Failsafe CPU's

[gayesa]

Is there any difference between programming a fail-safe CPU and and a generic CPU? Big programming difference is essential?

[JesperMP]

The non-failsafe part is 100% the same on both types of CPUs.

For Siemens S7-F, the failsafe programming is a kind of ladder programming.
You define the inputs and outputs, and connect these to predefined safety blocks. For example, the two contacts in an emergency stop button will appear as one "safety input", and this safety input then goes to a predefined safety block for E-stop.

[Pandiani]

Jesper, can you tell us more? I'm also very interesting in this. Does S7-300F for example has different hardware comparing with ordinary S7-300 PLCs? Is STEP 7 is different? Unfortunately I don't have much clear picture what fail-safe really is..

[gayesa]

Doesn't S7-300F CPU itself make safety related operations?

I mean by diagnosing an irregular condition in the hardware it switches to a safe mode automatically without placing any blocks in the program, doesn't it? If it is not the case, can you explain the blocks procedure with some details?

[JesperMP]

I do not know how Siemens has made the failsafe part of the CPUs.
I have heard a little about that the failsafe firmware is realised partly in logic, and partly with floating point, thus achieving that the safety code is duplicated with two different technologies. But for us end-users it does not matter how it is done.

You need a failsafe CPU, failsafe option for STEP7, failsafe i/o modules.

The safety of the F system is similar to a safety relay. So the failsafe blocks performs self test of the i/o, and the hardware checks for shortcircuit etc.

[gayesa]

so if i understand correctly we do not have to do anything else except combining some safety blocks in ladder program, the rest will be done automatically with a special software inside of the modulesanother issue is that, is there an obligation for i/o modules to be failsafe also? (failsafe cpu's + failsafe i/o's) or only fail-safe CPU and normal i/o modules are sufficient?

[dchartier]

Hello gayesa;

Quote:

is there an obligation for i/o modules to be failsafe also? (failsafe cpu's + failsafe i/o's) or only fail-safe CPU and normal i/o modules are sufficient?

The Safety part of a Safety CPU requires a risk analysis and must respond to strict criteria (SIL2, SIL3 for example, or IEC954 Cat 4). For these applicatioons, only Safety I/O must be used.
Also, the safety blocks generated must be certified (by the safety program) and time-stamped. It can be quite complex.
Look at siemns' safety Portal, you can find a lot more information :
https://www.automation.siemens.com/c...ersichsyst.htm

Hope this helps,
Daniel Chartier

[gayesa]

Quote:

Originally Posted by dchartier

Hello gayesa;


The Safety part of a Safety CPU requires a risk analysis and must respond to strict criteria (SIL2, SIL3 for example, or IEC954 Cat 4). For these applicatioons, only Safety I/O must be used.

Also, the safety blocks generated must be certified (by the safety program) and time-stamped. It can be quite complex.
Look at siemns' safety Portal, you can find a lot more information :
https://www.automation.siemens.com/c...ersichsyst.htm

Hope this helps,
Daniel Chartier

I'm mixed up

So what if i have failsafe CPU + normal i/o's in my system? Have fail-safe CPU become useless, will i regard it as a normal CPU for this reason?

Is the name of that safety program "Distributed Safety" or anything else? (I have already bought it)

Do I have mistakes?

[JesperMP]

Quote:

Originally Posted by gayesa

So what if i have failsafe CPU + normal i/o's in my system? Have fail-safe CPU become useless, will i regard it as a normal CPU for this reason?

Yes. You can use it like a normal CPU.

Quote:

Originally Posted by gayesa

Is the name of that safety program "Distributed Safety" or anything else? (I have already bought it)

I believe it is the correct software package.

As Daniel says, safety design is absolutely non-trivial.
You have to make a risk analysis.
Design the machine according to the risk analysis.
Verify that the safety work as intended.
Make instructions for use in the local language, with all safety aspects covered.

I recommend you take a training course in S7 F safety.

[dchartier]

Hello again;

Maybe I should clear up one point, sorry i left missing details.

Using a F-CPU, you can run both non-safety and safety programs together in the same project.
For example, implement the standard controls of a machine with standard I/Os, and standard programming blocks. In parralel develop a Safety program on the same CPU.

The safety program needs Safety I/Os to interface with the process, and the safety blocks you program must be declared as a Safety Blocks when you develop them. These safety blocks are compiled separately from the rest of the program, and the Distributed Safety program loaded in Step 7 will certify them before they are downloaded. Runtime of these blocks is also different from the standard functions (for example, they will not restart automatically after a power outage of the CPU, they must be reset).
So with a F-CPU you can mix and match standard and safety I/Os, standard and safety blocks, as your process requires.
In any case, you must start with a Risk Assesment of your process to first determine the safety requirements of your process (there is a thread running today on Safety issues, that has a download to a risk Assessment document); then select the safety I/O required (see the Distributed Safety manuals) and wire them approprietly; then program the safety blocks and compile the safety program. the standard blocks existoing on the same CPU can be handled as usual.
Hope this helps,
Daniel Chartier