SF_Equivalent

The following description is valid for the function block SF_Equivalent_V1_0z, Version 1.0z (where z = 0 to 9).

Short description

The safety-related SF_Equivalent function block monitors the signals of two safety-related input terminals for the same signal states. Typically, these signals come from two-channel sensors or switches such as an emergency-stop control device.

The enable signal S_EquivalentOut becomes SAFETRUE when the function block is activated, has not detected an error and the S_ChannelA and S_ChannelB inputs both show the SAFETRUE state within the time set at DiscrepancyTime.

For this to happen, the function block must be activated (Activate = TRUE) and it must not have detected any errors (Error = FALSE).

NOTE:

Always connect both inputs to either N/C contacts or N/O contacts.

Function block inputs

Click the corresponding hyperlinks to obtain detailed information on the items below.

Name

Short description

Value

Activate

State-controlled input for activating the function block.

Data type: BOOL

Initial value: FALSE

FALSE: Function block inactive

TRUE: Function block activated

S_ChannelA

State-controlled input for the A channel of the connected two-channel switch or sensor.

Data type: SAFEBOOL

Initial value: SAFEFALSE

SAFEFALSE: Request to switch S_EquivalentOut to SAFEFALSE.

SAFETRUE: Request to switch S_EquivalentOut to SAFETRUE.

S_ChannelB

State-controlled input for the B channel of the connected two-channel switch or sensor.

Data type: SAFEBOOL

Initial value: SAFEFALSE

SAFEFALSE: Request to switch S_EquivalentOut to SAFEFALSE.

SAFETRUE: Request to switch S_EquivalentOut to SAFETRUE.

DiscrepancyTime

Input for specifying the maximum permissible discrepancy time in seconds. During this discrepancy time the signals at S_ChannelA und S_ChannelB may switch differently.

Data type: TIME

Initial value: #0ms

The discrepancy time is exceeded if different states are present at the inputs once the set duration has elapsed. This results in an error message (if output Error = TRUE, output S_EquivalentOut = SAFEFALSE).

Enter a time value according to your risk analysis.

Refer to the hazard message below this table.

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS

Verify that the time value set at DiscrepancyTime corresponds to your risk analysis.

Be sure that your risk analysis includes an evaluation for incorrectly setting the time value at the DiscrepancyTime parameter.

Validate the overall safety-related function with regard to the set DiscrepancyTime value and thoroughly test the application.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Function block outputs

Name

Short description

Value

Ready

Output for signaling "Function block activated/not activated".

Data type: BOOL

FALSE: Function block is not activated (Activate = FALSE) and all outputs of the function block are switched to FALSE/SAFEFALSE.

TRUE: Function block is activated (Activate = TRUE) and the output parameters represent the state of the safety-related function.

S_EquivalentOut

Output for enable signal of the function block.

Data type: SAFEBOOL

Refer to the hazard message below this table.

SAFEFALSE:
- At least one input shows the state SAFEFALSE
- or the function block has detected an error
- or the function block is not activated.

SAFETRUE:
- The function block is activated
- and both inputs show the state SAFETRUE
- and the function block has not detected an error.

Error

Output for error message.

Data type: BOOL

NOTE:

To reset the error message, the SAFEFALSE state must be set at both inputs.

FALSE: No error is present.

TRUE: The function block has detected an error. The S_EquivalentOut output switches to SAFEFALSE as a result.

DiagCode

Output for diagnostic message.

Data type: WORD

Diagnostic message of the function block.

The possible values are listed and described in the topic "Diagnostic codes".

The function block supports a safety-related monitoring function but not a safety-related control function.

WARNING

UNINTENDED EQUIPMENT OPERATION

Verify that the S_EquivalentOut enable signal does not directly control the safety process.

Validate the overall safety-related function, including the start-up behavior of the process, and thoroughly test the application.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Signal sequence diagram

The example below shows the signal curve which occurs if both inputs switch to SAFETRUE or SAFEFALSE within the discrepancy time.

NOTE:

The signal sequence diagrams in this documentation possibly omit particular diagnostic codes. For example, a diagnostic code is possibly not shown if the related function block state is a temporary transition state and only active for one cycle of the Safety Logic Controller.

Only typical input signal combinations are illustrated. Other signal combinations are possible.

0	The function block is not yet activated (Activate = FALSE). As a result, all outputs are FALSE or SAFEFALSE.
1	Function block activation (Activate = TRUE) during which SAFEFALSE is present at both the S_ChannelA and S_ChannelB inputs.
2	S_ChannelA switches to SAFETRUE. When the state of an input switches, the discrepancy time measurement starts.
3	S_EquivalentOut switches to SAFETRUE as both inputs (S_ChannelA and S_ChannelB) switch from SAFEFALSE to SAFETRUE within the time set at DiscrepancyTime.
4	S_EquivalentOut switches to SAFEFALSE, as S_ChannelB switches to SAFEFALSE. The discrepancy time measurement starts when the state at S_ChannelB modifies.
5	S_EquivalentOut and Error remain FALSE, as input S_ChannelA switches to SAFEFALSE during the discrepancy time.
6	The discrepancy time measurement starts when the state at S_ChannelB modifies again.
7	S_EquivalentOut switches to SAFETRUE as both inputs (S_ChannelA and S_ChannelB) switch from SAFEFALSE to SAFETRUE within the time set at DiscrepancyTime.
8	S_EquivalentOut switches to SAFEFALSE, as S_ChannelA switches to SAFEFALSE. The discrepancy time measurement starts when the state at S_ChannelA modifies. S_EquivalentOut remains SAFEFALSE, as S_ChannelB also switches to SAFEFALSE within the time set at DiscrepancyTime.

NOTE:

The other signal sequence diagram can be taken into account.

Application example

This example illustrates two-channel control of the safety-related SF_EmergencyStop function block with the help of the safety-related SF_Equivalent function block. The emergency-stop control device is connected to the inputs I0 and I1 of the safety-related input device SDI with an ID of 1.

The N/C contacts of the emergency-stop control device are connected to the safety-related SF_Equivalent function block for evaluation purposes. The S_EquivalentOut enable signal of the SF_Equivalent function block resulting from this is connected to the safety-related SF_EmergencyStop function block for further evaluation.

NOTE:

The enable output S_EStopOut of the SF_EmergencyStop function block is directly connected to a global I/O variable or to an output terminal of the application via additional safety-related functions/function blocks.

Connect the S_EStopOut enable output of the SF_EmergencyStop function block to the S_OutControl input of the SF_EDM function block, for example, thus implementing a two-channel output connection.

Further Information

The details and additional information for this example can be taken into account.

S1	Emergency-stop
S2	Reset
	See note above the illustration

Detailed information

Additional information is available in the following sections:

Functional description

Additional signal sequence diagrams

Details of the application example

Exception avoidance

Implementation of safety requirements from applicable standards