S_8801

8/3/2019 S_8801

http://slidepdf.com/reader/full/s8801 1/11

FAQ on Safety Integrated

What to consider when Upgrading Failsafe Blocks

(V1_2) on S7 F Systems Lib V1_3?

FAQ

8/3/2019 S_8801


Upgrading of Failsafe Blocks

Entry-ID: 30375362

I IA/DT /11

C o p y r i g h t © S

i e m e n s A G 2

0 0 8 A l l r i g h t s r e s e r v e d

3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

Table of Contents

Table of Contents ......................................................................................................... 2

1 Introduction..................................................................................................... 2

2 Requirements for the Upgrade...................................................................... 3

3 Requirements for the Acceptance Test ........................................................ 4

4 Procedure for Upgrading ............................................................................... 6

1 Introduction

Proof

For the acceptance test after upgrading Failsafe Blocks (V1_2) on S7 FSystems Lib V1_3 you principally proceed as for the acceptance ofchanges. The acceptance test shall provide the proof that the changedsystem properties do not affect the safety of your plant. The required proofis provided by means of the method described below. The proof includes

the following:1. In the upgraded safety program only the system-related changes are

contained.

2. The new behavior of S7 F Systems Lib V1_3 does not affect the safetyof your plant.

3. The reaction time of the upgraded safety program is within thepermissive range for your plant.

8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

2 Requirements for the Upgrade

Basics

A project can be upgraded if all used F-blocks can be upgraded. Thisprincipally applies for all blocks of Failsafe Blocks (V1_2).

F-block types created by you

F-block types created by you using Failsafe Blocks (V1_2), must beupgraded to S7 F Systems Lib V1_3 before being created.

Note Please note the rules from the manual “S7 F-FH Systems – Configuringand Programming”, issue 07/2007 chapter 2.3.6 and 5.7:

http://support.automation.siemens.com/WW/view/en/2201072

Further F-blocks and F-block types

All further F-blocks and F-block types from the project must be available inan S7 F Systems Lib V1_3 compatible version.

Note For F-blocks which are not part of S7 F Systems, please contact theproducer of these F-blocks.

Safety Matrix

The F-blocks of Safety Matrix V6.1 are compatible withFailsafe Blocks (V1_2) and S7 F Systems Lib V1_3. Therefore youupgrade all matrixes, which you have generated using Safety Matrix V5.2,to Safety Matrix V6.1 beforehand according to the “S7 F Safety Matrix – Configuration Manual”, issue 03/2008 chapter 2.7.



8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

3 Requirements for the Acceptance Test

Requirements

An acceptance test is possible under certain conditions. These are:

1. F-system charts (chart name starts with @F) must only contain F-blockswhich the system automatically places during the compilation.

2. The compilation protocol should not contain any warnings on theinterconnections of the channel drivers with the module driver prior tothe upgrade. If this warning cannot be removed you have to test thesafety program at this point after the upgrade.

3. The project to be upgraded is approved according to the manual “S7 F-FH Systems – Configuring and Programming” issue 07/2007 chapter10. http://support.automation.siemens.com/WW/view/en/2201072

4. The parameters SUBS_ON and SUBS_I of F_PA_DI must have beencorrectly parameterized. See alsohttp://support.automation.siemens.com/WW/view/en/26116244

Extract:What do I need to take into account when applying channel driver F_PA_DI?

The F-channel driver F_PA_DI of the F-library Failsafe Blocks (V1_2)

(S7 F systems V5.2 SP4) contains the inputs SUBS_ON and SUBS_I.These inputs define which value is output during a communication or device error or for a passivation with PASS_ON = 1 at the output Q.In contrast to the default values, these inputs must be parameterized as follows:

SUBS_ON = TRUE SUBS_I = FALSE Other configurations contradict the basic criterion, that for digital F-I/O the value "0" is always considered as a safe rest position.

5. F-blocks F_S_BO, F_R_BO, F_S_R and F_R_R must not be used for

the communication within a shutdown group.

http://support.automation.siemens.com/WW/view/de/2201072



http://support.automation.siemens.com/WW/view/de/2201072

8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

Extract:

Why is there an error message within an F-shutdown group during data transmission between F-runtime groups?

Description:

When transmitting data between F-runtime groups within an F-shutdown group via the F-system blocks F_S_BO/F_R_BO or F_S_R/F_R_R, you can no longer compile your program (standard user program and safety program) with S7 F-Systems V5.2 SP4. In this case you receive the following error message: "When interconnecting between F-runtime groups 'X' and 'Y' no communication blocks are required since the F-runtime groups are located

in the same shutdown group."

Remedy:

Replace the data transmission via the F-system blocks F_S_BO/F_R_BO or F_S_R/F_R_R within an F-shutdown group by interconnecting the blocks directly.

Note:

Using the F-system blocks for data transmission between F-runtime groups within an F-shutdown group produces dead times of one OB-cycle each,since the receive block comes before the send block in the run sequence.In each case check, that the safety of your plant is not affected by these dead times.

Should one of these requirements not be fulfilled in your project, you firstchange the project accordingly. Please note the procedure from the manual“S7 F-FH Systems – Configuring and Programming”, issue 07/2007 chapter10.3:




8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

4 Procedure for Upgrading

Step 1: Create a backup copy

Prior to the upgrade to S7 F Systems Lib V1_3 you create a backup copyof the entire S7-project for the later comparison.

Step 2: Upgrade the project

Please upgrade the project according to the manual “S7 F-FH Systems – Configuring and Programming”, issue 07/2007 chapter 2.3.6 and 5.7:Please ensure taking the described additional measures in particular, ifapplicable to your project.http://support.automation.siemens.com/WW/view/en/2201072

Step 3: Check textual interconnections

Check that no textual interconnections with F-blocks exist. If textualinterconnections have been created through the upgrade, they must becompleted or deleted prior to the compilation.

Step 4: Comparison between safety programs and backup copy

Compare the safety program with the safety copy. Use the “Comparing...”button in the "Edit safety program" dialog of the SIMATIC Manager. You record that only permitted differences are detected. Permitted are:

•

New system runtime groups "@F_IN_3x_y" and "@F_OUT_3x_y":– Runtime Group "@F_IN_3x_y": Added

Those blocks which need to be processed at the beginning of ashutdown group are moved to the "@F_IN_3x_y" runtime group.Prior to the upgrade these F-blocks were located in the first runtimegroup of the user and are listed as deleted here during thecomparison.

– Runtime Group "@F_OUT_3x_y": Added Those F-blocks which need to be processed at the end of ashutdown group are moved to the "@F_OUT_3x_y" runtime group.Prior to the upgrade these F-blocks were located in the last runtime

group of the user and are listed as deleted here during thecomparison.

• Moving runtime groups by means of the additional or moved systemruntime groupsRuntime group "Runtime Group": Run Position Changed

'y'<->'z'



8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

• Output for moving F-blocks which must be processed at the beginning

or end of a shutdown group. In the original runtime group these areindicated as deleted. This affects the block types F_BO_FBO, F_R_FR,F_QUITES, F_SENDBO, F_RCVBO, F_SENDR, F_RCVR, F_S_BO,F_R_BO, F_S_R, F_R_R, F_PLK, F_PLK_O. Z.B.

| +--o Runtime Group "UserRtg": Run Position Changed

'4'<->'3'

| | +--o Block "UserChart\Convert1": Deleted

| | +--o Block "UserChart\Receive1": Deleted

• Output on deleted module drivers. This concerns block types F_M_DI8,F_M_DI24, F_M_AI6, F_M_DO8, F_M_DO10, F_MPA_I, e.g.

| +--o Runtime Group "UserRtg": Run Position Changed

'4'<->'3'

| | +--o Block "@F_(1)\DI8xNAMUR_[EEx_1": Deleted

• Output on system runtime groups "@F_ShutDn", "@F_ShutDn_3x","@F_CycCo-OB3x", "@F_TestMode"All listed changes on these runtime groups can be ignored. This appliesfor the changes of this runtime group as well as for the contained F-blocks, e.g.

| +--o Runtime Group "@F_CycCo-OB34": Run Position

Changed '2'<->'1'

| | +--o Block "@F_CycCo-OB34\F_CYC_CO-OB34": Signature

Changed, Interface Changed

| | | +--o TESTM_DB Added

| | | +--o TEST_DB Added

| | | +--o ANZ_PSG Added

| | | +--o OFFS_PSG Added

| | +--o Block "@F_CycCo-OB34\F_TEST": Signature

Changed

| +--o Block "@F_CycCo-OB34\F_TESTC": Signature

Changed

| | +--o F_CNT_W.DATA Value: '62' <- '59'

• Output on the connections from and to "@F_(x)". All connectionsdescribe the interconnection from the channel drivers to the moduledrivers. These are automatically generated and checked duringcompilation, e.g.

| | | +--o CHADDR Value:

'@F_(2)\DI24xDC24V_3\CHADDRI00' <-

'@F_(1)\DI24xDC24V_3\CHADDR01

• Output on the charts @F_(x), @F_CycCo-OB3x, @F_DbInitx,@F_Initx, @F_RtgDiagx, @F_ShutDn and @F_TestMode can beignored. These charts are automatically generated during compilation.These changes affect the charts as well as the subsequently listed F-blocks, e.g.

+--o Chart "@F_(2)":

+--o Block "DI24xDC24V_3": Deleted

+--o Block "DO8xDC24V_2A_1": Different Block Type

'F_PS_12' <-- 'F_M_DO8'

8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

• Output types on interface expansions of F-blocks from

Failsafe Blocks (V1_2). E.g. interface expansion of F_CH_DI:| | +--o Block "13_ET200M\E56_4": Signature Changed, Interface Changed

| | | +--o CHADDR Value:

'@F_(2)\DI24xDC24V_3\CHADDRI00' <- '@F_(1)\DI24

| | | +--o CHADDR_R Added

| | | +--o CH_INF Added

| | | +--o CH_INF_R Added

…

• Output on the deleted parameters SUBS_ON and SUBS_I of F_PA_DI,e.g.

| | +--o Block "14_PA\E66_0": Signature Changed,

Interface Changed

…

| | | +--o SUBS_ON Deleted

| | | +--o SUBS_I Deleted

…

• Output on the parameter I_PAR_OK of F_PA_AI, e.g.+--o Block "Rtg\EW123": Signature

Changed, Interface Changed

| +--o I_PAR_OK Data Type: '43' <- '1'

The data type of these parameters of F_PA_AI was changed from BooltoF-Bool. This deletes interconnections from these parameters duringupgrading. If necessary you correct these automatic changes.Output on changed signatures of F-blocks from

Failsafe Blocks (V1_2). e.g.+--o Block "Name": Signature Changed

• Output on empty runtime groups, e.g. empty output for runtime groupName1:

+--o Runtime Group "Name1":+--o Runtime Group "Name2":

• Output on parameter DELTA of F_1oo2_R or F_2oo3_R, e.g.+--o Block "Rtg\Voter": Signature Changed, Interface Changed

| +--o DELTA Data Type: '43' <- '8'

The data type of parameter ’DELTA’ of F_1oo2_R or F_2oo3_R waschanged from Real to F-Real. This deletes a possible existinginterconnection or configuration to this parameter during upgrading. The

value of ’DELTA’ is therefore always 0.0 after upgrading. If necessaryyou correct these automatic changes.

• Statements on the reliability of outputs on F-blocks which do not originfrom Failsafe Blocks (V1_2), must be provided by the producer ofthese blocks.

• Outputs on changed interconnections of OUT parameters can alwaysbe ignored, since the output of the interconnection of IN parametersdescribes the logic completely.

8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

Step 5: Check F-converter blocks

For the F-converter blocks F_BO_FBO and F_R_FR you check that theinterconnections have remained unchanged, for example with the chartreference data of CFC or with ’Version Cross Manager’.

Step 6: Check communication blocks

Check the communication blocks:

• Generate the backup printout with the upgraded project.

• Ensure that the configurations and interconnections of allcommunication blocks have remained unchanged. To do this, comparethe printout of the safety program including the printed charts of the

upgraded project with the backup printout of the acceptance test.

– In the charts you compare all installation locations of F_SENDBO,F_RCVBO, F_SENDR, F_RCVR, F_S_BO, F_R_BO, F_S_R,F_R_R and F_QUITES

– Vergleichen Sie alle Ausgaben zu unsichtbaren Parametern dieserF-FBs

Step 7: Check the HW configuration

Check that the HW configuration has remained unchanged:

• Compile and save the HW configuration.

• Compare the CRCs of your HW in the backup printout.

• Note: If PROFISafe-Mode = PROFISafe, the CRCs change. This can beavoided by configuring an F-CPU from the following list:

Designation F-CPU MLFB

CPU 414-4H 6ES7 414-4HJ00-0AB0

CPU 414-4H 6ES7 414-4HJ04-0AB0

CPU 417-4H 6ES7 417-4HL01-0AB0

CPU 417-4H 6ES7 417-4HL04-0AB0

The actually used F-CPU must be allowed as a replacement for theconfigured CPU.

8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

Step 8: Check startup behavior

Check the relevance of the changed startup behavior of F_XOUTY,F_LIM_HL, F_LIM_LL and F_R_TRIG. A startup of the F-program occursduring a cold start, warm start (restart) or after an F-stop with subsequentpositive edge at the RESTART input of the F-block F_SHUTDN.

• The initial values of the OUTN parameter of F_XOUTY or of the QHNparameter of F_LIM_HL or of the QLN parameter of F_LIM_LL werechanged from 0 to 1. For all interconnections with these parameters itmust be checked that:

– the output is not processed or

–

in the run sequence the instances of F_XOUTY, F_LIM_HL andF_LIM_LL lie before the respective F-blocks which use the outputparameter and the initial value therefore never becomes effective or

– the initialization is irrelevant for the safety of the plant.

• The used outputs for which the initial value becomes effective throughthe run sequence are labeled with “*” in the printout of the safetyprogram. For these outputs the checking method can be , for example,an FMEA.

• For F_R_TRIG the changed startup behavior must be checked. Thechecking method can be , for example, an FMEA.During startup (CPU restart or restart after F-STOP) it must not berelevant for the safety of the plant, whether or not an edge is generatedupon a pending 1 in the first cycle.

Step 9: Check changed processing of NaN

Check the relevance of the changed processing of NaN by F_LIM_HL orF_LIM_LL.

The changed processing is not relevant if SUBS_IN = 1.

See manual “S7 F-FH Systems – Configuring and Programming”, issue07/2007 chapter A.5.3:

If the calculation in the F-block has produced invalid floating point numbers (NaN) the substitute value, at the input SUBS_IN at the output QH (or QL),is output instead of "1".

Step 10: Check error treatment in F_CH_AI

Check the relevance of the changed error treatment in F_CH_AI. Errortreatment has been described in the manual ’S7 F-FH Systems – Configuring and Programming’ version 07/2007 chapter A.2.6.7.http://support.automation.siemens.com/WW/view/en/2201072



8/3/2019 S_8801



Entry-ID: 30375362

I IA/DT /11


i e m e n s A G 2


3 0 3 7 5 3 6 2_

S 7_

F_

a c c e p

t a n c e_

u p g r a d e_

F - L i b_

V 1_

2_

t o_

V 1_

3 . p

d f

Step 11: Calculate reaction times

Recalculate the reaction times of the plant using the table inhttp://support.automation.siemens.com/WW/view/en/22557362 . Check thatthe reaction times do not affect the safety of the plant.

Step 12: Add interconnections or parameterizations

Add the interconnections or parameterizations to the parameter ’DELTA’ ofF_1oo2_R and F_2oo3_R analog to the safety copy and the result of thecomparator of S7 F Systems.

See manual “S7 F-FH Systems – Configuring and Programming”, issue

07/2007 chapter 2.3.4:Additional measures if your project contains the F-blocks F_1oo2_R or F_2oo3_R.

Note This method only considers blocks from Failsafe Blocks (V1_2). Forother F-blocks contact the respective producer.



S_8801

Documents

Transcript of S_8801