Safety Logic Controller Operating Modes
The Safety Logic Controller can run in two different operating modes which are controlled by the user via the 'SafePLC' dialog.
These modes are:
Depending on the active Safety Logic Controller operating mode, different online operations are possible (see sections below). The operating mode is indicated by the color of the 'SafePLC' dialog (Safety Logic Controller control dialog):
red dialog: Safety Logic Controller runs in safe mode
gray dialog: Safety Logic Controller runs in debug mode
NOTE:
Safety Logic Controller simulation mode active
If the simulation mode is activated and safe mode is simulated, the 'SafePLC' dialog looks different. Instead of having a completely red background, it only shows a red border. In debug mode, no difference is visible between simulation and Safety Logic Controller.
Make certain that the desired target (Safety Logic Controller or simulation) is connected when working with the dialog.
Switching between safe mode and debug mode
While the Safety Logic Controller is running in safe mode, the 'SafePLC' dialog provides the 'Debug' button. Pressing the 'Debug' button switches the Safety Logic Controller to debug mode (see below).
Switching to debug mode means leaving the safe mode of operation. The background color of the control dialog must turn to gray, otherwise the transition is unsuccessful.
NOTE:
Keep in mind that the Safety Logic Controller will not stop the operation automatically when switching to debug mode.
When switching back from debug to safe mode, the background of the control dialog must turn to red, otherwise the transition is unsuccessful.
In both cases, i.e., after clicking the 'Debug' or 'Safe' button, you must confirm the mode transition within 30 seconds to activate the other mode. In this message dialog it is also possible to cancel the switching process at this time.
After a power outage, the Safety Logic Controller starts in RUN [Safe].
The safe mode restricts operations in the project that would otherwise influence the state or mode of operation of the Safety Logic Controller. The safe mode is allowed at all project levels.
In safe mode it is possible to
switch the Safety Logic Controller to debug mode.
display the variables status (viewing online values of variables).
read out Safety Logic Controller errors via the 'Error' button in the control dialog.
Errors are displayed in the 'SafePLC Errors' tab of the message window. The error button is only available if errors occurred which have not yet been displayed.
Switching the Safety Logic Controller into debug mode is only possible after entering the correct Safety Logic Controller password.
While the Safety Logic Controller is running in debug mode it is possible to
switch the Safety Logic Controller to safe mode.
download the project to the Safety Logic Controller.
start or stop program execution using the control dialog.
display the variables status (viewing online values of variables).
perform debug commands on the Safety Logic Controller such as
halting the continuous program execution and proceeding in single cycle operation.
display Safety Logic Controller detected errors via the 'Error' button.
NOTE:
The test of the safety-related application in debug mode must not replace the proper function test using safety-related I/O devices/sensors/actuators under any circumstances. The test in debug mode may only be performed in addition to the standard function test.
If the Safety Logic Controller runs in debug mode and the connection between EcoStruxure Machine Expert - Safety and Safety Logic Controller is interrupted, or the control dialog is closed and the variable status is deactivated, a debug watchdog timer starts. If the connection to the Safety Logic Controller can be reestablished and you continue debugging or switch the target back to safe mode within 10 minutes, the debug watchdog is reset. If the debug watchdog timer exceeds 10 minutes, the Safety Logic Controller sets the state to 'STOP [Debug]' and writes an error to the error stack. The machine is signaled to assume the defined safe-state. You cannot switch to safe mode again. In this case, you have to reset the Safety Logic Controller.
The purpose of this watchdog is to ensure that no variables remain forced or overwritten in case that the communication between Safety Logic Controller and EcoStruxure Machine Expert - Safety is interrupted.
