Supported platforms: CODESYS 3.5 SAFETY
This function block monitors supply voltage and diagnoses safety switch faults.
The function block uses internally S_ADCToVoltageOrCurrent to convert ADC values to voltage and validate voltage limits.
Voltage tolerance is validated by library's internal implementation.
Init method is used to initialize the necessary static calculation parameters for the function block instance.
The method shall be called at least once before the actual function block can be called, i.e. at the application initialization phase.
The method checks the validity of input parameters. However, none of the function block outputs are affected by the initialization.
|
|
A parameter error is diagnosed if:
|
|
Parameter |
Data type |
Unit |
Range |
Description |
|
S_i_VoltageHighLimit |
SAFEDINT |
mV |
> 0 |
Limit for overvoltage diagnosis. |
|
S_i_VoltageLowLimit |
SAFEDINT |
mV |
>= 0 |
Limit for undervoltage diagnosis. |
|
S_i_DiagnosticDelay |
SAFEUINT |
ms |
0 - 100 |
Delay time for diagnostics. |
|
i_pEventCode |
POINTER TO EventCode |
- |
≠ 0 |
Pointer to application variable which is type EventCode. |
|
TRUE: All initialization parameters ok. |
|
FALSE: Error in initialization parameter(s). |
Input i_SupplyBeforeSafetySwitch (channel 1) and i_SupplyAfterSafetySwitch (channel 2) ADC values are converted to voltage values using hardware specific enumeration VALUE_AT_AD_MAXIMUM.U_SUPPLY as voltage value at AD maximum for both channels.
While i_SafetySwitch is FALSE and i_Enable is TRUE, channel 1 voltage is checked to be within allowed (given) limits and channel 2 voltage is checked to be less than hardware specific constant G_OUTPUT_SUPPLY_OFF_MAX_VOLT_AFTER_OVP. Voltage value of input i_SupplyAfterSafetySwitch is assigned to S_o_Voltage output.
While i_SafetySwitch is TRUE and i_Enable is TRUE, the input channel 1 and 2 voltages are monitored to be within allowed (given) limits and channel tolerance is monitored.
Tolerance monitoring checks that channel 2 voltage does not drop below channel 1 voltage by percentage defined in platform specific constant G_OUTPUT_SUPPLY_TOLERANCE.
The tolerance error is diagnosed after G_OUTPUT_SUPPLY_TOLERANCE_DIAG_DELAY.
If parameters and voltages are ok, o_SafetySwitch output follows the request of i_SafetySwitch input.
In case of parameter error, or if either of the voltages fail,
• The output o_SafetySwitch is set FALSE.
• Corresponding Error bit in o_Status structure is set TRUE
• Corresponding EventID is set to i_pEventCode
|
Input variable name |
Data type |
Unit |
Range |
Description |
|
i_Enable |
BOOL |
- |
- |
Enable POU operation |
|
i_SafetySwitch |
BOOL |
- |
- |
Safety switch status request |
|
i_SupplyBeforeSafetySwitch |
DWORD |
- |
0 - G_ADC_MAXIMUM_VALUE |
Measured channel 1 AD value |
|
i_SupplyAfterSafetySwitch |
DWORD |
- |
0 - G_ADC_MAXIMUM_VALUE |
Measured channel 2 AD value |
|
Output variable name |
Data type |
Unit |
Range |
Description |
|
o_SafetySwitch |
BOOL |
- |
- |
Safety switch output control status. This output is given as input for FW-provided function that controls diagnosed power group. |
|
S_o_Voltage |
SAFEDINT |
mV |
- |
Validated output group control voltage. |
|
o_Status |
Status |
- |
- |
Status of output value. See Status struct. |
See Diagnostic Interface library description of error status and event code functionality.
|
Conditions |
S_o_Voltage |
o_SafetySwitch |
o_Status. OutputValid |
o_Status error status |
Event code FunctionID |
Event code EventID |
|
i_Enable TRUE AND init parameter error AND i_pEventCode valid |
0 |
FALSE |
FALSE |
ParameterError |
GROUP_CONTROL |
PARAMETER_ERROR |
|
i_Enable TRUE AND init parameter error AND |
0 |
FALSE |
FALSE |
ParameterError |
- |
- |
|
i_Enable TRUE AND init parameters ok AND ( i_SupplyBeforeSafetySwitch > G_ADC_MAXIMUM_VALUE OR i_SupplyAfterSafetySwitch > G_ADC_MAXIMUM_VALUE ) |
0 |
FALSE |
FALSE |
ParameterError |
GROUP_CONTROL |
PARAMETER_ERROR |
|
i_Enable rises AND init parameters ok AND i_SafetySwitch TRUE AND voltages ok AND tolerance ok |
Calculated voltage of channel 2 |
i_SafetySwitch |
TRUE |
- |
NO_FUNC |
NO_ERROR |
|
i_Enable rises AND init parameters ok AND i_SafetySwitch FALSE AND channel 1 voltage ok AND channel 2 voltage < G_OUTPUT_SUPPLY_ OFF_MAX_VOLT_AFTER_OVP |
Calculated voltage of channel 2 |
i_SafetySwitch |
FALSE |
- |
NO_FUNC |
NO_ERROR |
|
i_Enable TRUE AND init parameters ok AND i_SafetySwitch TRUE AND voltages ok AND tolerance fault (channel 2 < channel 1 by more than G_OUTPUT_SUPPLY _TOLERANCE) |
0 |
FALSE |
FALSE |
ValueMismatch |
GROUP_CONTROL |
DATA_MISMATCH |
|
i_Enable TRUE AND init parameters ok AND channel 1 voltage < S_i_VoltageLowLimit) |
0 |
FALSE |
FALSE |
OutputLow |
GROUP_CONTROL |
OUTPUT_TOO_LOW |
|
i_Enable TRUE AND init parameters ok AND (channel 1 or 2 voltage > S_i_VoltageHighLimit) |
0 |
FALSE |
FALSE |
OutputHigh |
GROUP_CONTROL |
OUTPUT_TOO_HIGH |
|
i_Enable rises AND init parameters ok AND i_SafetySwitch FALSE AND channel 1 voltage ok AND channel 2 voltage >= G_OUTPUT_SUPPLY_OFF _MAX_VOLT_AFTER_OVP |
0 |
FALSE |
FALSE |
ExternalVoltage |
GROUP_CONTROL |
EXTERNAL_VOLTAGE |
|
i_Enable rises AND init parameters ok AND i_SafetySwitch TRUE AND channel 1 voltage ok AND channel 2 voltage < S_i_VoltageLowLimit |
0 |
FALSE |
FALSE |
SafetySwitch Error |
GROUP_CONTROL |
VOLTAGE_SHORTCUT |
|
|
Function block is included in hardware specific diagnostic program. It is automatically generated to code template when MultiTool Creator is used. |
|
|
Output group control and diagnostic is a safe-context POU. |
|
Definitions: |
|
VAR_INPUT (* Output Group Control Inputs *) i_Enable: BOOL := FALSE; // Enable operation i_OutputGroup1Control: BOOL := FALSE; // Application status request for output group #1 i_SupplyBeforeSafetySwitch1:DWORD := DWORD#0; // Filtered ADC value for power supply before safety switch i_SupplyAfterSafetySwitch1: DWORD := DWORD#0; // Filtered ADC value for power supply after safety switch END_VAR
VAR_OUTPUT (* Output Group Control Outputs *) o_OutputGroup1ControlStatus: EPEC_SHWD.Status; // FB status o_OutputGroup1Control_EC: EPEC_DITF.EventCode; // Event code o_OutputGroup1Control: BOOL; // Group control status for controlling FB function o_OutputGroup1ControlVoltage: SAFEDINT; // Measured output group control voltage END_VAR
VAR init_ok: BOOL; // Initialization status outputGroupControl: EPEC_SHWD.S_OutputGroupControlAndDiagnostics; // POU instance
END_VAR
|
|
Init: |
|
(* Output group control and diagnostic *) init_ok := outputGroupControl.Init( S_i_VoltageHighLimit := G_IO.OUTPUTGROUP1_HIGH_VOLTAGE_LIMIT, // Limit of overvoltage (mV) S_i_VoltageLowLimit := G_IO.OUTPUTGROUP1_LOW_VOLTAGE_LIMIT, // Limit of undervoltage (mV) S_i_DiagnosticDelay := G_IO.OUTPUTGROUP1_DIAGNOSTIC_DELAY, // Delay time (ms) for error diagnostic i_pEventCode := ADR(o_OutputGroup1Control_EC) // Event code pointer for FB );
|
|
Code: |
|
(* Output group control and diagnostic *) outputGroupControl( i_Enable := i_Enable, // Enable operation i_SafetySwitch := i_OutputGroup1Control, // Control request status i_SupplyBeforeSafetySwitch := i_SupplyBeforeSafetySwitch1, // Filtered ADC value before safety switch i_SupplyAfterSafetySwitch := i_SupplyAfterSafetySwitch1 // Filtered ADC value after safety switch S_o_Voltage => o_OutputGroup1ControlVoltage, // Measured output group control voltage o_SafetySwitch => o_OutputGroup1Control, // Output group control status for FW function o_Status => o_OutputGroup1ControlStatus // FB status );
|
Source file topic100437.htm
Last updated 13-Jun-2024
