The function block FB_XpsuMain evaluates the diagnostics codes decoded by the function block FB_XpsuDiag. Based on the diagnostics codes, the function block performs calculations that let you track and manage maintenance and service life requirements (for example, due dates for proof tests or replacements) for the XPSU safety module itself as well as connected equipment such as sensors, command devices, and actuators. The function block provides counters for the number of remaining cycles:
Counters for remaining cycles of the safety-related input channels: One cycle corresponds to one activation of a safety-related input channel.
Counters for remaining cycles of the safety-related outputs: One cycle corresponds to one activation of a safety-related output.
Counter for remaining cycles of the safety module itself: Once cycle corresponds to one transition from the defined safe state to the defined non-safe state of the XPSU safety module.
The counters allow you to monitor the number of operations of equipment connected to the XPSU safety module as a function of the cycles of the safety-related inputs and the safety-related outputs.
Typical scenarios for managing the counters include replacements of input devices or output devices as well as a replacement of the XPSU safety module itself. If you replace the XPSU safety module and activate a new XPSU safety module via the input i_xNewModuleActive, the counter for the total number of cycles is reset to zero. Since a replacement of the XPSU safety module may not necessitate a replacement of the connected equipment, the values of the counters for the safety-related inputs and the safety-related outputs retain the values at the time of the replacement. If you need to replace connected equipment or add further equipment, you can reset the corresponding counters to zero.
In addition, the function block can be used to monitor and manage the due dates of proof tests required for the safety-related function and/or the equipment used to implement it.
Both function blocks FB_XpsuMain and FB_XpsuDiag must be called in the same task cycle.
In order to evaluate the diagnostics code received from the function block FB_XpsuDiag, the function block FB_XpsuMain needs to be activated by setting the value at its input i_xEnable to TRUE. If the value at the input i_xEnable is set to FALSE, the diagnostics codes are no longer evaluated and the outputs of the function block are set to their default values.
The input i_dwStatus is connected to the output q_dwStatus of the function block FB_XpsuDiag. The input i_xValid is connected to the output q_xValid of the function block FB_XpsuDiag.
The function block receives the diagnostics information serving as the basis for the calculations via its input i_dwStatus.
To be able to calculate the remaining number of cycles of the safety-related inputs, the safety-related outputs and the safety module itself, the function block requires the following information:
The safety-related inputs and the safety-related outputs to be monitored.
The maximum number of cycles for each safety-related input, each safety-related output and the XPSU safety module itself. These values are taken as the start values and decreased by each cycle detected by the function block FB_XpsuDiag.
The required information is provided in the form of data structures connected to the corresponding inputs of the function block. These data structures map the hardware implementation, that is, the input devices/sensors connected to the safety-related inputs and the actuators connected to the safety-related outputs of the XPSU safety module:
The structure ST_InputControl is provided for the counters for the cycles of the safety-related inputs. The structure configures the input channels (CH+ (or CH- in the case of XPSUAK and XPSUAT)) of the safety-related inputs of the XPSU safety module to which the input devices/sensors are connected. An array of this structure with the length of six has to be connected to the input i_astControlInp.
The structure has to be connected to the input i_stControlProc (counter for the cycles of the XPSU safety module itself).
An array of the structure with the length of 13 has to be connected to the input i_astControlOut (counters for the cycles of the safety-related outputs).
The structure ST_RemainNumOp provides the information on the remaining number of cycles for the safety-related inputs, the safety-related outputs, and the XPSU safety module itself. This structure has to be connected to the output q_stRemainNumOp of the function block.
The output q_xOpExceeded is set toTRUE if at least one structure element of the structure ST_RemainNumOp has the value 0. This means that no cycles are left for the corresponding safety-related input, safety-related output, or the XPSU safety module itself. The value at the output q_wExceededId indicates the affected safety-related input or safety-related output, or the XPSU safety module itself.
The output q_udiNumOpSystem provides the total number of cycles of the XPSU safety module.
Safety-related functions and the hardware used for their implementation require proof tests at specific intervals. The function block lets you track and manage such proof test. The date and time of the proof test are set via the input i_dtTestIntervalRef. The interval between consecutive proof tests is set via the input i_udiTestInterv. After having performed a proof test, confirm this with a rising edge at the input i_xTestExecuted. The confirmed date for the first proof test is available at the output q_datTestStart. The due date for the next proof test is provided at the output q_datNextProof. The function block provides time stamps of the last ten proof tests in an array at the output q_adtProofTests.
If you add or replace an XPSU safety module, confirm this with a rising edge at the input i_xNewModuleActive. This confirmation also resets the time stamp array, enters the time stamp in the first array element, and updates the value at the output q_datTestStart.
The value TRUE at the output q_xTestIntervViol indicates that the specified interval has been exceeded, that is, the proof test has not been performed on schedule.
Proof test time stamps can also be loaded from an external proof test array, for example, if the XPSU safety module is connected to a different controller. Such arrays can, for example, originate from an HMI application. To load an external time stamp array, set the input i_xSaveBProofTest to TRUE. As a result, the array connected to the input i_adtProofTests is read and copied to the internal array.
If the value at the output q_xActive is TRUE, the function block is activated. The outputs q_xError and q_wErrorId provide information on detected errors.
|
Input |
Data type |
Description |
|---|---|---|
|
i_xEnable |
BOOL |
TRUE activates the function block. |
|
i_dwStatus |
DWORD |
Connect this input to the output q_dwStatus of the function block FB_XpsuDiag. The function block processes this status information and writes the data to the structures connected to the outputs. |
|
i_xValid |
BOOL |
Connect this input to the output q_xValid of the function block FB_XpsuDiag. |
|
i_stControlProc |
ST_DevControl |
The structure ST_DevControl connected to this input sets the maximum number of cycles for the XPSU safety module itself. The structure element xReset can be used to reset the corresponding counter. |
|
i_astControlInp |
ARRAY[1..6] OF ST_InputControl |
The array of the structure ST_InputControl connected to this input configures the safety-related inputs of the XPSU safety module. It identifies the connected input channels of the safety-related inputs and sets the maximum number of cycles for the safety-related inputs. The structure element xReset can be used to reset the corresponding counters. |
|
i_astControlOut |
ARRAY[1..13] OF ST_DevControl |
The array of the structure ST_DevControl connected to this input configures the safety-related outputs of the XPSU safety module. It identifies the connected safety-related outputs and sets the maximum number of cycles for the corresponding relay contacts. The structure element xReset can be used to reset the corresponding counters. The number of 13 array elements corresponds to the maximum of the seven safety-related outputs that an XPSU safety module can have plus six safety-related outputs provided by an XPSUEP extension module. |
|
i_dtTestIntervalRef |
DATE_AND_TIME |
Date and time of the proof test to be performed (reference to the controller time). |
|
i_udiTestInterv |
UDINT |
Proof test interval. Specify the number of days between consecutive proof tests. |
|
i_xNewModuleActive |
BOOL |
A rising edge at this input confirms that an XPSU safety module has been added or replaced. Results
|
|
i_xTestExecuted |
BOOL |
A rising edge at this input confirms that a proof test has been performed. Results:
|
|
i_xSaveBProofTests |
BOOL |
A rising edge at this input triggers reading of the time stamps from the proof test array connected to the input i_adtProofTests. Refer to the description of the input i_adtProofTests for details. |
|
i_adtProofTests |
ARRAY[1..10] OF DATE_AND_TIME |
Input for connecting an external proof test array containing proof test time stamps which originate, for example, from an HMI application. |
|
Output |
Data type |
Description |
|---|---|---|
|
q_xActive |
BOOL |
If the value at this output is TRUE, the function block is being executed. |
|
q_xError |
BOOL |
If the value at this output isTRUE, the function block has detected an error. Refer to q_wErrorId for details. |
|
q_wErrorId |
WORD |
Provides information on detected errors. Error codes are listed in the section Error Codes. |
|
q_datTestStart |
DATE |
Date value of the first proof test after activation of a new XPSU safety module via the input i_xNewModuleActive. |
|
q_datNextProof |
DATE |
Due date for the next proof test. |
|
q_xTestIntervViol |
BOOL |
If the value at this output is TRUE, the proof test interval has been exceeded. |
|
q_xOpExceeded |
BOOL |
If the value at this output is TRUE, the number of remaining cycles is 0 for at least one of the monitored safety-related inputs or safety-related outputs, or for the XPSU safety module itself. |
|
q_wExceededId |
WORD |
ID of the safety-related input, or the safety-related output, or the XPSU safety module itself that has exceeded the maximum number of cycles. Format:
|
|
q_adtProofTests |
ARRAY[1..10] OF DATE_AND_TIME |
Array of time stamps of the last ten proof tests performed. The first array element contains the latest time stamp (FIFO). |
|
q_udiNumOpSystem |
UDINT |
Number of cycles of the XPSU safety module itself. The value is reset to zero if a new XPSU safety module is activated via the input i_xNewModuleActive. |
|
q_stRemainNumOp |
ST_RemainNumOp |
Number of remaining cycles for each monitored safety-related input, for each safety-related output, and for the XPSU safety module itself, written to the structure ST_RemainNumOp. |
If the function block detects an error, the output q_xError is set to TRUE and an error code is provided at the output q_wErrorId.
|
Error code |
Description |
|---|---|
|
|
The proof test interval value at the input i_udiTestInterv is invalid. The value must be greater than zero. |
|
|
A new XPSU safety module has not yet been activated via the input i_xNewModuleActive (no first proof test confirmed). The error code is also generated when the function block is started for the first time via the input i_xEnable. |
|
|
Invalid configuration of safety-related input in the structure ST_InputControl. “n” is a number from 1 to 6 which indicates the number of the affected structure (corresponds to the affected safety-related input). Refer to ST_InputControl for details on the parameters. |
If no cycles remain for a safety-related input, or for a safety-related output, or for the XPSU safety module itself, the value at the output q_xOpExceeded is set to TRUE. The value at the output q_wExceededId identifies the affected safety-related input, or safety-related output, or the XPSU safety module itself.
|
ID |
Description |
|---|---|
|
|
Remaining number of cycles for the XPSU safety module itself is 0. |
|
|
Remaining number of cycles for the safety-related input defined in the first element of the structure ST_InputControl is 0. |
|
|
Remaining number of cycles for the safety-related input defined in the second element of the structure ST_InputControl is 0. |
|
|
Remaining number of cycles for the safety-related input defined in the third element of the structure ST_InputControl is 0. |
|
|
Remaining number of cycles for the safety-related input defined in the fourth element of the structure ST_InputControl is 0. |
|
|
Remaining number of cycles for the safety-related input defined in the fifth element of the structure ST_InputControl is 0. |
|
|
Remaining number of cycles for the safety-related input defined in the sixth element of the structure ST_InputControl is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the first element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the second element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the third element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the fourth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the fifth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the sixth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the seventh element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the eighth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the ninth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the tenth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the eleventh element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the twelfth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
|
|
Remaining number of cycles for the safety-related output defined in the thirteenth element of the structure ST_DevControl connected to the input i_astControlOut is 0. |
Certain variables for the function block need to be declared as persistent variables so that they are not re-initialized after a controller restart.
Procedure for adding the instance paths of the contained persistent values to the list of persistent variables:
|
Step |
Action |
|---|---|
|
1 |
In the Application tree under the Application node, add the [Persistent Variables] object. |
|
2 |
Open the editor, right-click and select Add all instance paths. |
This adds the following persistent global variables to the list:
|
Variable |
Data IDs Output at q_wExceededIdType |
Default Value |
Description |
|---|---|---|---|
|
R_udiCountSystem |
UDINT |
|
Total number of cycles of the XPSU safety module itself. |
|
R_audiCountInp |
ARRAY[1..6] OF UDINT |
|
Remaining number of cycles of the safety-related inputs. The array size of six covers the maximum number of safety-related inputs that an XPSU safety module can provide. |
|
R_udiCountProc |
UDINT |
|
Remaining number of cycles of the XPSU safety module itself. |
|
R_audiCountOut |
ARRAY[1..13] OF UDINT |
|
Remaining number of cycles of the safety-related outputs. The array size of 13 covers the maximum number of safety-related outputs that an XPSU safety module with an XPSUEP extension module can provide. |
|
R_adtProof |
ARRAY[1..10] OF DATE_AND_TIME |
|
Array for the time stamps of the last ten proof tests (first in, first out). |
|
R_datTestStart |
DATE |
|
Time stamp of the first proof test performed for a new XPSU safety module after confirmation via the input i_xNewModuleActive. |
(1) The default value refers to each element of the array
The input i_xNewModuleActive of the function block FB_XpsuMain lets you reset R_udiCountProc to zero if an XPSU safety module is installed. The other counters are reset at the inputs of the function blocks via the corresponding reset bits in the structure elements.