HIMax Safety Manual - Tuv-fs.com

More documents

Recommendations

Info

9 Software HIMax9 SoftwareThe software for the safety-related automation devices of the HIMax systems consist of thefollowing components:• Operating system• User program• SILworX programming system in accordance with IEC 61131-3.The operating system is loaded into the controller's processor module. HIMA recommendsusing the latest version valid for the safety-related applications.The user program is created using the SILworX programming system and contains theapplication-specific functions to be performed by the automation device. SILworX is alsoused to configure it.The user program is compiled with the code generator and transferred to the non-volatilememory automation device through an Ethernet interface.9.1 Safety-Related Aspects of the Operating SystemEach approved operating system is clearly identified by the revision number and the CRCsignature. The valid versions of the operating system and corresponding signatures (CRCs)- approved by the TÜV for use in safety-related automation devices - are subject to arevision control and are documented in a list maintained together with TÜV,The current version of the operating system can be read using SILworX. You have tocheck if an approved operating system version is loaded into the modules (cf. 10.3Checklist for creating an user program).9.2 Operation and Functions of the Operating SystemThe operating system executes the user program cyclically. Basically, this involvesperforming the following functions:• Reading of input data• Processing of the logic functions, programmed in accordance with IEC 61131-3,• Writing of output dataThe following basic functions are also executed:• Comprehensive self-tests• Test of I/O modules during operation,• Data transfer• Diagnosis• Handling redundancy if processor modules are added or removed.Fore more information, see HIMax System Manual HI 801 001. For more information, seeHIMax System Manual HI 801 001.9.3 Safety-Related Aspects of ProgrammingWhen creating a user program, the requirements detailed in this section must be observed.9.3.1 Safety Concept of SILworXThe safety concept of SILworX:• When SILworX is installed, a CRC checksum helps ensure the program package'sintegrity on the way from the manufacturer to the user.• SILworX performs validity checks to reduce the likelihood of faults while entering data.Page 46 of 70HI 801 003 D Rev.2.0
HIMax9 Software• Compiling the program twice and comparing the two CRC checksums ensures that datacorruption in the application is detected that can result from random faults in the PC inuse.When starting up a safety-related controller for the first time, a comprehensive function testto verify the safety of the entire system must be performed.Function Test of the Controller1 Verify that the tasks to be performed by the controller were properly implemented usingthe data and signal flows.2. Perform a comprehensive function test of the logic by trial (see Testing the configurationand the appl.).The controller and the application are sufficiently tested.If a user program is modified, only the program components affected by the change mustbe tested. To do this, the safe revision comparator in SILworX can be used to determineand display all changes relative to the previous version.9.3.2 Verifying the Configuration and the User ProgramTo verify that the user program created performs the required safety function, the user mustcreate suitable test cases for the required system specification.An independent test of each loop (consisting of input, the key interconnections in theapplication and output) is usually sufficient.Suitable test cases must also be created for the numerical evaluation of formulas.Equivalence class tests are reasonable . These are tests within defined ranges of values, atthe limits of or within invalid ranges of values. The test cases must be selected such thatthe calculations can be proven to be correct. The required number of test cases dependson the formula used and must include critical value pairs.HIMA reccommends not to do without performing an active simulation with data sources,since this is the only way to prove that the sensors and actuators in the system (also thoseconnected to the system via communication with remote I/Os) are properly wired. This isalso the only way to verify the system configuration.This procedure must be followed both when initially creating and when modifying the userprogram.HI 801 003 D Rev.2.0 Page 47 of 70
Page 1: SAFETYHIMax ®Safety Manual
Page 4 and 5: Table of contentsHIMax3.5 Certifica
Page 6 and 7: Table of contentsHIMax10.2.9 Accept
Page 8: 1 Safety Manual HIMax1.5 GlossaryTe
Page 12 and 13: 2 Intended Use HIMaxStandardEC/EN 6
Page 14 and 15: 2 Intended Use HIMax2.3.4 Power Sup
Page 16 and 17: 3 Safety Concept for Using the PES
Page 24 and 25: 4 Processor Modules HIMaxNOTESystem
Page 26 and 27: 5 System Bus Module HIMaxWARNINGPhy
Page 28 and 29: 6 Communication Module HIMax6 Commu
Page 30 and 31: 7 Input Modules HIMaxNOTICESystem m
Page 32 and 33: 7 Input Modules HIMax7.6 Checklists
Page 34 and 35: 7 Input Modules HIMax7.6.3 Checklis
Page 36 and 37: 7 Input Modules HIMax7.7 Safety-Rel
Page 38 and 39: 7 Input Modules HIMax7.8 Checklist
Page 40 and 41: 8 Output Modules HIMax8 Output Modu
Page 42 and 43: 8 Output Modules HIMaxIn this state
Page 44 and 45: 8 Output Modules HIMax8.7 Checklist
Page 48 and 49: 9 Software HIMax9.4 Resource Parame
Page 50 and 51: 9 Software HIMaxExample: A key swit
Page 52 and 53: 9 Software HIMaxThe user only need
Page 54 and 55: 10 User program HIMaxSensors (digit
Page 56 and 57: 10 User program HIMax10.2.5 Downloa
Page 58 and 59: 10 User program HIMax10.2.10 Checkl
Page 60 and 61: 11 Configuring Communication HIMaxN
Page 62 and 63: 11 Configuring Communication HIMaxF
Page 64 and 65: 11 Configuring Communication HIMaxP
Page 66 and 67: AppendixHIMaxIndex of FiguresFigure
Page 68: AppendixHIMaxIndexanalog inputsuse

HIMax Safety Manual - Tuv-fs.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?