HIMax Safety Manual - Tuv-fs.com
HIMax Safety Manual - Tuv-fs.com HIMax Safety Manual - Tuv-fs.com
10 User program HIMax10.2.5 Downloading and Starting the User Program10.2.6 ReloadA PES in the HIMax system cannot be downloaded until it is set to the STOP state.Currently, only one user program can be loaded into a given PES. The system monitorsthat the user program is loaded completely. Afterwards, the user program can be started,i.e. the routine begins to be processed in cycles.If the user program was modified, the changes can be transferred to the PES duringoperation. After being tested by the operating system, the modified user program isactivated and it assumes the control task.iNote that the reload does not take the current state into account if changes are performedto user programs containing a finite state machine. This can lead to an unpredictableprogram behavior after the reload process. A program contains a finite state machine if it iscomposed of sequential function chart elements such as steps, or function blocks withstorage capacity, e.g., RS Flipflops.In such a case, the execution of a reload must be planned thoroughly!Prior to performing a reload, the operating system checks if the required additional taskswould increase the cycle time of the current user program to such an extent that the definedwatchdog time is exceeded. In this case, the reload process is aborted with an errormessage and the controller continues operation with the previous user program.iReload can be abortedA successful reload is ensured by planning a sufficient reserve for the reload whendetermining the watchdog time or temporarily increasing the controller watchdog time by areserve of at least 30% and by at least 4*X ms.Any temporary increases in the watchdog time must be coordinated with the responsibletest authority.The reload can only be performed if the "Reload permitted“ system parameter is set to ONand the "Reload deactivation“ system variable is set to OFF.iThe user is responsible for ensuring that the watchdog time includes a sufficient reservetime. This should allow the user to manage the following situations:• Variations in the user program's cycle time• Sudden, strong overloads in a cycle, e.g., due to communication• Expiration of time limits during communication10.2.7 Online Test / Single Step ModeOnline test fields (OLT fields) can be used in the user program logic to display variableswhile the controller is operating.For more information on how to use OLT fields, enter "OLT field" in the SILworX onlinehelp.To diagnose faults during the online test, the user program can be run in single steps, i.e.,cycle for cycle. Each cycle is triggered by a command from the PADT.This function can only be used if the Freeze allowed system parameter is set to ON in thecorresponding user program.Page 56 of 70HI 801 003 D Rev.2.0
HIMax10 User programState DescriptionOFF The online test is not possibleON The online test is possible (default setting)Table 17: User Program Switch Freeze AllowedNOTICEDisruption of the safety-related operation possible!The single step mode must not be used in safety-related operation!10.2.8 Program Documentation for Safety-Related ApplicationsSILworX allows the user to automatically print the documentation for a project. The mostimportant documentation includes:• Interface declaration• Signal list• Logic• Description of data types• Configurations for system, modules and system parameters• Network configuration• List of signal cross-references• Code generator detailsThis documentation is required for the acceptance test of a system subjected to approvalby a test authority (e.g., TÜV).10.2.9 Acceptance by Test AuthorityHIMA recommends involving the test authority as soon as possible when designing asystem that is subject to approval.This acceptance test only applies to the user functionality, but not to the safety-relatedmodules and automation devices of the HIMax system that have already been approved.HI 801 003 D Rev.2.0 Page 57 of 70
- Page 6 and 7: Table of contentsHIMax10.2.9 Accept
- Page 8: 1 Safety Manual HIMax1.5 GlossaryTe
- Page 12 and 13: 2 Intended Use HIMaxStandardEC/EN 6
- Page 14 and 15: 2 Intended Use HIMax2.3.4 Power Sup
- Page 16 and 17: 3 Safety Concept for Using the PES
- Page 18 and 19: 3 Safety Concept for Using the PES
- Page 20 and 21: 3 Safety Concept for Using the PES
- Page 22 and 23: 3 Safety Concept for Using the PES
- Page 24 and 25: 4 Processor Modules HIMaxNOTESystem
- Page 26 and 27: 5 System Bus Module HIMaxWARNINGPhy
- Page 28 and 29: 6 Communication Module HIMax6 Commu
- Page 30 and 31: 7 Input Modules HIMaxNOTICESystem m
- Page 32 and 33: 7 Input Modules HIMax7.6 Checklists
- Page 34 and 35: 7 Input Modules HIMax7.6.3 Checklis
- Page 36 and 37: 7 Input Modules HIMax7.7 Safety-Rel
- Page 38 and 39: 7 Input Modules HIMax7.8 Checklist
- Page 40 and 41: 8 Output Modules HIMax8 Output Modu
- Page 42 and 43: 8 Output Modules HIMaxIn this state
- Page 44 and 45: 8 Output Modules HIMax8.7 Checklist
- Page 46 and 47: 9 Software HIMax9 SoftwareThe softw
- Page 48 and 49: 9 Software HIMax9.4 Resource Parame
- Page 50 and 51: 9 Software HIMaxExample: A key swit
- Page 52 and 53: 9 Software HIMaxThe user only need
- Page 54 and 55: 10 User program HIMaxSensors (digit
- Page 58 and 59: 10 User program HIMax10.2.10 Checkl
- Page 60 and 61: 11 Configuring Communication HIMaxN
- Page 62 and 63: 11 Configuring Communication HIMaxF
- Page 64 and 65: 11 Configuring Communication HIMaxP
- Page 66 and 67: AppendixHIMaxIndex of FiguresFigure
- Page 68: AppendixHIMaxIndexanalog inputsuse
10 User program <strong>HIMax</strong>10.2.5 Downloading and Starting the User Program10.2.6 ReloadA PES in the <strong>HIMax</strong> system cannot be downloaded until it is set to the STOP state.Currently, only one user program can be loaded into a given PES. The system monitorsthat the user program is loaded <strong>com</strong>pletely. Afterwards, the user program can be started,i.e. the routine begins to be processed in cycles.If the user program was modified, the changes can be transferred to the PES duringoperation. After being tested by the operating system, the modified user program isactivated and it assumes the control task.iNote that the reload does not take the current state into account if changes are performedto user programs containing a finite state machine. This can lead to an unpredictableprogram behavior after the reload process. A program contains a finite state machine if it is<strong>com</strong>posed of sequential function chart elements such as steps, or function blocks withstorage capacity, e.g., RS Flipflops.In such a case, the execution of a reload must be planned thoroughly!Prior to performing a reload, the operating system checks if the required additional taskswould increase the cycle time of the current user program to such an extent that the definedwatchdog time is exceeded. In this case, the reload process is aborted with an errormessage and the controller continues operation with the previous user program.iReload can be abortedA successful reload is ensured by planning a sufficient reserve for the reload whendetermining the watchdog time or temporarily increasing the controller watchdog time by areserve of at least 30% and by at least 4*X ms.Any temporary increases in the watchdog time must be coordinated with the responsibletest authority.The reload can only be performed if the "Reload permitted“ system parameter is set to ONand the "Reload deactivation“ system variable is set to OFF.iThe user is responsible for ensuring that the watchdog time includes a sufficient reservetime. This should allow the user to manage the following situations:• Variations in the user program's cycle time• Sudden, strong overloads in a cycle, e.g., due to <strong>com</strong>munication• Expiration of time limits during <strong>com</strong>munication10.2.7 Online Test / Single Step ModeOnline test fields (OLT fields) can be used in the user program logic to display variableswhile the controller is operating.For more information on how to use OLT fields, enter "OLT field" in the SILworX onlinehelp.To diagnose faults during the online test, the user program can be run in single steps, i.e.,cycle for cycle. Each cycle is triggered by a <strong>com</strong>mand from the PADT.This function can only be used if the Freeze allowed system parameter is set to ON in thecorresponding user program.Page 56 of 70HI 801 003 D Rev.2.0
Change language