Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com

More documents

Recommendations

Info

86 TR_SHUTDOWN Function BlockStructured TextFUNCTION_BLOCK TR_SHUTDOWNVAR_INPUTCI : BOOL := TRUE ; (* Control in. *)IO_CO : BOOL ; (* Critical IO Control out. *)IO_TMR : BOOL ; (* Critical IO 3 channels operating. *)IO_GE_DUAL : BOOL ; (* Critical IO 2 or more channels operating. *)IO_GE_SINGLE : BOOL ; (* Critical IO 1 or more channels operating. *)IO_NO_VOTER_FLTS : BOOL ; (* No voter faults on critical modules. *)IO_ERROR : DINT ; (* Error number, 0 = no error. *)MAX_TIME_DUAL : TIME := T#40000d ; (* Max Time with only 2 channels. *)MAX_TIME_SINGLE : TIME := T#40000d ; (* Max Time with only 1 channel. *)MAX_SCAN_TIME : TIME := T#400ms ; (* 50% of Max Response Time. *)END_VARVAR_OUTPUTCO : BOOL ; (* Control out. *)OPERATING : BOOL ; (* Shutdown if OPERATING=FALSE. *)TMR : BOOL ; (* Three channels operating. *)DUAL : BOOL ; (* Dual mode. *)SINGL : BOOL ; (* Single mode. *)ZERO : BOOL ; (* Zero mode. *)TIMER_RUNNING : BOOL ; (* Shutdown timer is running. *)TIME_LEFT : TIME ; (* Time remaining to shutdown. *)ALARM_PROGRAMMING_PERMITTED : BOOL ; (* Alarm -- download change. *)ALARM_REMOTE_ACCESS : BOOL ; (* Alarm -- remote host writes. *)ALARM_RESPONSE_TIME : BOOL ; (* Alarm -- exceed response time. *)ALARM_DISABLED_POINTS : BOOL ; (* Alarm -- some points disabled. *)ERROR : DINT ; (* Error number. *)(** Error number:* 0 = No error.* 1 = Error in maximum time.* 2 = IO function block error - IO_ERROR is non-zero.* 3 = Status function block error.*)END_VARVARGE_DUAL : BOOL ; (* Two or more channels operating. *)GE_SINGLE : BOOL ; (* One or more channels operating. *)MP : TR_MP_STATUS ; (* MP status. *)PROG : TR_PROGRAM_STATUS ; (* Program status. *)SCAN : TR_SCAN_STATUS ; (* Scan status. *)DUAL_TIME : TON ; (* Dual mode timer. *)SINGLE_TIME : TON ; (* Single mode timer. *)U : BOOL ; (* Unused Value. *)END_VAR(**=F===============================================================================* FUNCTION_BLOCK: TR_SHUTDOWN* Purpose: Implement TUV restrictions.** Return: none** Remarks:*Tricon Safety Considerations Guide
TR_SHUTDOWN Function Block 87* Example EX01_SHUTDOWN shows one way to check that* the safety system is operating within spec when* every module in the safety system is safety critical.* The example uses the Tricon Library function block* TR_SHUTDOWN - one instance named CRITICAL_MODULES.* The output CRITICAL_MODULES.OPERATING indicates* that all safety critical modules are operating* within spec. Input MAX_TIME_DUAL specifies the* maximum time allowed with two channels operating* (for example, 1500 hours).* Input MAX_TIME_SINGLE specifies the maximum time allowed* with only one channel operating (for example, 72 hours).* When CRITICAL_MODULES.OPERATING is FALSE,* the time in degraded operation exceeds the* specified limits -- therefore the control program* should shutdown the plant.** Excluding output voter faults and field faults -- TMR implies* three channels with no detected fatal errors, GE_DUAL implies* at least two channels with no detected fatal errors,* and GE_SINGLE implies at least one channel* with no detected fatal errors -- for every path* from a safety critical input to a safety critical output.* Detected output voter faults reduce TMR or GE_DUAL to GE_SINGLE.* (See example EX02_SHUTDOWN to improve availability* using relays and advanced programming techniques.)** The "TMR" output indicates TMR.* The "DUAL" output indicates GE_DUAL but not TMR.* The "SINGL" output indicates GE_SINGLE but not GE_DUAL.* The "ZERO" output indicates not GE_SINGLE.* The "TIMER_RUNNING" output indicates that* the time left to shutdown is decrementing.* The "TIME_LEFT" output indicates the time remaining before shutdown.** WARNING - the TR_SHUTDOWN function block* does not use detected field faults or* combinations of faults reported as field faults.* It is the responsibility of the application program* to use system variable NoFieldFault or FieldOK* to detect and respond to such faults.** To see how to create a user-defined function block* to improve availability, see the examples* in the help topic for TR_SHUTDOWN.** NOTE -- If IO_CO is false (for example, if you do not provide* a user-defined function block like the one in example EX02_SHUTDOWN),* then losing all three legs of an active IO module results in* a transition to "SINGL", not "ZERO".** Runtime Errors* EBADPARAM Bad parameter* CO=FALSE indicates a programming error.* See ERROR number parameter for details.*=F===============================================================================*)Appendix APeer-to-Peer Communication
Page 1 and 2:
TriconVersion 9Safety Consideration
Page 3:
AcknowledgementTriconex acknowledge
Page 6 and 7:
viRelated DocumentsRelated Document
Page 8 and 9:
viiiHow to Contact TriconexHow to C
Page 10:
xTrainingFor Turbomachinery Systems
Page 13 and 14:
xiCONTENTSAbout This Guide ........
Page 15 and 16:
xiiiAnalog Input Module Alarms ....
Page 17 and 18:
CHAPTER 1Safety ConceptsThis chapte
Page 19 and 20:
Safety Overview 3Protection LayersT
Page 21 and 22:
Hazard and Risk Analysis 5Hazard an
Page 23 and 24:
Hazard and Risk Analysis 7Completio
Page 25 and 26:
Hazard and Risk Analysis 9Equation
Page 27 and 28:
Hazard and Risk Analysis 11Flowchar
Page 29 and 30:
Hazard and Risk Analysis 13Some key
Page 31 and 32:
Safety Standards 15Safety Standards
Page 33 and 34:
Safety Standards 17Application-Spec
Page 35 and 36:
CHAPTER 2Application GuidelinesThis
Page 37 and 38:
General Guidelines 21• Under cert
Page 39 and 40:
Guidelines for Tricon Controllers 2
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52: Guidelines for Tricon Controllers 3
Page 53 and 54: CHAPTER 3Fault ManagementThis chapt
Page 55 and 56: System Diagnostics 39System Diagnos
Page 57 and 58: Operating Modes 41Operating ModesEa
Page 59 and 60: Module Diagnostics 43Module Diagnos
Page 61 and 62: Module Diagnostics 45Relay Output M
Page 63 and 64: Module Diagnostics 47System Attribu
Page 65 and 66: CHAPTER 4Application DevelopmentThi
Page 67 and 68: Important TriStation Commands 51Imp
Page 69 and 70: Setting Scan Time 53Setting Scan Ti
Page 71 and 72: Sample Safety-Shutdown Programs 55S
Page 73 and 74: Sample Safety-Shutdown Programs 57I
Page 75 and 76: Sample Safety-Shutdown Programs 59A
Page 77 and 78: Sample Safety-Shutdown Programs 61P
Page 79 and 80: Sample Safety-Shutdown Programs 63O
Page 81 and 82: Sample Safety-Shutdown Programs 65D
Page 83 and 84: Sample Safety-Shutdown Programs 67P
Page 85 and 86: APPENDIX APeer-to-Peer Communicatio
Page 87 and 88: Data Transfer Time 71ParameterTS =S
Page 89 and 90: Examples of Peer-to-Peer Applicatio
Page 91 and 92: TR_CRITICAL_IO Function Block 75TR_
Page 93 and 94: TR_CRITICAL_IO Function Block 77Par
Page 95 and 96: TR_CRITICAL_IO Function Block 79Str
Page 97 and 98: TR_CRITICAL_IO Function Block 81CO
Page 99 and 100: TR_SHUTDOWN Function Block 83Parame
Page 101: TR_SHUTDOWN Function Block 85Relate
Page 105 and 106: TR_SHUTDOWN Function Block 89TIMER_
Page 107 and 108: TR_VOTE_MODE Function Block 91Param
Page 109 and 110: TR_VOTE_MODE Function Block 93Appen
Page 111 and 112: APPENDIX BShutdown Function BlocksT
Page 113 and 114: TR_CRITICAL_IO Function Block 974 R
Page 115 and 116: TR_CRITICAL_IO Function Block 99Rel
Page 117 and 118: TR_CRITICAL_IO Function Block 101*
Page 119 and 120: TR_SHUTDOWN Function Block 103TR_SH
Page 121 and 122: TR_SHUTDOWN Function Block 105Param
Page 123 and 124: TR_SHUTDOWN Function Block 107Struc
Page 125 and 126: TR_SHUTDOWN Function Block 109IF CI
Page 127 and 128: TR_VOTE_MODE Function Block 111TR_V
Page 129 and 130: TR_VOTE_MODE Function Block 113Stru
Page 131 and 132: Index 115IndexAactual scan time 53a
Page 133 and 134: Index 117Modbus master functions 25
Page 135 and 136: Index 119timescan 53TMR architectur
show all

Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?