HIMax Safety Manual - Tuv-fs.com

More documents

Recommendations

Info

3 Safety Concept for Using the PES HIMaxDefective modules can be replaced during operation. To do this, the defective module isremoved from the base plate, and a new module is inserted. The new module automaticallystarts operation. A new processor module assumes the user program from the redundantprocessor module and is thus quickly ready for operation.3.2 Time Parameters Important for SafetyThese are:• Fault Tolerance Time• Watchdog Time• Safety Time• Response Time3.2.1 Fault Tolerance Time (FTT)The fault tolerance time (FTT) is a property of the process and describes the span of timeduring which the process allows faulty signals to exist before the system state becomesdangerous. A dangerous state can result if the fault exists for longer than the FTT.3.2.2 Resource Watchdog TimeThe watchdog time is set in the dialog for configuring the resource properties. This time isthe maximum permissible duration of a RUN cycle (cycle time). If the cycle time exceedsthe preset watchdog time, the processor module adopts the error stop state.When determining the watchdog time, the following factors must be taken into account:• Time required by the application, e.g., the duration of a cycle in the user program.• Time required to manage the redundant processor modules.• Time required to perform a reload.The setting range for the watchdog time of the resource rangesfrom 2 ms to maximum 50 000 ms.The default setting is 200 ms.When setting the watchdog time, the following must apply: watchdog time ≤ ½ * safety timeThe watchdog time for a project is determined by a test on a complete system. During thetest, all the processor modules are inserted in the base plate. The system operates in RUNmode with full load.All communication links are operating (safeethernet and standard protocols).To determine the watchdog time1. Set the watchdog time high for testing.2 Use the system under the maximum load: In the process read the cycle time in theControl Panel and note the variations of the cycle time.3. Remove and re-insert the processor module. To do this, choose the processor modulethat is located furthermost from Slot 3 in Base Plate 0.4 In the diagnostic history, determine the synchronization time from n to n+1 processormodules.5 Calculate the watchdog time fromsynchronization time + 12 ms spare + spare for the noted variations of the cycle time.By this, a suitable value for the watchdog time is determined.Page 18 of 70HI 801 003 D Rev.2.0
HIMax3 Safety Concept for Using the PES3.2.3 Safety Time (of PES)The safety time is the maximum permissible time within which the PES must react to asafety requirement event. Safety requirement events include:• Changes in input signals from process• Faults occurring in the controllerIn HIMax controllers, the safety time can be set anywhere between 20 ms and 100 000 ms.Within the safety time of the controller, the self-test facilities detect whether there are anypotentially dangerous faults. They trigger predefined fault reactions that set the faultycomponents to a safe state.When determining the safety time, the effects of the following factors must be taken intoaccount:• With input modules, consider the following:Time-on/time-off delay settings for input channels:enter maximum delay time setting in μs + 4 ms• Noise blanking also needs time reserves.Choose a safety time that is long enough to account for the most significant factormentioned above, but still lower than the FTT of the process. It is important not to neglectthe sensor and actuator time parameters for the safety function.The safety time for the controller is:Safety time = 2 * watchdog time + reserve XIn the actual application, the user should measure reserve X by replacing a redundantprocessor module. Enter the average cycle time determined for the entire system as thereserve X into the above formula. This ensures maximum availability for the system.3.2.4 Response TimeAssuming that no delay results from the configuration or the user program logic, theresponse time of HIMax controllers running in cycles is twice the system cycle time.The cycle time of the controller consists of the following main components:• Input processing- Processing input data on input module- Reading process data from communication interfaces- Reading process data from input modules• Processing user program logic• Output processing- Writing process data to output modules- Writing process data to communication interfaces- Processing output data on output modules• Additional processing of final actions for reloading, additional processor modules, etc.3.3 Proof TestA proof test is a periodic test performed to detect any hidden faults in a safety-relatedsystem so that, if necessary, the system can be restored to a state where it can perform itsintended functionality.HIMA safety systems must be subjected to a proof test in intervals of 10 years. It is oftenpossible to extend this interval using the SILence calculation tool from HIMA to analyze theimplemented safety loops.HI 801 003 D Rev.2.0 Page 19 of 70
Page 1: SAFETYHIMax ®Safety Manual
Page 4 and 5: Table of contentsHIMax3.5 Certifica
Page 6 and 7: Table of contentsHIMax10.2.9 Accept
Page 8: 1 Safety Manual HIMax1.5 GlossaryTe
Page 12 and 13: 2 Intended Use HIMaxStandardEC/EN 6
Page 14 and 15: 2 Intended Use HIMax2.3.4 Power Sup
Page 16 and 17: 3 Safety Concept for Using the PES
Page 24 and 25: 4 Processor Modules HIMaxNOTESystem
Page 26 and 27: 5 System Bus Module HIMaxWARNINGPhy
Page 28 and 29: 6 Communication Module HIMax6 Commu
Page 30 and 31: 7 Input Modules HIMaxNOTICESystem m
Page 32 and 33: 7 Input Modules HIMax7.6 Checklists
Page 34 and 35: 7 Input Modules HIMax7.6.3 Checklis
Page 36 and 37: 7 Input Modules HIMax7.7 Safety-Rel
Page 38 and 39: 7 Input Modules HIMax7.8 Checklist
Page 40 and 41: 8 Output Modules HIMax8 Output Modu
Page 42 and 43: 8 Output Modules HIMaxIn this state
Page 44 and 45: 8 Output Modules HIMax8.7 Checklist
Page 46 and 47: 9 Software HIMax9 SoftwareThe softw
Page 48 and 49: 9 Software HIMax9.4 Resource Parame
Page 50 and 51: 9 Software HIMaxExample: A key swit
Page 52 and 53: 9 Software HIMaxThe user only need
Page 54 and 55: 10 User program HIMaxSensors (digit
Page 56 and 57: 10 User program HIMax10.2.5 Downloa
Page 58 and 59: 10 User program HIMax10.2.10 Checkl
Page 60 and 61: 11 Configuring Communication HIMaxN
Page 62 and 63: 11 Configuring Communication HIMaxF
Page 64 and 65: 11 Configuring Communication HIMaxP
Page 66 and 67: AppendixHIMaxIndex of FiguresFigure
Page 68:
AppendixHIMaxIndexanalog inputsuse
show all

HIMax Safety Manual - Tuv-fs.com

Create successful ePaper yourself

Delete template?

Save as template?