Skip to main content

Coordination with the Standard Controller

Important

If physical devices and variables of the standard controller are applied (as a logical I/O object) in the safety controller, then the application must be downloaded to the standard controller and the safety application must be downloaded to the safety controller. This is necessary to provide the current values to the physical devices, the Logical Exchange GVLs of the main controller, and the logical I/Os of the safety controller.

Configuration differences

If the physical devices and the exchange variables are configured differently from the corresponding objects of the safety application, then this is indicated by CODESYS Standard with the warning symbol for configuration errors in the project tree adjacent to the safety controller.

The configuration differences relate to the number, ID, or I/O size of the I/O modules and the exchange variables for the standard and safety controllers.

For bus systems where the safe configuration is transmitted by means of the standard configuration, the different parameterizations of an I/O module are displayed as a configuration difference.

Differences in the I/O configuration

If there are differences in the I/O configuration, then:

  • This is indicated by a warning symbol in the project tree of the main controller.

  • A log entry is generated in the application log for the safety controller. This log entry is generated only if I/O configurations are loaded on the safety controller and main controller, and these I/O configurations are unequal, and the safety controller detects this difference the first time.

    In the safety controller, the state is reset for the incorrect I/O configuration, when the safety controller detects the same I/O configuration loaded on the main controller.

Substitute values

Important

In contrast to the information in this section, this implementation demonstrates the following behavior: If the default controller is stopped, then the values of the default controller are transmitted.

If the safety application is stopped while the standard application is running, then the physical I/Os do not receive any current values of the safety application. If the standard application is stopped while the safety application is running, then the logical I/Os do not receive any current values of the main controller. In these cases, substitute values are applied.

. Substitute values for I/Os

  • If the developer stops the safety application, then all output channels (digital and analog, safe and unsafe) are automatically set to zero, and in the case of safe field devices, they are marked as failsafe values when the safety protocol supports this.

  • If the developer stops the safety application, then valid data continue to be copied from input channels to the mapped variables.

  • If I/O communication is stopped due to a mismatch while the application is running, then the input channels of safe field devices are set to failsafe values according to protocol and marked in the protocol API as failsafe.

  • If I/O communication is stopped due to a mismatch while the application is running, then the input channels of unsafe field devices are set to zero.

  • If the application is terminated (e.g., by downloading a new application), then a final output image is generated with all output channels (digital and analog) of safe field devices being set to failsafe values according to protocol and marked in the protocol as failsafe.

  • If the application is terminated (e.g., by downloading a new application), then a final output image is generated with all output channels (digital and analog) of unsafe field devices being set to zero.

If none of the current values can be exchanged as long as the application has not been terminated, then the following applies to the variable exchange:

. Substitute values for exchange variables

  • If the developer stops the safety application, or if the application of the standard controller is not running, then:

    • Zero values are written to the mapped read variables (exchange variables) of the other application.

    • Except in the case of an exchange mismatch, the values of the other application (variable ...Out) continue to be copied to the application's own variables (variable ...In).

  • If the variable exchange is stopped due to a mismatch, then zero values are written to the safety application on the mapped read variables (logical exchange object ...In).

  • If the safety application is terminated (e.g., by downloading a new application), then all write variables (variable ...Out) of the other application are set to zero again first.

: