S7 Distributed Safety S7300DS GS E
User Manual: S7
Open the PDF directly: View PDF .
Page Count: 42
Download | |
Open PDF In Browser | View PDF |
s SIMATIC S7 Distributed Safety Getting Started Edition 10/2004 Safety Guidelines This manual contains notices that you should observe to ensure your own personal safety, as well as to protect the product and connected equipment from damage. These notices are highlighted in the manual by a warning triangle and are marked as follows according to the level of danger: ! Danger Indicates that death, severe physical injury, or substantial property damage will result if proper precautions are not taken. ! Warning Indicates that death, severe physical injury, or substantial property damage can result if proper precautions are not taken. ! Caution Indicates that minor physical injury or property damage can result if proper precautions are not taken. Caution Indicates that property damage can result if proper precautions are not taken. Notice Indicates important information relating to the product or draws special attention to part of the documentation. Qualified Personnel This device/system may only be set up and operated by qualified personnel. Qualified personnel are defined as persons who are authorized to commission, to ground, and to tag circuits, equipment, and systems in accordance with established safety practices and standards. Proper Use Note the following: ! Warning This device and its components may only be used for the applications described in the catalog or the technical description, and only in connection with devices or components from other manufacturers which have been approved or recommended by Siemens. This product can only function correctly and safely if it is transported, stored, set up, and installed correctly, and operated and maintained as recommended. Trademarks SIMATIC®, SIMATIC HMI®, and SIMATIC NET® are trademarks of Siemens AG. Other names in this publication might be trademarks, the use of which by third parties for their own purposes may violate the rights of the registered holder. 이 기기는 업무용(A급) 전자파 적합기기로서 판매자 또는 사용자는 이 점을 주의하시기 바라며 가정 외의 지역에서 사용하는 것을 목적으로 합니다. Copyright © Siemens AG 2004 All rights reserved Disclaimer of Liability The reproduction, transmission, or use of this document or its contents is not permitted without express written authority. Offenders will be liable for damages. All rights, particularly rights resulting from patent grant or registration of a utility model, are reserved. We have checked the contents of this manual for agreement with the hardware and software described. Since deviations cannot be precluded entirely, we cannot guarantee full agreement. However, the specifications in this manual are revised regularly, and any necessary corrections are included in subsequent editions. Suggestions for improvement are welcomed. Siemens AG Automation and Drives Industrial Automation Systems P.O. Box 4848, D- 90327 Nuremberg, Federal Republic of Germany Siemens Aktiengesellschaft © Siemens AG 2004 Technical specifications subject to change A5E00320726-01 Introduction These instructions will guide you step-by-step through the configuration and programming with S7 Distributed Safety based on a concrete example. You will learn about basic functions and the special properties of S7 Distributed Safety. It should take one or two hours to work through this example depending on your experience. Requirements for the Example The following requirements must be met: • In order to understand these Getting Started instructions, you need general knowledge about automation technology and also need to be familiar with the base software, STEP 7. • You need an S7-300 station consisting of: - Power supply (PS) with 2 A - CPU 315F-2 DP with an inserted MMC - Distributed I/O system ET 200S with: - Interface module IM 151-1 HIGH FEATURE - Power module PM-E 24-48 V DC - Terminal modules such as TM-E30S44-01 and TM-E30C44-01 - Fail-safe digital input module ET 200S 4/8 F-DI DC24V - Fail-safe digital output module ET 200S 4 F-DO DC24V / 2A - Power module PM-E 24 V DC - Digital electronic module 2DI 24 V DC ST - SIGUARD laser scanner LS4-4/P1 with PROFIBUS interface • The following software packages must be correctly installed on your programming device featuring an MPI interface: - STEP 7 as of version 5.3, service pack 1 - S7 Distributed Safety as of version V5.3 - GSD file of the laser scanner (this is included in the product package of the laser scanner; the file is also available in the Internet at http://www.siemens.com/automation/service&support). • If the hardware components are not available, you can also use the add-on package S7-PLCSIM (hardware simulation program) as of version 5.3. This add-on package will enable you to simulate the hardware components as described in these Getting Started instructions. • The programming device must be connected to the F-CPU via the MPI/DP interface (187.5 Kbps baud rate). • The hardware must be fully installed and wired. Relevant information for this is provided in the manual, ET 200S Distributed I/O System, Fail-Safe Modules • A description of the installation and wiring of the CPU 315F-2 DP is provided in the Getting Started Collection, Automation System S7-300, CPU 31x: Commissioning. S7 Distributed Safety A5E00320726-01 3 ! Warning As a component in plants and systems, the S7-300 is subject to special standards and regulations depending on the area of application. Please observe current regulation on safety and accident prevention such as IEC 60204-1 (Emergency Stop Equipment), EN 954-1 (Safety Related Parts of Control Systems) and IEC 61508 (Functional Safety). The example in these Getting Started instructions serves as an introduction to configuring and programming with S7 Distributed Safety. It does not lead to effective operation in every case. Before you do this, we highly recommend that you refer to the latest version of the manual, S7 Distributed Safety, Configuring and Programming. The warnings and additional notes this manual contains must be heeded at all times even if they are not repeated in this document! Serious injury and damage to machines and equipment may result if these regulations are neglected. Design and Tasks in the Example Safety door Emergency stop Laser scanner 4 S7 Distributed Safety A5E00320726-01 Production cell with access protection The walk-in production area is monitored with a laser scanner. The service area is secured by a safety door. Entering the production area or opening the safety door results in a stop or shutdown of the production cell similar to an emergency stop. The system can only be started when the emergency stop is interlock deactivated, the safety door is closed and the laser scanner detects no one in the protected area. User acknowledgment is required on site to restart production after the emergency stop has been activated or the safety door has been opened. Procedure Configuration Using HW Config you configure an ET 200S fail-safe digital input module to connect an emergency stop switch and the position switches for monitoring a safety door, an ET 200S fail-safe digital output module to connect a motor, an ET 200S digital standard electronic module for user acknowledgment and feedback loop, and a laser scanner. The configuration is described in steps 1 to 8. Programming Once the configuration is successfully completed, you can program your safety program. In our example, a fail-safe block is programmed with an emergency stop, a safety door function, a feedback loop (as restart protection when there is an incorrect load) and user acknowledgment for the reintegration. The block is then compiled to a safety program. The programming is described in steps 9 to 19. Acceptance test Supporting measures for acceptance are described in the appendix. Installation on the PROFIBUS DP S7 Distributed Safety A5E00320726-01 5 Wiring Overview for ET 200S 6 S7 Distributed Safety A5E00320726-01 Step 1: Wiring Warning You may come into contact with live electrical wires connected to the power mains. Only wire the S7-300 and ET 200S when they are disconnected from the mains. ! A description of the installation and wiring of the CPU 315F-2 DP is provided in the Getting Started Collection, Automation System S7-300, CPU 31x: Commissioning. Configuration of the Hardware Using HW Config, you configure: • CPU 315F-2 DP • Distributed I/O system ET 200S with: - Interface module IM 151-1 HIGH FEATURE - Fail-safe digital input module ET 200S for connecting an emergency stop switch and the position switches for monitoring a safety door - Fail-safe digital output module ET 200S for connecting a motor - Digital standard electronic module ET 200S for user acknowledgment and feedback loop • Laser scanner for area monitoring (fail-safe DP standard slave). Step 2: Configuration of the CPU 315F-2 DP using HW Config Sequence Action Result 1 Create a new project in the SIMATIC Manager (for example, "DS_Getting Started") and insert a SIMATIC 300 station. The SIMATIC 300 station appears in the SIMATIC Manager. 2 Open HW Config by selecting the SIMATIC 300 station and open the object (for example, with Ctrl+Alt+O). HW Config opens. 3 In the "Hardware Catalog” window, select the ”Standard” hardware profile from the "Profile” pull-down list . 4 Drag and drop a rail from the hardware catalog into the HW Config window, the power supply module (for example, PS307 2A) and the desired F-CPU (for example, CPU 315F-2 DP). A dialog box opens for setting the PROFIBUS properties of the new subnet. Required path: 1.) Rail: \SIMATIC 300\RACK-300 2.) Power supply: \SIMATIC 300\PS-300 3.) CPU 315F: \SIMATIC 300\CPU-300\CPU 315F-2 DP (6ES7 315-6FF01-0AB0). Click on "New”. The dialog box for setting the PROFIBUS properties of the new subnet shows the newly created PROFIBUS subnet. Close the dialog box with "OK." The fail-safe module will be later connected to the F-CPU over the new PROFIBUS subnet. 5 6 Double-click on the CPU 315F-2 DP in the configuration window The dialog box "Properties to set the properties of the F-CPU. CPU 315F-2 DP” opens. S7 Distributed Safety A5E00320726-01 7 Sequence Action Result Select the "Protection" tab. Make the following settings in the "Level of protection" field: 7 1.) Press the option button "1: Access protection for F-CPU" and select the option "Removable with password". 2.) Press the option button "3: Write/read protection" and enter a max. 8-digit password for the F-CPU, for example, "pw_fcpu". Type your password again in the field "Enter again". 3.) Mark the check box "CPU contains safety program". The dialog box should now appear as follows: 8 S7 Distributed Safety A5E00320726-01 Sequence Action Result Change to the "F-Parameters" tab. 8 Here, you can change the following parameters or accept the default settings: - Basis for the PROFIsafe addresses - Number range for F-data blocks - Number range for F-function blocks - Amount of local data used by the F-system. Leave the default values for our example. The dialog box appears as follows: Note: F-blocks are automatically added during the compilation of the safety program to ensure that it is runtime capable. You must reserve a range of numbers for the automatically added F-blocks. Use the default settings for our example. If the configured band of numbers is insufficient, S7 Distributed Safety signals this with an error message. You must then increase the size of the number band accordingly. 9 Click "OK" to confirm. S7 Distributed Safety A5E00320726-01 The message window closes. 9 Sequence Action Result Change to the "Cyclic Interrupts" tab and set the call time for the cyclic interrupt OB 35 to 50 ms. 10 (The safety program is called and run at fixed time intervals in the cyclic interrupt OB.) The dialog box should now appear as follows: 11 Click "OK" to confirm. The dialog box "Properties CPU 315F-2 DP” closes. The configuration of the F-CPU is now completed. 10 S7 Distributed Safety A5E00320726-01 Step 3: Configuration of an ET 200S Distributed I/O System Using HW Config Sequence Action 1 In the "Hardware Catalog” window, select the ”Standard” hardware profile from the "Profile” pull-down list. 2 Drag and drop the IM 151-1 HIGH FEATURE interface module from the hardware catalog (PROFIBUS DP\ET 200S) onto the PROFIBUS subnet in the HW Config window. Enter "3" as the address. The dialog box should now appear as follows: 3 Result A dialog box opens for setting the PROFIBUS interface properties. Close the dialog box with "OK". You have now set up a DP station with the address 3 on PROFIBUS subnet "(1)". 4 Double-click on the IM 151-1 HIGH FEATURE in the configuration window to set the properties of the interface module. The dialog box "Properties - DP slave” opens. 5 Confirm your settings with "OK". The dialog box "Properties - DP slave” closes. 6 Drag and drop a PM-E 24-48 V DC power module from the hardware catalog to slot 1 of the IM 151-1 HIGH FEATURE interface module. The configuration of the IM1511 HIGH FEATURE is now completed. Required path: 1.) \PROFIBUS DP\ET200S\IM151-1 HIGH FEATURE\PM S7 Distributed Safety A5E00320726-01 11 Step 4: Configuration of an F-DI Module for Connecting an Emergency Stop Switch and the Position Switches for Monitoring a Safety Door Sequence Action 1 Result Drag and drop a 4/8 F-DI DC24V fail-safe digital input module from the hardware catalog to slot 2 of the ET 200S. Required path: 1.) \PROFIBUS DP\ET200S\IM151-1 HIGH FEATURE\DI (6ES7 138-4FA01-0AB0) 2 3 Double-click on the 4/8 F-DI DC24V in the configuration window to set the properties of the input module. Select the "Addresses" tab. Leave the default address "0" for our example. The dialog box appears as follows: The dialog box "Properties - 4/8 F-DI DC24V” opens. Note: If you wish to change the values, you need to ensure that the start addresses of the input and output data range are assigned identical values. 12 S7 Distributed Safety A5E00320726-01 Sequence Action Result Change to the "Parameter" tab. Here, you can change the following parameters or accept the 4 default settings: - F-parameters (PROFIsafe parameters) - Module parameters (global module parameters) - Channel-specific parameters. In our example, channels 0 and 4 should be connected to a two-channel emergency stop switch (emergency stop). Make the following settings (as highlighted in the figure): Note about "F-Parameters": The PROFIsafe addresses must be unique throughout the network and for all stations. The addresses are assigned automatically to prevent incorrect assignment of parameters. The PROFIsafe destination address must be set per DIL switch on the F-module. The PROFIsafe source address is assigned by the F-CPU ("Base for PROFIsafe addresses" Fparameter). A valid current safety message frame must be received by the F-CPU within the fail-safe monitoring time. Otherwise, the fail-safe module goes to the safe state. The fail-safe monitoring time must be set high enough for the message frame delay to be tolerated on the one hand, and low enough for the process to react as fast as possible and without impairment when an error occurs on the other. The calculation table 'S7cotia.xls‘ can aid you in determining the optimal time. This file is available on the Internet: http://www4.ad.siemens.de/ww/view/de/ under the contribution ID 19138505. Leave the default settings for the F-parameters unchanged for our example. Note about "Module parameters": For a cyclic short-circuit test, you have to use the internal sensor supplies for all sensors connected to the F-module and deactivate any unused channels. Otherwise, errors will be detected on these channels. Leave the default settings for the module parameters unchanged for our example. Note about "Channel x, y" parameters: The "evaluation of the sensors" and "type of sensor interconnection" should be configured according to the sensor wiring. The sensor wiring and the safety quality of the sensor are decisive for the safety class that can be achieved. Deactivate the channels that are not used. Note about "1oo2 evaluation", "Behavior at discrepancy" and "Discrepancy time" (see highlight in figure): The "Discrepancy time" configure here starts when different levels (or same levels with nonequivalence testing) are detected for two associated input signals ("1oo2 evaluation” of the sensor). When discrepancy time expires within the module and depending on the configuration of the discrepancy response, the "last, valid value" or "0" from the affected input channel is made available to the F-CPU. S7 Distributed Safety A5E00320726-01 13 Sequence Action Result In our example, channels 1 and 5 should be connected to the position switches for monitoring a 5 two-channel safety door. Make the following settings (as highlighted in the figure): 6 Deactivate the unused channels 2, 6 and 3, 7 by unmarking the "Activated" check boxes and confirm your changes with "OK". A message window opens informing you that the safety program must be compiled again due to your change. 7 Click "Close" to confirm. The message window closes. 8 Confirm your settings with "OK". The dialog box "Properties - 4/8 F-DI DC24V” closes. The configuration of the F-input module is now completed. 14 S7 Distributed Safety A5E00320726-01 Step 5: Configuration of an F-DO Module for Connecting a Motor Sequence Action 1 Result Drag and drop a 4 F-DO DC24V / 2A fail-safe digital input module from the hardware catalog to slot 3 of the ET 200S. Required path: 1.) \PROFIBUS DP\ET200S\IM151-1 HIGH FEATURE\DO (6ES7 138-4FB01-0AB0) 2 Double-click on the 4 F-DO DC24V / 2A in the configuration window to set the properties of the output module. 3 Select the "Addresses” tab (See F-DI Configuration above). The dialog box "Properties 4 F-DO DC24V / 2A” opens. Leave the default address "6" for our example. 4 Note: If you wish to change the values, you need to ensure that the start addresses of the input and output data range are assigned identical values. Change to the "Parameter" tab. Here, you can change the following parameters or accept the default settings: - F-parameters (PROFIsafe parameters) - Channel-specific parameters. In our example, a motor should be indirectly switched on channel 0 through two contactors. Make the following settings (as highlighted in the figure): Note about "F-Parameters": See Step 4. Leave the default settings for the F-parameters unchanged for our example. Note about "DO channel x" parameters: Each output channel has its own configurable readback time. This time specifies the maximum duration of the shutdown test for the corresponding channel and it therefore also specifies the readback time for the shutdown cycle of the channel. You use a wire break test for monitoring the connection of the output to the load. S7 Distributed Safety A5E00320726-01 15 Sequence Action Result 5 Deactivate the unused DO channels 1, 2 and 3 and confirm your A message window opens changes with "OK". informing you that the safety program must be compiled again due to your change. 6 Click "Close" to confirm. The message window closes. 7 Confirm your settings with "OK". The dialog box "Properties 4 F-DO DC24V / 2A” closes. The configuration of the Foutput module is now completed. Step 6: Configuration of a Standard DI Module for User Acknowledgment and the Feedback Loop Sequence Action 1 Result Drag and drop a PM-E 24 V DC power module from the hardware catalog to slot 4 of the standard DI module. Note: The power module has to be configured because a combination of F-DI / F-DO modules and standard DI / DO / FM modules is not allowed within a voltage group for AK6/SIL3/Cat.4 applications. A new voltage group must always begin with a power module. 2 Drag and drop a 2DI 24 V DC ST digital electronic module from The configuration of the the hardware catalog to slot 5 of the ET 200S for non-safe electronic module 2DI 24 V DC signals (user acknowledgment and feedback loop) and set the ST is now completed. start address to "11" for our example (same procedure as for the standard program). Required path: 1.) \PROFIBUS DP\ET200S\IM151-1 HIGH FEATURE\DI Step 7: Configuration of a SIGUARD LS4-4/P1 Laser Scanner (fail-safe DP standard slave) Sequence Action 1 In the "Hardware Catalog” window, select the ”Standard” hardware profile from the "Profile” pull-down list . 2 Drag and drop a laser scanner (for example, "SIGUARD Laser Scanner LS4-4/P1") from the hardware catalog (PROFIBUS DP\Additional Field Devices\General) into the window of HW Config. 3 4 16 Note: The GSD file for the laser scanner must be already installed on the PG/PC. Enter "4" as the address and confirm with "OK". You have now configured a DP station with address 4 on the PROFIBUS subnet "(1)" (See Step 3, IM 151-1 Configuration). Select the laser scanner in the configuration window and double-click in the line of the laser scanner below in the detail view to set its properties. Result A dialog box opens for setting the PROFIBUS interface properties. The dialog box "Properties PROFIBUS Interface” closes. The dialog box "Properties - DP slave” opens. S7 Distributed Safety A5E00320726-01 Sequence Action 5 Result Select the "Address/ID" tab. Leave the default address "12" for our example. Note: If you wish to change the values, you need to ensure that the start addresses of the input and output data range are assigned identical values. 6 Change to the "PROFIsafe" tab and make the following settings: 1.) Select the "F_Dest_Add" parameter, click on the "Change value" button and enter (500 + DP address =) "504". Close the dialog box with "OK". 2.) Select the "F_WD_Time" parameter, click on the "Change value" button and enter a value in ms for the F-monitoring time in the fail-safe DP standard slaves, for example, "150". The dialog box should now appear as follows: Note about F_WD_Time: A valid current safety message frame must be received by the F-CPU within the fail-safe monitoring time. The fail-safe monitoring time must be set high enough for the message frame delay to be tolerated on the one hand, and low enough for the process to react as fast as possible and without impairment when an error occurs on the other. The "F_WD_Time" parameter can be set in 1 ms increments. The range of the "F_WD_Time" parameter is specified by the device database file (*.GSD file). 7 Confirm your change with "OK". A message window opens informing you that the safety program must be compiled again due to your change. 8 Click "Close" to confirm. The message window closes. 9 Confirm your settings with "OK". The dialog box "Properties DP slave” closes. The configuration of the SIGUARD LS4-4/P1 laser scanner is now completed. S7 Distributed Safety A5E00320726-01 17 Step 8: Save, Compile and Download the Hardware Configuration Sequence Action Result 1 Close the hardware configuration by calling the menu command Your project is compiled. Station > Save and Compile. 2 Transfer the configuration when the F-CPU is in STOP with the menu command PLC > Download to Module. The "Select Station Address” dialog box opens. 3 Select the F-CPU and confirm with "OK". The data are transferred from the PG to the F-CPU. You have now finished configuration of the hardware for the tasks involved in the example. Summary: Configuration of the Hardware Up until now, you have used HW Config to configure: • CPU 315F-2 DP • Distributed I/O system ET 200S with: - Interface module IM 151-1 HIGH FEATURE - Fail-safe digital input module ET 200S for connecting an emergency stop switch and the position switches for monitoring a safety door - Start addresses of the output and input data ranges: both 0 - Channels 0 and 4 for emergency stop - Channels 1 and 5 for safety door position switches - Fail-safe digital output module ET 200S for connecting a motor - Start address of the output and input data ranges: both 6 - Channel 0 for indirect switching of a motor through two contactors - Digital standard electronic module ET 200S for user acknowledgment and feedback loop - Start address: 11 • Laser scanner for area monitoring (fail-safe DP standard slave) - Start address of the output and input data ranges: both 12. Now you are ready to program the safety program. 18 S7 Distributed Safety A5E00320726-01 Programming the Safety Program F-I/O Data Blocks For each compilation in HW Config, an "F-I/O DB" is automatically created for each F-I/O and a symbolic name is entered for it in the symbol table. You can view the F-I/O DBs generated for the example I/O in the block container. These are the F-data blocks DB 819, DB 820 and DB 821. The symbolic name of the F-I/O DB is made up of the fixed prefix "F," the start address of the F-I/O, and the names (maximum 17 characters) entered in the F-I/O object properties in HW Config. Symbolic name in our example: - "F00000_4_8_F_DI_DC24V": fail-safe digital input module 4/8 F-DI DC24V (= DB 819) - "F00006_4_F_DO_DC24V_2A": fail-safe digital output module 4 F-DO DC24V / 2A (= DB 820) - "F00012_196": SIGUARD LS4-4/P1 laser scanner (= DB 821). You can access the variables of the F-I/O DB with "fully qualified DB access" (that is, by specifying the symbolic name of the F-I/O DB and by specifying the name of the variable). F-Shared DB The "DB 818" in the block container of our example is "F-Shared-DB". The F-shared data block is a fail-safe block that is automatically inserted and contains all of the shared data of the safety program and additional information needed by the F-system. Procedure In our example, a fail-safe block should be programmed with a safety door function, an emergency stop function (safety circuit for shutdown when an emergency stop occurs, when the safety door is open or when someone enters the protected area monitored by the laser scanner), a feedback loop (as restart protection when there is an incorrect load) and user acknowledgment for the reintegration. The block should then compiled to a safety program. Inputs and outputs in the safety program Following the configuration of the hard as described in steps 1 to 8, the following fail-safe I/O DBs are available for programming the example safety program: Configured Hardware Fail-safe digital input module 4/8 F-DI DC24V (6ES7 138-4FA01-0AB0) Fail-safe digital output module 4 F-DO DC24V / 2A (6ES7 138-4FB01-0AB0) Digital electronic module 2DI 24 V DC ST SIGUARD LS4-4/P1 laser scanner S7 Distributed Safety A5E00320726-01 Start Symbolic name add. 0 F00000_4_8_F_DI_DC24V F-I/O DB DB 819 6 F00006_4_F_DO_DC24V_2A DB 820 11 12 F00012_196 DB 821 19 Specify symbolic names for the fail-safe input and outputs (as you do in the standard program). In our example, these are: Inputs and outputs in the safety program Symbolic name I0.0 for emergency stop Emergency stop I0.1 for safety door position switch Safety door contact 1 I0.5 for safety door position switch Safety door contact 2 Q6.0 for motor starter Load I11.0 for acknowledgment Ack. button I11.1 for feedback loop Feedback loop Q12.0 for protected area control LS4_Protected_field_bit_0 Q12.1 for protected area control LS4_Protected_field_bit_1 Q12.2 for protected area control LS4_Protected_field_bit_2 I12.7 for safe shutdown LS4_OSSD Note: Adhere to the rules for creating the program structure as described in the chapter "Defining the Program Structure" of the S7 Distributed Safety, Configuring and Programming manual. 20 S7 Distributed Safety A5E00320726-01 Step 9: Creating an F-FB with the F-FBD Programming Language Sequence Action 1 2 3 Result Insert a F-FB. Open the block container of the The dialog box "Properties SIMATIC Manager and select the menu command Insert > S7 Function Block” opens. Block > Function Block. You can also use the "Insert New Object" shortcut menu. In the "General - Part 1" tab, enter a name for the F-FB (for example, "FB100"). Select "F-FBD" as the programming language. The dialog box should now appear as follows: Close the dialog box with "OK". S7 Distributed Safety A5E00320726-01 The F-FB is generated in the block container and highlighted with a yellow background. 21 Step 10: Edit and Save the F-FB in the FBD Editor Sequence Action Result 1 Double-click on the F-FB in SIMATIC Manager. The dialog box for assigning a password for the safety program opens. 2 Enter (2x) a max. 8-digit password for the safety program, for example, "pw_fprog". The FBD/LAD Editor opens, see figure below. 3 Note: The F-FBD and F-LAD programming languages correspond in principle to the standard FBD/LAD languages. The standard FBD/LAD editor in STEP 7 is used for programming. The primary differences between the F-FBD and F-LAD programming languages and their standard counterparts are limitations in the operation set and the data types and the address areas that can be used (see S7 Distributed Safety, Configuring and Programming manual). The following are displayed in the F-Program Elements Catalog: • Supported operations • F-FBs and F-FCs from the block container of your S7 program • F-blocks from F-libraries, e.g., F-application blocks of Distributed Safety F-library (V1), for safety door monitoring etc. • Multiple instances. 22 S7 Distributed Safety A5E00320726-01 Sequence Action Assign special colors for non-safe data in the F-block. 4 Result To do this, select the menu command Options > Customize, open the "View" tab, press the "Select" button and select a "Background Color"; In our example, this is 'light blue' (as highlighted in the figure below). 5 Confirm your change with "OK". S7 Distributed Safety A5E00320726-01 The "Customize” dialog box closes. Now non-safe data will be highlighted in light blue in the safety program. 23 Step 11: Programming the Safety Door Function Sequence Action Result 1 Insert the following statical variable for the F-FB: 2 - "EN_Safety_door" (enable safety door). Insert an FB 217 "F_SFDOOR" (safety door monitoring) into the fail-safe application block from the F-application blocks container and supply the inputs and outputs as shown in the figure below. The non-safe "Acknowledgment button" signal in the standard program has a light blue background. Connect the FB 217 Inputs/outputs Parameters I0.1 IN1 I0.5 IN2 DB819.DBX2.1 QBAD_ IN1 Data type BOOL BOOL BOOL DB819.DBX2.1 QBAD_ IN2 BOOL DB818.DBX36.4 OPEN_NEC BOOL DB818.DBX36.4 ACK_NEC BOOL I11.0 #EN_ Safety_door ACK BOOL Description Default Input 1 Input 2 QBAD signal from the F-I/O DB of the input IN1* QBAD signal from the F-I/O DB of the input IN2* Fully qualified access to Variable RLO1 from F-shared DB** Fully qualified access to Variable RLO1 from F-shared DB** User acknowledgment (per button) Q ACK_REQ DIAG BOOL BOOL BYTE Output (enable safety door) Acknowledgment request Service information 0 0 0 0 1 1 0 0 0 B#16#0 * = Both the inputs QBAD_IN1 and QBAD_IN2 must be interconnected. In our example, they are interconnected to the QBAD signal from the F-I/O DB of the 4/8 F-DI to which the safety door position switches are connected. You can see the block number of the F-I/O DB from the symbolic name in the symbol table or in the SIMATIC Manager. ** = OPEN_NEC: 1 = Opening required at startup / ACK_NEC: 1 = Acknowledgment necessary. 24 S7 Distributed Safety A5E00320726-01 Sequence Action Result Note: If you require Boolean constants "0" and "1" in your safety program to assign parameters during block calls, you can access the "RLO0" and "RLO1" variables in the F-shared DB using fully qualified DB access. In our example, the F-shared DB in the block container has the number "DB 818" ("F_GLOBDB".VKE1). Note: In fail-safe programming, you cannot interconnect, supply with "0" or evaluate the enable input EN or the enable output ENO. 3 Save the F-FB and confirm the message with "Yes". The F-block is subjected to a consistency test and saved once it completes the test successfully. The programming of the safety door function is now completed. Step 12: Programming the Emergency Stop Function Sequence Action 1 Result Insert the following statical variables for the F-FB: - "EN_Safety_circuit" (enable safety circuit) and - the auxiliary memory bits "AMB01" and "AMB02". 2 3 Insert a new network. Insert the required operations from the program element catalog ("Bit Logic") and supply the inputs and outputs as illustrated in the figure. The non-safe "Acknowledgment button" signal in the standard program has a light blue background. 4 Save the F-FB. The F-block is subjected to a consistency test and saved once it completes the test successfully. The programming of the emergency stop function (shutdown at emergency stop, open safety door, violation of the laser scanner's protected area ) is now completed. S7 Distributed Safety A5E00320726-01 25 Step 13: Programming the Feedback Loop Monitoring Sequence Action Result 1 Open the F-Library Distributed Safety (V1) and copy the Fapplication block F_TOF (FB 186) from the F-Application Blocks\Blocks block container into the block container of your S7 program. 2 Insert a new network. Insert an FB 216 "F_FDBBACK" (feedback loop monitoring) into the fail-safe application block from the F-application blocks container and supply the inputs and outputs as shown in the figure below. 3 The block container of your S7 program contains the Fapplication block F_TOF (FB 186). The non-safe signals in the standard program have a light blue background. Connect the FB 216 Inputs/outputs Parameters M10.0 ON I11.1 FEEDBACK DB820.DBX2.1 QBAD_FIO Description Default 1=activate output 0 Readback input 0 QBAD signal from F-I/O 0 DB of output Q* DB818.DBX36.4 ACK_NEC BOOL Fully qualified access to 1 variable RLO1 from F-shared DB** I11.0 ACK BOOL User acknowledgment (per button) 0 T#500MS FDB_TIME TIME Readback time T#0 ms Q6.0 Q BOOL Output 0 ERROR BOOL Readback error 0 ACK_REQ BOOL Acknowledgment request 0 DIAG BYTE Service information B#16#0 * = In our example, this is the QBAD signal from the F-I/O DB of the F-DO to which the load is connected (the contactors). You can see the block number of the F-I/O DB from the symbolic name in the symbol table or in the SIMATIC Manager. ** = ACK_NEC: 1 = acknowledgment required. 26 Data type BOOL BOOL BOOL S7 Distributed Safety A5E00320726-01 Sequence Action Result Note: If you require Boolean constants "0" and "1" in your safety program to assign parameters during block calls, you can access the "RLO0" and "RLO1" variables in the F-shared DB using fully qualified DB access. In our example, the F-shared DB in the block container has the number "DB 818" ("F_GLOBDB".VKE1). Note: In fail-safe programming, you cannot interconnect, supply with "0" or evaluate the enable input EN or the enable output ENO. 4 Save the F-FB. The F-block is subjected to a consistency test and saved once it completes the test successfully. The programming of the feedback loop monitoring is now completed. Step 14: Programming the Selection of the Laser Scanner Protection Area Sequence Action 1 Result 2 Insert a new network. Insert the required operations from the program element catalog ("Bit logic") and supply the inputs and outputs as illustrated in the figure. 3 Save the F-FB. The F-block is subjected to a consistency test and saved once it completes the test successfully. The programming for the selection of the laser scanner protection area is now completed. S7 Distributed Safety A5E00320726-01 27 Step 15: Programming the User Acknowledgment for Reintegration of the F-I/O Sequence Action 1 Result Insert the following statical variable for the F-FB: - auxiliary memory bit "AMB03". 2 3 Insert a new network. You need to provide a user acknowledgment for each F-I/O in your safety program for the reintegration through the ACK_REI variable of the respective F-I/O DB as shown in the figure below. The non-safe "Acknowledgment button" signal in the standard program has a light blue background. Symbolic name in our example: - "F00000_4_8_F_DI_DC24V": fail-safe digital input module 4/8 F-DI DC24V (= DB 819) - "F00006_4_F_DO_DC24V_2A": fail-safe digital output module 4 F-DO 24 V DC / 2A (= DB 820) - "F00012_196": SIGUARD LS4-4/P1 laser scanner (= DB 821). Note: A user acknowledgment with a positive edge at the ACK_REI variable of the F-I/O DB is required for the reintegration of the F-I/O (i.e. for switching from fail-safe values (0) to process data) after an error is corrected: - After every communication error - After F-I/O errors or channel errors when the parameter ACK_NEC = 1. 4 Save the F-FB and ensure that no errors have occurred by checking the "Error" output window of the FBD/LAD Editor. The F-block is subjected to a consistency test and saved once it completes the test successfully. The programming of the user acknowledgment is now completed. 5 28 Close the F-FB and the FBD/LAD Editor. You have programmed the functionality for the task involved in the example and can now specify the F-runtime group. S7 Distributed Safety A5E00320726-01 Step 16: Specify the F-Runtime Group Sequence Action Result In the SIMATIC Manager, select the Options > Edit Safety Program menu command. The 1 "Safety Program" dialog box appears. 2 Click on the "Runtime Groups..." button. Note: F-blocks must not be called directly in an OB; rather, they must be inserted into one (or two) F-runtime groups. S7 Distributed Safety A5E00320726-01 The dialog box "Edit F-Runtime Groups” opens. 29 Sequence Action Result Click on the "New..." button to open the "Define New F-Runtime Group" dialog box. 3 Make the following settings for the F-runtime group: • Enter "FC100" as the F-CALL call block for the new F-runtime group. This FC is automatically created as soon as you exit the "Edit F-Runtime Groups" dialog with "OK." • Define the F-program block of the F-runtime group by selecting the previously programmed FFB from the drop-down list that you want to define as the F-program block for the F-runtime group, "FB100" in our example. • Since the F-program block is a function block in our example, assign an instance DB to it (for example, "DB 100"). This I-DB is automatically created as soon as you exit the "Edit FRuntime Groups" dialog with "OK." • Set the maximum cycle time of the F-runtime group to "100 ms". The dialog box should now appear as follows. Note: The F-CALL is the F-block for calling the F-runtime group from the standard user program. The F-CALL includes the call for the F-program block and the calls for the automatically added Fblocks of the F-runtime group. You create the F-CALL, but you cannot edit it. Note: The F-program block is an F-FC or F-FB (with instance DB) that becomes the F-program block when assigned to the F-CALL. You can do the following in the F-program block: • Program the safety program with F-FBD or F-LAD • Call other created F-FBs/F-FCs for structuring the safety program • Insert F-blocks from the F-Application Blocks block container from the Distributed Safety Flibrary (V1) • Insert F-blocks from "custom F-libraries" The user defines the call sequence of the F-blocks within the F-program block. Close the dialog box with "OK". 30 S7 Distributed Safety A5E00320726-01 Sequence Action Result You return to the "Edit F-Runtime Groups” dialog which now appears as follows: 4 Close the dialog box with "OK". 5 6 A message window opens asking if you wish to create any other The remaining blocks are blocks that are still needed. In our example, these are the Fcreated and saved. The message window then closes. CALL ("FC100") and the I-DB for the F-program block ("DB 100"). Confirm by clicking on "Yes". You return to the "Safety Program” dialog which now appears as follows: The safety program has now been created but has not yet been compiled. The collective signature of all F-blocks with the F-attribute in the block container and the collective signature of the safety program differ (as highlighted in the figure). S7 Distributed Safety A5E00320726-01 31 Step 17: Compile the Safety Program Sequence Action 1 Click on the "Compile" button in the "Safety Program" dialog. A consistency test is performed on the F-blocks involved in the runtime when the safety program is compiled, in other words the safety program is checked for errors. Any error messages are output in an error window. Once the consistency test is successfully completed, the additionally required F-system blocks are generated automatically and inserted into the runtime group to create an executable safety program. Result Following a successful compilation, the block container always contains a consistent safety program composed entirely of F-blocks with the Fattribute. See figure below. 2 The collective signature of all F-blocks with the F-attribute of the block container and the collective signature of the safety program must match (as highlighted in the figure); in other words, a consistent and executable safety program has been generated. Click "Close" to confirm. The "Safety Program” dialog box closes. 32 S7 Distributed Safety A5E00320726-01 Step 18: Call the Safety Program in the Cyclic Program Sequence Action 1 Result The safety program is accessed by calling F-CALL from the standard user program. Call the FCALL in the cyclic interrupt OB 35 as shown in the figure. Note: You need to insert the cyclic interrupt OB 35 beforehand in the SIMATIC Manager. Note: Cyclic interrupt OBs have the advantage of interrupting the cyclic program execution in OB1 of the standard user program at fixed time intervals; that is, a safety program is called and executed at fixed time intervals in a cyclic interrupt OB. Once the safety program is executed, the standard user program resumes. 2 Save and close OB 35. S7 Distributed Safety A5E00320726-01 The block is saved. 33 Step 19: Download the Complete Safety Program to the F-CPU and Activate the Safety Mode Sequence Action 1 In the SIMATIC Manager, select the Options > Edit Safety Program menu command. 2 Activate the "Download" button. 3 Result The "Safety Program" dialog box appears. All F-blocks with the F-attribute belonging to the safety program are identified and downloaded to the F-CPU. A note is displayed offering you the option of downloading the standard user program in addition to the safety program. Confirm by clicking on "Yes". Note: If you are downloading F-blocks only, the block in which the F-CALL block is called (cyclic interrupt OB35 in our example) is not downloaded. You then have to download this OB the same way as for a standard program. Note: To download the entire safety program, the F-CPU has to be in STOP mode. 4 In the "Safety Program" dialog box, select the "Offline" and "Online" option buttons in turn to check whether the collective signatures of all F-blocks with F-attribute in the block container match offline and online. If they match, downloading was successful. If not, repeat the download operation. 5 To activate safety mode, switch the F-CPU from STOP to RUN mode. You have now finished creating the safety program for the tasks involved in the example. Note: Once a safety program has been created, you need to perform a full function test for your automation tasks (see S7 Distributed Safety, Configuring and Programming manual). 34 S7 Distributed Safety A5E00320726-01 Appendix 1: Modifying the Safety Program Sequence Action Result Change the example safety program so that no user acknowledgment is required for an OSSD 1 signal (Output Signal Switching Device) from the laser scanner. To do this, program the emergency stop function (Network 2) as shown in the figure. Note: Changes to the safety program during operation (in RUN mode) can only be made in deactivated safety mode. You make changes to F-blocks offline in FBD/LAD Editor in the same way as for a standard program. F-blocks cannot be modified online. Refer to the corresponding chapter describing how to modify and test the safety program and deactivate the safety mode in the S7 Distributed Safety, Configuring and Programming manual. 2 Save the F-FB. S7 Distributed Safety A5E00320726-01 The F-block is subjected to a consistency test and saved once it completes the test successfully. 35 Sequence Action Result In the SIMATIC Manager, select the Options > Edit Safety Program menu command. 3 The "Safety Program" dialog box appears. Note: You have changed and saved an F-block of the safety program and therefore created an inconsistent safety program. In other words, the collective signature of all F-blocks with the Fattribute in the block container and the collective signature of the safety program differ (as highlighted in the figure). 4 Note: You must deactivate safety mode of the safety program to download changes to the safety program in RUN mode. Safety mode remains deactivated until F-CPU is next switched from STOP to RUN mode. Another prompt will appear. This prompt contains the collective signature of the safety program in the F-CPU. Check to see whether "Safety mode activated" is indicated as the "Current mode". If it is, activate the "Safety mode" button and enter the password for the safety program. 5 Confirm the prompt to deactivate safety mode with "OK." ! 6 7 36 Safety mode will be deactivated. Warning Deactivation of safety mode is intended only for test purposes, commissioning, etc. Whenever safety mode is deactivated, the safety of the system must be ensured by other organizational measures, such as operation monitoring and manual safety shutdown. Download the modified F-FB from the FDB/LAD Editor to the F- The F-FB is loaded in the FCPU (same procedure as for the standard program). CPU. Test the changes to the system or view the "Program status Once the test is successfully online". completed, continue by compiling the safety program. S7 Distributed Safety A5E00320726-01 Sequence Action Result To apply the changes to the safety program and get a consistent safety program again, press the 8 "Compile" button. The dialog box should now appear as follows. The collective signature of all F-blocks with the F-attribute of the block container and the collective signature of the safety program must match; in other words, a consistent and executable safety program has been generated (as highlighted in the figure). 9 Click on the "Download" button to download the modified safety All F-blocks with the F-attribute program to the F-CPU. belonging to the safety program are identified and downloaded to the F-CPU. 10 In the "Safety Program" dialog box, select the "Offline" and "Online" option buttons in turn to check whether the collective signatures of all F-blocks with F-attribute in the block container match offline and online. If they match, downloading was successful. If not, repeat the download operation. 11 To activate safety mode, switch the F-CPU from STOP to RUN mode. You have now finished adapted the safety program for the modified task (see Sequence 1 above). Note: After creating a safety program, you must perform a full function test for your automation tasks. After modifying a safety program that has already be fully tested, it is sufficient to only test the modifications (see S7 Distributed Safety, Configuring and Programming manual). S7 Distributed Safety A5E00320726-01 37 Appendix 2: Acceptance Support for the Safety Program Sequence Action 1 Note: The documentation of the safety program is part of the acceptance documents in accordance with machine guidelines or IEC 61508 for the process industry and correspondingly applied standards. Print out the safety program for the acceptance. Proceed as follows: 1.) Activate the "Offline" button in the "Safety Program" dialog in order for the signature of the symbols to be included in the footer of the offline safety program printout. 2.) Click on the "Print" button in the "Safety Program" dialog. 3.) Activate all four check boxes in the "Print Safety Program" dialog. Result The "Print Safety Program” dialog box opens. 4.) Click "OK" to confirm. 5.) Select "All" for the print range of the "Hardware Configuration" and mark the option "With parameter description. Confirm with "OK". The safety program is printed. Note: You need to archive all four printouts and logs of the function tests. 2 3 38 Check the printout. The collective signatures in the footer of the printout (each with the collective signature of all F-blocks with an F-attribute in the block container and signature of the symbols) must match in all four printouts. Activate the "Online" option to run a check in the "Safety Program" dialog (the safety program must be loaded): The online collective signature of all F-blocks with F-attribute in the block container must match those in the accepted offline printout and no unused F-CALL may be present in the online safety program. Note: Additional important notes and instructions about acceptance of the safety program are available in the S7 Distributed Safety, Configuring and Programming manual. If these checks reveal any deviations or errors, recompile the safety program and perform the acceptance procedure again. S7 Distributed Safety A5E00320726-01 Appendix 3: Typical Configuration and Programming Mistakes and the Causes Type Error Possible Cause / Remedy Configuration F-blocks cannot be downloaded to the F-CPU. error F-CPU parameter "CPU contains safety program" in the "Protection” tab is not activated. Configuration SF LED on the F-module lights when the safety program is error not loaded. ET 200M: System property Configuration - SF-LED on the F-module lights and error - TIMEOUT error in the DIAG byte of the F-I/O DB Monitoring time of the F-module ≤ cycle time of the F-CALL. Configuration - SF-LED on the F-module lights and error - CRC error in the DIAG byte of the F-I/O DB ET 200S: The PROFIsafe address set on the DIL switch does not match the one set in HW Config. - Loaded safety program does not match the one loaded in HW Config. - Safety program is inconsistent. - PIQ/PII of the F-module was overwritten by the standard user program. Configuration - SF-LED on the F-DI module lights and error - module reports short-circuit Sensor connection does not match configuration, for example: - Only one switching contact is connected to a channel with 1oo2 evaluation - A sensor with non-equivalence contacts is connected to a channel configure for "twochannel equivalence". - Two switching contacts of a single-channel or two-channel non-equivalence sensor are supplied via VS1 and VS2 Programming After an F-block is edited and saved, the block cannot be Check for any programming or error closed and the message "The block was not saved" appears. syntax errors in the "Error" detail tab of the FBD/LAD Editor. Programming F-PIQ/PII has not been updated. error F-CALL is not called in the cyclic OB3x. F-module has been passivated. Evaluate the QBAD and DIAG byte parameters in the respective F-I/O DB. Programming F-CPU goes to STOP due to data corruption in the safety program. error - F-CALL is called more than once in the cyclic program. - The standard user program is writing to F-DB addresses. - Undeclared TEMP variables are being used in the safety program. - Memory bits are being read in the safety program that are changing during the processing of the F-CALL, for example, clock memory bits. - Overflow during INT operations has not been checked. S7 Distributed Safety A5E00320726-01 39 40 S7 Distributed Safety A5E00320726-01 Your Address: Name: Siemens AG Company: A&D AS SM ID Postfach 1963 D-92209 Amberg Position: Street: Postal code / Place: Telefax: +49(9621)80-3103 mailto:doku@ad.siemens.de Email: Phone: Fax: Your Feedback as regards the S7 Distributed Safety (Version 10/2004) Dear SIMATIC user, Our goal is to provide you information with a high degree of quality and usability, and to continuously improve the SIMATIC documentation for you. To achieve this goal, we require your feedback and suggestions. Please take a few minutes to fill out this questionnaire and return it to me by Fax, e-mail or by post. We are giving out three presents every month in a raffle among the senders. Which present would you like to have? SIMATIC Manual Collection Automation Value Card Laser pointer Dr. Thomas Rubach, Head of Information & Documentation General Questions 1. Are you familiar with the SIMATIC Manual Collection? 3. Do you use Getting Starteds? yes yes no no if yes, which: 2. Have you ever downloaded manuals from the internet? yes 4. no How much experience do you have with the S7 Distributed Safety? Expert Experienced user Advanced user Beginner SIMATIC S7 Distributed Safety: feedback for Version 10/2004 A5E00297771-02 Please specify the documents, for which you want to answer the questions below: A: Manual S7 Distributed Safety, Configuring and Programming D: Manual ET 200eco, Distributed I/O Fail-Safe I/O Module B: Manual S7-300, Fail-Safe Signal Modules E: System Description Safety Engineering in SIMATIC S7 F: Getting Started S7 Distributed Safety C: Manual ET 200S, Distributed I/O System Fail-Safe Modules 1. In which project phase do you use this document frequently? Were able to find the required information? yes Information Assembly Planning Commissioning Configuration Maintenance & Service no which was not: Programming 4. others: What is the scope of the information? Just right Not enough - which topic: 2. Finding the required information in the document: How quickly can you find the desired information in the document? Too detailed – which topic: immediately not at all after a brief search after a long search 5. Is the information easy to understand (texts, figures, tables)? yes no if no, which was not: Which search method do you prefer? Table of contents Index Full-text search others: 6. Are examples important to you? no, of less importance Which supplements/improvements would you like in order to help you find the required information quickly? yes, important –were the examples enough? yes no if no, on which topic: 3. Your judgement of the document as regards content. How satisfied are you with this document Totally satisfied not very satisfied Very satisfied not satisfied 7. What are your suggestions as regards the contents of the document? Satisfied Thank you for your cooperation SIMATIC S7 Distributed Safety: feedback for Version 10/2004 A5E00297771-02
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : Yes Has XFA : No XMP Toolkit : Adobe XMP Core 4.2.1-c043 52.372728, 2009/01/18-15:08:04 Producer : Acrobat Distiller 5.0.5 (Windows) Keywords : A5E00320726-01; Edition 10/2004 Create Date : 2004:11:02 08:44:41Z Modify Date : 2011:08:11 10:50:31+02:00 Metadata Date : 2011:08:11 10:50:31+02:00 Format : application/pdf Title : S7 Distributed Safety Description : Getting Started Creator : A&D AS SM ID Document ID : uuid:8b1f5163-f96f-407e-bde9-59429898a444 Instance ID : uuid:a1e9f6fa-8219-44a4-9d89-d598555f455f Page Mode : UseOutlines Page Count : 42 Author : A&D AS SM ID Subject : Getting StartedEXIF Metadata provided by EXIF.tools