Mixing safety-related and standard variables in ST
NOTE:
Term definition: Standard = non-safety-related.
The term "standard" always refers to non-safety-related items/objects. Examples: a standard process data item is only read/written by a non-safety-related I/O device, i.e., a standard device. Standard variables/functions/FBs are non-safety-related data. The term "standard controller" designates the non-safety-related controller.
Safety-related and standard variables can be used together within one ST code worksheet and, under particular circumstances, within one ST statement.
The following rules apply:
Generally, a safety-related variable can be written to a standard variable using the assignment operator ':='. This way an implicit type conversion from a safety-related to a standard data type is performed.
Valid example: MyStandardBool := MySafeBool; (* allowed *)
WARNING
UNINTENDED EQUIPMENT OPERATION
Do not use variables that have been converted from a safety-related to a standard data type in any safety-related functions.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Assignments from a standard variable to a safety-related variable are generally not allowed because this would mean an implicit type conversion from a standard data type to a safety-related data type.
Error example: MySafeBool := MyStandardBool; (* not allowed *)
Safety-related and standard variables can be mixed within one statement as long as no assignment from a standard to a safety-related variable is made.
Symbolic operators, such as & = + - * /, are considered as untyped. The "functional operators", such as AND, OR, DIV, MUL, etc., are considered as typed. For typed operators you must distinguish between the "standard variant" and "safety-related variant" (e.g., AND/AND_S).
Valid examples:
MyStandardResult := MyStandardBool AND MyStandardBool2; (* allowed *)
MySafeResult := MySafeBool1 AND_S MySafeBool2; (* allowed *)
MySafeResult := MySafeBool1 & MySafeBool2; (* allowed *)
MyStandardResult := MyStandardBool & MySafeBool; (* allowed *)
Error examples:
MySafeResult := MyStandardBool & MySafeBool; (* not allowed *)
MySafeResult := MyStandardBool AND_S MySafeBool; (* not allowed *)
Safety-related and standard variables can be mixed within one function/function block call as long as no standard variable is assigned to a safety-related variable. This also includes the assignment of parameters: standard variables must not be connected to formal parameters of safety-related functions/FBs as they expect safety-related data types to be connected.
Valid examples:
MyStandardResult:= AND(MySafeBool, MyStandardBool); (* allowed *)
MyStandardCTU(CU := MySafeVar, RESET := 0, PV := INT#50); (* allowed *)
Error examples:
MySafeResult:= AND(MySafeBool, MyStandardBool); (* not allowed *)
MySafeCTU(CU := MyStandardVar, RESET := 0, PV := INT#50); (* not allowed *)
For easier distinction of standard and safety-related variables, they are visually distinguished in the ST code editor. Safety-related variables are underlined in red, standard variables are not underlined.
NOTE:
Although safety-related and standard variables can be mixed in ST, it is not allowed to realize the enable principle in ST. For that purpose use FBD/LD. Refer to the topic "Programming the Enable Principle".
