SF_TestableSafetySensor

Tip

The version of the function block as described here corresponds to the latest version of the function block in Version list of function blocks.

Applicable safety standards

SF_TestableSafetySensor is a certified PLCopen function block. For detailed information about applied standards, see "PLCopen – Technical Committee 5 – Safety Software".

Important

The requirements listed in the standards must be fulfilled by the user.

Interface description

This FB is used for periodic testing of a testable electronic/optical sensor or type 2 electro-sensitive protective equipment (ESPE). The FB can also be used for external testable safety sensors (ESPE: Electro-sensitive protective equipment, e.g. light beam). It also monitors the status of the safety sensor.

Table 50. VAR_INPUT

Name	Data Type	Initial Value	Description, parameter values
`Activate`	`BOOL`	`FALSE`	General input parameters
`S_OSSD_In`	`SAFEBOOL`	`FALSE`	Variable Status of the sensor output, e.g. light grid. `FALSE`: Safety sensor in test state or request for safety-oriented response. `TRUE`: Sensor in status for normal operating state
`StartTest`	`BOOL`	`FALSE`	Variable Input to start sensor test. Sets `S_TestOut` and starts the internal time monitoring function of the FB. `FALSE`: No test requested. `TRUE`: Test requested
`TestTime`	`TIME`	`T#10ms`	Constant. Range: `0 … 150 ms`. Test time for safety sensor. The 'TestTime' caution note must be observed.
`NoExternalTest`	`BOOL`	`FALSE`	Constant Indicates whether external manual sensor test is supported. `FALSE`: The external, manual sensor test is supported. After a faulty automatic sensor test, an automatic test is only possible again after a complete manual sensor switching sequence. `TRUE`: The external, manual sensor test is not supported. After a faulty automatic sensor test, an automatic test is possible again – without a manual sensor switching.
`S_StartReset`	`SAFEBOOL`	`FALSE`	General input parameters
`S_AutoReset`	`SAFEBOOL`	`FALSE`	General input parameters
`Reset`	`BOOL`	`FALSE`	General input parameters

TestTime

For developers in Extended Level: The TestTime input has to be set to a constant value. This value must not be changed for the calls.

Table 51. VAR_OUTPUT

Name	Data Type	Initial Value	Description, parameter values
`Ready`	`BOOL`	`FALSE`	General output parameters
`S_OSSD_Out`	`SAFEBOOL`	`TRUE`	Safety-oriented output which displays the status of the ESPE. `FALSE`: The sensor has a demand for a safety-oriented action, or test error. `TRUE`: The sensor has no demand for a safety-oriented action, AND test error.
`S_TestOut`	`SAFEBOOL`	`TRUE`	Coupled with the test input of the sensor. Although specified as `SAFEBOOL`, in practice the signal is often connected to a `BOOL` output. `FALSE`: Test request sent `TRUE`: No test request
`TestPossible`	`BOOL`	`FALSE`	Feedback signal to the process. `FALSE`: An automatic sensor test is not possible. `TRUE`: An automatic sensor test is possible.
`TestExecuted`	`BOOL`	`FALSE`	A positive signal edge indicates successful execution of the automatic sensor test. `FALSE`: An automatic sensor test has not yet been performed. An automatic sensor test is active. An automatic sensor test has failed. `TRUE`: A sensor test has been performed successfully.
`Error`	`BOOL`	`FALSE`	General output parameters
`DiagCode`	`WORD`	`16#0000`	Diagnostic codes

Tip

OSSD stands for: Output Signal Switching Device

Figure 82. Function block: SF_TestableSafetySensor

Functional description

Type 2 ESPE is used for periodic testing. It is intended to detect a hazardous error (for example, sensor failure, response time exceeds the specified time). The test signal should simulate the operation of the measurement control and the duration of the periodic test should not exceed 150 ms. The test should verify that each light beam operates in the manner specified by the user. If the test should be initiated by an external, safety-oriented control system (e.g. a machine), then the ESPE should be equipped with suitable input equipment (e.g. terminal).

Important

The ESPE has to be selected according to the product standards and the required categories according to the standards.

It has to be monitored with a separate functionality that the test is initiated within appropriate intervals.

Caution

The S_StartReset and S_AutoReset inputs shall only be activated if it is ensured that no hazardous situation can arise when the S-PLC is started.

Procedure. Test mode

StartTest = TRUE: STestOut = FALSE. Start of the monitoring time
S_TestOut signal stops the transmitter (monitoring of TestTime started for the first time)
S_OSSD_In switches from TRUE to FALSE (monitoring of TestTime started for the second time)
S_TestOut switches from FALSE to TRUE
Start transmitter
Sensor S_OSSD_In switches from FALSE to TRUE
Stop monitoring time
S_OSSD_Out is TRUE during the test

. Optional startup lock

Startup lock after activation of the FB
Startup lock after interruption of the guard

Status diagram

Figure 83. Status diagram: SF_TestableSafetySensor

Tip

Note: The transition from any state to the Idle state, initiated by Activate = FALSE, is not shown. In every case, these transitions have the highest priority.

Timing diagram

Figure 84. Timing diagram: SF_TestableSafetySensor

Error detection

The following conditions force a transition to error status:

Test timeout without delayed sensor feedback
Test without sensor signal feedback
Invalid static Reset signal in the process
Plausibility check of the monitoring time setting

Error behavior

In case of an error event, the S_OSSD_Out output is set to FALSE and remains in this state. As soon as the error has been corrected and the sensor is in operation (S_OSSD_In = TRUE), a reset removes the error status and sets the S_OSSD_Out output to TRUE.

If S_AutoReset = FALSE, then a rising trigger edge is required at Reset.

After the transition from S_OSSD_In to TRUE, the optional startup lock can be restarted by a rising edge at the Reset input.

After function block activation, the optional startup lock can be restarted by a rising trigger edge at the Reset input.

FB-Specific Error and Status Codes

Table 52. FB-specific error codes

`DiagCode`	Statue Name	Status description and output setting
`16#C000`	`Parameter Error`	Invalid value of the TestTime parameter Values between `0 ms` and `150 ms` are possible. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = TRUE`
`16#C001`	`Reset Error 1`	Static Reset condition detected after FB activation `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#C002`	`Reset Error 2`	Static `Reset` condition detected in status `8003` `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = TRUE`
`16#C003`	`Reset Error 3`	Static reset condition detected in status `C010`. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = TRUE`
`16#C004`	`Reset Error 4`	Static reset condition detected in status `C020`. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = TRUE`
`16#C005`	`Reset Error 5`	Static reset condition detected in status `8006` `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = TRUE`
`16#C006`	`Reset Error 6`	Static reset condition detected in status `C000`. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = TRUE`
`16#C007`	`Reset Error 7`	Static reset condition detected in status `8013` `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = TRUE` `Error = TRUE`
`16#C010`	`Test Error 1`	Test time expired in status `8020` `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted= FALSE` `Error = TRUE`
`16#C020`	`Test Error 2`	Test time expired in status `8030` `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted= FALSE` `Error = TRUE`

Table 53. FB-specific status codes

`DiagCode`	Statue Name	Status description and output setting
`16#0000`	`Idle`	The function block is not active (basic state). `Ready = FALSE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8001`	`Init`	An activation was detected by the function block. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8002`	`ESPE Interrupted 1`	The FB has detected a safety requirement. The switch has not yet been tested automatically. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8003`	`Wait for Reset 1`	Wait for rising trigger edge after status `16#8002`. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8004`	`External Function Test`	The automatic sensor test has failed. An external manual sensor test is necessary. Support for the necessary external manual sensor test has been activated on the function block (`NoExternalTest = FALSE`). A negative signal edge is required at the sensor. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8005`	`ESPE Interrupted` `External Test`	The automatic sensor test has failed. An external manual sensor test is necessary. Support for the necessary external manual sensor test has been activated on the function block (`NoExternalTest = FALSE`). A `TRUE` signal is required at the sensor. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8006`	`End External Test`	The automatic sensor test has failed. An external manual sensor test is necessary. Support for the necessary external manual sensor test has been activated on the function block (`NoExternalTest = FALSE`). The external manual test is complete. The device detected a complete sensor switching cycle (externally controlled). `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8010`	`ESPE Free No Test`	The FB has not detected a safety requirement. The sensor was not tested automatically. `Ready = TRUE` `S_OSSD_Out = TRUE` `S_TestOut = TRUE` `TestPossible = TRUE` `TestExecuted = FALSE` `Error = FALSE`
`16#8020`	`Test Request`	The automatic sensor test is active. Test Timer is started for the first time. The transmitter signal has been switched off by the function block. The signal of the receiver has to follow the signal of the transmitter. `Ready = TRUE` `S_OSSD_Out = TRUE` `S_TestOut = FALSE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8030`	`Test Active`	The automatic sensor test is active. Test Timer is started for the second time. The transmitter signal of the sensor has been switched on by the function block. The signal of the receiver has to follow the signal of the transmitter. `Ready = TRUE` `S_OSSD_Out = TRUE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted = FALSE` `Error = FALSE`
`16#8000`	`ESPE Free Test ok`	The FB has not detected a safety requirement. The sensor was tested automatically. `Ready = TRUE` `S_OSSD_Out = TRUE` `S_TestOut = TRUE` `TestPossible = TRUE` `TestExecuted =TRUE` `Error = FALSE`
`16#8012`	`ESPE Interrupted 2`	The FB has detected a safety requirement. The switch was tested automatically. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted =TRUE` `Error = FALSE`
`16#8013`	`Wait for Reset 2`	Wait for a rising trigger edge of Reset after status `16#8012`. `Ready = TRUE` `S_OSSD_Out = FALSE` `S_TestOut = TRUE` `TestPossible = FALSE` `TestExecuted =TRUE` `Error = FALSE`