• Save
Advanced Programming Techniques for Safety Applications
Upcoming SlideShare
Loading in...5
×
 

Advanced Programming Techniques for Safety Applications

on

  • 1,223 views

 

Statistics

Views

Total Views
1,223
Views on SlideShare
1,223
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Advanced Programming Techniques for Safety Applications Advanced Programming Techniques for Safety Applications Presentation Transcript

  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900DAdvanced Programming Techniques for Safety Applications
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Safety Controller(s)CompactGuardLogix1768-L4xSCopyright ©2011.2GuardLogix1756-L6xS/LSPGuardLogix1756-L7xS/L7SP Logix Integrated Safety Controllers Safety Standard Process Motion Integrated Architecture
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.GuardLogix® Safety Integration Logix Integrated Safety Dual Processor Solution (1oo2 Architecture) SIL-3 Certification per IEC 61508 ISO 13849 Performance Level e (Category 4) Programs with RSLogixTM 5000 Extensive suite of certified safety application instructions Simplifies design, validation, maintenance Dual Channel suite Muting & Press Suite CIP Safety for safety rated interlocking of safety I/O on Ethernet3
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Safety I/O Block 1791ES-IB16 24Vdc sinking inputs 1791ES-IB8xOBV4 24Vdc sinking inputs 24Vdc bipolar outputs (switch both 24V and COM) Point 1734-IB8S 24Vdc sinking inputs 1734-OB8S 24Vdc sourcing outputs 1734-IE4S (newest addition) Current / voltage / tachometer analog inputs4
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Analog Input ModuleMICROPROCESSOR 1MICROPROCESSOR 2SYNCWATCHDOG /COMPAREADDRESSDATACONTROLDATABUFFERSDADAMUXMUXINPUT AINPUT B
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Section 1 Safety Code required for Safety Controllers6
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.What if I write bad safety code? If I write bad safety code, am I still safe?7
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.What if I write bad safety code? If I write bad safety code, am I still safe? NO8
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Programming Required Do YOU have to be certified to write safety application code?9
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Programming Required Do YOU have to be certified to write safety application code? NO10
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Programming Required Does your safety application code have to be ‘certified’ ?11
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Programming Required12 Does your safety application code have to be ‘certified’ ? Not Certified
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Programming required Your application code must be ‘validated’, but you can do thatyourself If you wish to have your code validated by a third party, they willspend much more time checking your software processes thanchecking your code.13 Does your safety application code have to be ‘certified’ ? Not Certified
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Programming Required Documented developmental lifecycle according to V-model example: Do you have a SRASW ? (safety related application software specification) Did you use Modular and Structured Programming ? Is your code readable, understandable, and testable ? …….14
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Function Blocks / ISO-1394915
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Function Blocks Rockwell provides a library of certified function blocks (instructions)16
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Add On Instructions (AOI) AOIs can be developed for Standard tasks Safety task17
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.AOI Signature Signatures can be placed on Standard AOIs Safety AOIs18
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.AOI Signature If Signature in place, AOIs cannot be edited, as indicated bywax seal Standard AOIs Safety AOIs• Note code is grayed out19
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Section 2 Safety Input instructions20
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.All the Certified Safety Input Instructionsare Dual Channel Dual Channel instructions ensure both channels are within tolerance If they remain out of tolerance for longer than the discrepancy time, afault is declared21
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.What instructions would be used forsingle channel safety circuits / loops ?22
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.What instructions would be used forsingle channel safety circuits / loops ? Digital / Boolean XIC OTE Note even these instructions have been certified by the TUV That is why they have the red triangle That is why they are available in the safety task23 Analog / Compare LES GRT
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.DCS InstructionDual Channel input Stop24 Input Type Equivalent or Complementary Discrepancy Time How long can the inputs be diverse before afault is declared Restart(s) Automatic or Manual If manual, reset required to start output O1 Input Status Is input channel data valid ? If LO, output O1 is turned off Reset Reset faults (FP) Restarts O1 if configured for manual
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.DCST Instruction Test Request Generates Test Command output (TC) Test Command output Used to force functional test of device Inputs cycled from active to safe to active state Wiring faults can be detected during test Output (O1) de-energized during testDual Channel input Stop with Test25
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.DCSTL Instruction Unlock Request & Hazard Stopped Generates unlock command (ULC) upon request if hazard stopped Lock Feedback Monitors Lock contact(s)Dual Channel input Stop with Test and Lock26
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved. Mute Channels can go LO without affecting output (O1) Muting Lamp (ML) HI when in muted mode Muting Lamp Status monitors lamp bulb (typically Test Outputs 03 / 07 have current monitoring) Safe State (SS) shows state of input channels in muted mode Test Type can be active for light curtains that test themselves Manual for devices that must be tested manuallyDCSTM InstructionDual Channel input Stop with Test and Mute27
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.DCA Instruction Safety Analog Inputs (1734-IE4S) Dual Channel Fault (FP) if channels out of tolerance for longer than discrepancy time High and Low limit trip point alarms (HTP and LTP) DCAF supports floating point (L7xS only)Dual Channel Analog28
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Section 3 Safety Output Instructions29
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Two Contactors in series with OutputMonitoring Interposing relay used in this example30
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.CROUT InstructionConfigurable Redundant OUTput31 Feedback Type Positive or Negative Reaction Time How long to wait for feedback to followoutputs before a fault is declared Actuate No restart function Outputs O1 and O2 simply follow actuate ifno faults Input and Output Status (embedded interlocks) Is feedback data valid ? Are output channels being driven byCROUT fault free ? Reset Reset feedback faults (FP)
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Typical Safety Interlock CodeSafety Inputs OKRedundant OutputsReset buttonFeedback32Fault
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Section 4 Module Configuration / Single or Equivalent ??33
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.The question really is :Where to detect Discrepancy Faults ?Ch BCh ADiscrepancy TimeIn Software ?In the I/O Module ?34Tolerance
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Discrepancy check on Safety I/O Module Safety Inputs can be configured for Single I/O module unaware of any relationship between channels 2 and 3 Equivalent I/O module will verify channels 0 and 1 remain within tolerance35
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Discrepancy check on DCA Instruction Fault (FP) if channels out of tolerance for longer than discrepancy timeDual Channel Analog36
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Most customers do BOTH37 If channels 0 and 1 are WITHIN tolerance Actual channel data sent to controller / DCA NO fault in module input tags NO fault on DCA instruction All channel status are HI (good)No faultNo fault
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.When Discrepancy Fault occurs38 If channels 0 and 1 are OUTSIDE tolerance Actual channel data sent to controller / DCA Fault code from module is 5 / This indicates discrepancy fault Fault code on DCA is 32 / This indicates Input Status went LOModuleFault CodeDCAFault code
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Change Module Configuration to Single39 If channels 0 and 1 are OUTSIDE tolerance Actual channel data sent to controller / DCA Fault code on DCA is 16464 / indicates discrepancy fault NO Fault on module (1 = no fault) DCAFault codeModuleFault Code
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.DCA Fault and Diagnostic codes40
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Section 5 Protection from Unwanted Change41
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Protection from Unwanted Change Safety systems need to protect against Offline edits to the safety program Online changes to the safety program Parameter changes from HMIs Program downloads that overwrite the safety program Malicious? Inadvertent?42
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Protection from Unwanted Change GuardLogix uses signature and lock Offline edits to the safety program Safety Signature or Safety Lock Online changes to the safety program Safety Signature or Safety Lock Parameter changes from HMIs Safety Signature Program downloads that overwrite the safety program Safety Lock43
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Safety Signature With a signature in place Offline edits cannot be made to the safety task Online changes cannot be made to the safety task Forcing of safety I/O is prohibited External devices, such as HMIs or the standard portion of cGLX, are prohibitedfrom writing into safety memory on the cGLX controller Background memory check between the primary and partner is begun SAFETY RUN LED on controller goes solid green Note the partner always runs the safety task, even without a signature44
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.What prevents inadvertently downloading aproject with a different safety task?Safety Lock45
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900DQuestions?
  • Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900DThank you for participating!Please remember to tidy up your work area for the next session.We want your feedback! Please complete the session survey!