchOut enable output is connected to other safety-related function blocks or functions.
|
S2 |
Reset |
|
|
See second note above the illustration. |
Further Information
The second application example and the accompanying notes can be taken into account.
Detailed information
Additional information is available in the following sections
