CPS: Instruction not certified for use in Safety routines

GhostPepper

Member
Join Date
Mar 2018
Location
Ontario
Posts
19
Using Studio 5000 Version 28.02 Professional
Processor is a ControlLogix L73S with L7SP safety partner

I always use the Synchronous Copy [CPS] instruction to copy my consumed tags because potentially they could change partway through the copy and end up with part of the data from one instant in time and the other part from a later time. I have had good results with this method.

I’m now working on a consumed tag that’s used in a safety task and can’t get the CPS instruction to work.

It looks like the CPS instruction isn’t available in the menu and if I paste it in I get the following error:
“CPS: Instruction not certified for use in Safety routines”

Why wouldn’t the CPS instruction be certified for safety? I'm guessing because it locks the tag for the duration of the copy and its slow so the scan time can't be guaranteed or something like that but I would like to know the real reason.



if the CPS is not available then what’s the best way to copy a consumed tag in a safety task?



I am copying UDTs with lots of tags.

Thanks.
 
I have 2 processors and am transferring UDTs between them.

for my standard tags I do the following:

1) Send the information from Processor 1 to Processor 2 using Produced/Consumed tags.

2) In the consuming processor I map the consumed tag to a base tag. using CPS

3) if the connection faults then "Zero" the Base tag. "Zeroing" could literally be setting tags to zero or setting them to some other value that is the "fail safe" value.

I want to do the same thing in my safety task for my safety tags.
 
I'm not sure that's the "correct" approach to take with safety data, which is potentially why it's not allowed. You shouldn't be externally "zeroing" the safety tags if the connection faults - that should be done by the safety instructions.

Take the example of a DCS (Dual Channel Input Stop) instruction, using a physical safety input. You enter your input tags directly into the DCS instruction, and then enter a tag for Input Status, which should include:
- Connection to safety input module not faulted
- Safety input module in run mode
- Safety input channel A point status OK
- Safety input channel B point status OK

If any of these fail, the DCS instruction itself faults.

You'd do the same thing with safety data from another GuardLogix, only you don't have to worry about the last two points in the list for Input Status, only that the remote GuardLogix is online and in run mode
 
I agree with your thoughts, I think it’s the preferred method to handle it in the instructions.

Our logic uses the connection status directly so if the connection faults or isn’t in run mode then we would drop automatic mode and inhibit movement.

The data getting sent over or old data wouldn’t matter because the process that uses it would stop and not read it. So zeroing it out wouldn’t be an issue.

The reason we are doing the zero out is that it’s a customer request.
The template they gave shows how to do it for standard tags (using CPS).

They asked us to do it for ALL tags including safety tags. But no method was provided in the template showing how to do safety tags.

I could do it using the regular copy [COP] instruction but then the copy wouldn’t be synchronous and could introduce other problems.

Will have to ask the customer what they expect, I just wanted to check that I wasn’t missing something obvious before talking to them.

Thanks for your input
 
Map the Safety tags to standard tags with the Logic | Safety Tag Mapping option, then do you messaging with the standard tags.

Of course, this potentially violates safety issues, but if you are only using it for monitoring...
 
Map the Safety tags to standard tags with the Logic | Safety Tag Mapping option, then do you messaging with the standard tags.

Of course, this potentially violates safety issues, but if you are only using it for monitoring...

Unfortunately its not just monitoring so I cant do it that way because the tags are used in the safety task for safety related things. otherwise its a good idea.
 
Our logic uses the connection status directly so if the connection faults or isn’t in run mode then we would drop automatic mode and inhibit movement.
WARNING - if that logic isn't done in the safety task, it is not a safety function and is not considered to give any protection.

Sure, it's good practice and a good idea to do regardless. But if you're not also monitoring the comms in the safety routine in a safety certified way, and dropping out safety outputs, your safety PLC is not safe.

The reason we are doing the zero out is that it’s a customer request...Will have to ask the customer what they expect, I just wanted to check that I wasn’t missing something obvious before talking to them.

That's the best thing to do, for sure.
 
All set

looks like there is no magic fix, CPS just isn't part of the safety task and there is no substitute.


Customer wants us to use COP instruction if synchronization isn't an issue or to just not do the zero out if it would be unsafe to do so.

To me that's the most reasonable thing to do, We will evaluate and decide if its best to just leave it as is.

Yes ASF the motion inhibit Safe torque off is all done in the safety task, the dropping auto is just an extra.


Guess the only question left is the technical reason CPS isn't certified for safety? do wonder about it but I'm done with the issue for now.


Thanks for your help
 
Sounds like a good outcome all round!


If I had to guess about why it's not certified, I'd say that it's probably too open to abuse. A CPS has a huge processor overhead when compared to a COP, and safety tasks are time critical. Total guesswork, but that's where my money would be.
 
I always use the Synchronous Copy [CPS] instruction to copy my consumed tags because potentially they could change partway through the copy and end up with part of the data from one instant in time and the other part from a later time. I have had good results with this method.

I’m now working on a consumed tag that’s used in a safety task and can’t get the CPS instruction to work.

It looks like the CPS instruction isn’t available in the menu and if I paste it in I get the following error:
“CPS: Instruction not certified for use in Safety routines”

Why wouldn’t the CPS instruction be certified for safety?
I think it is because it is unneeded.

According to the GuardLogix User Manual, 1756-RM020:

  • All safety input tags (inputs, consumed, and mapped) are updated and frozen at the beginning of safety task execution.
  • Safety output tag (output and produced) values are updated at the conclusion of safety task execution.

The way this was explained to me is that all the data in the safety task is essentially a CPS at the beginning of the task to a buffer, logic is executed on that unchanging data, then written out of the buffer in another CPS-like function.

There should be nothing to be gained by using CPS within the safety task as it can not change until the end of the task completes by its very nature.
 
Timbert - perhaps youv'e answered the question . When the CPS instruction is processed maybe it unfreezes the data BEFORE THE END OF THE SCAN !
Paul
 
I think it is because it is unneeded.

According to the GuardLogix User Manual, 1756-RM020:

  • All safety input tags (inputs, consumed, and mapped) are updated and frozen at the beginning of safety task execution.
  • Safety output tag (output and produced) values are updated at the conclusion of safety task execution.
That makes a whole lot of sense! I've learned my new thing for the day!
 
I think it is because it is unneeded.

According to the GuardLogix User Manual, 1756-RM020:

  • All safety input tags (inputs, consumed, and mapped) are updated and frozen at the beginning of safety task execution.
  • Safety output tag (output and produced) values are updated at the conclusion of safety task execution.

The way this was explained to me is that all the data in the safety task is essentially a CPS at the beginning of the task to a buffer, logic is executed on that unchanging data, then written out of the buffer in another CPS-like function.

There should be nothing to be gained by using CPS within the safety task as it can not change until the end of the task completes by its very nature.



THAT explains it, Thank you Timbert.
 
.... A CPS has a huge processor overhead when compared to a COP, ...


I don't consider the added functions of disabling interrupts, then re-enabling them bracketing essentially a COP to be "huge".


That is all CPS does over a COP, prevents the instruction being interrupted by anything, even the system overhead time-slice.
 

Similar Topics

Dear all, In RS Logix 5000 i m using the CPS instruction to copy an UDT with 8 strings & 1 DINT tag in it. While the rung is executed sometimes...
Replies
2
Views
1,240
I was having an issue where I would use the CPS instruction to copy a sint value to a string value( len=decimal , data= sint[82]) The data values...
Replies
2
Views
2,772
Hi, I wish to verify the CPS instruction using RSLogix 5000 v20 on Controllogix PLC. Is there any method i could do this and generate a...
Replies
1
Views
4,219
Gents, I've a recipe program which uses UDT which has 58 int's / bool / dint's. I like to copy UDT[0] to UDT [1]. What should be the lenght ...
Replies
9
Views
5,140
I very rarely work with STRINGS and can't remember the last time. I've attached a l5k file that contains four rungs where I'm simulating...
Replies
6
Views
1,659
Back
Top Bottom