SF_OutControl

 

 

The following description is valid for the function block SF_OutCon­trl_V1_0z, Version 1.0z (where z = 0 to 9).

Short description

The safety-related SF_OutControl function block controls the output of a safety-related device. The safety-related output is controlled depending on a signal from the standard controller (operation start/stop) and a safety-related signal (monitoring of a safety-related function, e.g., emergency-stop).

S_StartReset can be used to specify a start-up inhibit and S_AutoReset can be used to specify a restart inhibit. Both inhibits refer to the start or restart of the Safety Logic Controller or safety-related function.

Furthermore, the StaticControl input enables the specification of an additionally required operation stop of the standard controller with requested safety-related function and before activating the function block.

OutControl_ico_editor.png

Function block inputs

Click the corresponding hyperlinks to obtain detailed information on the items below.

Name

Short description

Value

Activate

State-controlled  input for activating the function block.

Data type: BOOL

Initial value: FALSE

  • FALSE: Function block inactive

  • TRUE: Function block activated

S_SafeControl

State-controlled  input for the status of the upstream safety-related function.

Data type: SAFEBOOL

Initial value: SAFEFALSE

  • SAFEFALSE: Upstream safety-related func­tion triggered

  • SAFETRUE: Upstream safety-related func­tion not triggered

ProcessControl

State-controlled  input (if input StaticControl = TRUE) or edge-triggered input (if input StaticControl = FALSE) which evaluates the request of the process coming from the standard controller.

Data type: BOOL

Initial value: FALSE

  • FALSE: Request to switch the enable output S_OutControl to SAFEFALSE

  • TRUE: Request to switch the enable output S_OutControl to SAFETRUE

  • Edge FALSE > TRUE: A positive signal edge represents a start of operation in the stan­dard controller

StaticControl

Specification of an additionally required operation stop with triggered safety-related function and/or before function block activation.

Data type: BOOL

Initial value: FALSE

  • FALSE: Additional operation stop required

  • TRUE: No additional operation stop required

S_StartReset

State-controlled  input for specifying the start-up inhibit after the Safety Logic Controller has been started up or the function block has been activated.

An active start-up inhibit must be removed manually by means of a positive signal edge at the Reset input. A deactivated start-up inhibit causes the S_OutControl output to automatically switch to SAFETRUE if the function block is enabled and the safety-related function is not requested and the request from the standard controller is signaled at the ProcessControl input.

Data type: SAFEBOOL

Initial value: SAFEFALSE

Refer to the first hazard message below this table.

  • SAFEFALSE: With start-up inhibit

  • SAFETRUE: Without start-up inhibit

S_AutoReset

State-controlled  input for specifying the restart inhibit after the SAFETRUE signal has returned at the S_SafeControl input.

An active restart inhibit must be removed manually by means of a positive signal edge at the Reset input. A deactivated restart inhibit causes the S_OutControl output to automatically switch to SAFETRUE if the function block is enabled and the safety-related function is not requested and the request from the standard controller is signaled at the ProcessControl input.

Data type: SAFEBOOL

Initial value: SAFEFALSE

Refer to the first hazard message below this table.

  • SAFEFALSE: With restart inhibit

  • SAFETRUE: Without restart inhibit

Reset

Edge-triggered  input for the reset signal:

  • Resetting error messages when the cause of the error is no longer present.

  • Manual resetting of an active start-up/restart inhibit (specified by S_Star­tReset and/or S_Au­toReset).

Data type: BOOL

Initial value: FALSE

NOTE:

Resetting does not occur with a negative (falling) edge, as specified by standard EN ISO 13849-1, but with a posi­tive (rising) edge.

Refer to the second hazard message below this table.

  • FALSE: Reset is not requested

  • Edge FALSE > TRUE: Reset is requested

The start-up inhibit and/or restart inhibit must only be deactivated if it is certain that starting up/restarting the machine/system will not lead to a hazardous situation or that a suitable start-up/restart inhibit is in place at another location or using other means.

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIRE­MENTS

  • Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation.

  • Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit.

  • Verify that a suitable start-up inhibit is in place at another location or using other means.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Resetting the function block by means of a positive signal edge at the Reset input can cause the S_OutControl output to switch to SAFETRUE immediately (depending on the status of the other inputs).

WARNING

UNINTENDED START-UP

  • Include in your risk analysis the impact of the reset by means of a positive signal edge at the Reset input.

  • Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when resetting.

  • Do not enter the zone of operation when resetting.

  • Ensure that no other persons can access the zone of operation when resetting.

  • Use appropriate safety interlocks where personnel and/or equip­ment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Function block outputs

Click the corresponding hyperlinks to obtain detailed information on the items below.

Name

Short description

Value

Ready

Output for signaling "Function block activated/not activated".

Data type: BOOL

  • FALSE: Function block is not activated (Activate = FALSE) and all outputs of the function block are switched to FALSE/SAFE­FALSE.

  • TRUE: Function block is activated (Activate = TRUE) and the output parameters repre­sent the state of the safety-related func­tion.

S_OutControl

Output for enable signal of the function block.

Data type: SAFEBOOL

  • SAFEFALSE:

    • Function block not activated (Activate = FALSE)

    • or an upstream trig­gered safety-related function was detected by the func­tion block (S_Safe­Control = SAFEFALSE)

    • or a start-up/restart inhibit is active

    • or an operation stop is requested at ProcessControl (FALSE) from the standard controller

    • or an error has been detected.

  • SAFETRUE:

    • Function block is activated (Activate = TRUE)

    • and the function block did not detect a triggered safety-related func­tion (S_SafeControl = SAFETRUE)

    • and no start-up/restart inhibit is active

    • and running opera­tion is requested at ProcessControl (TRUE) from the standard controller

    • and no error has been detected.

Error

Output for error message.

Data type: BOOL

  • FALSE: No error is present.

  • TRUE: The function block has detected an error. The S_Out­Control output switches to SAFE­FALSE as a result.

DiagCode

Output for diagnostic message.

Data type: WORD

Diagnostic message of the function block.

The possible values are listed and described in the topic "Diagnostic codes".

Signal sequence diagram

This diagram relates to a typical output control with specified start-up inhibit and restart inhibit. No additionally required operation stop of the standard controller is configured.

NOTE:

The other signal sequence diagram can be taken into account.

NOTE:

The signal sequence diagrams in this documentation possibly omit particular diagnostic codes. For example, a diagnostic code is possibly not shown if the related function block state is a temporary transition state and only active for one cycle of the Safety Logic Controller.

Only typical input signal combinations are illustrated. Other signal combinations are possible.

OutControl_Signal1.png

0

The function block is not yet activated (Activate = FALSE). As a result, all outputs are FALSE or SAFEFALSE.

1

After the function block has been activated due to Activate = TRUE, the start-up inhibit is active at first.

2

A positive signal edge at the Reset input resets the start-up inhibit.

3

Request from the standard controller at the ProcessControl function block input to switch the S_OutControl enable output to SAFETRUE. Taking the other inputs into account the following applies: If ProcessControl = TRUE, output S_OutControl = SAFETRUE.

4

ProcessControl switches to FALSE: Operation stop request from the standard controller. The S_OutControl enable output thus switches to SAFEFALSE.

5

New request at ProcessControl to switch the S_OutControl enable output to SAFETRUE (start of operation in the standard controller).

As no safety-related function is requested (S_SafeControl = SAFETRUE) and no additionally required operation stop is config­ured (StaticControl = TRUE), the S_OutControl output switches to SAFETRUE. This is followed by normal operation.

6

Request of the safety-related function, e.g., by pressing an emergency-stop control device (S_SafeControl = SAFEFALSE). The S_OutControl output immediately switches to SAFEFALSE.

7

After the request for the safety-related function has been removed (e.g., deactivation of the emergency-stop control device, S_SafeControl becomes SAFETRUE again), the restart inhibit is active. S_OutControl thus remains SAFEFALSE.

8

Removing the restart inhibit by means of the rising edge at the Reset input. As no additional operation stop of the standard controller is required (ProcessControl input) with StaticControl = TRUE and ProcessControl remains TRUE, S_OutControl switches to SAFETRUE.

Application example

This example shows the control of a safety-related output with the safety-related SF_OutControl function block. The TRUE constant at the StaticControl input specifies that no additional operation stop of the stan­dard controller is required.

All function blocks involved are perpetually activated by means of TRUE constants at the Activate input.

An emergency-stop control device S1 is connected as single-channel to the input terminal I0 of the safety-related input device SDI 1 and assigned to the global I/O variable S1_EStopDevice_In. This global I/O variable is connected to the S_EStopIn function block input of the SF_EmergencyStop function block. Neither a start-up inhibit nor a restart inhibit is specified for the SF_EmergencyStop function block (SAFETRUE constant at both inputs S_StartReset and S_AutoReset).

Instead, both inhibits are configured at the SF_OutControl function block: The S_StartReset = SAFEFALSE input specifies a start-up inhibit after the Safety Logic Controller has been started up or the function block has been activated. S_AutoReset = SAFEFALSE configures a restart inhibit after the request for the safety-related function has been removed, i.e., after the SAFETRUE signal has returned at the S_Safe­Control function block input. Both inhibits are only removed when there is a positive signal edge at the Reset input. To this end, the S2 reset button is connected to input NI0 of the standard input device DI 1. Its signal is assigned to the global I/O variable S2_Reset, which is connected to the Reset input of the SF_OutControl function block.

Further connection of the SF_OutControl function block:

OutControl_ApplicationExample1.png

S1

Emergency-stop

S2

Reset

Further Information

The other application example and the accompanying notes can be taken into account.

Detailed information

Additional information is available in the following sections:

EIO0000002269.01

© Copyright 2019, Schneider Electric