In a previous article, we discussed some safety options from Rockwell for a safety PLC as well as industry standards such as IEC 61508 and SIL ratings.
In this article, I want to venture into the software side and take a look at a couple of the safety instructions you will find in a safety plc.
Image by Brandon Cooper
DCS – Dual Channel Input Stop:
The Dual-channel input stop instruction monitors dual-input safety devices whose main function is to stop a machine safely. This could be an emergency stop, light curtain or safety gate that is monitored for a safe position.
This instruction can only energize output 1 when both safety inputs (Channel A and Channel B) are in the active state as determined by the input type parameter and the correct reset actions are carried out.
Image by Brandon Cooper
- Safety Function – text name for how this instruction is being used. This parameter is for information only and does not affect the operation of the instruction.
- Input Type – there are two options – Equivalent – Active High: Inputs are in the active state when Channel A and Channel B inputs are 1. Complementary: Inputs are in the active state when Channel A is 1 and Channel B is 0.
- Discrepancy Time(ms) – the amount of time that the inputs can be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. The range is 5 – 3000ms.
- Restart Type – This input configures Output 1 for either Manual or Automatic Restart. Manual: A transition of the Reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1 Automatic: Output 1 is energized 50 ms after all enabling conditions are met.
- Cold Start Type – Specifies the Output 1 behavior when applying controller power or mode change to “Run”. Manual – Output 1 is not energized until the device is tested. Automatic – Output 1 is energized when the input status is valid and in active state.
- Channel A, Channel B – These are the two safety inputs to the instruction
- Input Status – If instruction inputs are from a safety I/O module, this is the status from the I/O module (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmer’s responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid.
- Reset – If Restart Type = Manual, this input is used to energize Output 1 once Channel A and Channel B are both in the active state. If Restart Type = Automatic, this input is not used to energize Output 1. OFF (0) -> ON (1): The FP (Fault Present) and Fault Code outputs are reset.
CROUT – Configurable Redundant Output:
The Configurable Redundant Output instruction controls and monitors redundant outputs. The reaction time for output feedback is configurable. The instruction supports positive and negative feedback signals.
Image by Brandon Cooper
- Feedback Type – defines the feedback ON and OFF states. Positive: – ON (1): Feedbacks ON / Outputs ON OFF (0): Feedbacks OFF / Outputs OFF Negative: -ON (1): Feedbacks OFF / Outputs ON OFF (0): Feedbacks ON / Outputs OFF
- Feedback Reaction Time – Specifies the amount of time the instruction waits for feedback 1 & 2 to reflect the state of Output 1 & 2 as specified by the feedback type. Valid range 5 – 1000ms
- Actuate – This input energizes or de-energizes Output 1 and Output 2. ON (1): Output 1 and Output 2 are energized if no faults exist. OFF (0): Output 1 and Output 2 are de-energized.
- Feedback 1 & Feedback 2 – Inputs are constantly monitored to make sure that they reflect the state of Output 1 & Output 2. When Output 1 & 2 transitions, these inputs must detect the transition within the Feedback Reaction Time.
- Input Status – If the instruction inputs are from safety I/O module, this is the status from the I/O module. If the inputs are from internal logic, then it is the application programmer’s responsibility to determine the conditions ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid.
- Output Status – This input indicates the output status of the I/O module or modules used by this instruction. ON (1): The I/O connection and the I/O module are operational. OFF (0): The module has a fault or the connection to the module has been lost.
- Reset – This input clears the instruction faults provided the fault condition is not present. OFF (0) -> ON (1): The FP and Fault Code outputs are reset.
- Outputs 1 & 2 – These outputs are typically used to control channel A & B of the output device. Outputs are de-energized when 1 or more of the following occurs: l A feedback fault occurs. l Input Status or Output Status inputs become invalid (OFF = 0). l The Actuate input turns OFF (0).
Industry has moved a long way, from the days with unguarded machinery and little engineering of safety into projects, to making safety the forefront of a project.
Machine-guarding, stops and prevention of entry into unsafe areas are now commonplace in industry and the need for automation of these systems is steady increasing.
If you have been previously unaware of or inexperienced with a safety plc, chances are, you will become acquainted with one in the future.
Hopefully, this article can be a piece of familiarity should you find yourself involved with a safety plc.
Written by Brandon Cooper
Senior Controls Engineer and Freelance Writer
- Getting to Know the PanelView 5510 HMI - May 11, 2021
- Example Application: Reading ControlLogix Tags into a Siemens S7-1200 - May 5, 2021
- How To Read and Write to ControlLogix Tags from a Siemens S7 PLC - May 4, 2021