Skip to main content

SF_EDM (External Device Monitoring)

Tip

The version of the function block as described here corresponds to the latest version of the function block in Version list of function blocks.

Applicable safety standards

SF_EDM is a certified PLCopen function block. For detailed information about applied standards, see "PLCopen – Technical Committee 5 – Safety Software".

Important

The requirements listed in the standards must be fulfilled by the user.

Interface description

This function block applies an input signal (S_OutControl) to an output signal (S_EDM_Out). The function block monitors that two inputs switch off within a defined time (MonitoringTime). If they do not switch off within the defined time, S_EDM_OUT is set to FALSE.

The SF_EDM (External Device Monitoring) FB monitors the initial state and the switching state of actuators, for example switch amplifiers, which are controlled by safe output devices.

Table 81. VAR_INPUT

Name

Data Type

Initial Value

Description, parameter values

Activate

BOOL

FALSE

General input parameters

S_OutControl

SAFEBOOL

FALSE

Variable.

Control signal of the preceding safety FBs.

Typical function block signals from the PLCopen library (e.g. SF_OutControl, SF_TwoHandControlTypeII)

FALSE: Disable safety output (S_EDM_Out)

TRUE: Enable safety output (S_EDM_Out)

S_EDM1

SAFEBOOL

FALSE

Variable.

Feedback signal of the first connected actuator (switch amplifier).

FALSE: Switching state of the first connected actuator.

TRUE: Initial state of the first connected actuator.

S_EDM2

SAFEBOOL

FALSE

Variable

Feedback signal of the second connected actuator (switch amplifier).

If only one signal is used in the application, then the user must use a graphic connection to jumper the S_EDM1 and S_EDM2 parameters. S_EDM1 and S_EDM2 are then controlled by the same signal.

FALSE: Switching state of the second connected actuator.

TRUE: Initial state of the second connected actuator

MonitoringTime

TIME

#0ms

Constant.

Maximum response time of the connected and monitored actuators.

The MonitoringTime caution note must be observed.

S_StartReset

SAFEBOOL

FALSE

General input parameters

Reset

BOOL

FALSE

General input parameters



MonitoringTime

For developers in Extended Level: The MonitoringTime input has to be set to a constant value. This means that the value must not be changed for the calls.

Table 82. VAR_OUTPUT

Name

Data Type

Initial Value

Description, parameter values

Ready

BOOL

FALSE

General output parameters

S_EDM_Out

SAFEBOOL

FALSE

Controls the actuator. The result is monitored by the feedback signal S_EDMx.

FALSE: Disable connected actuators

TRUE: Enable connected actuators

Error

BOOL

FALSE

General output parameters

DiagCode

WORD

16#0000

Diagnostic codes



Figure 106. Function block: SF_EDM
Function block: SF_EDM


Functional description

The SF_EDM FB controls a safety output and monitors controlled actuators.

This function block monitors the initial state of the actuators via the feedback signals (S_EDM1 and S_EDM2) before the actuators are enabled by the FB.

The function block monitors the switching state of the actuators (MonitoringTime) after the actuators have been enabled by the FB.

Two single feedback signals must be used for an exact diagnosis of the connected actuators. A common feedback signal from the two connected actuators must be used for a restricted yet simple diagnostic function of the connected actuators. In this case, the user must connect this common signal to both S_EDM1 and S_EDM2 parameters. S_EDM1 and S_EDM2 are then controlled by the same signal.

The switching devices used in the safety function should be selected from the category specified in the risk analysis.

Optional startup lock:

Startup lock in the event of block activation

Caution

The S_StartReset input shall only be activated if it is ensured that no hazardous situation can occur when the S-PLC is started.

Status diagram

Figure 107. Status diagram for SF_EDM
Status diagram for SF_EDM


Tip

Note: The transition from any state to the Idle state, initiated by Activate = FALSE, is not shown. In every case, these transitions have the highest priority.

Typical timing diagrams

Figure 108. Timing diagram 1: SF_EDM
Timing diagram 1: SF_EDM


Figure 109. Timing diagram 2: SF_EDM
Timing diagram 2: SF_EDM


Error detection

The following conditions force a transition to the Error state:

  • Invalid static Reset signal in the process

  • Invalid EDM signal in the process

  • The S_OutControl and Reset inputs are incorrectly interconnected due to programming error.

Error behavior

In error states, the outputs are as follows:

  • The S_EDM_Out is set to FALSE and remains in this safe state.

  • An EDM error message must always be reset by a rising trigger at Reset.

  • A Reset error message can be reset by setting Reset to FALSE.

After function block activation, the optional startup inhibit can be reset by a rising edge at the Reset input.

FB-Specific Error and Status Codes

Table 83. FB-specific error codes

DiagCode

Statue Name

Status description and output setting

16#C001

Reset Error 1

Static Reset signal in status 16#8001.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C011

Reset Error 21

Static Reset signal or same signals at EDM1 and Reset (rising trigger at Reset and EDM1 at the same time) in state 16#C010.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C021

Reset Error 22

Static Reset signal or same signals at EDM2 and Reset (rising trigger at Reset and EDM2 at the same time) in state 16#C020.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C031

Reset Error 23

Static Reset signal or same signals at EDM1, EDM2, and Reset (rising trigger at Reset, EDM1, and EDM2 at the same time) in state 16#C030.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C041

Reset Error 31

Static Reset signal or same signals at EDM1 and Reset (rising trigger at Reset and EDM1 at the same time) in state 16#C040.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C051

Reset Error 32

Static Reset signal or same signals at EDM2 and Reset (rising trigger at Reset and EDM2 at the same time) in state 16#C050.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C061

Reset Error 33

Static Reset signal or same signals at EDM1, EDM2, and Reset (rising trigger at Reset, EDM1, and EDM2 at the same time) in state 16#C060.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C071

Reset Error 41

Static Reset signal in status 16#C070.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C081

Reset Error 42

Static Reset signal in status 16#C080.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C091

Reset Error 43

Static Reset signal in status 16#C090.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C010

EDM Error 11

The signal at EDM1 is not valid in the initial actuator state. In state 16#8010, the EDM1 signal is FALSE when enabling S_OutControl.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C020

EDM Error 12

The signal at EDM2 is not valid in the initial actuator state. In state 16#8010, the EMD2 signal is FALSE when enabling S_OutControl.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C030

EDM Error 13

The signals at EDM1 and EDM2 are not valid in the initial actuator states. In state 16#8010, the EDM1 and EDM2 signals are FALSE when enabling S_OutControl.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C040

EDM Error 21

The signal at EDM1 is not valid in the initial actuator state. In state 16#8010, the EDM1 signal is FALSE and the monitoring time has elapsed.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C050

EDM Error 22

The signal at EDM2 is not valid in the initial actuator state. In state 16#8010, the EDM2 signal is FALSE and the monitoring time has elapsed.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C060

EDM Error 23

The signals at EDM1 and EDM2 are not valid in the initial actuator states. In state 16#8010, the EDM1 and EDM2 signals are FALSE and the monitoring time has elapsed.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C070

EDM Error 31

The signal at EDM1 is not valid in the actuator switching state. In state 16#8000, the EDM1 signal is TRUE and the monitoring time has elapsed.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C080

EDM Error 32

The signal at EDM2 is not valid in the actuator switching state. In state 16#8000, the EDM2 signal is TRUE and the monitoring time has elapsed.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C090

EDM Error 33

The signals at EDM1 and EDM2 are not valid in the actuator switching states. In state 16#8000, the EDM1 and EDM2 signals are FALSE and the monitoring time has elapsed.

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE

16#C111

Init Error

Similar signals at S_OutControl and Reset (R_TRIG at same cycle) detected (may be a programming error).

Ready = TRUE

S_EDM_Out = FALSE

Error = TRUE



Table 84. FB-specific status codes

DiagCode

Statue Name

Status description and output setting

16#0000

Idle

The function block is not active (basic state).

Ready = FALSE

S_EDM_Out = FALSE

Error = FALSE

16#8001

Init

Block activation startup lock is active. Reset required.

Ready = TRUE

S_EDM_Out = FALSE

Error = FALSE

16#8010

Output Disable

EDM control is not active. Timer starts when state is entered.

Ready = TRUE

S_EDM_Out = FALSE

Error = FALSE

16#8000

Output Enable

EDM control is active. Timer starts when state is entered.

Ready = TRUE

S_EDM_Out = TRUE

Error = FALSE