What Is fail safe circuit

Hi Friends
I read and listen about failsafe techniques in many plc's documents.I want to clear my point with a simple example. can any one help me?
Some times the developer said that we use XIO or XIC for wiring check if the cable broken then the system tripped how this possible?
thanks

failsafe to me is a system with reduncancies take for example ESD's emergency stop circuits. one components are not electro mechanical but rather solid state. two their are redundant circuits class 1 e stop only uses one contact per safety switch however class 3 uses minimum two NC in each switch to a rated fail safe safety relay this in turn goes to a rated fail safe safety PLC. This way if one contact were to fuse the other contact detects the correct condition. Some contacters are designed that if one contact were to fuse the other cntact will signal the correct condition and attempt to break the weld. In the example above I would imagine they are talking abbout mult contact usage per switch. Most safety switches come equipped with two NC and one NO contact multi using these contacts at all points makes it far more difficult for lazy electricians to defeat most times its more practical to replace the switch rather than jumpering it out.

jcp - Failsafe pretty much means designing things to fail in a safe manner as opposed to them failing in a dangerous manner.

For example, say you have a sensor at the end of a pallet conveyor. When it detects a pallet at the end of the conveyor it stops the conveyor until the next system removes the pallet. If the conveyor were to continue running, the pallet could topple over, hurt people, and damage product or equipment. For this example we'll say that the sensor is a retro-reflective photo-electric sensor.

In this scenario, we want to design the system so that if the sensor fails for whatever reason (cable gets cut, sensor gets knocked out of line, reflector gets broken, etc.) that the conveyor will stop.

An easy method for this is to use a normally closed output on the sensor. So when a pallet is detected the circuit opens. This also means that if the cable gets cut or the sensor gets knocked out of line, the circuit will open. If the sensor circuit opens for whatever reason, we will stop the conveyor.

This way, we have designed this system to fail in a safe manner. If anything goes wrong with this sensor, the conveyor will go into it's stopped state.

I agree with monkeyhead. When describing failsafe wiring methods, i like to use level switches as an example. Say you have a tank with high and low level switches, both being used for alarming purposes.

To wire the high level alarm switch failsafe you would want to use a N.C. set of contacts. This will result in the contacts being closed (1) during normal (not high level) conditions and the contacts being open (0) when a high level condition is present.

For the low level alarm switch you would want use N.O. contacts. In this case the low level condition will result in the contacts being open (0) and the contacts will close when the level rises above the switch (normal condition), closing the contacts (1).

In both cases, as monkeyhead said, the normal condition results in closed contacts (1) and the alarm condition will result in an open contact (0). A broken wire will also result in an open contact (0) which is your alarm state.

You want to try to wire all of your I/O devices to fail in the alarm state. This is where the XIO / XIC programmming also comes into play. In most cases, failsafe logic will be looking for a 1 in the normal condition and a 0 in the alarm condition. This would usually dictate that an XIO contact is used to condition your alarm timer.

I used to have a bookmark to a really neat web article on failsafe design. It wasn't specific to PLCs, but it was a good primer on the ideas and methodology behind failsafe designs. Unfortunately it must have disappeared with my last computer. It covered everything from the mechanical brakes on an elevator to a failsafe design for a nuclear plant to failsafe circuit designs. It was a good read.

The nuclear plant thing really caught my attention, because the system (whether it was real or proposed) was designed so that the nuclear chain reaction could not keep occurring unless the control system intervened. So basically, if the control system failed, the reaction will just fizzle out.