SF_EmergencyStop
Applicable Safety Standards
SF_EmergencyStop is a certified PLCopen function block. For detailed information about the applied standards , see: "PLCopen – Technical Committee 5 – Safety Software"
Important
The requirements which are listed in the standards must be met by the user.
Interface Description
This function block is a safety-related function block for monitoring an emergency stop button. SF_EmergencyStop can be used for emergency switch-off functionality (stop category 0), or – with additional peripheral support – as emergency stop (stop category 1 or 2).
Name | Data Type | Initial Value | Description, Parameter Values |
|---|---|---|---|
|
|
| |
|
|
| Safety demand input Variable
|
|
|
| |
|
|
| |
|
|
|
Name | Data Type | Initial Value | Description, Parameter Values |
|---|---|---|---|
|
|
| |
|
|
| Output for the safety-related response
Demand for safety-related response (e.g. emergency stop button engaged, reset required or internal errors active)
No demand for safety-related response (e.g. emergency stop button not engaged; no internal errors active). |
|
|
| |
|
|
| |
|
|
| |
|
|
| See Diagnostic Codes |
Functional Description
The S_EStopOut enable signal is reset to FALSE as soon as the S_EStopIn input is set to FALSE. The S_EStopOut enable signal is reset to TRUE only if the S_EStopIn input is set to TRUE and a reset occurs. The enable reset depends on the defined S_StartReset, S_AutoReset, and Reset.
If S_AutoReset = TRUE: Acknowledgment is automatic.
If S_AutoReset = FALSE: A rising trigger at the Reset input must be used to acknowledge the enable.
If S_StartReset = TRUE: Acknowledgment is automatic the fist time the safety controller is started.
If S_StartReset = FALSE: A rising trigger at the Reset input must be used to acknowledge the enable.
Caution
The S_StartReset and S_AutoReset inputs shall only be activated if it is ensured that no hazardous situation can occur when the safety controller is started.
SF_EmergencyStop can be used to monitor both single and dual-channel emergency stop buttons. For example, for two-channel applications, the additional SF_Equivalent function block can be used to detect whether the contact synchronization has been exceeded. The category classification in accordance with EN ISO 13849-1 will depend on the final elements that are used.
The SF_EmergencyStop automatically detects a static TRUE on Reset. Further error detection, e.g. wire break or short circuit, depends on the dedicated hardware that is used.
State diagram
SF_EmergencyStop
Tip
The transition from any state to the Idle state due to Activate = FALSE is not shown. However these transitions have the highest priority.
Typical Timing Diagrams
SF_EmergencyStop: S_StartReset = FALSE; S_AutoReset = FALSE; Start, Reset, Normal Operation, Safety Demand, Restart
Error Detection
The function block detects a static TRUE signal at Reset input.
Error Behavior
S_EStopOut is set to FALSE. In case of a static TRUE signal at the ResetIn input, the DiagCode output indicates the relevant error code and the Error output is set to TRUE.
To leave the error states, the Reset must be set to FALSE.
FB-Specific Error and State Codes
| State Name | State Description and Output Setting |
|---|---|---|
|
|
|
|
|
|
| State Name | State Description and Output Setting |
|---|---|---|
|
| The function block is not active (initial state).
|
|
| Activation is
|
|
| Activation is
|
|
| Activation is
|
|
| Activation is
|
|
| Activation is
|
|
| Activation is
|