Mixing safety-related and standard variables in ST

NOTE:

Term definition: Standard = non-safety-related.

The term "standard" always refers to non-safety-related items/objects. Examples: a standard process data item is only read/written by a non-safety-related I/O device, i.e., a standard device. Standard variables/functions/FBs are non-safety-related data. The term "standard controller" designates the non-safety-related controller.

Safety-related and standard variables can be used together within one ST code worksheet and, under particular circumstances, within one ST statement.

The following rules apply:

  • Generally, a safety-related variable can be written to a standard variable using the assignment operator ':='. This way an implicit type conversion from a safety-related to a standard data type is performed.

    Valid example: MyStandardBool := MySafeBool; (* allowed *)

     WARNING

    UNINTENDED EQUIPMENT OPERATION

    Do not use variables that have been converted from a safety-related to a standard data type in any safety-related functions.

    Failure to follow these instructions can result in death, serious injury, or equipment damage.

  • Assignments from a standard variable to a safety-related variable are generally not allowed because this would mean an implicit type conversion from a standard data type to a safety-related data type.

    Error example: MySafeBool := MyStandardBool; (* not allowed *)

  • Safety-related and standard variables can be mixed within one statement as long as no assignment from a standard to a safety-related variable is made.

    Symbolic operators, such as & = + - * /, are considered as untyped. The "functional operators", such as AND, OR, DIV, MUL, etc., are considered as typed. For typed operators you must distinguish between the "standard variant" and "safety-related variant" (e.g., AND/AND_S).

    Valid examples:

    MyStandardResult := MyStandardBool AND MyStandardBool2; (* allowed *)

    MySafeResult := MySafeBool1 AND_S MySafeBool2; (* allowed *)

    MySafeResult := MySafeBool1 & MySafeBool2; (* allowed *)

    MyStandardResult := MyStandardBool & MySafeBool; (* allowed *)

    Error examples:

    MySafeResult := MyStandardBool & MySafeBool; (* not allowed *)

    MySafeResult := MyStandardBool AND_S MySafeBool; (* not allowed *)

  • Safety-related and standard variables can be mixed within one function/function block call as long as no standard variable is assigned to a safety-related variable. This also includes the assignment of parameters: standard variables must not be connected to formal parameters of safety-related functions/FBs as they expect safety-related data types to be connected.

    Valid examples:

    MyStandardResult:= AND(MySafeBool, MyStandardBool); (* allowed *)

    MyStandardCTU(CU := MySafeVar, RESET := 0, PV := INT#50); (* allowed *)

    Error examples:

    MySafeResult:= AND(MySafeBool, MyStandardBool); (* not allowed *)

    MySafeCTU(CU := MyStandardVar, RESET := 0, PV := INT#50); (* not allowed *)

For easier distinction of standard and safety-related variables, they are visually distinguished in the ST code editor. Safety-related variables are underlined in red, standard variables are not underlined.

NOTE:

Although safety-related and standard variables can be mixed in ST, it is not allowed to realize the enable principle in ST. For that purpose use FBD/LD. Refer to the topic "Programming the Enable Principle".