User's Manual Safety Control Station Referencecdn2.us.yokogawa.com/IM32Q03B10-31E.pdf · Manual Safety Control Station Reference IM 32Q03B10-31E IM 32Q03B10-31E 4th Edition. Introduction

User'sManual

Safety ControlStation Reference

IM 32Q03B10-31E

IM 32Q03B10-31E4th Edition

IntroductionSafety Control Station (SCS) is a station for safety control. The SCS monitors the plant safetystatus, and carries out safety controls according to various safety demands.Provided as a reference to be checked for the necessary information when needed, this docu-ment explains the SCS configuration, safety control, the functions and function blocks thatcomprise the application logics for safety control, and the external communication function ofthe SCS, such as the integration structure with CENTUM VP or CENTUM CS 3000 (herein-after referred to as CENTUM). The SCS engineering or maintenance personnel should wellunderstand the contents of this document.Structure of this document is as follows:• Part A SCS Common

This part contains a functional overview of the SCS as well as an overview on software/hardware configurations, process data I/Os and setting items, the inter-SCS safety com-munication, the SCS link transmission, SOER, forcing, and connection with other sys-tems.

• Part B RAS (Reliability, Availability, Serviceability)How the RAS (Reliability, Availability, Serviceability) are realized with SCS are explainedin this part including the information of SCS operating modes, diagnosis management, er-ror handling and redundancy.

• Part C POU (Program Organization Unit)How to use POU (Program Organization Unit) to create the application logics are ex-plained in this part. The functions and the function blocks specific to ProSafe-RS are ex-plained.

• Part D Integration with CENTUMThis part contains the information on SCS integration with CENTUM, i.e., the basic SCSfunctions, interface with CENTUM for tag names, override operations from the CENTUMoperation and monitoring station (HIS), operations on manual operation function block,the block behaviors, features of external communication function block and SCS GlobalSwitch communication in the case that ProSafe-RS is integrated with CENTUM.

• Appendix IEC61131-3 standard functions/standard function blocksThis appendix provides explanations about IEC61131-3 Standard Functions/StandardFunction Blocks described in the Workbench User's Guide. The explanations are basedon Workbench User's Guide.

• INDEXOnly the names of functions and function blocks are listed.

i

Media No. IM 32Q03B10-31E (CD) 4th Edition : Jan. 2015 (YK)All Rights Reserved Copyright © 2011 , Yokogawa Electric Corporation

IM 32Q03B10-31E 4th Edition : Jan.30,2015-00

Safety Precautions for Usen Safety, Protection, and Modification of the Product

• To protect the system controlled by the Product and the Product itself and to ensure safeoperation, please observe the safety precautions described in this Manual. YokogawaElectric Corporation ("YOKOGAWA") assumes no liability for safety if users fail to observethe safety precautions and instructions when operating the Product.

• If the Product is used in a manner not specified in the User's Manuals, the protection pro-vided by the Product may be impaired.

• If any protection or safety circuit is required for the system controlled by the Product or forthe Product itself, please install it externally.

• Use only spare parts that are approved by YOKOGAWA when replacing parts or consum-ables of the Product.

• Do not use the Product and its accessories such as power cords on devices that are notapproved by YOKOGAWA. Do not use the Product and its accessories for any purposeother than those intended by YOKOGAWA.

• Modification of the Product is strictly prohibited.

• The following symbols are used in the Product and User's Manuals to indicate the accom-panying safety precautions:

Indicates that caution is required for operation. This symbol is labeled on the Prod-uct to refer the user to the User's Manuals for necessary actions or behaviors inorder to protect the operator and the equipment against dangers such as electricshock. In the User's Manuals, you will find the precautions necessary to preventphysical injury or death, which may be caused by accidents, such as electricshock resulting from operational mistakes.Identifies a protective conductor terminal. Before using the Product, you mustground the protective conductor terminal to avoid electric shock.Identifies a functional grounding terminal. A terminal marked "FG" also has thesame function. This terminal is used for grounding other than protective grounding.Before using the Product, you must ground this terminal.Indicates an AC supply.

Indicates a DC supply.Indicates the ON position of a power on/off switch.

Indicates the OFF position of a power on/off switch.

n Notes on Handling User's Manuals• Hand over the User's Manuals to your end users so that they can keep the User's Man-

uals on hand for convenient reference.

• Thoroughly read and understand the information in the User's Manuals before using theProduct.

• For the avoidance of doubt, the purpose of the User's Manuals is not to warrant that theProduct is suitable for any particular purpose but to describe the functional details of theProduct.

• Contents of the User's Manuals are subject to change without notice.

ii


• Every effort has been made to ensure the accuracy of contents in the User's Manuals.However, should you have any questions or find any errors, contact us or your local dis-tributor. The User's Manuals with unordered or missing pages will be replaced.

n Warning and Disclaimer• Except as specified in the warranty terms, YOKOGAWA shall not provide any warranty for

the Product.

• YOKOGAWA shall not be liable for any indirect or consequential loss incurred by eitherusing or not being able to use the Product.

n Notes on Software• YOKOGAWA makes no warranties, either expressed or implied, with respect to the Soft-

ware Product's merchantability or suitability for any particular purpose, except as speci-fied in the warranty terms.

• Purchase the appropriate number of licenses of the Software Product according to thenumber of computers to be used.

• No copy of the Software Product may be made for any purpose other than backup; other-wise, it is deemed as an infringement of YOKOGAWA's Intellectual Property rights.

• Keep the software medium of the Software Product in a safe place.

• No reverse engineering, reverse compiling, reverse assembling, or converting the Soft-ware Product to human-readable format may be performed for the Software Product.

• No part of the Software Product may be transferred, converted, or sublet for use by anythird-party, without prior written consent from YOKOGAWA.

iii


Documentation Conventionsn Symbols

The following symbols are used in the User's Manuals.

Identifies instructions that must be observed to avoid physicalinjury, electric shock, or death.

Identifies instructions that must be observed to prevent damageto the software or hardware, or system failures of the Product.

Identifies important information required to understand opera-tions or functions.

Identifies additional information.

Identifies referenced content.In online manuals, you can view the referenced content by click-ing the links that are in green text. However, this action does notapply to the links that are in black text.

n Typographical ConventionsThe following typographical conventions are used throughout the User's Manuals.

l Commonly Used Conventions throughout the User's Manuals• Δ Mark

Indicates that a space must be entered between character strings.Example:

.ALΔPIC010Δ-SC• Character string enclosed by braces

Indicates character strings that may be omitted.Example:

.PRΔTAGΔ.sheet name

l Conventions Used to Show Key or Button Operations• Characters enclosed by brackets [ ]

When characters are enclosed by brackets in the description of a key or button operation,it indicates a key on the keyboard, a button name in a window, or an item in a list boxdisplayed in a window.Example:

To alter the function, press the [ESC] key.

l Conventions of a User-defined Folder• User-defined folder name enclosed by parenthesis ( )

User definable path is written in a pair of parentheses.Example:

(RS Project Folder)\SCS0101

iv


If the RS Project Folder is C:\MYRSPJT, the above path becomes C:\MYRSPJTSCS0101.

n Drawing ConventionsDrawings used in the User's Manuals may be partially emphasized, simplified, or omitted forthe convenience of description.Drawings of windows may be slightly different from the actual screenshots with different set-tings or fonts. The difference does not hamper the understanding of basic functionalities andoperation and monitoring tasks.

n Integration with CENTUMThe Product can be integrated with CENTUM VP or CENTUM CS 3000. In the User's Man-uals, the integration with CENTUM VP or CENTUM CS 3000 is referred to as "Integration withCENTUM."In the User's Manuals, the explanations for integrating the Product with CENTUM VP orCENTUM CS 3000, the glossary for various features of CENTUM VP is used instead of theglossary for CENTUM CS 3000. For example, the term "CENTUM VP System Alarm View" isused instead of "CENTUM CS 3000 System Alarm window." Nevertheless, if the features forintegrating the Product with CENTUM VP and CENTUM CS 3000 are different, both featureswill be explained separately.

SEEALSO For more information about the functions and usage of CENTUM VP components for integrating the Product

with CENTUM VP, refer to:

User's Manuals (IM), Technical Information (TI), and General Specifications (GS) of CENTUM VP

For more information about the features and usage of CENTUM CS 3000 components for integrating theProduct with CENTUM CS 3000, refer to:

User's Manuals (IM), Technical Information (TI), and General Specifications (GS) of CENTUM CS 3000

n Explanation of Hardware and Software Behaviors in the User'sManuals

In the User's Manuals, system behaviors are explained assuming that the latest versions ofYOKOGAWA software and hardware at the time of publication of the User's Manuals are in-stalled.If additional precise information about the safety of legacy versions of software or hardware isrequired, a link to the corresponding explanation is provided. Please refer to the informationaccording to your system.

n Station TypesA safety control station (hereafter referred to as SCS) is named according to the type of thesafety control unit used in it.

Table Info-1 Names of SCS and Safety Control Unit UsedName of SCS Model of the safety control unit

SCSV1-S SSC10S/SSC10D

SCSP1-S SSC50S/SSC50D

SCSP2-S SSC60S/SSC60D

SCSU1-S SSC57S/SSC57D

In the User's Manuals, the following abbreviations may be used to describe functions of theseSCS as a whole.

v


• SCSV1: Abbreviation of SCSV1-S

• SCSP1: Abbreviation of SCSP1-S

• SCSP2: Abbreviation of SCSP2-S

• SCSU1: Abbreviation of SCSU1-S

vi


Copyright and Trademark Noticesn All Rights Reserved

The copyright of the programs and online manuals contained in the software medium of theSoftware Product shall remain with YOKOGAWA.You are allowed to print the required pages of the online manuals for the purposes of using oroperating the Product; however, reprinting or reproducing the entire document is strictly pro-hibited by the Copyright Law.Except as stated above, no part of the online manuals may be reproduced, transferred, sold,or distributed to a third party in any manner (either in electronic or written form including, with-out limitation, in the forms of paper documents, electronic media, and transmission via thenetwork). Nor it may be registered or recorded in the media such as films without permission.

n Trademark Acknowledgments• CENTUM, ProSafe, Vnet/IP, and STARDOM are registered trademarks of YOKOGAWA.

• Microsoft, Windows, Windows Vista, Windows Server, Visual Basic, Visual C++, and Vis-ual Studio are either registered trademarks or trademarks of Microsoft Corporation in theUnited States and other countries.

• Adobe, Acrobat, and Adobe Reader are registered trademarks of Adobe Systems Incor-porated.

• Ethernet is a registered trademark of Xerox Corporation.

• HART is a registered trademark of the HART Communication Foundation.

• Modicon and Modbus are registered trademarks of Schneider Electric SA.

• All other company and product names mentioned in the User's Manuals are trademarksor registered trademarks of their respective companies.

• TM or ® mark are not used to indicate trademarks or registered trademarks in the User'sManuals.

• Logos and logo marks are not used in the User's Manuals.

vii


Safety Control Station Reference

IM 32Q03B10-31E 4th Edition

CONTENTSPART-A Overview of SCS..............................................A-1

A1. Overview of SCS................................................................................ A1-1A2. SCS hardware.....................................................................................A2-1A3. Scan period and time synchronization of SCS............................... A3-1

A3.1 Scan period of SCS....................................................................................A3-2A3.1.1 Definition of SCS scan period...................................................... A3-3

A3.1.2 Automatic extension function for scan period of the application logicexecution function........................................................................ A3-5

A3.1.3 Online change of scan period of the application logic executionfunction........................................................................................ A3-9

A3.2 Time synchronization of SCS................................................................. A3-10

A4. AIO/DIO data inputs/outputs for SCS stations................................A4-1A4.1 Flow of AIO/DIO data inputs and outputs................................................A4-2A4.2 I/O variable..................................................................................................A4-4A4.3 Common input/output setting items........................................................ A4-9A4.4 Items set for analog inputs..................................................................... A4-13A4.5 Items set for analog outputs...................................................................A4-28A4.6 Items set for discrete inputs................................................................... A4-34A4.7 Items set for discrete outputs.................................................................A4-39

A5. Inter-SCS safety communication......................................................A5-1A6. SCS link transmission.......................................................................A6-1

A6.1 Overview of SCS link transmission..........................................................A6-2A6.2 Actions taken for SCS link transmission when SCS is unsteady......... A6-6A6.3 Forcing of SCS link transmission data.................................................... A6-9

A7. SOER...................................................................................................A7-1A7.1 Overview of SOER......................................................................................A7-2A7.2 Event collection..........................................................................................A7-4A7.3 Event storage............................................................................................. A7-8A7.4 Management of event information when SCS is unsteady.................. A7-10

A8. Forcing................................................................................................A8-1A8.1 Variable locking..........................................................................................A8-2A8.2 Variable value setting................................................................................ A8-7

TocA-1


A8.3 Forcing function block parameters........................................................A8-10A8.4 Forcing of inter-SCS safety communication......................................... A8-12A8.5 Applications of the forcing function...................................................... A8-16

A8.5.1 Application debugging................................................................A8-17

A8.5.2 Utilization of the forcing function in SCS maintenance.............. A8-19

A9. Connection with other systems........................................................A9-1

TocA-2




CONTENTSPART-B RAS (Reliability, Availability, Serviceability).......

...........................................................................B-1B1. What is RAS (Reliability, Availability and Serviceability) of SCS?........

.............................................................................................................B1-1B2. Operating mode................................................................................. B2-1B3. Diagnostic management function and diagnostic information

message..............................................................................................B3-1B3.1 Diagnostic management function of SCS................................................B3-2B3.2 Notification of error level through diagnostic information messages..........

..................................................................................................................... B3-4

B4. Notification of diagnostic information using the IOM Report........B4-1B4.1 IOM Report of AIO/DIO modules...............................................................B4-2B4.2 IOM Report of communication modules................................................ B4-11

B5. Operations at SCS startup................................................................ B5-1B6. Actions taken at error occurrence and recovery procedure......... B6-1

B6.1 Actions taken at fatal error occurrence and recovery procedure......... B6-3B6.1.1 Actions taken at occurrence of errors affecting the entire system and

recovery procedure...................................................................... B6-4

B6.1.2 Actions taken at CPU module error occurrence and recoveryprocedure.....................................................................................B6-5

B6.1.3 Behavior at abnormal calculation.................................................B6-7

B6.2 Actions taken at major error occurrence and recovery procedure.................................................................................................................................. B6-11B6.2.1 Actions taken at input module error occurrence and recovery

procedure...................................................................................B6-12

B6.2.2 Actions taken at input channel error occurrence and recoveryprocedure...................................................................................B6-13

B6.2.3 Actions taken at output module error occurrence and recoveryprocedure...................................................................................B6-15

B6.2.4 Actions taken at output channel error occurrence and recoveryprocedure...................................................................................B6-17

B6.2.5 Actions taken at errors between CPU and input/output module andrecovery procedure.................................................................... B6-22

B6.2.6 Actions taken at error occurrence for optical ESB bus repeaterdevices.......................................................................................B6-24

TocB-1


B6.3 Actions taken at minor error occurrence and recovery procedure................................................................................................................................. B6-28

B7. Dual redundancy................................................................................B7-1B7.1 Redundant configuration in SCS..............................................................B7-2B7.2 CPU redundant status............................................................................... B7-5B7.3 Automatic execution of IOM download....................................................B7-8

TocB-2




CONTENTSPART-C POU...................................................................C-1

C1. Overview of POU................................................................................C1-1C1.1 Types of functions and function blocks.................................................. C1-2C1.2 Common specifications.............................................................................C1-8C1.3 User-defined functions and function blocks.........................................C1-10

C2. Safety functions.................................................................................C2-1C2.1 MUXBOOL4 (BOOL-type multiplexer with 4 entries).............................. C2-2C2.2 MUXBOOL8 (BOOL-type multiplexer with 8 entries).............................. C2-3C2.3 MUXREAL4 (REAL-type multiplexer with 4 entries)............................... C2-4C2.4 MUXREAL8 (REAL-type multiplexer with 8 entries)............................... C2-5C2.5 SCALER (scaler).........................................................................................C2-6C2.6 SEL_R (REAL-type binary Selector).........................................................C2-8C2.7 SEL_T (TIME-type Binary Selector)..........................................................C2-9C2.8 IB_TO_V (Converter (IO_BOOL to data value))..................................... C2-10C2.9 IB_TO_S (Converter (IO_BOOL to data status)).................................... C2-11C2.10 IR_TO_V (Converter (IO_REAL to data value))......................................C2-12C2.11 IR_TO_S (Converter (IO_REAL to data status)).................................... C2-13

C3. Safety function blocks.......................................................................C3-1C3.1 REPEATTIMER (Repeat Timer)..................................................................C3-2C3.2 FILTER (first-order lag filter)..................................................................... C3-4C3.3 FILTER_S (first-order lag filter with data status).....................................C3-6C3.4 ANLG1OO2D (1oo2D analog voter)..........................................................C3-8C3.5 ANLGVOTER (IO_REAL-type analog voter)...........................................C3-13C3.6 BOOLVOTER (IO_BOOL-type BOOL voter)........................................... C3-20C3.7 ANLG_S (analog input function block with data status)......................C3-22C3.8 ANLGI (analog input)............................................................................... C3-29C3.9 VEL (velocity limit alarm)........................................................................ C3-34C3.10 CTU (count up counter)...........................................................................C3-37C3.11 CTD (count down counter)......................................................................C3-39C3.12 CTUD (count up/down counter)..............................................................C3-41C3.13 B_TO_IB (Converter (data value and status to IO_BOOL-type data))...........

................................................................................................................... C3-43

TocC-1


C3.14 R_TO_IR (Converter (data value and status to IO_REAL-type data)).............................................................................................................................. C3-44

C3.15 ANN_FUP (first-up alarm annunciator).................................................. C3-45C3.16 FUP_RST (first-up alarm annunciator reset)......................................... C3-48

C4. Function blocks for inter-SCS communication (Safety FBs).........C4-1C4.1 PROD_B (inter-SCS safety communication BOOL-type data producer)......

..................................................................................................................... C4-2C4.2 PROD_I (inter-SCS safety communication INTEGER-type data producer)..

..................................................................................................................... C4-4C4.3 PROD_R (inter-SCS safety communication REAL-type data producer).......

..................................................................................................................... C4-6C4.4 CONS_B (inter-SCS safety communication BOOL-type data consumer).....

..................................................................................................................... C4-8C4.5 CONS_I (inter-SCS safety communication INTEGER-type data consumer).

................................................................................................................... C4-11C4.6 CONS_R (inter-SCS safety communication REAL-type data consumer).....

................................................................................................................... C4-13C4.7 LTSND (link transmission data output)..................................................C4-15C4.8 LTRCV (safety link transmission data input).........................................C4-16

C5. Function blocks for integration with CENTUM (Safety FBs)......... C5-1C5.1 Override function blocks...........................................................................C5-2C5.2 Grouping override function block............................................................ C5-5C5.3 PASSWD (password)................................................................................. C5-8C5.4 MOB_11 (BOOL-type data manual operation function block with two-

position answerback).............................................................................. C5-10C5.5 MOB_21 (BOOL-type data manual operation function block with three-

position answerback).............................................................................. C5-14C5.6 MOB_RS (auto-reset BOOL-type data manual operation)....................C5-18C5.7 MOA (analog-type data manual operation)............................................C5-20

C6. Interference-free functions............................................................... C6-1C6.1 LOGE (natural logarithm).......................................................................... C6-2C6.2 POWE (exponential function with base e)............................................... C6-3

C7. Interference-free function blocks.....................................................C7-1C7.1 ANN (annunciator)..................................................................................... C7-2C7.2 SOE_B (BOOL-type data SOER)...............................................................C7-3C7.3 SOE_I (INTEGER-type data SOER)...........................................................C7-5C7.4 SOE_R (REAL-type data SOER)................................................................C7-7C7.5 LTFCS (interference-free link transmission data input)......................... C7-9

C8. Subsystem communication function blocks (interference-free FB)..................................................................................................................C8-1C8.1 SCI_B (BOOL-type subsystem communication input)...........................C8-2C8.2 SCI_I (INTEGER-type subsystem communication input).......................C8-4C8.3 SCI_R (REAL-type subsystem communication input)............................C8-6C8.4 SCO_B (BOOL-type subsystem communication output).......................C8-8C8.5 SCO_I (INTEGER-type subsystem communication output).................C8-10

TocC-2


C8.6 SCO_R (REAL-type subsystem communication output)..................... C8-12

C9. External communication function blocks........................................C9-1C10. Safety system function blocks....................................................... C10-1

C10.1 SYS_STAT (SCS status management)....................................................C10-2C10.2 SYS_FORCE (forcing status management)...........................................C10-3C10.3 SYS_FORCE_LT (SCS link transmission lock status monitor)............C10-5C10.4 SYS_FORCE_BD (inter-SCS safety communication forcing status

management)............................................................................................C10-7C10.5 SYS_LTSTS (SCS link transmission reception status monitor)........ C10-10C10.6 SYS_DIAG (diagnostic information output).........................................C10-12C10.7 SYS_SECURE (security level management)........................................C10-14C10.8 SYS_SEC_CTL (security level protection)...........................................C10-16C10.9 SYS_OVR (override function blocks management)............................C10-18C10.10 SYS_PSWD (password function blocks management)...................... C10-22C10.11 SYS_ALLSD (station output shutdown)...............................................C10-25C10.12 SYS_IOSD (Module Output Shutdown)................................................C10-27C10.13 SYS_IOALLST (all I/O channels of SCS status indicator).................. C10-29C10.14 SYS_NODEST (all I/O channels of node status indicator)................. C10-31C10.15 SYS_OUTST (output module 8 channels indicator)............................C10-33C10.16 SYS_OUTST16 (output module 16 channels indicator)......................C10-36C10.17 SYS_INST (input module status indicator)..........................................C10-39C10.18 SYS_CHST (channel status indicator)................................................. C10-41C10.19 SYS_OUTEN (output module status indicator)................................... C10-43C10.20 SYS_CERR (computation error indicator)........................................... C10-46C10.21 SYS_SCANEXT (Scan Period Extension Indicator)............................ C10-48

C11. Interference-free system function blocks......................................C11-1C11.1 SYS_SCAN (execution time indicator)................................................... C11-2C11.2 SYS_TIME (SCS clock information)........................................................C11-4C11.3 SYS_SETTIME (SCS time setting)...........................................................C11-5C11.4 SYS_ALARM (diagnostic information status indicator)....................... C11-7C11.5 SYS_NETST (control bus status indicator)............................................C11-9C11.6 SYS_ESBINF (ESB bus status indicator).............................................C11-12C11.7 SYS_NODEINF (node status indicator)................................................ C11-14C11.8 SYS_IOMDSP (IOM status indicator)....................................................C11-16C11.9 SYS_ALRDSP (subsystem communication module status indicator)..........

................................................................................................................. C11-18C11.10 SYS_FORCE_SC (subsystem communication data forcing status

management)..........................................................................................C11-20C11.11 SYS_STAT_SC (subsystem communication output status indicator)..........

................................................................................................................. C11-22

C12. Function blocks for data buffering (Interference-free FB)........... C12-1C13. Function blocks for gas flow rate calculation (Interference-free FB)...

...........................................................................................................C13-1

TocC-3


C14. Function blocks for DNP3 communication (Interference-free FB)...................................................................................................................C14-1

TocC-4




CONTENTSPART-D Integration with CENTUM............................... D-1

D1. Integration with CENTUM..................................................................D1-1D2. Tag name interfaces for CENTUM.................................................... D2-1

D2.1 Overview of tag name interfaces..............................................................D2-3D2.2 Tag name interfaces for internal variables and I/O variables................ D2-9D2.3 Tag name interfaces of function blocks.................................................D2-12

D3. Override operation from HIS.............................................................D3-1D3.1 Overview of override FB............................................................................D3-2D3.2 Tag name interfaces and process alarms of override function blocks........

..................................................................................................................... D3-4D3.3 Overview of grouping override function block....................................... D3-8D3.4 Tag name interfaces and process alarms of grouping override function

block..........................................................................................................D3-12D3.5 Status management of function blocks used for override...................D3-15D3.6 Permission for override by password FB..............................................D3-17D3.7 Tag name interfaces and process alarms of password function blocks......

................................................................................................................... D3-21

D4. Manipulation of manual operation function blocks from HIS........D4-1D4.1 HIS interfaces of MOB_11 and MOB_21 (BOOL-type data manual

operation function block with answerback)............................................ D4-3D4.1.1 Manual operation permission function......................................... D4-8

D4.1.2 Password at manual operations.................................................. D4-9

D4.1.3 The Output Enable status display function................................ D4-10

D4.1.4 Answerback check function........................................................D4-11

D4.1.5 Monitoring IOP and OOP...........................................................D4-15

D4.1.6 Tag name interfaces and process alarms of MOB_11 and MOB_21......................................................................................................D4-16

D4.2 HIS interfaces of MOB_RS (auto-reset BOOL-type data manual operation)................................................................................................................... D4-20D4.2.1 Operations of MOB_RS from HIS..............................................D4-21

D4.2.2 Tag name interfaces and process alarms of MOB_RS..............D4-26

D4.3 HIS interfaces of MOA (analog-type data manual operation).............. D4-28D4.3.1 Operations of MOA from HIS.....................................................D4-29

D4.3.2 Tag name interfaces and process alarms of MOA.....................D4-32

TocD-1


D5. Data setting using external communication function blocks........D5-1D5.1 Confirmation of setting data..................................................................... D5-2D5.2 Tag name interfaces of external communication function blocks........ D5-3

D6. SCS global switch communication.................................................. D6-1D6.1 Referencing FCS data from SCS.............................................................. D6-2D6.2 Data setting from SCS to FCS...................................................................D6-4

TocD-2




CONTENTSAppendix

Appendix 1. IEC61131-3 standard functions/standard function blocks.................................................................................................App.1-1

Appendix 1.1 Safety standard functions..........................................................App.1-2Appendix 1.1.1 * (MUL)...........................................................................App.1-3

Appendix 1.1.2 + (ADD).......................................................................... App.1-4

Appendix 1.1.3 – (SUB)...........................................................................App.1-5

Appendix 1.1.4 / (DIV).............................................................................App.1-6

Appendix 1.1.5 1 GAIN............................................................................App.1-7

Appendix 1.1.6 ABS................................................................................ App.1-8

Appendix 1.1.7 AND................................................................................App.1-9

Appendix 1.1.8 Equal............................................................................ App.1-10

Appendix 1.1.9 Greater Than or Equal..................................................App.1-11

Appendix 1.1.10 Greater Than................................................................App.1-12

Appendix 1.1.11 Less Than or Equal...................................................... App.1-13

Appendix 1.1.12 Less Than.....................................................................App.1-14

Appendix 1.1.13 LIMIT............................................................................ App.1-15

Appendix 1.1.14 MAX..............................................................................App.1-16

Appendix 1.1.15 MIN...............................................................................App.1-17

Appendix 1.1.16 MUX4........................................................................... App.1-18

Appendix 1.1.17 MUX8........................................................................... App.1-19

Appendix 1.1.18 NOT..............................................................................App.1-21

Appendix 1.1.19 Not Equal......................................................................App.1-22

Appendix 1.1.20 OR................................................................................App.1-23

Appendix 1.1.21 ROL..............................................................................App.1-24

Appendix 1.1.22 ROR............................................................................. App.1-25

Appendix 1.1.23 SEL...............................................................................App.1-26

Appendix 1.1.24 SHL.............................................................................. App.1-27

Appendix 1.1.25 SHR..............................................................................App.1-28

Appendix 1.1.26 SQRT........................................................................... App.1-29

Appendix 1.1.27 XOR..............................................................................App.1-30

Appendix 1.2 Safety standard function blocks..............................................App.1-31Appendix 1.2.1 F_TRIG.........................................................................App.1-32

TocApp.-1


Appendix 1.2.2 R_TRIG........................................................................ App.1-33

Appendix 1.2.3 RS................................................................................ App.1-34

Appendix 1.2.4 SR................................................................................ App.1-35

Appendix 1.2.5 TOF.............................................................................. App.1-36

Appendix 1.2.6 TON..............................................................................App.1-37

Appendix 1.2.7 TP.................................................................................App.1-38

Appendix 1.3 Interference-free standard functions...................................... App.1-39Appendix 1.3.1 ACOS........................................................................... App.1-40

Appendix 1.3.2 ANY_TO_BOOL........................................................... App.1-41

Appendix 1.3.3 ANY_TO_DINT.............................................................App.1-42

Appendix 1.3.4 ANY_TO_REAL............................................................App.1-43

Appendix 1.3.5 ANY_TO_TIME............................................................ App.1-44

Appendix 1.3.6 ASIN.............................................................................App.1-45

Appendix 1.3.7 ATAN............................................................................ App.1-46

Appendix 1.3.8 COS..............................................................................App.1-47

Appendix 1.3.9 LOG..............................................................................App.1-48

Appendix 1.3.10 MOD.............................................................................App.1-49

Appendix 1.3.11 POW.............................................................................App.1-50

Appendix 1.3.12 SIN............................................................................... App.1-51

Appendix 1.3.13 TAN.............................................................................. App.1-52

Appendix 1.4 Interference-free standard function blocks............................App.1-53Appendix 1.4.1 AVERAGE.................................................................... App.1-54

Appendix 1.4.2 LIM_ALRM................................................................... App.1-55

TocApp.-2


A. Overview of SCSThis section describes the following items of SCS:• Functional overview

• Software configuration

• Overview of hardware configuration

• Process data I/Os and setting items

• inter-SCS safety communication

• SCS link transmission

• SOER

• Forcing

• Connection with other systems

<A. Overview of SCS> A-1


A1. Overview of SCSThe ProSafe-RS SCS (Safety Control Station) is a station dedicated for safety control applica-tions.The SCS consists of the function that monitors the safety conditions of the plant, the applica-tion logic execution function that performs pre-determined safety operations according toeach safety control request and the external communication function that communicates infor-mation with devices other than SCSs.There are two types of Safety Control Units of ProSafe-RS: one is connected to V net(SSC10S/SSC10D) and the other connected to Vnet/IP (SSC60S/SSC60D and SSC50S/SSC50D). SSC60S/SSC60D are high-speed and large capacity SCSs.

n Overview of SCS software configurationThe two main functions of the SCS are the application logic execution function that detectshazardous process conditions and prevent or mitigate hazardous events and the externalcommunication function, that communicates information with CENTUM. With the above func-tions, the data are exchanged with the V net stations through the communication function. Ifdata is written to the application logic execution function, the memory within the SCS is pro-tected by security level and other safety measures.

External communication function

Communication function

Application logic execution function

Communication data input/output function

Application logic execution

Inter-SCS safety communication function

SCS Link Transmission function

Diagnostic function

SCS

AIO/DIO data input/output function

RS-232C/RS-422/RS-485

Control bus

DCS of other companies

(Higher-level System)

RS-232C/RS-422/RS-485

Subsystem

SENG SCS

HIS

FCS CENTUM

PRM (managing HART devices)

PC

HART Device

SENG: Station that handles engineering and maintenance of SCSHIS: Station that executes operation and monitoring of CENTUMFCS: Control station of CENTUMPRM: Plant Resource Manager

Figure A1-1 Overview of SCS function configuration

<A1. Overview of SCS > A1-1


n Application logic execution functionThis function monitors the safety condition of the plant and makes the process shift to thesafety state on detecting any hazards. It mainly performs the following processing.• Input of analog input (AI)/Discrete input (DI) data from the field

• Execution of user-defined application logic

• Output of analog output (AO)/Discrete output (DO) data to the field

• Communication data I/O (Subsystem communication)

• Inter-SCS safety communication

• SCS link transmission

• Self-diagnosis

l Application logicAn SCS executes application logic written in the IEC 61131-3 program language. The applica-tion logic is defined by the user using Multi Language Editor and downloaded to the SCS.An SCS supports the following three languages of IEC 61131-3:• Function Block Diagram (FBD)

• Ladder Diagram (LD)

• Structured Text (ST)

TIP The application logic execution function explained here is not simply a name for a function that handles exe-cution of the application logic; rather, it is a generic name for all the functions explained above, including theactual execution of the application logic. In this manual, this term is used in the following explanation as well.

SEEALSO For more information about Function Block Diagram (FBD), Ladder Diagram (LD), refer to:

C1., “Overview of POU” on page C1-1

For more information about Structured Text (ST), refer to:

2.5, “Structured Text” in Engineering Guide (IM 32Q01C10-31E)

n External communication functionThis is a function for exchanging information with external systems connected to an SCS andit does not influence the application logic execution function. It mainly performs the followingprocessing.• CENTUM Integration Function

• SOER function

• Modbus slave communication function

• Diagnostic information collection function

• PRM-supported HART On-demand Communication

l PRM-supported HART on-demand communicationOn-demand communication with a HART device is implemented by PRM issuing a HARTcommand, and then receiving a response from the HART device via the SCS. Analog Input/Output modules with HART function serve as communication relays. Specifically, they receive



HART communication frames from PRM and send them directly to HART devices, while re-ceiving HART communication frames from HART devices and returning them directly to PRM.

n SCS databasesSEEALSO For more information about SCS database types, refer to:

2.6, “Capacity of SCS Applications” in Engineering Guide (IM 32Q01C10-31E)



A2. SCS hardwareThis chapter provides an overview of the hardware configuration of an SCS.• Status display of the CPU module

• Types of Input/Output Modules

SEEALSO For more information about the SCS hardware configuration and hardware devices that make up the entire

system, refer to:

2.2, “Hardware Configuration” in Engineering Guide (IM 32Q01C10-31E)

For more information about system scale and hardware installation conditions, refer to:

2.3, “Requirements for the Size of System and Installation of Hardware” in Engineering Guide (IM32Q01C10-31E)

For more information about the SCS hardware configuration changes that can be made by running an onlinechanges download, refer to:

“ I/O Module Information that is Changeable Online” in 5.2, “List of Applicable Items for Online Change”in Engineering Guide (IM 32Q01C10-31E)

n CPU module

l Combination of CPU nodes and CPU modulesApplicable combinations of CPU nodes and CPU modules are in the following table:

Table A2-1 Combinations of CPU nodes and CPU modulesCPU node type CPU module

SSC10S/SSC10D SCP401

SSC50S/SSC50D (*1) SCP451 (*1)

SSC60S/SSC60D (*2) SCP461 (*2)

*1: Supported in SCS system program R1.02 or later.*2: Supported in SCS system program R2.03 or later.

l Definition of SCS station typesDefine a station type matching the hardware in the SCS Project Properties window calledfrom SCS Manager. If a CPU module not supported by the defined station type is installed onthe control side of SCS, a warning is displayed at offline download. The CPU module will notstart even if offline download is executed ignoring the warning. If a correct CPU module is in-stalled on the control side but a CPU module different from the definition is installed on thestandby side, the CPU module on the standby side will not start.

l LED display• SCP401

The following information is displayed in the LEDs of the CPU module (SCP401) installedin the SSC10S/SSC10D.

Table A2-2 LEDs of SCP401

LED Quan-tity On Off

HRDY 1 The CPU hardware is normal A CPU hardware failure has occurred

RDY 1 Control is possible A fatal hardware/software failure has occurred

Continues on the next page

<A2. SCS hardware > A2-1


Table A2-2 LEDs of SCP401 (Table continued)

LED Quan-tity On Off

CTRL 1 The CPU module is in the CTRL sta-tus

The CPU module is in the RDY or STBY status

COPY 1 During APC Not during APC

RCV 2 V net bus 1/bus 2 receiving V net bus 1/bus 2 not receiving

SND 2 V net bus 1/bus 2 sending V net bus 1/bus 2 not sending

SYNC 1 Synchronized to the V net time or theIRIG-B time

Not synchronized to the IRIG-B time

SCTY 1 Online level (*1) Offline level (*1)

*1: Security level 0 corresponds to offline level and security levels 1 and 2 correspond to online level.

• SCP461/SCP451The following information is displayed in the LEDs of the CPU module (SCP461) installedin the SSC60S/SSC60D and the LEDs of the CPU module (SCP451) installed in theSSC50S/SSC50D.

Table A2-3 LEDs of the SCP461/SCP451

LED Quan-tity On (*1) Off

HRDY 1 The CPU hardware is normal A CPU hardware failure has occurred

RDY 1 Control is possible A fatal hardware/software failure has occurred

CTRL 1 The CPU module is in the CTRL sta-tus The CPU module is in the RDY or STBY status

COPY 1 During APC Not during APC

RCV 2 Vnet/IP bus 1/bus 2 receiving Vnet/IP bus 1/bus 2 not receiving

SND 2 Vnet/IP bus 1/bus 2 sending Vnet/IP bus 1/bus 2 not sending

SYNC 1 Synchronizes with Vnet/IP time (*2) The time synchronization function of the CPU mod-ule is faulty.

SCTY 1 Online level (*3) Offline level (*3)

*1: The RCV and SND LED blink.*2: Whether or not an SNTP server is connected to the network does not affect the LED On condition.*3: Security level 0 corresponds to offline level and security levels 1 and 2 correspond to online level.

The following communication statuses are indicated by combinations of RCV and SND sta-tuses (blinking or off). If a communication error has occurred, the network location where theerror occurred can be identified easily using the Network Status Display dialog box on theHIS.

Table A2-4 SND/RCV LED statuses and communication statusesSND RCV Communication Status

Off Off Communication disconnected

Blinking Blinking Normal (within the network connected by the layer 2 switch)

Blinking Off No other communication station is available (including a situation where onlyone SCS is connected to the network and its CPU module is operating in thesingle operation status)

Off Blinking The CPU module is faulty

The LEDs are positioned on the CPU module as shown in the following figure.



HRDY RDY CTRL COPY

SYNC SCTY

1 2

1 2

RCV

SND

1 2 3 4 5 6 7 8

RCV LED

SND LED

STATUS LED

COPY LED

CTRL LED

RDY LED

HRDY LED

Figure A2-1 LED layout on the front of the CPU module

The STATUS LEDs 1 to 8 can display either the status information or the domain/station num-ber of SCS depending on the display setting switch.The meaning of each LED when the status information of the SCS is displayed is summarizedin the following table. The SCS can be judged as operating normally if all the LEDs from 1 to8 are lit.

Table A2-5 LEDs indicating SCS statusLED Display Description

1, 2 Display of the operating mode • Running mode: Both LED 1 and LED 2 turn on.• Waiting mode: LED 1 turns off and LED 2 turns on.• Other modes: Both LED 1 and LED 2 turn off.

3 Tentative change of the security lev-el

LED 3 turns on only when the security level is 2.

4 SCS error occurrence status (*1) • LED 4 turns off if an error that does not involve user oper-ations has occurred in the system.

• LED 4 turns on if there is no error.

5 to 7 Not used Always lit

8 Indicates a status of writing to theflash memory

LED 8 turns off while writing to the flash memory.

*1: LED4 is interlocked with the output of the SYS_DIAG function block.

SEEALSO For more information about the LED display on CPU modules, refer to:

4.2.2, “LED Display” in Safety Control Stations (Hardware) (IM 32Q06C10-31E)

For more information about how to set LEDs 1 to 8 to display the V net address, refer to:

4.2.3, “Setting Switches” in Safety Control Stations (Hardware) (IM 32Q06C10-31E)

n HKU (house keeping unit)The HKU function in the CPU module monitors the operation environment of the CPU mod-ule. An error in the CPU operating environment is notified to the user via diagnostic informa-tion messages and status display window. The following items are monitored by the HKUfunction.• CPU node fan status

• Temperature in the vicinity of the CPU node

• Battery temperature



n Types of input/output modules• Analog input/output module

• Discrete input/output module

• Communication module

The modules above are collectively called input/output modules. Communication modulesthat can be installed in SCS are serial communication modules and Ethernet communicationmodules.

TIP In the explanation in this document, analog input/output modules and discrete input/output modules are col-lectively referred to as AIO/DIO modules. Analog input modules and discrete input modules are collectivelyreferred to as input modules, while analog output modules and discrete output modules are collectively refer-red to as output modules.

l Analog input/output modulesAnalog input/output modules are used to input/output analog signals indicating electrical cur-rent, voltage, etc. The types (models) of analog input/output modules are shown as follows.

Table A2-6 Specification of analog input/output modules

Classification Type Description Number ofchannels

Redundan-cy SIL support

Analog input SAI143 4 to 20 mA, isolated. 16 Allowed 3

SAV144 1 to 10 V, isolated. 16 Allowed 3

SAT145 Thermocouple/mV, isolatedchannels 16 Allowed 3

SAR145 Resistance temperature de-tector, isolated channels 16 Allowed 3

Analog output SAI533 4 to 20 mA, isolated. 8 Allowed 3

• SAI143An analog input module for electrical current. Modules whose suffix code is SAI143-Hsupport HART communication and are indicated as SAI143H in the SCS State Manage-ment Window on the SENG or the Status Display view on the HIS. SAI143-H can be usedwith software release number of R1.02.00 or later.

• SAV144An analog input module for electrical voltage.

• SAT145An analog input module for thermocouple (TC)/mV. This module can be used with soft-ware release number R3.01.00 or later.

• SAR145An analog input module for the resistance temperature detector (RTD). This module canbe used with software release number R3.01.00 or later.

• SAI533An analog output module for electrical current. This module can be used with software re-lease number of R1.02.00 or later. These modules are indicated as SAI533H in the SCSState Management Window on the SENG or the Status Display view on the HIS. Thismodule supports HART communication.

l Discrete input/output modulesDiscrete inputs and outputs are process inputs and outputs that use discrete on/off signals.



The following two input/output module types (model names) are used for discrete inputs andoutputs.

Table A2-7 Specification of discrete input/output modules

Classification Type Description Number ofchannels

Redundan-cy SIL support

Discrete input SDV144 24 V DC, module isolation 16 Possible 3

Discrete output SDV521 24 V DC, module isolation 4 Possible 3

SDV531 24 V DC, module isolation 8 Possible 3

SDV531-L 24 V DC, module isolation 8 Possible 3

SDV53A 48 V DC, module isolation 8 Possible 3

SDV541 24 V DC, module isolation 16 Possible 3

SDV526 100-120 V AC, module isola-tion 4 Possible 3

• SDV144A discrete input module. This module provides SOER (Sequence of Events Recorder)function.

• SDV521A 4-channel discrete output module. This module can be used with software releasenumber of R1.03.00 or later.

• SDV531A 8-channel discrete output module.

• SDV531-LAn 8-channel discrete output module for long distance. This module can be used withsoftware release number of R1.03.00 or later.

• SDV53AAn 8-channel 48 V DC discrete output module. This module can be used with softwarerelease number R2.03.00 or later.

• SDV541A 16-channel discrete output module. This module can be used with software releasenumber of R1.02.00 or later.

• SDV526A 4-channel 100-120 V AC discrete output module. This module can be used with soft-ware release number R2.02 or later.

TIP • In the case of SDV526, short circuits between channels cannot be detected. In addition, the followingfaults cannot be detected while SDV526 is outputting OFF signals.

• Short circuits in output wiring

• Output overload (faults in field devices that cause short circuits or overcurrent when the module's out-put is set to ON)

• The signals (ON or OFF) output to SDV526 by the application logic must be held for at least one secondso as to ensure detection of faults inside the module or notification of diagnostic information.

SEEALSO For more information about the SOER function on a DI module, refer to:

A7.2, “Event collection” on page A7-4



l Serial communication modulesSerial communication modules are used to implement Modbus slave communication, wherean SCS acting as a Modbus slave communicates with an external device acting as the Mod-bus master, and are also used to implement subsystem communication, where an SCS com-municates with a subsystem.• ALR111: Serial communication module (RS-232C)

An interference-free communication module providing an RS-232C interface

• ALR121: Serial communication module (RS-422/RS-485)An interference-free communication module providing an RS-422 or RS-485 interface

Take note on the following cautions when using the serial communication modules:• Modbus slave communication and subsystem communication cannot be performed simul-

taneously within a single serial communication module.

• When used for Modbus slave communication, serial communication modules cannothave a redundant configuration. If redundancy is required, use two serial communicationmodules and provide redundancy using a user application.

• A serial communication module can be configured as a redundant module if used for sub-system communication.

• With a safety control station SCSP2/SCSP1, the serial communication module for Mod-bus slave communication cannot be installed in an I/O node that is connected with theoptical ESB bus repeater module and installed at a distance longer than 5 km.

SEEALSO For more information about Modbus slave connection, refer to:

C1., “Common items regarding the Modbus slave communication function” in Open Interfaces (IM32Q05B10-31E)

For more information about using a serial communication module for subsystem communication, refer to:

2.17.1, “Subsystem Communication Function” in Engineering Guide (IM 32Q01C10-31E)

l Ethernet communication moduleAn Ethernet communication module is used to implement Modbus slave communication,where an SCS acting as a Modbus slave communicates with an external device acting as theModbus master.• ALE111: Ethernet communication module

Take note on the following cautions when using the Ethernet communication module:• The Ethernet communication module cannot have a redundant configuration. If redundan-

cy is required, use two Ethernet communication modules and provide redundancy using auser application.

• With a safety control station SCSP2/SCSP1, the Ethernet communication module cannotbe installed in an I/O node that is connected with the optical ESB bus repeater moduleand installed at a distance longer than 5 km.





A3. Scan period and timesynchronization of SCS

This chapter explains the scan period and time synchronization of SCS.

<A3. Scan period and time synchronization of SCS > A3-1


A3.1 Scan period of SCSThis section explains the following items related to the scan period of SCS.

• Definition of SCS Scan Period

• Automatic extension function for the scan period of the application logic execution func-tion (*1)

• Online change of scan period of the application logic execution function (*1)

*1: Supported in the SCS of SCS system program R2.03 or later.

n Overview of scan period of SCSThere are two types of scan periods of SCS, the scan period of the application logic executionfunction and the scan period of the external communication function. The scan period of theapplication logic execution function can be changed online.SCS has the automatic extension function for the scan period of the application logic execu-tion function. This function automatically extends the scan period of the application logic exe-cution function when the load on SCS becomes high. Use the SCS Constants Builder to spec-ify whether or not to use this function.

<A3.1 Scan period of SCS > A3-2


A3.1.1 Definition of SCS scan periodThis section describes the definition of the SCS Scan period and how to define it.

n Scan periods in SCSThe periodic processing for SCS falls into two types: Application Logic Execution Functionand External Communication Function. They are executed at their respective scan periods.

A scan period for Application Logic Execution Function

Application Logic Execution Function

External Communication Function

Idle time

A scan period for External Communication Function

Figure A3.1.1-1 Scan periods of SCS

The Application Logic Execution Function is the function having a top priority among SCSfunctions.The External Communication Function is executed in a part where the Application Logic Exe-cution Function is not executed in the CPU processing period. If the External CommunicationFunction finishes its processing before a scan period ends, the remaining time becomes theidle time on CPU.

l Processing of the Application logic execution functionThe Application Logic Execution Function is executed in the order presented as follows.

Scan period

1 2 3 4 5 1 2 3 4 5

Figure A3.1.1-2 Processing of the Application logic execution function

Table A3.1.1-1 Processing of the Application logic execution functionOrder Processing Name Description1 Input AI/DI data, Self-diagnosis Collects AI/DI data from input modules, and generates data val-

ues and data status. Stores the generated data in the input varia-bles. Generates status of output modules and the self-diagnos-tics are also executed at the same time.

2 Receive data from other SCS Receives the data from other SCSs, and stores them to the vari-ables. (Applicable to inter-SCS safety communication and SCSlink transmission)

3 Execute Application Logic Executes application logic in FBD and LD.

4 Transmit Data to other SCS Transmits data to other SCSs. (Applicable to inter-SCS safetycommunication and SCS link transmission)

5 Output AO/DO data, Self-diagno-sis

Collects the data from output variables, and writes the data tothe output modules. The self-diagnostic processing is executedat this timing.

The processing time of the Application Logic Execution Function may be prolonged by about20% at maximum because of the increase in the CPU load caused by communication for tagdata access or some other processing.



l Processing of the External communication functionThe External communication function is a general name for functions of communicating infor-mation of SCS with external systems. CENTUM Integration Function and Modbus Slave Com-munication Function are included in it.

n Specification of scan period of the application logic executionfunction

The scan period of the application logic execution function is specified on the Link Architec-ture View of SCS Manager. From [Edit] > [Properties], Call the Resource Properties dialogbox, enable the "Trigger cycles" check box in the "Settings" tab, and specify the value in "Cy-cle timing."• The scan period can be specified in the range from 50 ms to 1000 ms in increments of

10 ms.

• The specified scan period can be changed online. (*1)


SEEALSO For more information about link architecture view , refer to:

“Run-time Settings” in “Editing resource Properties” of “Link Architecture view” in the "Workbench" of theWorkbench User's Guide

n Specification of scan period of the external communication functionThe scan period of the external communication function is specified in the SCS ConstantsBuilder. Specify the value in [Scan Period for External System] in the [Communication] tab.• Either 1 second or 2 seconds can be specified.

• The default value is 1 second.

• Offline download is required to change the specified scan period.

n Watching scan run timeWhile the SCS system program runs successfully, the Watch Dog Timer (WDT) is periodicallyreset. The WDT is for self-diagnosing the cyclic operations.



A3.1.2 Automatic extension function for scan period of theapplication logic execution function

In such a case as when the SCS has to perform very large amount of communication to ac-cess tag data, the processing time of the Application Logic Execution Function may be pro-longed. If the amount of application is large and there is insufficient idle time before the nextscan period starts, the SCS does not have sufficient time for the processing of communica-tion on the control bus and for the External Communication Function that is done during theintervals between executions of the Application Logic Execution Function.In such conditions, some functions such as the CENTUM integration function are affected. Ifhigh-load conditions continue steadily, inter-SCS safety communication may also be affec-ted.To avoid such adverse effects, you need to design the application logic so as to ensure therecommended CPU idle time given in the Engineering Guide.If you anticipate that the SCS cannot maintain sufficient CPU idle time because of underesti-mating the amount of application logic at initial engineering or the modification of the SCSproject, you can specify the use of the automatic scan period extension function in order toavoid the adverse effects (*1)


IMPORTANTThe purpose of this function is to temporarily avoid occurrences of erroneous conditions inSCS. SCS cannot maintain the assumed process safety time if the automatic scan period ex-tension function is executed. Thus, take permanent measures such as reducing the amount ofapplication logic in order to lower the CPU load on the SCS.It is possible to check if the scan period has been automatically extended on the SENG orStatus Display view of HIS as well as via diagnostic information messages. It is also possibleto create application logic for confirming the state of scan period extension.

n Automatic scan period extension functionIn order to use the automatic scan period extension function, it is necessary to make thespecification in the SCS Constants Builder. The function operates only when specified. Thespecification can be changed by online change download.

SEEALSO For more information about how to specify automatic extension of scan period on the SCS Constants Builder,

refer to:

3.1.3, “SCS Constants Builder” in Engineering Reference (IM 32Q04B10-31E)

l Overview of automatic extension of scan periodIf the processing of the Application logic Execution Function is prolonged and almost occupiesthe whole scan period of the Application logic Execution Function defined in SCS Manager,the SCS cannot perform the processing for the communication on the control bus and for theExternal Communication Function that is done during the intervals between executions of theApplication Logic Execution Function.



At normal condition

Processing of Application logic Execution Function

Processing for control bus communication and External Communication Function

Scan period of Application logicExecution Function


At high-load(Before extension)

Processing time for control bus communication and External Communication Function is not enough.

Figure A3.1.2-1 Example of the case when the scan period is automatically extended

The automatic scan period extension function automatically extends the scan period of theApplication logic Execution Function when high-load conditions occur and ensures sufficienttime for the processing of communication on the control bus and for the External Communica-tion Function that is done during the intervals between executions of the application logic.


At high-load(After extension)

Scan period of Application logic Execution Function is extended to ensure sufficient processing time for control bus processing and External Communication Function.

Extension

Figure A3.1.2-2 State in which the scan period is automatically extended

By using the automatic scan period extension function, the time for the communication pro-cessing related to the following features are ensured.• Inter-SCS safety communication

• Integration with CENTUM

• Communication with SENG

• Diagnostic information message, process alarm notification

l Conditions of starting scan period extensionWhen both of the following conditions are satisfied in a state at once, it is defined as a highload status.• The total time to execute the application logic execution function and to process inter-

SCS safety communications exceeds 80% of the original scan period of the applicationlogic execution function.

• The CPU idle time becomes 0.

In this case, you can estimate the processing time for inter-SCS safety communication withthe following formula:

Processing time for inter-SCS safety communication = (number of consumer groups + number of producer groups) × T [ms]The values of T are as shown in the following table according to the configuration of the CPUmodule.



Table A3.1.2-1 Table values of TCPU Module T

SCP401/SCP451 (Dual-redundant) 5.0

SCP401/SCP451 (Single) 2.5

SCP461 (Dual-redundant) 3.0

SCP461 (Single) 1.5

If this high load status continues for 1 second or longer, the scan period of the application log-ic execution function is automatically extended.The new scan time is obtained by adding 20% of the original scan period of the applicationlogic execution function to the actual measurement of the application execution time at thattime.

l Influence until activation of scan period extensionThe following situations may occur before the automatic scan period extension period is acti-vated after the SCS is placed under high load status.• Stopping of CENTUM integration data update

• Delay of diagnostic information message notification

• Stopping of forcing data update

• Stopping of status display in the SCS State Management window

l Upper limit of scan period extensionThe upper limit of scan period extension is 200% of the original scan period of the applicationlogic execution function. Note that the extended scan period will never exceed the upper limitvalue of 1 second.

l Cancellation of scan period extensionIf both high load conditions explained in item "Conditions of Starting Scan Period Extension"are removed, the scan period becomes shorter by each scan in decrements of 20% of theoriginal scan period of the application logic execution function. Note that the scan period willnever become shorter than the scan period of the application logic execution function definedin SCS Manager.

n Notification of execution/cancellation of automatic scan periodextension

• If the automatic scan period extension function is activated on the SCS, it is notified viathe diagnostic information message (No. 4143). The cancellation of extension is notifiedvia the diagnostic information message of automatic scan period extension cancellation(No. 4144).

• If automatic scan period extension is continuously activated for a certain period of timeor longer, the diagnostic information message indicating the start of the automatic scanperiod extension function is notified to give warning again. The re-warning interval is 10minutes by default.The interval of re-warning can be changed using the SYS_SCANEXT system functionblock.

• The system function block (SYS_SCANEXT) can be used to determine whether the au-tomatic scan period extension function is being executed via application logic. (*1)

• If the scan period of the application logic execution function is changed via onlinechange download while the scan period is being automatically extended, the scan period



extension status is cancelled after the completion of the online change download andthe diagnostic information message on cancellation of scan period automatic extensionis notified. However, if the high CPU load continues even after the scan period ischanged and if the conditions for automatic scan period extension are met, the scan pe-riod is extended automatically.

• The SCS State Management window of SENG and the Status Display view of HIS (*2)display both the scan period of the application logic execution function defined in SCSManager and the actual scan period of the application logic execution function of SCS.

*1: The SYS_SCANEXT system function block can be used in new SCS databases created by SENG of R2.03.00 or later.*2: Supported in CENTUM VP R4.02 or later.

SEEALSO For more information about SYS_SCANEXT, refer to:

C10.21, “SYS_SCANEXT (Scan Period Extension Indicator)” on page C10-48

For more information about the diagnostic information messages, refer to:

• Message Number 4143 in 2.1, “System Alarms (Message Numbers 4101 through 4199)” in Mes-sages (IM 32Q02B10-31E)


n Influence of automatic extension of scan periodAutomatic extension of the scan period has the following influence.

l Influence on process safety timeSince the reaction time is determined based on the scan period of the application logic execu-tion function, the time also becomes longer accordingly if the scan period is extended.

SEEALSO For more information about precautions on engineering related to automatic expansion of scan period, refer

to:

2.7, “Performance and Scan Period in SCS” in Engineering Guide (IM 32Q01C10-31E)

l Influence on test functionsThe automatic scan period extension function does not operate in SCS simulation tests andlogic simulation tests.

l Influence on function blocks• SYS_SCAN function block

The current scan period of the application logic execution function of SCS is output to theoutput parameter SCAN of the SYS_SCAN function Block.

• Function blocks handling timeThere is no influence of changes in scan period on the operations of function blocks han-dling time. Those function blocks operate according to the actual time even if the scanperiod is changed.

• Function blocks handling execution countIn the case of function blocks whose output is determined by the number of calls, thenumber of outputs within the unit time decreases if the scan period is extended.Targets: CTU, CTD, CTUD, FILTER, FILTER_S



A3.1.3 Online change of scan period of the applicationlogic execution function

The scan period of the application logic execution function can be changed online in the caseof SCS with SCS system program R2.03 or later.

n Overview of scan period online changeChange the scan period of the application logic execution function with SCS Manager and ex-ecute online change download under security level 1 or lower. The SCS will then operate withthe specified scan period after download completes. If automatic extension of scan period hasbeen enabled on the SCS, the automatic scan period extension status is cancelled after thecompletion of online change download and the SCS resumes operation with the scan periodspecified with the online change.

n Limitations on online changeThe allowable range of change is the same as the allowable range of specification, i.e., from50 ms to 1000 ms in increments of 10 ms. Note that in online change, it is not allowed to set ascan period longer than the scan period before change by more than 250 ms. If such changesare made, an error occurs at online change download.Example:

It is possible to change the scan period from 250 ms to 500 ms. Change from 250 msto 550 ms is not allowed because it represents an increase of 300 ms.

When changing to a shorter scan period, a dialog box appears, showing the expected CPUidle time after the scan period is changed. You cannot download if the expected CPU idle timeis 0 second.

TIP On the SCS Simulator, the expected CPU idle time is not estimated. Only a dialog box is displayed, informingthat the scan period has been changed.

n Occurrence of IOM download at online change downloadIf the scan period defined before or after execution of online change is longer than 250 ms,IOM download processing is executed for all AIO/DIO modules used in the given SCS to noti-fy the change of fallback time. In this case, a confirmation dialog box appears at the start ofonline change download.• There is no influence on control operation during online change download because the

control of AIO/DIO modules continues.

• Online change download on SENG is completed after the completion of IOM download toall AIO/DIO modules. IOM download takes approximately 5 seconds per module.

n Notification of scan period online changeWhen online change download performed at scan period change is completed, the diagnosticinformation message of scan period online change (No. 4152) is notified, in addition to the di-agnostic information message of online change download completion.

SEEALSO For more information about the diagnostic information messages, refer to:

Message Number 4152 in 2.1, “System Alarms (Message Numbers 4101 through 4199)” in Messages(IM 32Q02B10-31E)



A3.2 Time synchronization of SCSAn SCS has a function to synchronize time information among SCSs as well as CPU and DImodules in order to maintain the accuracy of the time stamps of event information. SCSs con-nected to V net and those connected Vnet/IP use different time synchronization methods.

n Method of synchronization with reference time

l Time synchronization methods for SCSs connected to V netThere are the following two time synchronization methods, from which the user can select themore appropriate one for the given application.

Table A3.2-1 Time synchronization methodMethod Description Setting method

Synchronizationwith V net time(standard)

Uses the mechanism for synchronizing time of eachstation connected to V net.

Select "V net" as the time synchro-nization method in SCS ConstantsBuilder. (*1)

IRIG-B time syn-chronization(optional)

Uses the GPS unit as the standard time server. If thisoutput (IRIG-B) is connected to each SCS, thestandard time (date, hour, minute, second) and thesynchronization timing are distributed. Each SCS issynchronized with this timing. Since GPS is used, itis possible to acquire events with high time accuracy.

Connect a commercially availableGPS unit and a connector on theCPU node with IRIG-B. Select"IRIG-B" as the time synchroniza-tion method in SCS ConstantsBuilder.

*1: The standard time is specified by the user using SCS Maintenance Support Tool of the SENG or the Adjust Time dialog boxof an HIS.

SEEALSO For more information about time setting operations, refer to:

3.1.5, “Setting System Time” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

For more information about SCS Constants Builder, refer to:


l Time synchronization method for SCSs connected to Vnet/IPThe time synchronization method of SCSs connected to Vnet/IP is fixed to the synchroniza-tion with Vnet/IP time. If an SNTP server is installed, it is possible to achieve highly accuratetime synchronization with the standard time.The time synchronization status can be checked in the SCS State Management Window ofthe SCS Maintenance Support Tool on the SENG, or in the SCS Status Display view on theHIS.

SEEALSO For more information about synchronization with Vnet/IP time, refer to:

A4., “Time synchronization of Vnet/IP” in ProSafe-RS Vnet/IP (IM 32Q56H10-31E)

l Time broadcast to DI modulesThe CPU broadcasts the time to DI modules mounted in the station every second.

n Configuration of each time synchronization

l Synchronization with V net timeWhen synchronization with V net time is applied, the user can set the time using SCS Mainte-nance Support Tool of the SENG or the Adjust Time dialog box of an HIS.

<A3.2 Time synchronization of SCS > A3-10


V net

DI module

CPU CPU CPU

SCS

FCS HIS

Other SCSs

Time synchronization

Time setting

V net time master (SENG or HIS)

V net time

V net time V net time

V net time V net time V net time

Figure A3.2-1 Synchronization with V net time

TIP If the diagnostic information message, "GPS Interface Unit Error" is notified when synchronization with V nettime is selected, the CPU module need not be replaced if the following conditions are met. Since this mes-sage does not present any problem in practical operations or on safety, you can continue to operate the sys-tem.

• If the message is generated only on the control-side CPU module in the redundant configuration immedi-ately after completion of APC:If the recovery message, "GPS Interface Unit Recover" is displayed for the control-side CPU module im-mediately thereafter, the module is not faulty.

• If the V net configuration is unstable:In a condition where the V net is not connected correctly, such as at startup, a bus configuration errormay occur. In this case, the V net controller in CPU module cannot read time information and this mes-sage will be notified as a result. Reconnect the bus correctly and start the SCS. If the message no lon-ger appears, the module is recovered.

l IRIG-B time synchronizationIn IRIG-B time synchronization, the time is acquired from the standard time receiver. TheIRIG-B time is used for time stamps of events and alarms set in the CPU. This method produ-ces more accurate timing for events among SCSs, compared to synchronization with V nettime. The time of the CPU module and DI modules are synchronized to the IRIG-B time.



DI module

Standard time

receiver

CPU

SCS Other SCSs

Time setting

IRIG-B IRIG-B

V net

IRIG-B time

IRIG-B time IRIG-B time

Figure A3.2-2 IRIG-B time synchronization

l Synchronization with Vnet/IP timeConfiguration for synchronization with Vnet/IP time is described with an example whereSCSP2 is used.

SNTP server

Vnet/IP domain 2

Vnet/IP time

Vnet/IP time Vnet/IP time

Vnet/IP time

Vnet/IP time

SCSP2 SCSP2

SCSP2

DI module

CPU CPU

Vnet/IP

Standard time

(Installed as necessary)

Time notification

Time notification

Time notification

Time setting

SENG HIS

Vnet/IP time CPU

Vnet/IP domain 1

Time master Time

notification

Figure A3.2-3 Synchronization with Vnet/IP time

• The SCS system time is synchronized with the Vnet/IP network time. When using thesynchronization with Vnet/IP time, all stations in the same time group on the Vnet/IP net-work have the same time information as the clock master. If an SNTP server is installed,the SCS system time is synchronized with the standard time of the SNTP server.

• If the SCS system time is synchronized with the SNTP server time, any time change set-ting from the SENG or HIS is ignored.

• If the SNTP server is shut down or the SNTP server is not synchronized with the standardtime, the SCS system time is automatically synchronized with the clock master of thesame time group (synchronized with internal clock). Accuracy with the standard timedrops, but time accuracy between stations is maintained.

n Time discrepancy when multiple domains are connectedYou need to consider the following points when connecting multiple domains:



• The time discrepancy that occurs between each connected domain depends on the num-ber of connected BCV-V units. The discrepancy is a maximum of 5 seconds for the firstlevel BCV-V and a maximum of 10 seconds for the second level. Estimate these devia-tions and if they are not acceptable, consider applying IRIG-B time synchronization.

• If a domain is connected through the wide area network gateway units (CGW), you needto take the measure to keep the differences of the V net time among the domains withinan allowable range. Alternatively, consider applying IRIG-B time synchronization.

n Actions taken at error occurrence in IRIG-B time synchronizationThe IRIG-B time synchronization status can be checked in the SCS State Management Win-dow of the SCS Maintenance Support Tool on the SENG, or in the SCS Status Display viewon the HIS.

l Reasons for time synchronization errorA time synchronization error occurs for the following reasons.• Disconnected IRIG-B cable connector

• IRIG-B interface unit failure in the SCS

• No time notification due to GPS receiver failure

TIP Examples of GPS receiver failure are listed below.

• Failure in the communication route from the GPS antenna to the GPS receiver

• Antenna failure or receiving problem

What happens when the GPS receiver fails is determined by the specification of the selected GPS receiver.The following is an example of what might happen when the GPS receiver fails.

• Since GPS signals are no longer received, the GPS receiver operates based on its clock.

• If reception problem continues more than a specified period, the GPS receiver stops operating on its clockand also stops notifying time information to the connected devices.

Once time notification is stopped, the SCS outputs a diagnostic information message notifying an IRIG-B er-ror.

l Notification of time synchronization error• If the IRIG-B time synchronization state has become abnormal when the IRIG-B time syn-

chronization is selected, the SYNC LED on the SCS's CPU module turns off and a diag-nostic information message indicating an error is notified. If the SCS adopts a redundantCPU module configuration, diagnostic information messages regarding both modules arenotified.

• Once the IRIG-B time synchronization state returns to normal, a diagnostic informationmessage indicating a recovery is notified.

l SCS actions taken upon time synchronization errorIf time synchronization with IRIG-B stops, the SCS does not synchronize with the V net time.Instead, the SCS's CPU module updates the time based on the time information input imme-diately before the error. This condition is called "non-synchronized state." The time is updatedcontinuously by the CPU module, but time accuracy still drops. Therefore, it is necessary torecover the IRIG-B error to normal as soon as possible.While the "not-synchronized state" continues, the SCS takes actions as follows.• In the not-synchronized state, the difference from the standard time and the time discrep-

ancy among SCSs gradually becomes larger as the time elapses. The difference from thestandard time can reach up to ± 4.32 seconds/day and the time discrepancy amongSCSs can reach up to 8.64 seconds/day. When debugging applications that require high



time precision, it is recommended to connect a GPS simulator to prevent the system fromentering the not-synchronized state.

• If the IRIG-B is not connected at the start of the SCS that uses the IRIG-B time synchroni-zation, the SCS enters a not-synchronized state where the CPU module updates the timebased on the V net time that was input when the SCS was started.

• If the IRIG-B is not connected at the start of the SCS that uses the IRIG-B time synchroni-zation, a diagnostic information message notifying the cause of the last CPU shutdownand a diagnostic information message regarding the switching of the CPU control right,both of which are normally output when the SCS is started, will not be output.Once the SCS has been started or CPU control right switched, however, subsequentmessages will be output correctly.

• You can connect normal IRIG-B signals to recover from the error state while the SCS is ina not-synchronized state. Once the signals are connected, the SCS will operate based onthe correct time information input from the IRIG-B.

IMPORTANTIf the IRIG-B time synchronization is selected, connect the GPS unit via the IRIG-B first, andthen start the SCS.

SEEALSO For more information about the time synchronization, refer to:

2.15, “Time Synchronization” in Engineering Guide (IM 32Q01C10-31E)

l Time discrepancy caused by GPS failureWith stations connected to the V net where time synchronization among SCSs is performedby the IRIG-B time synchronization, a time discrepancy will occur if the GPS or IRIG-B inter-face fails because time synchronization by V net will not be carried out, either.

Table A3.2-2 Abnormality and time discrepancyAbnormality Phenomenon Predicted Discrepancy

Antenna When antenna error occurs, the stand-ard time receiver will count the timebased on its own clock. If the antennaerror prolonged, the discrepancy may in-crease.If multiple SCSs are using the same re-ceiver for time synchronization, the dis-crepancy will not occur for the SCSs.However, if they use different receiversfor time synchronization, the time dis-crepancy among the SCSs may occur.

Discrepancy varies with the model ofstandard time receiver. It is necessaryto query the vendor of the recover.

The Standard Time Re-ceiverIRIG-B CableIRIG-B Interface

When abnormality occurs, each SCS willcount the time based on its own clock. Ifabnormality is prolonged, the discrepan-cy from the standard time and the dis-crepancy among SCSs may increase.

The time discrepancy among SCSsmay occur. The maximum discrepancyis 8.64 sec/day.



A4. AIO/DIO data inputs/outputs forSCS stations

SCS stations support analog input/output and discrete input/output. Analog input/output dataand discrete input/output data is referred to as AIO/DIO data.This section explains the flow and processing of AIO/DIO data in an SCS, I/O variables anditems that can be set for AIO/DIO modules, which act as interfaces for input/output data.

<A4. AIO/DIO data inputs/outputs for SCS stations > A4-1


A4.1 Flow of AIO/DIO data inputs and outputsThis section explains the flow of AIO/DIO data in an SCS. It also explains the Output Enable/Output Disable status of an SCS and the output enable operation.

n Flow of AIO/DIO dataThe following figure illustrates the flow of AIO/DIO data in an SCS.

CPU

Application logic

I/O Image Area

Sensor device

Input data

Input variable

Data Status Data Value

Status information Output data

Output variable

Function Blocks

Output enable/disable

Legend

Devices such as valves or lamps

Output module Input module

Figure A4.1-1 Flow of AIO/DIO data

1. Data sent from sensor devices or other sources is read from each channel of a connectedinput module.

2. The CPU copies the data stored in the input module to the I/O image area at the start ofscanning. At this point, the data value and data status are determined based on the infor-mation from the input module. If the input data is erroneous, the data status is set to"BAD" and the data value is set to the "Input value at error occurrence" specified in I/OParameter Builder by the user.

TIP The following settings defined in I/O Parameter Builder are used for "Input value at error occurrence", whichis used if input data is erroneous.

• [Input Processing at Fault] of AI and DI modules

• [Input Processing at Transmitter Fault] of an AI module

This manual uses the term "input value at error occurrence" in the following explanation as a generic term.

3. The CPU stores the input data in the I/O image area in the input variables of the applica-tion logic. It also updates the data status of the output variables.

4. The application logic references the data value and data status from the input variablesand monitors the process conditions and input device status.

5. The result of the application logic processing is stored in the output variables and thensent to the output module via the I/O image area.

<A4.1 Flow of AIO/DIO data inputs and outputs > A4-2


6. The output module outputs the data to devices such as valves or lamps connected toeach of the channels.

l Data value at AIO/DIO module dual-redundant configurationIf dual-redundant input modules are used, the input values from the active module are storedin the input variables. If dual-redundant output modules are used, the data values of the out-put variables are sent to both active and standby modules, but the data is only output to thefield from the active module. In the case of SDV526, the data values are output to the fieldfrom both modules.

l Conversion of analog input dataAnalog data of either 4 to 20 mA or 1 to 5 V/ 1 to 10 V is converted to normalized data of 0 to100% in the CPU process data input processing and stored in the input variables.All data that requires normalization, such as measurements from differential pressure trans-mitters, is automatically processed in the process data input processing in this way. Subse-quent conversion from normalized data to data using engineering units can be performedfreely in the application logic. Analog data of either thermocouple or resistance temperaturedetector is converted to the data (physical quantity or normalized data) specified in the inputsignal conversion for each channel and stored in the input variables.

l Flow of analog output dataData of 0 to 100% set in IO_REAL type output variables from the application logic are conver-ted to electrical current of 4 to 20 mA by each output module and output.

n Output enable and output disableOutput channels of an SCS can be in the Output Enable and Output Disable states. The Out-put Enable and Output Disable states are managed by each channel; the output states of allthe output channels of an SCS do not always match.• Output Enable is a status where the output values from the application logic are output

from the output module as is.

• Output Disable is a status where the output values from the application logic are not out-put from the output module.

l Output enable operationOutput enable operation means connecting outputs from the application logic to the outputchannels. If you perform the output enable operation from the I/O Channels Status dialog boxof SCS Maintenance Support Tool on the SENG, all modules are placed in the Output Enablestatus simultaneously (not individually). Once the output enable operation is performed, alloutput channels are in the Output Enable status and output values of the application logic areoutput from the output channels. Channels that continue to generate errors remain in the Out-put Disable status. The following processing is also performed in the output enable operationimplemented immediately after an SCS is started:• Start sending data in inter-SCS safety communication

• Start SCS Link Transmission

• Start outputting data in subsystem communication

SEEALSO For more information about the output enable operation, refer to:

3.1.6, “Output Enable Operation” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

<A4.1 Flow of AIO/DIO data inputs and outputs > A4-3


A4.2 I/O variableThis section explains the I/O variables, and their data value and the data status.

n What are I/O variables?

Physical data

Input data

Data status

Logical data

Input data

Data status

Input data

Data status

Input variable

Lock/unlock variable

Physical data

Output data

Data status

Logical data

Output data

Data status

Output data

Data status

Output variable

Lock/unlock variable

inpu

t mod

ule

Out

put m

odul

e

Figure A4.2-1 Input variable and output variable

The variables carrying the input values or output values of input/output modules are called I/Ovariables. There are two types of I/O variables: input variables and output variables. I/O varia-bles contain two types of data, logical data and physical data. When I/O variables are defined,both logical data and physical data are automatically created.

Table A4.2-1 Input variable and output variableType Data Description

Input variable Physical data Data set from the I/O image area.

Logical data Data viewed by the application logic. (*1)

Output variable Physical data Data set in the I/O image. (*2)

Logical data Data set by the application logic.

*1: If the input data is erroneous, the input value at error specified by the user in advance is set.*2: This is the value set to the output module.

The application logic can basically handle logical data only. In the normal status, the same da-ta is stored in the logical data and physical data; the user does not need to be aware of thedifference between these two types of data. Note, however, that physical data needs to be ref-erenced from the SCS Manager window when locking I/O variables via the forcing function, orif both data are not connected due to input/output module failures, etc.Both the logical data and physical data are composed of data value and data status. In orderto handle data value and data status, I/O variables provide IO_BOOL type for handlingBOOL-type data and IO_REAL type for handling real number-type data, which can be usedaccording to the data type of the data value.The data value and data status can be referenced using the application logic. Use the syntax"I/O variable name.v" and "I/O variable name.status" in order to read only the data value orthe data status from an I/O variable, respectively.

<A4.2 I/O variable > A4-4


SEEALSO For more information about forcing function, refer to:

A8., “Forcing” on page A8-1

For more information about I/O variables are locked, refer to:

A8.1, “Variable locking” on page A8-2

l Data status of I/O variablesThe data status of I/O variables is expressed as a BOOL value.

Table A4.2-2 Data status that can be referenced by user applicationsBOOL val-

ueStatus Meaning

TRUE GOOD Status where no error has occurred in input/output modules. In the case of an in-put variable, this means the data value is from the field.

FALSE BAD This indicates a status where a normal data value cannot be obtained from or avalue cannot be set to an input/output module due to failure of an input module,etc. In the case of an input variable, the data stored is the input value at errorspecified in I/O Parameter Builder.

n I/O variable condition and data value/data status

l Timing at which data status is createdThe data status of the I/O variables is created based on the I/O status information. If the I/Ovariables are not locked, the data statuses of the physical data and the logical data are thesame. If the I/O variables are locked, only the data status of the physical data is updated.In the case of an output variable, the update timing and transmission direction are different forthe data value and the data status. Moreover, in the Output Disable status, the data values ofthe physical data and the logical data are different but the data status matches.Lock/unlock status of I/O variables, Output Enable/Output Disable status and data value/datastatus in each status can be summarized as shown in the following tables.

SEEALSO For more information about I/O variables lock operation, refer to:

2.1, “I/O Lock Window” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

l Data value and data status of input variables

Table A4.2-3 Data value and data status of input variablesStatus Physical data Logical data

Unlocked status(at normal in-put)

The data value takes the input value froman input module. The data status is GOOD.

The data value matches with that of thephysical data. The data status matches withthat of the physical data.

Unlocked status(at erroneousinput)

The data value takes the input value froman input module. The previous value ismaintained if there is no response. The datastatus is BAD.

The data value takes the input value at errordefined in I/O Parameter Builder. The datastatus matches with that of the physical da-ta.

Locked status Same as for unlocked status for both thedata value and data status

The data value and data status immediatelybefore locking are retained. They can bechanged from the SCS Manager.



SEEALSO For more information about how data values and statuses change upon occurrence of an input error, refer to:

• B6.2.1, “Actions taken at input module error occurrence and recovery procedure” on page B6-12

• B6.2.2, “Actions taken at input channel error occurrence and recovery procedure” on page B6-13

l Data value and data status of output variables

Table A4.2-4 Data value and data status of output variablesStatus Physical data Logical data

UnlockedStatus

OutputEnabled

The data value matches with that of thelogical data. The status of the output mod-ule is reflected in the data status at eachinterval.

The data value is set to the result ofthe application logic processing. Thedata status matches with that of thephysical data.

OutputDisabled

The data value becomes the fail-safe val-ue defined on I/O Parameter Builder. Thestatus of the output module is reflected inthe data status at each interval.

Locked sta-tus

OutputEnabled

The data retains the value immediatelybefore locking and the value can bechanged from the SCS Manager. The sta-tus of the output module is reflected in thedata status at each interval.

The data value is set to the result ofthe application logic processing. Thedata status is retained immediatelybefore locking and the status can bechanged from the SCS Manager.

OutputDisabled

The data value retains the previous value.However, the fail-safe value is set by theCPU when the output is disabled. (Thevalue can be changed from the SCS Man-ager.) The status of the output module isreflected in the data status at each inter-val.

SEEALSO For more information about data value and data status changes when there is an output error, refer to:

• B6.2.3, “Actions taken at output module error occurrence and recovery procedure” on page B6-15

• B6.2.4, “Actions taken at output channel error occurrence and recovery procedure” on page B6-17

For more information about the output enable operation, refer to:

3.1.6, “Output Enable Operation” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

l Logical data and physical data of analog outputThe relationship of logical data and physical data of analog output is shown below. Analogoutput processing consists of discrete output operation, plus limiter processing and tight-shut/full-open processing.



Forcing

I/O image area

Tight-shut/full-open processing

Output module

Value from

application logic

LD.v Limiter

processing

Output value at fault

PD. status

Unlocked/ output

enabled

GOOD

BAD

PD.v

Output disabled or locked

Locked/output enabled

LD: Logical data PD: Physical data

Figure A4.2-2 Flow of logical data and physical data of analog output

The following processing is performed until the logical data is output as physical data from theanalog output module.• Output is limited to a range of -17.19 to 118.75 [%].

• If tight-shut/full-open is specified, the tight-shut value is set when the logical data is 0.0 orbelow, or the full-open value is set when the data is 100.0 or above.

• If output is disabled or locked, the last physical data value is retained.

• If an error occurs, the output value at fault is set or the last value is retained in accord-ance with the output processing at fault.

n Data status at AIO/DIO module dual-redundant configurationIn the case of dual-redundant input modules, the data status of each input variable is deter-mined based on the I/O status information of the active input module. The same rule appliesto dual-redundant output modules as well.

n Online change download of AIO/DIO module settingsWhen you perform online change download after you have made changes to the settings forAIO/DIO modules using I/O Parameter Builder, downloading to the AIO/DIO modules (IOMdownload) takes place depending on the setting items you have changed. The behavior ofSCS during online change download of setting items that require IOM download differs be-tween the SCS system program release number R2.02 or later and earlier revisions.

l R2.02 or laterThe target AIO/DIO module continues its input/output operations during IOM download. Thebehavior of SCS is as follows:• The target modules continue their input/output operations.

• AIO/DIO modules in redundant configuration retain their control rights.

• The diagnostic information message of IOM Fail is not output.

l Earlier than R2.02The input/output operations of the target I/O module are all stopped during IOM download.



WARNINGIf the system program release number of the target SCS is earlier than R2.02, the targetAIO/DIO modules will be stopped during IOM download even if the software release numberof SENG is R2.02 or later. In this case, a message indicating that the target AIO/DIO modulewill be stopped (IOM Fail) is displayed before the online download is started.You can confirm the system program release number of SCS in the SCS State ManagementWindow of the SCS maintenance support tool.

SEEALSO For more information about the behavior of SCS with a system program earlier than R2.02, refer to:

Appendix 4.6.2, “Compatibility with Earlier Revisions” in Installation (IM 32Q01C50-31E)

For more information about the behavior of SCS with Modbus slave connection, refer to:


For more information about the behavior of SCS in Subsystem communication, refer to:

B1.7, “Online change” in Open Interfaces (IM 32Q05B10-31E)

n Online change of input/output modulesFrom the SCS system program release number R2.03, addition, deletion, and change of re-dundant configuration of input/output modules can be performed via online change download.If input/output modules are added via online change download, diagnostic information mes-sages are issued to notify failure of input/output modules (No. 0081) and recovery of input/output modules (No. 0082).

SEEALSO For more information about how to change application online, refer to:

5., “Online Change of Applications” in Engineering Guide (IM 32Q01C10-31E)

For more information about input/output values when serial communication modules for sub-system commu-nication are added via online change download, refer to:

B1.3, “Error handling actions” in Open Interfaces (IM 32Q05B10-31E)



A4.3 Common input/output setting itemsSome of the SCS input/output settings are the same across all input/output types, and someare specific to each input/output type.This section explains the common input/output setting items for nodes and input/output mod-ules.

n Setting items for nodesThe following are the node setting items of the Node parameter tab in I/O Parameter builderfor input/output.• Node number:

• Extends node bus

• Extends to (km)

• Component Number

• Comment

Each node setting item is explained in detail as follows.

l Node NumberThis item displays the node number in which a module is mounted. It is defined in I/O WiringView of SCS Manager.This item is only for display and cannot be edited.

l Component NumberThis is a comment related to node layout information. Any character string can be entered.This setting item is not downloaded to an SCS.This item can be changed online.

l Extends node bus: SCSP2Select this option to specify whether or not to extend nodes by optical ESB bus repeater. Forevery remote nodes installed via optical ESB bus repeater, select [Yes] and specify the dis-tance in [Extends To (Km)]. If you do not make this setting, the data from the nodes and SOEdata will not be updated correctly. If [Yes] is set for this item on CPU nodes, a build error willoccur.• Yes:

• No:

Node extension by optical ESB bus repeater is appliedNode extension by optical ESB bus repeater is not applied (default)

This setting item can be changed online.

l Extends To (Km) : SCSP2Use this item to specify the distance from a CPU node to an I/O node. It is only valid if [Yes] isselected in the specification of node extension distance [Extends Node Bus].• Range:

• Setting unit:

5 to 50 km (default: 5 km)5 km

This item can be changed online.

l Extends Node Bus : SCSP1Select this option to specify whether or not to extend nodes by optical ESB bus repeater. Toextend a node, select [Yes] and specify the distance in "Extends to (km)." A build error will

<A4.3 Common input/output setting items > A4-9


occur if you select [Yes] for this item when [Optical ESB Bus Repeater] on the SCS ConstantsBuilder is set to [No]. A build error will also occur if [Yes] is set for this item on CPU nodes.• Yes:

• No:

Node extension by an optical ESB bus repeater is appliedNode extension by an optical ESB bus repeater is not applied (default)

This setting item can be changed online.

TIP In the case of nodes equipped with ALR111, ARL121, or ALE111 for Modbus slaves, if 10 km or longer isspecified in [Maximum Extension Distance] on the SCS Constants Builder, select [Yes] and specify the nodeextension distance in [Extends To (Km)].

l Extends To (Km) : SCSP1Use this item to specify the distance from a CPU node to an I/O node. It is only valid if [Yes] isselected in the specification of node extension distance "Extends node bus."A build error will occur if the node extension distance is longer than [Maximum Extension Dis-tance] defined on the SCS Constants Builder.If default (0) is specified, it is regarded as if the node is at the position specified by [MaximumExtension Distance] defined on the SCS Constants Builder.

• Range:

• Setting unit:

0 to 50 km (default: 0)5 km

This item can be changed online.

IMPORTANTBe sure to specify the extension distance according to the actual node extension distance. Ifno specification is made for SCSP1, load fluctuation of CPU becomes large if input/outputmodules and/or bus fail.

l CommentThis is a comment related to the node. Any character string of up to 24 single-byte charactersor 12 double-byte characters can be entered.This setting item is downloaded to an SCS.This setting item can be changed via online change download.

SEEALSO For more information about node setting operations, refer to:

4.4, “I/O Parameter Builder” in Engineering Reference (IM 32Q04B10-31E)

n Common setting items for input/output modulesThe following setting items are common for each input/output module parameter tab of I/OParameter Builder.

• Node Number:

• Slot Number:

• Device:

• Dual-Redundant:

• Device Number:

• Comment

Only for displayOnly for displayOnly for displayOnly for displayOnly for display



Each of the settings common to the input/output modules is explained in detail as follows.

l Node NumberThis item displays the node number in which the input/output module is mounted. It is definedin I/O Wiring View of SCS Manager.This item is only for display and cannot be edited.

l Slot NumberThis item displays the slot number in which the input/output module is mounted. It is definedin I/O Wiring View of SCS Manager.This item is only for display and cannot be edited.

l DeviceThis item displays the model name of the input/output module. It is defined in I/O Wiring Viewof SCS Manager.This item is only for display and cannot be edited.

l Dual-RedundantThis item displays whether the input/output module is placed in single configuration or redun-dant configuration. It is defined in I/O Wiring View of SCS Manager. Input/output modules areplaced in redundant configuration using an odd-numbered slot and the adjacent even-num-bered slot (the odd number + 1).This item is only for display and cannot be edited.

l Device NumberThis is the device number assigned to the input/output module. It is defined in I/O Wiring Viewof SCS Manager.This item is only for display and cannot be edited.

l CommentThis is a comment related to the input/output module. Any character string of up to 24 single-byte characters or 12 double-byte characters can be entered.This setting item is not downloaded to an SCS, so changing the definition does not affect in-put/output processing.This item can be changed online.

n Common parameters for input/output channelsThe following items are displayed commonly for all AIO/DIO modules with channel parame-ters in I/O Parameter Builder.

l Channel NumberThis is the channel number displayed in I/O Wiring View of SCS Manager. It is sequentialnumber starting from 1.This item is only for display and cannot be edited.

l Wiring PositionThis is the channel position displayed in I/O Wiring View of SCS Manager. It is determined bydevice number and channel identification number. The channel identification number used forwiring position is sequential number starting from 0. The wiring position of the input modulesis prefixed with %IU while the wiring position of the output modules is prefixed with %QU.



This item is only for display and cannot be edited.Example:

In the case of a 16-channel input module: %IU1.0, %IU1.1, ... %IU1.14, %IU1.15In the case of a 8-channel output module: %QU3.0, %QU3.1, ... %QU3.6, %QU3.7

l I/O Variable NameThis is the name of I/O variables assigned to the channel in I/O Wiring View of SCS Manager.This item is only for display and cannot be edited.

l DirectionThis item indicates whether a signal is an input or output signal.This item is only for display and cannot be edited.

l Comment

This is a comment for an I/O variable specified in Dictionary View (*1)of SCS Manager.This item is only for display and cannot be edited.

*1: The comment for the I/O variable specified in Dictionary View of SCS Manager is displayed as the comment for the wiredchannel. Up to 64 characters can be specified for the variable comment, but only 32 characters are retained in SCS data-base; therefore, make sure not to specify more than 32 characters. Channel comments for unused channels (unconnectedchannels) are not displayed.Comments for DI/DO variables are the variables used as identifiers of SOE.

TIP If comments for DI/DO variables are changed in Dictionary View of SCS Manager, discrepancies occur due tothe input/output definition changes, and it becomes necessary to perform online change download to theSCS. Since this changes only the definitions in the databases of the SCS (no changes are made to the pa-rameters of the DI/DO modules themselves), the inputs and outputs are not influenced by the online changedownload.



A4.4 Items set for analog inputsDifferent items are specified depending on the type of inputs and outputs when setting inputsand outputs of an SCS.This section explains setting items unique to analog inputs, classifying them into setting itemsfor each module and each channel in I/O Parameter Builder.

n Items set for each module (analog input)The following items are set for each analog input module:

• Node Number:

• Slot Number:

• Device:

• Dual-Redundant:

• Device Number:

• Comment

• Command Line

Display onlyDisplay onlyDisplay onlyDisplay onlyDisplay only

Each of setting items that are not explained as common items is explained as follows.

SEEALSO For more information about common setting items for process data inputs and outputs, refer to:

A4.3, “Common input/output setting items” on page A4-9

l Command LineThis item does not need to be entered.

n Items set for each channel in the current/voltage analog inputmodule

The following items are set for each channel of a current/voltage analog input module(SAI143 and SAV144):

Table A4.4-1 Items set for each channel in the current/voltage analog input module

Setting items Online changedownload (*1) IOM download (*2) Remarks

Channel Number(Specify Channel Number) - - Only for display

Wiring Position(Specify Wiring Position) - - Only for display

I/O Variable Name(Specify I/O Variable Name) - - Only for display

Direction(Specify Direction) - - Only for display

Comment(Specify Comment) - - Only for display

Input Processing at Fault(Specify Input Processing at Fault) Yes No -

Input Value at Fault(Specify Input Value at Fault) Yes No -


<A4.4 Items set for analog inputs > A4-13


Table A4.4-1 Items set for each channel in the current/voltage analog input module (Table continued)

Setting items Online changedownload (*1) IOM download (*2) Remarks

Input Processing at Transmitter Fault(Specify Input Processing at TransmitterFault)

Yes No -

Signal Conversion(Specify Signal Conversion) Yes No -

Low Limit(Specify Low Limit) Yes Yes -

High Limit(Specify High Limit) Yes Yes -

Unit(Specify Unit) No No Only for display

Detect IOP (High)(Specify Detect IOP (High)) Yes No -

Detect IOP (Low)(Specify Detect IOP (Low)) Yes No -

Threshold of IOP (High) %(Specify Threshold of IOP (High) %) Yes No -

Threshold of IOP (Low) %(Specify Threshold of IOP (Low) %) Yes No -

Detect transmitter fault (High)(Specify Detect Transmitter Fault (High)) Yes No -

Detect transmitter fault (Low)(Specify Detect Transmitter Fault (Low)) Yes No -

Threshold of transmitter fault (High) %(Specify Threshold of Transmitter Fault(High) %)

Yes No -

Threshold of transmitter fault (Low) %(Specify Threshold of Transmitter Fault(Low) %)

Yes No -

Field Power Diagnosis(Specify Field Power Diagnosis) Yes Yes -

P&ID Tag Name(Specify P&ID Tag Name) Yes No -

*1: Indicates whether the setting can be changed by online change downloading.Yes: The setting can be changed by online change downloading.No: Online change downloading is not required.- : Not a target

*2: Indicates whether the IOM downloading is performed with the online change downloading.Yes: The IOM downloading is performed together with the online change downloading.No: The IOM downloading is not performed together with the online change downloading.- : Not a target




l Input Processing at FaultThis item specifies an input processing to be used when an input fault is detected or when[Input Processing at Fault] is selected in [Input Processing at Transmitter Fault].Specify either [Hold] or [Fixed Value].



The input faults that can be detected include errors on both redundant communication pathsfrom the CPU to an analog input module, errors in analog input modules, channel errors, IOPand field wiring errors (transmitter errors are not included).• Hold:

The value before the fault was detected is retained.

• Fixed Value:The input value specified in [Input Value at Fault] is set (default).

l Input value at fault (%)This is the value set as the input value instead of the process value if [Fixed Value] is selectedin [Input Processing at Fault] (the value used as an input value at error).Specify the input value at error (%) in the range from -25.0 to 125.0. The default value is0.0%.This item is valid only when [Input Processing at Fault] is [Fixed Value].Even if the [Signal Conversion] is set to SQRT, this setting value is used directly as the inputvalue when error occurs. (The value set here will not be square-rooted when used as the in-put value.)

l Input Processing at Transmitter FaultThis is the value set as the input value if a transmitter error is detected (a value used as aninput value at error). This item is only enabled for current inputs.• Input Processing at Fault:

Follow the setting of [Input Processing at Fault] if a transmitter error occurs (default).

• Raw Data:The raw data from the input module is set as the input value.

l Signal ConversionThis item specifies the conversion method of the input signal.• LINEAR (No Conversion):

The physical range specified by the "Low Limit" and "High Limit" (mA or V) is converted to0 to 100 (%) data (default).

• SQRT:After LINEAR conversion, input range checks are performed (against the IOP highlimit/low limit and transmitter fault high limit/low limit). Then, the square root is calculatedand the result is converted to a data value of 0 to 100 (%).The square-root conversion is illustrated as follows:

0%

SL SH

SL: [Lower Limit] (4 mA for current input) SH: [High Limit] (20 mA for current input)

Input signal (raw data)

Input signal (converted value)

100%

Figure A4.4-1 SQRT



l High Limit/Low LimitThese items refer to the upper limit value and lower limit value of the input signal from thefield.Values between 0 and 100% are assigned to the specified measurement range. The meas-urement range can only be changed for voltage input modules.

Table A4.4-2 High Limit value/Low Limit valueInput type Input module model name Low limit value of range High limit value of range

Current input SAI143 4 20

Voltage input SAV144 1.000 to 10.000(default is 1)

1.000 to 10.000(default is 5)

l UnitThis is the unit of the input signal and determined by the type of input module.

l Detect IOP (High)This item specifies whether to detect an input open status when the process value (the valueafter the input signal was converted (0 to 100%)) exceeds the threshold. When the signal con-version setting is [SQRT], the value prior to the square-root calculation is used as the processvalue (hereinafter referred to as "process value"). The input value at fault is the value speci-fied by the setting item "Input Processing at Fault".• No:

An input open circuit error is not detected.

• Yes:If a process value exceeds the threshold value, an input open circuit error is detected andthe data status of the input variable connected to the applicable channel becomes BAD(default). The threshold value is specified with [Threshold of IOP (High) %].

l Detect IOP (Low)This item specifies whether or not to detect an input open circuit error if a process value fallsbelow the threshold value. The input value at fault is the value specified by the setting item"Input Processing at Fault."• No:


• Yes:If a process value falls below the threshold value, an input open circuit error is detectedand the data status of the input variable connected to the applicable channel becomesBAD (default). The threshold value is specified with [Threshold of IOP (Low) %].

l Threshold of IOP (High) %This item specifies the upper limit level at which an input open circuit error is detected. Thisitem is only enabled when [Yes] is specified for [Detect IOP (High)]. It is judged that an inputopen circuit error has occurred if the process value exceeds this setting.The default value is 112.5% (for current input) and 106.3% (for voltage input).Note that the following checks are performed even if [No] is specified for [Detect IOP (High) ].• An error occurs if a value is entered such that the value of [Threshold of IOP (High) %]

becomes equal to or smaller than the value of [Threshold of Transmitter Fault (High) %].

• An error occurs if a value outside the setting range of the analog input module is entered.«Setting range»



Current input: -18.75% to 118.75% (1 to 23 mA)Voltage input: Varies depending on the range specification (0.1 to 11 V)• If the range is set to 1 to 10 V: -10% to 111.1% (0.1 to 11 V)

• If the range is set to 1 to 5 V: -22.5 % to 125 % (0.1 to 6 V)

In addition to the checks above, the following input checks are performed.

• Number of characters:

• Number of decimal places:

Up to 7 single-byte charactersUp to 2 digits

l Threshold of IOP (Low) %This item specifies the lower limit level at which an input open circuit error is detected. Thisitem is enabled only when [Yes] is specified for [Detect IOP (Low) ]. It is judged that an inputopen circuit error has occurred if the process value falls below this setting.Specify a value between -25.0% to 125.0%. The default value is -6.3%.Note that the following checks are performed even if [No] is specified for [Detect IOP (Low) ].• An error occurs if a value is entered such that the value of [Threshold of IOP (Low) %]

level becomes equal to or greater than the value of [Threshold of Transmitter Fault (Low)%].

• An error occurs if a value outside the setting range of the analog input module is entered.«Setting range»Current input: -18.75% to 118.75% (1 to 23 mA)Voltage input: Varies depending on the range specification (0.1 to 11 V)• If the range is set to 1 to 10 V: -10% to 111.1% (0.1 to 11 V)

• If the range is set to 1 to 5 V: -22.5 % to 125 % (0.1 to 6 V)





l Detect Transmitter Fault (High)This item specifies whether or not to detect a transmitter error if a process value exceeds thethreshold value. This item is only enabled for current inputs. The input value at fault is the val-ue specified by the setting item "Input Processing at Transmitter Fault".• No:

A transmitter error is not detected.

• Yes:If the process value exceeds the threshold value, a transmitter error is detected and thedata status of the input variable connected to the applicable channel becomes BAD (de-fault). The threshold value is specified with [Threshold of Transmitter Fault (High) %].

l Detect Transmitter Fault (Low)This item specifies whether or not to detect a transmitter error if a process value falls belowthe threshold value. This item is only enabled for current inputs. The input value at fault is thevalue specified by the setting item "Input Processing at Transmitter Fault".• No:

A transmitter error is not detected.

• Yes:



If the process value falls below the threshold value, a transmitter error is detected and thedata status of the input variable connected to the applicable channel becomes BAD (de-fault). The threshold value is specified with [Threshold of Transmitter Fault (Low) %].

l Threshold of Transmitter Fault (High) %This item specifies the upper limit level at which a transmitter error is detected. This item isenabled only when [Yes] is specified for [Detect Transmitter Fault (High)]. It is judged that atransmitter error has occurred if the process value falls below this setting. This item is onlyenabled for current inputs.The default value is 106.3 %.Note that the following checks are performed even if [No] is specified for [Detect TransmitterFault (High)].• An error occurs if a value is entered such that the value of [Threshold of IOP (High) %]

becomes equal to or smaller than the value of [Threshold of Transmitter Fault (High) %].

• An error occurs if a value outside the setting range of the analog input module is entered.«Setting range»Current input: -18.75% to 118.75% (1 to 23 mA)

l Threshold of Transmitter Fault (Low) %This item specifies the lower limit level at which a transmitter error is detected. This item isenabled only when [Yes] is specified for [Detect Transmitter Fault (Low) ]. It is judged that atransmitter error has occurred if the process value falls below this setting. This item is onlyenabled for current inputs.The default value is -1.25 %.Note that the following checks are performed even if [No] is specified for [Detect TransmitterFault (Low) ].• An error occurs if a value is entered such that the value of [Threshold of IOP (Low) %]

level becomes equal to or greater than the value of [Threshold of Transmitter Fault (Low)%].

• An error occurs if a value outside the setting range of the analog input module is entered.«Setting range»Current input: -18.75% to 118.75% (1 to 23 mA)



TIP If it is specified to detect input open (IOP+, IOP-) and transmitter errors (TRNS+, TRNS-), diagnostic informa-tion messages indicating the occurrence of an alarm and the recovery are notified as follows:

• If the PV value changes, causing the alarm status to change, a diagnostic information message corre-sponding to the status after change is notified.

• The diagnostic information message indicating recovery from the generated alarm is notified only when thealarm status recovers to NR (normal). Messages indicating recovery from individual alarms, IOP+/IOP-/TRNS+/TRNS-, are not notified.

Following (1) to (7) are the Diagnostic information messages that are notified at the change of the PV value:

IOP upper limit detection level

IOP lower limit detection level

Transmitter error upper limit detection level

Transmitter error lower limit detection level

IOP+

TRNS-

TRNS+

IOP-

NR

PV

(1) (6)(5)(4)

(3)(2)

(7)

PV value before change PV value after change

(1) Occurrence of TRNS+(2) Occurrence of IOP+ (No messages indicating recovery from TRNS+ are generated.)(3) Occurrence of TRNS+ (No messages indicating recovery from IOP+ are generated.)(4) Recovery from channel error(5) Occurrence of IOP+ (No messages indicating occurrence of/recovery from TRNS+ are generated.)(6) Recovery from channel error(7) Occurrence of IOP+ (No messages indicating recovery from IOP- are generated.

No messages indicating occurrence of/recovery from TRNS- are generated.No messages indicating occurrence of/recovery from TRNS+ are generated.)

Figure A4.4-2 Generation of diagnostic information messages

l Field Power DiagnosisThis item specifies the wiring type as 2-wire or 4-wire. It is used to determine the method ofpower supply diagnosis of the input modules. Current input modules perform self-diagnosison whether or not the power is supplied correctly to the field according to this setting. Thisitem is only enabled for current inputs.



IMPORTANTMake sure that this setting matches with the 2-wire/4-wire setting made using the setting pinsin the analog input module. If the settings made here are different from those of the hardware,a channel error occurs in the case of single input module configuration and the control shiftsto the standby module in the case of a dual-redundant input module configuration.

• None:Do not perform field power supply diagnosis.

• 2 wire:2-wire (Default: Diagnose that the power is supplied to the field. Diagnosis indicates nor-mal if the power is supplied to the field device.) The input value at fault is the value speci-fied by the setting item "Input Processing at Fault".

• 4 wire:4-wire (Diagnose that no power is supplied to the field. Diagnosis indicates normal if nopower is supplied to the field device.) The input value at fault is the value specified by thesetting item "Input Processing at Fault."

l P&ID Tag NameThis is a comment that the user can specify in order to make it easy to identify informationdrawn on a P&ID drawing with the channel.The comment should be written within 16 single-byte characters or 8 double-byte characters.This setting item can be omitted.

n Items set for each channel of a thermocouple/resistancetemperature detector (TC/RTD) analog input module

The following items are set for each channel of a TC/RTD analog input module (SAT145 andSAR145):

Table A4.4-3 Items set for each channel of a TC/RTD analog input module

Setting items Online changedownload(*1) IOM download (*2) Remarks

Channel number - - Only for display

Wiring position - - Only for display

I/O Variable name - - Only for display

Direction - - Only for display

Comment - - Only for display

Input Processing at Fault Yes No -

Input Value at Fault Yes No -

Signal conversion Yes Yes -

Low limit Yes Yes -

High limit Yes Yes -

Unit Yes Yes

Detect IOP (High) Yes No -

Detect IOP (Low) Yes No -

Threshold of IOP (High) % Yes No -

Threshold of IOP (Low) % Yes No -




Table A4.4-3 Items set for each channel of a TC/RTD analog input module (Table continued)

Setting items Online changedownload(*1) IOM download (*2) Remarks

Reference junction compensation Yes Yes -

Burnout Yes Yes -

P&ID Tag name Yes No -

*1: Indicates whether the setting can be changed by online change downloading.Yes: The setting can be changed by online change downloading.- : Not a target


Setting items that are not explained as common items are explained as follows:

l Input Processing at FaultThis setting is for specifying the input operation to be used when an input error is detected.Specify [Hold] or [Fixed Value].The input faults that can be detected include errors on both redundant communication pathsfrom the CPU to an analog input module, errors in analog input modules, channel errors, IOPand field wiring errors.• Hold:

The value before the fault was detected is retained.

• Fixed value:The input value specified in Input Value at Fault is set (default).

l Input Value at Fault (%)This is the value set as the input value instead of the process value if [Fixed Value] is selectedin [Input Processing at Fault] (the value used as an input value at error).Specify the input value at error (%) in the range from -1000.0 to 1000.0. The default value is100.0 %.This item is valid only when [Input Processing at Fault] is [Fixed value].

SEEALSO For more information about important points when setting this item, refer to:

“ Issues to Consider when Setting the Parameters (by Channel) of the Analog Input Module (SAT145,SAR145)” in “ Setting of Parameters of I/O Modules” in 2.10, “Diagnosis Function of SCS” in Engineer-ing Guide (IM 32Q01C10-31E)

l Signal conversionThis item specifies the conversion method of the input signal.

Table A4.4-4 Input signal conversion for the thermocouple/mV input module (SAT145)Selection Explanation of signal conversion

Type K Temperature conversion Type K (default)

Type E Temperature conversion Type E

Type T Temperature conversion Type T

Type J Temperature conversion Type J

Type R Temperature conversion Type R

Type S Temperature conversion Type S

Type B Temperature conversion Type B




Table A4.4-4 Input signal conversion for the thermocouple/mV input module (SAT145) (Table continued)Selection Explanation of signal conversion

Type N Temperature conversion Type N

mV Input -20 to 80 mV(%)

No temperature conversion. However, the physical range (mV) set in "High Limit"and "Low Limit" is converted to 0 to 100% data.

mV Input -100 to 150mV (%)

mV Input -5 to 25 mV(%)

TC Input -20 to 80 mV(V)

No temperature conversion. Voltage value entries are directly applied to input val-uables.

TC Input -100 to 150mV (V)

TC Input -5 to 25 mV(V)

Table A4.4-5 Input signal conversion for the resistance temperature detector input module (SAR145)Selection Explanation of signal conversion

PT100 Temperature conversion Type PT100 (default)

JPT100 Temperature conversion Type JPT100

PT50 Temperature conversion Type PT50




Ni100 (DIN) Temperature conversion Type Ni100 (DIN)

Ni120 (MINCO) Temperature conversion Type Ni120 (MINCO)

RTD Input 0 to 800 ohm (%) No temperature conversion. However, the physicalrange (ohm) set in "High Limit" and "Low Limit" isconverted to 0 to 100% data.RTD Input 0 to 4000 ohm (%)

RTD Input 0 to 800 ohm (ohm) No temperature conversion. Resistor value entriesare directly applied to input valuables.

RTD Input 0 to 4000 ohm (ohm)

l Low Limit/High LimitThese items refer to the upper limit value and lower limit value of the input signal from thefield. They are determined based on the combination of the signal conversion type and theengineering unit symbol. They are shown according to the module type and engineering unitsymbol.

Table A4.4-6 Range upper and lower limits for the thermocouple/mV input module (SAT145) (engineer-ing unit symbol C)

Signal conversion Low limit value of range High limit value of rangeType K -200 1200

Type E -200 900

Type T -200 350

Type J -40 750

Type R 0 1600

Type S 0 1600

Type B 600 1700




Table A4.4-6 Range upper and lower limits for the thermocouple/mV input module (SAT145) (engineer-ing unit symbol C) (Table continued)

Signal conversion Low limit value of range High limit value of rangeType N -200 1200

Table A4.4-7 Range upper and lower limits for the thermocouple/mV input module (SAT145) (engineer-ing unit symbol F)

Signal conversion Low limit value of range High limit value of rangeType K -300 2200

Type E -300 1700

Type T -300 650

Type J -40 1400

Type R 0 2900

Type S 0 2900

Type B 1100 3100

Type N -300 2200

Table A4.4-8 Range upper and lower limits for the thermocouple/mV input module (SAT145) (engineer-ing unit symbol K)

Signal conversion Low limit value of range High limit value of rangeType K 100 1500

Type E 100 1200

Type T 100 600

Type J 200 1000

Type R 250 1900

Type S 250 1900

Type B 900 2000

Type N 100 1500

Table A4.4-9 Range upper and lower limits for the thermocouple/mV input module (SAT145) (engineer-ing unit symbol mV)

Signal conversion Low limit value of range High limit value of rangemV Input -20 to 80 mV (%) -20 (default) to 80 -20 to 80 (default)

mV Input -100 to 150 mV (%) -100 (default) to 150 -100 to 150 (default)

mV Input -5 to 25 mV (%) -5 (default) to 25 -5 to 25 (default)

TC Input -20 to 80 mV (V) -20 (default) to 80 -20 to 80 (default)



Table A4.4-10 Range upper and lower limits for the resistance temperature detector input module(SAR145) (engineering unit symbol C)

Signal conversion Low limit value of range High limit value of rangePT100 -200 850

JPT100 -200 500

PT50 -200 850

PT200 -200 850




Table A4.4-10 Range upper and lower limits for the resistance temperature detector input module(SAR145) (engineering unit symbol C) (Table continued)


PT1000 -200 850

Ni100 (DIN) -60 250

Ni120 (MINCO) -80 320

Table A4.4-11 Range upper and lower limits for the resistance temperature detector input module(SAR145) (engineering unit symbol F)


JPT100 -300 900

PT50 -300 1500

PT200 -300 1500

PT500 -300 1500

PT1000 -300 1500

Ni100 (DIN) -50 450

Ni120 (MINCO) -100 600

Table A4.4-12 Range upper and lower limits for the resistance temperature detector input module(SAR145) (engineering unit symbol K)

Signal conversion Low limit value of range High limit value of rangePT100 100 1100

JPT100 100 750

PT50 100 1100

PT200 100 1100

PT500 100 1100

PT1000 100 1100

Ni100 (DIN) 250 500

Ni120 (MINCO) 200 550

Table A4.4-13 Range upper and lower limits for the resistance temperature detector input module(SAR145) (engineering unit symbol ohm)

Signal conversion Low limit value of range High limit value of rangeRTD Input 0 to 800 ohm (%) 0 (default) to 800 0 to 800 (default)

RTD Input 0 to 4000 ohm (%) 0 (default) to 4000 0 to 4000 (default)

RTD Input 0 to 800 ohm (ohm) 0 (default) to 800 0 to 800 (default)

RTD Input 0 to 4000 ohm (ohm) 0 (default) to 4000 0 to 4000 (default)

l Unit (Engineering unit symbol)This is the unit for input symbols. The available types depend on symbol conversion.• Thermocouple/mV input module (SAT145)



Table A4.4-14 Engineering unit symbols for the thermocouple/mV input module (SAT145)Engineering unit symbol Description Symbol conversion

C Celsius (default) Type K, Type E, Type T, Type J,Type R, Type S, Type B, Type N

F Fahrenheit

K Kelvin

mV Millivolt mV input (%), TC input (V)

• Resistance temperature detector input module (SAR145)

Table A4.4-15 Engineering unit symbols for the resistance temperature detector input module(SAR145)

Engineering unit symbol Description Symbol conversionC Celsius (default) PT100, JPT100, PT50, PT200,

PT500, PT1000, Ni100 (DIN),Ni120 (MINCO)F Fahrenheit

K Kelvin

ohm Ohm RTD input (%), RTD input (Ω)

l Detect IOP (High)This item specifies whether or not to detect an input open status when an input signal ex-ceeds the threshold value.• No:


• Yes:If an input signal exceeds the threshold value, an input open circuit error is detected, andthe data status of the input variable connected to the applicable channel becomes BAD(default). The threshold value is specified with [Threshold of IOP (high) %].

l Detect IOP (Low)This item specifies whether or not to detect an input open circuit error if a process value fallsbelow the threshold value.• No:


• Yes:If a process value falls below the threshold value, an input open circuit error is detectedand the data status of the input variable connected to the applicable channel becomesBAD (default). The threshold value is specified with [Threshold of IOP (Low) %].

l Threshold of IOP (High) %This item specifies the upper limit level at which an input open circuit error is detected. Thisitem is only enabled when "Yes" is specified for "Detect IOP (High)". An input open circuit er-ror is judged if the process value exceeds this setting.The default value is 106.3 %.Note that the following checks are performed even if "No" is specified for "Detect IOP (High)".• If you input a value outside of the -1000.0% to 1000.0% range, an error occurs.

• If you input a value outside of the -25.0% to 125% range, a warning is displayed whensaving.


• Number of characters: Up to 7 single-byte characters



• Number of decimal places: Up to 2 digits



l Threshold of IOP (Low) %This item specifies the lower limit level at which an input open circuit error is detected. Thisitem is enabled only when "Yes" is specified for "Detect IOP (Low) ". An input open circuit er-ror is judged if the process value falls below this setting.Specify a value between -1000.0% to 1000.0%. The default value is 0.0% for resistance tem-perature detector input and -6.3% for thermocouple input.Note that the following checks are performed even if "No" is specified for "Detect IOP (Low)".• If you input a value outside of the -1000.0% to 1000.0% range, an error occurs.

• If you input a value outside of the -25.0% to 125% range, a warning is displayed whensaving.







l Reference junction compensationSpecify whether or not to perform reference junction compensation. This item is only availablein the thermocouple input module. However, it is not available when [mV Input], [TC Input], or[Type B] is specified for signal conversions.• No:

Reference junction compensation is not performed.

• Yes:Reference junction compensation is performed (default).

l BurnoutSpecify the input operation when there is a disconnection. When detection of input open cir-cuit errors is enabled and an input open circuit error is detected, the value specified in InputProcessing at Fault is set as the input variable.• Burnout upscale:

Clamps the input to the upper limit specified by the module when there is a disconnection(default).

• Burnout downscale:Clamps the input to the lower limit specified by the module when there is a disconnection.

• No:Disables the burnout operation.






A4.5 Items set for analog outputsThis section explains I/O Parameter Builder setting items unique to analog outputs, classifyingthem into setting items for each module and each channel.

n Item set for each module (analog outputs)The following item is set for each analog output module:• Command Line




l Command LineTIP Specify the command line using up to 256 single-byte characters. If the command line is not set, the default

value will be used for each applicable item. The format is as follows.

Item name = Data value, Item name = Data value, ...

• SOOP (Output open detection level)This item specifies an output open (OOP) detection level. An open circuit error is recog-nized when the readback value of an output falls below the set value. The default is0.00085 A.Format• SOOP=0.001

Parameter• Output open detection level

Specify an output open detection level in amperes (A). The specifiable range is 0 to0.023 A. The following condition must be satisfied.SOOP < Output value at fault (fail-safe value)

Tight-shut output is specified:Tight-shut output is not specified:

SOOP < Tight-shut output valueSOOP < Power-on output value (0.00125 A)

• This item can be changed via online change download. Note, however, that IOMdownload is also performed at the same time.

n Items set for each channel (analog output)The following items are set for each channel of an analog output module:

Table A4.5-1 Items set for each channel of analog output module

Setting items Online changedownload (*1)

IOMdownload (*2) Remarks





<A4.5 Items set for analog outputs > A4-28


Table A4.5-1 Items set for each channel of analog output module (Table continued)





Output Shutoff Switch(Specify Output Shutoff Switch) Yes Yes -

Output Processing at Fault(Specify Output Value in Detecting Er-ror)

Yes Yes -

Output Value at Fault(Specify Output Value at Fault) Yes Yes -

Tight-shut/Full-open(Specify Tight-shut/Full-open) Yes Yes(*3) -

Tight-shut Value(Specify Tight-shut Value) Yes Yes -

Full-open Value(Specify Full-open Value) Yes No -

Detect Short Circuit(Specify Detect Short Circuit) Yes Yes -

Detect Disconnection(Specify Detect Disconnection) Yes Yes -


Command Line(Specify Command Line) Yes Yes -

*1: Indicates whether the setting can be changed by online change downloading.Yes: The setting can be changed by online change downloading.No: Online change downloading is not possible- : Not a target


*3: IOM downloading may be performed according to the modified contents.

The setting items that are not explained above as common items are explained below.



l Output Shutoff SwitchThe output shutoff switch can be used to shutoff all the outputs of the module when the mod-ule encounters a critical malfunction for properly outputting signals, and the whole module be-comes failure mode (Module HRDY OFF). Enable or disable this switch needs to be specified.• Enable:

Activate the Output Shutoff switch if a dangerous failure occurs (default).

• Disable:Do not activate the Output Shutoff switch even if a dangerous failure occurs.



l Output Processing at FaultThis item needs to be specified so that when an error occurs in CPU module (both CPU mod-ules in redundant configuration) or in the path from CPU to output module, the output modulecan act the specified processing for the output from the output channel to the field device.• Hold:

Hold the outputs upon detection of an error.

• Fixed Value:Change each output value to the value specified in [Output Value at Fault] upon detectionof an error (default).

l Output Value at FaultThis value is used as a fail-safe value (i.e., output value at fault) when [Output Processing atFault] is set to [Fixed Value].• Specify the value to be output upon error, in a range of -17.19 to 117.19 (%). The default

value is -17.19 %. This setting is effective only when [Output Processing at Fault] is set to[Fixed Value].

The following input checks are performed.

• Range:

• Permitted characters:



-17.19 to 117.19 (%)Single-byte numbers, decimal point, negative sign (-)Up to 6 single-byte charactersUp to 2 digits

l Tight-shut/Full-openTight-shut/full-open is a function that reduces the actual output value to 0% or below when themanipulated output value is 0%, or increases the actual output value to 100% or above whenthe manipulated output value is 100%, in order to fully close or open the control valve firmly.Specify whether or not to enable this function.If PRM (Plant Resource Manager) is used, set "Tight-shut/Full-open" to "Yes" and determinean appropriate tight-shut value for the connected device.• Yes:

Enable the tight-shut/full-open function (default). Specify a tight-shut value in [Tight-shutValue], and a full-open value in [Full-open Value].The initial output value of the module (i.e., default initial value upon power-on) will be thesame value of the tight-shut output.

• No:Disable the tight-shut/full-open function. The initial output value of the module (default ini-tial value upon power-on) is fixed to -17.19% (1.25 mA).

The following graphs show the relationships of logical data (LD) and physical data (PD) whenthe data is normal, output is enabled, and output variable is not locked.



0.0

-17.19 -17.19

-17.19

100.0

100.0

106.25

0.0

100.0106.25

118.75

117.19

PD.v[%] PD.v[%]

LD.v[%] 100.0 118.75 LD.v[%]

<Relationship of LD and PD with tight-shut specification> <Relationship of LD and PD without tight-shut specification>

Full-open output value (default: 106.25%)

Full-open output value (default: 106.25%)

Tight-shut output value (default: -17.19%)

Figure A4.5-1 The following graphs show the relationships of logical data (LD) and physical data (PD)when the data is normal, output is enabled, and output variable is not locked.

l Tight-shut ValueThis item specifies in a range of -17.19 to 0 (%) the actual value to be output when the tight-shut/full-open function is specified and the output value is 0%. The default is -17.19% (1.25mA). This setting is possible only when [Tight-shut/Full-open] is set to [Yes].The following input checks are performed.

• Range:




-17.19 to 0 (%)Single-byte numbers, decimal point, negative sign (-)Up to 6 single-byte charactersUp to 2 digits

l Full-open ValueThis item specifies in a range of 100 to 117.19 (%) the actual value to be output when thetight-shut/full-open function is specified and the output value is 100 %. The default is 106.25% (21 mA). This setting is possible only when [Tight-shut/Full-open] is set to [Yes]. To imple-ment "reverse output," create the necessary application using the application logic.The following input checks are performed.

• Range:




100 to 117.19 (%)Single-byte numbers, decimal point, negative sign (-)Up to 6 single-byte charactersUp to 2 digits

l Detect Short CircuitThis item specifies whether or not to detect short circuit.

• Yes:

• No:

Detect short circuit (default).Do not detect short circuit.

l Detect DisconnectionThis item specifies whether or not to detect open circuit.

• Yes: Detect disconnection (default).



• No: Do not detect disconnection.


l Command LineTIP Specify the command line using up to 256 single-byte characters. If the command line is not set, the default

value will be used for each applicable item. The format is as follows.

Item name = Data value, Item name = Data value, ...

• SCREG (short circuit detection level)This item specifies a short circuit detection level. A short circuit is detected when the wir-ing resistance falls below the set value. By specifying a value greater than the wiring re-sistance as the short circuit detection level, a short circuit on a device terminal can be de-tected. The default value is 70 Ω.• Format

SCREG=100

• ParameterSpecify an integer value for SCREG. The unit is ohms (Ω) and the specifiable rangeis 60 to 750 Ω. SCREG must satisfy the following condition:Value specified for SCREG > wiring resistance(*1)

*1: Add the resistance of KS cables, etc. to the wiring resistance.

IMPORTANTIf the current output value falls below -6.25 % (3 mA) due to the settings of "Output Value atFault" and "Tight-shut Value", the short circuit detection operation becomes unstable in therange of SCREG setting ±20 Ω.Therefore, consider the above characteristic and the actual wiring resistance and set an ap-propriate SCREG value that allows the short circuit detection to be performed without fail.If the default SCREG setting (70) is used without setting the command line, a short circuit isnot detected if the wiring resistance reaches or exceeds 90 Ω. However, a short circuit is de-tected without fail when the wiring resistance is 50 Ω or below.

Example:A device is connected using a KS cable and SCREG is set to 70 Ω

Device Terminal block

Output module

Wiring KS cable

Figure A4.5-2 Example of a KS cable connecting a device

• Add the resistance of KS cable to the wiring resistance.



• If SCREG is set to 70 Ω, the following operations are performed in accordancewith the output current value.• 3 mA (-6.25%) or above

It has an error of ±10 Ω. A short circuit is always detected if the wiring resist-ance is 60 Ω or below. A short circuit is not detected if the wiring resistance is80 Ω or above.

• 1 mA (-18.75%) or above, but below 3 mAIt has an error of ±20 Ω. A short circuit is always detected if the wiring resist-ance is 50 Ω or below. A short circuit is not detected if the wiring resistance is90 Ω or above.

• Below 1 mAA short circuit is not detected.

TIP The resistance value of a KS cable is 230 Ω/km and the resistance value of a standard cable (such asAWG20) is 23 to 50 Ω/km.



A4.6 Items set for discrete inputsSome items in the SCS input/output settings vary depending on the type of input/output mod-ule.This section explains setting items unique to discrete inputs, classifying them into settingitems for each module and each channel.

n Items set for each module (discrete input)The following items are set for each DI module in I/O Parameter Builder.

Table A4.6-1 Items set for a discrete input module



Node Number(Specify Node Number) - - Only for display

Slot Number(Specify Slot Number) - - Only for display

Device(Specify Device) - - Only for display

Dual-Redundant(Specify Dual-Redundant) - - Only for display

Device Number(Specify Device Number) - - Only for display


Software Filter(Specify Software Filter) Yes Yes -

Automatically Delete Noisy Events(Specify Automatically Delete NoisyEvents)

Yes Yes -

SOE Deletion Schedule(Specify SOE Deletion Schedule) Yes Yes -

Number of SOE Events(Specify Number of SOE Events) Yes Yes -






l Software FilterThe software filter is applied for reducing the influence of noises. An integer between 0 and10 can be selected as the filter setting value. The default setting is 1.With this filter, the discrete input chattering signals can be sifted out so as to prevent from er-ror actions.

<A4.6 Items set for discrete inputs > A4-34


The filter setting value multiplied by 10 ms (sampling period) is the filter time. The chatteringsignals occurred within this filter time will be eliminated.As an example, if the filter setting value is 2, the chattering signals shorter than 20 ms (2x10ms) will be eliminated.• If the filter setting value is 0, the noise signals will not be filtered thus PV varies with the

noise signals. In general, the filter setting value should not be set to 0.

l Automatically Delete Noisy EventsThis item specifies whether or not to delete events automatically, if many events that are tar-gets of SOER occur.If a channel repeatedly generates too many events, the events from other channels may belost. With this option, the number of repeated events per channel can be limited. If the numberof events that have occurred during the time specified in "SOE Deletion Schedule" exceedsthe number of events specified in "Number of SOE Events", all subsequent events will be dis-carded. If "SOE Deletion Schedule" is set to 1 second and "Number of SOE Events" is set to3, and three or more events have occurred within 1 second, then the fourth and subsequentevents occurring within 1 second will be automatically discarded. However, if the last event iscontradictory with the current status of the DI, a pseudo event will be generated to indicatethe DI status.• Yes:

Automatically delete events if many events occur.

• No:Do not delete events even if many events occur (default).

l SOE deletion scheduleThis item specifies the time period setting for [Automatically Delete Noisy Events] in units ofseconds. This setting item is enabled if [Yes] is selected for [Automatically Delete NoisyEvents].Select either 0.5, 1.0, 1.5, 2.0, 2.5, 3.0 or 3.5 seconds. The default value is 1.0 second.

l Number of SOE EventsThis item specifies the number of events for Automatically Delete Noisy Events. This settingitem is enabled if "Yes" is selected for "Automatically Delete Noisy Events".Select either 3 or 5. The default value is 3 events.

SEEALSO For more information about SOE, refer to:

A7., “SOER” on page A7-1

n Items set for each channel (discrete input)The following items are set for each channel in I/O Parameter builder for DI modules.

Table A4.6-2 Items set for each channel of a discrete input module









Table A4.6-2 Items set for each channel of a discrete input module (Table continued)





Input Processing at Fault(Specify Input Processing at Fault) Yes No -


Detect Short Circuit(Specify Detect Short Circuit) Yes Yes -

Pulse Test(Specify Pulse Test) Yes Yes -

SOER (Setting for SOER)(Specify Trip Signal) Yes Yes -

Trip Signal (Setting for SOER)(Specify Trip Signal) Yes No -







l Input Processing at FaultThis item specifies a value that will be passed to the application logic instead of the input fromthe field if an error is detected in the input of the channel, including channel errors, DI moduleerrors and errors in the path from the CPU to the DI module.• 0:

• 1:

• Hold:

The input value is set to 0 at error detection (default).The input value is set to 1 at error detection.The value immediately before the error was detected is retained when an error isdetected.

l Detect Disconnection (Open Circuit)This item specifies whether or not to detect disconnection.• Yes:

• No:

::

Detect disconnection.Do not detect disconnection (default). When the disconnection occurs, input val-ue is 0 and the status is GOOD.



IMPORTANTIf [Yes] is set for [Detect Disconnection], disconnection errors can be detected. Make sure,however, to connect a wiring check adapter (SCB100) on the channel if you specify [Yes]. Ifyou specify [Yes] without connecting the adapter, the SCS erroneously detects a disconnec-tion error whenever the input value is OFF.

l Detect Short CircuitThis item specifies whether or not to detect a short circuit in the wiring.• Yes:

• No:

Detect short circuit (default).Do not detect short circuit. When the short-circuit error occurs, input value is 1 andthe status is GOOD.

IMPORTANTIf [Yes] is set for Detect Short Circuit, short-circuit errors can be detected (assuming short cir-cuit with the power supply line). However, if you specify [Yes] , ensure to install a wiring checkadapter (SCB110) in the channel. If you specify [Yes] without connecting the adapter, the SCSerroneously detects a short-circuit error whenever the input value is ON.

l Pulse TestThis item specifies whether or not to perform a pulse test (wiring check between the inputchannels using pulse output).• Yes:

• No:

Perform a pulse test (default).Do not perform the pulse test.

IMPORTANTIf [Yes] is set for [Pulse Test], wiring short-circuit errors between input channels can be detec-ted. Make sure, however, to connect a wiring check adapter (SCB110) to the channel if youspecify [Yes] for a channel which receives NC input signals.. If you specify [Yes] without con-necting the adapter, the SCS cannot detect inter-channel short circuit when the input value isON.

l SOER (setting for SOER)This item specifies whether or not to accumulate events for SOER when a signal changes.

• Yes:

• No:

Accumulate SOE events when a signal changes (default).Do not accumulate SOE events.

l Trip Signal (setting for SOER)This item specifies whether or not to regard an event as a trip occurrence. This setting is onlyenabled if [Yes] is set for [SOER].• No (0):

Changes are not regarded as a trip signal (default).

• OFF TRIP (1):A change to OFF is regarded as a trip signal and SOE data before and after a trip is stor-ed in an SCS.



• ON TRIP (2):A change to ON is regarded as a trip signal and SOE data before and after a trip is storedin an SCS.




A4.7 Items set for discrete outputsDifferent items are specified depending on the type of inputs and outputs when setting inputsand outputs of an SCS.This section explains setting items that are unique to discrete outputs, classifying them intosetting items for each module and each channel.

n Items set for each module (discrete output)There is no item set for each module that is unique to discrete outputs (i.e., it is only necessa-ry to set common specification items for an IOM).

n Items set for each channel (discrete output)The following items are set for each channel in I/O Parameter Builder for DO modules.

Table A4.7-1 Items set for each channel of a discrete module








Output Shutoff Switch(Specify Output Shutoff Switch) Yes Yes -

Output Value in Detecting Error(Specify Output Value in Detecting Er-ror)

Yes Yes -


Pulse Test (OFF)(Specify Pulse Test (OFF)) Yes Yes -

Pulse Test (ON)(Specify Pulse Test (ON)) Yes Yes -

SOER (Setting for SOER)(Specify Trip Signal) Yes No -

Trip Signal (Setting for SOER)(Specify Trip Signal) Yes No -


Command Line(Specify Command Line) No No This item does not

need to be entered.



<A4.7 Items set for discrete outputs > A4-39





l Output Shutoff SwitchThe output shutoff switch can be used to shutoff all the outputs of the module when the mod-ule encounters a critical malfunction such as the output is clutched to ON status, and thewhole module becomes failure mode (Module HRDY OFF). If the Output Shutoff switch is ac-tivated, the output of all DO channels of the relevant module is set to OFF. This setting is notaffected in the event of short circuit. For SDV526, this setting is fixed at Disable and cannotbe changed.• Enable:

Activate the Output Shutoff switch if a dangerous failure such as the output getting stuckin the ON status occurs (default).

• Disable:Do not activate the Output Shutoff switch even if a dangerous failure occurs.

l Output Value in Detecting ErrorThis item specifies a value output from the channel to the field if an error occurs on the CPUmodule (both CPU modules in redundant configuration) or in the path from CPU to outputmodule. This definition is used as the fail-safe value set for the output variables. For SDV526,this setting is fixed at the default value and cannot be changed.

• 0:

• 1:

• Hold:

Output 0 to the field at error detection (default)Output 1 to the field at error detectionThe value immediately before the error was detected is maintained when an erroris detected.

l Detect Disconnection (Open Circuit detection)This item specifies whether or not to detect disconnection.

• Yes:

• No:

Detect disconnection (default).Do not detect disconnection.

l Pulse Test (OFF)This item specifies whether to perform the off-edge pulse test so as to use the off-edge pulseto test the wiring of the channel that maybe clutched to ON status (when the contact is clutch-ed ON or short-circuits occurred among channels). For SDV526, this setting is fixed at No andcannot be changed.

• Yes:

• No:

Perform the off-edge pulse test (default).Do not perform the pulse test.

l Pulse Test (ON)This item specifies whether to perform the on-edge pulse test so as to use the on-edge pulseto test the wiring of the channel that maybe clutched to OFF status (when the contact isclutched OFF or short-circuits occurred among channels). For SDV526, this setting is fixed atNo and cannot be changed.

• Yes: Perform the on-edge pulse test.Do not perform the pulse test (default).



• No:

l SOER (setting for SOER)This item specifies whether or not to accumulate events for SOER when a signal changes.

• Yes:

• No:

Accumulate SOE events when a signal changes.Do not accumulate SOE events (default).

l Trip signal (setting for SOER)This item specifies whether or not to regard an event as a trip occurrence. This setting is onlyenabled if [Yes] is set for [SOER].• No (0):

Changes are not regarded as a trip signal (default).

• OFF TRIP (1):A change to OFF is regarded as a trip signal and SOE data before and after a trip is stor-ed in an SCS.

• ON TRIP (2):A change to ON is regarded as a trip signal and SOE data before and after a trip is storedin an SCS.


l Command LineThis item does not need to be entered.



A5. Inter-SCS safety communicationAn SCS is able to perform safety communication with other SCSs in the same domain as wellas in different domains. This means that the user can create a safety-loop covering two SCSs.

n Overview of inter-SCS safety communicationThe following figure shows an overview of Inter-SCS safety communication.

Diagnostic information message

SCS as a producer (*1)

Function block on the producing side

Function block on the consuming side

Binding variable

SCS as a consumer (*2)

SYS_DIAG function block

SYS_DIAG function block

Control bus error status

Data (BOOL, integer and real number types)

Data status Representative data status

Data (BOOL, integer and real number types)

Binding variable

Binding (*3)

Control bus

*1: An SCS that creates and sends a binding variable*2: An SCS that receives and reads the binding variable*3: A mechanism for passing a binding variable of the SCS on the producing side to the SCS on the consuming side

Figure A5-1 Overview of inter-SCS safety communication

SEEALSO For more information about overview of inter-SCS safety communication and important engineering consider-

ations, refer to:

2.8, “Inter-SCS Safety Communication” in Engineering Guide (IM 32Q01C10-31E)

n Mechanism of inter-SCS safety communicationInter-SCS safety communication is achieved by function blocks dedicated for inter-SCS safetycommunication. The function block on the producing side sends setting data as well as datafor guaranteeing communication quality to the communicating SCS via the control bus. Thecommunication path can be between SCSs in the same domain or SCSs in different domains.In a configuration with CENTUM integration, inter-SCS safety communication can be per-formed while CENTUM devices are connected to the same control bus. The function block onthe consuming side performs various tests on received data to check the validity and only out-puts data whose quality can be guaranteed. If data is judged to be incorrect as a result ofthese tests, the fail-safe value preset on the consuming side is output. Make sure to create anapplication logic to be used when data is not correct.

<A5. Inter-SCS safety communication > A5-1


IMPORTANTThe output enable operation is required in order for the SCS on the producing side to performtransmission. The function block on the consuming side outputs the specified fail-safe valuesand communication status (parameter NR) becomes abnormal (FALSE) until the output ena-ble operation is performed.

SEEALSO For more information about BOOL-type data receive, refer to:

C4.4, “CONS_B (inter-SCS safety communication BOOL-type data consumer)” on page C4-8

For more information about DINT-type data receive, refer to:

C4.5, “CONS_I (inter-SCS safety communication INTEGER-type data consumer)” on page C4-11

For more information about REAL-type data receive, refer to:

C4.6, “CONS_R (inter-SCS safety communication REAL-type data consumer)” on page C4-13

n Operation when launching inter-SCS safety communication• The function block on the consuming side outputs the fail-safe values predefined in the

function block, until the SCS on the producing side starts sending data and the functionblock on the consuming side is ready to correctly receive the data sent by the SCS on theproducing side. The communication status (parameter NR) remains abnormal (FALSE)during this period.

• When you start up the SCS on the producing side and perform the output enable opera-tion, inter-SCS safety communication starts sending data. Once the sent data is success-fully received by the SCS on the consuming side, the function block on the consumingside will output the received data and the communication status will change to normal(TRUE).

n Operations at inter-SCS safety communication errorsIf a communication error occurs during inter-SCS safety communication, the following opera-tions are performed.• The fail-safe value preset on the function block for inter-SCS safety communication on

the consuming side is output.

• The communication status (parameter NR) becomes abnormal (FALSE).

• A diagnostic information message notifying about the error is output.

The following operations are performed if the system recovers from a communication error.• The data value received from the producing side is output from the function block on the

consuming side.

• The communication status (parameter NR) becomes normal (TRUE).

• A diagnostic information message notifying about the recovery is output.

The following table shows the operations that are performed for each error status.



Table A5-1 Operations at communication errorsStatus Output on the consuming side Remarks

The SCS on the producingside has stopped

The previous value is retained afterthe communication stops. After the re-ception interval timeout period is ex-ceeded, the fail-safe value is output.

Start up the SCS on the producingside and perform the output enableoperation to restore communication.

An error has occurred in thecommunication path andcommunication has stoppedfor a long period

Same as above. The data value isoutput when the communication is re-sumed.

-

An error has occurred in thecommunication path andcommunication has stoppedtemporarily

The previous value is retained whilethe communication is stopped. Thedata value is output when the commu-nication is resumed.

This applies when communication isresumed within the reception inter-val timeout period

An error has occurred in thecommunication path and thecontents of the communica-tion have been destroyed

The previous value is maintained aslong as the communication data iscorrupted. The data value is outputwhen correct data is received.

The fail-safe value is output if thecommunication data is corrupted forlonger than the reception intervaltimeout time.

There is a delay in the com-munication path and commu-nication is very slow

The fail-safe value is output if thecommunication is delayed more thanthe transmission delay timeout period.The data value is output when thecommunication is resumed.The transmission delay is not checkedif the transmission delay timeout valueis set to 0.

-

Erroneous engineering is per-formed.

The fail-safe value is output and a di-agnostic information message is out-put.

When a wrong binding variablename is used.



A6. SCS link transmissionThere are the following types of SCS link transmission.• SCS link transmission safety communication (Safety function)

This establishes a safety communication between SCSs in the same domain. A safetyloop can be established between the sending side and receiving side SCSs.

• SCS global switch communication (Interference-free function)This establishes interference-free communication between SCS and CENTUM stations(FCS, APCS, and GSGW; hereafter collectively referred to as FCS) in the same domain.

SEEALSO For more information about SCS global switch communication, refer to:

D6., “SCS global switch communication” on page D6-1

For more information about basic SCS link transmission functions, refer to:

2.9, “SCS Link Transmission” in Engineering Guide (IM 32Q01C10-31E)

For more information about engineering the SCS link transmission, refer to:

5.3, “SCS Link Transmission Definition” in Engineering Reference (IM 32Q04B10-31E)

<A6. SCS link transmission > A6-1


A6.1 Overview of SCS link transmissionThis section generally explains the data structure of SCS link transmission and definitions re-quired for SCS link transmission.

n Data structure of SCS link transmissionData sent through SCS link transmission and data received from the stations are first storedin a dedicated data buffer.When using SCS link transmission data in application logic, communication data is obtainedusing a dedicated input FB. Conversely, to send the result of application logic execution, theresult of application logic should be input to a dedicated output FB.

Logic

Logic

STN03Image

STN02Image

STN64Image

STN01Image

OutputFB

SCS0103

Link transmission data area

Control bus

Application logic

SCS datainput FB

FCS datainput FB

SCS0102FCS0101

Figure A6.1-1 SCS link transmission dataflow

l Receive dataReceive data of SCS link transmission consists of data value and data status. Data status inSCS link transmission does not indicate the quality of each data item, but rather gives statusinformation regarding whether data was received normally. SCS determines data statusbased on the communication status and safety diagnosis result for each communication tar-get station.Both data value and data status can be referenced via input FB. Separate input FBs dedica-ted to each communicating station type (SCS/FCS) are provided.

l Send dataSend data of SCS link transmission has data value only and no data status. There is only onetype of output FB, regardless of whether the send destination is SCS or FCS.

l Function blocks for SCS link transmissionIn order for application logic to handle SCS link transmission data, the following functionblocks are provided for each communicating station type.

<A6.1 Overview of SCS link transmission > A6-2


Table A6.1-1 Function blocks related to SCS link transmissionFB type Processing by the function block Remark

LTRCV Inputs link transmission data from other SCSsSafety

LTSND Outputs link transmission data from local SCS

LTFCS Inputs link transmission data sent from FCS (globalswitch) Interference-free

SYS_FORCE_LT Manages forcing of SCS Link Transmission Safetysystem FBSYS_LTSTS Indicates SCS Link Transmission reception status

SEEALSO For more information about each FB, refer to:

• C4.7, “LTSND (link transmission data output)” on page C4-15

• C4.8, “LTRCV (safety link transmission data input)” on page C4-16

• C7.5, “LTFCS (interference-free link transmission data input)” on page C7-9

• C10.3, “SYS_FORCE_LT (SCS link transmission lock status monitor)” on page C10-5

• C10.5, “SYS_LTSTS (SCS link transmission reception status monitor)” on page C10-10

n Definition of send dataSCS link transmission send should be defined in SCS Link Transmission Builder, and alsocreate the application logic by using the output FB block of SCS link transmission.

l Definition of SCS link transmission sendTo send SCS link transmission data from an SCS to other stations, permit sending via linktransmission in the Self Station tab of SCS Link Transmission Builder.

TIP At all SCSs in the domain where it is permitted to receive SCS link transmission from the station for whichsending is defined, the application regarding receive data can be changed freely, and such changes do notaffect other stations.

l Wiring of send dataTo send correct data, define an output FB in the application logic, and perform wiring defini-tion for the local station data using SCS Link Transmission Builder.

IMPORTANTIf data with no wiring definition at the sending station is referenced at the receiving side sta-tion, data status will be GOOD and data value will be FALSE.

n Definition of receive dataSCS link transmission receive should be defined in SCS Link Transmission Builder, and alsocreate application logic by using the input FB of SCS link transmission.

l Definition of SCS link transmission receiveTo receive SCS link transmission data from other stations, permit receiving via link transmis-sion in the Self station tab of SCS Link transmission builder.Data received from reception target stations are defined in the Other Stations tab of the SCSlink transmission definition.



If the transmission source station type is SCS, it will be a safety communication and thus thefollowing items must be defined.

• Reception Timeout (Reception interval timeout value):

• Transmission Timeout (Transmission delay timeout value):

• Pre-Alarm (Pre-alarm setting value):

OUTTDLYTPALT

SEEALSO For more information about important points when configuring OUTT, DLYT, and PALT, refer to:

“ Precaution for Engineering” in 2.9, “SCS Link Transmission” in Engineering Guide (IM32Q01C10-31E)

l OUTT (reception interval timeout value) settingReception interval is an interval between data received by an SCS. If normal data is not re-ceived within the reception interval timeout value (OUTT), it is regarded as a communicationerror. This value can be set between 3 and 30 seconds.

l Inter-SCS transmission delay time and reception intervalInter-SCS transmission delay time is the elapsed time after the sending side SCS transmitsthe data until the receiving side SCS receives the data. If the inter-SCS transmission delaytime is outside the normal range, the received communication frame is ignored.The transmission delay time is affected not only by the delay in the communication path butalso by the difference in scan period settings of the SCS application logic execution functionat the sending side and receiving side.

Sendingside SCS

Receivingside SCS

Inter-SCS transmission delay time

Reception intervalTime

Figure A6.1-2 Inter-SCS transmission delay time and reception interval

l DLYT (transmission delay timeout value) and PALT (pre-alarm settingvalue) settings

• DLYTSet an appropriate value for DLYT (transmission delay timeout value). The normal rangeof inter-SCS transmission delay time is as follows:DLYT ≥ Inter-SCS transmission delay timeDLYT can be set to 0 seconds or between 3 and 30 seconds. When DLYT is set to 0, theinter-SCS transmission delay check is disabled.If the state where the occurrence of delay outside the normal range continues longer thanthe time which is specified as OUTT, it is regarded as a communication error.

• PALT



By using PALT, application logic can be notified of the generation of transmission delaythrough SYS_LTSTS before the inter-SCS transmission delay time reaches DLYT. Diag-nostic information message is not generated.PALT can be set to 0 seconds or between 3 and 29 seconds. When PALT is set to 0, apre-alarm is not generated.Set the values so that PALT is smaller than DLYT, unless DLYT is set to 0.

• Relationship between DLYT and PALTPALT check is performed unless PALT is set to 0. Pre-alarms are checked even if DLYT isset to 0.

IMPORTANTIf both PALT and DLYT are set to 0, the receive data of SCS link transmission cannot be usedfor safety purposes.

SEEALSO For more information about DLYT calculation method when the SCS system program release number is

R2.03.51 on the send or receive side in the SCS link transmission, refer to:

“ Specification Changes Made in SCS System Program Release Number R2.03.51” in Appendix 4.8.2,“Compatibility with Earlier Revisions” in Installation (IM 32Q01C50-31E)

l Wiring of receive dataTo use the receive data of SCS link transmission in application logic, define an input FB ac-cording to the station type, and then perform wiring definition of data for each receiving sidestation in SCS Link Transmission Builder.During wiring definition, the input value at error occurrence should also be defined.

IMPORTANTIf wiring of the receive data from a nonexistent station is defined, the data status will alwaysbe BAD and the data value will be the input value at error occurrence.



A6.2 Actions taken for SCS link transmissionwhen SCS is unsteady

This section explains the actions taken for SCS link transmission safety communication whenthe SCS is unsteady, as well as the operation at a SCS link transmission error occurrence.

SEEALSO For more information about actions taken for SCS global switch communication when the SCS is unsteady,

refer to:

D6., “SCS global switch communication” on page D6-1

n SCS link transmission safety communication during SCS startupDuring SCS startup, SCS link transmission safety communication is processed in the follow-ing manner.

l Start of receptionWhen the SCS is started, reception of SCS link transmission starts.

l Start of sending and status of dataEven when the SCS is started, if the output enable operation is not performed, SCS link trans-mission data will not be sent. In this case, logical data of the receiving side link transmissiondata area will be the input value at error occurrence specified in [Input Processing at Fault]item of Data Wiring Definition in SCS Link Transmission builder (FALSE if specified asHOLD). The data status will be BAD.When the output enable operation is performed at the sending side SCS, sending of datastarts and logical data of the receiving side SCS's link transmission data area will be the valuesent by the sending side SCS, and the data status will be GOOD.

Case where the sending side SCS is in the Output Enable status

Case where the sending side SCS is not started yet

Data value: Received data valueData status: GOOD

Data value: Received data valueData status: GOOD

Data value: Input value at error occurrenceData status: BAD

SCS startup(local station)

Sending sideSCS startup

Sending side SCSoutput enable operation

Figure A6.2-1 SCS link transmission safety communication receive data during SCS startup

TIP After the output enable operation is performed, sending of SCS link transmission will not be placed in the Out-put Disable status until the SCS is stopped.

l Notification of errors and recovery during SCS startupDuring the SCS startup, errors related to SCS Link Transmission are handled as follows:• During the SCS startup, no diagnostic information message on SCS Link Transmission

errors will be sent. After the error status during the startup turns to normal, diagnostic in-formation message on errors will be sent at the error occurrence.

• No diagnostic information message notifying recovery from errors of SCS Link Transmis-sion that occurred during the SCS startup will be sent.

<A6.2 Actions taken for SCS link transmission when SCS is unsteady > A6-6


n Diagnosis of SCS link transmission safety communicationDuring inter-SCS link transmission safety communication, the following diagnoses are per-formed.• The receiving side SCS checks if correct data is received within the reception interval

timeout value (OUTT). If a timeout occurs, it is judged that a communication error has oc-curred. Until then, the last normal value is retained.

• In addition to the setting data, the sending side SCS appends data to guarantee commu-nication quality and sends the data to the communicating SCS. The receiving side SCSperforms various verifications to confirm validity of data sent by the sending side SCS. Ifthe result of verification indicates abnormality, it is judged that a communication error hasoccurred.

n Processing upon SCS link transmission safety communication errorWhen the result of SCS link transmission safety communication diagnoses indicates an error,the following processing takes place.

l Receive data/data status• Logical data of the link transmission data area received will be set according to the speci-

fied input value at error occurrence defined in the Data Wiring definition of SCS LinkTransmission Builder.

• The data status will be BAD.

The data and data status above are output from the LTRCV function block.

l Notification of communication errorA diagnostic information message indicating "Diagnostic Error" will be sent from each receiv-ing station where a communication error has occurred. However, no diagnostic informationmessage notifying errors related to SCS Link Transmission will be sent during the SCS start-up.



n Processing upon recovery from SCS link transmission safetycommunication error

After the cause of communication error is removed and receive data from the SCS becomesnormal, the error condition recovers automatically. If latching the data at communication erroris necessary, write the data latching logic in application logic.

l Receive data/data status• Logical data of the link transmission data area received will be the value sent by the

sending side SCS.

• The data status will be GOOD.

The data and data status above are output from the LTRCV function block.



l Notification of recovery from communication errorA diagnostic information message indicating "Recovery from Diagnostic Error" will be sentfrom each receiving station where a communication error has been recovered. However, nodiagnostic information message related to SCS Link Transmission notifying the recovery fromthe errors that occurred during the SCS startup will be sent.



n Operations of SCS link transmission safety communication upontime synchronization error

For SCS link transmission safety communication, a time synchronization error may cause thetransmission delay timeout at the receiving side SCS.

l Supplemental explanation on transmission delay timeout value (DLYT)The transmission delay error of the SCS link transmission safety communication needs to bedetected.A temporary transmission delay error can be detected by monitoring the reception intervaltimeout (OUTT). A permanent transmission delay error can be detected with DLYT.

n SCS link transmission during switching of CPU control rightSwitching the control right of a dual-redundant CPU module does not affect the receive data.

n SCS link transmission during error at one side of control busAn occurrence of error at one side of control bus does not affect the receive data.



A6.3 Forcing of SCS link transmission dataForcing of SCS link transmission data can be performed from the SCS Link TransmissionLock window of the SENG. The forcing function does not distinguish the SCS link transmis-sion safety communication and SCS global switch communication.Forcing of SCS link transmission data can be performed when the SCS security level is 1 orlower.

TIP Forcing of SCS link transmission data can be performed only from the SCS Link Transmission Lock window.Forcing (lock operation, viewing lock status, setting values) cannot be performed by selecting link transmis-sion-related function blocks in Dictionary View.

SEEALSO For more information about SCS link transmission lock window, refer to:

2.2, “SCS Link Transmission Lock Window” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

n Function configuration of SCS link transmission data locking/unlocking

The relationship between data configuration, lock/unlock operation, and output enable opera-tion regarding SCS link transmission data within an SCS is shown below.

SCS link transmission data management

Input FB Output FBLogic

Output Enabled/Disabled status

Locked status Locked status

Physical data area

Logical data area

Physical data area

Logical data area

Receive/Send buffer

Application logic execution function

SCS

Figure A6.3-1 SCS link transmission data locking/unlocking

• SCS link transmission data has logical data and physical data, like I/O variables. Thesedata can be referenced from the SCS Link Transmission Lock window.

• If the SCS link transmission is locked, logical data of the receive data and physical dataof the send data can be set to any value from the SCS Link Transmission Lock window.

n Locking SCS link transmission data• It is possible to lock link transmission data of each station individually.

• When the local station is selected and locked, the send data will be locked. None of theoutput FB data values will be set to the physical data. The SCS sends the current valueof physical data to other stations.

• If a receiving station is selected and locked, data from the applicable station (data valueand data status) will be set only to the physical data but not to the logical data.

<A6.3 Forcing of SCS link transmission data > A6-9


Receivedata buffer

Senddata buffer

Physical dataData value

Physical dataData value

Data status

Logical dataData value

Logical dataData value

Data status

Locked status

Locked status

InputFB

OutputFB

Logic

Value setting

Value setting

Figure A6.3-2 Forcing of SCS link transmission data

n SCS link transmission data value setting• Setting the value of locked data can be performed for each data item.

• Value setting is possible only for data whose wiring to the SCS link transmission functionblock is defined.

• A data status can be set for the receive data. However, this will be common for all data ofthe receiving station. The status cannot be changed for individual data item setting.

TIP In the Output Disable status, data will not be sent even when the send data is locked and the data value isset. If the output enable operation is performed in the locked status, the set data will be sent.

n Management of SCS link transmission lock status• The SCS link transmission function manages not the number of locked data items, but

the number of stations set by the local SCS as targets of link transmission lock.

• When the receive data from a target station is locked, it will be counted in the number oflocked stations regardless of whether it is SCS or FCS.

• If the link transmission receive definition of a data from locked receiving station ischanged from [Yes] to [No] in SCS Link Transmission Builder and downloaded to theSCS, the number of locked stations is decremented.

• The number of SCS link transmission lock target stations is displayed in the SCS opera-tion status display of SCS maintenance support tool and HIS. It can also be referencedwith application logic using a system function block.

l System function block that manages locked status of SCS linktransmission

• Using the system function block (SYS_FORCE_LT) in an application logic allows you tounlock all SCS link transmission data as well as to monitor elapsed time of locked status.

• The locked status of SCS link transmission data is managed separately from locked in-put/output modules or variables. Locking the SCS link transmission data does not affectthe SYS_FORCE or SYS_FORCE_SC system function blocks.

SEEALSO For more information about SYS_FORCE_LT, refer to:

C10.3, “SYS_FORCE_LT (SCS link transmission lock status monitor)” on page C10-5



l Locked status notification by diagnostic information messagesThe SCS link transmission function sends a diagnostic information message with lock/unlockoperation. Checking the diagnostic information message allows you to see which station's da-ta has been locked/unlocked.

SEEALSO For more information about diagnostic information messages relating to the locking/unlocking of SCS link

transmission, refer to:



n Using forcing during SCS maintenanceWhen the SCS link transmission send data is affected by online change of the application,lock the local station before performing the online change download operation. This can pre-vent generation of false trips at the receiving side station. When the online change downloadis complete, confirm that the data to be sent is valid in the SCS Link Transmission Lock win-dow, and then unlock the station.

Lock the sending side

Change application logic

SCS0101

Ready

SCS0102

Ready

SCS0103

Ready

Figure A6.3-3 Locking SCS link transmission during online change



A7. SOERSOER (Sequence of Events Recorder) is a function for recording events detected by an SCSso that they can be used in analyses. In ProSafe-RS, it can be used in such a way that userscan analyze causes of events based on event information obtained before/after tripping.This chapter explains SCS functions related to the SOER function. Refer to related explana-tions for engineering tasks of SOER, SOE Viewer and the host interfaces.

SEEALSO For more information about important points when building an SOER, refer to:

2.14, “Configuration of the SOER” in Engineering Guide (IM 32Q01C10-31E)

For more information about SOER Engineering , refer to:

7., “SOER Collection Definition” in Engineering Reference (IM 32Q04B10-31E)

For more information about SOE viewer, refer to:

4., “SOE Viewer” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

For more information about hose interface, refer to:

A1., “Overview of SOE OPC Interface” in Open Interfaces (IM 32Q05B10-31E)

<A7. SOER > A7-1


A7.1 Overview of SOERWith a SOER, changes in analog inputs/outputs, discrete inputs/outputs and application logicscan be collected/saved as event information. Collected event information is displayed in theSOE Viewer. Moreover, a function to synchronize to the standard time is provided in order tomaintain the accuracy of the time stamps attached to the events.

n ProSafe-RS SOER

l ConfigurationThe SOER function of ProSafe-RS can be used for a minimum system configuration, i.e., oneSENG and one SCS.

l Event collection• The SOER function of ProSafe-RS can collect changes of not only discrete inputs (DI) but

also discrete outputs (DO) as event information.

• Analog input values can also be collected as event information.

• By creating FBs for SOER, changes of analog output values and application logics canbe collected as event information. By doing so, changes of communication data with oth-er SCSs can also be recorded.

l Event saving• You do not need to prepare a dedicated PC for saving events or keep the power supply to

an SENG on at all times, because event information is saved in the SCS.

• The maximum number of event information records that can be saved in an SCS is15000. You can be sure that users are successfully notified of particularly important eventinformation, i.e., records acquired before and after a trip signal was generated, by sepa-rating the storage location.

l Selection of time synchronization methodThe time synchronization function maintains the accuracy of time stamps attached to recor-ded events. SCSs connected to the V net can select either method: the method by which ex-ternal standard time is acquired through the IRIG-B interface, or the method by which theSCS is synchronized with the system's V net time. The default setting is to use the V net time.SCSs connected to the Vnet/IP can only use synchronization with Vnet/IP time, where SCSsare synchronized with the Vnet/IP time regardless of whether an SNTP server is installed.

l GPS receiver (optional)In SCS stations that are connected to V net, you can obtain the standard time via GPS. Youcan import time information in IRIG-B format into an SCS station using a GPS receiver (soldseparately). This time synchronization method is optional and therefore not mandatory.

l SOE Viewer• Event information saved in an SCS can be read by the SOE Viewer function in an SENG

via the control bus.

• SOE Viewer allows filtering the event information so that only the information the userwants to see is shown.

• SOE Viewer can display diagnostic information messages as well.

<A7.1 Overview of SOER > A7-2


n Relationship among the SOER functionsThe following figure illustrates a structure of functions related to SOER.

SCS

CPU Module

SENG

Control bus

Time synchronization function

Event collection function

Event collection function

DI module

Event display function

Download Time setting

Upload

Event storage function

SOER definition function

Download

Figure A7.1-1 Relationship between SCS and SENG

The user defines items related to SOER on an SENG. The defined information is downloadedto the CPU of an SCS as well as to discrete input modules in the system. The event informa-tion collected/saved in the SCS is uploaded to SOE Viewer in the SENG or HIS.With SCSs connected to the V net, IRIG-B time synchronization can be selected.With SCSs connected to the Vnet/IP, time synchronization is implemented based on theVnet/IP time.

<A7.1 Overview of SOER > A7-3


A7.2 Event collectionAn SCS allows saving specified discrete inputs, discrete outputs and variable data of applica-tion logics as event information.

n Event targetsAn SCS can save the following data as event information by user specification.Events related to discrete inputs (DI) are collected by the input modules; other events are col-lected by the CPU.

l Events of discrete inputs (DI)• Discrete input modules detect changes in the input signals input to each channel (FALSE

to TRUE or TRUE to FALSE) and collect events.

• Users can specify whether or not to collect SOE event information for each channel.

• If discrete input modules are placed in redundant configuration, the active module collectsevents.

• The comment text attached to the variable corresponding to each DI channel is added tothe event. The text can contain a character string of up to 32 single-byte characters, or 16double-byte characters. The user needs to define the variables corresponding to the con-tact inputs on the Workbench Dictionary View as the comments so as to identify thewhereabouts of the occurred events.

l Events of discrete outputs (DO)• The CPU detects changes in the output value set to a discrete output module and collects

events.

• Users can specify whether or not to collect SOE event information for each channel.

• If the output channel is abnormal (data status is BAD), the events will not be gathered.

• Each event is attached with a comment text assigned as a variable to the contact output(a character string of up to 32 single-byte characters or 16 double-byte characters). Theuser needs to define the variables corresponding to the contact outputs on the Work-bench Dictionary View as the comments so as to identify the events.

l Events of analog inputs (AI)• The ANLG_S function block outputs alarms by judging analog input values, and it is able

to collect events by making appropriate application. It performs magnitude correlationcomparison of set values and analog output values (OUT) and collects events by using achange in OUT as a trigger.

• Events are collected when the SOER input terminal is set to TRUE.

• At event collection, a character string set to the ID input (a character string of up to 32single-byte characters or 16 double-byte characters) is stored along with the event data.

<A7.2 Event collection > A7-4


IN SH SL HH PH PL LL HYS TRDT PADT SOER ID

ANLG_S

OUT

NHTR STS

NHHH NLLL NLTR

Figure A7.2-1 ANLG_S function block

An ANLG_S function block collects events when the following outputs change their statusfrom FALSE to TRUE, or from TRUE to FALSE:• NHTR (HI trip flag)

• NHHH (HI pre-alarm flag)

• NLLL (LO pre-alarm flag)

• NLTR (LO trip flag)

When the event occurred can be checked in the ID field of the SOE Viewer.

Table A7.2-1 ANLG_S event IDsID in SOE Viewer Event generation timing

EVT_TRUE When an alarm recovered (when output status change from FALSE toTRUE).

EVT_FALSE When an alarm generated (when output status change from TRUE toFALSE).

l Events of application logic variablesAn SCS collects values of internal variables defined in an application logic as events by con-necting them to function blocks dedicated to the SOER function. Variables of the BOOL, inte-ger or real number types can be collected. At event collection, a character string specified inthe ID input (a character string of up to 32 single-byte characters) is stored along with theevent data.Use SOE_R to collect analog output events. In IN, enter an output variable. In TRIG, enter asignal that specifies the event collection timing.The following function blocks are dedicated to the SOER function. Note that events from func-tion blocks are treated as trip signals if TRIP_OFF or TRIP_ON is specified for TRP.• SOE_B (BOOL type) function block

SOE_B is a function block used to collect BOOL-type data as events. It collects events ifthere is a difference between the input value (IN) and the previous value at the executiontiming of the function block. The default value of the previous value is 0.



SOE_B

IN

ID

TRP

Figure A7.2-2 SOE_B function block

• SOE_I (integer type) function blockSOE_I is a function block used to collect integer-type data as events. It collects events ifthe value of TRIG, an input terminal, changes at the execution timing of the functionblock.

SOE_I

IN

TRIG

ID

TRP

Figure A7.2-3 SOE_I function block

• SOE_R (real number type) function blockSOE_R is a function block used to collect real number-type data as events. It collectsevents if the value of TRIG, an input terminal, changes at the execution timing of thefunction block.

SOE_R

IN

TRIG

TRP

ID

Figure A7.2-4 SOE_R function block

When the event occurred can be checked in the ID field of the SOE Viewer.

Table A7.2-2 Event IDs of dedicated SOE function blocksFB type ID in SOE Viewer Event generation timing

SOE_B EVT_TRUE When the status of IN input changed from FALSE to TRUE.

EVT_FALSE When the status of IN input changed from TRUE to FALSE.

SOE_ISOE_R

EVT_TRUE When the status of TRIG input changed from FALSE to TRUE.

EVT_FALSE When the status of TRIG input changed from TRUE to FALSE.

n Event timeEvent information records include a time stamp indicating when the event occurred. Theevent generation time varies depending on the event type (object).



Table A7.2-3 Event timeObject Time information of event

Discrete input (DI) The current time of a discrete input (DI) module at event generation is recorded.

Discrete output (DO) The current SCS time is stamped to the signal right before outputting it through theoutput module.

Variable The current time of the SCS right before the execution timing of a function block isrecorded.

l Recording of occurrence times of DI module-related eventsAfter an occurrence of channel failure, such as open or short circuit, if you check the SOEViewer to view a diagnostic information message, you will find that the channel error is dis-played after the ON/OFF event of the applicable channel. This means that the time of eventoccurrence does not match the time of the message. This is because the event and the mes-sage are generated by different modules: the DI module generates events and the CPU mod-ule generates diagnostic information messages.When an event occurs, event information is generated based on the DI module time at theoccurrence. On the other hand, diagnostic information messages for channel errors, etc., aregenerated during I/O refresh processing of the CPU module based on the error informationreceived from the DI module, in accordance with the time information acquired at the start ofeach scan period.



A7.3 Event storageEvent information is stored in the SOER event information storage memory of an SCS. Thereare two types of files in which event information can be stored: an event log file and trip signalfiles. An event log file stores the latest event information. In the trip signal file, events beforeand after each trip signal are saved.

n Saving event data• An SCS saves event data using two types of files: an event log file, which stores event

information in the order of data collection, and trip signal files, which store events gener-ated before and after the trip signal specified by the user. There are two trip signal files.

• Event information saved in an SCS is not deleted when read by an SENG and HIS. It isthus possible to reference the information from multiple SOE Viewers.

n Flow of event storageThe figure below illustrates the flow according to which event information is stored in an SCS.

Application logic CPU

DI event temporary

storage memory

SOER event information

storage memory

SOE Viewer

Event log file

Trip signal file Trip signal definition

Events of DO and variables

DI module

Event of DI

Figure A7.3-1 Flow of data in event information storage

Since event information from a discrete input (DI) module is automatically stored in the DIevent temporary storage memory of the CPU, both the DI event in this memory and event in-formation collected in the application logic are stored in the SOER event information storagememory.

n Specification of event log files• An event log file stores the latest event information and one event log file is saved per

SCS.

• Up to 15,000 events can be saved in the event log file.

• If the number of events saved exceeds the maximum number, events are deleted andoverwritten by new events from the oldest one.

<A7.3 Event storage > A7-8


• Whenever an SCS has saved 12,000 events in the event log file, it sends a diagnosticinformation message to prompt the user to upload to the SENG.

n Trip signal• Trip signals are particularly important events in the plant. Since they are key events when

engineers attempt to analyze the causes of tripping, they must be securely stored in theSCS together with the events generated before and after them.

• Either ON edge or OFF edge can be specified as the trip signal. However, both edgescan be specified as ignored.

• Users can specify trip signals in input/output definitions or in function blocks for SOE.There is no restriction on the number of trip signals that can be specified, but it is neces-sary to examine trip signal settings thoroughly in order to record useful event information.

n Specification of trip signal filesTrip signal files store events generated before and after a trip signal specified by the user.• An SCS stores events generated before and after the trip signal in a trip signal file.

• A trip signal file stores 1,500 events in total: the last 500 events generated before trippingincluding the trip signal and the 1,000 events generated after tripping.

• Up to two trip signal files can be stored in an SCS. No more trip signal files are savedeven if more trip signals are generated. If two trips occur in a short period of time, thedata in the two trip signal files may overlap.

• If less than 500 events are collected prior a trip event occurs, the number of the eventsbefore the trip event will be less than 500.

• If the number of events is less than 1000 after 30 minutes has passed since the trip eventoccurred, the file will be closed anyway with less events.

• An SCS sends a diagnostic information message when saving of a trip signal file is com-pleted.

• Trip signal files are not automatically initialized by the system. These files can be initial-ized only via operation from the SENG.

SEEALSO For more information about initialization of trip signal files, refer to:

3.4.5, “Initialization of Tripping Information” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

l Initialization of trip signal filesTrip signal files can be initialized only via initialization operation from the SENG. After youhave uploaded events from the SOE Viewer on the SENG, initialize the trip signal files usingthe Message Cache Tool of the SENG.• Up to two trip signal files can be initialized with a single operation.

• Initialization operation is also valid while events are being stored.

<A7.3 Event storage > A7-9


A7.4 Management of event information whenSCS is unsteady

This section explains the management of event information in the following cases of unsteadi-ness.• A power failure occurs in the SCS

• During startup of the SCS

• I/O variables are locked

If a power failure occurs in an SCS, event information is saved in a memory backed up by abattery. The SCS restores the event information at startup; it is thus possible to check theevent information before the SCS was stopped.

n Protection of event information at power failureUnder normal circumstances, event information is stored in the main memory of an SCS. If apower failure occurs in the CPU, the data saved in the main memory is lost. Therefore, theSCS saves the most recent events recorded immediately before the power failure to a differ-ent memory backed up by a battery. Although all the events cannot be protected, it is possibleto analyze events that occurred immediately before the power failure by protecting them inthis way.

Table A7.4-1 Protection of event information at power failureFile type Specifications at power failure occurrence (*1)

Event log file The most recent 1000 events recorded immediately before the power failure areprotected.

Trip signal file Upon completion of collection, the trip signal files are saved to a memory backedup by a battery (up to 1500 events x 2 files). If the files have been fully saved priorto the power failure, all events are safe. If the power failure occurred before thefiles are fully saved, the events are lost. (*2)

*1: The same operations apply to offline download.*2: If the most recent events are not saved, refer to the event log file.

n SCS startup operationAn SCS restores the event information that was saved before it was stopped when it starts upat restarting or after offline download.

n Lock status by the forcing functionIf I/O variables are locked by the forcing function, event collection is performed in the follow-ing ways when the values of the I/O variables change.

Table A7.4-2 Event collection operation in the locked statusObject Event collection operation

Discrete input (DI) Since events are collected by a discrete input module, events are collected basedon the actual values input to the module regardless of the lock status. Events arenot collected if the value of the discrete input is changed by the forcing function.

Discrete output (DO)(*1)Analog input (AI)

Since events are collected by an application logic, events are collected with thechanged value if the values of I/O variables are changed by the forcing function.

*1: In order to collect events, it is necessary that the DO modules are operating normally and the data status of the output chan-nels are GOOD.

<A7.4 Management of event information when SCS is unsteady > A7-10


SEEALSO For more information about SOE event collection when switching module control rights, refer to:

B7.1, “Redundant configuration in SCS” on page B7-2

<A7.4 Management of event information when SCS is unsteady > A7-11


A8. ForcingForcing is used in the maintenance of SCSs and debugging of applications. Specifically, auser interface is provided that can be used to lock I/O modules, variables and FB parameters,and set desired values. Forcing can be used when the SCS security is Level 1 or below.This chapter explains forcing of variables, parameters of function blocks, and inter-SCS safetycommunication as well as applications of forcing.

SEEALSO For more information about important engineering considerations regarding forcing, refer to:

7.2.1, “Utilizing Forcing and Override Function During Maintenance” in Engineering Guide (IM32Q01C10-31E)

For more information about forcing operations, refer to:

2., “Forcing Function” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

For more information about forcing of subsystem communication data, refer to:

B1.5, “Forcing of subsystem communication data” in Open Interfaces (IM 32Q05B10-31E)

For more information about forcing of SCS link transmission data, refer to:

A6.3, “Forcing of SCS link transmission data” on page A6-9

<A8. Forcing > A8-1


A8.1 Variable lockingIt is possible to fix (lock) values of I/O variables and internal variables of the application logicto constant values, regardless of the input values from the actual input devices and applica-tion operation results.This section describes the behavior of the input variables, the output variables and the inter-nal variables when they are locked, as well as the behavior of the system function blocks dur-ing locking.

n Overview of variable lockingAll variables of the application logic have two values: a value written from the input side and avalue read from the output side. Normally, the value on the output side is constantly overwrit-ten with the value on the input side during the execution of the application logic. For this rea-son, the value written to the variable and the value read from the variable match each other.The locking function is a function to stop overwriting values on the output side with values onthe input side. As a result, the values maintained on the output side are used regardless ofthe values from the input side.

Value on the input side

Value on the output side

Variable

Locked status

Value on the input side

Value on the output side

Variable

Unlocked status

Figure A8.1-1 Overview of the locking function

In the case of an input variable, the value on the input side is the input from the input channeland is called physical data. The value of an input variable on the output side is read by theapplication logic and is called logical data.An input variable consists of input data and data status.In the case of an output variable, the value of the input side is the result of application logicprocessing and is called logical data.The value of the output side of an output variable is the output to the output channel and iscalled physical data. An output variable also consists of output data and data status, in thesame way as an input variable.

WARNING• When unlocking I/O variables, make sure to check the logical data and physical data of

input/output data and data status. Check that there will be no adverse effects of unlockingon the system, such as a value changing abruptly after canceling the lock, causing nui-sance tripping.

• While the forcing function is executed, the system's safety functions are disabled. If youuse the forcing function for the purpose of maintenance after starting the actual operation,quit the forcing function immediately after the completion of system maintenance and en-able the system's safety functions so that they operate normally. At the completion of atarget test or when quitting SCS Manager during a target test, a dialog box appears tocall attention to locked variables. In this case, display a list of the locked variables usingthe I/O Lock window or other means and cancel the lock status of these variables.

<A8.1 Variable locking > A8-2


n Locking input variablesIf an input variable is locked, the value of the input variable will no longer be overwritten withthe value input from the input channel. The input data and data status from the input channeland those from the input variable are separated.

Physical data

Input data

Data status

Logical data

Input data

Data status

Input data

Data status

Input variable

Input channel

Input module

Figure A8.1-2 Locking input variables

If an input variable is locked, its logical data will no longer be overwritten with the value of thephysical data. The value of the logical data matches the value of the physical data at the timeof locking for both the input data and data status. The locked variable values can be changedafter the lock operation.

SEEALSO For more information about variable value setting, refer to:

A8.2, “Variable value setting” on page A8-7

l Unlocking input variablesWhen the lock status of an input variable is canceled, the logical data will be overwritten withthe value of the physical data again. Since input data values used by the application logicmay change abruptly or the data status may change, caution is required not to adversely influ-ence the operation of the application. For this reason, before canceling a lock, make sure tocheck that input data and data status match for physical data and logical data; if they are dif-ferent, make sure that there will be no adverse effect on the application when unlocking.

l Operations at input channel errorsWhile an input variable is locked, the data status of the input channel is disconnected. For thisreason, even if an error occurs in the channel, the error cannot be detected by observing thedata status of the input variable. Note that a diagnostic information message is notified at fail-ure of the channel as well as its recovery from an error, regardless of whether or not the inputchannel is locked.

l Notification of operation result via diagnostic information messagesIf an input variable is locked or unlocked, the operation performed and the results of the oper-ation are notified as a diagnostic information message.

SEEALSO For more information about checking diagnostic information messages, refer to:

3.2, “Displaying SCS Diagnostic Information” in Utilities and Maintenance Reference (IM32Q04B20-31E)



n Locking output variablesIf an output variable is locked, the value of the output variable will no longer be overwrittenwith the value set by the application logic. The output channel and application logic are dis-connected.For output variables, the data status flows in the opposite direction of the output data.

Physical data

Output data

Data status

Logical data

Output data

Data status

Output data

Data status

Output variable O

utput channel

Output m

odule

Figure A8.1-3 Locking output variables

If an output variable is locked, its values are fixed as follows.• As for the output data, its physical data will no longer be overwritten with the value of the

logical data. The value of the physical data matches the value of the logical data at thetime of locking.

• As for the data status, the logical data status will no longer be overwritten with the valueof the physical data status. The value of the logical data status matches the value of thephysical data status at the time of locking.

l Unlocking output variablesWhen the lock status of an output variable is canceled, the physical data will be overwrittenwith the value of the logical data again for the output data, and the logical data status will beoverwritten with the value of the physical data status again. When the lock status is canceled,the output data values overwritten with the application logic may change or the data statusused in the application logic may change. Thus, caution is required not to adversely influencethe output to the field and the operation of the application. For this reason, before releasing alock, make sure that the output data and data status of the physical data and logical data areconsistent; if they are not, make sure that there will be no inadvertent affect to the applicationswhen releasing the lock.

l Operations at output channel errorsWhile an output variable is locked, the data status of the output channel is disconnected. Forthis reason, even if an error occurs in the channel, the error cannot be detected by observingthe data status of the output variable. Note that a diagnostic information message is notifiedat the time of failure of the channel as well as its recovery from an error, regardless of wheth-er or not the output channel is locked.

l Notification of operation result via diagnostic information messagesIf an output variable is locked or unlocked, the operation performed and the results of the op-eration are notified as a diagnostic information message.





n Locking internal variablesIf an internal variable is locked, it will no longer be overwritten by an input value or an applica-tion. If an array used in a ST (Structured Text) statement is locked, all the elements of the ar-ray will be locked.In the case of SCSP2, internal variables can be locked only when [Yes] is set for [ExtendScan Period Automatically] and [Enable] is set to [locking of internal variables] on the SCSConstants Builder. Note that if any internal variable is locked, the processing time of the appli-cation logic becomes longer.In the case of internal variables, the value on the input side is called physical data and thevalue on the output side is called logical data.

Physical data Logical data Data

Internal variable

Figure A8.1-4 Locking internal variables

If an internal variable is locked, its logical data will no longer be overwritten with the value ofthe physical data. The value obtained by reading the internal variable is fixed with the value oflogical data. The value of the logical data matches the value of the physical data when locked.

SEEALSO For more information about locking internal variables in the SCSP2 and SCS performance, refer to:

“ Locking of Internal Variables and Performance: SCSP2” in 2.7, “Performance and Scan Period inSCS” in Engineering Guide (IM 32Q01C10-31E)

l Unlocking internal variablesWhen the lock status of an internal variable is canceled, the logical data will be overwrittenwith the value of the physical data again. For an array, all the elements of the array will beunlocked. Since the data value overwritten with the application logic may change, caution isrequired not to adversely influence the operation of the application. For this reason, beforecanceling a lock, make sure to check that the data match for physical data and logical data; ifthey are different, make sure that there will be no adverse effect on the application when un-locking.

l Notification of operation result via diagnostic information messagesIf an internal variable is locked or unlocked, the operation performed and the results of theoperation are notified as a diagnostic information message.



n Operations of system function blocks during lockingSystem function blocks are divided into two types: those to which the actual status is notifiedregardless of the lock status of a variable, and those to which no module and channel errorsare notified while a variable is locked.• Function blocks to which the actual status is notified regardless of the lock status

SYS_IOMDSP, SYS_DIAG, SYS_ALRDSP, SYS_OUTEN, SYS_ESBINF, SYS_NO-DEINF

• Function blocks to which no module and channel errors are notified during locking



SYS_IOALLST, SYS_NODEST, SYS_OUTST, SYS_OUTST16, SYS_INST, SYS_CHST,SCI_B, SCI_I, SCI_R, SCO_B, SCO_I, SCO_R



A8.2 Variable value settingIt is possible to set values for I/O variables and internal variables while they are locked. For alocked array, user can set values to the variables for each array element one by one. Valuesof variables can be set in the I/O Lock window, Multi-Language Editor and Dictionary View.If a value is set for a variable while it is locked, the value is fixed to the set value. Whenchanging a value for a variable while it is not locked, error will occur and the value cannot bechanged. However, when the SCS security level is Level 0, the internal variable and functionblock parameter values can be set and locking is not necessary.This section describes operations performed when a value is set for each type of variables,namely, input variable, output variable and internal variable.

n Setting values for input variablesIn the case of input variables, the variable setting function sets the values of both input dataand data status to the corresponding values of the logical data.

Physical data

Input data

Data status

Logical data

Variable value setting

Input data

Data status

Input data

Data status

Input variable

Locked status

x

a

y

b

Physical data

Input data

Data status

Logical data

Input data

Data status

Input data

Data status

Input variable

Unlocked status

x

a

x

a

y b

Variable value setting y b

Error

... ... ...

Input module

Figure A8.2-1 Setting values for input variables

• If a variable is lockedThe physical data is always updated with the value actually input from the input channel.The value of the logical data, on the other hand, is fixed to the set value because thephysical data and the logical data are disconnected. In the application logic, the valuefixed for the logical data is used, rather than the actual input value.

• If a variable is not lockedWhen changing the data status or data value, an error will occur and the value cannot bechanged.

<A8.2 Variable value setting > A8-7


n Setting values for output variablesIn the case of output variables, the variable setting function sets the value of the output datato the value of the physical data and the value of the data status to the logical data status.

Physical data

Output data

Data status

Logical data

Variable value setting Variable value setting

Output data

Data status

Output data

Data status

Output variable

Locked status

y

a

x

b

Physical data

Output data

Data status

Logical data

Output data

Data status

Output data

Data status

Output variable

Unlocked status

x

a

x

a

y b


b


y

...

... ...

Output m

odule Error Error

Figure A8.2-2 Setting values for output variables

• If a variable is lockedThe logical output data is always updated with the value calculated by the application log-ic. The value of the physical data, on the other hand, is fixed to the set value because thephysical data and the logical data are disconnected. The value fixed for the physical datais actually output to the output channel. Note that only values in a range of -17.19 to118.75 (%) can be set for output variables connected to AO modules. Any attempt to seta value outside this range generates an error.The physical data status is always updated with the value actually input from the outputchannel. The value of logical data status, on the other hand, is fixed to the set value be-cause the physical data and the logical data are disconnected. In the application logic,the value fixed for the logical data is used, rather than the actual input value.

• If a variable is not lockedWhen changing the data status or data value, an error will occur and the value cannot bechanged.

l Value setting operation upon output channel errorIf the case of an output channel error, the SCS locks the physical output data to the fail-safevalue and the output is placed in the Output Disable status. Therefore, even if you lock theoutput variable corresponding to the error channel and set a desired physical data value usingthe variable setting function, the set value will be automatically overwritten by the fail-safe val-ue.Once the output channel returns to normal, you can set a desired physical data value.



If the following settings are effective in the I/O Parameter Builder, however, you can lock theoutput variable corresponding to the error channel and set a desired physical data value:• DO module: [Output Value in Detecting Error] is set to [Hold].

• AO module: [Output Processing at Fault] is set to [Hold].

n Setting values for internal variablesIn the case of internal variables, the variable setting function sets a value for logical data.

Physical data x

x

y

y

x

Logical data



Internal variable

Locked status

Physical data Logical data

Internal variable

Unlocked status (Security Level 1)

y

Error

Figure A8.2-3 Setting values for internal variables

• If a variable is lockedThe physical data is always updated with the value written from application logic. The log-ical data, on the other hand, is fixed to the set value because the physical data and thelogical data are disconnected. The value set for the logical data can be obtained by read-ing the value of the variable.

• If a variable is not lockedWhen the SCS security level is Level 1, an attempt to set a value will result in an error,the value cannot be changed. While, if the SCS security level is Level 0, setting a valuewill not trigger any error. However, since the values of the internal variables in the logicare constantly overwritten by newer values, lock the variables before setting values.

n Notification of operation result via diagnostic information messagesIf a variable value is set, the operation performed and the results of the operation are notifiedas a diagnostic information message.





A8.3 Forcing function block parametersThe function block parameters can be forced for debugging the applications. The ranges canbe forced in the user-defined function block is different from the other function blocks (herein-after referred to as standard function blocks). Moreover, the range for the user-defined func-tion blocks varies depending on whether the instance name is assigned or not.

n Forcing user-defined function block parametersFor a user-defined function block, if the SCS security level is below Level 1 and the instanceparameters are locked, the data values can be changed.• On Multi-Language Editor, when a user-defined function block is selected and opened

from a program POU, the function block window can be displayed. On the window, anyselected parameter can be locked and the data value can be changed.

• The locks applied to the parameters, same as the I/O variables and the internal variables,cannot be released from the Multi-language Editor. However, the locks can be releasedfrom Dictionary View.

• In the program POU, if an instance in the user-defined function block is not assigned withan instance name, the parameter of the instance cannot be locked and the data valuecannot be changed either.

However, if the SCS security level is Level 0, the data value can be changed anyway regard-less if the parameter is locked or not.

n Forcing standard function block parametersWhen the SCS security level is Level 0, the function block parameters can be changed if theparameter is not locked.• Only the parameter values of the standard function blocks that the instances are as-

signed with instance names can be changed.

• The parameter values of the standard function blocks can be changed from DictionaryView, but cannot be changed from Multi-Language Editor.

Moreover, when the SCS security level is Level 1, the parameter values of the standard func-tion block cannot be changed. And the standard function block parameters cannot be lockedregardless security levels.

n Forcing scope and function block typeWhat parameters of different type of function blocks can be forced is shown in the table be-low:

Table A8.3-1 Forcing scope and function block type

Type

FB with Instance Name FB without Instance NameTarget/SCSsimulator Logic simulator Target/SCS

simulator Logic simulator

MLE(*1)

DIC(*2)

MLE(*1)

DIC(*2)

MLE(*1)

DIC(*2)

MLE(*1)

DIC(*2)

Basic data type Parameters of User-Defined FB (*3) (*4) (*3) (*4) (*5) (*6) (*7) (*6)

User-Defined Parameters of User-Defined FB in another user-definedFB (Local Parameters with DefinedNames)

(*3) (*4) (*3) (*4) (*5) (*6) (*7) (*6)


<A8.3 Forcing function block parameters > A8-10


Table A8.3-1 Forcing scope and function block type (Table continued)

Type

FB with Instance Name FB without Instance NameTarget/SCSsimulator Logic simulator Target/SCS

simulator Logic simulator

MLE(*1)

DIC(*2)

MLE(*1)

DIC(*2)

MLE(*1)

DIC(*2)

MLE(*1)

DIC(*2)

User-Defined Parameters of User-Defined FB in another user-definedFB (Local Parameters without De-fined Names)

(*5) (*6) (*7) (*6) (*5) (*6) (*7) (*6)

User-Defined Parameters of Stand-ard FB in another user-defined FB(Parameters with Defined Names)

(*6) (*5) (*6) (*7) (*6) (*6) (*6) (*6)

User-Defined Parameters of Stand-ard FB in another user-defined FB(Parameters without Defined Names)

(*6) (*6) (*6) (*6) (*6) (*6) (*6) (*6)

Parameters of Standard FB (*6) (*5) (*6) (*7) (*6) (*6) (*6) (*6)

*1: MLE: Multi-Language Editor*2: DIC: Dictionary View*3: Allowed to lock and set data but not unlock.*4: Allowed to lock, unlock and set data*5: Allowed to set data only when SCS Security level is Level 0.*6: Not allowed to lock, unlock and set data.*7: Allowed to set data only.

TIP When using a forcing function for a parameter without name or an instance without instance name, the varia-ble name column of the diagnostic information message will indicate its internal name assigned in the SCSManager.

<A8.3 Forcing function block parameters > A8-11


A8.4 Forcing of inter-SCS safetycommunication

It is possible to force inter-SCS safety communication data from the Inter-SCS Communica-tion Lock window of SENG. Inter-SCS safety communication data can be forced when theSCS security level is 1 or 0.

IMPORTANTForcing of inter-SCS safety communication data can be performed only from the Inter-SCSCommunication Lock Window. Do not perform forcing operations (lock operation, referencinglock status, value setting) on function blocks related to inter-SCS safety communication fromthe Dictionary View. Performing lock operation from the Dictionary View causes a communica-tion error.

SEEALSO For more information about the inter-SCS communication lock window, refer to:

2.3, “Inter-SCS Communication Lock Window” in Utilities and Maintenance Reference (IM32Q04B20-31E)

n Overview of forcing of inter-SCS safety communication data• Forcing of inter-SCS safety communication data can be performed only from the Inter-

SCS Communication Lock Window.

• It is possible to force outputs from function blocks on the producing side and the consum-ing side of inter-SCS safety communication.

• By locking the local SCS, all the data to be sent by the local SCS is locked at the sametime. It is not possible to lock specific receiving stations selectively.

• Data received by consumer inter-SCS safety communication function blocks of the localSCS can be locked collectively for the selected producing SCSs.

• Values can be set only for inter-SCS safety communication function blocks of locked sta-tions. Data values can be set for the producer function blocks. For the consumer functionblocks, data values and status can be set. Value settings can be performed for individualinter-SCS safety communication function blocks. In SCS simulation tests, it is possible toset values for multiple function blocks at the same time.

The overview of forcing of inter-SCS safety communication is shown below.

<A8.4 Forcing of inter-SCS safety communication > A8-12


Example: Function blocks on the producing side

Control bus

SENGSCS project of SCS0101

SCS0101

SCS0102

Application logic

Producing side function block

Lock

Logical data

Data value

LockSCS0101

Inter-SCS CommunicationLock Window

Consuming side function block Binding data

Physical data

Binding data

Inter-SCS safety communication

Application logic

Example: Function blocks on the consuming side

Control bus

SENGSCS project of SCS0102

SCS0102

SCS0101

Application logic

Consuming side function block

Lock

Logical data

Data value

LockSCS0101

Inter-SCS CommunicationLock Window

Producing side function block Binding data

Physical data

Data valueBinding data

Status Status

Inter-SCS safety communication

Application logic

Value s

etting

Value setting

Value setting

Data value

Figure A8.4-1 Overview of forcing of inter-SCS safety communication

n Locking and value setting on function blocks on the producing sideSelect and lock the local SCS in the Inter-SCS Communication Lock Window to lock all func-tion blocks on the producing side of the local SCS.

l Locking function blocks on the producing sideIf a function block on the producing side is locked, the value of the IN parameter is not writtento PD (Physical Data), but written only to LD (Logical Data). The OUT parameter outputs thePD value. Thus, the value before locking is output to the binding variable while the functionblock is locked.



PD

LD

IN OUT

Input values are written only to LD if the function block is locked.

The value stored in PD is set to the value of the binding variable.

DataSafety

information

Figure A8.4-2 Locking function blocks on the producing side

l Value setting on function blocks on the producing sideIf a value is written to a locked function block on the producing side from the Inter-SCS Com-munication Lock Window, the value of PD (Physical Data) of the function block on the produc-ing side is overwritten with the specified value and output from the OUT parameter, which isthen written to the binding variable. It is not possible to overwrite the data for guaranteeing thecommunication quality ("Safety information" in "Figure Locking Function Blocks on the Pro-ducing side") via value setting.When the value setting succeeds, the diagnostic information message (No. 4185) is output,and you can check the values before and after the change.

n Locking and value setting on function block on the consuming sideIf you select and lock the SCS sending to the local SCS from the Inter-SCS CommunicationLock Window, the consumer function blocks in the local SCS that correspond to the lockedSCS are locked.

l Locking function blocks on the consuming sideIf a function block on the consuming side is locked, the value of the IN parameter connectedto the binding variable is not written to LD (Logical Data), but written to PD (Physical Data).The OUT and NR parameters output the LD value. Thus, the value before locking is outputfrom the OUT and NR parameters while the function block is locked.

IN OUT

The values of OUT and NR are written only to PD if the function block is locked.

The value stored in LD is output to OUT and NR.

Error check processing

LD

PD

OUTNR

OUTNR

NR

DataSafety information

Figure A8.4-3 Locking function blocks on the consuming side

If a function block on the consuming side is locked, only the status of LD (Logical Data) ispassed to the application logic that is connected to the function block on the consuming side.For this reason, if an error occurs on the communication path while the function block islocked, it is not possible to detect the error with the application logic. Note that errors on the



communication path detected by the function block on the consuming side are notified via di-agnostic information messages even while the function block is locked. The error status isoutput correctly from CMER of the SYS_DIAG function block.

l Value setting on function blocks on the consuming sideIf a value is written to a locked function block on the consuming side from the Inter-SCS Com-munication Lock Window, the value of LD (Logical Data) of the function block on the consum-ing side is overwritten with the specified value and output from the OUT and NR parameters.When the value setting succeeds, the diagnostic information message (No. 4185) is output,and you can check the values before and after the change.



A8.5 Applications of the forcing functionThe forcing function is used in SCS maintenance and application debugging.In application debugging, the forcing function is used for the following purposes:• Setting the variable and the function block parameter values for debugging the applica-

tion logic

• Locking Input/Output Modules

• Locking Input/Output Channels for the Purpose of Wiring Tests

• Locking for the purpose of inter-SCS safety communication tests (producing or consum-ing sides)

In SCS maintenance, the forcing function is used for the following purposes:• Locking I/O variables for all channels of each input/output module if the required input/

output module is not available or the field wiring has not been completed

• Locking I/O variables for all channels of each AIO/DIO module when channels of theAIO/DIO module are faulty and the module has to be replaced

• Locking input/output modules to prevent nuisance tripping during online modification ofinput/output modules

• Locking input/output channels for maintenance

• Locking input/output channels to prevent nuisance tripping during online modification ofapplication logic

• Locking function blocks on the producing or consuming sides to prevent nuisance trippingdue to error occurrence in inter-SCS safety communication during online change down-load and offline download

The forcing function can be used in target tests, SCS simulation tests and logic simulationtests. However, the I/O Lock Window, SCS Link Transmission Lock Window and Communica-tion I/O Lock Window cannot be used for the logic simulation tests.

<A8.5 Applications of the forcing function > A8-16


A8.5.1 Application debuggingThe forcing function is used for the following purposes after creating an application, from thestart of debugging until the completion of all wirings.• Debugging the application logic

• Locking input/output modules

• Locking input/output channels for the purpose of wiring tests

• Locking function blocks on the producing or consuming sides for debugging inter-SCSsafety communication

n Debugging application logicIf you lock variables, you can change values such as input data and function block parameter.As a result, debugging application logic can be performed on different conditions.

n Locking input/output modulesVariables can be locked for all channels of each input/output module if the required input/output module is not available or the field wiring has not been completed, thereby preventingthe application logic from being influenced by input data and data status changes of input/output channels.It is also possible to lock all the variables of multiple input/output modules in one operation.

n Locking input/output channels for the purpose of wiring testsBy locking input variables, it is possible to conduct wiring tests on the input side (field wiring/device) without transmitting changes of values of the input channels and conditions on the in-put side to the logic side. The actual input values can be checked in the I/O Lock window.Similarly, by locking output variables, it is possible to conduct wiring tests on the output sidewithout transmitting changes of the values of the logic side to the output channels. In thiscase, the operation on the output side can be checked by changing the values of the lockedoutput variables.



Module not connected

Module not connected

internal variable

: Locked variables

internal variable (*4)

Logic Logic

Output m

odule O

utput module

Input module

Input module

*1: Disconnection of AIO/DIO module*2: Input field wiring test*3: Logic debugging by changing input data*4: Logic debugging by changing internal variable*5: Output field wiring test

Input variables Output variables

Each module/all modules (*1)

Input channel (*3)

Input channel (*2) Output channel (*5)

Figure A8.5.1-1 Applications of the forcing function

n Locking for debugging inter-SCS safety communicationIt is possible to lock and set values for function blocks using the Inter-SCS CommunicationLock Window in order to debug inter-SCS safety communication applications. By locking ei-ther the producing or consuming side function blocks and setting values for individual functionblocks, it is possible to change the execution conditions of application logics for debugging.



A8.5.2 Utilization of the forcing function in SCSmaintenance

The forcing function can be used for the following purposes, after all wiring is completed butbefore the start of actual operation, as well as during maintenance after starting the actual op-eration.• Disconnection of Input/Output Modules

• Maintenance of Input/Output Channels

• Prevention of nuisance tripping caused by inter-SCS safety communication during onlinechange downloading or offline downloading

n Disconnection of input/output modules

l Prevention of nuisance tripping when replacing a faulty moduleIf a channel of the input module fails in single configuration, the replacement of input moduleis required. The forcing function is used to fix input values of all channels to the current valuesto prevent nuisance tripping.Similarly, if a channel of the output module fails in single configuration, the replacement ofoutput module is required. The forcing function is used to fix the data status of all channels ofthe output module to the current values to prevent nuisance tripping in other output modulesthat refer to this channel.

l Prevention of nuisance tripping due to online modificationWhen changing the application logic or input/output modules online, the forcing function isused to fix output values of all channels that may be influenced by this change, in order toprevent nuisance tripping.In online modifications of an input/output module online, the forcing function is used to fix theinput/output values of all channels of the corresponding input/output module to the currentvalues in order to prevent nuisance tripping.

WARNING• For the output modules targeted for online change, field bypasses are required so as to

prevent plant shutdown.

• In online modifications of output modules, if the channel status of the module is used as areference by another output module, the channel of another output module may mistak-enly generate a trip signal. To prevent this, the output modules linked to the online-changed module should be locked during online maintenance.

SEEALSO For more information about standards for judging the need for input/output module locks, refer to:

“ (D) (D’) Online Change Download” in “ Procedure for Online Change of an Application” in 5.1, “EntireProcedure of Online Change of Application” in Engineering Guide (IM 32Q01C10-31E)

n Maintenance of input/output channelsWhen performing maintenance of input/output channels, the forcing function is used to fix thevalues of the corresponding channels so as to prevent adverse effect on the operation of oth-er applications.



n Prevention of nuisance tripping due to inter-SCS safetycommunication errors at download

Nuisance tripping due to inter-SCS safety communication errors can be prevented by lockinginter-SCS safety communication when performing online change download and offline down-load.

WARNINGBe sure to check that LD (Logical Data) and PD (Physical Data) match when unlocking afterthe completion of download operation.Unlocking in the status where LD and PD do not match may cause nuisance tripping.

l At online change downloadIn the case of online change download, launch the Inter-SCS Communication Lock Windowfrom an SCS project in which online change download is to be performed, and then lock sta-tions on the producing and consuming sides. Nuisance tripping caused by online changes canbe prevented.

l At offline downloadIn the case of offline download, launch the Inter-SCS Communication Lock Window for anSCS project receiving data from the SCS which will perform offline download (e.g., SCS0101),and then lock SCS0101 so as to lock the function block on the consuming side. Nuisance trip-ping caused by offline download can be prevented.



A9. Connection with other systemsThe SCS provides the following functions to permit connection with other systems.• Modbus slave connection

• Subsystem communication



For more information about subsystem communication, refer to:

B., “Subsystem communication” in Open Interfaces (IM 32Q05B10-31E)

<A9. Connection with other systems > A9-1


B. RAS (Reliability, Availability,Serviceability)

This part provides information about the RAS function which is the core features of the SCS.This part mainly explains the operating modes, diagnosis management, error handling, andredundancy of the SCS.

<B. RAS (Reliability, Availability, Serviceability)> B-1


B1. What is RAS (Reliability, Availabilityand Serviceability) of SCS?

This chapter explains functions related to reliability, availability and serviceability of SCS(hereinafter referred to as RAS in this manual). It also explains each function that provides theactual safety. The function includes the ability to shift to a safe state in a fast and reliablemanner when an error occurs in the plant or system. Among these factors, the following itemsare explained:• Operating mode

• Diagnostic management function, diagnostic information messages

• IOM Report

• Specifications at startup

• Actions taken at error occurrence and recovery procedure

• Dual redundancy

SEEALSO For more information about the security management function of the SCS, refer to:

• 2.12, “Security” in Engineering Guide (IM 32Q01C10-31E)

• 1.3, “Security of SCS” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

n Positioning of RAS functionRAS stands for Reliability, Availability and Serviceability, and is an important index when eval-uating the system performance. Reliability means robustness against error occurrence, avail-ability means shortness of downtime and serviceability means ease of repair at failure.

l Functional relation of softwareThe RAS function diagnoses whether hardware and software are running normally and han-dles maintenance of them if any errors are detected. Since this function is able to shut thesystem down and change the SCS status as required, it is one of the most essential SCSfunctions.

l Relationship with other hardwareThe RAS function collects hardware error information concerning the I/O modules and othercomponents in the station. The RAS function organizes hardware error information and exe-cutes pre-defined safety operations accordingly, such as shutting down. Error information issent to the SENG and HIS as diagnostic information messages. The SCS saves diagnosticinformation generated internally. And the information can be referenced from SENG. You candelete saved diagnostic information messages from SENG.The figure below shows how the RAS function of the SCS is positioned.

<B1. What is RAS (Reliability, Availability and Serviceability) of SCS? > B1-1


SENG HIS

SCS

RASfunction

FCS

Diagnosis Information System Alarms

Download, Changing

Actions

Error Information

I/O module shutdown

Input/outputmodules

V net

Figure B1-1 Positioning of RAS function

<B1. What is RAS (Reliability, Availability and Serviceability) of SCS? > B1-2


B2. Operating modeThe operating mode indicates the operation status of an SCS. Operations of system of theSCS are determined by the operating mode.The SCS operating mode can be one of the following five types: Stop mode, Loading mode,Initial mode, Waiting mode and Running mode. Each of these modes is explained in details.

n Overview of operating mode of SCSThe operating mode indicates the operating status of the SCS. The operations of each func-tion executed by the system program of SCS are determined by the operating mode. An over-view of the operating mode is provided below.• The operating mode indicates the overall operating status of SCS, not the status of each

output module.

• The operating mode indicates the status of a single SCS, regardless of whether the con-figuration of CPU of SCS is single or dual-redundant.

• If CPU of SCS is dual-redundant, the operating mode does not shift even if the controlright of CPU is switched.

l Diagram of operating mode state transitionThe figure below illustrates how the operating mode shifts. Note that it is possible to shift tothe Stop mode from all other modes, but the arrows indicating these shifts are omitted for thesake of clarity.

The request ofOffline Download

start fromSCS Manager

Finish ofOffline Download

notified fromSCS Manager

The SCS starts upon a start request.

SCS Power ON

Can be transferred from all other modes

The application-logic execution function starts upon

completion of diagnosis.

All output channels of safety output modules are

“Output Enabled”

At least one output channel of

a safety output module is “Output Disabled” .

Loading Mode

Stop Mode

Initial Mode

Waiting Mode

Running Mode

SCS stopped

Figure B2-1 Operating mode status shift

n Stop mode (stopped status)This is the initial state of the SCS.

<B2. Operating mode > B2-1


n Loading mode (during offline download)In this mode, program and database are being downloaded from the SCS Manager to theSCS.

n Initial mode (initializing status)In this mode, the SCS is initializing databases, processing the diagnostic at startup and start-ing the input/output modules, all of which are necessary following an initial cold start. If startedsuccessfully, input modules set input values in the applicable input variables. If the startup ofany input module has failed, an error is recognized for the module. With output modules, theoutputs of all channels remain disabled even after the startup is completed, so that the outputvalues from the application logic will not be output to the field immediately. Subsystem com-munication modules communicate the inputs only, while their outputs remain disabled.

n Waiting mode (waiting for output enable request)Application logic is periodically executed on each scan period. However, if the status of anoutput channel is set to "Output Disable", the result of the application logic will not be outputactually. Failure on the output channel should be removed, and perform "Output enable oper-ation." When "Output enable operation" is performed, the outputs on the normal channels ofsafety output modules are enabled. If you execute the "Output enable operation" just afterstarting up the SCS, the SCS also enables the output of inter-SCS safety communication,SCS Link Transmission and subsystem communication. The Waiting mode status can bechecked in the SCS State Management Window and the LED display of the CPU module.

n Running mode (controlling status)This mode indicates that the SCS is running normally. All output channels of safety outputmodules are outputting the output values from the application logic. The Running mode statuscan be checked with the SCS State Management Window and LED display of the CPU mod-ule.

l Output status monitoringAll output channels of safety output modules are monitored. If any of the channels becomesOutput Disable status due to a failure in the corresponding module or in the output channelitself, or after adding new channels during online modification, the SCS will change its operat-ing mode to the Waiting mode. The operating mode changes to the Running mode when thecause of the channel failure is removed, the output enable operation is completed and all out-put channels are placed in the Output Enable status.

n Checking of operation modeThe operating mode of SCS can be checked with the following methods.• It is possible to check that the operating mode is either the Waiting or Running mode with

the SCS State Management window of the SCS Maintenance Support Tool, the SCS Sta-tus Display view of HIS and the LED display of a CPU module.

• If the operating mode is either the Waiting or Running mode, the operating mode can bereferenced from the application logic as well.

n Influence on operating modeEngineering and occurrence of errors can affect the operating mode as follows.• Occurrence of errors in sub-system communication and communication modules has no

influence on the operating mode.



• Occurrence of errors in SCS link transmission has no influence on the operating mode.

• If output modules/channels are added via online changes, the added modules/channelsare started from the Output Disable status. If the operation mode was the Running modebefore online changes, the mode changes to the Waiting mode. Perform the output ena-ble operation.

• If channels in the Output Disable status or output modules including such channels aredeleted via online changes and there are no longer any channels in the Output Disablestatus in SCS, the operating mode shifts from the Waiting mode to the Running mode.

• If a single output module is changed to dual redundant configuration by online changedownload, IOM download is executed in order to initialize the modules. The outputs of thetarget modules become disabled after downloading. Since some channels are in the Out-put Disable status, the operating mode of SCS shifts to the Waiting mode. Perform theoutput enable operation after the output modules recover to normal.

• It is possible to perform the output enable operation regardless of the status of communi-cation modules.

• It is possible to perform the output enable operation even if the status of communicationwith sub-systems is BAD. In this case, only outputs that are ready to communicate willstart.



B3. Diagnostic management functionand diagnostic informationmessage

An SCS detects hardware and software errors by self-diagnosis. Moreover, it notifies andsaves diagnostic information using the diagnostic management function. This chapter ex-plains the diagnostic management function of SCS.

n Overview of self-diagnosis of SCS and diagnostic managementfunction

An SCS performs self-diagnosis regularly to detect hardware and software errors. It analyzesdetected errors and system configuration to determine the error level according to the erroroccurred and executes error-handling operations according to the error level.The diagnostic management function saves/manages diagnostic information messages gen-erated by self-diagnosis and manages the SCS status. Moreover, it notifies the operation sta-tus of the SCS to the SENG and HIS.

n Functional relation of diagnostic management functionThe following figure illustrates the flow of error information detected by the SCS diagnosticfunctions. Error information is composed of SCS statuses indicating faulty locations/error cau-ses and diagnostic information messages used to notify the user about the errors. In the caseof a CENTUM integration structure, the HIS treats diagnostic information messages as sys-tem alarms.

SENG

SCS

SCS Status Display

HIS

System alarm display

SCS Status Display

Diagnostic management function Error information

Status Processings

Diagnosis

Self-diagnosis

FAULT IOM

SCS Diagnostic Information Operation

SCS status SCS status

Diagnostic information

Diagnostic information

Status

Diagnostic information message

Figure B3-1 Functions related to SCS error information and flow of information

<B3. Diagnostic management function and diagnostic information message > B3-1


B3.1 Diagnostic management function of SCSAn SCS performs the following processing with its diagnostic management function.• Saves diagnostic information messages in the SCS memory

• Notifies error information in response to requests from windows dealing with diagnosticinformation

• Acknowledges and deletes diagnostic information messages in response to requestsfrom windows dealing with diagnostic information

SEEALSO For more information about manipulation of diagnostic information messages from SCS Maintenance Support

Tool of SENG, refer to:


n Management of diagnostic informationAn SCS manages diagnostic information in the following manner.• The SCS saves diagnostic information messages it sends in its memory as diagnostic in-

formation. It sends the saved message information in response to requests from SENGwindows that handle diagnostic information.

• The buffer in the SCS that stores diagnostic information message has the capacity limit.In order to save all diagnostic information messages, it is necessary to collect diagnosticinformation messages from the SENG. The SCS can save up to 5000 diagnostic informa-tion messages. If the SCS buffer becomes full, diagnostic information messages are de-leted starting from the oldest one.

• In the event of power failure, the SCS saves the latest diagnostic information to a memo-ry backed up by a battery. It will restore the saved information upon restart.

n Notification of SCS diagnostic informationThe diagnostic management function notifies SCS diagnostic information in response to re-quests from windows that handle diagnostic information. This allows checking and manipulat-ing the information from the SENG and HIS.• It is possible to check diagnostic information for each failed part from the Diagnostic Infor-

mation Window of the SENG.

• It is possible to acknowledge/delete diagnostic information messages from the DiagnosticInformation Window of the SENG.

• It is possible to see diagnostic information as a list of system alarm messages in SOEViewer of the SENG and HIS.

• It is possible to check the state of the SCS, including how the CPU module is operating inthe SCS Report dialog box of the SCS State Management Window of the SENG.

n Notification of diagnostic information to function blocksSystem status function blocks notify errors that are detected by the system diagnosis. As aresult, you can make an application logic that uses the diagnostic information as referenceand takes action when errors occur.

<B3.1 Diagnostic management function of SCS > B3-2


SEEALSO For more information about safety system function blocks, refer to:

C10., “Safety system function blocks” on page C10-1

For more information about interference-free system function blocks, refer to:

C11., “Interference-free system function blocks” on page C11-1

<B3.1 Diagnostic management function of SCS > B3-3


B3.2 Notification of error level throughdiagnostic information messages

SCS generates a diagnostic information message to notify you that an error has occurred.You can view the diagnostic information messages on the HIS and SENG. However, if a fatalerror occurs on an SCS, the CPU of SCS stops; in this case, some diagnostic informationmessages may not be sent. Diagnostic information messages contain information regardingthe level of the error detected on the SCS.

n Notification of error level and error statusThe status of SCS errors is reported to users through diagnostic information messages. It isalso reported to Application logic. The SCS notification process and details for each error lev-el is shown as follows:

Table B3.2-1 Error level types and the error status notification processError level Diagnostic Information Messages Notification to application logic

Fatal error Diagnostic information message may notbe notified because the CPU stops.

Notification is not possible because theCPU is stopped.

Major error The failure location, cause of error andother information are notified. The error and output status is notified.

Minor error The failure location, cause of error andother information are notified.

A representative error state is notified, in-stead of an individual error state. An appli-cation logic that utilizes this notification canbe created.

SEEALSO For more information about SCS error levels, refer to:

2.10, “Diagnosis Function of SCS” in Engineering Guide (IM 32Q01C10-31E)

For more information about actions taken when an error occurs, refer to:

B6., “Actions taken at error occurrence and recovery procedure” on page B6-1

n Alarm classes and diagnostic information messagesFailures of devices and SCS operation information are notified to the user as diagnostic infor-mation messages. The user can obtain information about the time and location of the erroroccurrence as well as the error type from the messages.• The SCS adds information of the alarm class based on the error level when sending a

diagnostic information message. The SENG displays messages with color according tothe alarm class.

Table B3.2-2 Alarm classAlarm class Correspondence

with error levelMeaning of alarm class Example

Class 1 (seriousalarm)

Fatal error (*1)Major error

An error that may cause sys-tem shutdown occurs and im-mediate action by the user isrequired.

Error notification of IOM in sin-gle configuration.


<B3.2 Notification of error level through diagnostic information messages > B3-4


Table B3.2-2 Alarm class (Table continued)Alarm class Correspondence

with error levelMeaning of alarm class Example

Class 2 (minoralarm)

Minor error Notification that requiresprompt action by the user,such as hardware replacementand remedy of user operationmistakes although the func-tions for safety continue towork

• Notification of a error of anIOM on one side of the re-dundant configuration

• Notification of variable lockstatus by the forcing func-tion continuing for longerthan the specified time

• Alarm sent by the HKU

Class 3 (light alarm) - Notification of recovery from anerror

-

Class 4 (notificationalarm)

- Notification of status other thanSCS errors to the user

Notification of change of thesecurity level

*1: Because the CPU stops when a fatal error occurs, the system may fail to generate a diagnostic information message thatindicates the error.

• The time displayed in a diagnostic information message is the time when the SCS detec-ted an error. The minimum unit of time is millisecond.

• The time information set for an diagnostic information message has the same high accu-racy as the time information set for SOE information.

SEEALSO For more information about the alarm class added to diagnostic information messages, refer to:

Appendix 1., “Alarm Class” in Messages (IM 32Q02B10-31E)

<B3.2 Notification of error level through diagnostic information messages > B3-5


B4. Notification of diagnosticinformation using the IOM Report

This chapter explains the following items regarding the diagnostic information relating toAIO/DIO modules and communication modules that are displayed in the IOM Report dialogbox called from the SCS Maintenance Support Tool.• Format of diagnostic information displayed in the IOM Report dialog box

• Details of diagnostic information displayed in the IOM Report dialog box

SEEALSO For more information about IOM Report for serial communication modules, refer to:

B4.2, “IOM Report of communication modules” on page B4-11

n Calling the IOM ReportIn the Hardware configuration tree view within the SCS State management window of theSCS Maintenance support tool, select an input/output module and click the "System report"button on the tool bar; the IOM Report dialog box appears.

SEEALSO For more information about the structure and operations in the IOM Report dialog box, refer to:

3.1.3, “System Reports” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

<B4. Notification of diagnostic information using the IOM Report > B4-1


B4.1 IOM Report of AIO/DIO modulesThis section explains the IOM Report for the analog input/output modules (AIO modules) andthe discrete input/output modules (DIO modules). In the explanation of these items, AIO/DIOmodules are referred to as input/output modules.

n Display content in the IOM ReportThe IOM Report displays the diagnostic information regarding input/output module errors. Theinput/output module errors are categorized and displayed as follows:• Cause of the input/output module error (CPU detection)

This is a display of the input/output module error status detected by the CPU module ofthe SCS. The input/output module status as viewed from the CPU (such as No responseand HRDY OFF) and other information are displayed. The detailed cause of the input/output module failure is displayed under "Error information inside the input/output mod-ule."

• Error information inside the input/output moduleCauses of an error and a recovery are collected from the input/output module, and thendisplayed.

• Cause of the channel errorChannel error status is displayed. IOP errors detected by the CPU module and channelerrors detected by the input/output module are displayed. If an IOM module becomes er-ror due to an error in an I/O channel, multiple error messages regarding the channel ofthe I/O module maybe displayed.

TIP If a bus error occurs between an input/output module and a CPU module, the following codes indicating thesource of the error are reported in the IOM report generated after operations are restored.

• Cause of the input/output module error (CPU Detection)No response from the input/output module. CPU is unable to retrieve error information from the input/output module.

• Error information inside the input/output moduleCommunication cannot be established with the host CPU or bus for the input/output module, resulting ina host failure error and a fallback operation.

Note also that if there is an input/output module hardware failure, HRDY OFF is displayed in Cause of theinput/output module error (CPU Detection) and you can identify the cause of the failure from the error infor-mation in the input/output module.

n IOM Report display formatThe IOM Report is displayed in the following format.

<B4.1 IOM Report of AIO/DIO modules > B4-2


I/O Module:Node : 2Slot : 1Type : SAI143SIOM Model : SAI143-S03 S1U0H00- F00-Serial No : XXXXXXXX

(Current status) : (Current error information (CPU detection)) First Error Code : (Information for first error) Last Error Code : (Information at recovery) (Error information inside the input/output module)

Channel1: (Channel status) (The latest channel error) (Cause of the channel error detected by the input/output module)2: (Channel status) (The latest channel error) (Cause of the channel error detected by the input/output module) . .

16: (Channel status) (The latest channel error) (Cause of the channel error detected by the input/output module)

(4 kbyte dump display)

l An example of I/O module errorThis is the explanation of the example of the IOM Report that appears when you select amodule and call it under the following circumstance.

Input/output module status as viewed

from the CPU

(Current status)

IOM normal Error A Error B IOM normal (IOM recovered) Error C

Time T1 Time T2 Time T3

First Error

Last Error

Cause 0

Error B (Time of recovery T2)

Error C (Time of occurrence T3)

Cause 0 Not displayed Not displayed

Pattern (1)

Pattern (2)

Pattern (3)

Pattern (4)

Error A (Time of occurrence T1)

Figure B4.1-1 Input/output module error

The following information will be displayed in each of the situations shown in the figure.• Pattern (1)

This is a state where there is no input/output module error after the initial cold start of theCPU. In this case, the current status (normal) will be displayed. The first and last errorcode lines will display the time when the input/output module was started and the cause(Cause 0), respectively.



• Pattern (2)This is a state where there is an input/output module error. The current status and thecurrent error content, as well as the time of the first error occurrence (T1) and the firsterror (Error A), will be displayed. The last error will not be displayed. (The last error codeline will not be displayed.)

• Pattern (3)This is a state where the input/output module has recovered from the error. The currentstatus (normal), the time of the first error occurrence (T1), the first error (Error A), the timeof recovery (T2), and the last error (Error B) will be displayed.

• Pattern (4)This is a state where there is an input/output module error. The time of the first error oc-currence (T3) and the first error (Error C) will be displayed.

l Display format details (I/O module details)Cause of the input/output module error and error information inside the input/output moduleare displayed in the following format.

Table B4.1-1 Cause of the input/output module error and error information inside the input/outputmodule

Display item Description

Current status The current IOM status will be displayed in the following format.IOM Normal/IOM Fail/IOM Fail (Output Shutoff)

Current error information (CPUdetection)

The cause of the current input/output module error detected by the CPUwill be displayed with error code.Example: No response (0x0000 5101)Display condition: The information is displayed when there is an input/output module error.

Information for first error

The time of the first error occurrence detected by the CPU (when the in-put/output module status changed from normal to error) and the error in-formation will be displayed with error code.Example: 20/4/2005 12:34:56 IOM Fail (HRDY OFF) (0x0000 5105)Display condition: The information is displayed when an error occurswith the input/output module even once.

Error information at recovery

The recovery time of the I/O module and the latest error information willbe displayed with error code.Example: 20/4/2005 12:50:56 IOM Restart (0x0000 5106)Display condition: The I/O module is currently normal and the displayedinformation is the latest error in the past.

Error Information inside the Input/Output Module

How the input/output module was started and the error code inside theinput/output module will be displayed.

Example 1: When the input/output module is normalIOM Start: IOM Restart (Power On) (0x0301 5547)

Example 2: When there is an input/output module errorIOM Fail: IOM Readback Error (0x0101 5502)

Display condition: The information is displayed when the cause of theerror is stored inside the input/output module, and the input/output mod-ule information can be obtained.

l Display format details (channel details)The details of a channel error will be displayed as follows:



Table B4.1-2 Cause of the channel errorDisplay item Description

Channel status (*1)

The current channel status will be displayed. If the I/O module is dual-redundantly configured, the channel status on the control side modulewill be displayed.- (When the channel is not in use) / Normal / IOP+ / IOP- / TRNS+ /TRNS- / Ovr Range / Ch Fail

The latest channel error(*1)

This part displays the time that the channel recovered from the errorand the latest error information. If the I/O module is dual-redundantlyconfigured, the latest error on the control side module will be displayed.This item is displayed only when the channel status is normal.Example: Normal (21/6/2005 12:50:56 Last Error: IOP+)

Cause of the channel error detec-ted by the input/output module(*2)

The last-saved channel error in the I/O module will be displayed. If mul-tiple errors are kept in the I/O module, the multiple errors may be dis-played. Even if the I/O module is in dual-redundant configuration, the er-ror of the module will be displayed anyway.Example :Open Circuit (0x0401 5561)Short Circuit (0x0401 5562)

*1: The channel status during IOM Failure is the status right before the IOM fails.*2: If the IOM failure is caused by the abnormality of a channel, the error of the channel will be displayed in IOM Report.

Example 1: Channel Failed 1: IOP+ 2: Ch Fail Open Circuit (0x0401 5561)

Example 2: Channel Recovered 3: Normal (22/8/2011 12:50:56 Last Error :IOP+) 4: Normal (22/8/2011 12:50:56 Last Error :Ch Fail) Open Circuit (0x0401 5561)

TIP The channel status and the last error of a pair of dual-redundantly configured input/output modules will becollected from the active input/output module. If the input/output module is placed in a redundant configura-tion, read the descriptions regarding the IOM Report of the active input/output module for details.

n Code system for causes of errors in the IOM ReportThe display format and the code system in the IOM Report to indicate the causes of errorsare as follows:

l Display formatCategory of input/output module errors ∆ Category of causes of errors

l Code system for category of input/output module errors• 0x00XX

Error detected by the CPU

• 0x01XXInput/Output Module Hardware Failure

• 0x02XXInput/output module setting error (such as a disconnected connector on the field side)

• 0x03XXRecovery from an input/output module error (such as when the input/output module wasrecovered from 0x02 above, or recovered after the fallback operation was executed upondetecting a host side error)



• 0x04XXChannel error (In this case, there is an error with the applicable channel. It indicates awiring error or a channel hardware failure when the input/output module is in a single con-figuration. If the input/output module is in a redundant configuration, the channel hard-ware failure will be displayed as the category 0x01XX "Input/output module hardware fail-ure.")

l Code system for category of causes of errors• 0x51XX

Content of error detected by the CPU

• 0x55XXContent of error detected by the input/output module (including cause of recovery)

n Cause of the input/output module error (CPU detection)The following explains the details of the codes used to indicate the cause of the input/outputmodule error detected by the CPU. The IOM Report will display these codes as "Current errorinformation (CPU detection)," "Information for first error," or "Error information at recovery."

Table B4.1-3 Details of codes for cause of input/output module error (CPU detection)Code (hexadeci-

mal) Display Description

0000 5101 No response

A no-response error has occurred during the communica-tion between the CPU and the input/output module.The error occurred is either with the input/output moduleor in the communication path to the input/output module.

0000 5102 IOM model Code Error

The model name of the input/output module defined in theSENG does not match that of the input/output module in-stalled.Verify the model name of the input/output module.

0000 5103 IOM Configuration Error

The setting information defined in the I/O parameter build-er does not match the input/output module setting infor-mation.Perform IOM download.

0000 5104 IOM Fail (HRDY OFF)

An input/output module hardware failure has been detec-ted. An error occurred and the HRDY on the I/O moduleturned OFF.Check the error information inside the input/output mod-ule for the detailed cause of the error.

0000 5105 I/O Error (AP READY-OFF)

The error may have been generated because the connec-tor is disconnected and field power not supplied, or IOMdownload was performed.Check the error information inside the input/output mod-ule for the detailed cause of the error.

0000 5106 IOM Restart

The input/output module has recovered from the errorstate.Check the error information inside the input/output mod-ule for the detailed cause of the error.

0000 5107 Output Shutoff

An error occurred and the Output Shutoff switch was acti-vated due to a reason other than output module failure(the HRDY does not turn OFF). Check the IOM Report forthe detailed cause of the error.If this type of error occurs, perform the output modulestart operation after the cause of the error has been elimi-nated.




Table B4.1-3 Details of codes for cause of input/output module error (CPU detection) (Table continued)Code (hexadeci-


0000 5111

Communication Error

An error has been detected in the data check of the com-munication between the CPU and the input/output mod-ule.This error may have been caused due to a failure with theinput/output module or the communication path betweenthe CPU and the input/output module.

0000 5112

0000 5113

0000 5114

IOM Redundant Control Fail

An error has been detected in the redundant control partof the input/output module. Replace the input/output mod-ule. However, this error might occur when two single defi-nition input/output modules are changed to dual redun-dancy and an online change download is performed, buta connector is only connected to the input/output moduleon one side. If this happens, connect connectors to the in-put/output modules on both sides. You can check the re-covery in System alarm message No. 0082 "Input/outputmodule return to normal." In this case, it is not necessaryto replace the input/output module.

0000 5115

0000 5116

IOM Error

An error has been detected in the input/output module.Replace the input/output module.However, if the IOM Error (0000 5117) occurred after theIOM downloading or during the SCS restarts after offlinedownloading, there is no need to replace the input/outputmodule.

0000 5117

l Differences in output results as a result of differences in AIO/DIO modulefirmware

If the following errors occur and an IOM report is displayed, either "0000 5103" or "0000 5105"will be displayed, depending on the version of the AIO/DIO module.• Download in progress for input/output module initialization

• Front connector disconnected

• Failure in the power supply from the front connector

When an error addressed as “0000 5103” remains unsolved although you perform IOM down-load as the corrective action against “0000 5103” error, the actual error is possibly one ofthese three errors because they are originally “0000 5105” errors. Confirm that the front con-nector is properly connected.

n Error information inside the input/output moduleThe following explains the details of the codes for the cause of error detected by the input/output module in the channel common area of the input/output module, or in the channel areaif the input/output module is in a redundant configuration. The IOM Report will display thesecodes as "Error information inside the input/output module."

l Input/output module hardware failureThe following explains the details of the codes for hardware failure in the channel commonarea of the input/output module, or in the channel area if the input/output module is in a re-dundant configuration.



Table B4.1-4 Details of codes for input/output hardware failureCode (hexadeci-


01xx 5501(xx: Internalcode)

IOM Channel Common FailThere has been a failure in the channel common area ofthe input/output module.Replace the input/output module.

0101 55020401 5502(*1)

Output Readback Error

An error has been detected in the readback process forthe output value.Check the field wiring of the analog output module for anyabnormality (for example, short-circuits between chan-nels), and also confirm that the total resistance of all con-nected cables and devices does not exceed the value ofthe allowable output load resistance for output modulesthat is written in the GS (General Specification).If the wiring and resistance are appropriate, replace theoutput module.

0101 55030401 5503(*1)

Internal Power Supply Fail An error has been detected in the channel power supply.Replace the input/output module.

0101 55040401 5504(*1)

Output Channel Failed ON

A failure that the output channel is unable to change fromON to OFF has been detected.Check the field wiring for any abnormality (for example,short-circuits between channels).If there is no field wiring error, replace the output module.

0101 55050401 5505(*1)

Output Channel Failed OFFA failure that the output channel is unable to change fromOFF to ON has been detected.Replace the output module.

0101 55060401 5506(*1)

Over CurrentAn overcurrent failure has been detected inside the input/output module.Replace the input/output module.

01xx 550704xx 5507(xx: Internalcode)(*1)

IOM Channel Fail

There have been some errors with the channel area ofthe input/output module.Check if there is an input of a signal value at a level be-tween ON and OFF or chattering has occurred.If the input signal level is normal or chattering has not oc-curred, replace the input/output module.

*1: For a channel failure, the error codes and the statuses of failures vary depending on whether the input/output module is in theredundant configuration or non-redundant configuration.• The upper error code is for a redundantly configured I/O module, while the lower error code is for a non-redundantly con-

figured I/O module.• If the input/output module is in a redundant configuration, this error will be an IOM Fail error. In a non-redundant configura-

tion, the error will occur only to the failed channel.

SEEALSO For more information about allowable output load resistance of the analog output module, refer to:

Analog Input/Output Module (for ProSafe-RS) (GS 32Q06K30-31E)

l Input/output module setting errorThe following explains the details of the codes for input/output module setting error.

Table B4.1-5 Details of codes for input/output module setting errorCode (hexadeci-


0201 5521 Connector on Field SideDisconnected

The connector on the field side is disconnected. Checkthe connector.

0201 5522 Field Power Supply Error

There has been a voltage error with the field power sup-ply. Check if there are any errors with the field power sup-ply or the wiring. If there is no error, replace the input/output module.




Table B4.1-5 Details of codes for input/output module setting error (Table continued)Code (hexadeci-


0201 5523 Execution of Download IOM download is being executed.

0201 55240401 5524 (*1) Transmitter Power Error

There has been an error with the transmitter power sup-ply inside the input/output module. Check if there are anyerrors with the transmitter, the field wiring and the input/output module setting. The error may have been causedbecause the two-wire/four-wire setting of the current inputmodule and the pin setting of the input/output module donot match.

*1: For a channel failure, the error codes and the statuses of failures vary depending on whether the input/output module is in theredundant configuration or non-redundant configuration.• The upper error code is for a redundantly configured I/O module, while the lower error code is for a non-redundantly con-

figured I/O module.• If the input/output module is in a redundant configuration, this error will be an IOM Fail error. In a non-redundant configura-

tion, the error will occur only to the failed channel.

l Recovery from input/output module errorThe following explains the details of the codes for recovery from input/output module error.

Table B4.1-6 Details of codes for recovery from input/output module errorCode (hexadeci-


0301 5541 Connector on Field SideRecover

The input/output module has recovered from the discon-nection error of the field side connector.

03xx 5542(xx: Internalcode)

FallbackThe input/output module has detected an error in thecommunication with the host, and the fallback operationwas executed.

0301 5543 Field Power Supply Recover The field power supply has recovered to a normal state.

0301 5544 Download Completed IOM download has been completed.

0301 5545 IOM Switchover The control right was switched upon request from thehost.

0301 5546 Output Shutoff

The Output Shutoff switch activated due to a cause otherthan a failure in the output module (HRDY does not be-come OFF), and the outputs of all channels have become0. Check if there are any field wiring errors. If there is nofield wiring error, replace the output module.

0301 5547 IOM Restart (Power-On) The input/output module started after turning the poweron.

0301 5548 Transmitter Power Recover The transmitter power supply has recovered to a normalstate.

n Cause of the channel errorThe following explains the details of the codes related to channel error. The IOM Report willdisplay these codes as "Channel status", "The latest channel error" and "Cause of the chan-nel error detected by the input/output module" in the area where causes of channel errors areto be displayed.

l Channel status, the latest channel error"Channel status" in the IOM Report will display the channel status (cause of a channel error)detected by the CPU. The "latest channel error" is the last error that CPU detected. The de-tails of the codes are explained in the following table.



Table B4.1-7 Details of codes for channel statusCode (hexadeci-


0000 5121 TRNS+ A transmitter high limit error has occurred.

0000 5122 TRNS- A transmitter low limit error has occurred.

0000 5123 IOP+ An input high limit error has occurred.

0000 5124 IOP- An input low limit error has occurred.

0000 51250000 5126 Ovr Range

Replace the input module.• SAI143 or SAV144 module

There has been an internal error that the analog inputvalue is out of the range between -25 % and 125 %.

• SAT145 or SAR145 moduleThere has been an internal error that the input value iseither not a number, an infinity or out of the range thatthe module can handle.

0000 5127 Ch FailA channel error has occurred. Check the display of causeof the channel error detected by the input/output modulefor the cause of the error.

l Cause of channel error detected by the input/output module (input/outputmodule detection and the details of channel error)

"Cause of channel error detected by the input/output module" will display channel errors de-tected by the input/output module. Details of the codes are explained.

Table B4.1-8 Details of codes for cause of channel error detected by the input/output moduleCode (hexadeci-


0401 5561 Open Circuit

An error has occurred due to open circuit. Check the fieldwiring.In SDV526, open circuit occurs due to a channel fuseburnout caused by a short circuit. Check the field wiringand channel fuses.

0401 5562 Short Circuit An error has occurred due to short circuit. Check the fieldwiring.

0401 5563 Short circuit between chan-nels

There is short circuiting between channels. Check if thereare any field wiring errors.

0401 5564 Output Overload An output overload has been detected. Check if there areany errors with the field wiring or the loading device.

0401 5567

RJC Error

This is an input error of reference junction compensation(RJC) in the SAT145. The cause is likely a failure in thethermistor for the reference junction compensation for theterminal board. Check if there are any errors in the termi-nal board.

0401 5568

If the status of the input/output module is single, the code 04xx xxxx error explained on theInput/output module hardware failure page is displayed as the cause of the channel error de-tected in the input/output module.

SEEALSO For more information about the cause of the channel error, refer to:

“l Input/output module hardware failure” on page B4-7



B4.2 IOM Report of communication modulesThis section explains the IOM Report on the following communication modules.• Serial communication module (Modbus slave communication)

• Serial communication module (Subsystem communication)

• Ethernet communication module (Modbus slave communication)

n Display format of IOM Reports on serial communication modules(Modbus slave communication)

The display format of IOM Reports when an ALR111 or ALR121 is used for Modbus slavecommunication is as follows:I/O Module:

Node: 2Slot: 6Type: ALR111IOM Model: ALR111-S03 S0U0H0-- F0--(4-kbyte dump display)

n Display format of IOM Reports on serial communication modules(subsystem communication)

The display format of IOM Reports when an ALR111 or ALR121 is used for subsystem com-munication is as follows.

TIP Information of the specified communication module is displayed even when the module is configured as a re-dundant module.

I/O Module:Node: 2Slot: 4Type: ALR111IOM Model: ALR111-S03 S0U0H0-- F0--Serial No: XXXXXXXX

Subsystem Name: (Subsystem name)Revision: (Subsystem package revision)

IOM Status: (Communication module status) (Detail cause)Port1 Status: (Port communication status)Port2 Status: (Port communication status)

Communication Status1 0000 0000 0000 0000 0000 0000 0000 0000 0000 000011 0000 A3B0 A3B0 A3B0 0000 0001 0001 0001 0001 0001 . .(4-kbyte dump display)

<B4.2 IOM Report of communication modules> B4-11


In the above example, communication definitions 1 to 11 indicate a normal status, while com-munication definitions 12 to 14 indicate an A3B0 error. After the communication definition 16,there is no communication definition or corresponding communication is not performed.

Table B4.2-1 Display items for ALR111/ALR121 in subsystem communicationDisplay item Description Remark

Subsystem nameThe name of the subsystem package currently loadedto the ALR111/ALR121 is displayed.(Example) Subsystem Name: S_MODBUS

-

Subsystem package re-lease number

The release number of the subsystem package in theALR111/ALR121 is displayed.(Example) Revision: R1.01.30

-

Detailed causes of com-munication module sta-tuses

The status of the communication module is displayed.• Control: Normal (at single configuration), control

side in the case of a redundant module• Stand-by: Stand-by side in the case of a redundant

module• Fail: ErrorIf the module status is "Fail," the detail cause of the er-ror (error cause code) is displayed.

Refer to the Diagnosticinformation messageNo. 0081 for the contentof the error cause code.

Port 1/2 communicationstatuses

The statuses of port 1 and 2 are displayed. If the com-munication module has generated an error, the previ-ous statuses are displayed.• Ready: The serial communication status is normal,

or there is no communication definition.• Error: A serial communication error has occurred.

-

Communication Status(Communication errorcode for communicationdefinition n: 1 <= n <=128)

The communication status is displayed for each com-munication definition. This item is invalid if the commu-nication module has generated an error. The status in-formation for 128 definitions is displayed.0x0000: The communication status is normal.

0x0001: There is no communication definition, orcommunication is not performed.

0xA3XX: Communication error code

-

Communication Status(for SLSEVENT typecommunication defini-tion when subsystemcommunication programS_SLSMOD is used inALR121)

The area for two definitions is required for SLSEVENTtype communication definition for ProSafe-SLS eventcollection.

0x0000 0x0000: The communication status isnormal.

0x0001 0x0000: Communication is not per-formed.

0xA3XX 0x0000: Communication error code

-


Message Number 0081 in 3.1, “Safety Control Station Error Occurrence and Recovery Messages (Mes-sage Numbers 0001 through 0094)” in Messages (IM 32Q02B10-31E)

For more information about the communication error codes displayed under Communication Status, refer to:

• Manual for the connected Modbus system

• “ Communication error code” in B3.1, “Communication specifications” in Open Interfaces (IM32Q05B10-31E)



l Reading communication status when using ProSafe-SLS communicationfunction

When ALR121 is used for ProSafe-SLS communication function, communication status maybe read in a particular way. Communication status for SLSEVENT type communication defini-tion for ProSafe-SLS event collection is displayed in 4-kbyte that is equal to two definitions ofother type. The detailed example is as follows:

Communication Status1 0000 0000 0000 0000 0000 0000 0000 0000 0000 000011 0000 A3B0 A3B0 A3B0 0000 0001 0001 0001 0001 000021 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 . .(4-kbyte dump display)

Communication definition of SLSEVENT type

The circled 14th communication definition is SLSEVENT type and other communication defi-nitions are types other than SLSEVENT type. Each communication definition corresponds tothe following communication status:

Table B4.2-2 Correspondence between communication definition and communication statusCommunication defini-

tionCommunication status

1st to 11th Normal communication

12th to 13th Communication error (No response from subsystem)

14th Communication error in SLSEVENT type (No response from subsystem)

15th to 18th No communication

19th to 29th Normal communication

Confirm the correspondence relation between each communication definition and communi-cation status on the Comm. I/O Definition tab of Communication I/O Builder.

n Display format of IOM Reports on Ethernet communication modules(Modbus slave communication or DNP3 communication)

The display format of IOM Reports when an ALE111 is used for Modbus slave communicationor DNP3 communication is as follows:I/O Module:

Node: 2Slot: 1Type: ALE111IOM Model: ALE111-S03 S0U0H0-- F0--Serial No: XXXXXXXX(4-kbyte dump display)



B5. Operations at SCS startupAn SCS always performs the initial cold start processing when it starts up. It does not have afunction that allows it to resume the operating mode it was in before stopping. The operatingmode at startup is always the Stop mode.

SEEALSO For more information about the operating mode, refer to:

B2., “Operating mode” on page B2-1

n Types of SCS startup methodsAn SCS can start up in one of the following three ways.

l Power recovery startAn SCS starts up in this way when the power supply is resumed after power failure.

l Start after offline downloadAn SCS starts up in this way when the user performs offline download from the SCS manag-er.

l Manual restartAn SCS restarts when the restart switch of the CPU module is pressed or the user performsSCS restart operation from SCS Manager of the SENG.

TIP • After starting SCS, the operation requests from the SENG and Workbench will be ignored until the oper-ating mode of the SCS changes to Waiting mode. The same error will occur to the communications withFCS or HIS for the CENTUM integration as well as Modbus slave communication. The operating modeof the SCS can be checked on the SCS State Management Window or identified through the LED of theSCS CPU module.

• A diagnostic information message notifying a failure/recovery may generate twice when the SCS is re-started. This does not present any problem in practical operations or on safety.

n Internal data at SCS startupSince an SCS always performs initial cold start when it starts up, all operation areas and vari-able values maintained dynamically by the SCS are initialized. System programs and databa-ses that were downloaded offline and changes made online are saved in the flash memoryand restored at start up.Moreover, when the SCS is started, data saved in the memory with battery backup may re-main without being initialized. This battery backup memory can hold data for approximately300 hours even if the power supply to the SCS is stopped. If the data is lost, it will be reset tothe initialized status.The following are examples of data stored in the battery backup memory.• System log information

• Diagnostic information (200)

• SOE data log information (1000)

<B5. Operations at SCS startup > B5-1


Table B5-1 Data status when starting SCS

Data stored in... Data in SCS Started after offline down-load

Started after power is re-stored/Manually restarted

Main memory Variable in application log-ic

Initial value Initial value

Data in function block Function block performs ini-tialization

Function block performs in-itialization

Security level Level 2 Level 2

Lock status of the variable Reset Reset

Data of CENTUM integra-tion function

Initial value Initial value

Flash memory (*1) System program Loaded programs Returns to the programused before the outage/stoppage.

Database Loaded database Returns to the databaseused before the outage/stoppage.

Contents of online modifi-cation

Changes made before theoutage/stoppage are stillvalid.

Password for changing thesecurity level

The password used beforeloading is invalid (should beinitialized).

The password used beforethe outage/stoppage arestill valid.

Memory with bat-tery backup

Specific log information The log information beforeloading is not initialized.

The log information beforeoutage/stoppage is not ini-tialized. (*2)

*1: This assumes that you have written into the flash memory.*2: If the outage time exceeds about 300 hours, the data in the memory will be lost.

<B5. Operations at SCS startup > B5-2


B6. Actions taken at error occurrenceand recovery procedure

This chapter explains the action taken when an error occurs in the system and the recoveryprocedures. If an error occurs in the system, operations corresponding to the error level areperformed.There are the following three error levels.• Fatal error

• Major error

• Minor error

SEEALSO For more information about system error detection by the self-diagnostic function, refer to:

B3., “Diagnostic management function and diagnostic information message” on page B3-1

n Overview of system operations at occurrence of fatal errors andmajor errors

The following provides an overview of system operations corresponding to the different SCSerror levels.

l Actions taken at fatal error occurrenceA fatal error disables hardware and/or software so that operation cannot be continued. Bothsides of a redundant CPU module stop and all output modules output the fail-safe value.

l Actions taken at major error occurrenceWhen a major error occurs, some hardware cannot continue the ordinary operation. When anerror occurs, the system takes action which you have configured in advance for the failure ofhardware. The application logics that handle major errors must also be configured.

l Shutdown operationsThe shutdown operations fix the output status from an SCS. There are the following threetypes of operations:• Shutdown executed by a user-defined application logic

• Shutdown where the CPU fixes the output values of areas with failures

• Shutdown executed by an output module when it detects an error in the host system(CPU)

When a fatal error occurs, the CPU stops and all output modules shut down; this is called alloutput shutdown.

l Output value at faultWhen an output module detects an error, the predefined fail-safe values will be used as theoutput values. The fail-safe value of each output channel is referred to as the "Output Value atFault." This value can be set on the I/O parameter builder for each DO or AO channel. For aDO channel, this action depends on the setting of [Output Value in Detecting Error] and for anAO channel, depends on the settings of [Output Processing at Fault] and [Output Value atFault]. (Only the setting item of [Output Value at Fault] cannot validate this action.)However, the output module does not output the "Output Value at Fault" in following status:

<B6. Actions taken at error occurrence and recovery procedure > B6-1


• The output module being initialized

• The output module with Output Shutoff switch and the switch is energized.

• The malfunctioning output channel or the output module

TIP The descriptions in the later chapters will have the explanations regarding the tight-shut values may becomethe output values of the analog output modules if the [Tight-Shut/Full-Open] is enabled on the I/O Parameterbuilder. However, if the [Tight-Shut/Full-Open] is disabled on the I/O Parameter builder, the output value of themodule becomes the "default initial value upon power-on" instead of the tight-shut value.

SEEALSO For more information about “tight-shut/full-open” and “default initial value upon power-on”, refer to:

“l Tight-shut/Full-open” on page A4-30

<B6. Actions taken at error occurrence and recovery procedure > B6-2


B6.1 Actions taken at fatal error occurrence andrecovery procedure

The CPU stops if a fatal error occurs in it. If the CPU module is in redundant configuration andthe control right is switched to the CPU module on the standby side, the error is treated as aminor error. If the error affects the entire system, no output can be made, but in other cases,communication from the CPU is stopped; all output modules output the fail-safe value at CPUerror. The fail-safe value is the value defined by the user in advance with I/O Parameter Build-er as the value output by output modules when the CPU fails.

<B6.1 Actions taken at fatal error occurrence and recovery procedure > B6-3


B6.1.1 Actions taken at occurrence of errors affecting theentire system and recovery procedure

If the power supply to the entire system, including the CPU module and input/output modules,fails, or the power supply to the system is started anew, the following operations are per-formed.

n Actions taken at error occurrenceRegardless of the duration of a power failure, the initial cold start processing is performedwhen the power is supplied to the CPU nodes anew. Once the power starts to be supplied tothe system, input/output module startup processing is performed and the operating modeshifts to the Waiting mode. When this happens, "0" is output from the DO modules while thetight-shut value is output from the AO modules, to the field.

n Recovery procedureThe user should perform the output enable operation from the SENG after confirming that alloutput modules have been started successfully. Once the output enable operation is per-formed, output values of the application logic are output to the field. When all outputs areplaced in the Output Enable status, the operating mode shifts to the Running mode.

Output from CPU

Output enable operation

Output modules processing start

Result of application logic processing Output from output modules

Start supplying power User operation

(*1) (*2)

Stop Periodic output

*1: “0” for DO modules, and “0.0 [mA]” for AO modules.*2: “0” for DO modules, and the tight-shut value for AO modules

Figure B6.1.1-1 Recovery from errors affecting the entire system



B6.1.2 Actions taken at CPU module error occurrence andrecovery procedure

If an error occurs in the hardware of the CPU module, CPU node or software, only the CPUstops. If the CPU module is placed in redundant configuration, it is judged that a fatal errorhas occurred when both CPUs fail.The CPU also stops when offline download is performed to an operating SCS.

n Actions taken at error occurrenceIf the CPU does not create any data output for a certain length of time, the connected outputmodules will assume that the CPU is in a status where it cannot set an output value, and alloutput modules will output each fail-safe value specified by the user in advance. (This iscalled as "All output shutdown.") Input modules, on the other hand, are not affected by CPUerrors. In the case of redundant CPU modules, the same operation as for a single CPU mod-ule configuration is performed if the module on the standby side fails.

n Recovery procedureIn order to recover from an error occurred in the CPU module, the CPU module replacementmay or may not be necessary.

l Recovery procedure by replacing a failed CPU moduleThe following figure illustrates the output values from the SCS after the CPU module hasbeen replaced, based on a single CPU module configuration.

Output from CPU

Start of master database offline

download Output enable operation User operation

Result of application logic processing

CPU replacement

Completion of download to input /output modules

Output from output modules

Fail-safe value (*2)

Stop Periodic output


*1: In the master database offline download, configuration information is downloaded to the I/O modules.*2: “0” for DO modules, and the tight-shut value for AO modules.

Figure B6.1.2-1 Recovery after CPU module replacement

SEEALSO For more information about the CPU module replacement procedure , refer to:

7.2.2, “Maintenance for ProSafe-RS Equipment” in Engineering Guide (IM 32Q01C10-31E)

l Recovery procedure after the CPU module is restartedFollow the recovery procedure below if the CPU module is restarted when the CPU and soft-ware are normal.1. Fail-safe values are being output to the field from output modules. When the CPU starts

up, the states of input/output modules are checked and the operating mode shifts to theWaiting mode.



2. Perform the output enable operation from the SCS Maintenance Support Tool of theSENG.When output modules are placed in the Output Enable status, the result of the applicationlogic processing is output to the field. The operating mode shifts to the Running mode.

Result of application logic processing Output from output modules Fail-safe value


Output enable operation User operation CPU restart

Output from CPU Stop Periodic output

Figure B6.1.2-2 Recovery when the CPU module is restarted

n Offline downloadIf you perform offline download to the running SCS, the CPU stops temporarily.Also, IOM download is performed to all I/O modules.Once an offline download is started, the output values from output modules will conform to theFigure "Recovery after CPU Module Replacement."



B6.1.3 Behavior at abnormal calculationIf there are mistakes in the application logic, intended control can no longer be performed.For the sake of safety, such mistakes must be completely removed before starting the actualoperation, by thoroughly checking and testing in advance.If there is any mistake that is left undeleted, causing overflow and other abnormal calcula-tions during execution of the application logic, SCS stops because correct control cannot becontinued. However, by making specifications with a builder, it is possible to avoid stoppageof SCS and continue the operation (*1). Diagnostic information messages are generated atoccurrence of abnormal calculation and upon recovery respectively.


IMPORTANTThe purpose of this function is to temporarily avoid the error conditions of SCS. If an abnor-mal calculation occurs, review the application logic as soon as possible and modify the logicsuch that the abnormal calculation will not recur.

The SCS automatically recovers if the cause of abnormal calculation is removed or resolved.

n Specification of behavior at abnormal calculationUse the SCS Constants Builder to specify the behavior at abnormal calculation.If "Continue operations" is specified, the SCS will not fail and will continue operations even ifany of the following abnormal calculations occur.• Division by zero

• Access to the outside of an array

• Overflow in floating-point calculation

• Overflow in casting

SEEALSO For more information about how to specify the behavior at abnormal calculation with the SCS Constants

Builder, refer to:


n Occurrence of division by zeroA division-by-zero calculation error occurs under the following conditions and is processed asfollows.

l Occurrence conditionsThe denominator is zero in a division of DINT or REAL type data.

l SCS processing at error occurrenceIf "SCS fails" is specified in SCS Constants Builder, SCS fails.But if "SCS continues" is specified and this error occurs, the maximum value of the applicabletype (the maximum negative value if the value is negative) is assigned to the variable of theoperation result. The POU (program) where the calculation error occurred does not stop butoperates until the end.



n Access to the outside of an arrayAn access to the outside of an array occurs under the following conditions and it is processedas follows.

l Occurrence conditionsAn index of an array variable points to the outside of the array.

l SCS processing at error occurrenceIf "SCS fails" is specified in SCS Constants Builder, SCS fails. But if "SCS continues" is speci-fied and this illegal access occurs, the corresponding POU (function/function block) is stoppedimmediately. The POU is executed in the next and subsequent scans as well, but the execu-tion is stopped at the same location unless the problem is resolved.The POU (program/function/function block) that called the function/function block in which thecalculation error exists is executed until the end.

l SCS processing at error occurrence when SCS continues the control(details)

If you specify a value exceeding an array size for an index of an array variable in a user-de-fined function or user-defined function block described in the ST language, an error of access-ing outside the array range occurs. The processing of the user-defined function or user-de-fined function block that caused the error is terminated immediately.• The return value of the user-defined function is zero (in the case of DINT, REAL or TIME

type) or FALSE (BOOL type).

• In the case of user-defined function blocks, the output parameters that were written be-fore the occurrence of access to the outside of an array maintain the written values, andthe output parameters that were not written maintain the previous values. The same ruleapplies to the local parameters as well.

• The values above are passed to the POU that called the user-defined function or user-defined function block where the illegal access occurred and the POU is executed untilthe end.

n Overflow in floating-point calculationAn overflow in floating-point calculation occurs under the following conditions and is pro-cessed as follows.

l Occurrence conditions

An overflow occurs in calculation between REAL type operands(*1)

*1: An overflow in integer calculation is not regarded as abnormal calculation.

l SCS processing at error occurrenceIf "SCS fails" is specified in SCS Constants Builder, SCS fails.But if "SCS continues" is specified and this error occurs, the maximum value of the given typeis assigned to the variable of the operation result. The maximum negative value is assigned ifthe first operand is negative in the case of addition/subtraction as well as if the signs of firstand second operands are different in the case of multiplication/division.The POU (program) where the calculation error occurred does not stop but operates until theend.



n Overflow in castingAn overflow in casting occurs under the following conditions and is processed as follows.

l Occurrence conditionsWhen casting REAL type data to BOOL, DINT or TIME type, the resultant value exceeds themaximum value that can be expressed by the variable.

l SCS processing at error occurrenceIf "SCS fails" is specified in SCS Constants Builder, SCS fails.But if "SCS continues" is specified and this error occurs, the following values are assigned tothe variables of the calculation results.

Table B6.1.3-1 Value of the variable to which the result of calculation is assignedVariable type Value

BOOL TRUE

DINT Maximum value of the DINT type (the maximum negative value if the value is nega-tive)

TIME Maximum value of the DINT type

The POU (program) where the calculation error occurred does not stop but operates until theend.

l SCS processing at error occurrence when SCS continues the control(details)

• Casting from REAL type variable to DINT typeWhen casting a value of a REAL type variable to DINT type using the ANY_TO_DINT op-erator, if the original value is greater than the maximum value that can be expressed byDINT type, the calculation result is replaced by the maximum DINT value (the maximumnegative DINT value if the original value is negative).

• Casting from REAL type variable to TIME type variableWhen casting a value of a REAL type variable to TIME type using the ANY_TO_TIME op-erator, if the original value is greater than the maximum value that can be expressed asan unsigned 32-bit integer, the calculation result is replaced by the maximum value of anunsigned 32-bit integer. Although the TIME type can express up to 24 hours, truncation isnot performed immediately when an overflow occurs; truncation is performed in the sub-sequent arithmetic calculation. (The TIME type does not take a negative value, but if anegative value is assigned in ANY_TO_TIME, the value is converted to a signed 32-bitinteger once and then treated as TIME type keeping the bit sequence.)

n Notification of abnormal calculation occurrence/recoveryOccurrence of abnormal calculations and recovery from them are notified via diagnostic infor-mation messages if SCS continues the control. By using the system function block(SYS_CERR), whether a calculation error has occurred or not can be handled in the applica-tion logic.

l Notification of abnormal calculation occurrenceIf a calculation error occurs, it is notified by the diagnostic information message (No. 4145)that indicates an occurrence of abnormal calculation. If calculation errors occur in multiplePOUs (programs), a diagnostic information message is generated for each POU (program).



If different types of calculation errors occur in the same POU (program) at the same time, adiagnostic information message is generated for each type of calculation error.



l Re-notification of abnormal calculation occurrenceIf the abnormal calculation status continues for a certain period of time or longer, the diagnos-tic information message notifying the abnormal calculation is generated repeatedly as warn-ing. The re-warning interval is 10 minutes by default.The re-warning interval can be changed using SYS_CERR.

l Handling of abnormal calculation status with application logic

The abnormal calculation status can be handled in the application logic by using the systemfunction block (SYS_CERR). (*1)

*1: SYS_CERR can be used in SCS databases created by SENG of R2.03.00 or later.

l Notification of recovery from abnormal calculationIf the POU (program) that previously caused a calculation error is executed normally until theend, the calculation error of the POU (program) is regarded to have been cancelled and thediagnostic information message indicating recovery from abnormal calculation (No. 4146) isnotified. The diagnostic information message indicating recovery is generated for each diag-nostic information message notifying error occurrence.



n Behavior in test functionsIn logic simulation tests and SCS simulation tests, behaviors at abnormal calculation are dif-ferent from those in the actual system.

SEEALSO For more information about when an abnormal calculation occurs in the test function, refer to:

• “ Debug and test” in 2., “Logic simulation test operations” in ProSafe-RS System Test Reference(IM 32Q04B30-31E)

• “ Other differences in operations between SCS simulator and actual SCS” in 3.3.1, “Operationsunique to SCS simulators” in ProSafe-RS System Test Reference (IM 32Q04B30-31E)



B6.2 Actions taken at major error occurrenceand recovery procedure

This section explains the operations of an SCS when a major error occurs and the recoveryprocedure, for the cases where errors occur in the following locations.• Input module

• Input channel

• Output module

• Output channel

• Communication path between the CPU module and input/output modules

• Optical ESB bus repeater devices

n Notification of error statusAn SCS notifies the application logic of the fact that an error occurred. It also notifies errors tothe user via the SCS State Management Window of the SENG, the Status Display view of theHIS, and diagnostic information messages.Since the following processing is performed, the user can create a shutdown application logicbased on these conditions to determine desired output values for each output module.• The status of channels belonging to the area with the failure becomes BAD.

• The status is reflected in the system function block.

• In the case of errors related to input modules and/or channels, the input value is set tothe "Input value at error occurrence." The "Input value at error occurrence" is provided tothe application logic instead of the actual process value if an error is detected in inputmodule . The user must define in advance the "Input value at error occurrence" for eachchannel in the I/O Parameter Builder.

SEEALSO For more information about items defined in I/O Parameter Builder, refer to:

• A4.3, “Common input/output setting items” on page A4-9

• A4.4, “Items set for analog inputs” on page A4-13

• A4.5, “Items set for analog outputs” on page A4-28

• A4.6, “Items set for discrete inputs” on page A4-34

• A4.7, “Items set for discrete outputs” on page A4-39

n Recovery from error stateThe following subsections explain the recovery measure to be taken for I/O modules when amajor error occurs.The following operations are needed to recover from an error.• IOM download

• Output enable operation (for output modules only)

SEEALSO For more information about the procedures of IOM download and output enable operation, refer to:

• 3.1.7, “IOM Download Tool” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

• 3.1.6, “Output Enable Operation” in Utilities and Maintenance Reference (IM 32Q04B20-31E)

<B6.2 Actions taken at major error occurrence and recovery procedure > B6-11


B6.2.1 Actions taken at input module error occurrence andrecovery procedure

If there is a malfunction in an input module hardware, SCS treats it as an input module error.In the case of a redundant input module, the control rights switches, but the application logiccontinues running. This is considered as a minor error. The following explains the operationsperformed when an error occurs in the case of modules in single configuration or single oper-ation status.

n Actions taken at error occurrence• CPU processing

When an input module becomes abnormal, the CPU will force the pre-defined values onthe I/O parameter builder to all the channels of the module and force the data to BAD sta-tus. The application logic should handle these changes in the inputs and statuses as er-rors. In order to prevent the plant from the fatal damages caused by input module abnor-malities, the application logics for catching the abnormalities and handling the errorsshould be created.

• Error notificationA module error is notified via a diagnostic information message (alarm class 1). In theSCS State Management Window on the SENG or the Status Display view on the HIS, thefailed module is shown in red to indicate an error.

n Recovery procedure1. Investigate the cause of the failure based on the error code shown in the IOM Report.

2. If the input module itself is faulty, replace the module.If the cause of the failure is on the field side, remove the abnormality on the field side.

3. From the SCS Maintenance Support Tool of the SENG, execute IOM download.The CPU starts up the input module, and once the input value is acquired normally, thedata status returns to GOOD.

Field value (*1) Physical data value

Input value at error occurrence Identical to the physical value Logical

data value

1 0

1 0

IOM download Module replacement User operation

Logical data status GOODBAD

Physical data status GOODBAD

*1: The value varies with the input module type and status.

Figure B6.2.1-1 Input module error



B6.2.2 Actions taken at input channel error occurrence andrecovery procedure

An input channel error typically occurs in two cases, when there is an error on the field side orwhen there is a hardware failure in individual channels of an input module.

n Actions taken at error occurrence• CPU processing

The CPU sets the input value at error occurrence, which is a value defined by the user inadvance in I/O Parameter Builder, for the faulty input channel and sets the data status toBAD.

Sensor Input Module Valve Output Module

Input modules fault is taken account by application logic as a demand.

Input value at error occurrence

Logic

Logic Action

Action

Fault

Figure B6.2.2-1 Overview of operation when an input channel error is detected

• Error notificationA channel error is notified via a diagnostic information message (alarm class 1). However,the SCS State Management Window of the SENG and the Status Display view of the HISdisplay the module where channel error has occurred in the color that indicates normal.

n Recovery procedureThe type of recovery procedure to be used depends on whether or not the error occurred onthe module side.

l Recovery procedure in the case of error on the module sideIf a hardware error occurred in one or more channels of an input module, the input moduleneeds to be replaced. The module replacing procedure for single module configuration is asfollows:1. Fix the input values sent to the application logic from the related input variables. Use the

locking operation of the forcing function or maintenance override in order to fix the inputvariables. This minimizes the impact at module replacement.

2. After replacing the module, perform IOM download.The input module starts up normally.



Physical data value

Physical data status

Logical data value

Logical data status

Module replacement

Physical data value

GOOD

Input value at error occurrence

GOOD BAD

BAD

User operation

Physical data value


Logical data value

Logical data status

Locking input variables

Unlocking IOM input variables IOM download

Physical data value

GOOD GOOD

Physical data value

GOOD GOOD

BAD

Hold

Hold

Hold

Hold

Faulty channel

1

0

1

0

1

0

1

0

Normal channel

Field value Field value (*1)

Field value (*1)

*1: The value varies with the input module type and status.

Figure B6.2.2-2 Input module replacement (with locking operation)

SEEALSO For more information about locking input variables, refer to:

A8., “Forcing” on page A8-1

l Recovery procedure in a case where the module is normalIf a failure is discovered in the field or input module connection, remove the cause of the fail-ure. Removing the cause of the failure allows the channel with the failure status to go back tousing the field value, and the data status changes to GOOD.



B6.2.3 Actions taken at output module error occurrenceand recovery procedure

The result of the application logic processing is set to the logical data and physical data of therelevant output variables, and this data is then written to each channel of the correspondingoutput module via the I/O driver. On the other hand, the CPU acquires the status of the outputmodule as well as the status of each channel of the output module, and sends diagnostic in-formation messages or reflects the state information in the system function block used forchannel status display. By using a system function block, module/channel statuses can bemonitored via the application logic. The figure below illustrates the relationship between theCPU and output module.

Application logic

CPU

Output module

Logical data Physical data

Data update

I/O driver

CH1

CH2

CH3

CH8

Output disable status Locked status

Composed of data value and data status

Output shutoff switch

Figure B6.2.3-1 Overview of CPU and output module

n Actions taken at error occurrenceIf any output module has failed, the SCS performs failure diagnosis and switches the controlright and/or sends diagnostic information messages. If the control right of the duplexed mod-ules has been switched, the actions corresponding to a minor error is taken.If the output module was operating in the single operation mode, the following actions are tak-en.• CPU processing

The CPU sets the fail-safe value, which is a value defined in advance in the I/O Parame-ter Builder, for the physical data of each output channel of the faulty output module. Thesystem places all the output channels in the "Output Disable" status. At this point, the op-erating mode shifts to the Waiting mode. Writing to the output module is stopped there-after. The data statuses of all channels of the output module become BAD. The user canconfigure the application logic so that other associated outputs are shut down automati-cally based on data status changes of specific output channels to BAD.

• Error notificationA module error is notified via a diagnostic information message (alarm class 1). In theSCS State Management Window on the SENG or the Status Display view on the HIS, thefailed module is shown in red to indicate an error.

n Recovery procedureThe procedure for recovery from an output module error is as follows:1. Investigate the cause of the failure based on the error code shown in the IOM Report.

If a system function block for output status display is used, the failure location can bechecked.

2. If the output module itself is faulty, replace the module.If the cause of the failure is on the field side, remove the abnormality on the field side.



3. From the SCS Maintenance Support Tool of the SENG, execute IOM download.After the IOM download, the CPU performs startup processing of the output module. Ifthe startup processing is completed, the output module is recognized as normal and dataupdate starts. After the module returns to normal, "0" is output for DO modules, while thetight-shut value is output for AO modules, from all channels of the output modules.

4. Test the output module.

5. From the SCS Maintenance Support Tool of the SENG, perform the output enable opera-tion.Output values of the application logic will be output. Once all output channels are placedin the Output Enable status, the operating mode shifts to the Running mode.

The figure below illustrates the flow from a failure of an output module to the recovery.


Physical data value

Logical data status

IOM download User operation

1 0

1 0

Module replacement

Output enable operation

Output from IOM

The logical data value is set to the result of the application logic processing.

GOOD

GOOD

(*2)

BAD

BAD

(*1)

Fail-safe value Logical data value

Physical data value


*1: “0” for DO modules, and “0.0 [mA]” for AO modules.*2: “0” for DO modules, and the tight-shut value for AO modules.

Figure B6.2.3-2 Recovery from output module error with module replacement



B6.2.4 Actions taken at output channel error occurrenceand recovery procedure

An output channel error typically occurs in two cases, when there is an error on the field sideor when there is a hardware failure in individual channels of an output module. Depending onthe cause of the failure, the Output Shutoff switch in the output module may be activated andan output module failure may occur, in which case the action take at error occurrence and re-covery procedure may be different from those applicable to an output channel error.To prepare for output channel failures, an application logic must be created in advance foreach output channel using a function block for system status indication.

Sensor Input Module Actuator /Valve Output Module

Action

Action

Fault

Logic

Node

Slot

System Status

Function Block

Figure B6.2.4-1 Description of logic related to output failure

SEEALSO For more information about function blocks for system status indication, refer to:

C10., “Safety system function blocks” on page C10-1

n Actions taken at error occurrenceThe actions taken at error occurrence are explained for each of the following two cases: whenthe Output Shutoff switch is activated and when an error occurs in a single output channelwithout activating the Output Shutoff switch.

l Channel errors accompanied by activation of the Output Shutoff switchEven when the failure concerns only a certain output channel, the entire output module maybe affected if the Output Shutoff switch in the output module is activated. In this case, "0" and"0.0 [mA]" are output from all output channels for the DO modules and AO modules, respec-tively.The targets of output shutoff operation include dangerous failures (such as DO module chan-nels are clutched to ON status) and failures where internal module protection is required(such as overcurrent of AO modules). However, the user can define in the I/O ParameterBuilder whether or not to activate the Output Shutoff switch for dangerous failures where mod-ule protection by the system is not required.The user must determine if the failure occurred in the field or in the module, based on the de-tailed error information provided in the Diagnostic Information window and IOM Report dialogbox.

SEEALSO For more information about IOM report errors, refer to:

B4.1, “IOM Report of AIO/DIO modules” on page B4-2



l Operation at occurrence of output channel errorsErrors that do not activate the Output Shutoff switch, such as disconnection on the field side,are notified as failures of individual output channels. The following operations are performed iferrors occur in individual output channels.• CPU processing

The CPU sets the fail-safe value, which is a value defined by the user in advance in I/OParameter Builder, for the physical data of all the faulty output channels and places themin the Output Disable status. At this point, the operating mode shifts to the Waiting mode.Other normal output channels output the result of the application logic processing. TheCPU continues updating the data of the output module.

• Error notificationAn output channel error is notified via a diagnostic information message (alarm class 1).The data status of the faulty output channel is set to BAD. In the SCS State ManagementWindow on the SENG and the Status Display view on the HIS, the output module isshown in the color indicating a normal state. The status of each channel can be checkedin the Diagnostic Information window of SCS Maintenance Support Tool of the SENG.

n Recovery procedureIf a channel error occurred, check the following in the SCS State Management Window andIOM Report dialog box in the SCS Maintenance Support Tool to determine an appropriate re-covery measure.• Has the Output Shutoff switch been activated? Does the error concern only one channel?

• Is it a hardware failure in the module or an error on the field side?

l Single channel errors (disconnection and other errors on the field side)1. Investigate the cause of the failure and recover the field side.

When the output module recovers, a recovery message is output and the fail-safe value,which was defined by the user in advance, is output from the relevant output channel.

2. After confirming that the output module has recovered to normal, perform the output ena-ble operation from SCS Maintenance Support Tool of the SENG.Output values of the application logic will be output.


Physical data value

Logical data status

1 0

1 0

Complete recovery of area with a failure User operation Output enable

operation

Output from output module

The logical data value is set to the result of the application logic processing.

Faulty channel

GOOD

GOOD

BAD

BAD

(*1) Physical data value

Logical data value Fail-safe value

*1: “0” for DO modules, and “0.0 [mA]” for AO modules.

Figure B6.2.4-2 Recovery from channel errors



l In the case of errors on a single channel (module channel hardwarefailure)

If any of the channels on the module side is judged to be erroneous, the output module mustbe replaced. The figure below illustrates the recovery procedure and the data value and datastatus at each timing.

Output lock operation

Module replacement IOM download Output lock

cancellationOutput

enable operation


Physical data value

Logical data status

1 0

1 0

1 0

1 0

Useroperation


Physical data value

Logical data status

Output from normal channel

Output from faulty channel

Faultychannel

Normalchannel

GOOD

GOOD

(*3)

(*3)

BAD

BAD

BAD GOODGOOD

(*2)

(*2)

GOOD

Physical data value

Logical data value

Physical data value

Fail-safe value (*1) Physical data value


Hold Logical data value

Fail-safe value

Fail-safe valueLogical data value

*1: Fail-safe value (This value may be set to “0” for DO modules and “0.0 [mA]” for AO modules, depending on the failure condition.)*2: “0” for DO modules, and “0.0 [mA]” for AO modules.*3: “0” for DO modules, and the tight-shut value for AO modules.

Figure B6.2.4-3 Recovery from channel errors (with module replacement)

l When the Output Shutoff switch has been activatedIf the Output Shutoff switch has been activated, the following values are output from all thechannels of the module.• DO module: 0

• AO module: 0.0 [mA]

If the Output Shutoff switch has been activated, check the module status color shown in theSCS State Management Window.• When the module status is red

If the module status is shown in red, the possible causes of failure are as follows:• Hardware failure of module channels

• Error on the field side

See the IOM Report and identify which is the case. In both cases, the recovery measuresare the same as the procedures taken after an error concerning an individual channel.Follow the recovery procedure for errors on the field side or hardware failure dependingon the situation.

• When the module status is blue



If the module status is shown in blue, the output module is in the startup wait status. Inthis case, perform the following recovery procedure.1. Investigate the cause of the failure and recover the field side.

2. When the recovery procedure has completed, perform the "Start output module" fromthe SCS Maintenance Support Tool of the SENG.The CPU performs the startup processing of the output module. When the outputmodule recovers to normal status, the data status returns to normal.

3. From the SCS Maintenance Support Tool of the SENG, perform the output enableoperation.Output values of the application logic will be output.

SEEALSO For more information about output module start operation, refer to:

“ Starting Output Modules” in 3.1.6, “Output Enable Operation” in Utilities and Maintenance Reference(IM 32Q04B20-31E)

For more information about the recovery procedure from errors on the field side, refer to:

“l Single channel errors (disconnection and other errors on the field side)” on page B6-18

For more information about the recovery procedure from channel hardware failures, refer to:

“l In the case of errors on a single channel (module channel hardware failure)” on page B6-19

n Operation and recovery procedure when overload state is detectedwhile SDV526 is outputting ON signal

This section explains the operations of the SDV526 module and the recovery procedure forthe cases where an output overload state (*1) has occurred while SDV526 is outputting ONsignals. When SDV526 is in a redundant configuration, signals are output from both mod-ules. So, the operation on detection of an overload state and the recovery procedure are ex-plained separately for the active module and standby module.The operation of SDV526 in a non-redundant configuration is the same as the active modulein a redundant configuration.

*1: An overload state occurs when the connected field device has a fault that causes a short circuit or overcurrent when the out-put from the module is set to ON.

l Behavior of SCS and recovery procedure when the active module inredundant configuration or module in non-redundant configuration hasfailed

• Behavior• If an overload state is detected only in the active module of redundant configuration,

the control right is transferred to the standby module and the operation continues.(*1)If an overload state is detected on both modules, the standby module goes toIOM Fail and the control right is not transferred.

• The module sets the output signal of the error channel to OFF, and the channelgoes to an Output Disable status.

• The channel is released from the error but it remains in the Output Disable status.

*1: In this case, recover the error module that has become a standby module by carrying out the recovery procedure for astandby module.

• Recovery procedure

1. Clear the cause of overload state to recover the field device.

2. Use the SCS maintenance support tool on SENG and perform the output enable op-eration.



This allows the output value of the application logic to be output.

l Behavior of SCS and recovery procedure when the standby module inredundant configuration has failed

• Behavior

• The output shutoff switch is activated and the standby module goes to IOM Fail.

• In the SCS State Management Window of the SCS maintenance support tool, themodule's status is shown in blue (startup wait status).

• Recovery Procedure

1. Clear the cause of overload state to recover the field device.

2. Use the SCS maintenance support tool on SENG and perform the output modulestartup operation.The module starts up and operates as a standby module.

n Behavior of SDV521 or SDV53A and recovery procedure when ashort circuit is detected

This section explains the behavior of the SDV521 or SDV53A module and the recovery proce-dure for the cases where a short circuit has occurred in the field wiring of the module.• Behavior

• The module sets the output signal of the error channel to OFF, and the channel goesto an Output Disable status.

• The channel may be released from the error but it remains in the Output Disable sta-tus.

• Recovery procedure

1. Clear the cause of short circuit to recover the wiring on the field side.

2. Use the SCS maintenance support tool on SENG and perform the output enable op-eration.This allows the output value of the application logic to be output.



B6.2.5 Actions taken at errors between CPU and input/output module and recovery procedure

Errors between the CPU and input/output module refer to errors on both sides of the SB busand errors on both sides of the communication module of a node.The value output from output channels when a system error is detected must be specified inadvance as a fail-safe value using I/O Parameter Builder.

SEEALSO For more information about the actions taken at error occurrence when an optical ESB bus repeater is used ,

refer to:

B6.2.6, “Actions taken at error occurrence for optical ESB bus repeater devices” on page B6-24

n Actions taken at error occurrenceIf a node error or bus error occurs, both the CPU and input/output module perform actionstaken at error occurrence, respectively.

l CPU processing• The input value at error occurrence is set for input variables corresponding to all the input

channels that do not respond.

• The fail-safe value is set for the physical data of output variables corresponding to all theoutput channels that do not respond, and they are placed in the Output Disable status.

• The input value at error occurrence set for the input variables and the fail-safe value setfor the output variables are specified in I/O Parameter Builder.

• The CPU stops updating data of the relevant output module.

SEEALSO For more information about items defined in I/O Parameter Builder, refer to:

• A4.3, “Common input/output setting items” on page A4-9

• A4.4, “Items set for analog inputs” on page A4-13

• A4.5, “Items set for analog outputs” on page A4-28

• A4.6, “Items set for discrete inputs” on page A4-34

• A4.7, “Items set for discrete outputs” on page A4-39

l Error notification• A channel error is notified via a diagnostic information message (alarm class 1). The data

status of all the channels is set to BAD.

• When a node encounters an error, a diagnostic information message regarding the nodeerror will be generated. When the node returns to normal, a diagnostic information mes-sage (alarm class 1) is notified to indicate recovery from the I/O module error.

n Recovery procedureIn order to make an output of an output module recover after handling a hardware failure, it isnecessary to perform the output enable operation from SCS Maintenance Support Tool of theSENG.




Physical data value

Logical data status

1 0

1 0

Complete recovery of area with a failure

User operation Output enable operation

GOOD

GOOD

BAD

BAD

Physical data value Output from output modules

The logical data value is set to the result of the application logic processing

Logical data value All channels of an output

module connected to an area with a failure

Fail-safe value

Fail-safe value

Figure B6.2.5-1 Output module recovery from communication path errors

TIP Input modules resume using input values from the field and their data status becomes GOOD once the causeof failure is removed.



B6.2.6 Actions taken at error occurrence for optical ESBbus repeater devices

This section explains the actions taken at error occurrence to the following optical ESB busrepeater devices.• SNT401/SNT411 and SNT501/SNT511 (Optical ESB bus repeater modules)

• SNT401, SNT501 (Optical ESB bus repeater module)

• SNT10D (Unit for optical bus repeater module)

SEEALSO For more information about the recovery measure to be taken at errors of an optical ESB bus repeater, refer

to:

“n Recovery procedure” on page B6-22

n Actions taken at errors of optical ESB bus repeater/fiber-optic cableThe actions to be taken for a failure of optical ESB bus repeater module or abnormality of fi-ber-optic cable is the same as the actions taken at an ESB bus error.• In the event of a failure in one of the optical ESB bus repeater modules in a redundant

configuration, or disconnection or other abnormality in any fiber-optic cable connectingthese modules, a "diagnostic information message indicating a SSB401 error (MessageNo. 0065)" is notified as the event of the I/O node connected via the applicable failure lo-cation.Example:

0065 SCS0101 SBS Fail FIO NODE 02 SBS RIGHT



Node2

Node3

CPU Node (Node1)

Node4

I O M

I O M

I O M

I O M

I O M

I O M

S E C 4 0 1

S E C 4 0 1

S C P X X X

S C P X X X

P S U

P S U

SNT10D S N T 4 0 1

S N T 4 0 1

S N T 4 0 1

S N T 4 0 1

S N T 4 0 1

S N T 4 0 1

P S U

P S U

I O M

I O M

I O M

I O M

I O M

I O M

S N T 5 0 1

S N T 5 0 1

S S B 4 0 1

S S B 4 0 1

P S U

P S U

I O M

I O M

I O M

I O M

I O M

I O M

S N T 5 0 1

S N T 5 0 1

S S B 4 0 1

S S B 4 0 1

P S U

P S U

I O M

I O M

I O M

I O M

I O M

I O M

I O M

I O M

S S B 4 0 1

S S B 4 0 1

P S U

P S U

: Fiber-optic cable

Figure B6.2.6-1 Connection example

The actions taken at errors of optical ESB bus repeater modules is explained using the abovefigure showing a connection example.Nodes 2 and 3 are accessed via SNT401 and SNT501 modules. Therefore, a failure in anySNT401 or SNT501 module relaying Node 2/3 will disable communication with Nodes 2 and3.• A diagnostic information message indicating an SSB401 error (Message No. 0065) is no-

tified for Nodes 2 and 3 in either of the following cases:

• In the SNT10D shown in the figure, one of the SNT401 modules connecting Nodes 2and 3 fails.

• One of the SNT501 modules installed in Node 2 fails.

• If both of the SNT401 modules or SNT501 modules fail, a node error occurs in each I/Onode connected via the failed optical ESB bus repeater modules. If both of the SNT501modules installed in Node 2 fail, Nodes 2 and 3 connected via the SNT501s generate anerror. Similarly if both of the SNT401 module installed in the SNT10D fail, Nodes 2 and 3also generate an error.



TIP A diagnostic information message indicating an ESB bus error (Message No. 0063) is issued only when anerror occurs in all I/O nodes excluding the CPU node. In a configuration where optical ESB bus repeater mod-ules are used to provide multiple ESB bus lines, this diagnostic information message (Message No. 0063) isnot issued in the event of an error in only one line.For example, assume a system configuration that partially uses optical ESB bus repeater modules. Even iferrors are occurred in bus 1 of all I/O nodes those are connected to the ESB bus but are not connected tofiber-optics, the aforementioned diagnostic information message indicating an ESB bus error (Message No.0063) is not issued.

The same rule applies when the SEC402 is used to connect nodes to both the upper and lower sides. Forexample, the diagnostic information message No. 0063 is not notified if errors occurred in only one side of theduplicated buses of all I/O nodes connected via the upper connector.

n Actions taken at errors of node power supply

l Installing optical ESB bus repeater modules in a unit for optical busrepeater module

If optical ESB bus repeater modules are installed in a unit for optical bus repeater module(SNT10D), set hardware setting switch [1] (installation unit setting DIP switch 1) on the opticalESB bus repeater modules to "0: Installation in unit for optical bus repeater module." Whenthe switch is set this way, an error in one of the SNT10D power-supply modules will be noti-fied as a failure of the I/O nodes connected via the optical ESB bus repeater modules.• If an error occurs in one of the power-supply modules of the SNT10D in which the optical

ESB bus repeater modules are installed, the optical ESB bus repeater modules of thecorresponding side stop communicating. If the error occurred in the left power-supplymodule, the optical ESB bus repeater modules installed in odd-number slots stop com-munication. If the error occurred in the right power-supply module, the optical ESB busrepeater modules installed in even-number slots stop communication. Because communi-cation stops from the optical ESB bus repeater module on one side, "diagnostic informa-tion messages indicating the SSB401 error (Message No. 0065)" for all I/O nodes con-nected via the applicable optical ESB bus repeater modules are notified.

• In the event of an error in both of the power-supply modules of the SNT10D in which theoptical ESB bus repeater modules are installed, an error occurs in all I/O nodes connec-ted via the optical ESB bus repeater modules installed in the applicable SNT10D.

l Installing optical ESB bus repeater modules in a CPU node or I/O nodeIf optical ESB bus repeater modules are installed in a CPU or I/O node, set hardware settingswitch [1] (installation unit setting DIP switch 1) to "1: Installation in node (safety control unitor safety node unit)."• If SW [1] is set to "1," the optical ESB bus repeater modules will continue to operate with-

out being affected, even if an error occurs in one of the power-supply modules of thenode in which the optical ESB bus repeater modules are installed.

• In the event of an error in both of the power supply modules of the node in which the opti-cal ESB bus repeater modules are installed, an error occurs in this node and all I/O no-des connected via the applicable optical ESB bus repeater modules.



IMPORTANT• When installing optical ESB bus repeater modules in a SNT10D, set the installation unit

setting DIP switch 1 to "0." If this switch is set to "1," an error in one of the power-supplymodules of the SNT10D will not be notified as a failure of the I/O nodes connected via theoptical ESB bus repeater modules.

• When installing optical ESB bus repeater modules in a CPU or I/O node, set the installa-tion unit setting DIP switch 1 to "1." If this switch is set to "0," an error occurring in one ofthe power-supply modules of the CPU or I/O will cause an error in the optical ESB busrepeater modules on one side.



B6.3 Actions taken at minor error occurrenceand recovery procedure

A minor error does not affect the application logic execution function itself. For example, "one-side" failure of a redundant hardware applies to this.When an error occurs in a device that has been configured for dual redundancy, the controlrights get transferred to the device on standby so processing can continue. Such errors areregarded as minor. After switching the control right, the same operation as for single configu-ration system is performed. The fact that the control right is switched due to a failure is noti-fied via a diagnostic information message. Since the SCS can continue controlling in thiscase, the data status is not changed nor is any error status notification to system functionblocks performed. Confirm that the failed hardware is switched to standby side and then re-place the failed hardware.

IMPORTANTObserve the following precautions when fixing one stopped module of the dual-redundant I/Omodules:• Do not pull out and insert the stopped I/O module again.

• Do not insert the I/O module that is not assured as normal when exchanging I/O modules.

Failure to observe the above-mentioned cautions may lead to an impact on the field side.

SEEALSO For more information about the procedure to replace ProSafe-RS devices, refer to:

7.2.2, “Maintenance for ProSafe-RS Equipment” in Engineering Guide (IM 32Q01C10-31E)

<B6.3 Actions taken at minor error occurrence and recovery procedure > B6-28


B7. Dual redundancyProSafe-RS supports dual-redundant configurations of SCS CPU modules and input/outputmodules. With the dual-redundant configuration, the continuous controllability and operatingefficiency can be improved. Moreover, with dual-redundantly configured hardware, the con-tinuity of plant safety monitoring will be guaranteed by switching the control rights when anerror occurs in the SCS hardware.

<B7. Dual redundancy > B7-1


B7.1 Redundant configuration in SCSIt is possible to employ redundant configuration for SCS CPU modules and input/output mod-ules. The control bus communication, power supply module, ESB bus/SSB401, optical ESBbus repeater module and SB bus are placed in redundant configurations.

n CPU module• The CPU module on the standby side performs the same control processing as the con-

trol side even while it is in the standby status. For this reason, it is possible to take overoutputting data immediately after the control right is switched. Moreover, the operatingmode of the SCS does not change.

• Only the CPU on the control side accesses the hardware composing the SCS and theCPU on the standby side always sets the equivalent value as the processing result.Therefore, the CPU modules on both sides always perform processing using the samedata.

• In redundant configuration, if the CPU module on the standby side is not in the STBY sta-tus and the control right cannot be switched, the same operation as single configurationCPU module is performed.

• SOE data related to discrete inputs might be lost when the control right is switched be-tween the CPU modules.

• CPU modules of the SCSP2 may not update data from analog input/discrete input mod-ules in the scan executed immediately after switching the CPU control right, but use dataread in the previous scan. Data read in 1 or 2 scans earlier may be used for sub-systemcommunication modules.

n Input/output modulesIn an SCS, it is possible to mount input/output modules of the same type in two adjacentslots (*1) to make them redundant. In the case of redundant configuration, one side be-comes the control side and the other becomes the standby side. Switching of the controlright is performed by input/output modules. The switching has no influence on the applicationlogic.

*1: An odd-numbered slot and the even-numbered slot obtained by adding 1 to the odd slot number

• It is not allowed to have redundant configuration across two nodes.

• SOE data related to discrete inputs might be lost when the control right is switched be-tween the input modules even though the frequency is low.

• A HART communication error may occur when the control right is switched between ana-log input/output modules that support HART communication.

Table B7.1-1 Operation of redundant AIO/DIO modulesAIO/DIO module Redundant operation

Analog input moduleDiscrete input module

The input data of the input module on the control side is stored in theinput variable.

Analog output moduleDiscrete output module

The SCS outputs the same value for output modules on both the controland standby sides. Only the output module on the control side outputssignals to the field. If an error occurs on the module on the control side,the control right is switched and outputting is continued

SEEALSO For more information about redundant communication modules, refer to:

2.17, “Connection with Other Systems via Communication Modules” in Engineering Guide (IM32Q01C10-31E)

<B7.1 Redundant configuration in SCS > B7-2


n V net communicationThe SCS V net communication is redundant. The communication couplers are also redun-dant. The CPU has a communication interface that supports the redundant V net. An SCSperforms communication while switching the bus to be used at regular intervals.

n Vnet/IP communicationVnet/IP is redundant. Independent subnets using bus 1 and bus 2 comprise redundant buses.Normally, bus 1 is used for control communication. If a communication error occurs on bus 1,bus 2 is used to perform control communication.

SEEALSO For more information about Vnet/IP communication, refer to:

A1., “Overview of Vnet/IP network” in ProSafe-RS Vnet/IP (IM 32Q56H10-31E)

n Power supply moduleA redundant power supply module is installed on each of CPU nodes and I/O nodes of theSCS. SCS monitors the status of the power supply at regular intervals and, if an error occurs,it notifies the user about the error via the SCS State Management window of the SENG, theStatus Display view of the HIS, and diagnostic information messages. If one of the two powersupplies mounted on the CPU node has generated an error, it notifies two diagnostic informa-tion messages; one corresponding to the error of the power supply module on the CPU nodeand the other corresponding to the error of the power supply module on node 1.

n ESB bus and SSB401The ESB bus is redundant. Each SSB401 is connected to ESB bus, respectively. The follow-ing operations also apply when optical ESB bus repeater devices are present along the com-munication route.• Normally, redundant ESB buses are used in an alternating fashion.

• If an error occurs in an SSB401 on one side, the error is notified to the user via a diag-nostic information message. If both buses fail, the error is treated as a node failure.

• If an error occurs in one bus or SSB401, the SCS continues communication using onlythe normal ESB bus on the other side.

• An erroneous bus is monitored for normal recovery at regular intervals.

• Errors in communication with all I/O nodes, except CPU node, are judged to be ESB buserror.

n Optical ESB bus repeater moduleThe optical ESB bus repeater modules are always used in a redundant configuration.

SEEALSO For more information about the actions taken at errors of optical ESB bus repeater devices, refer to:

B6.2.6, “Actions taken at error occurrence for optical ESB bus repeater devices” on page B6-24

n SB busThe SB bus is a backboard bus that connects the SSB401 and each input/output module. TheSB buses are redundant. Since each bus is connected to one SSB401 in a one-to-one fash-ion, the SB bus is switched whenever an SSB401 is switched.



• If an error occurs in one SB bus, the error is notified to the user via a diagnostic informa-tion message. If both buses fail, the error is treated as a node failure.

• In the case of "one-side" failure of an SB bus, only the ESB bus connected to the normalSB bus is used.



B7.2 CPU redundant statusThe availability of an SCS can be improved by making CPUs redundant. Each of the redun-dant CPUs can be in either control or standby states, which are unique to the CPU.

n CPU statusIn order to show the status of a redundant configuration, it is necessary to indicate the statusof each CPU separately. The operating status of the CPU is called the CPU status.• The CPU status indicates the operating status of the CPU.

• The processing of the SCS references the CPU status as necessary. The user can checkthe CPU status via the CPU's LED, the SCS State Management window of the SENG,and the Status Display view of HIS.

• If an error occurs in the standby CPU, the FAIL status is notified to the application logicvia a system block.

The figure below illustrates the CPU status shift. Note that in order to explain the CPU status,the operating modes it can shift to the Initial mode are called "CTRL" and "STBY." These indi-cate whether the CPU has the control right and are specific to the redundant status, i.e., notrelated to the operating mode.

CPU Fail

CPU Fail

Remove the cause of CPU Fail

CPU Fail

Control Change

Program Start

Program Start

FAIL RDY

STBY

CTRL

Figure B7.2-1 CPU status

l FAIL (CPU stopped)The power is supplied to the CPU, but the software is not running in this status.

l RDY (CPU initializing status)The system program is being set in the main memory in this status.

l CTRL (control status)The system program runs inside the CPU and the CPU has the right to access input/outputmodules in this status.

l STBY (standby status)The system program runs inside the CPU but the CPU does not have the right to access in-put/output modules in this status.

<B7.2 CPU redundant status > B7-5


n CPU status shift in redundant configurationThe figure below illustrates each CPU status and how it may shift in redundant configuration.The thick arrows from (a) to (d) indicate the flow from the startup to normal operation in redun-dant configuration. Note that the figure below does not represent the status by the mountingpositions of the CPUs. Even if the states of the two CPUs are switched, the indication in thefigure shows them in the same status.

Single Operation

(a)

(b) (c) (d)

(e)

APC

RDY

FAIL

CTRL

RDY STBY

CTRL

FAIL

FAIL

FAIL

STBY

CTRL control side CPU status

stand-by side CPU status

CTRL

Figure B7.2-2 States at redundant configuration

Table B7.2-1 CPU statusStatus Description

(a) CPUs on the both sides stopped.

(b) The controlling CPU starts up and sets programs and databases in the main memory.

(c) (*1) The controlling CPU obtains the control right and starts up the standby CPU. Upon launching, thestandby CPU copies the image of the main memory of the controlling CPU into its main memory(this status is displayed as "APC" and not the same as status (e)). The controlling CPU executesthe user application.

(d) Both the controlling and standby CPUs operate normally in redundant configuration. This statusis called the redundant control status.

(e) (*1) In this status, the standby CPU is stopped in redundant configuration, or the controlling CPU isstopped and the control right is switched. The same operation as in single configuration is per-formed.

*1: Single operating status.

The CPU shifts to each status in the following manner.

Table B7.2-2 Conditions of CPU status shiftBefore After Shifting conditions

(a) (b) • The power supply to the SCS is started.• SCS offline download is completed.• The system is restarted.

(b) (c) The controlling CPU started normally.

(c) (d) APC of the standby CPU is completed.

(d) (e) The control right is switched due to a failure of the controlling CPU hardware or thestandby CPU failed.

(e) (c) The standby CPU is replaced or a CPU recovered from transient failure.

(b) (a) An error occurred in the self-diagnosis at startup.




Table B7.2-2 Conditions of CPU status shift (Table continued)Before After Shifting conditions

(c) (a) A fatal error occurred while operating in single CPU operation.

(d) (a) Power failure occurred in the SCS (including momentary power failure).

(e) (a) A fatal error occurred while operating in single CPU operation.

l APC statusThe APC status refers to the status where the data in the CPU memory is being copied fromthe control side to the standby side.The APC status can be checked by the LED on the CPU, the SCS Status Display window ofthe SENG or the Status Display view on the HIS. The start and end of the APC status arenotified via a diagnostic information message.



B7.3 Automatic execution of IOM downloadAfter replacing input/output modules, it is necessary to perform IOM download in order to setconfiguration information. However, you can specify automatic execution of IOM download infollowing conditions:In the case of automatic execution of IOM download, if only an AIO/DIO module on thestandby side in the running SCS is replaced for maintenance, the configuration information isautomatically downloaded from the module on the control side to the replaced module. Thisoperation is possible only when specified in the SCS Constants Builder. If it is not specified,manual IOM download is required after replacing the module on the standby side. Whenboth sides of redundant AIO/DIO modules or modules of single configuration are replaced,manual IOM download must be performed as well.Automatic IOM download is not performed on communication modules. (*1)

*1: Automatic execution of IOM download is supported by the SCS of SCS system program R2.03 or later.

SEEALSO For more information about specification procedures in SCS Constants Builder, refer to:


n IOM download automatic execution conditionsIf a redundant module on the standby side is replaced, IOM download is automatically exe-cuted if the following conditions are met.• Automatic IOM download is enabled in the SCS Constants Builder.

• The redundant AIO/DIO module on the control side is operating normally.

• The replaced redundant module on the standby side failed due to configuration error (*1)

*1: Except the case where the model names on the control and standby sides are different or the case of hardware failure (theSTATUS LED of the module is OFF).

n Operations during automatic IOM downloadThe SCS operates as follows while automatic IOM download is being executed.• If multiple AIO/DIO modules on the standby side are replaced, the processing of automat-

ic IOM download is executed sequentially on a one-by-one basis.

• Diagnostic information messages (No. 0475 and 0476) are notified at the start and com-pletion of automatic IOM download.

• If an error occurs during automatic execution of IOM download, the diagnostic informationmessage indicating erroneous termination of automatic IOM download (No. 477) is noti-fied and the IOM download processing is aborted.

<B7.3 Automatic execution of IOM download > B7-8


IMPORTANTDo not remove and put back the applicable AIO/DIO module while automatic IOM download isbeing executed. If it is removed and put back, a major failure may occur in the module (theSTATUS LED of the module becomes OFF).Automatic download is completed in approximately 30 seconds after inserting the module onthe standby side, and the diagnostic information message indicating completion of IOM down-load (No. 0476) is output. If you need to remove and put back a module, check the diagnosticinformation message indicating completion of IOM download in the Diagnostic Informationwindow of the SCS Maintenance Support Tool before doing so.If a major failure occurs due to erroneous removal and reinsertion, perform IOM downloadmanually to the applicable AIO/DIO module, and then remove and reinsert the module afterthe completion.

• Automatic IOM download is not executed on AIO/DIO modules to which online changedownload of input/output parameters or manual IOM download are being executed. How-ever, automatic IOM download to a different module is executed in parallel.

• If it is attempted to execute online change download of input/output parameters or man-ual IOM download on the applicable AIO/DIO modules for which automatic IOM downloadis being executed, an error occurs in the manual download.

<B7.3 Automatic execution of IOM download > B7-9


C. POUThis part explains how to use POUs (Program Organization Units) to create application logic.It explains the functions and function blocks that are specific to ProSafe-RS.

<C. POU > C-1


C1. Overview of POUA POU (Program Organization Unit) is a generic name for programs, function blocks andfunctions.In ProSafe-RS, programs, function blocks and functions are defined using Link ArchitectureView and Multi-Language Editor of the Workbench.In Part C of this manual, "function block," "function" and "application logic" may be abbrevi-ated as an "FB," "FU" and "logic," respectively.

SEEALSO For more information about POUs (Program organization unit), refer to:

“POU (Program Organization Units)” of “Link Architecture View” in the "Workbench" of the WorkbenchUser's Guide

For more information about the ProSafe-RS applicable POU types and notices on using the POUs, refer to:

2.4, “Overview of POU” in Engineering Guide (IM 32Q01C10-31E)

<C1. Overview of POU > C1-1


C1.1 Types of functions and function blocksIn ProSafe-RS, users implement an application using the Function Block Diagram (FBD), Lad-der Diagram (LD) or Structured Text (ST) programming languages.With FBD, an application is written using functions (FU) and function blocks (FB). Some ele-ments from the Ladder Diagram programming language (Ladder elements) can also be used.In LD, an application is written using Ladder elements. Some FUs and FBs can also be used.Structured Text can be used to create FU/FB using the conditional statements and otherstatements. However, it cannot be used for creating a complete program.Some of the FUs and FBs provided by the ProSafe-RS system can be used in safety loops(safety FUs/FBs) while others cannot be used in safety loops (Interference-free FUs/FBs).FUs and FBs that cannot be used in safety loops are designed not to interfere with the safetyfunctions (interference-free).

SEEALSO For more information about Structured Text, refer to:

2.5, “Structured Text” in Engineering Guide (IM 32Q01C10-31E)

n Safety FU/FBSafety FU/FB are shown as follows. All of them can be used in FBD. Some FU/FB can alsobe used in the Ladder Diagram.

Table C1.1-1 Safety Functions (FU)

Function Name DescriptionUse on

Ladder Di-agram

Re-marks

ABS Gives the absolute (positive) value of a real value (*1)

SQRT Calculates the square root of a real value (*1)

+ ADD +, meaning “addition” (*1)

× MUL ×, meaning “multiplication” (*1)

− SUB –, meaning “subtraction” (*1)

/ DIV /, meaning “division” (*1)

SHL Make the bits of an integer shift to the left. Shift is made on 32bits. Zero is used to replace lowest bit. (*1)

SHR Make the bits of an integer shift to the right. Shift is made on 32bits. Highest bit is copied at each shift. (*1)

ROL Make the bits of an integer rotate to the left. Rotation is madeon 32 bits. (*1)

ROR Make the bits of an integer rotate to the right. Rotation is madeon 32 bits. (*1)

AND AND Yes(*2)

OR OR Yes (*2)

XOR Exclusive disjunction (exclusive OR) Yes (*2)

NOT Negation Yes (*2)

SEL Selects one of two input values (INTEGER) Yes (*2)

SEL_R Selects one of two input values (REAL) (*1) (*3)

SEL_T Selects one of two input values (TIME) (*1) (*3)

MAX Selects the larger of two input values (INTEGER) (*1)


<C1.1 Types of functions and function blocks > C1-2


Table C1.1-1 Safety Functions (FU) (Table continued)

Function Name DescriptionUse on

Ladder Di-agram

Re-marks

MIN Selects the smaller of two input values (INTEGER) (*1)

LIMIT Limits the range of the input values to output (INTEGER) (*1)

MUX4 Selects one of four input values (INTEGER) (*1)

MUX8 Selects one of eight input values (INTEGER) (*1)

MUXBOOL4 Selects one of four input values (BOOL) (*1)

MUXBOOL8 Selects one of eight input values (BOOL) (*1)

MUXREAL4 Selects one of four input values (REAL) (*1)

MUXREAL8 Selects one of eight input values (REAL) (*1)

GT >, meaning “greater than” (*1)

GE >=, meaning “greater than or equal to” (*1)

EQ =, meaning “equal” Yes (*2)

LE <=, meaning “less than or equal to” (*1)

LT <, meaning “less than” (*1)

NE ≠, meaning “unequal” (*1)

SCALER Converts a 0-100% range of input values into a normalizedrange for outputting. (*1)

1 GAIN Assignment (*1)

IB_TO_V Converts IO_BOOL-type input to data value (*1) (*3)

IB_TO_S Converts IO_BOOL-type input to data status (*1) (*3)

IR_TO_V Converts IO_REAL-type input to data value (*1) (*3)

IR_TO_S Converts IO_REAL-type input to data status (*1) (*3)

*1: Though applicable in Ladder Diagram, since EN and ENO are attached, cannot be applied in Safety loops.*2: Yes: Available to use*3: These function blocks can be used in new SCS database created by SENG in R1.01.30 or later.

Table C1.1-2 Safety Function Blocks (FB)

Function BlockName Description

Use onLadder

DiagramRemarks

SR Set dominate bistable Yes(*1)

RS Reset dominate bistable Yes (*1)

R_TRIG Detects a rising edge Yes (*1)

F_TRIG Detects a falling edge Yes (*1)

CTU Count up counter Yes (*1)

CTD Count down counter Yes (*1)

CTUD Count up/down counter. Yes (*1)

TP Pulse timer which outputs pulses for a specified duration afterrising edge detection. Yes (*1)

TON On-delay timer Yes (*1)

TOF Off-delay timer Yes (*1)

REPEATTIMER Alternates TRUE and FALSE outputs at specified intervals Yes (*1)

FILTER First-order lag filter (*2)




Table C1.1-2 Safety Function Blocks (FB) (Table continued)


Use onLadder

DiagramRemarks

FILTER_S First-order lag filter with data status analysis capability (*2)

ANLG1OO2D 1oo2D analog voter (*2) (*3)

ANLGVOTER 3-input analog voter (IO_REAL) (*2) (*3)

BOOLVOTER 3-input BOOL voter (IO_BOOL) (*2)

ANG_S Outputs high/low alarm with scale conversion (with data statusinput) (*2)

(*4)(*5)(*6)

ANLGI Outputs high/low alarm with scale conversion (*2) (*4) (*5)

VEL Detects the velocity limit exceeded (*2) (*4) (*5)

SYS_STAT Manages the SCS status (*2) (*5)

SYS_FORCE Manages forcing (*2) (*5)

SYS_DIAG Outputs diagnosis information (*2) (*5)

SYS_SECURE Manages Security level (*2) (*5)

SYS_SEC_CTL Protects security level (*2) (*5) (*7)

SYS_IOALLST Detects fault in all I/O channels (*2) (*5)

SYS_NODEST Detects fault in all I/O channels in node (*2) (*5)

SYS_OUTST Detects fault in output module channels (for 8 channels) (*2) (*5)

SYS_OUTST16 Detects fault in output module channels (for 16 channels) (*2) (*5) (*6)

SYS_INST Detects fault in input module channels (*2) (*5)

SYS_CHST Detects fault in channels (*2) (*5)

SYS_CERR Indicates computation errors (*2) (*5) (*8)

SYS_SCA-NEXT Indicates the extension of scan period (*2) (*5) (*8)

SYS_OVR Manages override function blocks Yes (*1) (*5)

SYS_PSWD Manages password function blocks Yes (*1) (*5)

SYS_OUTEN Indicates Output module output status (*2) (*5) (*6)

SYS_ALLSD Shuts down Station output (*2) (*5) (*6)

SYS_IOSD Shuts down Module output (*2) (*5) (*6)

SYS_FORCE_BD Manages forcing of Inter-SCS safety communication data Yes (*1) (*5) (*8)

SYS_FORCE_LT Manages forcing of SCS Link Transmission (*2) (*5) (*9)

SYS_LTSTS Indicates SCS Link Transmission reception status (*2) (*5) (*9)

OVR_B Overrides from HIS (BOOL) (*2) (*4) (*5)

OVR_I Overrides from HIS (INTEGER) (*2) (*4) (*5)

OVR_R Overrides from HIS (REAL) (*2) (*4) (*5)

OVR_IB Overrides from HIS (IO_BOOL) (*2) (*4) (*5)

OVR_IR Overrides from HIS (IO_REAL) (*2) (*4) (*5)

PASSWD Manipulates BOOL-type data using password from HIS (*2) (*4) (*5)

MOB_11 Data manual operation with two-position answerback (BOOL) (*2) (*4) (*5)(*6)




Table C1.1-2 Safety Function Blocks (FB) (Table continued)


Use onLadder

DiagramRemarks

MOB_21 Data manual operation with three-position answerback (BOOL) (*2) (*4) (*5)(*6)

MOB_RS Auto-reset data manual operation (BOOL) (*2) (*4) (*5)(*6)

MOA Analog-type data manual operation (*2) (*4) (*5)(*6)

CONS_B Receives data on consumer side for inter-SCS safety communi-cation (BOOL) (*2) (*5)

CONS_I Receives data on consumer side for inter-SCS safety communi-cation (INTEGER) (*2) (*5)

CONS_R Receives data on consumer side for inter-SCS safety communi-cation (REAL) (*2) (*5)

PROD_B Transmits data on producer side for inter-SCS safety communi-cation (BOOL) (*2) (*5)

PROD_I Transmits data on producer side for inter-SCS safety communi-cation (INTEGER) (*2) (*5)

PROD_R Transmits data on producer side for inter-SCS safety communi-cation (REAL) (*2) (*5)

B_TO_IB Converts data values and status to IO_BOOL-type outputs. (*2) (*7)

R_TO_IR Converts data values and status to IO_REAL-type outputs. (*2) (*7)

GOV_B Grouping overrides from HIS (BOOL) (*2) (*4) (*5)(*6)

GOV_IB Grouping overrides from HIS (IO_BOOL) (*2) (*4) (*5)(*6)

LTRCV Receives Safety Link Transmission data (*2) (*5)

LTSND Sends Safety Link Transmission data (*2) (*5)

ANN_FUP First-up Alarm Annunciator Yes (*1) (*4) (*5)(*6) (*8)

FUP_RST Resets the First-up alarm annunciator Yes (*1) (*5) (*8)

*1: Yes: Available to use*2: Though applicable in Ladder Diagram, since EN and ENO are attached, cannot be applied in Safety loops.*3: The range limitation of the fail-safe values for SCS System Programs R3.01.00 or later is different from that of earlier ver-

sions. In versions earlier than R3.01, the range limitation is from -25.0% to 125.0%. There is no range limitation in R3.01 andlater versions.

*4: FBs that can define tag names for instances. By defining tag names, mapping blocks/elements are created, which can beaccessed from the HIS.

*5: The operation of FBs in an SCS simulation test and a logic simulation test is different from the operation in an actual SCS.*6: These functions can be used in new SCS database created by SENG in R1.03.00 or later.*7: These function blocks can be used in new SCS database created by SENG in R1.01.30 or later.*8: These function blocks can be used in new SCS database created by SENG in R2.03.00 or later.*9: These function blocks can be used in new SCS database created by SENG in R1.03.00 or later.

n Safety Ladder ElementsSafety Ladder Elements are shown as follows. All of them can be used in Ladder Diagram.Some elements can be used in FBD.

Table C1.1-3 Safety Ladder ElementsElements Name Description Use in FBD

Direct Contact Direct Contact Yes

Inverted Contact Inverted Contact Yes




Table C1.1-3 Safety Ladder Elements (Table continued)Elements Name Description Use in FBD

Contact with Rising Edge Detection Contact with Rising Edge Detection Yes

Contact with Falling Edge Detection Contact with Falling Edge Detection Yes

Direct Coil Coil Yes

Inverted Coil Inverted Coil Yes

SET Coil SET Coil Yes

RESET Coil RESET Coil Yes

Coil with Rising Edge Detection Coil with Rising Edge Detection No

Coil with Falling Edge Detection Coil with Falling Edge Detection No

n Interference-free FU/FBThe following table shows the Interference-free FU/FB (No interference in safety functions).All of them can be used in FBD and Ladder Diagram. When they are used in Ladder dia-grams, EN and ENO terminals are added.

Table C1.1-4 Interference-free Functions (FU)Function Name Description Remarks

ANY_TO_BOOL Converts to BOOL-type

ANY_TO_DINT Converts to INTEGER-type

ANY_TO_REAL Converts to REAL-type

ANY_TO_TIME Converts to TIME-type (*1)

POW Performs power calculation

POWE Calculates with a exponential function with base e (*2)

ACOS Calculates the Arc cosine of a real value

ASIN Calculates the Arc sine of a real value

ATAN Calculates the Arc tangent of a real value

COS Calculates the Cosine of a real value

SIN Calculates the Sine of a real value

TAN Calculates the Tangent of a real value

LOG Calculates the Common logarithm of a real value

LOGE Calculates the Natural logarithm of a real value (*2)

MOD Calculates the Modulo of an integer value (*3)

*1: Can be used regardless the SCS database revision number when SENG software release number is R1.03.00 or later.*2: These functions can be used in new SCS database created by SENG in R3.02.10 or later.*3: These functions can be used in new SCS database created by SENG in R1.03.00 or later.

Table C1.1-5 Interference-free Function Blocks (FB)Function block

Name Description Remarks

ANN Transmits annunciator message (*1)

SYS_SCAN Outputs scan time information (*2)

SYS_IOMDSP Outputs the IOM status (*2)

SYS_NODEINF Outputs node status (*2) (*3)

SYS_ESBINF Outputs ESB bus status (*2) (*3)




Table C1.1-5 Interference-free Function Blocks (FB) (Table continued)Function block

Name Description Remarks

SYS_NETST Outputs Control bus status (*2) (*3)

SYS_ALRDSP Outputs status of subsystem communication modules (*2) (*4)

SYS_ALARM Outputs alarm transmission status (*2)

SYS_TIME Outputs SCS clock information (*2)

SYS_FORCE_SC Manages forcing of subsystem communication data (*2) (*4)

SYS_STAT_SC Indicates output enable operation in subsystem communication (*2) (*4)

SOE_B BOOL-type SOER (*2)

SOE_I INTEGER-type SOER (*2)

SOE_R REAL-type SOER (*2)

ECW_B Sets data of a BOOL-Type variable from an external device (*1) (*2)

ECW_I Sets data of a INTEGER-Type variable from an external device (*1) (*2)

ECW_R Sets data of a REAL-Type variable from an external device (*1) (*2)

AVERAGE Calculates the average of a specified duration

LIM_ALRM Hysteresis on a real value for high and low limits

SCI_B Input from a subsystem (BOOL) (*1) (*2) (*4)

SCI_I Input from a subsystem (INTEGER) (*1) (*2) (*4)

SCI_R Input from a subsystem (REAL) (*1) (*2) (*4)

SCO_B Output to a subsystem (BOOL) (*1) (*2) (*4)

SCO_I Output from a subsystem (INTEGER) (*1) (*2) (*4)

SCO_R Output to a subsystem (REAL) (*1) (*2) (*4)

LTFCS Receives Interference-free Link Transmission data (*2) (*5)

SYS_SETTIME Sets the time of SCS (*6)

*1: FBs that can define tag names for instances. By defining tag names, mapping blocks/elements are created, which can beaccessed from the HIS.

*2: The operation of FBs in an SCS simulation test and a logic simulation test is different from the operation in an actual SCS.*3: These function blocks can be used in new SCS database created by SENG in R1.02.00 or later.*4: These function blocks can be used in new SCS database created by SENG in R1.01.30 or later.*5: These function blocks can be used in new SCS database created by SENG in R1.03.00 or later.*6: The function block can be used in a new SCS database created by SENG in R3.02.10 or later.



C1.2 Common specificationsThis section explains specifications used commonly in each FU and FB.

n Execution order of POUsSEEALSO For more information about the execution order of POUs, refer to:

“POU (Program Organization Units)” of “Link Architecture View” in the "Workbench" of the WorkbenchUser's Guide

n Basic types, structuresSEEALSO For more information about the basic data types and structure types that applicable in FU and FB of ProSafe-

RS, refer to:

“ Data Type of Variables” in 2.4, “Overview of POU” in Engineering Guide (IM 32Q01C10-31E)

n Common constantsIn ProSafe-RS, the following constants have been defined in advance. These constants canbe used when creating an application for the purpose of making the application easier to read.Users can add constants as required. Do not change the following constants, however.

Table C1.2-1 Pre-defined constantsName Value Description

TRIP_NONE 0 Do not regard signals as tripping signals

TRIP_OFF 1 Regard the falling edge of a signal (TRUE to FALSE) as a tripping sig-nal

TRIP_ON 2 Regard the rising edge of a signal (FALSE to TRUE) as a tripping sig-nal

n Reserved keywords in the systemThere are certain keywords reserved for the ProSafe-RS system, such as the designation ofFU or FB, and words listed in the following table. These reserved keywords in the system can-not be used for function block names, variable names, and others.

Table C1.2-2 List of reserved keywordsInitial Reserved keywordsA ABS, ACOS, ADD, ANA, AND, _AND, AND_MASK, ANDN, ARRAY, ASIN, AT, ATAN

BBCD_TO_BOOL, BCD_TO_INT, BCD_TO_REAL, BCD_TO_STRING, BCD_TO_TIME, BOO,BOOL, BOOL_TO_BCD, BOOL_TO_INT, BOOL_TO_REAL, BOOL_TO_STRING,BOOL_TO_TIME, BY, BYTE

C CAL, CALC, CALCN, _CALL, _CALL_IEC_SFC_FB, CALN, CALNC, CASE, CONCAT, CON-STANT, COS

D DATE, DATE_AND_TIME, DELETE, DINT, DIV, DO, DT, DWORD

EELSE, ELSIF, EN, _END, END_CASE, END_FOR, END_FUNCTION, END_IF, END_PROGRAM,END_REPEAT, END_RESSOURCE, END_STRUCT, END_TYPE, END_VAR, END_WHILE, ENO,EQ, EXIT, EXP, EXPT

F FALSE, FEDGE, FIND, FOR, FUNCTION


<C1.2 Common specifications > C1-8


Table C1.2-2 List of reserved keywords (Table continued)Initial Reserved keywordsG GE, GFREEZE, GKILL, _GOTO, GRST, GSTART, GSTATUS, GT

I IF, _IF, INSERT, INT, INT_TO_BCD, INT_TO_BOOL, INT_TO_REAL, INT_TO_STRING,INT_TO_TIME

J JMP, JMPC, JMPCN, JMPN, JMPNC

L LD, LDN, LE, LEFT, LEN, LIMIT, LINT, LN, LOG, LREAL, LT, LWORD

M MAX, MID, MIN, MOD, MOVE, MSG, MUL, MUX

N NE, NOT, _NOT

O OF, ON, OPERATE, OR, _OR, OR_MASK, ORN

P PROGRAM, _POP_CSTK, _PUSH_CSTK, _PUSH_PAR

RR, REDGE, READ_ONLY, READ_WRITE, REAL, REAL_TO_BCD, REAL_TO_BOOL, RE-AL_TO_INT, REAL_TO_STRING, REAL_TO_TIME, REDGE, REPEAT, REPLACE, RESSOURCE,RET, _RET, RETAIN, RETC, RETCN, RETN, RETNC, RETURN, RIGHT, ROL, ROR

S

S, SEL, SHL, SHR, SIN, SINT, SQRT, ST, _STEP, STN, STRING, STRING_TO_BCD,STRING_TO_BOOL, STRING_TO_INT, STRING_TO_REAL, STRING_TO_TIME, STRUCT, SUB,SYS_ERR_READ, SYS_ERR_TEST, SYS_INITALL, SYS_INITANA, SYS_INITBOO, SYS_IN-ITTMR, SYS_RESTALL, SYS_RESTANA, SYS_RESTBOO, SYS_RESTTMR, SYS_SAVALL,SYS_SAVANA, SYS_SAVBOO, SYS_SAVTMR, SYS_TALLOWED, SYS_TCURRENT,SYS_TMAXIMUM, SYS_TOVERFLOW, SYS_TRESET, SYS_TWRITE, SYSTEM

T TAN, TASK, THEN, TIME, TIME_OF_DAY, TIME_TO_BCD, TIME_TO_BOOL, TIME_TO_INT,TIME_TO_REAL, TIME_TO_STRING, TMR, TO, TOD, TRUE, TYPE

U UDINT, UINT, ULINT, UNTIL, USINT

V VAR, VAR_ACCESS, VAR_EXTERNAL, VAR_GLOBAL, VAR_IN_OUT, VAR_INPUT, VAR_OUT-PUT

W WHILE, WITH, WORD

X XOR, _XOR, XOR_MASK, XORN

<C1.2 Common specifications > C1-9


C1.3 User-defined functions and functionblocks

ProSafe-RS allows users to define unique FUs and FBs. These FUs and FBs are called"user-defined FUs" and "user-defined FBs" respectively.

n User-defined FUs and FBsProSafe-RS provides standard FUs and FBs such as "AND" and "TON," and users can defineother FUs and FBs in order to write logics used commonly in applications as well.FUs and FBs defined by users are called "user-defined FUs" and "user-defined FBs," respec-tively. User-defined FUs and FBs can be used in any programs, FUs and FBs just like stand-ard FUs and FBs.

SEEALSO For more information about how to create user-defined FUs and FBs, refer to:

“Creating POUs” in “POU (Program Organization Units)” of “Link Architecture View” in the "Workbench"of the Workbench User's Guide

<C1.3 User-defined functions and function blocks > C1-10


C2. Safety functionsThis chapter explains the safety functions implemented in ProSafe-RS.The safety functions are shown as follows.• BOOL-type Multiplexer with 4 Entries (MUXBOOL4)

• BOOL-type Multiplexer with 8 Entries (MUXBOOL8)

• REAL-type Multiplexer with 4 Entries (MUXREAL4)

• REAL-type Multiplexer with 8 Entries (MUXREAL8)

• Scaler (SCALER)

• REAL-type Binary Selector (SEL_R)

• TIME-type Binary Selector (SEL_T)

• Converter (IO_BOOL to Data Value) (IB_TO_V)

• Converter (IO_BOOL to Data Status) (IB_TO_S)

• Converter (IO_REAL to Data Value) (IR_TO_V)

• Converter (IO_REAL to Data Status) (IR_TO_S)

<C2. Safety functions > C2-1


C2.1 MUXBOOL4 (BOOL-type multiplexer with 4entries)

The MUXBOOL4 function is an 4-input multiplexer for BOOL-type data. It selects one valueout of four input values.

SELC IN1 IN2 IN3 IN4

MUXBOOL4

Q

Figure C2.1-1 MUXBOOL4

n Arguments

Table C2.1-1 Arguments of MUXBOOL4IN/OUT Arguments Data type Description

IN SELC DINT Selector value (0 to 3).

IN1 BOOL Input value 1.




OUT Q BOOL Output value= Input value 1 (SELC = 0).= Input value 2 (SELC = 1).= Input value 3 (SELC = 2).= Input value 4 (SELC = 3).= FALSE (SELC is a value other than the above).

n DescriptionThe MUXBOOL4 function is an 4-input multiplexer for BOOL-type data. It selects one valueout of four input values.If a value other than 0 to 3 is specified for SELC, the output value becomes FALSE.

<C2.1 MUXBOOL4 (BOOL-type multiplexer with 4 entries) > C2-2


C2.2 MUXBOOL8 (BOOL-type multiplexer with 8entries)

The MUXBOOL8 function is an 8-input multiplexer for BOOL-type data. It selects one valueout of eight input values.

SELC IN1 IN2 IN3 IN4 IN5 IN6 IN7 IN8

MUXBOOL8

Q

Figure C2.2-1 MUXBOOL8

n Arguments

Table C2.2-1 Arguments of MUXBOOL8IN/OUT Arguments Data type Description




:


OUT Q BOOL Output value= Input value 1 (SELC = 0).= Input value 2 (SELC = 1).:= Input value 8 (SELC = 7).= FALSE (SELC is a value other than the above).

n DescriptionThe MUXBOOL8 function is an 8-input multiplexer for BOOL-type data. It selects one valueout of eight input values.If a value other than 0 to 7 is specified for SELC, the output value becomes FALSE.

<C2.2 MUXBOOL8 (BOOL-type multiplexer with 8 entries) > C2-3


C2.3 MUXREAL4 (REAL-type multiplexer with 4entries)

The MUXREAL4 function is an 4-input multiplexer for real number-type data. It selects onevalue out of four input values.

SELC IN1 IN2 IN3 IN4

MUXREAL4

Q

Figure C2.3-1 MUXREAL4

n Arguments

Table C2.3-1 Arguments of MUXREAL4IN/OUT Arguments Data type Description


IN1 REAL Input value 1.




OUT Q REAL Output value= Input value 1 (SELC = 0).= Input value 2 (SELC = 1).= Input value 3 (SELC = 2).= Input value 4 (SELC = 3).= 0.0 (SELC is a value other than the above).

n DescriptionThe MUXREAL4 function is an 4-input multiplexer for real number-type data. It selects onevalue out of four input values.If a value other than 0 to 3 is specified for SELC, the output value becomes 0.0.

<C2.3 MUXREAL4 (REAL-type multiplexer with 4 entries) > C2-4


C2.4 MUXREAL8 (REAL-type multiplexer with 8entries)

The MUXREAL8 function is an 8-input multiplexer for real number-type data. It selects onevalue out of eight input values.

SELC IN1 IN2 IN3 IN4 IN5 IN6 IN7 IN8

MUXREAL8

Q

Figure C2.4-1 MUXREAL8

n Arguments

Table C2.4-1 Arguments of MUXREAL8IN/OUT Arguments Data type Description




:


OUT Q REAL Output value= Input value 1 (SELC = 0).= Input value 2 (SELC = 1).:= Input value 8 (SELC = 7).= 0.0 (SELC is a value other than the above).

n DescriptionThe MUXREAL8 function is an 8-input multiplexer for real number-type data. It selects onevalue out of eight input values.If a value other than 0 to 7 is specified for SELC, the output value becomes 0.0.

<C2.4 MUXREAL8 (REAL-type multiplexer with 8 entries) > C2-5


C2.5 SCALER (scaler)A SCALER function converts input data (0 to 100%) to the specified scale.

IN

SH SL

SCALER

OUT

Figure C2.5-1 SCALER

n Arguments

Table C2.5-1 Arguments of SCALERIN/OUT Arguments Data type Description

IN IN REAL Input value (a value in the range from 0.0 to 100.0).

SH REAL Scale high limit value (output value when input value = 100[%]).

SL REAL Scale low limit value (output value when input value = 0 [%]).

OUT OUT REAL Output value.

n DescriptionThe SCALER function converts input data (0 to 100%) to the specified scale.The calculation formula of OUT is as follows:

OUT = IN × (SH - SL)

100.0 + SL

Figure C2.5-2 Calculation formula of OUT

n Remarks• The calculation formula of OUT is the same even if SH < SL. In this case, OUT is calcula-

ted as a linear function with a negative gradient.

• Set the SH and SL values such that 32-bit floating point data overflow does not occurwhen calculating the output value of OUT, by taking the possible range of IN data (-25%to 125% in the case of analog input) into consideration.

n ExampleIf IN = 60.0 [%], SH = 2000.0 and SL = 1000.0, OUT = 1600.0.

<C2.5 SCALER (scaler) > C2-6


IN

OUT

0.0 100.0

SL=1000.0

SH=2000.0

IN=60.0

OUT=1600.0

0.0

Figure C2.5-3 Example of SCALER

<C2.5 SCALER (scaler) > C2-7


C2.6 SEL_R (REAL-type binary Selector)The SEL_R function is a real-number type selector. It selects one value out of two input val-ues.

IN2

SEL_R

SELC IN1

Q

Figure C2.6-1 SEL_R

n Arguments

Table C2.6-1 Arguments of SEL_RIN/OUT Arguments Data type Description

IN SELC BOOL Selector value



OUT Q REAL Either IN1 or IN2 is output.Input value 1 is output if SELC is FALSE.Input value 2 is output if SELC is TRUE.

n DescriptionThe SEL_R function is a real-number type selector.It selects and outputs IN1 or IN2 according to the value of SELC.

n RemarksThis system function block can be used in new SCS databases created by SENG of R1.01.30or later.

<C2.6 SEL_R (REAL-type binary Selector) > C2-8


C2.7 SEL_T (TIME-type Binary Selector)The SEL_T function is a TIME type selector. It selects one value out of two input values.

IN2

SELC IN1

Q

SEL_T

Figure C2.7-1 SEL_T

n Arguments

Table C2.7-1 Arguments of SEL_TIN/OUT Arguments Data type Description

IN SELC BOOL Selector value

IN1 TIME Input value 1

IN2 TIME Input value 2

OUT Q TIME Either IN1 or IN2 is output.Input value 1 is output if SELC is FALSE.Input value 2 is output if SELC is TRUE.

n DescriptionThe SEL_T function is a TIME type selector.It selects and outputs IN1 or IN2 according to the value of SELC.

n RemarksThis function can be used in new SCS databases created by SENG of R1.01.30 or later.

<C2.7 SEL_T (TIME-type Binary Selector) > C2-9


C2.8 IB_TO_V (Converter (IO_BOOL to datavalue))

The IB_TO_V function retrieves only data values from IO_BOOL-type input values and out-puts the retrieved values.

IN V IB_TO_V

Figure C2.8-1 IB_TO_V

n Arguments

Table C2.8-1 Arguments of IB_TO_VIN/OUT Arguments Data type Description

IN IN IO_BOOL Input value of IO_BOOL type

OUT V BOOL Data value

n DescriptionThe IB_TO_V function acquires data values from IO_BOOL-type input values and outputs theacquired values.


<C2.8 IB_TO_V (Converter (IO_BOOL to data value)) > C2-10


C2.9 IB_TO_S (Converter (IO_BOOL to datastatus))

The IB_TO_S function retrieves only data status from IO_BOOL-type input values and outputsthe retrieved status.

IN STS IB_TO_S

Figure C2.9-1 IB_TO_S

n Arguments

Table C2.9-1 Arguments of IB_TO_SIN/OUT Arguments Data type Description

IN IN IO_BOOL Input value of IO_BOOL type

OUT STS BOOL Data status

n DescriptionThe IB_TO_S function acquires data status from IO_BOOL-type input values and outputs theacquired status.


<C2.9 IB_TO_S (Converter (IO_BOOL to data status)) > C2-11


C2.10 IR_TO_V (Converter (IO_REAL to datavalue))

The IR_TO_V function retrieves only data values from IO_REAL-type input values and out-puts the retrieved values.

IN V IR_TO_V

Figure C2.10-1 IR_TO_V

n Arguments

Table C2.10-1 Arguments of IR_TO_VIN/OUT Arguments Data type Description

IN IN IO_REAL Input value of IO_REAL type.

OUT V REAL Data value.

n DescriptionThe IR_TO_V function acquires data values from IO_REAL-type input values and outputs theacquired values.


<C2.10 IR_TO_V (Converter (IO_REAL to data value)) > C2-12


C2.11 IR_TO_S (Converter (IO_REAL to datastatus))

The IR_TO_S function retrieves only data status from IO_REAL-type input values and outputsthe retrieved status.

IN STS IR_TO_S

Figure C2.11-1 IR_TO_S

n Arguments

Table C2.11-1 Arguments of IR_TO_SIN/OUT Arguments Data type Description

IN IN IO_REAL Input value of IO_REAL type.

OUT STS BOOL Data status.

n DescriptionThe IR_TO_S function acquires data status from IO_REAL-type input values and outputs theacquired status.


<C2.11 IR_TO_S (Converter (IO_REAL to data status)) > C2-13


C3. Safety function blocksThis chapter explains the safety function blocks implemented in ProSafe-RS. The safety func-tion blocks are shown as follows.• Repeat Timer (REPEATTIMER)

• First-Order Lag Filter (FILTER)

• First-Order Lag Filter with Data Status (FILTER_S)

• 1oo2D Analog Voter (ANLG1OO2D)

• IO_REAL-type Analog Voter (ANLGVOTER)

• IO_BOOL-type BOOL Voter (BOOLVOTER)

• Analog Input Function Blocks with Data Status (ANLG_S)

• Analog Input (ANLGI)

• Velocity Limit Alarm (VEL)

• Count Up Counter (CTU)

• Count Down Counter (CTD)

• Count Up/Down Counter (CTUD)

• Converter (Data Value and Status to IO_BOOL-type Data) (B_TO_IB)

• Converter (Data Value and Status to IO_REAL-type Data) (R_TO_IR)

• First-up Alarm Annunciator (ANN_FUP)

• First-up Alarm Annunciator Reset (FUP_RST)

<C3. Safety function blocks > C3-1


C3.1 REPEATTIMER (Repeat Timer)A REPEATTIMER is a function block of repeat timer.

RUN

STF

ONT

OFFT

REPEATTIMER

Q

Figure C3.1-1 REPEATTIMER

n Arguments

Table C3.1-1 Arguments of REPEATTIMERIN/OUT Arguments Data type Description

IN RUN BOOL Output activation switch.

STF BOOL Start status flag.TRUE: Start from OFF.FALSE: Start from ON.

ONT TIME ON period (a multiple of the scan period).

OFFT TIME OFF period (a multiple of the scan period).

OUT Q BOOL Output value.

n DescriptionThe REPEATTIMER function block executes a repeat timer function.The REPEATTIMER function block outputs ON and OFF alternately as long as the outputstart switch (RUN) is TRUE. It outputs TRUE as the output value (Q) during the period speci-fied by the ON period (ONT) and FALSE during the period specified by the OFF period(OFFT). The repeat interval is the value obtained by adding the ON period and OFF period(ONT + OFFT).If the output start switch (RUN) becomes FALSE, the output value (Q) is set to FALSE.If STF is TRUE, the timer starts from the OFF period. If STF is FALSE, the timer starts fromthe ON period.

<C3.1 REPEATTIMER (Repeat Timer) > C3-2


When ONT = 500 msec, OFFT = 1000 msec and scan period = 500 msec

RUN

Q when STF = TRUE (Start from OFF)

500 msec

Q when STF = FALSE (Start from ON)

Figure C3.1-2 Relationship between the output start switch (RUN) and output value (Q) (ONT andOFFT are integral multiples of the scan period)

n Remarks• The ON and OFF periods must be set to integral multiples of the scan period.

• The output value (Q) is calculated in each scan period and does not change until the nextscan. For this reason, if the ON/OFF period is set to a value that is not a multiple of thescan period, the output value (Q) will switch at intervals different from the specifiedON/OFF time. (Whether the period of Q becomes longer or shorter than the specified val-ue depends on the timing.)

• If either the ON period or OFF period is set to 0, the output does not alternate betweenON and OFF; the default value specified with STF is always output.

• If the ON period is shorter than the scan period, the ON period is rounded up to the scanperiod. The same rule applies to the OFF period as well.

n Specification difference between simulators on PC and actual SCS

l SCS simulation testsThe switching time of on time (ONT) and off time (OFFT) on SCS simulator is different fromactual SCS.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the switching will take a lon-ger time than the indicated parameter.

l Logic simulation testsThe input/output parameters of the REPEATTIMER function block operate in the same way asin the actual SCS.

<C3.1 REPEATTIMER (Repeat Timer) > C3-3


C3.2 FILTER (first-order lag filter)The FILTER_S function block executes a first-order lag filter function.

IN

CFT

FILTER

OUT

Figure C3.2-1 FILTER

n Arguments

Table C3.2-1 Arguments of FILTERIN/OUT Arguments Data type Description

IN IN REAL Input value.

CFT DINT Filter number (0 to 4).


n DescriptionThe FILTER function block executes a first-order lag filter function.The first-order lag filter is used to reduce noise in input signals from the process.The FILTER function block calculates the output according to the following arithmetic expres-sion.Y n =(1 - α)×X + α×Y n-1

αXY nY n-1

: Time constant of filter: Input value: Output value: Previous output value (The default value is 0.0.)

The following five time constant of filter are provided.

Table C3.2-2 Time constant of filterFilter number (CFT) Time constant of filter

0 α = 0.0 (No filtering takes place.)

1 α = 0.368

2 α = 0.5

3 α = 0.75

4 α = 0.875

If the filter number is a value other than the ones listed above, it is treated as filter number 0.

<C3.2 FILTER (first-order lag filter) > C3-4


IN

Time

OUT (α=0.5)

Scan period

Val

ue

Figure C3.2-2 Step response of the first-order lag filter

n RemarksThe time constant of the filter is determined as a combination of the filter number (time con-stant of filter) and the scan period. The larger the time constant of filter, the longer it takes,and the time constant is proportional to the scan period.

α

1 - α (Time constant = × scan period, where α is the filter constant)

Figure C3.2-3 Time constant of filter


l SCS simulation testsSCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the output calculation will bebased on 1 execution per second.

l Logic simulation testsThe input/output parameters of the FILTER function block operate in the same way as in theactual SCS.

<C3.2 FILTER (first-order lag filter) > C3-5


C3.3 FILTER_S (first-order lag filter with datastatus)

The FILTER_S function block executes a first-order lag filter function. The data status of theinput value is set as the data status of the output value as is.

IN

CFT

FILTER_S

OUT

VAL

Figure C3.3-1 FILTER_S

n Arguments

Table C3.3-1 Arguments of FILTER_SIN/OUT Arguments Data type Description

IN IN IO_REAL Input value (with data status).

CFT DINT Filter number (0 to 4).

OUT OUT IO_REAL Output value (with data status).

VAL REAL Output value (data value only).

n DescriptionThe FILTER_S function block executes a first-order lag filter function.The first-order lag filter is used to reduce noise in input signals from the process.The data type of the input value (IN) and output value (OUT) is IO_REAL. The value of thedata status of the input value is set as the data status of the output value as is. VAL is thedata value of OUT.The FILTER_S function block calculates the output according to the following arithmetic ex-pression. The value of status does not affect the output calculation.Y n =(1 - α)×X + α×Y n-1

αXY nY n-1

: Time constant of filter: Input value: Output value: Previous output value (The default value is 0.0.)

Filter constants are specified from five types, according to the filter number. For specificationsoutside of this range, the filter number is treated as 0.

Table C3.3-2 Time constant of filterFilter number (CFT) Time constant of filter

0 α = 0.0 (No filtering takes place.)

1 α = 0.368

2 α = 0.5

3 α = 0.75

4 α = 0.875

<C3.3 FILTER_S (first-order lag filter with data status) > C3-6


IN

Time

OUT (α=0.5)

Scan period

Val

ue

Figure C3.3-2 Step response of the first-order lag filter

n RemarksUse the FILTER function block if the input value is a real number type. The processing is thesame.The time constant of the filter is determined as a combination of the filter number (time con-stant of filter) and the scan period. The larger the time constant of filter, the longer it takes,and the time constant is proportional to the scan period.

α

1 - α (Time constant = × scan period, where α is the filter constant)

Figure C3.3-3 Time constant of filter


l SCS simulation testsSCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the output calculation will bebased on 1 execution per second.

l Logic simulation testsThe input/output parameters of the FILTER_S function block operate in the same way as inthe actual SCS.

<C3.3 FILTER_S (first-order lag filter with data status) > C3-7


C3.4 ANLG1OO2D (1oo2D analog voter)An ANLG1OO2D function block is a 2-input analog voter with diagnostics. It diagnoses thedata status of two input values and determines the output value.

ANLG1OO2D

OUT IN1 IN2 DEL VAL DLT

NR NR1 NR2 DIF

Figure C3.4-1 ANLG1OO2D

n Arguments

Table C3.4-1 Arguments of ANLG1OO2DIN/OUT Argu-

mentsData type Description

IN IN1 IO_REAL Input value 1 (normalized data with data status, 0 to 100% or the physicalquantity).

IN2 IO_REAL Input value 2 (normalized data with data status, 0 to 100% or the physicalquantity).

DEL REAL Allowable range (allowable error). A range of allowable difference betweentwo input values (DEL > 0. Specified as percentage or an physical quantityaccording to the input data).

VAL REAL Fail-safe value. The value output when the input value is erroneous. Speci-fied as percentage or an physical quantity.

DLT TIME Allowable time. The time to wait for the difference between the input valuesto converge to the allowable range (DEL) (an integral multiple of the scanperiod).

OUT OUT REAL Output value (value selected in 1oo2D. Either normalized data (0 to 100 %)or the physical quantity)

NR BOOL Indicates whether or not the input value is normal.TRUE: Normal.FALSE: Abnormal (The fail-safe value is output).

NR1 BOOL Indicates whether or not input value 1 (IN1) is normal.TRUE: Normal.FALSE: The data status is BAD or the difference between the input valuesis larger than the allowable range.

NR2 BOOL Indicates whether or not input value 2 (IN2) is normal.TRUE: Normal.FALSE: The data status is BAD or the difference between the input valuesis larger than the allowable range.

DIF REAL Absolute value of the difference between the two input values.

n DescriptionThe ANLG1OO2D function block is a 2-input analog voter with diagnostics. It receives two in-puts with data status and determines the output value using the voting method of 1oo2D (one-out-of-two with diagnostics). By using the ANLG1OO2D function block, it is possible to detectnot only input module failures, but also input value errors.

TIP In SCS system program releases R3.01 and later, the parameter setting specifications for IN1, IN2, DEL,VAL, and OUT, and the operation specifications in this FB, have been changed.

<C3.4 ANLG1OO2D (1oo2D analog voter) > C3-8


SEEALSO For more information about specifications of each parameter in SCS system program releases earlier than

R3.01, refer to:


l Input• IN1 and IN2 are analog inputs (IO_REAL type) with data status. The ANLG1OO2D func-

tion block examines each data status and the difference between input values IN1 andIN2, and determines the output value (OUT).

• DEL is the range of allowable difference between the two input values (DIF). Since thetwo input values are measurement values of the same target, they are expected to havealmost the same value. If one of the inputs becomes erroneous, the two values have dif-ferent values and an error can be detected. If DEL is set as DEL <= 0%, as long as adifference exists between the two inputs, no matter how small it is, the input signal will betreated as a signal exceeds the deviation limit.

• DLT is a filter value used in ANLG1OO2D function block to allow the difference betweenthe two input values (DIF) that exceeds the deviation limit (DEL) elapse for a specifiedtime. If DLT is set with 0, as soon as one input is different from another input, the fail-safevalue will be output. By setting an appropriate value for DLT, it is possible to avoid theinput of the function block becomes error over the transient noises. If the input of thefunction block becomes error, the fail-safe value will be output.

• VAL is the value output if the ANLG1OO2D function block judges an input error. SpecifyVAL using the same unit that is set in the input value. There is no limit range.

• Match the data units for the data of IN1, IN2 and DEL according to input values. The unitis either % or the engineering unit.

l Output• OUT is the output value created by the ANLG1OO2D function block according to the

1oo2D vote. If the ANLG1OO2D function block considers the input to be normal, the out-put value of either IN1 or IN2 is created. If the ANLG1OO2D function block considers theinput to be abnormal, the fail-safe value (VAL) is used to create the output. The initial val-ue of OUT is IN1.

• NR is the resulting output of the ANLG1OO2D function block's judgment of whether theinputs are normal or abnormal. If the inputs are normal, NR is set to TRUE. If the inputsare judged abnormal, NR is set to FALSE and OUT produces output based on the fail-safe value (VAL).

• NR1 is the resulting output of the ANLG1OO2D function block's judgment of whether theinput value 1 (IN1) is normal or abnormal. If the data status of input value 1 (IN1) isGOOD and the difference between the two input values (DIF) is within the acceptablerange, input value1 (IN1) is considered as normal and NR1 is set to TRUE. If input value1 (IN1) is considered as abnormal, NR1 is set to FALSE.

• NR2 is the resulting output of the ANLG1OO2D function block's judgment of whether in-put value 2 (IN2) is normal or abnormal. The classification of normal or abnormal is thesame as for NR1.

• DIF is the absolute value of the difference between input value 1 (IN1) and input value 2(IN2). The ANLG1OO2D function block calculates the difference between the input valuesregardless of each status of the input values.

l Relationship between inputs and outputsThe ANLG1OO2D function block examines the data status of the inputs and the differencebetween input values IN1 and IN2 to determine the output. The ANLG1OO2D function blockjudges that there is an input error and outputs the fail-safe value (VAL) if the condition where



the difference between the input values (DIF) is larger than the allowable range (DEL) contin-ues for longer than the allowable time (DLT).The table below summarizes the relationship between the inputs and outputs.

Table C3.4-2 Relationship between inputs and outputs of an ANLG1OO2 function blockInputs Outputs

Data status Input value dif-ference

Continued time OUT NR NR1 NR2

GOOD for both inputs DIF <= DEL IN1 or IN2,whichever iscloser to the pre-vious output

TRUE TRUE TRUE

DIF > DEL Continued time <=DLT

IN1 or IN2,whichever iscloser to the pre-vious output

TRUE TRUE TRUE

Continued time >DLT

Fail-safe value FALSE

FALSE

FALSE

GOOD for one input and BAD for the other input(Example: data status of IN1 is BAD, data status of IN2 isGOOD)

Input value withGOOD data sta-tus (IN2 in theexample to theleft)

TRUE FALSE

TRUE

BAD for both inputs Fail-safe value FALSE

FALSE

FALSE

l Operation when inputs are normalIf the data status of both inputs is GOOD and the difference between the input values is withinthe acceptable range, the ANLG1OO2D function block determines that the inputs are normal.Specifically, the inputs are judged to be normal under the following conditions.• IN1.status = IN2.status = TRUE, and

DIF <= DEL

If the inputs are normal, the ANLG1OO2D function block outputs the input value closer to theprevious output value. Since output value (OUT) is normal, NR is set to TRUE. Moreover,since both input values (IN1 and IN2) are normal, both NR1 and NR2 are set to TRUE.

IN1

valu

e

IN2

DIF

DEL

time

NR,NR1,NR2 T F

Output value (OUT)

Figure C3.4-2 Operation when inputs are normal (Normal operation)



l Operation when input data status is BADIf the data status of one input becomes BAD, the ANLG1OO2D function block outputs the val-ue from the other input. In this case, NRn corresponding to the input value whose data statusis BAD (output NR1 if the data status of IN1 is BAD, and NR2 if the data status of IN2 is BAD)becomes FALSE. The output of NRm corresponding to the input value whose data status isGOOD (output NR1 if the data status of IN1 is GOOD, and NR2 if the data status of IN2 isGOOD) and output of NR remain TRUE.If the data status of both inputs becomes BAD, the ANLG1OO2D function block outputs thefail-safe value (VAL). NR, NR1 and NR2 become FALSE.The figure below shows an example of output when the data status of both inputs becomesBAD.

IN1

valu

e

IN2

time

NR T F

Fail-safe value (VAL)

IN1.status

Scan period

IN2.status T F

T F

NR1

NR2

T F

T F

Output value (OUT)

Figure C3.4-3 Operation when input data status is BAD

l Operation when the difference between input values exceeds the allowablerange

If the difference between the input values is greater than the allowable range (DEL), it is likelythat either one of the inputs has become erroneous. In order to avoid cases of temporary er-rors due to noise, etc., however, the ANGL1OO2D function block does not judge an input tobe erroneous until the error status continues for more than the allowable time (DLT).The operation is the same as under normal circumstances until the allowable time (DLT) isexceeded. The input value closer to the previous output value is output and TRUE is outputfor NR, NR1 and NR2.If the status where the absolute value of the difference between the input values exceeds theallowable range (DEL) continues longer than the allowable time (DLT), the ANLG1OO2Dfunction block judges that the inputs have become abnormal and outputs the fail-safe value(VAL). FALSE is output for NR, NR1 and NR2.



Note that when the absolute value of the difference between the input values exceeds the al-lowable range and the data status of the input (IN1 or IN2) becomes BAD, the time period inwhich the input is BAD is not included in the calculation of time where the difference exceedsthe allowable range. If the allowable range is still exceeded when the data status of the input(IN1 or IN2) recovers to GOOD, the elapsed time before the data status became BAD is add-ed to the calculation of time where the difference exceeds the allowable range.

IN1

valu

e

IN2

DIF

DEL

time

NR, NR1,NR2 T F

DLT

Fail-safe value (VAL)

Scan period

Output value (OUT)

Figure C3.4-4 Operation when the difference between input values exceeds the allowable range

n Remarks• Set values such that the input value at error occurrence in each input channel and the

fail-safe value (VAL) of the ANLG1OO2D function block match each other. This should bedone because the ANLG1OO2D function block uses the fail-safe value (VAL) rather thanthe input value at error occurrence set for an input channel if the input channel becomesabnormal.

• Specify an integral multiple of the scan period for the allowable time (DLT). If the specifiedvalue is not an integral multiple of the scan period, the fail-safe value is output after atime equivalent to the first integral multiple of the scan period has passed since DLTelapsed.


l SCS simulation testsThe time-up timing of allowable time (DLT) on SCS simulator and on actual SCS is different.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe input/output parameters of the ANALG1OO2D function block operate in the same way asin the actual SCS.



C3.5 ANLGVOTER (IO_REAL-type analog voter)The ANLGVOTER function block is a 3-input analog voter. It receives three input values withdata status and outputs the medium value of these input values or the fail-safe value.

ANLGVOTER

OUT IN1 IN2 IN3 DEL VAL DLT

NR NR1 DIF1 NR2 DIF2 NR3 DIF3

Figure C3.5-1 ANLGVOTER

n Arguments

Table C3.5-1 Arguments of ANLGVOTERIN/OUT Argu-

ments

Datatype

Description

IN IN1 IO_RE-AL

Input value 1 (normalized data with data status, 0 to 100% or the physical quan-tity).

IN2 IO_RE-AL


IN3 IO_RE-AL


DEL REAL Allowable range (allowable error). Tolerant deviation between an input and themedium value(DEL > 0. Specified as percentage or the physical quantity)

VAL REAL Allowable range (allowable error). Tolerant deviation between an input and Fail-safe value. Specified as percentage or the physical quantity

DLT TIME Allowable time. The time to wait for the difference between the input values toconverge to the allowable range (DEL) (an integral multiple of the scan period).


<C3.5 ANLGVOTER (IO_REAL-type analog voter) > C3-13


Table C3.5-1 Arguments of ANLGVOTER (Table continued)IN/OUT Argu-

ments

Datatype

Description

OUT OUT REAL Output value (medium value selected with 2oo3, normalized data (0 to 100 %) orthe physical quantity).

NR BOOL Indicates whether or not output value is normal.TRUE: Normal.FALSE: Abnormal (The fail-safe value is output).

NR1 BOOL Indicates whether or not input value 1 (IN1) is normal.TRUE: Normal.FALSE: The data status is BAD or the difference between the output value andinput value 1 is larger than the allowable range.

DIF1 REAL Difference between the output value (OUT) and input value 1 (IN1).





n DescriptionThe ANLGVOTER function block is a 3-input analog voter. It receives three inputs with datastatus and determines the medium value to be output using the voting method of 2oo3 (two-out-of-three). By using an ANLGVOTER function block, it is possible to detect input modulefailures.• IN1, IN2 and IN3 are analog inputs (IO_REAL type) with data status.

• DEL is the range of acceptable differences between the median value and each of theinput values. Since the three input values are measurement values of the same target,they are expected to have almost the same value. If one of the inputs becomes errone-ous, a distinctive difference is generated between the input value and the median valueso that an error can be detected. Input n is regarded as normal if the difference betweeninput value INn and the median value is as follows.

• -DEL/2 <= DIFn <= +DEL/2

• DIFn = INn - median value n = 1, 2 or 3

If DEL <= 0%, as long as a difference exists between an input and the median value, nomatter how small it is, the input signal will be treated as a signal that it has exceeded thedeviation limit.

• VAL is the value output if the ANLGVOTER function block judges an input error. SpecifyVAL using the same unit that is set in the input value. There is no limit range.

• DLT is a filter value used in ANLGVOTER function block to allow the deviation exceedsthe deviation limit (DEL) elapse for a specified time. If DLT is set with 0, as soon as thedeviation between an input and the medium value exceeds the deviation limit between aninput and the medium value, the fail-safe value will be output. By setting an appropriatevalue for DLT, it is possible to avoid the input of the function block becomes error over thetransient noises.

• Match the data units for the data of IN1, IN2, IN3 and DEL according to input values. Theunit is either % or the engineering unit.



TIP In SCS system program releases R3.01 and later, the parameter setting specifications for IN1, IN2, IN3, DEL,VAL, and OUT and the operation specifications for this FB, have been changed.


R3.01, refer to:


l Relationship between inputs and outputsThe ANLGVOTER function block examines the data status of the input values and the differ-ence between the median value and the input values (IN1, IN2 and IN3) to determine the out-put value (OUT). The ANLGVOTER function block judges an input error and outputs the fail-safe value (VAL) rather than the input value if the condition where the difference between themedian value and each of the input values is larger than the allowable range continues longerthan the allowable time (DLT).The table below summarizes the relationship between the inputs and outputs.

Table C3.5-2 Relationship between inputs and outputs of an ANLGVOTER function blockInputs Outputs

Data status Input value differ-ence

Continuedtime OUT NR NR1 NR2,

NR3GOOD for all in-puts

All inputs are within the range-DEL / 2 <= DIFn <= +DEL / 2n = 1, 2, 3

The median value ofIN1, IN2 and IN3

TRUE TRUE TRUE

Only one input isoutside the range(Example: IN1 is out-side the range)

Continuedtime <= DLT

The median value ofIN1, IN2 and IN3 (*1)

TRUE TRUE TRUE

Continuedtime > DLT

The median value ofIN1, IN2 and IN3 (*1)

TRUE FALSE TRUE

Two inputs are out-side the range


The median value ofIN1, IN2 and IN3

TRUE TRUE TRUE

Continuedtime > DLT

Fail-safe value (VAL) FALSE FALSE FALSE

One input isBAD and two in-puts are GOOD(Example:IN1 is BAD andIN2 and In3 areGOOD)

The difference between the inputswhose data status is GOOD is withinthe range.In the example to the left, |IN2 - IN3|<= DEL

The median value ofthe fail-safe value, IN2and IN3.(*2)

TRUE FALSE TRUE

The difference be-tween the inputswhose data status isGOOD is outside therange.


The median value ofthe fail-safe value, IN2and IN3.(*2)

TRUE FALSE TRUE

Continuedtime > DLT

Fail-safe value (VAL) FALSE FALSE FALSE

BAD for two or more inputs Fail-safe value (VAL) FALSE FALSE(*3)

FALSE(*3)

*1: When only IN1 is outside of the range, IN1 is unable to be the median value and consequently either IN2 or IN3 is output.*2: When the high limit or the low limit of the input range is specified as a fail-safe value, either IN2 or IN3 is output consequently.*3: If the data status is GOOD only for one input, it is not possible to judge that the data value is correct; FALSE is output for

NR1, NR2 and NR3.

l Operation when inputs are normalIf the data status of all the inputs is GOOD and the difference among the input values is withinthe allowable range, the ANLGVOTER function block judges that the inputs are normal. Spe-cifically, the inputs are judged to be normal under the following conditions.• IN1.status = IN2.status = IN3.status = TRUE, and



-DEL / 2 <= DIFn <= DEL / 2 n = 1, 2, 3

If the inputs are normal, the ANLGVOTER function block selects the medium value of thethree input values and calculates the difference between the medium value and each of theinput values (DIFn n = 1, 2 and 3). Since all DIFn values are within the allowable range (-DEL / 2 <= DIFn <= +DEL / 2), all the input values are judged normal and the medium value isselected as the output value (OUT). Since the normal output value (OUT) is output, NR is setto TRUE. Moreover, since all the inputs are normal, NR1, NR2 and NR3 are set to TRUE.Example:

If IN1 = 10.0, IN2 = 12.0, IN3 = 13.0, and DEL = 6.0, the medium value becomes 12.0(value of IN2). The difference from the medium value is: DIF1 = -2.0, DIF2 = 0.0 andDIF3 = 1.0. Since -DEL / 2 <= DIF1 <= +DEL / 2, IN1 is regarded as normal. Similarly,IN2 and IN3 are also regarded as normal. The ANLGVOTER function block judges allthe inputs as normal, and outputs OUT = 12.0, NR = TRUE, NR1 = TRUE, NR 2 =TRUE and NR3 = TRUE.

IN1

valu

e

IN2

DIF1

+DEL/2

time

NR,NR1,NR2,NR3 T F

IN3

DIF2 DIF3

0

-DEL/2

Output value (OUT)

Figure C3.5-2 Operation when inputs are normal (Normal operation)

l Operation when input data status is BADInput errors that can be detected by sensors and input modules are notified as BAD data sta-tus of an input value. The ANLGVOTER function block uses the fail-safe value, rather thaninput value, for such input, because erroneous input is clear.If the data status of one input becomes BAD, the ANLGVOTER function block examines thedifference between the two input values whose data status is GOOD and performs followingactions.• If the difference is within the allowable range, the median value of the two input values in

GOOD state and fail-safe value is output.

• If the difference exceeds the allowable range and duration of the state is within the allow-able time, the median value of the two input values in GOOD state and the fail-safe valueis output.

• If the difference exceeds the allowable range for longer than the allowable period, the fail-safe value is output.

If the difference between the input values whose data status is GOOD is within the allowablerange, the output value is normal, thus NR becomes TRUE. NRn corresponding to the abnor-mal input value becomes FALSE and NRm corresponding to the two normal input values be-come TRUE n, m = 1, 2 or 3.



If the status where the difference between the input values whose data status is GOOD ex-ceeds the allowable range (|difference between GOOD input values| > DEL) continues longerthan the allowable time (DLT), the ANLGVOTER function block judges that the inputs havebecome abnormal and outputs the fail-safe value (VAL). FALSE is output for NR and NRn n =1, 2 and 3.If the data status of two or more inputs is BAD, the ANLGVOTER function block judges that anormal value cannot be output and outputs the fail-safe value (VAL).Since the output value is abnormal, NR becomes FALSE. Moreover, all NRn becomes FALSEn = 1, 2 and 3.

IN1

valu

e

IN2

time

IN3.status and NR3 are omitted.

NR T F

VAL

IN1.status

IN2.status T F

T F

NR1

NR2

T F

T F

IN3

Output value (OUT)

Figure C3.5-3 Operation when input data status is BAD

l Operation when the difference between input values exceeds the allowablerange

If there is a significant difference among the input values, it is likely that one of the inputs hasbecome erroneous. In order to avoid cases of temporary errors due to noise, etc., however,the ANLGVOTER function block does not judge an input to be erroneous until the error statuscontinues for more than the allowable time (DLT).If the status where the difference between only one input value and the medium value (DIFn)exceeds the allowable range (|DIFn| > DEL / 2) continues longer than the allowable time(DLT), the ANLGVOTER function block judges that only the input value in question is errone-ous and outputs the medium value.NRn corresponding to the input value (INn) that is significantly different from the medium val-ue becomes FALSE. Since the output and other input values are normal, NR and NRm be-come TRUE n, m = 1, 2, 3 and n ≠ m.If the status where the difference between the medium value and two out of the three inputvalues (DIFn) n = 1, 2, or 3 exceeds the allowable range (|DIFn| > DEL / 2) continues longerthan the allowable time (DLT), the ANLGVOTER function block outputs the fail-safe value(VAL) n = 1, 2 or 3.



Since the output and all input values are abnormal, NR, NR1, NR2 and NR3 become FALSE.Note that when the difference between the input values and the medium value (DIFn) ex-ceeds the allowable range and the data status of the input values (INn) becomes BAD, thetime period in which the input is BAD is not included in the calculation of time where the differ-ence exceeds the allowable range. If the allowable range is still exceeded when the data sta-tus of the input (INn) recovers to GOOD, the elapsed time before the data status becameBAD is added to the calculation of time where the difference exceeds the allowable range.

IN1 IN2

DIF1 +DEL/2

v a l u

e

time

NR, NR1,NR2 T F

IN3

DIF2 DIF3

0

-DEL/2

VAL

DLT

DLT

NR3 T F

Output value (OUT)

Figure C3.5-4 Operation when the difference between input values exceeds the allowable range

n Remarks• Set values such that the input value at error occurrence in each input channel and the

fail-safe value (VAL) of the ANLGVOTER function block match each other. This should bedone because the ANLGVOTER function block uses VAL rather than the input value aterror occurrence set for an input channel if the input channel becomes abnormal.

• Specify an integral multiple of the scan period for the allowable time (DLT). If the specifiedvalue is not an integral multiple of the scan period, the fail-safe value is output after atime equivalent to the first integral multiple of the scan period has passed since DLTelapsed.


l SCS simulation testsThe time-up timing of allowable time (DLT) on SCS simulator and on actual SCS is different.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.



l Logic simulation testsThe input/output parameters of the ANLGVOTER function block operate in the same way asin the actual SCS.



C3.6 BOOLVOTER (IO_BOOL-type BOOL voter)The BOOLVOTER function block is a 3-input BOOL voter. It receives three input values withdata status and outputs a value selected from these input values or the fail-safe value.

BOOLVOTER Q IN1

IN2 IN3 VAL

NR NR1 NR2 NR3

Figure C3.6-1 BOOLVOTER

n Arguments

Table C3.6-1 Arguments of BOOLVOTERIN/OUT Argu-

ments

Data type Description

IN IN1 IO_BOOL Input value 1 (with data status).

IN2 IO_BOOL Input value 2 (with data status).

IN3 IO_BOOL Input value 3 (with data status).

VAL BOOL Fail-safe value. The value output in case the data status of input value is notGOOD.

OUT Q BOOL Output value (value selected with 2oo3).

NR BOOL Indicates whether or not output value is normal.TRUE: Normal.FALSE: Abnormal (The fail-safe value is output).

NR1 BOOL Indicates whether or not input value 1 (IN1) is normal.TRUE: Normal.FALSE: The data status is BAD or the data value is different from the otherinput values.



n DescriptionThe BOOLVOTER function block is a 3-input BOOL voter. It receives three input values withdata status and outputs one value selected as the value of at least two out of the three inputs(two-out-of three: 2oo3) via the output (Q). By using the BOOLVOTER function block, it ispossible to detect not only input module failures, but also errors in input values INn n = 1, 2or 3 received from sensors.• IN1, IN2 and IN3 are Boolean inputs (IO_BOOL type) with data status.

• If the status of input INn is BAD, NRn is set to FALSE.

• The data status of an input signal is determined by the input modules under normal cir-cumstances. The BAD data status indicates that an input processing error was detectedin the input module.

<C3.6 BOOLVOTER (IO_BOOL-type BOOL voter) > C3-20


• If the data status of all the inputs is GOOD and all the input values are the same, the out-put is the same value as the inputs. NR and all NRn become TRUE. This is the normalstatus n = 1, 2 and 3.

• If the data status of two inputs is GOOD and their input values are the same, that value isoutput. NR and NRn of the inputs whose data status is GOOD become TRUE. NRm ofthe input whose data status is BAD becomes FALSE n, m = 1, 2 or 3.

• If the data status of two inputs is GOOD but the inputs have different values, the VAL val-ue is output from Q. NR and all NRn become FALSE n = 1, 2 and 3.

• If the data status of two or more inputs is BAD, the VAL value is output from Q. NR and allNRn become FALSE n = 1, 2 and 3.

l Relationship between inputs and outputsThe BOOLVOTER function block examines the data status of the input values and the differ-ence between the input values to determine the output. The table below summarizes the rela-tionship between the inputs and outputs.

Table C3.6-2 Relationship between inputs and outputs of BOOLVOTER function blockInputs Outputs

Data status Input value difference Q NR NR1 NR2, NR3GOOD for all inputs All inputs have the same val-

ue(IN1 = IN2 = IN3).

The value of IN1,IN2 and IN3

TRUE

TRUE

TRUE

One of the inputs has a dif-ferent value than the othertwo(IN1 ≠ IN2, IN3).

The value of IN2and IN3

TRUE

FALSE

TRUE

BAD for one input andGOOD for the other inputs(Example: IN1 is BAD, IN2and In3 are GOOD)

Inputs whose data status isGOOD have the same value(IN2 = IN3).

The value of IN2and IN3

TRUE

FALSE

TRUE

Inputs whose data status isGOOD have different values(IN2 ≠ IN3).

Fail-safe value(VAL)

FALSE

FALSE

FALSE

BAD for two or more inputs Fail-safe value(VAL)

FALSE

FALSE

FALSE

n RemarksSet values such that the input value at error occurrence in each input channel and the fail-safe value (VAL) of the BOOLVOTER function block match each other. This should be donebecause the BOOLVOTER function block uses VAL rather than the input value at error occur-rence set for an input channel if the input channel becomes abnormal.


l SCS simulation testsThe input/output parameters of the BOOLVOTER function block operate in the same way asin the actual SCS.

l Logic simulation testsThe input/output parameters of the BOOLVOTER function block operate in the same way asin the actual SCS.

<C3.6 BOOLVOTER (IO_BOOL-type BOOL voter) > C3-21


C3.7 ANLG_S (analog input function block withdata status)

The ANLG_S function block converts the scale of the analog input (IN), and then outputs theconverted analog output (OUT) and data status (STS) corresponding to the analog input (IN).

IN SH SL HH PH PL LL HYS TRDT PADT SOER ID

ANLG_S

OUT STS

NHTR NHHH NLLL NLTR

Figure C3.7-1 ANLG_S

n Arguments

Table C3.7-1 Arguments of ANLG_SIN/OUT Argu-


IN IN IO_REAL Analog input (data value: normalized data (0 to 100 %) or the physical quan-tity)

SH REAL Scale high limit (physical quantity). (*1)

SL REAL Scale low limit (physical quantity).(*1)

HH REAL Setting level of High trip (physical quantity).

PH REAL Setting level of High pre-alarm (physical quantity).

PL REAL Setting level of Low pre-alarm (physical quantity).

LL REAL Setting level of Low trip (physical quantity).

HYS REAL Hysteresis (HYS >= 0. Specified as percentage or the physical quantity). IfHYS is set as HYS < 0, it acts as HYS = 0.

TRDT TIME The minimum time period treated as trip occurrence (Must be an integermultiple of the scan period).If a trip event continues for the time period specified here, the trip "Occurred"is stored in NHTR and NLTR.

PADT TIME The minimum time period treated as pre-alarm occurrence (Must be an inte-ger multiple of the scan period).If a pre-alarm event continues for the time period specified here, the trip "Oc-curred" is stored in NHHH and NLLL.

SOER

BOOL SOER Specification.

ID STRING Character string of up to 32 single-byte or 16 double-byte characters speci-fied for SOER.


<C3.7 ANLG_S (analog input function block with data status) > C3-22


Table C3.7-1 Arguments of ANLG_S (Table continued)IN/OUT Argu-


OUT OUT REAL Analog output

STS BOOL Data status (data status of IN).TRUE: GOOD.FALSE: BAD.

NHTR BOOL High trip occurrence flag.TRUE: Normal.FALSE: Occurred.

NHHH

BOOL High pre-alarm occurrence flag.TRUE: Normal.FALSE: Occurred.

NLLL BOOL Low pre-alarm occurrence flag.TRUE: Normal.FALSE: Occurred.

NLTR BOOL Low trip occurrence flag.TRUE: Normal.FALSE: Occurred.

*1: When inputting physical quantity in IN, input 100.0 in SH and 0.0 in SL.

n DescriptionThe ANLG_S function block converts the scale of the analog input (IN) by applying SH or SL,and then outputs the analog output (OUT) and data status (STS) of analog input (IN). It com-pares this output value (OUT) with four types of threshold values (HH, PH, PL and LL) andoutputs an alarm status (NHTR, NHHH, NLLL or NLTR). Each alarm condition is only set ashaving occurred (FALSE) if the alarm condition continues for a specified period of time (TRDTor PADT) or longer. If TRUE is specified for SOER, an SOE event is generated when a trip/pre-alarm occurs or the system recovers from it.Match the data units for the data of IN and HYS according to input values. The unit is either %or the engineering unit.It can be referenced using a tag name from CENTUM by defining the tag name for the in-stance of the ANLG_S function block. If the data status (STS) becomes FALSE (BAD), anIOP process alarm is generated, which can be confirmed on an HIS.

TIP In SCS system program releases R3.01 and later, the parameter setting specifications for IN1 and HYS, andthe operation specifications in this FB, have been changed.


R3.01, refer to:


l Scale conversionWhen inputting 0.0 to 100% normalized data in IN, the ANLG_S function block uses scalehigh limit (SH) and scale low limit (SL) to convert IN into physical units, and outputs this valueas OUT.

OUT = IN.v x (SH - SL)

100.0 + SL

Figure C3.7-2 ANLG_S analog output (OUT)

When inputting physical quantity in IN, input 100.0 in SH and 0.0 in SL. Values input from INare output from OUT without being affected by scale conversion.



l Output of data status of IN and process alarm notificationThe ANLG_S function block outputs the data status of IN (IN.status) as is as STS. If IN.statusbecomes BAD, STS changes from TRUE to FALSE and an IOP (input open) process alarm isgenerated. Conversely, if STS changes from FALSE to TRUE, an IOP recovery process alarmis generated. Process alarms can be confirmed on an HIS.

l Trip level checkThe ANLG_S function block monitors the condition where OUT is greater than the HI trip set-ting level (HH). If this condition continues for the time period treated as trip occurrence(TRDT) or longer, it sets the HI trip occurrence flag (NHTR) to FALSE. The function block alsomonitors the condition where OUT is smaller than the LO trip setting level (LL). If this condi-tion continues for the time period specified by TRDT or longer, it sets the LO trip occurrenceflag (NLTR) to FALSE.The ANLG_S function block sets NHTR to TRUE if OUT becomes equal to or smaller than theHI trip detection value obtained by subtracting the hysteresis value during a HI trip occur-rence. Similarly, it sets NLTR to TRUE if OUT becomes equal to or greater than the LO tripdetection value obtained by subtracting the hysteresis value during a LO trip occurrence.The table below shows the conditions for the NHTR and NLTR values to change values.

Table C3.7-2 Relationship between OUT and NHTR/NLTRArguments Condition Value

NHTR The condition of OUT > HH continues for the time period speci-fied by TRDT or longer

FALSE

OUT <= HH - HYS x (SH - SL) / 100.0 TRUE

Other Retention of previ-ous value

NLTR The condition OUT < LL continues for the time period specifiedby TRDT or longer

FALSE

OUT >= LL + HYS x (SH - SL) / 100.0 TRUE

Other Retention of previ-ous value

• TRDT (minimum time period treated as trip occurrence) is applied only at trip occurrence.HYS (hysteresis) is applied at recovery from a trip.

• If it is desired to set NHTR to TRUE (Normal) at all times, set HH greater than the maxi-mum value the OUT value can take.

• If it is desired to set NLTR to TRUE (Normal) at all times, set LL smaller than the mini-mum value the OUT value can take.

• Trip chattering that might occur in the following circumstances can be prevented by set-ting the hysteresis value (HYS).

• When zero (0) is set to TRDT.

• When a value other than zero (0) is set for TRDT but trip chattering occurs if the inputvalue fluctuates around the trip level.

When handling normalized data (0 to 100%), specify the hysteresis value (HYS) by usinga percentage of its ratio to the scale. The recommended value is 2.0 %.When handling data other than normalized data, specify the hysteresis value (HYS) byusing a physical quantity. The recommended value is the value equivalent to 2.0% of thescale of the physical quantity that is input to the IN terminal.



LL

TRDT

TRDT

HH

OUT

time

NLTR

NHTR F

T

T

F

HYS × (SH - SL) 100.0

HYS × (SH - SL) 100.0

Figure C3.7-3 Relationship between OUT and trip level check

l Pre-alarm level checkThe ANLG_S function block monitors the condition where OUT is greater than the HI pre-alarm setting level (PH). If this condition continues for the time period treated as pre-alarm oc-currence (PADT) or longer, it sets the HI pre-alarm occurrence flag (NHHH) to FALSE. Thefunction block also monitors the condition where OUT is smaller than the LO pre-alarm settinglevel (PL). If this condition continues for the time period specified by PADT or longer, it setsthe LO pre-alarm occurrence flag (NLLL) to FALSE.The ANLG_S function block sets NHHH to TRUE if OUT becomes equal to or smaller thanthe HI pre-alarm detection value obtained by subtracting the hysteresis value during a HI pre-alarm occurrence. Similarly, it sets NLLL to TRUE if OUT becomes equal to or greater thanthe LO pre-alarm detection value obtained by subtracting the hysteresis value during a LOpre-alarm occurrence.The table below shows the conditions for NHHH and NLLL values to change.

Table C3.7-3 Relationship between OUT and NHHH/NLLLArguments Condition Value

NHHH The condition of OUT > PH continues for the time period specified byPADT or longer

FALSE

OUT <= PH - HYS x (SH - SL)/100.0 TRUE

Other Retention ofprevious value




Table C3.7-3 Relationship between OUT and NHHH/NLLL (Table continued)Arguments Condition Value

NLLL The condition of OUT < PL continues for the time period specified byPADT or longer

FALSE

OUT >= PL + HYS x (SH - SL)/100.0 TRUE

Other Retention ofprevious value

• PADT (minimum time period treated as pre-alarm occurrence) is applied only at pre-alarmoccurrence. HYS (hysteresis) is applied at recovery from an pre-alarm.

• If it is desired to set NHHH to TRUE (Normal) at all times, set PH greater than the maxi-mum value the OUT value can take.

• If it is desired to set NLLL to TRUE (Normal) at all times, set PL smaller than the mini-mum value the OUT value can take.

PL

PADT

PADT

PH

OUT

time

NLLL

NHHH F T

T F

HYS × (SH - SL) 100.0

HYS × (SH - SL) 100.0

Figure C3.7-4 Relationship between OUT and pre-alarm level check

l SOER specificationIf the argument SOER (SOER setting) is set to TRUE, the ANLG_S function block generatesan event at the timing of alarm (HI/LO pre-alarm or trip) occurrence and recovery. The type ofgenerated event can be identified in the Message column of SOE Viewer.

Table C3.7-4 SOE events generated by ANLG_SEvent generation timing ID Message

NHTR value changes from TRUE to FALSE EVT_FALSE HTPn

NHTR value changes from FALSE to TRUE EVT_TRUE




Table C3.7-4 SOE events generated by ANLG_S (Table continued)Event generation timing ID Message

NHHH value changes from TRUE to FALSE EVT_FALSE HHHn

NHHH value changes from FALSE to TRUE EVT_TRUE

NLLL value changes from TRUE to FALSE EVT_FALSE LLLn

NLLL value changes from FALSE to TRUE EVT_TRUE

NLTR value changes from TRUE to FALSE EVT_FALSE LTPn

NLTR value changes from FALSE to TRUE EVT_TRUE

• The character string specified in the ID input parameter is attached to these SOE events.The character string information is displayed in the Reference column of SOE Viewer.

• The STS output parameter (data status of IN) cannot be specified as SOE event. There isno SOE event related to generation of IOP (input open).

l CENTUM integration functionA mapping block of the ANLG_S function block (S_ANLG_S) is created by defining the tagname in Tag Name Builder of the SENG. This allows referencing the function block using thetag name from CENTUM. The following process alarms can be confirmed in the HIS.• Generation of / recovery from IOP (input open)

• Generation of / recovery from HI and LO pre-alarms, HI and LO trips

The table below shows process alarm notifications at generation of/recovery from HI and LOpre-alarms and HI and LO trips.

Table C3.7-5 Process alarms at generation of HI and LO pre-alarms and tripsEvent generation timing Process alarm

NHTR value changes from TRUE to FALSE HTRP generation

NHTR value changes from FALSE to TRUE HTRP recovery

NHHH value changes from TRUE to FALSE HHH generation

NHHH value changes from FALSE to TRUE HHH recovery

NLLL value changes from TRUE to FALSE LLL generation

NLLL value changes from FALSE to TRUE LLL recovery

NLTR value changes from TRUE to FALSE LTRP generation

NLTR value changes from FALSE to TRUE LTRP recovery

IMPORTANTAs shown in above table, in ANLG_S, the parameter names indicating conditions of alarm oc-currence and character strings in process alarms indicating generation of / recovery from HIand LO pre-alarms and trips are different.

SEEALSO For more information about the specification of mapping blocks, refer to:

“n Data items of mapping blocks associated with analog input function blocks with data status(ANLG_S)” on page D2-12



n Remarks• Since the ANLG_S function block performs scale conversion, there is no need to connect

a SCALER function before ANLG_S.

• To filter an analog input, connect a FILTER or FILTER_S function block before ANLG_S.

• This function block can be used in new SCS databases created by SENG of R1.02.00 orlater.

n ExampleSEEALSO For more information about examples of applications of the ANLG_S function block, refer to:

3.3.1, “Use of Analog Input Value” in Engineering Guide (IM 32Q01C10-31E)


l SCS simulation testsThe trip occurrence time (TRDT) and alarm occurrence time (PADT) on SCS simulator and onactual SCS are different.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe input/output parameters of the ANLG_S function block operate in the same way as in theactual SCS.The CENTUM integration function and SOER function become invalid, however. Data refer-ence using tag names from CENTUM and notification of process alarms are not performed.



C3.8 ANLGI (analog input)The ANLGI function block converts the scale of the input value (IN) and calculates the outputvalue (OUT).Since the ANLG_S function block consists of the feature of this function block and other capa-bilities such as outputting data status, it is recommended to use ANLG_S instead of this func-tion block.

IN SH SL HH PH PL LL HYS SOER ID

ANLGI

OUT HTRP

HHH LLL

LTRP

Figure C3.8-1 ANLGI

n Arguments

Table C3.8-1 Arguments of ANLGIIN/OUT Argu-


IN IN REAL Input value (either normalized data (0 to 100 %) or physical quantity)

SH REAL Scale high limit (physical quantity)(*1)

SL REAL Scale low limit (physical quantity)(*1)

HH REAL Setting level of High trip (physical quantity).

PH REAL Setting level of High pre-alarm (physical quantity).

PL REAL Setting level of Low pre-alarm (physical quantity).

LL REAL Setting level of Low trip (physical quantity).

HYS REAL Hysteresis (HYS >= 0. Specified as percentage or a physical quantity).If HYS is set as HYS < 0, it acts as HYS = 0.

SOER BOOL SOER Specification.

ID STRING Character string of up to 32 single-byte or 16 double-byte charactersspecified for SOER.

OUT OUT REAL Output value (value after scale conversion).

HTRP BOOL High trip occurrence flag.TRUE: Occurring.FALSE: Not occurred.

HHH BOOL High pre-alarm occurrence flag.TRUE: Occurring.FALSE: Not occurred.

LLL BOOL Low pre-alarm occurrence flag.TRUE: Occurring.FALSE: Not occurred.

LTRP BOOL Low trip occurrence flag.TRUE: Occurring.FALSE: Not occurred.

<C3.8 ANLGI (analog input) > C3-29


*1: When inputting physical quantity in IN, input 100.0 in SH and 0.0 in SL. Values input from IN are output from OUT withoutbeing affected by scale conversion.

n DescriptionThe ANLGI function block converts the scale of the input value (IN) by applying SH or SL, andthen calculates the output value (OUT). It compares this output value with four types ofthreshold values (HH, PH, PL and LL) and outputs an alarm status (HTRP, HHH, LLL orLTRP). An SOE event can be generated by an alarm occurrence. Match the data units for thedata of IN and HYS according to input values. The unit is either % or the engineering unit.Moreover, it can be referenced using a mapping block from CENTUM by defining a tag namefor the instance in question.

TIP In SCS system program releases R3.01 and later, the parameter setting specifications for IN and HYS andthe operation specifications in this FB have been changed.


R3.01, refer to:


l Scale conversion functionWhen inputting 0.0 to 100.0 % normalized data in IN, the ANLGI function block uses scalehigh limit (SH) and scale low limit (SL) to convert IN into physical units, and outputs this valueas OUT.

OUT = IN × (SH - SL)

100.0 + SL

Figure C3.8-2 Scale conversion formula

When inputting physical quantity in IN, input 100.0 in SH and 0.0 in SL. Values input from INare output from OUT without being affected by scale conversion.

l Trip level checkIf the output value (OUT) is greater than the trip setting level on the HI side (HH), the ANLGIfunction block outputs TRUE for the trip occurrence status on the HI side (HTRP). If the outputvalue (OUT) is smaller than the trip setting level on the LO side (LL), the ANLGI function blockoutputs TRUE for the trip occurrence status on the LO side (LTRP).If the output value becomes smaller than the value obtained by subtracting the hysteresis val-ue (HYS) from the trip setting level on the HI side (HH) while tripping is detected on the HIside, the ANLGI function block outputs FALSE for HTRP. If the output value becomes greaterthan the value obtained by adding the setting level on the LO side (LL) and the hysteresis val-ue (HYS) while tripping is detected on the LO side, the ANLGI function block outputs FALSEfor LTRP.

Table C3.8-2 Relationship between OUT and trip level checkArguments Condition Value

HTRP OUT > HH TRUE

OUT <= HH - HYS x ( SH - SL ) / 100.0 FALSE

Other hold

LTRP OUT < LL TRUE

OUT >= LL + HYS x ( SH - SL ) / 100.0 FALSE

Other hold



If it is desired to set HTRP to FALSE at all times, set HH greater than the maximum value theOUT value can take.If it is desired to set LTRP to FALSE at all times, set LL smaller than the minimum value theOUT value can take.To prevent the chattering of the trip which is caused by the input value fluctuation around thetrip detection level, specify the hysteresis value (HYS). Specify it as a percentage of thescale. The recommended value is 2.0%.

LL

HH

OUT

time

LTRP

HTRP F

T

T

F

HYS×(SH-SL) 100.0

HYS×(SH-SL) 100.0

Figure C3.8-3 Relationship between OUT and trip level check

l Pre-alarm level checkIf the output value (OUT) is greater than the pre-alarm setting level on the HI side (PH), TRUEis output for the pre-alarm occurrence status on the HI side (HHH). If the output value (OUT)is smaller than the pre-alarm setting level on the LO side (PL), TRUE is output as the pre-alarm occurrence status on the LO side (LLL).If the output value becomes smaller than the value obtained by subtracting the hysteresis val-ue (HYS) from the pre-alarm setting level on the HI side (PH) while pre-alarm is detected onthe HI side, the ANLGI function block outputs FALSE for HHH. If the output value becomesgreater than the value obtained by adding the pre-alarm setting level on the LO side (PL) andthe hysteresis value (HYS) while pre-alarm is detected on the LO side, the ANLGI functionblock outputs FALSE for LLL.

Table C3.8-3 Relationship between OUT and pre-alarm level checkArguments Condition Value

HHH OUT > PH TRUE

OUT <= PH - HYS x (SH - SL) / 100.0 FALSE

Other hold




Table C3.8-3 Relationship between OUT and pre-alarm level check (Table continued)Arguments Condition Value

LLL OUT < PL TRUE

OUT >= PL + HYS x (SH - SL) / 100.0 FALSE

Other hold

If it is desired to set HHH to FALSE at all times, set PH greater than the maximum value theOUT value can take.If it is desired to set LLL to FALSE at all times, set PL smaller than the minimum value theOUT value can take.

OUT

time

F

T

T F

PL

PH

LLL

HHH

HYS × (SH - SL) 100.0

HYS × (SH - SL) 100.0

Figure C3.8-4 Relationship between OUT and pre-alarm level check

l SOER specificationIf the SOER specification input parameter is set to TRUE, the ANLGI function block generatesan event at the timing of alarm (pre-alarm or trip) occurrence and recovery. The characterstring specified in the ID setting is attached to SOER events generated by the ANLGI functionblock.

l CENTUM integration functionA mapping block of the ANLGI function block (S_ANLGI) is created by defining the tag namein Tag Name Builder of the SENG. This allows referencing the block data using the tag namefrom the HIS of CS 3000. Moreover, each alarm is notified to the HIS and displayed as a proc-ess alarm.

SEEALSO For more information about the mapping blocks, refer to:

“n Data items of mapping blocks associated with analog input function blocks (ANLGI)” on page D2-14



n RemarksSince the ANLGI function block performs scale conversion, there is no need to connect aSCALER function before ANLGI.To filter an analog input, connect a FILTER or FILTER_S function block before ANLGI.


l SCS simulation testsThe input/output parameters of the ANLGI function block operate in the same way as in theactual SCS.

l Logic simulation testsThe input/output parameters of the ANLGI function block operate in the same way as in theactual SCS.The CENTUM integration function and SOER function become invalid, however. Data refer-ence using tag names from CENTUM and notification of process alarms are not performed.



C3.9 VEL (velocity limit alarm)The VEL function block monitors the rate of change of the input value and judges whether ornot the specified rate of change is exceeded.

VEL

OUT IN

VL

HYS

CT

VELP

VELM

Figure C3.9-1 VEL

n Arguments

Table C3.9-1 Arguments of VELIN/OUT Argu-


IN IN REAL Input value (normalized data (0 to 100 %) or the physical quantity)

VL REAL Velocity limit alarm setting level (VL > 0. Specified as percentage orthe physical quantity).

HYS REAL Hysteresis (HYS ≥ 0. Specified as percentage or the physical quanti-ty)If HYS is set as HYS < 0, it acts as HYS = 0.

CT TIME Sampling interval.


VELP BOOL VEL + alarm occurrence flag.TRUE: Occurring.FALSE: Not occurred.

VELM BOOL VEL - alarm occurrence flag.TRUE: Occurring.FALSE: Not occurred.

n DescriptionThe VEL function block monitors the rate of change of the input value and judges whether ornot the specified rate of change is exceeded. Moreover, it can be referenced using a mappingblock from CENTUM by defining a tag name for the instance in question.The VEL function block monitors the input value (IN) at the sampling intervals (CT) and judg-es that the rate of change is exceeded if the absolute value of the amount of input change(∆IN) exceeds the velocity limit alarm setting level (VL). If VL is set as VL <= 0%, as long as avelocity exists, no matter how small it is, the input signal will be treated as a signal exceedsthe velocity limit. If ∆IN > VL, the VEL function block outputs TRUE for the VEL + alarm occur-rence status (VELP). If ∆IN < - VL, the VEL function block outputs TRUE for the VEL - alarmoccurrence status (VELM).If ∆IN ≤ VL - HYS during a VEL + alarm occurrence, the VEL function block outputs FALSE forthe VEL + alarm occurrence status (VELP).If ∆IN ≥ - (VL - HYS) during a VEL - alarm occurrence, the VEL function block outputs FALSEfor the VEL - alarm occurrence status (VELM).Using the VEL function block allows detecting a sudden change of the process state and er-rors in sensors and transmitters.

<C3.9 VEL (velocity limit alarm) > C3-34


CT

> VL

IN

time

VELP F T

< VL - HYS

Figure C3.9-2 Operations of the VEL function block

Match the data units for the data of IN, VL and HYS according to input values. The unit is ei-ther % or the engineering unit.

TIP In SCS system program releases R3.01 and later, the parameter setting specifications for IN, VL, and HYS,and the operation specifications in this FB, have been changed.


R3.01, refer to:


l Sampling interval (CT)Specify the interval at which to check the rate of change for the sampling interval (CT). Whenthe time specified for CT has passed, the difference between the input value before startingthe check and the current input value is calculated. If 0 ms is specified for CT, no velocity limitalarm is generated. If the specified CT value cannot be divided by the scan period, the rate ofchange is checked when the accumulated scan period exceeds CT.

l CENTUM integration functionA mapping block of the VEL function block (S_VEL) is created by defining the tag name inTag Name Builder of the SENG. This allows referencing the block data using the tag namefrom the HIS of CS 3000. Moreover, when a velocity limit alarm is generated or the systemrecovers from an alarm, the events are notified to the HIS and displayed as process alarms.

SEEALSO For more information about the mapping blocks, refer to:

“n Data items of mapping blocks associated with velocity limit alarm function blocks (VEL)” on pageD2-15

n RemarksThe data type of the IN input argument of a VEL function block is REAL. If it is desired tomonitor velocity limit alarms between an analog input variable (with data status) and anANLGVOTER function block, place a FILTER_S function block before the VEL function blockand connect the VAL output argument of the FILTER_S function block to the IN input terminalof the VEL function block.The VEL function block must be placed before scale conversion (before a SCALER functionor an ANLGI function block).



IMPORTANTIf a value of a variable connected to the IN input terminal of the VEL function block is changedvia forcing or override, the input value of the VEL function block may change suddenly and avelocity limit alarm may be generated. To avoid this, be careful not to change the input valueof the VEL function block suddenly when performing the forcing or override operation on avariable connected to the IN input terminal of the VEL function block.


l SCS simulation testsThe sampling interval time (CT) on SCS simulator and on actual SCS is different.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe input/output parameters of the VEL function block operate in the same way as in the ac-tual SCS.The CENTUM integration function becomes invalid, however. Data reference using tag namesfrom CENTUM and notification of process alarms are not performed.



C3.10 CTU (count up counter)The CTU function block counts up from 0 to the maximum counter value (PV) in increments of1 as long as the count input (CU) is TRUE.

CU

RESE

PV

CTU

Q

CV

Figure C3.10-1 CTU

n Arguments

Table C3.10-1 Arguments of CTUIN/OUT Argu-


IN CU BOOL Count input (count up while CU is TRUE).

RESE BOOL Reset command (given higher priority than CU).

PV DINT Maximum counter value.

OUT Q BOOL TRUE at overflow (CV >= PV).

CV DINT Count result.

n Description• The CTU function block counts up in increments of 1 at each scan from 0 to the maximum

counter value (PV) as long as the count input (CU) is TRUE. The count result is output forCV and the default value is 0.

• When the counter reaches the maximum value (CV >= PV), the CTU function block stopscounting up and outputs TRUE for Q.

• RESE is a reset command. If RESE becomes TRUE, the counter is reset, Q becomesFALSE and CV becomes 0. As long as RESE is TRUE, the CTU function block does notcount up even if CU becomes TRUE.

n Remarks

IMPORTANTThe CTU function block of ProSafe-RS and the standard CTU function block of IEC 61131-3have different count-up conditions, which requires some precaution. The standard CTU func-tion block of IEC 61131-3 counts up at each rising edge of the count input (CU).

In order to count up the counter value at rising edge, combine an R_TRIG function block anda CTU function block.

<C3.10 CTU (count up counter) > C3-37



l SCS simulation testsThe time required to count from 0 to count-up value (PV) on SCS simulator and on actualSCS is different.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the count-up will take a lon-ger time than the indicated parameter.

l Logic simulation testsThe input/output parameters of the CTU function block operate in the same way as in the ac-tual SCS.

<C3.10 CTU (count up counter) > C3-38


C3.11 CTD (count down counter)The CTD function block counts down in decrements of 1 at each scan from the initial countervalue (PV) to 0 as long as the count input (CD) is TRUE.

CD

LOAD

PV

CTD

Q

CV

Figure C3.11-1 CTD

n Arguments

Table C3.11-1 Arguments of CTDIN/OUT Argu-


IN CD BOOL Count input (count down while CD is TRUE).

LOAD BOOL Load command (given higher priority than CD).

PV DINT Initial counter value.

OUT Q BOOL TRUE at underflow (CV =< 0).

CV DINT Count result.

n Description• The CTD function block counts down in decrements of 1 at each scan from the initial

counter value (PV) to 0 as long as the count input (CD) is TRUE. The count result is out-put for CV and the default value is 0.

• When the counter reaches 0 (CV <= 0), CTD stops counting down and outputs TRUE forQ.

• LOAD is a load command. If LOAD becomes TRUE, the counter is loaded, Q becomesFALSE and CV is reset to PV. As long as LOAD is TRUE, the CTD function block doesnot count down even if CD becomes TRUE.

n Remarks

IMPORTANTThe CTD function block of ProSafe-RS and the standard CTD function block of IEC 61131-3have different count-down conditions, which requires some precaution. The standard CTDfunction block of IEC 61131-3 counts down at each rising edge of the count input (CD).

In order to count down the counter value at rising edge, combine an R_TRIG function blockand a CTD function block.

<C3.11 CTD (count down counter) > C3-39



l SCS simulation testsThe time required for reaching count-down value (PV) on SCS simulator and on actual SCS isdifferent.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the count-down will take alonger time than the indicated parameter.

l Logic simulation testsThe input/output parameters of the CTD function block operate in the same way as in the ac-tual SCS.

<C3.11 CTD (count down counter) > C3-40


C3.12 CTUD (count up/down counter)The CTUD function block is a counter that is able to count up and down.

CU

CD

RESE

LOAD

PV

CTUD

QU

QD

CV

Figure C3.12-1 CTUD

n Arguments

Table C3.12-1 Arguments of CTUDIN/OUT Argu-


IN CU BOOL Count-up input (count up as long as CU is TRUE).

CD BOOL Count-down input (count down as long as CD is TRUE).

RESE BOOL Reset command (given higher priority than CU and CD) (CV = 0 ifRESE is TRUE).

LOAD BOOL Load command (CV = PV if LOAD is TRUE).

PV DINT Maximum counter value.

OUT QU BOOL TRUE at overflow status (CV >= PV).

QD BOOL TRUE at underflow status (CV =< 0).

CV DINT Count result (0 =< CV =< PV).

n DescriptionThe CTUD function block is a counter that can count both up and down. The count result isoutput for CV and the default value is 0.• The CTUD function block counts up in increments of 1 at each scan up to the maximum

counter value as long as the count-up input (CU) is TRUE.

• It counts down in decrements of 1 at each scan down to 0 as long as the count-down in-put (CD) is TRUE.

• When the counter reaches the maximum value (CV >= PV), the CTUD function blockstops counting up and outputs TRUE for QU.

• When the counter reaches 0 (CV <= 0), the CTUD function block stops counting downand outputs TRUE for QD.

• RESE is a reset command. If RESE becomes TRUE, the counter is reset, QU becomesFALSE and CV becomes 0. As long as RESE is TRUE, the CTUD function block does notcount up or down.

• RESE is given higher priority than LOAD.

• LOAD is a load command. If LOAD becomes TRUE, the counter is loaded, QD becomesFALSE and CV is reset to PV. As long as LOAD is TRUE, the CTUD function block doesnot count down even if CD becomes TRUE.

<C3.12 CTUD (count up/down counter) > C3-41


n Remarks

IMPORTANTThe CTUD function block of ProSafe-RS and the standard CTUD function block of IEC61131-3 have different count-up/down conditions, which requires some precaution. (Thestandard CTUD function block of IEC 61131-3 counts up/down at each rising edge of thecount input (CU/CD).)

In order to count up/down the counter value at rising edge, combine an R_TRIG functionblock with a CTUD function block.Do not set both count-up input (CU) and count-down input (CD) to TRUE at the same time. Ifboth are set to TRUE, the CTUD function block counts up. If CV reaches PV, however, CVoutputs values of PV and PV - 1 repeatedly at each scan.


l SCS simulation testsThe time required for reaching count-up or count-down value (PV) on SCS simulator and onactual SCS is different.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the count up or count-downwill take a longer time than the indicated parameter.

l Logic simulation testsThe input/output parameters of the CTUD function block operate in the same way as in theactual SCS.

<C3.12 CTUD (count up/down counter) > C3-42


C3.13 B_TO_IB (Converter (data value and statusto IO_BOOL-type data))

The B_TO_IB function block converts BOOL-type data values and status to IO_BOOL typeand outputs the converted data.

STS

V B_TO_IB

Q

Figure C3.13-1 B_TO_IB

n Arguments

Table C3.13-1 Arguments of B_TO_IB

IN/OUT Argu-ments Data type Description

IN V BOOL Data value.

STS BOOL Status.

OUT Q IO_BOOL Value converted to IO_BOOL type.

n DescriptionThe B_TO_IB function block converts input data values and status to IO_BOOL type and out-puts the converted data.

n RemarksThis function block can be used in new SCS databases created by SENG of R1.01.30 or later.


l SCS simulation testsThe input/output parameters of the B_TO_IB function block operate in the same way as in theactual SCS.

l Logic simulation testsThe input/output parameters of the B_TO_IB function block operate in the same way as in theactual SCS.

<C3.13 B_TO_IB (Converter (data value and status to IO_BOOL-type data)) > C3-43


C3.14 R_TO_IR (Converter (data value and statusto IO_REAL-type data))

The R_TO_IR function block converts REAL-type data values and status to IO_REAL typeand outputs the converted data.

STS

V R_TO_IR

Q

Figure C3.14-1 R_TO_IR

n Arguments

Table C3.14-1 Arguments of R_TO_IR


IN V REAL Data value.

STS BOOL Status

OUT Q IO_REAL Value converted to IO_REAL type.

n DescriptionThe R_TO_IR function block converts input data values and status to IO_REAL type and out-puts the converted data.



l SCS simulation testsThe input/output parameters of the R_TO_IR function block operate in the same way as in theactual SCS.

l Logic simulation testsThe input/output parameters of the R_TO_IR function block operate in the same way as in theactual SCS.

<C3.14 R_TO_IR (Converter (data value and status to IO_REAL-type data)) > C3-44


C3.15 ANN_FUP (first-up alarm annunciator)The ANN_FUP function block has the function to identify the signal that reached the safestate first in the same group. The annunciator message is output only when the received sig-nal is the first safe state signal in the group to which the function block belongs.

ANN_FUP

IN

SS

GR

OUT

OUT2

Figure C3.15-1 ANN_FUP

n Arguments

Table C3.15-1 Arguments of ANN_FUP


IN IN BOOL Alarm condition input.

SS BOOL Safe state specification.TRUE: ETS.FALSE: DTS.

GR DINT Group number: 1 to 256.Enter a fixed value for the group number.

OUT OUT BOOL First-up Alarm Output.TRUE: First-up alarm status.FALSE: Not in first-up alarm status.

OUT2 BOOL Second Output.TRUE: Second to reach safe state.FALSE: Not the second to reach safe state.

n DescriptionThe ANN_FUP function block has the following functions.

l First-up alarm outputFor the first ANN_FUP whose alarm condition input (IN) matches the safe state value (SS) inan ANN_FUP group to which the same group number (GR) is specified, the first-up alarm out-put (OUT) is set to alarm status. At this point, an annunciator message is notified.There is only one ANN_FUP that can shift to the alarm status within the same group. If anANN_FUP in the alarm status already exists in the same group, no other ANN_FUP reachesthe alarm status even if IN and SS match. If IN and SS match in multiple ANN_FUP functionblocks in the same group during the same scan, the ANN_FUP that is executed first will shiftto the alarm status. The ANN_FUPs that are executed later will not shift to the alarm status.

l Second outputFor the second ANN_FUP whose IN and SS match within the same group, the value of thesecond output (OUT2) will become TRUE.• For the first ANN_FUP whose IN and SS match, only OUT becomes TRUE while OUT2

remains FALSE.

<C3.15 ANN_FUP (first-up alarm annunciator) > C3-45


• In the case of the second ANN_FUP whose IN and SS match, only OUT remains FALSEand OUT2 becomes TRUE.

• In the case of subsequent ANN_FUPs whose IN and SS match, both OUT and OUT2 re-main FALSE.

l Specification of group numbersEnter a fixed value in the range from 1 to 256 for GR. The group number to which individualANN_FUP belongs is specified by GR.If a value outside the range of 1 to 256 is specified for GR, ANN_FUP does not function. BothOUT and OUT2 remain FALSE.

IMPORTANTTypographical errors in group number specification cannot be detected by the system. There-fore, during the logic test, if the group numbers have been properly specified or not must becarefully inspected.

l Notification of annunciator messagesIn the CENTUM integration environment, it is possible to generate annunciator messages tothe HIS. Message character strings are specified in Tag Name Builder.• If the value of OUT changes from FALSE to TRUE: An annunciator message is generated

to notify the first up alarm status

• If the value of OUT changes from TRUE to FALSE: Notification of recovery from the alarmstatus above

Even if OUT2 (second output) becomes TRUE, the annunciator message corresponding tothe ANN_FUP is not notified. If it is desired to notify this secondary alarm with an annunciatormessage, connect the OUT2 output to another annunciator function block (ANN).

l Resetting first-up alarm statusIt is possible to reset the alarm status using the FUP_RST function block. The first-up alarmstatus is reset only when the reset signal is generated from the FUP_RST function block un-der the condition where IN and SS do not match in all function blocks in the same group.• Even if IN and SS of the ANN_FUP in the first up alarm status do not match any longer,

the reset signal is invalid if IN and SS are matching in other ANN_FUP function blockswithin the same group. OUT of the ANN_FUP in the first-up alarm status remains TRUE.

• The reset conditions of the second output (OUT2) are the same as for OUT.

n Remarks• Specify a numerical value in the range from 1 to 256 for the group number (GR). If a val-

ue outside the range (0 or less or 257 or more) is specified to GR, OUT is always FALSEand no annunciator messages are notified.

• Up to 256 groups can be used for a single SCS.

• There is no limit to the number of ANN_FUP function blocks that can be specified in onegroup.





l SCS simulation testsThe input/output parameters of the ANN_FUP operate in the same way as in the actual SCS.

l Logic simulation testsThe first-up function does not operate.The CENTUM integration function is invalid. Notification of annunciator messages is not per-formed.

Table C3.15-2 Arguments of ANN_FUP at logic simulation tests

IN/OUT Argu-ments Value Description

IN IN Invalid Alarm condition input is invalid.

SS Invalid Safe state specification is invalid.

GR Invalid Group number is invalid.

OUT OUT FALSE Always FALSE

OUT2 FALSE Always FALSE



C3.16 FUP_RST (first-up alarm annunciatorreset)

The FUP_RST function block has the function to reset the first-up alarm status set by theANN_FUP.

FUP_RST

IN

GR

SSI

SSO

Figure C3.16-1 FUP_RST

n Arguments

Table C3.16-1 Arguments of FUP_RSTIN/OUT Arguments Data type Description

IN IN BOOL Reset input(valid only at change from FALSE to TRUE).

GR DINT ANN_FUP group number to be reset (1 to 256).

OUT SSI BOOL Whether or not there are any function blocks whose IN and SSmatch within the same group.TRUE: One or more blocks where IN = SS exist.FALSE: No blocks where IN = SS exist.

SSO BOOL Whether or not there are function blocks in the first-up alarm sta-tus in the specified group.TRUE: There is at least one function block in the first-up alarmstatus.FALSE: No function block in the first-up alarm status.

n DescriptionThe FUP_RST function block is used to reset the first-up alarm status set by ANN_FUP.Specify the group number to be reset to GR of the FUP_RST. By changing the reset input (IN)from FALSE to TRUE, it functions as the reset signal of the first-up alarm status of the targetgroup. Note that OUT of ANN_FUP in the first-up alarm status is actually reset only when thereset signal is generated from the FUP_RST function block under the conditions where INand SS do not match in all function blocks in the same group.When the ANN_FUP in the first-up alarm status is reset, an annunciator message is gener-ated to notify recovery from the alarm status.

<C3.16 FUP_RST (first-up alarm annunciator reset) > C3-48


l Example

ANN_FUP[A]SS = TGR = 1

IN TF

OUT TF

ANN_FUP[B]SS = TGR = 1

IN TF

OUT2 TF

FUP_RSTGR = 1

IN TF

ANN_FUP[C]SS = TGR = 1

IN TF

OUT TF

Occurrence of first-up alarm status (annunciator message notification) Recovery from first-up alarm status

t1scan

t1 t3t2 t4 t5 t6

Figure C3.16-2 Generation of and recovery from first-up alarm

• ANN_FUP [A] first detects matching of IN and SS at t1 and OUT changes to TRUE.

• When ANN_FUP [B] detects matching of IN and SS at t2, OUT2 becomes TRUE becausethe function block is the second one in the group to detect the matching.

• Even if ANN_FUP [C] detects matching of IN and SS at t3, both OUT and OUT2 remainFALSE because the function block is the third one in the group to detect the matching.

• If a reset signal is generated at t4, OUT of ANN_FUP [A] and OUT2 of ANN_FUP [B] re-main TRUE because IN and SS match for all ANN_FUP function blocks.

• If a reset signal is generated again at t5, IN and SS of ANN_FUP [A] do not match but INand SS of other ANN_FUP function blocks remain matched. Thus, OUT of ANN_FUP [A]and OUT2 of ANN_FUP [B] remain TRUE.

• If a reset signal is generated at t6, IN and SS do not match for all ANN_FUP functionblocks. Thus, OUT of ANN_FUP [A] and OUT2 of ANN_FUP [B] become FALSE.



IMPORTANTThe execution order of ANN_FUP and FUP_RST and the change of signals have the follow-ing relationships.• If FUP_RST is executed first

OUT (OUT2) of ANN_FUP becomes FALSE within the same scan where the IN inputchanges from FALSE to TRUE in FUP_RST.SSO of FUP_RST becomes FALSE in the next scan.

• If FUP_RST is executed laterOUT (OUT2) of ANN_FUP becomes FALSE in the next scan after the IN input changesfrom FALSE to TRUE in FUP_RST.SSO of FUP_RST becomes FALSE in the next scan executed after OUT of ANN_FUPbecomes FALSE, meaning 2 scans after IN of FUP_RST becomes TRUE.

l OutputSSI and SSO of FUP_RST are representative values of the input and output statues of allANN_FUP function blocks in the group specified by GR. It is possible to use the value of SSOin the application logic to indicate whether the reset operation is successful or not.

n Remarks• Specify a numerical value in the range from 1 to 256 for the group number (GR). If a val-

ue outside the range for GR (0 or less or 257 or larger) is specified, resetting is not per-formed.



l SCS simulation testsThe Input/output parameters of the FUP_RST operate in the same way as in the actual SCS.

l Logic simulation testsResetting cannot be performed.The CENTUM integration function is invalid. ANN_FUP annunciators do not recover either.

Table C3.16-2 Arguments of FUP_RST at logic simulation tests


ININ Invalid Reset input is invalid.

GR Invalid ANN_FUP group number to be reset is invalid.

OUTSSI Invalid Always False

SSO Invalid Always False



C4. Function blocks for inter-SCScommunication (Safety FBs)

In this chapter, the function blocks used for inter-SCS communication will be explained.The following function blocks are provided for inter-SCS safety communication.• Inter-SCS safety communication BOOL-type data producer (PROD_B)

• Inter-SCS safety communication INTEGER-type data producer (PROD_I)

• Inter-SCS safety communication REAL-type data producer (PROD_R)

• Inter-SCS safety communication BOOL-type data consumer (CONS_B)

• Inter-SCS safety communication INTEGER-type data consumer (CONS_I)

• Inter-SCS safety communication REAL-type data consumer (CONS_R)

The following function blocks are provided for SCS link transmission safety communication.• Link transmission data output block (LTSND)

• Safety link transmission data input block (LTRCV)

SEEALSO For more information about inter-SCS safety communication, refer to:

A5., “Inter-SCS safety communication” on page A5-1

For more information about SCS link transmission safety communication, refer to:

A6., “SCS link transmission” on page A6-1

<C4. Function blocks for inter-SCS communication (Safety FBs) > C4-1


C4.1 PROD_B (inter-SCS safety communicationBOOL-type data producer)

The PROD_B function block sends BOOL-type data to a CONS_B function block of anotherSCS.

PROD_B

IN

BVAR

Figure C4.1-1 PROD_B

n Arguments

Table C4.1-1 Arguments of PROD_BIN/OUT Arguments Data type Description

IN IN BOOL Input value (data transmitted to communicating SCSs).

OUT BVAR COM_BOOL Binding variable for sending BOOL-type data.

n DescriptionThe PROD_B function block converts BOOL-type data to a binding variable for sendingBOOL-type data in order to send data to an SCS on the consuming side. This function blockis linked with the output enable operation; no valid data is set to the binding variable at theconnection destination until the output enable operation is performed.Information on whether or not the transmission succeeded is not notified to this function block.Use a SYS_DIAG function block to check for error occurrence.

SEEALSO For more information about the SYS_DIAG function blocks, refer to:

C10.6, “SYS_DIAG (diagnostic information output)” on page C10-12

n RemarksMake sure that the data type and the numerical value part of the binding variable name inquestion match between the sending side and receiving side.


l SCS simulation testsThe input/output parameters of the PROD_B function block operate in the same way as in theactual SCS.

l Logic simulation testsThe inter-SCS safety communication function is invalid.

<C4.1 PROD_B (inter-SCS safety communication BOOL-type data producer) > C4-2


Table C4.1-2 Arguments of PROD_B at logic simulation testIN/OUT Arguments Value Description

IN IN Invalid Invalid

OUT BVAR Invalid Not handled by Inter-SCS safety communication. The valueof IN will be output as BVAR value.

<C4.1 PROD_B (inter-SCS safety communication BOOL-type data producer) > C4-3


C4.2 PROD_I (inter-SCS safety communicationINTEGER-type data producer)

The PROD_I function block sends DINT-type data to a CONS_I function block of anotherSCS.

PROD_I

IN

BVAR

Figure C4.2-1 PROD_I

n Arguments

Table C4.2-1 Arguments of PROD_IIN/OUT Arguments Data type Description

IN IN DINT Input value (data transmitted to communicating SCSs).

OUT BVAR COM_DINT Binding variable for sending DINT-type data.

n DescriptionThe PROD_I function block converts DINT-type data to a binding variable for sending DINT-type data in order to send data to an SCS on the consuming side. This function block is linkedwith the output enable operation; no valid data is set to the binding variable at the connectiondestination until the output enable operation is performed.Information on whether or not the transmission succeeded is not notified to this function block.Use a SYS_DIAG function block to check for error occurrence.





l SCS simulation testsThe input/output parameters of the PROD_I function block operate in the same way as in theactual SCS.


<C4.2 PROD_I (inter-SCS safety communication INTEGER-type data producer) > C4-4


Table C4.2-2 Arguments of PROD_I at logic simulation testIN/OUT Arguments Value Description



<C4.2 PROD_I (inter-SCS safety communication INTEGER-type data producer) > C4-5


C4.3 PROD_R (inter-SCS safety communicationREAL-type data producer)

The PROD_R function block sends REAL-type data to a CONS_R function block of anotherSCS.

PROD_R

IN

BVAR

Figure C4.3-1 PROD_R

n Arguments

Table C4.3-1 Arguments of PROD_RIN/OUT Arguments Data type Description

IN IN REAL Input value (data transmitted to communicating SCSs).

OUT BVAR COM_REAL Binding variable for sending REAL-type data.

n DescriptionThe PROD_R function block converts REAL-type data to a binding variable for sending RE-AL-type data in order to send data to an SCS on the consuming side. This function block islinked with the output enable operation; no valid data is set to the binding variable at the con-nection destination until the output enable operation is performed.Information on whether or not the transmission succeeded is not notified to this function block.Use a SYS_DIAG function block to check for error occurrence.





l SCS simulation testsThe input/output parameters of the PROD_R function block operate in the same way as in theactual SCS.


<C4.3 PROD_R (inter-SCS safety communication REAL-type data producer) > C4-6


Table C4.3-2 Arguments of PROD_R at logic simulation testIN/OUT Arguments Value Description



<C4.3 PROD_R (inter-SCS safety communication REAL-type data producer) > C4-7


C4.4 CONS_B (inter-SCS safety communicationBOOL-type data consumer)

The CONS_B function block receives BOOL-type data sent from a PROD_B function block ofanother SCS and, if there is no error, outputs the data.

CONS_B

OUT

VAL

NR

OUTT

BVAR

DLYT

Figure C4.4-1 CONS_B

n Arguments

Table C4.4-1 Arguments of CONS_BIN/OUT Argu-


IN BVAR COM_BOOL Binding variable for receiving BOOL-type data.

VAL BOOL Fail-safe value output at error occurrence.

OUTT TIME Reception interval timeout value: 3 to 30 secondsGenerates a communication error if the reception interval exceedsOUTT.

DLYT TIME Transmission delay timeout value: 3 to 30 secondsGenerates a communication error if the transmission delay exceedsDLYT.Transmission delay is not checked if DLYT is set to 0. (*1)

OUT OUT BOOL Output value.

NR BOOL The communication status is output.TRUE: Normal.FALSE: Abnormal (including cases where data is not received).

*1: When DLYT is set to 0, the communication cannot be used for safety purpose.

n DescriptionThis function block receives BOOL-type data sent from a PROD_B function block of a produc-ing side SCS and outputs it via OUT. The communication status is output via NR.If a communication error occurs, the CONS_R function block generates a diagnostic informa-tion message indicating the communication error and outputs the fail-safe value specified inVAL via OUT. When the system recovers from the communication error, it generates a diag-nostic information message indicating the recovery and the reception data is output via OUTagain. Create application logics for latching and unlatching the output to manage the error oc-currence.

<C4.4 CONS_B (inter-SCS safety communication BOOL-type data consumer) > C4-8


OUT FALSE

TRUE

NR FALSE

TRUE

Output fail- safe value


Output the value from the producing side


Communication start

Occurrence of communication error

Demand from the producing side

Recovery from communication error

× × ×

Figure C4.4-2 Changes of output values at communication error occurrence

l Reception interval timeout value (OUTT) and transmission delay timeoutvalue (DLYT)

The reception interval refers to the interval at which the function block on the consuming sidereceives data. If data cannot be received within the period specified by the reception intervaltimeout value (OUTT), it is regarded as a communication error.OUTT is rounded up to a multiple of the scan period of the SCS on the consuming side. If avalue smaller than the scan period of the SCS on the consuming side is specified as OUTT,the refresh condition of Binding variables will be checked at every scan period of the SCS onthe consuming side.The transmission delay is the time after the function block on the producing side transmits da-ta until the function block on the consuming side receives the data. If the transmission delaytime exceeds the time specified by the transmission delay timeout value (DLYT), it is regardedas a communication error.The transmission delay is affected not only by the delays in the communication path, but alsoby the scan period of the SCS on the producing side and that of the SCS on the consumingside.The normal range of transmission delay is as follows.• Transmission delay timeout value (DLYT) ≥ transmission delay time

Time

Consuming side Function block

Transmission delay

Reception interval

Producing side Function block

Figure C4.4-3 Transmission delay and reception interval

The method of calculating DLYT differs depending on the system program release number ofthe sending SCS and receiving SCS.



SEEALSO For more information about DLYT calculation method when the SCS system program release number is

R2.03.51 and later on both send side and receive side, refer to:

“ Inter-SCS Safety Communication Timeout Settings” in “ Precaution for Engineering” in 2.8, “Inter-SCS Safety Communication” in Engineering Guide (IM 32Q01C10-31E)

For more information about DLYT calculation method when the SCS system program release number is earli-er than R2.03.51 on either send side or receive side, refer to:

“ Specification Changes Made in SCS System Program Release Number R2.03.51” in Appendix 4.8.2,“Compatibility with Earlier Revisions” in Installation (IM 32Q01C50-31E)

l Additional explanation on transmission delay timeout value (DLYT) ofconsumer function blocks

The transmission delay error of the inter-SCS safety communication should be detected.A temporary transmission delay error can be found with reception interval timeout (OUTT). Aconstant transmission delay error can be found with transmission delay timeout (DLYT).

SEEALSO For more information about notices on determining DLYT value, refer to:

“ Precaution for Engineering” in 2.8, “Inter-SCS Safety Communication” in Engineering Guide (IM32Q01C10-31E)

n RemarksMake sure that the data type and the numerical value part of the binding variable name inquestion match between the producing side and consuming side.


l SCS simulation testsThe input/output parameters of the CONS_B function block operate in the same way as in theactual SCS.However, the diagnoses for reception interval timeout and transmission delay timeout will beskipped. Therefore, CONS_B function block will not indicate an error even when the sourceSCS simulator stops for a while.


Table C4.4-2 Arguments of CONS_B at logic simulation testIN/OUT Arguments Value Description

IN BVAR Invalid

VAL Valid Variable of VAL is output to OUT.

OUTT Invalid Invalid

DLYT Invalid Invalid

OUT OUT TRUE/FALSE Not handled by Inter-SCS safety communication. The fail-safe value is always output to OUT.

NR FALSE Always False



C4.5 CONS_I (inter-SCS safety communicationINTEGER-type data consumer)

The CONS_I function block receives DINT-type data sent from a PROD_I function block ofanother SCS and, if there is no error, outputs the data.

CONS_I

OUT

VAL

NR

OUTT

BVAR

DLYT

Figure C4.5-1 CONS_I

n Arguments

Table C4.5-1 Arguments of CONS_IIN/OUT Argu-


IN BVAR COM_DINT Binding variable for receiving DINT-type data.

VAL DINT Fail-safe value output at error occurrence.



OUT OUT DINT Output value.

NR BOOL The communication status is output.TRUE: Normal.FALSE: Abnormal (including non-received data).


n DescriptionThis function block receives DINT-type data sent from a PROD_I function block of a produc-ing side SCS and outputs it via OUT. The communication status is output via NR.If a communication error occurs, the CONS_R function block generates a diagnostic informa-tion message indicating the communication error and outputs the fail-safe value specified inVAL via OUT. When the system recovers from the communication error, it generates a diag-nostic information message indicating the recovery and the reception data is output via OUTagain. Create application logics for latching and unlatching the output to manage the error oc-currence.

<C4.5 CONS_I (inter-SCS safety communication INTEGER-type data consumer) > C4-11


OUT

NR FALSE

TRUE





Communication start



× × ×



SEEALSO For more information about the reception interval timeout value (OUTT) and transmission delay timeout value

(DLYT), refer to:

• “l Reception interval timeout value (OUTT) and transmission delay timeout value (DLYT)” on pageC4-9

• “l Additional explanation on transmission delay timeout value (DLYT) of consumer function blocks”on page C4-10



l SCS simulation testsThe input/output parameters of the CONS_I function block operate in the same way as in theactual SCS.However, the diagnoses for reception interval timeout and transmission delay timeout will beskipped. Therefore, CONS_I function block will not indicate an error even when the sourceSCS simulator stops for a while.


Table C4.5-2 Arguments of CONS_I at logic simulation testIN/OUT Arguments Value Description

IN BVAR Invalid






<C4.5 CONS_I (inter-SCS safety communication INTEGER-type data consumer) > C4-12


C4.6 CONS_R (inter-SCS safety communicationREAL-type data consumer)

The CONS_R function block receives REAL-type data sent from a PROD_R function block ofanother SCS and, if there is not error, outputs the data.

CONS_R

VAL

OUTT

BVAR

DLYT

OUT

NR

Figure C4.6-1 CONS_R

n Arguments

Table C4.6-1 Arguments of CONS_RIN/OUT Argu-


IN BVAR COM_REAL Binding variable for receiving REAL-type data.

VAL REAL Fail-safe value output at error occurrence.




NR BOOL The communication status is output.TRUE: Normal.FALSE: Abnormal (including non-received data).


n DescriptionThis function block receives REAL-type data sent from a PROD_R function block of a produc-ing side SCS and outputs it via OUT. The communication status is output via NR.If a communication error occurs, the CONS_R function block generates a diagnostic informa-tion message indicating the communication error and outputs the fail-safe value specified inVAL via OUT. When the system recovers from the communication error, it generates a diag-nostic information message indicating the recovery and the reception data is output via OUTagain. Create application logics for latching and unlatching the output to manage the error oc-currence.

<C4.6 CONS_R (inter-SCS safety communication REAL-type data consumer) > C4-13


OUT

NR FALSE

TRUE





Communication start



× × ×



SEEALSO For more information about the reception interval timeout value (OUTT) and transmission delay timeout value

(DLYT), refer to:

• “l Reception interval timeout value (OUTT) and transmission delay timeout value (DLYT)” on pageC4-9

• “l Additional explanation on transmission delay timeout value (DLYT) of consumer function blocks”on page C4-10



l SCS simulation testsThe input/output parameters of the CONS_R function block operate in the same way as in theactual SCS.However, the diagnoses for reception interval timeout and transmission delay timeout will beskipped. Therefore, CONS_R function block will not indicate an error even when the sourceSCS simulator stops for a while.


Table C4.6-2 Arguments of CONS_R at logic simulation testIN/OUT Arguments Value Description

IN BVAR Invalid






<C4.6 CONS_R (inter-SCS safety communication REAL-type data consumer) > C4-14


C4.7 LTSND (link transmission data output)The LTSND function block is used for sending data through SCS link transmission.

LTSND

V

Figure C4.7-1 LTSND

n Arguments

Table C4.7-1 Arguments of LTSNDIN/OUT Arguments Data type Description

IN V BOOL Input value.

n DescriptionThe BOOL type datum specified for input parameter V will be sent to other stations in thesame domain.Information on whether or not the transmission succeeded is not notified to this function block.Use a SYS_DIAG function block to check for error occurrence.



n Remarks• For other POU to use the set datum, the input signal needs to be diverged. And the di-

verged signal should be connected to a global variable, and the global variable should beused.



l SCS simulation testsThe input parameters of the LTSND function block operate in the same way as in the actualSCS.

l Logic simulation testsThe SCS link transmission is invalid. The input parameter is invalid.

Table C4.7-2 Arguments of LTSND at logic simulation testIN/OUT Arguments Value Description

IN V Invalid The input values are invalid.

<C4.7 LTSND (link transmission data output) > C4-15


C4.8 LTRCV (safety link transmission datainput)

The LTRCV function block is used for receiving safety data from other SCSs through SCS linktransmission.

LTRCV

STS

V

Figure C4.8-1 LTRCV

n Arguments

Table C4.8-1 Arguments of LTRCV


OUT V BOOL Output value.

STS BOOL Data status (SCS link transmission data receiving).TRUE: Normal.FALSE: Abnormal (including cases where data is not received).

n DescriptionThe output parameter V is to output the data sent from other SCSs in the same domain.The output parameter STS is to output the reception status of SCS link transmission safetycommunication.When a communication error occurs, a value which specified in the [Input Processing at Fault]item in Wiring Definition of SCS Link Transmission Builder will be output from V. When thecommunication recovers from the erroneous status, the block will return to output the receiv-ing data. Create application logics for latching and unlatching the output to manage the erroroccurrence.



l SCS simulation testsThe output parameters of the LTRCV function block operate in the same way as in the actualSCS.

l Logic simulation testsThe SCS link transmission is invalid. The output parameters are invalid.

<C4.8 LTRCV (safety link transmission data input) > C4-16


Table C4.8-2 Arguments of LTRCV at logic simulation testIN/OUT Arguments Value Description

OUT V Invalid The output values are invalid.

STS Invalid The data status is invalid.

<C4.8 LTRCV (safety link transmission data input) > C4-17


C5. Function blocks for integration withCENTUM (Safety FBs)

In this chapter, the safety function blocks applied in the integrated system with CENTUM willbe explained.The following function blocks are provided for integration with CENTUM.• Override function blocks

• Grouping override function blocks

• PASSWD (PASSWD)

• BOOL-type data manual operation function block with two-position answerback(MOB_11)

• BOOL-type data manual operation function block with three-position answerback(MOB_21)

• Auto-reset BOOL-type data manual operation (MOB_RS)

• Analog-type data manual operation (MOA)

<C5. Function blocks for integration with CENTUM (Safety FBs) > C5-1


C5.1 Override function blocksOverride function blocks (override FBs) override variables of an application logic. There arethe following five types according to the data type of the overridden variables.• OVR_B (BOOL-type data override)

• OVR_I (INTEGER-type data override)

• OVR_R (REAL-type data override)

• OVR_IB (IO_BOOL-type data override)

• OVR_IR (IO_REAL-type data override)

SEEALSO For more information about the actions of the override function block, refer to:

D3.1, “Overview of override FB” on page D3-2

For more information about the tag name interfaces and process alarms of override function blocks, refer to:

D3.2, “Tag name interfaces and process alarms of override function blocks” on page D3-4

n Override function blocksAn override operation from an HIS is performed by using an override function block. The us-age of the override function blocks are explained using the OVR_B function block, whichoverrides BOOL-type variables, as an example. Three parameters, IN, VAL and OUT, havedifferent data types according to the override function block corresponding to the data type ofthe overridden variables.

OVR_B

STS

IN OUT

VAL

SW

Figure C5.1-1 OVR_B

l Types of override function blocksThere are five types of override function blocks, one for each data type, as shown in the tablebelow. Arguments other than input parameter IN, output parameter OUT and input parameterVAL are common for all of the function blocks regardless of the data type.

Table C5.1-1 Types of override function blocks

FB type Data type of IN andOUT Data type of VAL Remarks

OVR_B BOOL BOOL -

OVR_I DINT DINT -

OVR_R REAL REAL -

OVR_IB IO_BOOL BOOL The data status of output parameterOUT during override is GOOD.

OVR_IR IO_REAL REAL

<C5.1 Override function blocks > C5-2


n Arguments

Table C5.1-2 Arguments of OVR_B, OVR_I, OVR_R, OVR_IB, OVR_IRIN/OUT Argu-


IN IN (*1) Input

VAL (*1) Override value.

SW BOOL Override Permit Switch.TRUE: Override permission.FALSE: Override prohibition.

OUT OUT (*1) Output

STS BOOL TRUE: Overridden and OUT outputs the value specified in VAL.FALSE: Not overridden and OUT outputs data input to IN.

*1: The data type varies with the FB models. See the table of "Types of Override Function Blocks."

n DescriptionThe override function blocks output the data input from input parameter IN as is via output pa-rameter OUT as long as no overriding operation is performed.If an override instruction is set from an HIS, on the other hand, the override function blocksoutput the data specified in input parameter VAL via output parameter OUT. In short, data isfixed to the value defined in input parameter VAL in advance.If the override operation is canceled from the HIS, the override function blocks resume output-ting data input from input parameter IN via output parameter OUT.

n Remarks• SW is a parameter that permits overriding. However, an override instruction is not can-

celed even if the SW input changes from TRUE to FALSE while the override operation isperformed from an HIS.

• It is possible to control the status of the override function blocks with a SYS_OVR systemfunction block.

SEEALSO For more information about the SYS_OVR system function block, refer to:

C10.9, “SYS_OVR (override function blocks management)” on page C10-18


l SCS simulation testsThe input/output parameters of the OVR_B, OVR_I, OVR_R, OVR_IB and OVR_IR functionblock operate in the same way as in the actual SCS.

l Logic simulation testsThe CENTUM integration function is invalid. The override function blocks cannot be overrid-den.



Table C5.1-3 Arguments of OVR_B, OVR_I, OVR_R, OVR_IB, OVR_IR at logic simulation testIN/OUT Arguments Value DescriptionIN IN (*1) Data of IN is always output by OUT.

VAL Invalid The override setting value is invalid.

SW Invalid The override enable switch is invalid.

OUT OUT (*1) Always output the data of IN

STS FALSE Always FALSE

*1: The data type varies with the FB models. See the table of "Types of Override Function Blocks."

SEEALSO For more information about the table of "Types of override Function Blocks", refer to:

“l Types of override function blocks” on page C5-2



C5.2 Grouping override function blockThe grouping override function block can be used for management of the override blocks pergroups. To cope with different types of variables, there are following two types of blocks.• GOV_B (BOOL-type data grouping override)

• GOV_IB (IO_BOOL-type data grouping override)

SEEALSO For more information about overview of grouping override function block, refer to:

D3.3, “Overview of grouping override function block” on page D3-8

For more information about tag name interfaces and process alarms of grouping override function block, referto:

D3.4, “Tag name interfaces and process alarms of grouping override function block” on page D3-12

n Grouping override function blockWhen using the grouping override function block, the override operation for the multiple datadefined in a group can be restricted for only one operation at a time.The usage of the grouping override function blocks are explained using the GOV_B functionblock, which overrides BOOL-type variables, as an example. Two parameters, IN and OUT,have different data types according to the grouping override function block corresponding tothe data type of the overridden variables.

GOV_B

STS

IN OUT

GRP

ENS VAL

SW

Figure C5.2-1 GOV_B

l Types of grouping override function blocksThere are two types of grouping override function blocks, one for each data type, as shown inthe table below. Arguments other than input parameter IN and output parameter OUT arecommon for all of the function blocks regardless of the data type.

Table C5.2-1 Types of grouping override function blocks

FB type Data type of IN andOUT Data type of VAL Remark

GOV_B BOOL BOOL -

GOV_IB IO_BOOL BOOL The data status of output parameterOUT during override is GOOD.

<C5.2 Grouping override function block > C5-5


n Arguments

Table C5.2-2 Arguments of GOV_B, GOV_IB


IN IN (*1) Input

GRP DINT Group number: 0 to 128.Enter a fixed value as the group number. Enter a 0 to disable group-ing.

VAL BOOL Override value.

SW BOOL Override Permit Switch.TRUE: Override permission.FALSE: Override prohibition.

OUT OUT (*1) Output

STS BOOL TRUE: Overridden and OUT outputs the value specified in VAL.FALSE: Not overridden and OUT outputs data input to IN.

ENS BOOL TRUE: Override executable.If GRP is 0 and SW is TRUE, ENS will be TRUE.When overridden, ENS will be TRUE.FALSE: Override disabled.If GRP is less than 0 or greater than 128, ENS will be FALSE.

*1: The data type varies with the FB models. See the table of "Types of Grouping Override Function Blocks."

n Description• The grouping override function blocks output the data input from input parameter IN as is

via output parameter OUT as long as no overriding operation is performed. If the SW ofthe input parameter is TRUE and no other function block within the group is running over-ride, the output parameter ENS will be TRUE.If an override operation is performed from an HIS, the grouping override function blockoutput the data specified in input parameter VAL via output parameter OUT. This meansto fix the datum using the value previously defined to the input parameter VAL. In thiscase, the ENS of other override function blocks in the same group will become FALSE.If the override operation is canceled from the HIS, the grouping override function blockresume outputting data input from parameter IN via parameter OUT. In this case, the ENSof the override function blocks in the same group will become TRUE as long as the FB'sSW is TRUE.

• When override is being executed, the status of the output parameter OUT (IO_BOOLtype) of GOV_IB will be GOOD. When override is not being executed, the data status ofinput parameter IN will be output as the data status of OUT.

n Remarks• The multiple override function blocks in the same group cannot be executed override at

the same time.

• The group number (GRP) should be specified with a constant of 0 to 128.

• The function block with a group number of 0 can perform multiple override actions.

• For a function block that is running override, if the SW parameter changes from TRUE toFALSE, the override status will be released, and ENS parameter will become FALSE.

• For GOV_IB during the override execution, if the SW parameter changes from TRUE toFALSE, or if SYS_OVR issues a forced cancellation command, the override status will becanceled even if IN data status is BAD.



• It is possible to manage the status of the grouping override function blocks with aSYS_OVR system function block.

• This function blocks can be used in new SCS databases created by SENG of R1.03.00 orlater.


l SCS simulation testsThe input/output parameters of the GOV_B and GOV_IB function block operate in the sameway as in the actual SCS.

l Logic simulation testsThe CENTUM integration function is invalid. The grouping override function blocks cannot beoverridden.

Table C5.2-3 Arguments of GOV_B, GOV_IB at logic simulation testIN/OUT Arguments Value Description

IN IN (*1) Data of IN is always output by OUT

GRP Invalid Group number is invalid.

VAL Invalid The override setting value is invalid.

SW Invalid The override enable switch is invalid.

OUT OUT (*1) Always output the data of IN

STS FALSE Always FALSE

ENS FALSE Always FALSE

*1: The data type varies with the FB models. See the table of "Types of Grouping Override Function Blocks."

SEEALSO For more information about "Table Types of grouping override function blocks", refer to:

“l Types of grouping override function blocks” on page C5-5



C5.3 PASSWD (password)The PASSWD function block sets the output value to either TRUE or FALSE upon examina-tion of the password character string sent from an HIS.

PASSWD

OUT PSWD

Figure C5.3-1 PASSWD

n Arguments

Table C5.3-1 Arguments of PASSWD


IN PSWD Character con-stant

Password character string (up to 16 single-byte characters).

OUT OUT BOOL TRUE: TRUE is set via a mapping block.FALSE: FALSE is set via a mapping block.

n DescriptionA password character string entered on the faceplate of an HIS is transmitted to the PASSWDfunction block via a mapping block. If this character string matches with the character stringspecified for input parameter PSWD, a data value set to either TRUE or FALSE is received.As a result, the PASSWD function block outputs the same value (TRUE or FALSE) as the da-ta set via the mapping block, to its output parameter OUT.The default value of output parameter OUT of the PASSWD function block is FALSE. Makesure to configure the PASSWD function block such that it outputs FALSE under normal cir-cumstances and TRUE when data requiring password authentication is set from an HIS whenperforming processing (e.g., allow override operation).

SEEALSO For more information about how to use the PASSWD function block in override operation from an HIS, refer

to:

D3.6, “Permission for override by password FB” on page D3-17

For more information about tag name interfaces and process alarms in the PASSWD FB, refer to:

D3.7, “Tag name interfaces and process alarms of password function blocks” on page D3-21

n RemarksSpecify a password as a character string constant for the PSWD input parameter.A character string of up to 16 alphanumeric characters can be specified for the PSWD inputparameter. If a character string exceeding 16 characters is specified for the PSWD input pa-rameter, only the first 16 characters become the target of comparison and other charactersare ignored.It is recommended to specify a different password character string for each PASSWD functionblock and make each password unique within the system.

<C5.3 PASSWD (password) > C5-8


• It is possible to manage the status of the PASSWD function block with a SYS_PSWD sys-tem function block.

• It is possible to forcibly return the output of all PASSWD function blocks within an SCS toFALSE by the SYS_PSWD function block.

SEEALSO For more information about the SYS_PSWD system function block, refer to:

C10.10, “SYS_PSWD (password function blocks management)” on page C10-22


l SCS simulation testsThe input/output parameters of the PASSWD function block operate in the same way as in theactual SCS.

l Logic simulation testsThe CENTUM integration function is invalid. The PASSWD function block always outputFALSE from OUT, the password string becomes invalid.

n Handling password character stringsWhen an engineer creates an application logic that utilizes the PASSWD function block, acharacter string constant is written in the PSWD input parameter of the PASSWD functionblock and used as the password; this means that the password character string can be readby looking at the FBD. As a countermeasure to this, the security setting for POUs available inthe Workbench can be used.If it is desired to hide a password, apply the security setting for each POU that uses aPASSWD function block (POUs in which a password character string is written) in the Work-bench. As a result, the POUs cannot be opened, nor can the self-documentation be printed,unless the password specified for the security setting for each POU is entered.

<C5.3 PASSWD (password) > C5-9


C5.4 MOB_11 (BOOL-type data manualoperation function block with two-positionanswerback)

For example, the MOB_11 function block is used to perform manual operations mainly froman HIS, with checking of answerback from either one of the opening/closing limit switches of avalve.

SHDN SS IN SW AIN MTM IOP OOP OTEN PSWD

MOB_11

OUT NANP NANM

Figure C5.4-1 MOB_11

<C5.4 MOB_11 (BOOL-type data manual operation function block with two-position answerback) >

C5-10


n Arguments

Table C5.4-1 Arguments of MOB_11


IN SHDN BOOL Shutdown signal.The meaning of the signal is determined by the value of SS.


IN BOOL Value specified to be output when manual operation is prohibited.The value specified in this parameter is output to OUT if SW isFALSE.

SW BOOL Toggle switch between permitting and prohibiting manual operation.TRUE: The operation output value from HIS is output to OUT.FALSE: The value set in IN is output to OUT.

AIN BOOL Answerback input value (*1)TRUE: Open status.FALSE: Close status.

MTM TIME Answerback check mask time(Must be an integer multiple of the scan period).

IOP BOOL Signal for monitoring input status.TRUE: Normal status.FALSE: Abnormal status.

OOP BOOL Signal for monitoring output status.TRUE: Normal status.FALSE: Abnormal status.

OTEN BOOL Signal indicating output enable status.TRUE: Output is enabled.FALSE: Output is disabled.

PSWD Character con-stant


OUT OUT BOOL Open/close operation output value (*1)TRUE: Open instruction.FALSE: Close instruction.

NANP BOOL Answerback status on the open side (*1).TRUE: Normal status.FALSE: Abnormal status.

NANM BOOL Answerback status on the closed side (*1)TRUE: Normal status.FALSE: Abnormal status.

*1: Assuming that the target is a valve, Open and Closed are used as terms to describe the status.

n DescriptionThe MOB_11 function block is used to perform manual operations from an HIS at starting upand maintaining a plant. It outputs BOOL type values.The MOB_11 function has input parameters (SHDN and SS) for receiving shutdown eventsand outputs shutdown logic signals with the highest priority if a shutdown event occurs.It is possible to switch between permitting and prohibiting manual operations from an HIS bythe input to SW. If TRUE is input to SW, the MOB_11 function block outputs a manual opera-tion output value from the HIS to OUT. If FALSE is input to SW, it outputs the IN value as is toOUT.


C5-11


It also performs answerback checks based on the answerback input value (AIN) and OUTand outputs the results to NANP and NANM.MOB_11 has the following functions.• Shutdown signals output

• Manual operation permission

• Manual operation authenticated by password

• Output enable status display

• Answerback check

• Monitoring IOP and OOP


SEEALSO For more information about MOB_11, refer to:

D4.1, “HIS interfaces of MOB_11 and MOB_21 (BOOL-type data manual operation function block withanswerback)” on page D4-3

n Shutdown output operation

l Overview of shutdown output• SHDN and SS match: The value specified for SS is output from OUT.

• SHDN does not match SS:Either the IN value or the manual operation value from an HIS, depending on the statusof manual operation permission (SW), is output from OUT.

l Details of shutdown outputEnter signals for shutdown processing in SHDN and SS. If the value input to SHDN matchesthe safe state specified with SS, an MOB_11 function block processes it as an occurrence ofa shutdown event and performs the shutdown processing, outputting the SS value to OUTwith the highest priority.Define for SS whether the signal input to SHDN is handled as DTS or ETS.

• To apply the signal to the DTS (De-energized To Safe) logic:

• To apply the signal to the ETS (Energized To Safe) logic:

Input FALSE to SS.Input TRUE to SS.

If SHDN does not match the safe state specified with SS, either the value input to IN or themanual operation value from the HIS is output from OUT.



l SCS simulation testsThe answerback check masking time (MTM) on SCS simulator and on actual SCS may takedifferent time to reach time-up.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.


C5-12


When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe input/output parameters of the MOB_11 function block operate in the same way as in theactual SCS. The following functions become invalid, however.• System alarm notification

• CENTUM Integration FunctionData reference using tag names from CENTUM and process alarm notification

Table C5.4-2 Arguments of MOB_11 at logic simulation test


IN SHDN Valid -

SS Valid -

IN Valid -

SW Valid If TRUE is input to SW, the output value is retained for OUT.

AIN Valid -

MTM Valid -

IOP Invalid The value has no influence on operation and is ignored.

OOP Invalid The value has no influence on operation and is ignored.

PSWD Invalid Password entry is not performed.

OUT OUT TRUE/FALSE The following values are output.SW is TRUE: Retain output valueSW is FALSE: Output IN value

NANP TRUE/FALSE Answerback status on the open side is output.

NANM TRUE/FALSE Answerback status on the close side is output.


C5-13


C5.5 MOB_21 (BOOL-type data manualoperation function block with three-position answerback)

For example, The MOB_21 function block is used to perform manual operations mainly froman HIS, with checking of answerback inputs from each of the opening/closing limit switches ofa valve.

SHDN SS IN SW AINP AINM MTM IOP OOP OTEN PSWD

MOB_21

OUT NANP NANM NPER

Figure C5.5-1 MOB_21

<C5.5 MOB_21 (BOOL-type data manual operation function block with three-position answerback) >

C5-14


n Arguments

Table C5.5-1 Arguments of MOB_21


IN SHDN BOOL Shutdown signal.(The meaning of the signal is determined by the value of SS.)


IN BOOL Value specified to be output when manual operation is prohibited.The value specified in this parameter is output to OUT if SW isFALSE.


AINP BOOL Answerback input value on the open side (*1)TRUE: Full open status.FALSE: Not full-open status.

AINM BOOL Answerback input value on the closed side. (*1)TRUE: Full close status.FALSE: Not full-close status.


IOP BOOL Signal for monitoring input status.TRUE: Normal status.FALSE: Abnormal status.





OUT OUT BOOL Open/close operation output value. (*1)TRUE: Open instruction.FALSE: Close instruction.

NANP BOOL Answerback status on the open side (*1)TRUE: Normal status.FALSE: Abnormal status.

NANM BOOL Answerback status on the closed side (*1)TRUE: Normal status.FALSE: Abnormal status.

NPER BOOL Answerback pattern.TRUE: Normal status.FALSE: Abnormal status.

*1: Assuming that the target is a valve, Open and Closed are used as terms to describe the status.

n DescriptionThe MOB_21 function block is used to perform manual operations from an HIS at starting upand maintaining a plant. It outputs BOOL type values.


C5-15


The MOB_21 function block has input parameters (SHDN and SS) for receiving shutdownevents and outputs shutdown logic signals with the highest priority if a shutdown event oc-curs.It is possible to switch between permitting and prohibiting manual operations from an HIS bythe input to SW.If TRUE is input to SW, the MOB_21 function block outputs a manual operation output valuefrom the HIS to OUT. If FALSE is input to SW, it outputs the IN value as is to OUT.It also performs answerback checks based on OUT and the answerback input values (AINPand AINM) for opening and closing, respectively, and outputs the results to NANP, NANM andNPER.MOB_21 has the following functions.• Shutdown signals output







SEEALSO For more information about the functions that are the same as MOB_11, refer to:

D4.1, “HIS interfaces of MOB_11 and MOB_21 (BOOL-type data manual operation function block withanswerback)” on page D4-3

For more information about shutdown output function, refer to:

“n Shutdown output operation” on page C5-12



l SCS simulation testsThe answerback check masking time (MTM) on SCS simulator and on actual SCS may takedifferent time to reach time-up.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe input/output parameters of the MOB_21 function block operate in the same way as in theactual SCS. However, the following functions are not available.• System alarm notification

• CENTUM integration functionData reference using tag names from CENTUM and process alarm notification


C5-16


Table C5.5-2 Arguments of MOB_21 at logic simulation test


IN SHDN Valid

SS Valid

IN Valid


AINP Valid

AINM Valid

MTM Valid

IOP Invalid The value has no influence on operation and is ignored.




NANP TRUE/FALSE Answerback status on the open side is output.

NANM TRUE/FALSE Answerback status on the close side is output.

NPER TRUE/FALSE Answerback pattern status is output.


C5-17


C5.6 MOB_RS (auto-reset BOOL-type datamanual operation)

The MOB_RS function block outputs one-shot signals when manual operations are performedfrom an HIS.

SW AIN ADIR MTM

MOB_RS

OUT NANM

Figure C5.6-1 MOB_RS

n Arguments

Table C5.6-1 Arguments of MOB_RS


IN SW BOOL Toggle switch between permitting and prohibiting manual operation.TRUE: The operation output value from HIS is output to OUT.FALSE: FALSE is output to OUT.

AIN BOOL Answerback input value.

ADIR BOOL Answerback operation direction specification.TRUE: Forward operation.FALSE: Reverse operation.


OUT OUT BOOL Operation output value for logic reset (pulse signal).

NANM BOOL Answerback status.TRUE: Normal status.FALSE: Abnormal status.

n DescriptionAn MOB_RS function block outputs signals according to manual operations from an HIS andhas the function to automatically recover the output value after one SCS scan period. It canbe used as a switch to reset shutdown status at restoration of a plant if the plant is shut downby shutdown logic signals.It is possible to switch between permitting and prohibiting manual operations from an HIS bythe input to SW.If TRUE is input to SW, manual operations from the HIS are allowed. If MV is changed from 0to 2 via manual operations from the HIS, the MOB_RS function block outputs TRUE to OUT.The value of OUT is automatically reset to FALSE after one scan.If FALSE is input to SW, manual operations from the HIS are prohibited and the MOB_RSfunction block outputs FALSE to OUT.MOB_RS has the following functions.• Manual operation permission

• Automatic reset


<C5.6 MOB_RS (auto-reset BOOL-type data manual operation) > C5-18



SEEALSO For more information about manual operation permissions and the auto-recovery function, refer to:

“n Overview of processing MOB_RS” on page D4-22

For more information about the CENTUM integration function, refer to:

D4.2.2, “Tag name interfaces and process alarms of MOB_RS” on page D4-26

For more information about the answerback check function, refer to:

“n Answerback check” on page D4-22



l SCS simulation testsThe answerback check masking time (MTM) on SCS simulator and on actual SCS may takedifferent time to reach time-up.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe input/output parameters of the MOB_RS function block operate in the same way as in theactual SCS. The following functions become invalid, however.• System alarm notification


Table C5.6-2 Arguments of MOB_RS at logic simulation test


IN SW Valid FALSE (fixed) is output to OUT regardless of whether SW is TRUEor FALSE

AIN Valid

ADIR Valid

MTM Valid

OUT OUT FALSE FALSE (fixed) is output to OUT regardless of whether SW is TRUEor FALSE

NANM TRUE/FALSE Answerback status is output

<C5.6 MOB_RS (auto-reset BOOL-type data manual operation) > C5-19


C5.7 MOA (analog-type data manual operation)Using the MOA function block, it is possible to monitor/change values of analog output varia-bles from an HIS.

SHDN SDV IN SW FV OOP OTEN PSWD

MOA

OUT

Figure C5.7-1 MOA

n Arguments

Table C5.7-1 Arguments of MOA


IN SHDN BOOL Shutdown signal.TRUE: Normal processing is performed.FALSE: Shutdown processing is performed.

SDV REAL Shutdown output value (0 to 100%).

IN REAL Value specified to be output when manual operation is prohibited (0to 100%).The value specified in this parameter is output to OUT if SW isFALSE.


FV REAL Feedback input value.





OUT OUT REAL Analog operation output value (0 to 100%).

n DescriptionUsing the MOA function block, it is possible to monitor/change values of analog output varia-bles from an HIS.The MOA function block has input parameters (SHDN and SDV) for receiving shutdownevents and outputs shutdown logic signals with the highest priority if a shutdown event oc-curs.It is possible to switch between permitting and prohibiting manual operations from an HIS bythe input to SW. If TRUE is input to SW, the MOA function block outputs a manual operation

<C5.7 MOA (analog-type data manual operation) > C5-20


output value from the HIS to OUT. If FALSE is input to SW, it outputs the IN value as is toOUT.Note that MOA outputs the actual value as is to OUT even if the shutdown output value (SDV)or IN value are outside the range from 0 to 100%.MOA has the following functions.• Shutdown signals output



• Feedback


• OOP monitoring


The Output enable status display function is the same as in MOB_11 and MOB_21.The Password function is the same as in MOB_11 and MOB_21.

SEEALSO For more information about the shutdown output and the manual operation permission function, refer to:

“n Overview of processing MOA” on page D4-30

For more information about the feedback function, refer to:

“n Feedback input” on page D4-30

For more information about the OOP function, refer to:

“n OOP detection” on page D4-31

For more information about the output enable status display function, refer to:

D4.1.3, “The Output Enable status display function” on page D4-10

For more information about the password function, refer to:

D4.1.2, “Password at manual operations” on page D4-9

For more information about the CENTUM integration function, refer to:

D4.3.2, “Tag name interfaces and process alarms of MOA” on page D4-32



l SCS simulation testsThe input/output parameters of the MOA function block operate in the same way as in the ac-tual SCS.

l Logic simulation testsThe input/output parameters of the MOA function block operate in the same way as in the ac-tual SCS. The following functions become invalid, however.• System alarm notification




Table C5.7-2 Arguments of MOA at logic simulation test


IN SHDN Valid

SDV Valid

IN Valid


FV Invalid The value has no influence on operation and is ignored.


OTEN Invalid The value has no influence on operation and is ignored.





C6. Interference-free functionsThis chapter explains the interference-free functions (functions not interfering with the safetyfunctions) that are unique to ProSafe-RS.The interference-free functions are shown below.• LOGE (natural logarithm)

• POWE (exponential function with base e)

<C6. Interference-free functions> C6-1


C6.1 LOGE (natural logarithm)LOGE can be used to calculate the natural logarithm of a real value.

IN Q

LOGE

Figure C6.1-1 LOGE

n Arguments

Table C6.1-1 Arguments of LOGE



OUT Q REAL Output value.

n DescriptionLOGE calculates the natural logarithm (logarithm with base e) of the input value. However, ifthe input value IN is set to zero (0) or below, the output value Q is set to -1E35.

n Remarks• LOGE is an interference-free function. Do not use it for input to safety loops.

• Design an application so that an overflow does not occur in calculation.

• LOGE can be used in SCS databases created by SENG of R3.02.10 or later.

<C6.1 LOGE (natural logarithm)> C6-2


C6.2 POWE (exponential function with base e)POWE can be used to calculate e (the base of the natural logarithm) to the power of the inputvalue.

IN Q

POWE

Figure C6.2-1 POWE

n Arguments

Table C6.2-1 Arguments of POWE



OUT Q REAL Output value.

n DescriptionPOWE calculates e (the base of the natural logarithm) to the power of the input value. Theformula for Q is as follows:

Q=eIN

n Remarks• POWE is an interference-free function. Do not use it for input to safety loops.

• Design an application so that an overflow does not occur in calculation.

• When calculating a power of the base of the natural logarithm, use POWE rather thanPOW.

• POWE can be used in SCS databases created by SENG of R3.02.10 or later.

<C6.2 POWE (exponential function with base e)> C6-3


C7. Interference-free function blocksThis chapter explains function blocks that are unique to ProSafe-RS and interference-free (donot interfere with the safety functions).The following function blocks are provided for interference-free.• Annunciator (ANN)

• BOOL-type data SOER (SOE_B)

• INTEGER-type data SOER (SOE_I)

• REAL-type data SOER (SOE_R)

• Interference-free link transmission data input (LTFCS)

<C7. Interference-free function blocks > C7-1


C7.1 ANN (annunciator)The ANN function block generates annunciator messages if an HIS is connected.

IN

ANN

Figure C7.1-1 ANN

n Arguments

Table C7.1-1 Arguments of ANNIN/OUT Argu-


IN IN BOOL Input value.

n DescriptionThe ANN function block generates annunciator messages when an HIS is connected.It generates an annunciator message notifying that an alarm has been generated if the inputvalue (IN) changes from FALSE to TRUE. If the input value (IN) changes from TRUE toFALSE, it generates an annunciator message notifying that the function block has recoveredfrom the alarm. Message character strings are specified in Tag Name Builder. The default val-ue for IN when starting an SCS is FALSE.

SEEALSO For more information about the annunciator message definition in Tag Builder, refer to:

2.1.4, “Defining tag names” in Integration with CENTUM VP/CS 3000 (IM 32Q01E10-31E)

n RemarksThe ANN function block is an interference-free function block.


l SCS simulation testsThe input parameter of the ANN function block operate in the same way as in the actual SCS.

l Logic simulation testsThe CENTUM integration function is invalid. Notification of annunciator messages is not per-formed.

<C7.1 ANN (annunciator) > C7-2


C7.2 SOE_B (BOOL-type data SOER)The SOE_B function block collects SOE data of BOOL type.

SOE_B

IN

ID

TRP

Figure C7.2-1 SOE_B

n Arguments

Table C7.2-1 Arguments of SOE_BIN/OUT Argu-


IN IN BOOL Input value.

TRP DINT Trip signal specification.TRIP_NONE: Do not regard as a trip signal.TRIP_OFF: Regard as a trip signal if IN changes from TRUE toFALSE.TRIP_ON: Regard as a trip signal if IN changes from FALSE toTRUE.

ID STRING Event identification character string constant (constant of up to 32single-byte or 16 double-byte characters).

n DescriptionThe SOE_B function block collects SOE data of BOOL type.The SOE_B function block collects events at the timing when input value IN changes. If thetrip signal specification is set to a value other than TRIP_NONE, events collected with theSOE_B function block are treated as trip signals. ID is event identification information and dis-played on SOE Viewer. Specify a character string (up to 32 single-byte or 16 double-bytecharacters) in order to identify the event.

SEEALSO For more information about the trip signal, refer to:

“n Trip signal” on page A7-9

n RemarksThe SOE_B function block is an interference-free function block. Specify a character stringconstant for ID.TRIP_NONE, TRIP_OFF and TRIP_ON have been defined in an SCS project in advance asconstants with the values 0, 1 and 2, respectively. Do not change already defined constants.


l SCS simulation testsThe input parameters of the SOE_B function block operate in the same way as in the actualSCS.

<C7.2 SOE_B (BOOL-type data SOER) > C7-3


l Logic simulation testsThe SOER function becomes invalid. Events are not recorded.

<C7.2 SOE_B (BOOL-type data SOER) > C7-4


C7.3 SOE_I (INTEGER-type data SOER)The SOE_I function block collects SOE data of integer type.

SOE_I

IN

TRIG

ID

TRP

Figure C7.3-1 SOE_I

n Arguments

Table C7.3-1 Arguments of SOE_IIN/OUT Argu-


IN IN DINT Input value.

TRIG BOOL Trigger signal

TRP DINT Trip signal specification.TRIP_NONE: Do not regard as a trip signal.TRIP_OFF: Triggers a trip signal when TRIG changes from TRUE toFALSE.TRIP_ON: Triggers a trip signal when TRIG changes from FALSE toTRUE.

ID STRING Event identification character string constant (constant of up to 32 sin-gle-byte or 16 double-byte characters).

n DescriptionThe SOE_I function block collects SOE data of integer type.The SOE_I function block collects events at the timing when the trigger signal value changes.If the trip signal specification is set to TRIP_ON or TRIP_OFF, events collected with theSOE_I function block are treated as trip signals. ID is event identification information and dis-played on SOE Viewer. Specify a character string (up to 32 single-byte or 16 double-bytecharacters) in order to identify the event.



n RemarksThe SOE_I function block is an interference-free function block. Specify a character stringconstant for ID.TRIP_NONE, TRIP_OFF and TRIP_ON have been defined in an SCS project in advance asconstants. Do not change already defined constants.

<C7.3 SOE_I (INTEGER-type data SOER) > C7-5



l SCS simulation testsThe input parameters of the SOE_I function block operate in the same way as in the actualSCS.


<C7.3 SOE_I (INTEGER-type data SOER) > C7-6


C7.4 SOE_R (REAL-type data SOER)The SOE_R function block collects SOE data of real number type.

IN

TRIG

ID

TRP

SOE_R

Figure C7.4-1 SOE_R

n Arguments

Table C7.4-1 Arguments of SOE_RIN/OUT Argu-



TRIG BOOL Trigger signal.

TRP DINT Trip signal specification.TRIP_NONE: Do not regard as a trip signal.TRIP_OFF: Triggers a trip signal when TRIG changes from TRUE toFALSE.TRIP_ON: Triggers a trip signal when TRIG changes from FALSE toTRUE.

ID STRING Event identification character string constant (constant of up to 32 sin-gle-byte or 16 double-byte characters).

n DescriptionThe SOE_R function block collects SOE data of real number type.The SOE_R function block collects events at the timing when the trigger signal valuechanges. If the trip signal specification is set to TRIP_ON or TRIP_OFF, events collected withthe SOE_R function block are treated as trip signals. ID is event identification information anddisplayed on SOE Viewer. Specify a character string (up to 32 single-byte or 16 double-bytecharacters) in order to identify the event.



n RemarksThe SOE_R function block is an interference-free function block. Specify a character stringconstant for ID.TRIP_NONE, TRIP_OFF and TRIP_ON have been defined in an SCS project in advance asconstants. Do not change already defined constants.

<C7.4 SOE_R (REAL-type data SOER) > C7-7



l SCS simulation testsThe input parameters of the SOE_R function block operate in the same way as in the actualSCS.


<C7.4 SOE_R (REAL-type data SOER) > C7-8


C7.5 LTFCS (interference-free link transmissiondata input)

The LTFCS function block can be used for receiving the link transmission data (Global Switch)sent from FCSs (including APCS and GSGW).

GSV

LTFCS

STS

Figure C7.5-1 LTFCS

n Arguments

Table C7.5-1 Arguments of LTFCS


OUT GSV BOOL Output value (value of %GS).

STS BOOL Data status.TRUE: Normal.FALSE: Abnormal (including cases where data is not received).

n DescriptionLTFCS is a function block for receiving the link transmission data (Global Switches) sent fromFCSs (including APCS and GSGW) in the same domain.The output parameter GSV outputs the BOOL type data of the received global switches.The output parameter STS outputs the data status of the received link transmission data.When a communication error occurs, GSV will output a fail-safe value previously specified onthe SCS Link Transmission Builder. When the communication recovers from the erroneousstatus, the block will return to output the receiving data. Create application logics for latchingand unlatching the output to manage the error occurrence.

n Remarks• The LTFCS function block is an interference-free function block.



l SCS simulation testsThe output parameters of the LTFCS function block operate in the same way as in the actualSCS.

l Logic simulation testsThe SCS link transmission is invalid. The output parameters are invalid.

<C7.5 LTFCS (interference-free link transmission data input) > C7-9


Table C7.5-2 Arguments of LTFCS at logic simulation test


OUT GSV Invalid The output values are invalid.

STS Invalid The data status of the global switch is invalid.

<C7.5 LTFCS (interference-free link transmission data input) > C7-10


C8. Subsystem communication functionblocks (interference-free FB)

In this chapter, the function blocks used for subsystem communication will be explained.The following function blocks are provided for subsystem communication.• BOOL-type subsystem communication input (SCI_B)

• INTEGER-type subsystem communication input (SCI_I)

• REAL-type subsystem communication input (SCI_R)

• BOOL-type subsystem communication output (SCO_B)

• INTEGER-type subsystem communication output (SCO_I)

• REAL-type subsystem communication output (SCO_R)

<C8. Subsystem communication function blocks (interference-free FB) > C8-1


C8.1 SCI_B (BOOL-type subsystemcommunication input)

The SCI_B function block is used to input to the application logic the communication input da-ta and data status that have been wired to SCI_B instances using the Communication I/OBuilder.

V

STS

SCI_B

Figure C8.1-1 SCI_B

n Arguments

Table C8.1-1 Arguments of SCI_B


OUT V BOOL Data value.

STS BOOL Data status.TRUE: GOOD (Communication data reception was successful).FALSE: BAD (Communication data reception failed).

n DescriptionThe SCI_B function block inputs the BOOL-type communication data and data status re-ceived from subsystems to the application logic.

• The data value (V) is a value input from a subsystem.

• The data status (STS) indicates whether or not the data was acquired from the applica-ble subsystem (*1). It becomes TRUE if the data was acquired, and FALSE if it could notbe acquired.

*1: Errors in subsystems, such as an error of a subsystem's input terminal or wiring error between a subsystem's input terminaland a sensor, cannot be detected. These errors need to be handled in the applicable subsystem.

n Remarks• The SCI_B function block is an interference-free function block. Do not use it to input data

to safety loops.

• The SCI_B is a function block that assumes use of communication inputs. Create instan-ces and wire them to communication inputs using the Communication I/O Builder.



l SCS simulation testsSame as an actual SCS, the SCS simulator can read the logical data in the communicationI/O data area. Since the physical modules do not exist, the data values and data status aredifferent from the actual SCS.

<C8.1 SCI_B (BOOL-type subsystem communication input) > C8-2


SEEALSO For more information about operations in SCS simulation tests, refer to:

3.3, “Execution of SCS simulation tests” in ProSafe-RS System Test Reference (IM 32Q04B30-31E)

l Logic simulation testsThe table below lists the input/output values in a logic simulation test.

Table C8.1-2 Arguments of SCI_B in logic simulation test


OUT V Retention ofprevious value

The previous value is retained. (Default: FALSE)The SCI_B function block can be used to debug the application logicby changing this value.

STS Retention ofprevious value

The previous value is retained. (Default: FALSE)The SCI_B function block can be used to debug the application logicby changing this value.

<C8.1 SCI_B (BOOL-type subsystem communication input) > C8-3


C8.2 SCI_I (INTEGER-type subsystemcommunication input)

The SCI_I function block is used to input to the application logic the communication input dataand data status that have been wired to SCI_I instances using the Communication I/O Build-er.

V

STS

SCI_I

Figure C8.2-1 SCI_I

n Arguments

Table C8.2-1 Arguments of SCI_I


OUT V DINT Data value.


n DescriptionThe SCI_I function block inputs the integer-type communication data and data status receivedfrom subsystems to the application logic.




n Remarks• The SCI_I function block is an interference-free function block. Do not use it to input data

to safety loops.

• The SCI_I is a function block that assumes use of communication inputs. Create instan-ces and wire them to communication inputs using the Communication I/O Builder.




<C8.2 SCI_I (INTEGER-type subsystem communication input) > C8-4





Table C8.2-2 Arguments of SCI_I in logic simulation test



The previous value is retained. (Default: 0)The SCI_I function block can be used to debug the application logicby changing this value.


The previous value is retained. (Default: FALSE)The SCI_I function block can be used to debug the application logicby changing this value.

<C8.2 SCI_I (INTEGER-type subsystem communication input) > C8-5


C8.3 SCI_R (REAL-type subsystemcommunication input)

The SCI_R function block is used to input to the application logic the communication input da-ta and data status that have been wired to SCI_R instances using the Communication I/OBuilder.

V

STS

SCI_R

Figure C8.3-1 SCI_R

n Arguments

Table C8.3-1 Arguments of SCI_R


OUT V REAL Data value.


n DescriptionThe SCI_R function block inputs the real number-type communication data and data statusreceived from subsystems to the application logic.




n Remarks• The SCI_R function block is an interference-free function block. Do not use it to input da-

ta to safety loops.

• The SCI_R is a function block that assumes use of communication inputs. Create instan-ces and wire them to communication inputs using the Communication I/O Builder.




<C8.3 SCI_R (REAL-type subsystem communication input) > C8-6





Table C8.3-2 Arguments of SCI_R in logic simulation test



The previous value is retained. (Default: 0.0)The SCI_R function block can be used to debug the application logicby changing this value.


The previous value is retained. (Default: FALSE)The SCI_R function block can be used to debug the application logicby changing this value.

<C8.3 SCI_R (REAL-type subsystem communication input) > C8-7


C8.4 SCO_B (BOOL-type subsystemcommunication output)

The SCO_B function block is used to output values of the application logic to the communica-tion outputs that have been wired to SCO_B instances using the Communication I/O Builder.

RDBK V

STS

SCO_B

Figure C8.4-1 SCO_B

n Arguments

Table C8.4-1 Arguments of SCO_B


IN V BOOL Data value

OUT RDBK BOOL Reserved: Always FALSE.

STS BOOL Data status.TRUE: Communication with the subsystem was successful.FALSE: Communication with the subsystem failed.

n DescriptionThe SCO_B function block is used to output BOOL-type values of the application logic to sub-systems.

• The data value (V) is a value output to a subsystem.

• The data status (STS) indicates whether or not communication with the applicable sub-system was successful (*1)(*2) . It becomes TRUE if communication was successful,and FALSE if communication failed.

*1: Errors in subsystems, such as an error of a subsystem's output terminal or wiring error between a subsystem's output termi-nal and a device, cannot be detected. These errors need to be handled in the applicable subsystem.

*2: The data status becomes TRUE as long as communication was successful, even when the output enable operation is not yetperformed.

n Remarks• The SCO_B function block is an interference-free function block. Do not use it to input or

output data to/from safety loops.

• The SCO_B is a function block that assumes use of communication outputs. Create in-stances and wire them to communication outputs using the Communication I/O Builder.



l SCS simulation testsSame as an actual SCS, the SCS Simulator can write the logical data to the communicationI/O data area. Since the physical modules do not exist, the communication cannot be estab-lished.

<C8.4 SCO_B (BOOL-type subsystem communication output) > C8-8



Table C8.4-2 Arguments of SCO_B in logic simulation test


OUT RDBK Retention ofprevious value The previous value is retained. (Default: FALSE)


The previous value is retained. (Default: FALSE)The SCO_B function block can be used to debug the applicationlogic by changing this value.

<C8.4 SCO_B (BOOL-type subsystem communication output) > C8-9


C8.5 SCO_I (INTEGER-type subsystemcommunication output)

The SCO_I function block is used to output values of the application logic to the communica-tion outputs that have been wired to SCO_I instances using the Communication I/O Builder.

RDBK V

STS

SCO_I

Figure C8.5-1 SCO_I

n Arguments

Table C8.5-1 Arguments of SCO_I


IN V DINT Data value

OUT RDBK DINT Reserved: Always 0


n DescriptionThe SCO_I function block is used to output integer-type values of the application logic to sub-systems.


• The data status (STS) indicates whether or not communication with the applicable sub-system was successful (*1)(*2). It becomes TRUE if communication was successful, andFALSE if communication failed.



n Remarks• The SCO_I function block is an interference-free function block. Do not use it to input or


• The SCO_I is a function block that assumes use of communication outputs. Create in-stances and wire them to communication outputs using the Communication I/O Builder.

• When SCO_I is applied for outputting a 16-bit integer (singed 16-bit integer or unsigned16-bit integer) as communication datum of an analog output, if the value set to the SCO_Iis beyond the range of the 16-bit integer, the value will not be written to the communica-tion output image area (for outputting to subsystem) and the data status (STS) will be-come FALSE.Range of 16-bit integer (communication data of analog output):• Singed 16-bit integer: -32768 to 32767

• Unsigned 16-bit integer: 0 to 65535

<C8.5 SCO_I (INTEGER-type subsystem communication output) > C8-10


It is necessary to create applications so that values outside the range of 16-bit integerswill not be set to SCO_I or so as to include checking the value of STS.




l Logic simulation testsThe table below shows the input and output values at a logic simulation test.

Table C8.5-2 Arguments of SCO_I in logic simulation test


IN V Invalid The output values are invalid.

OUT RDBK Retention ofprevious value The previous value is retained. (Default: 0)


The previous value is retained. (Default: FALSE)The SCO_I function block can be used to debug the application log-ic by changing this value.

<C8.5 SCO_I (INTEGER-type subsystem communication output) > C8-11


C8.6 SCO_R (REAL-type subsystemcommunication output)

The SCO_R function block is used to output values of the application logic to the communica-tion outputs that have been wired to SCO_R instances using the Communication I/O Builder.

RDBK V

STS

SCO_R

Figure C8.6-1 SCO_R

n Arguments

Table C8.6-1 Arguments of SCO_R


IN V REAL Data value

OUT RDBK REAL Reserved: Always 0.0.


n DescriptionThe SCO_R function block is used to output real number-type values of the application logicto subsystems.


• The data status (STS) indicates whether or not communication with the applicable sub-system was successful (*1)(*2). It becomes TRUE if communication was successful, andFALSE if communication failed.



n Remarks• The SCO_R function block is an interference-free function block. Do not use it to input or


• The SCO_R is a function block that assumes use of communication outputs. Create in-stances and wire them to communication outputs using the Communication I/O Builder.




<C8.6 SCO_R (REAL-type subsystem communication output) > C8-12



Table C8.6-2 Arguments of SCO_R in logic simulation test


IN V Invalid The output values are invalid.

OUT RDBK Retention ofprevious value The previous value is retained. (Default: 0.0)


The previous value is retained. (Default: FALSE)The SCO_R function block can be used to debug the applicationlogic by changing this value.

<C8.6 SCO_R (REAL-type subsystem communication output) > C8-13


C9. External communication functionblocks

The external communication function blocks output external settings (from CENTUM or aModbus master station with a connected Modbus slave). There are following three types ofexternal communication function blocks.

Table C9-1 Types of external communication function blocksType Name Function Data type of output parameter

OUTECW_B BOOL-type data external

communicationBOOL-type data setting BOOL type

ECW_I INTEGER-type data exter-nal communication

DINT-type data setting DINT type

ECW_R REAL-type data externalcommunication

REAL-type data setting REAL type

The following figures illustrate the three types of external communication function blocks.

C080001E.ai

BOOL-type data

ECW_I

DINT-type data

ECW_R

REAL-type data

OUT

OUT

ECW_B

OUT

Figure C9-1 External communication FB

SEEALSO For more information about how to use external communication function blocks, refer to:

D5., “Data setting using external communication function blocks” on page D5-1

n DescriptionThe external communication function blocks are used to set data from the Modbus master viaModbus slave connection or to set data in a CENTUM integration structure.

n RemarksThe external communication function blocks are interference-free function blocks.To use data set with ECW_B, ECW_I and ECW_R function blocks in the safety functions, it isnecessary to incorporate Safety Measure (various functions for securing safety) with a userapplication.

<C9. External communication function blocks > C9-1


C10. Safety system function blocksSystem function blocks reflect the status of an SCS. This chapter explains the safety systemfunction blocks.The safety system function blocks are shown below.• SCS Status Management (SYS_STAT)

• Forcing Status Management (SYS_FORCE)

• SCS Link Transmission Lock Status Monitor (SYS_FORCE_LT)

• Inter-SCS Safety Communication Forcing Status Management (SYS_FORCE_BD)

• SCS Link Transmission Reception Status Monitor (SYS_LTSTS)

• Diagnostic information Output (SYS_DIAG)

• Security Level Management (SYS_SECURE)

• Security Level Protection (SYS_SEC_CTL)

• Override Function Blocks Management (SYS_OVR)

• Password Function Blocks Management (SYS_PSWD)

• Station Output Shutdown (SYS_ALLSD)

• Module Output Shutdown (SYS_IOSD)

• All I/O Channels of SCS Status Indicator (SYS_IOALLST)

• All I/O Channels of Node Status Indicator (SYS_NODEST)

• Output Module 8 Channels Indicator (SYS_OUTST)

• Output Module 16 Channels Indicator (SYS_OUTST16)

• Input Module Status Indicator (SYS_INST)

• Channel Status Indicator (SYS_CHST)

• Output Module Status Indicator (SYS_OUTEN)

• Computation Error Indicator (SYS_CERR)

• Scan Period Extension Indicator (SYS_SCANEXT)

<C10. Safety system function blocks > C10-1


C10.1 SYS_STAT (SCS status management)The SYS_STAT system function block indicates the operating status of an SCS.

SYS_STAT

MODE RUN

Figure C10.1-1 SYS_STAT

n Arguments

Table C10.1-1 Arguments of SYS_STATIN/OUT Arguments Data type Description

IN RUN BOOL Output enable operation.FALSE -> TRUE: Perform the output enable operation.Other: Do nothing.

OUT MODE DINT Operating Mode.3: Waiting mode.4: Running mode.

n DescriptionThe SYS_STAT system function block shows the operating status of an SCS.The output enable operation on output modules is normally performed from an SENG, but itcan be performed from an application logic by using the SYS_STAT system function block.The SYS_STAT system function block performs the output enable operation when RUN inputchanges from FALSE to TRUE. Set RUN to FALSE if the output enable operation is not per-formed.

n RemarksThis function block does not affect the Output Enable status of subsystem communication. Itonly affects safety outputs and outputs in inter-SCS safety communication immediately afteran SCS start.


l SCS simulation testsThe input/output parameters of the SYS_STAT function block operate in the same way as inthe actual SCS.


Table C10.1-2 Arguments of the SYS_STAT system function block at logic simulation testsIN/OUT Argu-

mentsValue Description

IN RUN Invalid Do not perform the output enable operation regardless of the inputvalue.

OUT MODE 4 The operating mode is fixed to the Running mode.

<C10.1 SYS_STAT (SCS status management) > C10-2


C10.2 SYS_FORCE (forcing status management)The SYS_FORCE system function block controls the forcing status of internal variables andI/O variables in SCS.

SYS_FORCE

NOV

LOCK UNLK

NUM CHKT

TUP FORC

Figure C10.2-1 SYS_FORCE

n Arguments

Table C10.2-1 Arguments of SYS_FORCEIN/OUT Argu-


IN UNLK BOOL Forcibly cancel the forcing status of all variables.FALSE -> TRUE: Perform forced cancellation.Other: Do nothing.

CHKT TIME Watching time of Forcing. 0 disables the watching timer.

FORC DINT Maximum number of variables that can be forced at the same time.FORC < 0 equivalent to FORC = 0.

OUT LOCK BOOL Existence of forced variables.FALSE: None.TRUE: At least one.

NUM DINT Total number of forced variables.

TUP BOOL Indicates whether or not the locked status has continued exceedingthe monitoring time.FALSE: Not exceeded.TRUE: Exceeded.

NOV BOOL Indicates whether or not the number of locked variables has excee-ded the maximum allowable number.FALSE: The maximum allowable number is not exceeded.TRUE: The maximum allowable number is exceeded

n DescriptionThe SYS_FORCE system function block controls the forcing status.

l Input• UNLK is an input for forcibly cancelling the forced status of all variables. If UNLK changes

from FALSE to TRUE, all variables locked with the forcing function are forcibly unlocked.Set UNLK to FALSE if this operation is not performed.

• Specify the monitoring time of the forcing status for CHKT. If the status where one ormore variables are locked continues longer than the monitoring time specified by CHKT, adiagnostic information message is generated to inform the user. Diagnostic informationmessages are re-generated at intervals corresponding to the monitoring time specified byCHKT.

• Specify the maximum number of variables that can be locked at the same time for FORC.If NUM becomes greater than FORC, a diagnostic information message is generated to

<C10.2 SYS_FORCE (forcing status management) > C10-3


inform the user that the specified maximum number is exceeded. Note that when NUMreturns to equal to FORC or smaller, a diagnostic information message indicating recov-ery is notified.

l Output• LOCK is an output that indicates whether or not there are any variables that are locked.

LOCK becomes TRUE if any variable is locked.

• NUM is the number of locked variables.

• TUP is an output that indicates whether or not there are any variables that have remainedlocked longer than the monitoring time specified by CHKT.

• NOV is an output that indicates whether or not the number of locked variables has excee-ded the maximum allowable number specified by FORC.

n RemarksThe variables handled by this function block do not contain subsystem communication data.


l SCS simulation testsThe time-up period of the lock status monitoring time (CHKT) is different from actual SCS.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsAll the inputs are invalid and all the outputs are fixed. Diagnostic information messages arenot generated either.

Table C10.2-2 Arguments of the SYS_FORCE system function block at logic simulation testsIN/OUT Argu-


IN UNLK Invalid Invalid. The forcing status is not forcibly cancelled regardless of theinput value.

CHKT Invalid Invalid

FORC Invalid Invalid

OUT LOCK FALSE Indicates no forced variable.

NUM 0 Indicates no forced variable.

TUP FALSE Indicates no forced variable.

NOV FALSE Indicates no forced variable.

<C10.2 SYS_FORCE (forcing status management) > C10-4


C10.3 SYS_FORCE_LT (SCS link transmissionlock status monitor)

The SYS_FORCE_LT function block is used for forcing management of SCS link transmissiondata.

SYS_FORCE_LT

NOV

LOCK UNLK

NUM CHKT

TUP FORC

Figure C10.3-1 SYS_FORCE_LT

n Arguments

Table C10.3-1 Arguments of SYS_FORCE_LT


IN UNLK BOOL Forcibly unlocks all the locked SCS Link Transmission data.FALSE -> TRUE: Perform forced cancellation.Other: Do nothing.

CHKT TIME Monitors the locked time of SCS link transmission data. When theSCS link transmission data are locked for a time longer than CHKTtime, a diagnostic information message will be generated and sentto the user. 0 disables the watching timer.

FORC DINT Maximum number of stations that can be forced at the same time.When the number of the stations locked SCS link transmission datais greater than FORC, a diagnostic information message will be gen-erated and sent to the user. FORC < 0 equivalent to FORC = 0.

OUT LOCK BOOL Presence of locked stations.FALSE: None.TRUE: At least one.

NUM DINT The total number of locked stations.

TUP BOOL Indicates that the locked time has reached the time-up.FALSE: Not exceeded.TRUE: Exceeded.

NOV BOOL Indicates whether or not the number of locked stations has excee-ded the maximum allowable number.FALSE: Not exceeded.TRUE: Exceeded the allowed maximum number.

n DescriptionSYS_FORCE_LT is a function block for forcing management of SCS link transmission data.

l Input• UNLK is an input terminal for the signal to unlocking all the locked SCS link transmission

data. When UNLK changes from FALSE to TRUE, all the locked data of the stations willbe forcibly unlocked. Set FALSE to UNLK, if unlocking will not be performed.

• Specify the monitoring time of the locking status to CHKT. If the status where one or morestations are locked continues longer than the monitoring time specified by CHKT, a diag-

<C10.3 SYS_FORCE_LT (SCS link transmission lock status monitor) > C10-5


nostic information message is generated to inform the user. Diagnostic information mes-sages are re-generated at intervals corresponding to the monitoring time specified byCHKT.If CHKT = 0, the elapsed time after locking is not monitored.

• FORC is used as the maximum number of simultaneously locked SCS link transmissiondata of a station. If NUM becomes greater than FORC, a diagnostic information messageis generated to notify that the specified maximum number is exceeded. Note that whenNUM returns to equal to FORC or smaller, a diagnostic information message indicatingrecovery is notified.

l Output• LOCK is used to indicate if there is any station that contains the locked SCS link trans-

mission data. If any station is locked, the value of LOCK becomes TRUE.

• NUM indicates the number of locked stations. This is the number of all the locked stationsincluding the sending and receiving stations. A station means either FCS or SCS.

• TUP is an output that indicates whether or not SCS link transmission data remain locked,in at least one station, for longer than the monitoring time specified by CHKT.

• NOV is an output that indicates whether or not the number of locked stations has excee-ded the maximum allowable number specified by FORC.



l SCS simulation testsThe time-up period of the lock status monitoring time (CHKT) is different from actual SCS.SCS simulator only executes the application logics at 1 second scan period.Therefore, the SCS simulation can only run at 1 second scan period if the application logicscan period is specified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.


Table C10.3-2 Arguments of SYS_FORCE_LT at logic simulation test


IN UNLK Invalid Specification of forced lock cancellation is invalid.

CHKT Invalid No notification is made even if the lock status monitoring time is ex-ceeded.

FORC Invalid Disables monitoring the number of forcing permissions.

OUT LOCK FALSE Always output as not locked

NUM 0

TUP FALSE

NOV FALSE

<C10.3 SYS_FORCE_LT (SCS link transmission lock status monitor) > C10-6


C10.4 SYS_FORCE_BD (inter-SCS safetycommunication forcing statusmanagement)

The SYS_FORCE_BD function block manages the lock status of inter-SCS safety communi-cation data.

SYS_FORCE_BD

UNLK

CHKT

FORC

LOCK

NUM

TUP

NOV

Figure C10.4-1 SYS_FORCE_BD

n Arguments

Table C10.4-1 Arguments of SYS_FORCE_BDIN/OUT Argu-


IN UNLK BOOL Forcibly cancel locking of all function blocks for inter-SCS safetycommunication.From FALSE to TRUE: Forcibly cancel.Other: Do nothing.

CHKT TIME Monitoring time of locking status of function block for inter-SCS safe-ty communication. If the time elapsed after locking inter-SCS safetyfunction block exceeds CHKT, a diagnostic information message isnotified to the user. If 0 is specified, exceeded time is not checked.

FORC DINT The maximum number of stations for which locking is permitted atthe same time. If the number of stations whose inter-SCS safetycommunication function block is locked exceeds FORC, the fact isnotified to the user via diagnostic information messages. If FORC < 0is specified, the block functions as if FORC = 0 is specified.

OUT LOCK BOOL Presence of locked stations.FALSE: None.TRUE: 1 or more stations.

NUM DINT The total number of locked stations.

TUP BOOL Indicates if the elapsed time after locking exceeds the monitoringtime (CHKT).FALSE: Not exceeded.TRUE: Exceeded.

NOV BOOL Indicates if the number of locked stations exceeds the maximum al-lowed number (FORC).FALSE: Not exceeded.TRUE: Exceeded the allowed maximum number.

n DescriptionThe SYS_FORCE_BD function block is used to manage the lock status of inter-SCS safetycommunication function blocks.

<C10.4 SYS_FORCE_BD (inter-SCS safety communication forcing status management) > C10-7


l Input• UNLK is an input to forcibly cancel the lock status of all inter-SCS safety communication

function blocks. If the value of UNLK changes from FALSE to TRUE, all locked stationsare forcibly unlocked. UNLK should remain at FALSE if it is desired not to perform forcedcancellation.

• Specify the time to monitor lock status for CHKT. If there is at least one station where theinter-SCS safety communication function blocks are locked for a period longer than themonitoring time specified for CHKT, the condition is notified to the user via a diagnosticinformation message. Diagnostic information messages are resent at the interval of themonitoring time specified for CHKT if the inter-SCS safety communication function blocksremain locked. If CHKT = 0, the elapsed time after locking is not monitored.

• For FORC, specify the maximum number of stations whose inter-SCS safety communica-tion function blocks can be locked at the same time. If NUM becomes greater than FORC,a diagnostic information message is generated to notify that the specified maximum num-ber is exceeded. Note that when NUM returns to equal to FORC or smaller, a diagnosticinformation message indicating recovery is notified.

l Output• LOCK is an output indicating whether or not any station has locked inter-SCS safety com-

munication function blocks. If any station is locked, the value of LOCK becomes TRUE.

• NUM indicates the number of locked stations.

• TUP becomes TRUE if there is at least one station with inter-SCS safety communicationfunction blocks that continue to be locked for a period longer than the monitoring timespecified with CHKT.

• NOV becomes TRUE if the number of locked stations exceeded the maximum allowednumber specified with FORC.



l SCS simulation testsThe time-up period of the lock status monitoring time (CHKT) is different from actual SCS.SCS simulator only executes the application logics at 1 second scan period.Therefore, the SCS simulation can only run at 1 second scan period if the application logicscan period is specified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsAll the inputs are invalid and all the outputs are fixed. Diagnostic information messages arenot generated either.The table below shows the details of the input/output parameters.



Table C10.4-2 Arguments of SYS_FORCE_BD at logic simulation testsIN/OUT Argu-


IN UNLK Invalid Specification of forced lock cancellation is invalid.

CHKT Invalid No notification is made even if the lock status monitoring time is ex-ceeded.

FORC Invalid No notification is made for the allowable number of locked stations.

OUT LOCK FALSE Always output as not locked

NUM 0

TUP FALSE

NOV FALSE



C10.5 SYS_LTSTS (SCS link transmissionreception status monitor)

The SYS_LTSTS function block is used for indicating the reception status of SCS link trans-mission.

SYS_LTSTS

STS STN

DIAG

PALM

Figure C10.5-1 SYS_LTSTS

n Arguments

Table C10.5-1 Arguments of SYS_LTSTS


IN STN DINT The station number (1 to 64) of the monitored station.

OUT STS BOOL Indicates the reception data status.TRUE: GOOD.FALSE: BAD.

DIAG BOOL Diagnosis notification on the reception station.TRUE: Communication data error occurred.FALSE: Communication data error not occurred.

PALM BOOL Transmission delay pre-alarm on the reception station.TRUE: Transmission delay occurred.FALSE: Transmission delay not occurred.

n DescriptionSYS_LTSTS is a system function block for monitoring the reception status of SCS link trans-mission data of a station.

l Input• A station number (1 to 64) needs to be specified for STN.

When a number smaller than 1 or greater than 64 is specified, the STS will becomeFALSE, DIAG will become TRUE and PALM will become FALSE.

l Output• STS indicates the data status of logical data in the link transmission data area.

The data status output from STS is the same as the output of STS in LTFCS and LTRCVblocks.The STS will be held when the link transmission data of the designated station arelocked.

• DIAG indicates the diagnosis result for the SCS link transmission data input to the station.The reception status of the link transmission data will be indicated by DIAG regardless ifthe SCS link transmission data are locked or not.

• PALM is the pre-alarm of SCS link transmission delay, which is initiated before the delayreaches the transmission delay timeout value (DLYT) for SCS link transmission.

<C10.5 SYS_LTSTS (SCS link transmission reception status monitor) > C10-10


To initiate the pre-alarm, set the value of the pre-alarm (PALT) on the SCS Link Transmis-sion Builder.When the SCS link transmission delay reaches PALT, PALM will become TRUE. If PALTis set with 0, the pre-alarm will be disabled. Thus PALM will be fixed as FALSE.

l Case when the FCS is specified as the station numberIf the target station is specified with FCS, the link transmission delay pre-alarm will be disa-bled. PALM will be fixed as FALSE.

l If the specified station is not defined as receive station (including the localstation)

If a station not defined as a receiving station on SCS Link Transmission Builder is specified,the STS will become FALSE, DIAG will become TRUE and PALM will become FALSE.



l SCS simulation testsThe input/output parameters of the SYS_LTSTS function block operate in the same way as inthe actual SCS.

l Logic simulation testsThe SCS link transmission is invalid. All the inputs are invalid and all the outputs are fixed.Diagnostic information messages are not generated either.

Table C10.5-2 Arguments of SYS_LTSTS at logic simulation test


IN STN Invalid The station number is invalid.

OUT STS TRUE Always indicates normal status (TRUE,normal value:GOOD).

DIAG FALSE Always indicates normal status (FALSE).

PALM FALSE Always indicates normal status (FALSE).

<C10.5 SYS_LTSTS (SCS link transmission reception status monitor) > C10-11


C10.6 SYS_DIAG (diagnostic information output)The SYS_DIAG system function block detects whether or not there are any errors in the en-tire system, other than users' operation mistakes.

SYS_DIAG

DIAG IOER

VNER IRER

CMER OTER

Figure C10.6-1 SYS_DIAG

n Arguments

Table C10.6-1 Arguments of SYS_DIAGIN/OUT Argu-


OUT DIAG BOOL Presence of errors in the entire system, other than users' operationmistakes.FALSE: Normal status.TRUE: Abnormal status.

IOER BOOL Presence of I/O related errors.FALSE: Normal status.TRUE: Abnormal status.

VNER BOOL Presence of control bus related errors.FALSE: Normal status.TRUE: Abnormal status (communication impossible).

IRER BOOL Presence of IRIG-B related errors (fixed to FALSE if IRIG-B is notspecified for the time synchronization method).FALSE: Normal status.TRUE: Abnormal status.

CMER BOOL Presence of inter-SCS safety communication errors (Consumer er-ror only) or SCS Link Transmission errors.FALSE: Normal status.TRUE: Abnormal status.

OTER BOOL Presence of other errors.FALSE: Normal status.TRUE: Abnormal status.

n DescriptionThe SYS_DIAG system function block detects the presence of errors in the entire system,other than users' operation mistakes. It outputs the current status regardless of the operationsin the Diagnostic Information window of the SENG.

• DIAG indicates the presence of errors in the entire system. This output is the logical ORof all other output arguments.

• IOER indicates presence of errors related to inputs and outputs (including all AIO/DIOmodules and communication modules). It indicates abnormal status (TRUE) if nodes orinput/output modules do not exist as defined as well.

• VNER indicates the presence of errors related to the control bus communication. It indi-cates TRUE (communication failure) if the control bus communication has completely

<C10.6 SYS_DIAG (diagnostic information output) > C10-12


failed. However, to detect the occurrence of errors on one side of the bus, useSYS_NETST.

• IRER indicates the presence of errors related to IRIG-B. It indicates normal status(FALSE) if IRIG-B is not specified for the time synchronization method.

• CMER indicates the presence of errors in inter-SCS safety communication and SCS linktransmission.If all the reception data of inter-SCS safety communication consumer FBs are normal(*1) and all the reception data of SCS link transmission are normal (*2), CMER will out-put FALSE (normal status).

• OTER indicates the presence of other errors (*3). It indicates abnormal status (TRUE) ifHKU does not exist as defined as well.

*1: It takes it as normal when the consumer side does not have any consumer FB.*2: It takes it as normal when the reception of SCS link transmission is not defined. SCS link transmission refers to the SCS link

transmission safety communication and SCS global switch communication features.*3: • If CPU modules are redundantly configured, one module shows failure.

• FAN is abnormal (If FAN exists in the configuration).• CPU node IN/OUT temperature is abnormal.• Battery is abnormal.• Battery switch is off.

SEEALSO For more information about SYS_NETST, refer to:

C11.5, “SYS_NETST (control bus status indicator)” on page C11-9

n RemarksUse SYS_FORCE system function blocks to detect users' mistakes in lock operations,SYS_OVR system function blocks to detect mistakes in override operations, SYS_PSWD sys-tem function blocks to detect mistakes in operating switches with passwords, and SYS_SE-CURE system function blocks to detect operation mistakes at the security level.Any error status can be detected by referencing the SYS_DIAG system function block withthe system function blocks described above.


l SCS simulation testsSCS simulator indicates all the hardware related diagnosis status as normal (FALSE).

l Logic simulation testsAll the outputs are always fixed to "no error detection (FALSE)."

<C10.6 SYS_DIAG (diagnostic information output) > C10-13


C10.7 SYS_SECURE (security levelmanagement)

The SYS_SECURE system function block controls the security level of an SCS.

SYS_SECURE

RST LVL

CHKT TUP

Figure C10.7-1 SYS_SECURE

n Arguments

Table C10.7-1 Arguments of SYS_SECUREIN/OUT Argu-


IN RST BOOL Security level reset input (reset only at change from FALSE toTRUE).

CHKT TIME Watching time of Security level. 0 disables the watching timer.

OUT LVL DINT Current security level.

TUP BOOL Security level monitoring time overrun.FALSE: The monitoring time is not exceeded.TRUE: The monitoring time is exceeded.

n DescriptionThe SYS_SECURE system function block controls the security level of an SCS.Output parameter LVL indicates the current security level.The SYS_SECURE system function block forces the setting of the security level of SCS fromLevel1 to Level2 when the input value of RST changes from FALSE to TRUE. SYS_SECUREsystem function block cannot change the security level of SCS from Level0 to Level2. If youconnect RST to the discrete input, you can use it to reset the security level when SENG failsor a communication error occurs. Set the RST to FALSE when resetting from the discrete in-put is not necessary.The SYS_SECURE system function block monitors the security level. If Level1 continues lon-ger than the monitoring time specified by input argument CHKT, the SYS_SECURE systemfunction block generates a diagnostic information message and sets TUP to TRUE. Diagnos-tic information messages are regenerated at intervals corresponding to the monitoring timespecified by CHKT as long as Level1 continues.

n RemarksThe status of security level 0 (offline level) is not monitored.


l SCS simulation testsThe security level monitoring time (CHKT) on SCS simulator and on actual SCS may take dif-ferent time to reach time-up.

<C10.7 SYS_SECURE (security level management) > C10-14


SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsAll the inputs are invalid and the output is fixed. Diagnostic information messages are notgenerated either.

Table C10.7-2 Arguments of the SYS_SECURE system function block at logic simulation testsIN/OUT Arguments Value Remarks

IN RST Invalid Invalid. The security level is not reset regardless of the inputvalue


OUT LVL 2 Always fixed to Level 2.

TUP FALSE Always fixed to no error (FALSE).

<C10.7 SYS_SECURE (security level management) > C10-15


C10.8 SYS_SEC_CTL (security level protection)The SYS_SEC_CTL system function block provides protection against operations to changethe security level of a given SCS via password entry from the SENG.

SYS_SEC_CTL

STS FIX

Figure C10.8-1 SYS_SEC_CTL

n Arguments

Table C10.8-1 Arguments of SYS_SEC_CTL


IN FIX BOOL Specifies whether or not to disable security level change.TRUE: Disable change operations via password entry from the SENG.FALSE: Enable change operations via password entry from the SENG.

OUT STS BOOL Indicates whether or not security level change via password entry is dis-abled.TRUE: Security level change is disabled.FALSE: Security level change is enabled.

n DescriptionThe SYS_SEC_CTL system function block can be used to disable operations to change thesecurity level of a given SCS via password entry from the SENG. This system function blockpermits stricter control of security-level change operations targeting SCS.• If the input parameter FIX of the SYS_SEC_CTL system function block is TRUE, all at-

tempts to change the security level via password entry from the SENG are disabled. Theapplicable SCS returns an error to SENG from which a security-level change request wasreceived.

• The SYS_SEC_CTL system function block also controls security level reset to level 2.

• Changing the security level of a given SCS via password entry from the SENG is actuallyenabled or disabled from the next scan period after the FIX value was changed.

• Enabling/disabling of security-level change operations is notified by a diagnostic informa-tion message.

• Even when security-level change operations via password entry are disabled, passwordsassigned for security level change can still be changed.

n Remarks• Whether security level changes via password entry from the SENG are enabled or disa-

bled is not notified on the SCS State Management Window.

• Even when security level changes to an SCS are disabled by the SYS_SEC_CTL systemfunction block, the security level of the SCS can still be reset to level 2 using the RSTinput from the SYS_SECURE system function block or via the restart switch operation ofthe CPU module.

• This system function block can be used in new SCS databases created by SENG ofR1.01.30 or later.

<C10.8 SYS_SEC_CTL (security level protection) > C10-16



l SCS simulation testsThe input/output parameters of the SYS_SEC_CTL function block operate in the same wayas in the actual SCS.

l Logic simulation testsInputs are invalid and STS always outputs FALSE.

<C10.8 SYS_SEC_CTL (security level protection) > C10-17


C10.9 SYS_OVR (override function blocksmanagement)

The SYS_OVR system function block manages all instances of the override function blocks.

SYS_OVR

UNOV

CKTS

OVRC

CKTO

SWC

NUMO

OVR

NUMS

SWON

TUPO

NOVO

TUPS

NOVS

Figure C10.9-1 SYS_OVR

n Arguments

Table C10.9-1 Arguments of SYS_OVRIN/OUT Argu-


IN UNOV BOOL Override forced cancellation command (only at change from FALSEto TRUE).

CKTO TIME Time to monitor existence of instances in the override status. 0 disa-bles the watching timer.

OVRC DINT Maximum number of instances that can be placed in the overridestatus at the same time OVRC < 0 equivalent to OVRC = 0.

CKTS TIME Time to monitor existence of instances in the status where overrideoperation is allowed. 0 disables the watching timer.

SWC DINT Maximum number of instances that can be placed in the statuswhere override operation is allowed at the same time. SWC < 0equivalent to SWC = 0.


<C10.9 SYS_OVR (override function blocks management) > C10-18


Table C10.9-1 Arguments of SYS_OVR (Table continued)IN/OUT Argu-


OUT OVR BOOL Indicates whether or not any instances are in the override status.FALSE: None.TRUE: At least one instance.

NUMO DINT Number of instances in the override status.

TUPO BOOL Indicates whether or not any instances have been in the overridestatus longer than the monitoring time.FALSE: There are no instances in the override status exceeding themonitoring time.TRUE: There are instances in the override status exceeding themonitoring time.

NOVO BOOL Indicates whether or not the number of instances in the override sta-tus at the same time exceeds the maximum number.FALSE: The maximum number is not exceeded.TRUE: The maximum number is exceeded.

SWON BOOL Indicates whether or not any instances are in the status where over-ride operation is allowed.FALSE: None.TRUE: At least one instance.

NUMS DINT Number of instances in the status where override operation is al-lowed.

TUPS BOOL Indicates whether or not any instances have been in the statuswhere override operation is allowed longer than the monitoring time.FALSE: There are no instances in the status where override opera-tion is allowed exceeding the monitoring time.TRUE: There are instances in the status where override operation isallowed exceeding the monitoring time.

NOVS BOOL Indicates whether or not the number of instances in the status whereoverride operation is allowed at the same time exceeds the maxi-mum number.FALSE: The maximum number is not exceeded.TRUE: The maximum number is exceeded.

n DescriptionThe SYS_OVR system function block is used to manage all instances of override functionblocks and grouping override function blocks within an SCS. It allows forced cancellation ofthe override status, alarm setting for the override operation and status output.

l Forced cancellation of the override statusWhen UNOV changes from FALSE to TRUE, the instances of override function block andgrouping override function block will be released from override status. Once cancelled, eachinstance generates a system alarm. The override status is cancelled whether the input to SWof a given instance is TRUE or FALSE.

l Management of the override statusSEEALSO For more information about the actions of the parameters, refer to:

D3.5, “Status management of function blocks used for override” on page D3-15

l Management of the Override Enabled status• SWON indicates whether or not there are instances in the status where an override oper-

ation is allowed (TRUE is input to input parameter SW). It outputs TRUE if there are anyinstances in the status where an override operation is allowed.



• NUMS outputs the number of instances in the status where an override operation is al-lowed.

• Specify the time to monitor the existence of instances in the status where an override op-eration is allowed for CKTS. A system alarm is generated if the status where at least oneinstance is in the status where an override operation is allowed continues longer than themonitoring time specified by CKTS. System alarms are re-generated at intervals corre-sponding to the time specified for CKTS if this status continues.

• TUPS indicates whether or not there are instances that have been in the status where anoverride operation is allowed longer than the monitoring time specified by CKTS. It out-puts TRUE if the status where one or more instances are in the status where an overrideoperation is allowed continues longer than the monitoring time specified by CKTS.

• Specify the maximum number of instances that can be placed in the status where anoverride operation is allowed at the same time in an SCS for SWC. A system alarm isgenerated if NUMS becomes greater than SWC. Although a system alarm is generated, itis still possible to place more instances than the maximum number specified by SWC inthe status where an override operation is allowed. Note that if NUMS becomes equal toor smaller than SWC, a system alarm notifying about the recovery is generated.

• NOVS indicates whether or not more instances than the "maximum number of instancesthat can be placed in the status where an override operation is allowed at the same time"specified by SWC are in the status where an override operation is allowed. It outputsTRUE if more instances than the maximum number are in the status where an overrideoperation is allowed.


l SCS simulation testsThe override status monitoring time (CKTO, CKTS) on SCS simulator and on actual SCS maytake different time to reach time-up.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe CENTUM integration function is invalid. For this reason, all the inputs of the SYS_OVRsystem function block are invalid and all the outputs are fixed. The system function block op-erates as if no override operation is performed. System alarms are not generated either.

Table C10.9-2 Arguments of the SYS_OVR system function block at logic simulation testsIN/OUT Argu-


IN UNOV Invalid

CKTO Invalid

OVRC Invalid

CKTS Invalid

SWC Invalid




Table C10.9-2 Arguments of the SYS_OVR system function block at logic simulation tests (Table con-tinued)

IN/OUT Argu-ments

Value Description

OUT OVR FALSE Always indicates no instances in the override status (FALSE).

NUMO 0 The number of instances in the override status is always 0.

TUPO FALSE Always indicates normal status (FALSE).

NOVO FALSE Always indicates normal status (FALSE).

SWON FALSE Always indicates override not allowed (FALSE).

NUMS 0 The number of instances in the status where override is allowed isalways 0.

TUPS FALSE Always indicates normal status (FALSE).

NOVS FALSE Always indicates normal status (FALSE).



C10.10 SYS_PSWD (password function blocksmanagement)

The SYS_PSWD system function block manages all instances of the password functionblocks within an SCS.

SYS_PSWD

UNPW PSWD

NUM CHKT

PSWC TUP

NOV

Figure C10.10-1 SYS_PSWD

n Arguments

Table C10.10-1 Arguments of SYS_PSWDIN/OUT Argu-


IN UNPW BOOL Forcibly sets the OUT outputs of all password function block instances toFALSE (only at change from FALSE to TRUE) .

CHKT TIME Time to monitor the status where active password function block instan-ces outputs TRUE from the OUT output. 0 disables the watching timer

PSWC DINT Maximum number of active password function block instances that canoutput TRUE from the OUT output at the same time. PSWC < 0 equiva-lent to PSWC = 0

OUT PSWD BOOL Indicates whether or not there are any active password function block in-stances that output TRUE from the OUT output.FALSE: NoneTRUE: At least one FB

NUM DINT Total number of active password function block instances that outputTRUE from the OUT output.

TUP BOOL Flag indicating whether or not a password function block instance hasbeen outputting TRUE from the OUT output longer than the monitoringtime specified by CHKT.FALSE: There are no password function block instances outputting.TRUE longer than the monitoring timeTRUE: There are password function block instances outputting TRUElonger than the monitoring time.

NOV BOOL Flag indicating whether or not the number of active password functionblock instances outputting TRUE from the OUT output exceeds the maxi-mum number specified by PSWC.FALSE: The maximum number is not exceeded.TRUE: The maximum number is exceeded.

<C10.10 SYS_PSWD (password function blocks management) > C10-22


n DescriptionThe SYS_PSWD system function block is used to manage all instances of the password func-tion blocks. It allows forced cancellation of the OUT output of all instances, alarm setting forinstance operation and status output.• If UNPW changes from FALSE to TRUE, the OUT outputs of all instances of the pass-

word function blocks are forcibly set to FALSE. Each instance whose OUT output waschanged generates a system alarm.

• PSWD indicates whether or not there are password function block instances that outputTRUE from the OUT output.

• NUM outputs the number of password function block instances that output TRUE fromthe OUT output.

• Specify the maximum number of password function block instances that can outputTRUE from the OUT output at the same time for PSWC. A system alarm is generated ifNUM becomes greater than PSWC. Although a system alarm is generated, it is still possi-ble for more instances to output TRUE than the maximum number specified by PSWC. IfNUM becomes equal to or smaller than PSWC, a system alarm notifying about the recov-ery is generated.

• NOV indicates whether or not more password function block instances than the maximumnumber specified by PSWC output TRUE from OUT.

• A system alarm is generated if the status where at least one password function block in-stance outputs TRUE from the OUT output continues longer than the monitoring timespecified by CHKT. System alarms are re-generated at intervals corresponding to themonitoring time specified for CHKT if this status continues.

• TUP indicates whether or not there are password function block instances that have beenoutputting TRUE from OUT longer than the monitoring time specified by CHKT.


l SCS simulation testsThe active instance existence time (CHKT) on SCS simulator and on actual SCS may takedifferent time to reach time-up.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.

l Logic simulation testsThe CENTUM integration function is invalid. For this reason, all the inputs of the SYS_PSWDsystem function block are invalid and all the outputs are fixed. System alarms are not gener-ated either.

Table C10.10-2 Arguments of SYS_PSWD system function block at logic simulation testsIN/OUT Argu-


IN UNPW Invalid All inputs are invalid.

CHKT Invalid All inputs are invalid.

PSWC Invalid All inputs are invalid.




Table C10.10-2 Arguments of SYS_PSWD system function block at logic simulation tests (Table contin-ued)

IN/OUT Argu-ments

Value Description

OUT PSWD FALSE Always outputs FALSE.

NUM 0 Always 0.

TUP FALSE Always indicates normal status (FALSE).

NOV FALSE Always indicates normal status (FALSE).



C10.11 SYS_ALLSD (station output shutdown)The SYS_ALLSD system function block shuts down all output channels of safety output mod-ules defined in a station at the same time.

NTRG

SYS_ALLSD

Figure C10.11-1 SYS_ALLSD

n Arguments

Table C10.11-1 Arguments of SYS_ALLSDIN/OUT Argu-


IN NTRG BOOL Shutdown execution switchTRUE: Do not shut downFALSE: Shut down

n DescriptionThe SYS_ALLSD system function block shuts down all output channels of safety output mod-ules defined in a station at the same time.Shutdown is not executed as long as TRUE is input to NTRG. However, as soon as the valueof NTRG changes from TRUE to FALSE, all output channels in a station are shut down atonce.As long as FALSE is input to NTRG, all the target output channels are placed in disable statusand this module outputs the "Output value at fault". Output enable operation is not executedas long as FALSE is input to NTRG; instead, the output disable status is retained.

n Remarks• This system function block can be used in new SCS databases created by SENG of

R1.02.00 or later.

• The targets of shutdown are limited to safety output modules (AO and DO) only. This sys-tem function block has no effect on modules other than AO and DO. SYS_ALLSD doesnot operate if no output modules are defined in I/O Wiring View.

• The shutdown processing is not performed on channels of safety output modules that arelocked even if the value of NTRG changes from TRUE to FALSE. The current output val-ue is retained for these channels. If the value of an output variable of a locked outputmodule is changed via forcing, the changed value is output.


l SCS simulation testsThe input parameters of the SYS_ALLSD function block operate in the same way as in theactual SCS.However, the communication with output modules cannot be established.

<C10.11 SYS_ALLSD (station output shutdown) > C10-25


l Logic simulation testsAll input parameters of SYS_IOSD are invalid. The shutdown processing is not executed.

Table C10.11-2 Arguments of SYS_ALLSD at logic simulation test


IN NTRG Invalid The shutdown execution switch is invalid.

<C10.11 SYS_ALLSD (station output shutdown) > C10-26


C10.12 SYS_IOSD (Module Output Shutdown)The SYS_IOSD system function block shuts down all output channels of a safety output mod-ule specified by a node number (NODE) and slot number (SLOT) at the same time.

NTRG

SYS_IOSD

NODE SLOT

Figure C10.12-1 SYS_IOSD

n Arguments

Table C10.12-1 Arguments of SYS_IOSDIN/OUT Argu-


IN NTRG BOOL Shutdown execution switchTRUE: Do not shut downFALSE: Shut down

NODE DINT Node number (1 to 14)

SLOT DINT Output module installation slot number (1 to 8)

n DescriptionThe SYS_IOSD system function block shuts down all output channels of a safety output mod-ule specified by a node number (NODE) and slot number (SLOT) at the same time.Shutdown is not executed as long as TRUE is input to NTRG. However, as soon as the valueof NTRG changes from TRUE to FALSE, all output channels of the specified output moduleare shut down at once.As long as FALSE is input to NTRG, all the target output channels are placed in disable statusand this module outputs the "Output value at fault". Output enable operation is not executedas long as FALSE is input to NTRG; instead, the output disable status is retained.Define only one SYS_IOSD system function block in the case of redundant output modules.In order to shut down redundant output modules, specify an odd slot number. By default, aSYS_IOSD system function block shuts down an output module that has the control right.


R1.02.00 or later.

• The targets of shutdown are limited to safety output modules (AO and DO) only. This sys-tem function block has no effect on modules other than AO and DO. SYS_IOSD does notoperate if the specified module is not defined in I/O Wiring View.

• If the value of NTRG changes from TRUE to FALSE while a safety output module islocked, the shutdown processing is not performed. The current output value is retainedfor that output module. If the value of an output variable of a locked output module ischanged via forcing, the changed value is output.

<C10.12 SYS_IOSD (Module Output Shutdown) > C10-27



l SCS simulation testsThe input parameters of the SYS_IOSD function block operate in the same way as in the ac-tual SCS.However, the communication with output modules cannot be established.

l Logic simulation testsAll input parameters of SYS_IOSD are invalid. The shutdown processing is not executed.

Table C10.12-2 Arguments of SYS_ SYS_IOSD at logic simulation test


IN NTRG Invalid The shutdown execution switch is invalid.

NODE Invalid The node number is invalid.

SLOT Invalid The slot number is invalid.

<C10.12 SYS_IOSD (Module Output Shutdown) > C10-28


C10.13 SYS_IOALLST (all I/O channels of SCSstatus indicator)

The SYS_IOALLST system function block indicates the data status of all input channels andall output channels of all AIO/DIO modules of an SCS.

SYS_IOALLST

NRO

NRI

Figure C10.13-1 SYS_IOALLST

n Arguments

Table C10.13-1 Arguments of SYS_IOALLSTIN/OUT Argu-


OUT NRO BOOL Indicates whether or not the data statuses of all output channels arenormalTRUE: All channels are normalFALSE: At least one channel is abnormal

NRI BOOL Indicates whether or not the data statuses of all input channels arenormalTRUE: All channels are normalFALSE: At least one channel is abnormal

n DescriptionThe SYS_IOALLST system function block indicates the data status of all input channels andall output channels of all AIO/DIO modules of an SCS. The SYS_IOALLST system functionblock can be used when creating applications that treat errors in one or more channels asdemands.NRO indicates whether or not the data statuses of all output channels are normal. It be-comes TRUE if the data statuses of all the channels are normal. Channels not used (*1)areexcluded from the targets of judgment.NRI indicates whether or not the data statuses of all input channels are normal. It becomesTRUE if the data statuses of all the channels are normal. Channels not used (*1) are exclu-ded from the targets of judgment. The statuses of communication modules are ignored.

*1: Channels not used refer to channels to which I/O variables are not assigned.

n RemarksThe SYS_IOALLST system function block references the data status of the logical data of I/Ovariables. For this reason, the outputs of the SYS_IOALLST system function block are affec-ted by the lock operation of modules. Please be aware that if modules/channels and I/O varia-bles are locked, the outputs may differ from the physical states.


l SCS simulation testsThe communication with AIO/DIO modules cannot be established.

<C10.13 SYS_IOALLST (all I/O channels of SCS status indicator) > C10-29


The data status of each channel (NRO, NRI) is determined by the data status of the logicaldata of each channel. The initial data status of logical data is GOOD.

l Logic simulation testsAll the outputs are fixed. The SYS_IOALLST system function block is not affected even if thedata status of an I/O variable is changed.

Table C10.13-2 Arguments of the SYS_IOALLST system function block at logic simulation testsIN/OUT Arguments Value Description

OUT NRO TRUE Always outputs TRUE.

NRI TRUE Always outputs TRUE.

<C10.13 SYS_IOALLST (all I/O channels of SCS status indicator) > C10-30


C10.14 SYS_NODEST (all I/O channels of nodestatus indicator)

The SYS_NODEST system function block indicates the representative data status of all inputchannels and output channels within the specified node.

SYS_NODEST

NRO NODE

NRI

Figure C10.14-1 SYS_NODEST

n Arguments

Table C10.14-1 Arguments of SYS_NODESTIN/OUT Argu-


IN NODE DINT Node number (1 to 14)

OUT NRO BOOL Indicates whether or not the data statuses of all output channels withinthe node are normalTRUE: All channels are normalFALSE: At least one channel is abnormal

NRI BOOL Indicates whether or not the data statuses of all input channels withinthe node are normalTRUE: All channels are normalFALSE: At least one channel is abnormal

n DescriptionThe SYS_NODEST system function block indicates the data status of all input channels andall output channels of AIO/DIO modules within the specified node. The SYS_NODEST sys-tem function block can be used when creating applications that treat errors in one or morechannels in the specified node as demands.NRO indicates whether or not the data statuses of all output channels are normal. It be-comes TRUE if the data statuses of all the channels are normal. Channels not used (*1)areexcluded from the targets of judgment.NRI indicates whether or not the data statuses of all input channels are normal. It becomesTRUE if the data statuses of all the channels are normal. Channels not used (*1) are exclu-ded from the targets of judgment. The statuses of communication modules are ignored.


n RemarksThe SYS_NODEST system function block references the data status of the logical data of I/Ovariables. For this reason, the outputs of the SYS_NODEST system function block are affec-ted by the lock operation of modules. Please be aware that if modules/channels and I/O varia-bles are locked, the outputs may differ from the physical states.If no node corresponds to the node number specified to IN, the outputs of NRO and NRI willbecome FALSE to indicate error.

<C10.14 SYS_NODEST (all I/O channels of node status indicator) > C10-31



l SCS simulation testsThe communication with AIO/DIO modules cannot be established.The data status of each channel (NRO, NRI) is determined by the data status of the logicaldata of each channel. The initial data status of logical data is GOOD.

l Logic simulation testsAll the outputs are fixed. The SYS_NODEST system function block is not affected even if thedata status of an I/O variable is changed.

Table C10.14-2 Arguments of the SYS_NODEST system function block at logic simulation testsIN/OUT Argu-


IN NODE Invalid The node number is invalid.

OUT NRO TRUE Always outputs TRUE.

NRI TRUE Always outputs TRUE.

<C10.14 SYS_NODEST (all I/O channels of node status indicator) > C10-32


C10.15 SYS_OUTST (output module 8 channelsindicator)

The SYS_OUTST system function block indicates the data status of all output channels of thespecified output module.

SYS_OUTST

NODE

NROR

CH1

CH2

CH3

CH4

CH5

CH6

CH7

CH8

SLOT

NRAL

Figure C10.15-1 SYS_OUTST

n Arguments

Table C10.15-1 Arguments of SYS_OUTSTIN/OUT Argu-




OUT NRAL BOOL Indicates whether or not the data statuses of all channels are normalTRUE: All channels are normalFALSE: At least one channel is abnormal

NROR BOOL Indicates whether or not the data status of one or more channels isnormalTRUE: At least one channel is normalFALSE: All channels are abnormal

CH1 BOOL Indicates the data status of CH1TRUE: GOODFALSE: BAD


: :


n DescriptionThe SYS_OUTST system function block indicates the data status of all channels of the speci-fied output module.

<C10.15 SYS_OUTST (output module 8 channels indicator) > C10-33


l InputSpecify a value in the range from 1 to 8 for the slot number (SLOT). Specify an odd slot num-ber for redundant output modules. The SYS_OUTST system function block indicates the sta-tus of the output module with the control right. Define only one SYS_OUTST system functionblock even when output modules are placed in redundant configuration.

l Output

• NRAL indicates whether or not the data statuses of all channels are normal. It becomesTRUE if the data statuses of all the channels are normal. Channels not used (*1) areexcluded from the targets of judgment.

• NROR indicates whether or not the data status of at least one channel is normal. It onlybecomes FALSE if the data statuses of all the channels are abnormal. Channels notused (*1)are excluded from the targets of judgment.

• CH1 to CH8 indicate the data status of each channel. They output FALSE for unusedchannels(*1).

*1: "Channels not used" are the channels to which I/O variables are not assigned.If a 4-channel output module is specified, CH5 to CH8 are treated as unused channels as well.

n RemarksThe SYS_OUTST system function block references the data status of the logical data of out-put variables. For this reason, the outputs of the SYS_OUTST system function block are af-fected by the lock operation of modules. Please be aware that if modules/channels and outputvariables are locked, the outputs may differ from the physical data status.If no module is defined in the specified position, or if the defined module is not an output mod-ule or is a communication module, the abnormal status (FALSE) will be output to NRAL,NROR and CH1 to CH8. Use SYS_INST or SYS_CHST for input modules.


l SCS simulation testsThe communication with output modules cannot be established.The data status of each channel (NRAL, NROR, CH1 to CH8) is determined by the data sta-tus of the logical data of each channel. The initial data status of logical data is GOOD.

l Logic simulation testsAll the inputs are invalid and the output is fixed. The SYS_OUTST system function block isnot affected even if the data status of an I/O variable is changed.

Table C10.15-2 Arguments of the SYS_OUTST system function block at logic simulation testsIN/OUT Argu-







Table C10.15-2 Arguments of the SYS_OUTST system function block at logic simulation tests (Tablecontinued)

IN/OUT Argu-ments

Value Description

OUT NRAL TRUE Always indicates normal status (TRUE).

NROR TRUE Always indicates normal status (TRUE).

CH1 TRUE Always indicates normal status (TRUE).


: :




C10.16 SYS_OUTST16 (output module 16channels indicator)

The SYS_OUTST16 system function block outputs the data statuses of all channels of aspecified 16-channel output module.

NODE SLOT

SYS_OUTST16

NRAL NROR

CH1 CH2 CH3 CH4 CH5 CH6 CH7 CH8 CH9

CH10 CH11 CH12 CH13 CH14 CH15 CH16

Figure C10.16-1 SYS_OUTST16

n Arguments

Table C10.16-1 Arguments of SYS_OUTST16IN/OUT Argu-





NROR BOOL Indicates whether or not the data status of at least one channels isnormalTRUE: At least one channel is normalFALSE: All channels are abnormal



: :


<C10.16 SYS_OUTST16 (output module 16 channels indicator) > C10-36


n DescriptionThe SYS_OUTST16 system function block outputs the data statuses of all channels of an out-put module specified by a node number and slot number. Use this FB for 16-channel outputmodules.

n InputSpecify a value in the range from 1 to 8 for the slot number (SLOT). Specify an odd slot num-ber for redundant output modules. A SYS_OUTST16 system function block outputs the statusof an output module that has the control right. Define only one SYS_OUTST16 system func-tion block in the case of redundant output modules.

n Output• NRAL indicates whether or not the data statuses of all channels are normal. It becomes

TRUE if the data statuses of all the channels are normal. The data statuses of unusedchannels (*1)are not judged.

• NROR indicates whether or not the data status of at least one channel is normal. It onlybecomes FALSE if the data statuses of all the channels are abnormal. The data statusesof unused channels (*1) are not judged.

• CH1 to CH16 output data status of each channel. They output FALSE for unused chan-nels (*1).

*1: Unused channels are the channels to which no output variable is assigned.Under the following circumstances, some channels may be treated as unused channels.• CH5 to CH16 channels will be treated as unused channels if a 4-channel output module is specified.• CH9 to CH16 channels will be treated as unused channels if an 8-channel output module is specified.

n Remarks• The SYS_OUTST16 system function block refers to the data status of logical data of an

output variable. For this reason, the output of the SYS_OUTST16 system function blockis influenced by module lock operation. Note that the output value may be different if amodule, channel or output variable is locked, compared to when it is not locked.

• FALSE is output to NRAL, NROR and CH1 to CH16 if a module is not defined in thespecified location in I/O Wiring View, or the specified module is not an output module,e.g., a communication module. Use SYS_INST or SYS_CHST for input modules.



l SCS simulation testsThe communication with output modules cannot be established.The data status of each channel (NRAL, NROR, CH1 to CH16) is determined by the data sta-tus of the logical data of each channel. The initial data status of logical data is GOOD.

l Logic simulation testsAll the inputs are invalid and the output is fixed. This system function block is not affectedeven if the data status of an output variable is changed.



Table C10.16-2 Arguments of SYS_OUTST16 at logic simulation testsIN/OUT Argu-








: :




C10.17 SYS_INST (input module statusindicator)

The SYS_INST system function block indicates the representative data status of all channelsof the specified input module.

SYS_INST

NRAL NODE

SLOT NROR

Figure C10.17-1 SYS_INST

n Arguments

Table C10.17-1 Arguments of SYS_INSTIN/OUT Argu-



SLOT DINT Input module mounting slot number (1 to 8)


NROR BOOL Indicates whether or not the data status of one or more channels isnormalTRUE: At least one channel is normalFALSE: All channels are abnormal

n DescriptionThe SYS_INST system function block indicates the representative data status of all channelsof the specified input module.

l InputSpecify a value in the range from 1 to 8 for the slot number (SLOT). Specify an odd slot num-ber for redundant input modules. The SYS_INST system function block indicates the status ofthe input module with the control right. Define only one SYS_INST system function block evenwhen input modules are placed in redundant configuration.

l Output

• NRAL indicates whether or not the data statuses of all channels are normal. It becomesTRUE if the data statuses of all the channels are normal. Channels not used (*1)are ex-cluded from the targets of judgment.

• NROR indicates whether or not the data status of at least one channel is normal. It onlybecomes FALSE if the data statuses of all the channels are abnormal. Channels notused (*1)are excluded from the targets of judgment.

*1: "Channels not used" are the channels to which input variables are not assigned.

<C10.17 SYS_INST (input module status indicator) > C10-39


n RemarksThe SYS_INST system function block references the data status of the logical data of inputvariables. For this reason, the outputs of the SYS_INST system function block are affected bythe lock operation of modules. Please be aware that if modules/channels and input variablesare locked, the outputs may differ from the physical data status.If no module is present in the specified position, or if the present module is not an input mod-ule or is a communication module, the abnormal status (FALSE) will be output to NRAL andNROR. Use a SYS_OUTST or SYS_CHST system function blocks for output modules.


l SCS simulation testsThe communication with input modules cannot be established.The data status of each channel (NRAL, NROR) is determined by the data status of the logi-cal data of each channel. The initial data status of logical data is GOOD.

l Logic simulation testsAll the inputs are invalid and the output is fixed. The SYS_INST system function block is notaffected even if the data status of an input variable is changed.

Table C10.17-2 Arguments of the SYS_INST system function block at logic simulation testsIN/OUT Argu-






<C10.17 SYS_INST (input module status indicator) > C10-40


C10.18 SYS_CHST (channel status indicator)The SYS_CHST system function block indicates the data status of the specified channel ofthe specified AIO/DIO module.

SYS_CHST

SLOT

NODE

CHNO

Q

Figure C10.18-1 SYS_CHST

n Arguments

Table C10.18-1 Arguments of SYS_CHSTIN/OUT Argu-



SLOT DINT AIO/DIO module mounting slot number (1 to 8)

CHNO DINT Channel number (1 to 16)

OUT Q BOOL Data status of the channelTRUE: GOODFALSE: BAD

n DescriptionThe SYS_CHST system function block indicates the data status of the specified channel ofthe specified AIO/DIO module. If a communication module is specified, FALSE will be output.

l Input• Specify a value in the range from 1 to 8 for the slot number (SLOT). Specify an odd slot

number for redundant AIO/DIO modules. The SYS_CHST system function block indicatesthe status of the AIO/DIO module with the control right.

• Specify a value in the range from 1 to 16 for the channel number (CHNO).

l Output

Q indicates the data status of the specified channel. If a nonexistent channel is specified, Qindicates abnormal status (FALSE). Q also indicates abnormal status (FALSE) for channelsnot used (*1).


n RemarksThe SYS_CHST system function block references the data status of the logical data of I/Ovariables. For this reason, the outputs of the SYS_CHST system function block are affectedby the lock operation of modules. Please be aware that if modules/channels and I/O variablesare locked, the outputs may differ from the physical data status.

<C10.18 SYS_CHST (channel status indicator) > C10-41



l SCS simulation testsThe communication with AIO/DIO modules cannot be established.The data status of each channel (Q) is determined by the data status of the logical data ofeach channel. The initial data status of logical data is GOOD.

l Logic simulation testsAll the inputs are invalid and the output is fixed. The SYS_CHST system function block is notaffected even if the data status of an I/O variable is changed.

Table C10.18-2 Arguments of the SYS_CHST system function block at logic simulation tests




CHNO Invalid Channel number is invalid.

OUT Q TRUE Always outputs GOOD (TRUE).

<C10.18 SYS_CHST (channel status indicator) > C10-42


C10.19 SYS_OUTEN (output module statusindicator)

The SYS_OUTEN system function block outputs output enable/output disable status of a 16-channel safety output module.

NODE SLOT

SYS_OUTEN

CH1 CH2 CH3 CH4 CH5 CH6 CH7 CH8 CH9

CH10 CH11 CH12 CH13 CH14 CH15 CH16

Figure C10.19-1 SYS_OUTEN

n Arguments

Table C10.19-1 Arguments of SYS_OUTENIN/OUT Argu-




OUT CH1 BOOL Output enable/output disable status of CH1TRUE: Output enabledFALSE: Output disabled

CH2 BOOL Output enable/output disable status of CH 2TRUE: Output enabledFALSE: Output disabled

: :

CH16 BOOL Output enable/output disable status of CH16TRUE: Output enabledFALSE: Output disabled

n DescriptionThe SYS_OUTEN system function block outputs output enable/output disable status of a 16-channel output module. If an 8-channel output module is specified, outputs from CH1 to CH8are enabled. Outputs from CH9 to CH16 are disabled and output disabled (FALSE) is alwaysoutput.

<C10.19 SYS_OUTEN (output module status indicator) > C10-43


n InputSpecify a value in the range from 1 to 8 for the slot number (SLOT). Specify an odd slot num-ber for redundant output modules. A SYS_OUTEN system function block outputs the status ofan output module that has the control right. Define only one SYS_OUTEN system functionblock in the case of redundant output modules.

n OutputThe SYS_OUTEN system function block outputs output enable/output disable status of eachchannel. Depending on the specified modules, some of the output terminals may be disabled(FALSE).If 16-channel, 8-channel or 4-channel output module is specified, SYS_OUTEN outputs thefollowing.• 16-channel output module

For CH1 to CH16, the output enable/output disable status of each channel is output. Out-put disabled (FALSE) is output for channels to which no output variable is assigned.

• 8-channel output module

• Use the output values of CH1 to CH8. Outputs from CH9 to CH16 are disabled.

• For CH1 to CH8, the output enable/output disable status of each channel is output.Output disabled (FALSE) is output for channels to which no output variable is as-signed.

• Output disabled (FALSE) is always output for CH9 to CH16.

• 4-channel output module

• Use the output values of CH1 to CH4. Outputs from CH5 to CH16 are disabled.

• For CH1 to CH4, the output enable/output disable status of each channel is output.Output disabled (FALSE) is output for channels to which no output variable is as-signed.

• Output disabled (FALSE) is always output for CH5 to CH16.


R1.02.00 or later.

• The targets of SYS_OUTEN are limited to safety output modules (AO and DO) only. Itoutputs output disabled (FALSE) for modules other than AO and DO.

• Output enable operation for output modules are normally performed from a SENG, butthis is also possible via the application logic using SYS_STAT.


l SCS simulation testsThe input/output parameters of the SYS_OUTEN function block operate in the same way asin the actual SCS.

l Logic simulation testsAll the inputs are invalid and the output is fixed.



Table C10.19-2 Arguments of SYS_OUTEN at logic simulation testsIN/OUT Argu-




OUT CH1 TRUE Always outputs output enabled (TRUE)

CH2 TRUE Always outputs output enabled (TRUE)

: :

CH16 TRUE Always outputs output enabled (TRUE)



C10.20 SYS_CERR (computation error indicator)The SYS_CERR function block notifies the conditions of abnormal calculation occurrence inthe application logic. It is also possible to change the interval of re-warning system alarms onabnormal calculation occurrence.

IMPORTANTWhen the SYS_CERR function block is executed within a user-defined function block, if anaccess to outside array range error occurs before executing SYS_CERR in that functionblock, SYS_CERR is not executed. Be careful about the execution order of SYS_CERR if it isused in a user-defined function block.

SYS_CERR

DIVZ

XARR

FOVF

COVF

CHKT

Figure C10.20-1 SYS_CERR

SEEALSO For more information about the SCS behavior when an abnormal calculation occurs, refer to:

B6.1.3, “Behavior at abnormal calculation” on page B6-7

n Arguments

Table C10.20-1 Arguments of SYS_CERRIN/OUT Argu-


IN CHKT TIME Computation error re-warning intervalNo re-warning is made if 0 is specified.The default re-warning interval when SYS_CERR is not created is 10minutes.

OUT DIVZ BOOL Presence of POU with division-by-zero errorFALSE: There are no POUs with division-by-zero error.TRUE: There are POUs with division-by-zero error.

XARR BOOL Presence of POU with access to the outside of an array errorFALSE: There are no POUs with access to the outside of an array er-ror.TRUE: There are POUs with access to the outside of an array error.

FOVF BOOL Presence of POU with overflow in floating-point calculationFALSE: There are no POUs with overflow in floating-point calcula-tion.TRUE: There are POUs with overflow in floating-point calculation.

COVF BOOL Presence of POU with overflow in castingFALSE: There are no POUs with overflow in casting.TRUE: There are POUs with overflow in casting.

n DescriptionThe SYS_CERR function block checks computation error conditions.

<C10.20 SYS_CERR (computation error indicator) > C10-46


Its output parameters allow checking occurrence conditions of each computation error type.If one or more computation errors occur within the SCS, the condition is notified via diagnosticinformation messages in 10-minute interval by default. The re-warning interval can bechanged using the input parameter CHKT.



l SCS simulation testsIn SCS simulation tests, POUs with overflow in floating-point calculation cannot be detected.Only FOVF is fixed to FALSE. Other parameters operate in the same way as in the actualSCS.

l Logic simulation testsIn logic simulation tests, the computation error detection function is disabled.The specification of the computation error re-warning interval (CHKT) is invalid. All the outputsare always fixed to FALSE that indicates "no computation error occurrence."

<C10.20 SYS_CERR (computation error indicator) > C10-47


C10.21 SYS_SCANEXT (Scan Period ExtensionIndicator)

The SYS_SCANEXT function block notifies if the scan period of the application logic execu-tion function is actually extended (execution status of scan period automatic extension) in theSCS if the specification of "automatic extension of scan period of the application logic execu-tion function" is enabled.

SYS_SCANEXT

EXT

ESCA

OSCA

CHKT

Figure C10.21-1 SYS_SCANEXT

n Arguments

Table C10.21-1 Arguments of SYS_SCANEXTIN/OUT Argu-


IN CHKT TIME Re-warning interval when the scan period is being extended auto-matically.No re-warning is made if 0 is specified.The default re-warning interval when SYS_SCANEXT is not createdis 10 minutes.

OUT EXT BOOL Execution status of scan period automatic extension.FALSE: Scan period is not extended.TRUE: Scan period is extended.

ESCA TIME Actual scan period (unit: ms).

OSCA TIME The scan period of the application logic execution function specifiedin the Link Architecture View of SCS Manager (unit: ms).

n DescriptionThe SYS_SCANEXT function block checks execution status of the scan period automatic ex-tension.If the scan period of the application logic execution function is extended longer than a certainperiod of time (10 minutes by default), the condition is notified via diagnostic information mes-sages. The re-warning interval can be changed using the input parameter CHKT.If the scan period automatic extension is enabled, ESCA outputs the actual scan period.OSCA outputs the scan period of the application logic execution function specified in the Re-source Properties window of the Link Architecture View of SCS Manager.


<C10.21 SYS_SCANEXT (Scan Period Extension Indicator) > C10-48



l SCS simulation testsThe scan period automatic extension function does not operate in the SCS simulator.The scan period is fixed to 1 second regardless of the specification in the SENG; however,the scan period specified in the Resource Properties window of SCS Manager is output to pa-rameters ESCA and OSCA.The table below shows the details of the input/output parameters.

Table C10.21-2 Arguments of SYS_SCANEXT at SCS simulation testsIN/OUT Argu-


IN CHKT Invalid Invalid

OUT EXT FALSE Output FALSE (no extension)

ESCA Defined val-ue

Output the scan period specified in the Resource Properties window

OSCA Defined val-ue


l Logic simulation testsThe scan period automatic extension function does not work in the logic simulator.

Table C10.21-3 Arguments of SYS_SCANEXT at logic simulation testsIN/OUT Argu-


IN CHKT Invalid Invalid

OUT EXT FALSE Output FALSE (no extension)

ESCA Defined val-ue


OSCA Defined val-ue


<C10.21 SYS_SCANEXT (Scan Period Extension Indicator) > C10-49


C11. Interference-free system functionblocks

This chapter explains interference-free system function blocks that cannot be used in safetyloops.The Interference-free system function blocks are shown below.• Execution Time Indicator (SYS_SCAN)

• SCS Clock Information (SYS_TIME)

• SCS Time Setting (SYS_SETTIME)

• Diagnostic Information Status Indicator (SYS_ALARM)

• Control Bus Status Indicator (SYS_NETST)

• ESB Bus Status Indicator (SYS_ESBINF)

• Node Status Indicator (SYS_NODEINF)

• IOM Status Indicator (SYS_IOMDSP)

• Status Output for Subsystem Communication Module (SYS_ALRDSP)

• Subsystem Communication Data Forcing Status Management (SYS_FORCE_SC)

• Subsystem Communication Output Status Indicator (SYS_STAT_SC)

<C11. Interference-free system function blocks > C11-1


C11.1 SYS_SCAN (execution time indicator)The SYS_SCAN system function block outputs the execution time of application logic and theratio of CPU idling time.

SCAN

SYS_SCAN

ACT

MX

RST

FREE

AVE

Figure C11.1-1 SYS_SCAN

n Arguments

Table C11.1-1 Arguments of SYS_SCANIN/OUT Argu-


IN RST BOOL Reset switch (reset at change from FALSE to TRUE)

OUT SCAN TIME Scan period (ms)

ACT TIME Actual operating time of application logic (ms)

AVE TIME Average operating time of application logic (ms)

MX TIME Maximum operating time of application logic (ms)

FREE DINT Ratio of CPU idling time (%)

n DescriptionThe SYS_SCAN system function block outputs the operating time of an application logic andthe ratio of CPU idling time.The scan period (SCAN) refers to the current scan period of the application logic executionfunction of SCS.The application logic operating time (ACT) is the time from reading to outputting of input data.AVE is the average of ACT for 10 scans.The ratio of CPU idling time (FREE) is the percentage of idling time, which is defined as 1second minus the sum of ACT and the processing time of the external communication func-tion.The SYS_SCAN system function block clears the maximum operating time of application logic(MX) if it detects changes of the reset switch (RST) from FALSE to TRUE.

n RemarksThe SYS_SCAN system function block is an interference-free function block. Do not use it toinput data to safety loops.The scan period (SCAN) refers to the current scan period of the application logic executionfunction of SCS. If the scan period automatic extension is enabled, SYS_SCAN outputs thescan period that is currently used in the SCS as a result of automatic extension instead of thescan period specified in the Resource Properties window of SCS Manager. Use the

<C11.1 SYS_SCAN (execution time indicator) > C11-2


SYS_SCANEXT function block to acquire the scan period specified in the Resource Proper-ties window in the application logic.


l SCS simulation testsThe execution time for the application logic (ACT, AVE, MX) is output as 100% of the scancycle in the application logic execution function.CPU usage free time (FREE) always indicates 0%.

l Logic simulation testsScan operating time and CPU idling time are not measured because the value measured by aPC is different from that of an SCS. Therefore, the input is invalid and all the outputs are fixed.

Table C11.1-2 Arguments of the SYS_SCAN system function block at logic simulation testsIN/OUT Argu-

mentsValue Remarks

IN RST Invalid Invalid. Not reset as the operating time is not measured.

OUT SCAN Scan period Outputs the specified scan period (ms).

ACT 0 The operating time is always 0.

AVE 0 The average operating time is always 0.

MX 0 The maximum operating time is always 0.

FREE 0 The ratio of CPU idling time is always 0.

<C11.1 SYS_SCAN (execution time indicator) > C11-3


C11.2 SYS_TIME (SCS clock information)The SYS_TIME system function block outputs the current time recognized by an SCS accord-ing to Coordinate Universal Time (UTC).

YR

SYS_TIME

MO

HR

SC

DY

MN

Figure C11.2-1 SYS_TIME

n Arguments

Table C11.2-1 Arguments of SYS_TIMEIN/OUT Argu-


OUT YR DINT Current calendar year

MO DINT Current month (1 to 12)

DY DINT Current date (1 to 31)

HR DINT Current hour (0 to 23)

MN DINT Current minute (0 to 59)

SC DINT Current second (0 to 59)

n DescriptionThe SYS_TIME is a system function block used to output the current time recognized by anSCS according to Coordinate Universal Time (UTC).

n RemarksThe SYS_TIME system function block is an interference-free function block. Do not use it toinput data to safety loops.


l SCS simulation testsThe time of the PC executing the SCS simulation test (UTC) is output.

l Logic simulation testsThe time of the PC executing the logic simulation test (UTC) is output.

<C11.2 SYS_TIME (SCS clock information) > C11-4


C11.3 SYS_SETTIME (SCS time setting)SYS_SETTIME can be used to change the SCS system time and network time to a timespecified by the arguments at the rising edge of the input (IN).

SYS_SETTIME

SC

SUC

FAL

IN

YR

MO

DY

HR

MN

Figure C11.3-1 SYS_SETTIME

n Arguments

Table C11.3-1 Arguments of SYS_SETTIMEIN/OUT Argu-


IN IN BOOL Changes the SCS system time and network time (V net or Vnet/IPtime) to a time specified by the arguments at the rising edge of theinput (IN).

YR DINT Year (A.D.) (*1)

MO DINT Month (1 to 12) (*1)

DY DINT Date (1 to 31) (*1)

HR DINT Hour (0 to 23) (*1)

MN DINT Minute (0 to 59) (*1)

SC DINT Second (0 to 59) (*1)

OUT SUC BOOL When the time is set successfully, TRUE is output at the rising edgeof the input (IN) for one scan period. The initial value is FALSE.

FAL BOOL When the time is not set successfully, TRUE is output at the risingedge of the input (IN) for one scan period. The initial value isFALSE.

*1: Specify the input value in UTC time.

n Description• At the rising edge of the input (IN), the SCS system time and network time (V net or

Vnet/IP time) are set to the UTC time specified by the arguments, and SUC is set toTRUE for one scan period.

• After the network time is set, the system time of each station (FCS, SCS, HIS, or SENG)that is connected on V net or Vnet/IP is also synchronized with the network time.

• If an invalid value such as February 31 is specified, FAL is set to TRUE at the rising edgeof the input (IN) for one scan period. In this case, the time is not set.

<C11.3 SYS_SETTIME (SCS time setting)> C11-5


n Remarks• SYS_SETTIME is an interference-free function block. Do not use it for input to safety

loops.

• SYS_SETTIME can be used in SCS databases created by SENG of R3.02.10 or later.

• When the time is set, a TimeAdjust system message is generated on HISs that are con-nected to V net or Vnet/IP.

• Set a date and time no later than December 31, 2035 in UTC time.

• SYS_SETTIME and SENG determine leap years in the same manner. February 29 canbe specified provided that a leap year is specified for YR.


l SCS simulation testsThe value of SUC or FAL is output at the rising edge of the input (IN), but the time is not set.

l Logic simulation testsThe value of SUC or FAL is output at the rising edge of the input (IN), but the time is not set.

<C11.3 SYS_SETTIME (SCS time setting)> C11-6


C11.4 SYS_ALARM (diagnostic informationstatus indicator)

The SYS_ALARM system function block outputs the status of diagnostic information messagegeneration.

SYS_ALARM

CLS2

SUM

CLS1

CLS3

Figure C11.4-1 SYS_ALARM

n Arguments

Table C11.4-1 Arguments of SYS_ALARMIN/OUT Argu-


OUT SUM BOOL Logical OR of diagnostic information message generation status foralarm classes 1 to 3

CLS1 BOOL Diagnostic information message generation status of alarm class 1FALSE: No alarm has occurredTRUE: At least one alarm has occurred



n DescriptionThe SYS_ALARM is a system function block used to detect diagnostic information messagegeneration status.This system function block indicates the diagnostic information message generation status ofthe entire SCS for each alarm class. If each output value is TRUE, it means that a diagnosticinformation message of the corresponding alarm class has occurred.These outputs are affected by operations in the Diagnostic Information window of an SENG. Ifall diagnostic information messages of a given class are deleted from the Diagnostic Informa-tion window of the SENG, the corresponding output value returns to FALSE.

n RemarksThe SYS_ALARM system function block is an interference-free function block. Do not use itfor input to a safety loop.

<C11.4 SYS_ALARM (diagnostic information status indicator) > C11-7



l SCS simulation testsThe output parameters of the SYS_ALARM function block operate in the same way as in theactual SCS.

l Logic simulation testsAll the outputs are always fixed to "no alarm (FALSE)."

<C11.4 SYS_ALARM (diagnostic information status indicator) > C11-8


C11.5 SYS_NETST (control bus status indicator)The SYS_NETST system function block outputs control bus status and time synchronizationstatus.

SYS_NETST

BUS1 BUS2 TSYC

Figure C11.5-1 SYS_NETST

n Arguments

Table C11.5-1 Arguments of SYS_NETSTIN/OUT Argu-


OUT BUS1 BOOL Status on the bus 1 sideTRUE: AbnormalFALSE: Normal status

BUS2 BOOL Status on the bus 2 sideTRUE: AbnormalFALSE: Normal status

TSYC BOOL Time synchronization status (only when connected to Vnet/IP, al-ways FALSE when connected to V net)FALSE: Synchronized with external clock (synchronized to theSNTP server time)TRUE: Synchronized with internal clock (not synchronized to theSNTP server time)

n DescriptionThe SYS_NETST system function block outputs the status of control buses to which a stationis connected and the time synchronization status of the station. Control buses used in Pro-Safe-RS include V net and Vnet/IP. In the case of a station connected to V net, the time syn-chronization status (TSYC) is always fixed to FALSE.

l Meaning of bus status• BUS1 and BUS2 output the status of the communication paths of bus 1 and bus 2, re-

spectively, of the control buses to which a station is connected. They output TRUE whenthe status is abnormal and FALSE when it is normal.

• If the status of both BUS1 and BUS2 is abnormal (TRUE), it has the following differentmeanings in the case of V net and Vnet/IP, respectively.

Table C11.5-2 Difference in meaning when BUS1 and BUS2 output TRUE due to difference of controlbus

Control bus Meaning of abnormal (TRUE)Vnet/IP (*1) At least one error occurred in a Vnet/IP network system.

V net A bus within the domain in which the applicable station is included is abnormal.

*1: Errors occurring in all domains connected via Vnet/IP are displayed.Note that statuses of V net domains connected via V netrouters are not included.

• For a station on Vnet/IP network, if the station cannot communicate with other stations,both BUS1 and BUS2 will become TRUE to indicate the abnormality. In this condition,

<C11.5 SYS_NETST (control bus status indicator) > C11-9


TRUE is output to VNER of SYS_DIAG. If a single bus failure occurs while the local sta-tion can still communicate with other stations, the output of the failed side, BUS1 orBUS2, becomes TRUE. If the other bus fails as well after the occurrence of the first singlefailure (at occurrence of multiple bus failures), the output for the latter bus that failed doesnot become TRUE. If the bus that failed first recovers, the output regarding the status ofthe other bus becomes TRUE.

l Range indicated by bus statusThe target range within which a SYS_NETST system function block can detect bus statusesvaries depending on whether a station is connected to V net or Vnet/IP.A Vnet/IP domain can be connected with other Vnet/IP domains via L3SWs. It can also beconnected to V net domains via V net routers. The following figure shows an example withdomains 1 to 3 connected in the Vnet/IP bus and domain 4 of the V net bus connected via a Vnet router.

SENG

Vnet/IP domain2

V net router Scope of Vnet/IP network

SCSP2: SCSP2-SSCSV1: SCSV1-SL3SW: Layer 3 switch

V net domain4

Vnet/IP domain3

Vnet/IP domain1

SCSP2(B)

HIS

SCSV1(X)

SCSV1(Y)

BUS2 side L3SW

BUS1 side L3SW

BUS2 side L3SW

BUS1 side L3SW

First Fault

Second Fault

SCSP2(C)

SCSP2(A)

Figure C11.5-2 Example of configuration of multiple domains

In the case of stations connected to V net (SCSV1(X) and SCSV1(Y)), a SYS_NETST systemfunction block is able to detect a bus status if the bus status is within the V net domain towhich the station is connected (domain 4 in the figure above).However, in the case of an SCSP2/SCSP1 connected to Vnet/IP, a SYS_NETST system func-tion block is able to detect the representative bus status of the entire Vnet/IP network (do-mains 1, 2, and 3 above). The status of V net buses beyond the V net router (domain 4 in theprevious figure) cannot be detected by the SCSP2/SCSP1 SYS_NETST function block.In case a SYS_NETST system function block is used in the application logic of SCSP2 (A),which is connected to domain 1, if bus 1, which is connected to the SCSP2 of domain 2, fails,the output value of BUS1 of the SYS_NETST system function block becomes TRUE (abnor-mal). Even if bus 2, which is connected to domain 3, fails before bus 1 recovers from the fail-ure, the output value of BUS2 of the SYS_NETST system function block does not becomeTRUE. Once bus 1 recovers from the failure, the output value of BUS2 becomes TRUE.

l Time synchronization mode• TSYC indicates the time synchronization mode of Vnet/IP. FALSE is always output in the

case of stations connected to V net.



Table C11.5-3 Differences in time synchronization mode (TSYC) by control bus type

Control bus Time synchronizationmethod TSYC output

Vnet/IP Synchronization withVnet/IP time

FALSE: Synchronized with external clock (synchronized to theSNTP server time)TRUE: Synchronized with internal clock (not synchronized to theSNTP server time)

V net Synchronization with V nettime

Always outputs FALSE

IRIG-B time synchroniza-tion

n Remarks• The SYS_NETST system function block is an interference-free function block. Do not use

it to input data to safety loops.


• In the case of SCSP2/SCSP1 connected to Vnet/IP, the output values of BUS1 and BUS2of SYS_NETST indicate the representative bus status. Even if it is judged that multiplebus failures occurred based on the output result of SYS_NETST, communication may bepossible in some cases depending on the route to the communication destination.

• In the case of SCSP2/SCSP1 connected to Vnet/IP, if a bus failure on one side is detec-ted by the output of SYS_NETST, repair the failed location immediately.


l SCS simulation testsAll outputs are always fixed to FALSE.

l Logic simulation testsAll outputs are always fixed to FALSE.



C11.6 SYS_ESBINF (ESB bus status indicator)The SYS_ESBINF system function block indicates the ESB bus status of a station.

SYS_ESBINF

NRL NRR

Figure C11.6-1 SYS_ESBINF

n Arguments

Table C11.6-1 Arguments of SYS_ESBINF


OUT NRL BOOL Status of ESB bus on the left side (bus 1)TRUE: Normal statusFALSE: Abnormal status

NRR BOOL Status of ESB bus on the right side (bus 2)TRUE: Normal statusFALSE: Abnormal status

n DescriptionThe SYS_ESBINF system function block indicates the status of redundant ESB buses of astation individually.The ESB bus status can be detected for each side separately. NRL outputs the status of theESB bus (bus 1) on the left side and NRR outputs the status of the ESB bus (bus 2) on theright side.When a SYS_ESBINF system function block indicates that one of the ESB buses is abnor-mal, this means that the ESB buses on one side of all I/O nodes, except for CPU nodes, areabnormal. The target I/O nodes include I/O nodes connected via optical ESB bus repeatermodules.If the ESB bus status output parameters (NRL and NRR) are in conditions where communica-tion with at least one I/O node is possible via the ESB bus on the left or right side whichever isthe target, normal status (TRUE) is output. If they are unable to communicate with any I/Onode, abnormal status (FALSE) is output.Note that FALSE is always output to NRL and NRR if no I/O node is defined within a station(in case there is no node other than CPU nodes).ESB bus errors occur in the following cases.• Failure of SEC402/SEC401 (ESB bus coupler module)

• If all the nodes which are connected to SEC402/SEC401 of the relevant bus become ab-normal.

n Remarks• The SYS_ESBINF system function block is an interference-free function block. Do not

use it for input to a safety loop.


<C11.6 SYS_ESBINF (ESB bus status indicator) > C11-12


• A SYS_ESBINF system function block indicates "normal" if at least one node can com-municate via each ESB bus. For stations configured with optical ESB bus repeater mod-ules and when you need to know the error of a specific node for the following cases, usethe SYS_NODEINF system function block:

• Detect only ESB bus errors of a specific I/O node directly connected to SEC402/SEC401 without going through an optical ESB bus repeater module.

• Detect only ESB bus errors of a specific I/O node connected via optical ESB bus re-peater modules.

SEEALSO For more information about SYS_NODEINF, refer to:

C11.7, “SYS_NODEINF (node status indicator)” on page C11-14


l SCS simulation testsAs long as any of the I/O nodes is defined, NRL and NRR will always output TRUE (normal).

l Logic simulation testsAll the outputs are fixed.

Table C11.6-2 Arguments of SYS_ESBINF at logic simulation tests


OUT NRL BOOL Always indicates normal status (TRUE).

NRR BOOL Always indicates normal status (TRUE).

<C11.6 SYS_ESBINF (ESB bus status indicator) > C11-13


C11.7 SYS_NODEINF (node status indicator)The SYS_NODEINF system function block indicates the status of communication with thespecified I/O node.

NODE

SYS_NODEINF

NRL NRR

Figure C11.7-1 SYS_NODEINF

n Arguments

Table C11.7-1 Arguments of SYS_NODEINFIN/OUT Argu-



OUT NRL BOOL Status of communication with the specified node via the ESB bus onthe left side (bus 1)TRUE: Normal statusFALSE: Abnormal status

NRR BOOL Status of communication with the specified node via the ESB bus onthe right side (bus 2)TRUE: Normal statusFALSE: Abnormal status

n DescriptionThe SYS_NODEINF system function block indicates the status of communication with an I/Onode specified by a node number (NODE).The SYS_NODEINF system function block outputs the status of communication with thespecified node via the left ESB bus (bus 1) to NRL and the status of communication with thespecified node via the right ESB bus (bus 2) to NRR, respectively.The SYS_NODEINF function block outputs TRUE (normal status) if communication with thespecified I/O node is possible via the ESB bus indicated by the output parameter (NRL orNRR), and FALSE (abnormal status) if communication is not possible.Abnormal statuses are notified in the following cases.• In the case of failure of ESB bus interface module SSB401 of the specified node on the

side where an error is notified

• In the case of failure of establishing a route to the specified node from the ESB bus onthe side where an error is notified (for instance, due to failures of SEC402/SEC401 aswell as failures of optical ESB bus repeater modules in the case of nodes connected viaoptical ESB bus repeater modules).

n Remarks• The SYS_NODEINF system function block is an interference-free function block. Do not

use it for input to a safety loop.


<C11.7 SYS_NODEINF (node status indicator) > C11-14


• NRL and NRR always return FALSE if a CPU node (node number 1) is specified.

• NRL and NRR always return FALSE if a node number for which no node is defined isspecified.


l SCS simulation testsAs long as any of the I/O nodes is defined, NRL and NRR will always output TRUE (normal).

l Logic simulation testsAll the inputs are invalid and the output is fixed.

Table C11.7-2 Arguments of SYS_NODEINF at logic simulation tests



OUT NRL BOOL Always indicates normal status (TRUE).

NRR BOOL Always indicates normal status (TRUE).

<C11.7 SYS_NODEINF (node status indicator) > C11-15


C11.8 SYS_IOMDSP (IOM status indicator)The SYS_IOMDSP system function block outputs the operating status of input/output mod-ules (AIO/DIO module or communication module).

RDY NODE

SLOT CTL

SYS_IOMDSP

Figure C11.8-1 SYS_IOMDSP

n Arguments

Table C11.8-1 Arguments of SYS_IOMDSPIN/OUT Argu-



SLOT DINT Slot number (1 to 8)

OUT RDY BOOL Indicates whether or not the input/output module is normal.FALSE: Abnormal statusTRUE: Normal status

CTL BOOL Indicates whether the input/output module is on the control side (*1)FALSE: Standby sideTRUE: Control side

*1: Activated only when the module is in a dual-redundant configuration. If the module is defined as a non-redundant configura-tion in I/O Wiring View, CTL will be always TRUE regardless of the module status.

n DescriptionThe SYS_IOMDSP is a system function block used for outputting the operating statuses ofinput/output modules.

l Output• The output of RDY indicates whether or not the applicable input/output module is normal.

If the input/output module is normal, TRUE will be output.

• The output of CTL indicates whether or not the input/output module is on the control side.It outputs TRUE if the input/output module is on the control side.

• In a dual-redundant configuration of AIO/DIO modules, if both modules failed, both CTLsignals respectively connected to the modules will become FALSE.

• In a dual-redundant configuration of communication modules for subsystem communica-tion, if communication error or module error occurs, one of the module is holding the con-trol right. When error occurs on both modules, the CTL signal of the module that has heldthe control right will be kept TRUE.

• If no input/output module is present at the specified node number or slot number, FALSEwill be output to all outputs.

• When node error (including the case that both ESB buses failed) occurs, RDY and CTLwill hold the previous values.

<C11.8 SYS_IOMDSP (IOM status indicator) > C11-16


n RemarksUse the SYS_DIAG system function block to detect all SCS diagnostic information includinginput/output modules.The SYS_IOMSDP system function block is an interference-free function block. Do not use itto input data to safety loops.


l SCS simulation testsThe communication with input/output modules cannot be established.If the slot is assigned with an input/output module, RDY will always output TRUE (normal).CTL indicates control or standby status of the module. The odd-numbered slot will show con-trol (TRUE) and the even-numbered slot will show standby (FALSE).

l Logic simulation testsAll the inputs are invalid and the output is fixed. Regardless of the mounting position specifiedin the SYS_IOMDSP system function block, an input/output module is always deemed to bepresent in that position.

Table C11.8-2 Arguments of the SYS_IOMDSP system function block at logic simulation testsIN/OUT Argu-




OUT RDY TRUE Always indicates normal status (TRUE).

CTL TRUE Always indicates the control side (TRUE).

<C11.8 SYS_IOMDSP (IOM status indicator) > C11-17


C11.9 SYS_ALRDSP (subsystem communicationmodule status indicator)

The SYS_ALRDSP system function block outputs the status of subsystem communicationmodule.

MDS NODE

SLOT P1S

P2S

SYS_ALRDSP

Figure C11.9-1 SYS_ALRDSP

n Arguments

Table C11.9-1 Arguments of SYS_ALRDSP



SLOT DINT Slot number (1 to 8)

OUT MDS BOOL Module statusTRUE: No errorFALSE: Error (Faulty module)

P1S BOOL Port 1 statusTRUE: No errorFALSE: Error (Communication error)

P2S BOOL Port 2 statusTRUE: No errorFALSE: Error (Communication error)

n DescriptionThe SYS_ALRDSP is a system function block used for referencing the status of subsystemcommunication module.You can view failures for each port and the entire module, along with the communication er-rors occurring in each port.• The status of the specified subsystem communication module is referenced regardless of

the redundant configuration of the module.

• Errors in the communication with subsystems are detected regardless of the lock statusof subsystem communication data.

• If no ALR111 or ALR121 subsystem communication module is present at the specifiednode or slot, or when an ALR111 or ALR121 for Modbus slave communication is speci-fied, all outputs will become FALSE (error).

• If the specified module is in an error state (MDS = FALSE), an error status will be outputto ports 1 and 2.

• To use communication statuses in the application logic, the data statuses obtained byfunction blocks that handle subsystem data, such as SCI_B and SCO_B, should be refer-enced.

• When node error (including the case that both ESB buses failed) occurs, MDS, P1S andP2S will hold the previous values.

<C11.9 SYS_ALRDSP (subsystem communication module status indicator) > C11-18


n Remarks• The SYS_ALRDSP system function block is an interference-free function block. Do not

use it to input data to safety loops.



l SCS simulation testsThe communication with communication modules cannot be established.If the slot is assigned with a communication module, the communication module status(MDS), port1 status (P1S) and port2 status (P2S) will always output TRUE (normal).

l Logic simulation testsAll the inputs are invalid and the output is fixed. Regardless of the specified mounting posi-tion, a communication module is always deemed to be present in that position.

Table C11.9-2 Arguments of SYS_ALRDSP in logic simulation tests




OUT MDS TRUE Always indicates normal status (TRUE).

P1S TRUE Always indicates normal status (TRUE).

P2S TRUE Always indicates normal status (TRUE).

<C11.9 SYS_ALRDSP (subsystem communication module status indicator) > C11-19


C11.10 SYS_FORCE_SC (subsystemcommunication data forcing statusmanagement)

The SYS_FORCE_SC system function block manages the forcing status (lock status) of sub-system communication data.

LOCK

SYS_FORCE_SC

UNLK

CHKT TUP

Figure C11.10-1 SYS_FORCE_SC

n Arguments

Table C11.10-1 Arguments of SYS_FORCE_SC


IN UNLK BOOL Forcibly unlocks all subsystem communication data.FALSE to TRUE: Forcibly unlock the data.Other: Do nothing.

CHKT TIME The time during which to monitor the lock status of subsystem com-munication data.Elapse of time is not checked if 0 is specified.

OUT LOCK BOOL Presence of locked subsystem communication data.FALSE: NoneTRUE: At least one data item is locked.

TUP BOOL Indicates whether or not the time during which subsystem communi-cation data has remained locked exceeds the monitoring time(CHKT).FALSE: Not exceeded.TRUE: Exceeded.

n DescriptionThe SYS_FORCE_SC is a system function block used for performing forcing management ofsubsystem communication data.

n Inputs• UNLK is an input that forcibly unlocks all subsystem communication data. If UNLK

changes from FALSE to TRUE, all subsystem communication data currently locked by theforcing function will be forcibly unlocked. Set UNLK to FALSE if this operation is not per-formed.

• Specify the time to monitor lock status for CHKT. If at least one subsystem communica-tion data remains locked beyond the monitoring time specified in CHKT, a diagnostic in-formation message will be generated to notify the user. Diagnostic information messagesare re-generated at intervals corresponding to the monitoring time specified by CHKT.Time is not monitored if CHKT is set to 0.

<C11.10 SYS_FORCE_SC (subsystem communication data forcing status management) > C11-20


n Output• The output of LOCK indicates whether or not subsystem communication data is locked. If

any part of the subsystem communication data is locked, LOCK becomes TRUE.

• The output of TUP indicates whether or not any subsystem communication data has re-mained locked beyond the monitoring time specified in CHKT.

n Remarks• The SYS_FORCE_SC system function block is an interference-free function block. Do

not use it to input data to safety loops.



l SCS simulation testsSubsystem communication cannot be performed.The time-up period of the lock status monitoring time (CHKT) is different from actual SCS.SCS simulator only executes the application logics at 1 second scan period. Therefore, theSCS simulation can only run at 1 second scan period if the application logic scan period isspecified with a time shorter than 1 second.When the application logic scan period is shorter than 1 second, the time-up period becomeslonger than the time specified with the input parameter.


Table C11.10-2 Arguments of SYS_FORCE_SC in logic simulation test


IN UNLK Invalid Invalid. Data is not forcibly unlocked regardless of the input value.


OUT LOCK FALSE Output as no data is locked.

TUP FALSE

<C11.10 SYS_FORCE_SC (subsystem communication data forcing status management) > C11-21


C11.11 SYS_STAT_SC (subsystemcommunication output status indicator)

The SYS_STAT_SC system function block manages the output enable status in subsystemcommunication.

OTEN

SYS_STAT_SC

RUN

C101001E.ai Figure C11.11-1 SYS_STAT_SC

n Arguments

Table C11.11-1 Arguments of SYS_STAT_SC


IN RUN BOOL Output enable operation in subsystem communicationFALSE to TRUE: Perform the output enable operation in subsystemcommunication.Other: Do nothing.

OUT OTEN BOOL Output enable status in subsystem communicationTRUE: Output enabled.FALSE: Output disabled.

n DescriptionThe SYS_STAT_SC is a system function block used for managing the output status in sub-system communication. The output enable operation is normally performed from the SENG.By using a SYS_STAT_SC block, only the subsystem communication outputs can be enabledfrom the application logic.The output enable operation is performed when the input of RUN has changed from FALSE toTRUE. Set RUN to FALSE if the output enable operation is not performed.To enable safety outputs or outputs in inter-SCS safety communication, use the SYS_STATsystem function block.

n Remarks• The SYS_STAT_SC system function block is an interference-free function block. Do not

use it to input data to safety loops.



l SCS simulation testsSubsystem communication cannot be performed.The input/output parameters of the SYS_STAT_SC function block operate in the same way asin the actual SCS.


<C11.11 SYS_STAT_SC (subsystem communication output status indicator) > C11-22


Table C11.11-2 Arguments of SYS_STAT_SC in logic simulation tests


IN RUN Invalid Invalid

OUT OTEN TRUE Always outputs TRUE.

<C11.11 SYS_STAT_SC (subsystem communication output status indicator) > C11-23


C12. Function blocks for data buffering(Interference-free FB)

Function blocks for data buffering function are available only in SCSU1 that is configured forFAST/TOOLS integration.

SEEALSO For more information about Details of function blocks for data buffering, refer to:

Appendix 1.1, “Function blocks for data buffering function” in Integration with FAST/TOOLS (IM32Q56H20-31E)

<C12. Function blocks for data buffering (Interference-free FB)> C12-1


C13. Function blocks for gas flow ratecalculation (Interference-free FB)

Function blocks for gas flow rate calculation are available only in SCSU1 that is configured forFAST/TOOLS integration.

SEEALSO For more information about Details of function blocks for gas flow rate calculation, refer to:

Appendix 1.2, “Function blocks for gas flow rate calculation function” in Integration with FAST/TOOLS(IM 32Q56H20-31E)

<C13. Function blocks for gas flow rate calculation (Interference-free FB)> C13-1


C14. Function blocks for DNP3communication (Interference-freeFB)

The function block for DNP3 communication can be used only in SCSU1 of R3.02.20 or later.

SEEALSO For more information about Details of function blocks for DNP3 communication, refer to:

D4., “DNP3 communication FBs” in Open Interfaces (IM 32Q05B10-31E)

<C14. Function blocks for DNP3 communication (Interference-free FB)> C14-1


D. Integration with CENTUMThis part explains the following functions which are used when ProSafe-RS is integrated withCENTUM:• Basic functions of SCS

• Interface with CENTUM by tag names

• Override operations from an operation and monitoring station (HIS) of CENTUM

• Configuration and behaviors of manual operation function blocks

• External communication function blocks

• SCS Global Switch communication

<D. Integration with CENTUM > D-1


D1. Integration with CENTUMThe main purposes of integrating with CENTUM are as follows.• To monitor the controlling status of SCS with an HIS

• To notify errors on the field side to operators via process alarm messages

• To set data to an SCS

• To integrate system alarms

This chapter explains the SCS functions for integrating with CENTUM.

SEEALSO For more information about CENTUM integration, refer to:

1., “Overview of CENTUM integration” in Integration with CENTUM VP/CS 3000 (IM 32Q01E10-31E)

n Application logics and CENTUM elementsIn the connection definitions for CENTUM integration, application logics and CENTUM ele-ments are associated in the manner shown in the table below. Since tag names are definedfor CENTUM elements, the user can monitor their statuses using the tag names.

Table D1-1 Correspondence between application logics and elementsApplication logic CENTUM element

Variable Internal variable (BOOL) %WB

Internal variable (DINT) %WB

Internal variable (REAL) %WB

I/O variable (IO_BOOL) %Z

I/O variable (IO_REAL) %WB

Function block Analog input function block with data status (ANLG_S), analoginput FB (ANLGI)• Velocity limit alarm FB (VEL)• Override FBs (OVR_B, OVR_I, OVR_R, OVR_IB, OVR_IR)• Grouping override FB

(GOV_B, GOV_IB)• Password FB (PASSWD)• Manual operation FB (MOB_11, MOB_21, MOB_RS, MOA)

%BL

External communication FB(ECW_B, ECW_I and ECW_R)

%WB

Subsystem communication I/O FB(SCI_B, SCI_I, SCI_R, SCO_B, SCO_I, SCO_R)

%WB

Annunciator FB (ANN, ANN_FUP) %AN

l Operation/monitoring using tag namesOperators can reference and set values of instances of application logics (function blocks de-fined as entities) using tag names from an HIS. It is also possible to reference and set datafrom data items of tag name.

l Process alarm message transmissionCENTUM elements collect errors on the field side detected in an application logic and sendprocess alarm messages to an HIS. Process alarm messages include messages sent bymapping blocks (%BL) and messages sent by annunciator elements (%AN).

<D1. Integration with CENTUM > D1-1


A process alarm message is sent at the execution timing of a mapping block or annunciatorelement. The occurrence/recovery time stamp attached to the messages is the time at whichthe application logic is executed. If several messages are generated in one second from thesame block and element, only the last two event messages are sent.

n Software inputs/outputsTwo of the software inputs/outputs supported by FCSs, common switch and annunciator, areavailable for use in SCSs.

Table D1-2 Software inputs and outputs available in SCSsName Support in SCS (*1) Element

Common switches Yes %SW

Global switch No %GS

Annunciator Yes %AN

Printout message (with printing, Historical) No %PR

Printout message (without printing, Historical) No %PR

Operation guide message No %OG

Multimedia start message No %VM

Sequence message request No %RQ

Supervisory computer event message No %CP

Supervisory computer message output for PICOT No %M3

Signal event message No %EV

SFC/SEBOL return event message output No %RE

*1: Yes: SupportedNo: Not supported

TIP The sent and received data through SCS Link Transmission cannot be accessed from HIS as accessing a%GS element. For accessing from HIS, an internal variable should be placed in application logics. The exam-ples below show how to connect the internal variable with SCS Link Transmission FB, and then define thevariable with a tag name on the Tag Name builder.

• For accessing the value of a sent data, the data connected to the sending FB should be branched so asto connect to a variable.

• For accessing the value of a received data, the output parameter of the receiving FB for the data valueshould be connected with a variable.

• For accessing the data status of a received data, the output parameter of the receiving FB for the datastatus should be connected with a variable.

l Common switches (Common switches for system)Since common switches for the system reflect the internal status of an SCS, they can be usedin the Graphic view of an HIS.The following table lists common switches for the system. Elements without a switch numbercannot be used in SCSs. You cannot assign a tag name to SCS common switches. Also, youcannot set a value to the SCS common switches. You cannot use the value of SCS Commonswitches in Application logic, either.

Table D1-3 Common switches for systemSwitch number Name Description

%SW0001 Initial cold start 1: Fixed (to initial cold start)

%SW0002 Continuous start 0: Fixed (to initial cold start)




Table D1-3 Common switches for system (Table continued)Switch number Name Description

%SW0004 (Reserved) Same as %SW0001

%SW0017 Right side CPU status 0: Normal1: Abnormal

%SW0018 Left side CPU status 0: Normal1: Abnormal

%SW0019 CPU node fan status 0: All nodes are normal1: At least one node is abnormal

%SW0020 CPU temperature status 0: All nodes are normal1: At least one node is abnormal

%SW0021 CPU node power supply module status 0: All nodes are normal1: Either the left or right module is ab-normal

%SW0022 I/O node power supply module status 0: All nodes are normal1: At least one node is abnormal

%SW0027 Right side CPU control status 1: Control0: Other

%SW0028 Left side CPU control status 1: Control0: Other

%SW0033 to 0042 Status of nodes 1 to 16 (*1) 0: Normal1: Abnormal

%SW0065 to 0072 CPU idle time per minute (seconds) 0 to 60 seconds (8-bit integer)

%SW0073 to 0080 Communication load per second (%) 0 to 100% (8-bit integer)

%SW0097 to 0104 CPU node input/output module status 0: Normal or no definition1: Abnormal

%SW0105 to 0176 Status of input/output module (each ofthe 8 slots) of the 2nd to the 10th no-des (I/O nodes)

0: Normal or no definition1: Abnormal

%SW0117 to 0208 (*2) Status of input/output module (each ofthe 8 slots) of the 11th to the 14th no-des (I/O nodes)

0: Normal or no definition1: Abnormal

*1: 0 is set for undefined nodes.*2: Applicable only for SCSP2

l Update intervalThe SCS internal status is reflected in common switches for the system at the intervals of thescan period of the external communication function.

n Plant hierarchyThe mapping blocks and elements assigned with tag names can be handled as the equip-ment objects in CENTUM plant hierarchies. By specifying the tag names of the SCS, the proc-ess alarm filtering and security settings for operation and monitoring can be performed on HISaccording to the plant hierarchy definition.

SEEALSO For more information about the plant hierarchy, refer to:

• "3. Plant Hierarchy" in the Human Interface Stations Reference Vol.2 (IM 33K03F22-50E)

• "E7. Plant Hierarchy" in the Reference Human Interface Station (IM 33M01A30-40E)

• "E10. Plant Hierarchy" in the Reference Human Interface Station (IM 33S01B30-01E)

For more information about how to perform engineering tasks related to the plant hierarchy, refer to:

2.1.8, “Plant hierarchy” in Integration with CENTUM VP/CS 3000 (IM 32Q01E10-31E)



l Relationship of SCS tag data and SCS with plant hierarchyAn SCS and the plant hierarchy have the following relationships.• It is possible to define upper level equipment names of an SCS at registering the SCS in

System View of CENTUM.

• An equipment name which is defined in the CENTUM Plant Hierarchy Builder can beused as the upper level equipment name of the mapping block or element.

• Define the upper level equipment names when defining tag names of mapping blocks andmapping elements in the Tag Name Builder of the SENG. The upper level equipmentnames are managed as UAIDs (User Application IDs) within the SCS.

• The UAID of mapping blocks/elements whose upper level equipment name is not definedin the Tag Name Builder is set to 0 and the upper level equipment is set to the local SCS.

l Changing UAID• The upper level equipment names of mapping blocks and mapping elements can be

changed via online change download as well. UAIDs of mapping blocks and mapping ele-ments newly added via online change download take the values corresponding to the up-per level equipment names defined in the Tag Name Builder.

• UAIDs managed by the SCS can be changed via operations from an HIS, SEBOL ofFCS, and OPC.

• UAIDs cannot be changed from an SCS's application logic.

l Precautions when UAIDs are changed from HIS and FCSAfter changing UAID from HIS, FCS or OPC for the SCS tag name, if you perform the follow-ing operations, the inconsistency of the UAID between HIS and SCS will occur.• Execute offline download to the SCS

• Reset and restart the SCS (when the SCS is reset and restarted, UAIDs of functionblocks take the values specified by the Tag Name Builder)

• Reset and restart the HIS (when the HIS is reset and restarted, UAIDs of the tag listmaintained on the HIS take the values specified by the Tag Name Builder)

IMPORTANTIf UAIDs do not match between the HIS and SCS, the security management on the HIS andprocess alarm filtering according to the plant hierarchy definitions no longer function correctly.If UAIDs are set from an HIS, FCS or OPC, be sure to set the UAIDs again from the HIS, FCSor OPC after SCS offline download or resetting and restarting the HIS and/or SCS.



D2. Tag name interfaces for CENTUMMapping blocks and mapping elements are created when you define tag names for functionblocks and variables in an application logic in Tag Name Builder. They allow accessing datausing the tag names from an HIS and FCS.

n Overview of mapping blocks/mapping elementsIn an CENTUM integration structure, mapping blocks/elements are created when users definetag names in Tag Builder in an SENG.Mapping blocks/elements map function blocks and variables of an application logic and pro-vide simple ways to interface with them via the tag names.

HIS

V net

Mapping blocks/elements

Mapping by the system

SCS

SENG

Tag Builder

Engineering function

Dow

nloa

d ap

plic

atio

n

Dat

a is

acc

esse

d us

ing

tag

nam

es a

s in

terfa

ces

Mapping element

Mapping block

Mapping element

Mapping block

Mapping element

Mapping block

Application logic

Variable

FB FB FB

Variable Variable

Figure D2-1 Mapping blocks/elements

l Data reference via tag name interface• By defining tag names in Tag Builder, it is possible to associate mapping elements with

internal variables of BOOL, integer or real number type of an application logic and refer-ence the data using the tag names.

• By defining tag names in Tag Builder, it is possible to associate mapping elements withI/O variables of an application logic and reference the data using the tag names.

• By defining tag names in Tag Builder, it is possible to associate mapping blocks/elementswith function blocks of an application logic and reference the data using the tag names.For example, an ANLG_S function block can be associated with a mapping block, whilean ANN function block can be associated with a mapping element. Specific functionblocks are associated with mapping blocks.

SEEALSO For more information about variables, elements, and FBs for which tag names can be defined, refer to:

“n List of mapping blocks/mapping elements” on page D2-3

l Data setting and alarm management by tag name interfaces• Operations on mapping blocks/elements (without influencing application logics)

<D2. Tag name interfaces for CENTUM > D2-1


It is possible to acknowledge process alarms and set operation marks (data item OPMK).If these operations are performed from an HIS, the data of the mapping blocks/elementschanges, but this does not cause any changes to variables and function blocks of appli-cation logics.

• Operations on variables and function blocks of an application logicOperations on mapping blocks/elements are reflected in the corresponding applicationlogic. The override operations, setting BOOL-type data with password, setting data withManual Operation FB, setting data via tag name and so on operations can be performed.

l Input/output terminalsNo input/output terminals are used for mapping blocks/elements of an SCS. Mapping blocks/elements are used to exchange data with variables and function blocks of the correspondingapplication block, and not for connection between with mapping blocks/elements.

<D2. Tag name interfaces for CENTUM > D2-2


D2.1 Overview of tag name interfacesIn this chapter, the following items regarding tag name interface for CENTUM will be ex-plained.• Types of mapping blocks and mapping elements for the FBs and variables

• Data size of mapping elements

• Common data items of mapping blocks and mapping elements

• Process alarms

n List of mapping blocks/mapping elementsFor keeping consistency with the data types of variables and the types of function blocks inthe application logics, the types of mapping blocks and mapping elements will be automatical-ly determined on Tag Name Builder according to the data types of variables and the types offunction blocks in the application logics.The table below lists mapping blocks/elements.

Table D2.1-1 Mapping blocks/elements

Classification Description

Applicationlogic definition Mapping block/element

Classifica-tion

Typename Type

Type name/element

nameInternal Variable BOOL type Internal vari-

ableBOOL Mapping ele-

ment%WB

Integer-type (32-bit) Internal vari-able

DINT Mapping ele-ment

%WB

Real number-type (32-bit) Internal vari-able

REAL Mapping ele-ment

%WB

I/O variable Discrete I/O structure IO_BOOL

Mapping ele-ment

%Z

Analog I/O structure IO_RE-AL

Mapping ele-ment

%WB

Data setting fromexternal device

Data setting (BOOL) FB ECW_B Mapping ele-ment

%WB

Data setting (integer) FB ECW_I Mapping ele-ment

%WB

Data setting (real number) FB ECW_R Mapping ele-ment

%WB

Analog input Analog input FB with data status FB ANLG_S

Mappingblock

S_ANLG_S

Analog input indication FB ANLGI Mappingblock

S_ANLGI

Velocity limit Velocity limit alarm FB VEL Mappingblock

S_VEL

Annunciator Annunciator FB ANN Mapping ele-ment

%AN

First-up alarm annunciator FB ANN_FUP

Mapping ele-ment

%AN


<D2.1 Overview of tag name interfaces > D2-3


Table D2.1-1 Mapping blocks/elements (Table continued)

Classification Description

Applicationlogic definition Mapping block/element

Classifica-tion

Typename Type

Type name/element

nameOverridefrom HIS

Override (BOOL) FB OVR_B Mappingblock

S_OVR_B

Override (integer) FB OVR_I Mappingblock

S_OVR_I

Override (real number) FB OVR_R Mappingblock

S_OVR_R

Override (discrete) FB OVR_IB

Mappingblock

S_OVR_IB

Override (analog) FB OVR_IR

Mappingblock

S_OVR_IR

Grouping override (BOOL) FB GOV_B Mappingblock

S_GOV_B

Grouping override (discrete) FB GOV_IB

Mappingblock

S_GOV_IB

Manual operation BOOL-type data manual operationFB with two-position answerback

FB MOB_11

Mappingblock

S_MOB_11

BOOL-type data manual operationFB with three-position answerback

FB MOB_21

Mappingblock

S_MOB_21

Auto-reset BOOL-type data man-ual operation

FB MOB_RS

Mappingblock

S_MOB_RS

Analog-type data manual opera-tion

FB MOA Mappingblock

S_MOA

Password Password entry FB PASSWD

Mappingblock

S_PASSWD

Subsystem com-munication I/O

Subsystem communication input(BOOL)

FB SCI_B Mapping ele-ment

%WB

Subsystem communication input(integer)

FB SCI_I Mapping ele-ment

%WB

Subsystem communication input(real number)

FB SCI_R Mapping ele-ment

%WB

Subsystem communication output(BOOL)

FB SCO_B Mapping ele-ment

%WB

Subsystem communication output(integer)

FB SCO_I Mapping ele-ment

%WB

Subsystem communication output(real number)

FB SCO_R Mapping ele-ment

%WB

n Size of memory used by communication inputs/outputsThe mapping elements corresponding to BOOL-type, DINT-type, REAL-type and IO_REAL-type variables and ECW_B, ECW_I and ECW_R function blocks of an application logic arecommunication inputs/outputs (%WB). The table below shows the maximum number of dataitems that can be mapped and the size of memory used by communication inputs/outputs.



Table D2.1-2 Size of memory used by communication inputs/outputsDescription in application logic Mapping ele-

mentSize of %WB

usedMaximum number of data items

that can be mappedBOOL-type variable %WB 1 bit 3200 data items in total

ECW_B FB %WB 1 bit

DINT-type variable %WB 2 words 900 data items in total

REAL-type variable %WB 2 words

IO_REAL-type variable %WB 2 words

ECW_I FB %WB 2 words

ECW_R FB %WB 2 words

SCI_B (FB) %WB 1 bit Up to 500 data items in total re-gardless of the size of an FB (1 bitor 2 words)SCI_I (FB) %WB 2 words

SCI_R (FB) %WB 2 words

SCO_B (FB) %WB 1 bit

SCO_I (FB) %WB 2 words

SCO_R (FB) %WB 2 words

n List of data items of mapping blocks/mapping elementsEach mapping block/mapping element has the following data items. See the explanation ofeach mapping block/mapping element for a detailed explanation of each data item.

Table D2.1-3 List of data items of mapping elements

Data item

FB (*1)

Internal variable I/O varia-ble

External com-munication FB

Annuncia-tor

Subsystemcommunication

inputs

Subsystemcommunication

outputs

BOOL

DINT

RE-AL

IO_BOO

L

IO_RE-AL

ECW_B

ECW_I

ECW_R

ANN/ANN_FUP

SCI_B

SCI_I

SCI_R

SCO_B

SCO_I

SCO_R

ALRM Yes

AOFS Yes

PV Yes Yes Yes Yes Yes Yes

PVI32 Yes Yes (*2) (*2)

PVF32 Yes Yes Yes Yes Yes

PVI16 (*2) (*2)

PVU16 (*2) (*2)

OPMK Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

UAID Yes

*1: Yes: The data item exists.*2: In the case of SCI_I/SCO_I, data items vary depending on the data type of communication inputs/outputs wired to function

blocks: PVI32 if the data type is signed 32-bit integer, PVI16 for signed 16-bit integer and PVU16 for unsigned 16-bit integer

Table D2.1-4 List of data items of mapping blocks for each FBs

Data itemFB (*1)

ANLG_S ANLGI VEL OVR_*

(*2)GOV_*

(*3)MOB_1

1MOB_2

1MOB_R

S MOA PASSWD

MODE Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes




Table D2.1-4 List of data items of mapping blocks for each FBs (Table continued)

Data itemFB (*1)

ANLG_S ANLGI VEL OVR_*

(*2)GOV_*

(*3)MOB_1

1MOB_2

1MOB_R

S MOA PASSWD

ALRM Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

AFLS Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

AF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

AOFS Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

INV Yes Yes Yes Yes Yes Yes Yes

PV Yes Yes Yes Yes Yes Yes Yes Yes Yes

HH Yes Yes

PH Yes Yes

PL Yes Yes

LL Yes Yes

HYS Yes Yes Yes

OPMK Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

UAID Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

SH Yes Yes Yes Yes

SL Yes Yes Yes Yes

VL Yes

MV Yes Yes Yes Yes Yes Yes Yes

VAL Yes Yes

OUTV Yes Yes

SW Yes Yes Yes Yes Yes Yes

SHDN Yes Yes Yes

SS Yes Yes

MTM Yes Yes Yes

FV Yes

SDV Yes

MSH Yes

MSL Yes

MH Yes

ML Yes

GRNO Yes

*1: Yes: The data item exists.*2: Indicates OVR_B, OVR_I, OVR_R, OVR_IB or OVR_IR.*3: Indicates GOV_B or GOV_IB.

n Data items common to mapping blocks/mapping elementsThis section explains data items common to mapping blocks and mapping elements.

l AOFS (alarm inhibition)AOFS is a data item indicating that the process alarm of the function block is inhibited.This item is not displayed on the HIS tuning view along with the data items, however, thealarm inhibition status can be identified by the color of the tag mark.



The data entry from HIS to this data item is possible. Using the button on the tuning view canchange the block into the alarm inhibition status.The status is as follows:• Not Inhibit Alarm: 0 (Default)

• Inhibit Alarm: 1

l OPMK (operation mark)This data item indicates operation marks assigned to mapping blocks and mapping elements.It is not displayed in the data item list of the HIS tuning view but operation marks can be as-signed using buttons in the tuning view.Data entry is also allowed.• Range

The range of OPMK is from 0 to 255.

• DefaultThe default value of OPMK is 0.

l UAID (user application ID)This data item indicates UAIDs corresponding to the upper level equipment names in theplant hierarchy, assigned to mapping blocks.It is not displayed in the data item list of the HIS tuning view, but data entry is allowed.The default value is the value specified in the Tag Name Builder.

l MODE (block mode)This data item indicates block mode.Whether or not the block mode can be displayed on the HIS tuning view and instrument face-plate, what kind of modes a block can have varies with the types of the mapping blocks.The mode may change according to the parameter changes of the function block, but cannotbe changed from HIS.The following modes are available:• O/S (Out of Service)

This is the initial status of a mapping block that all functionalities are not functioning.When SCS is working in normal state, the mapping block will not work in this mode.

• MAN (Manual)This is a mode that the output can be manually manipulated.

• IMAN (Initialization Manual)This is a mode that the output is disabled.This block mode exists together with other block mode.

• AUT (Automatic)This is a mode that the output of the function block is enabled.

The default mode of the function block is O/S(AUT), it means the function block is shiftingfrom O/S to AUT mode. (O/S(AUT) is a transition mode.)

l AFLS (alarm flashing status)This data item is not supported. Do not change the data of this item from CENTUM.

l AF (alarm detection)This data item is not supported. Do not change the data of this item from CENTUM.



n Process alarmsProcess alarms notify process errors detected by the application logic as alarm messages forCENTUM. Though the process alarms are sent by mapping blocks, when the process alarmsare displayed on HIS window to indicate abnormality or recovery events, the timestamps ofthe events will be the reception time that HIS receives the alarms.Each mapping block provides the following process alarms. Check the explanation of individu-al function blocks associated with mapping blocks for details of process alarms.

Table D2.1-5 Process alarms generated from mapping blocks

AlarmStatus

Mapping block (*1)

S_ANL-GI

S_ANLG_S S_VEL

S_OVR_*

(*2)

S_GOV_*

(*3)S_PASS

WDS_MOB

_21S_MOB

_11S_MOB

_RS S_MOA

NR (*4) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

IOP Yes Yes Yes

OOP Yes Yes Yes

HTRP Yes Yes

LTRP Yes Yes

HHH Yes Yes

LLL Yes Yes

OVR Yes Yes

PWON Yes

PERR Yes

ANS+ Yes Yes Yes

ANS- Yes Yes Yes Yes

VEL+ Yes

VEL- Yes

*1: Yes: Corresponding process alarm is generated*2: Indicates S_OVR_B, S_OVR_I, S_OVR_R, S_OVR_IB or S_OVR_IR.*3: Indicates S_GOV_B or S_GOV_IB.*4: NR is the status set when other process alarms are not generated. Process alarms are displayed on an HIS in the order in

the table with the highest priority on the top item.



D2.2 Tag name interfaces for internal variablesand I/O variables

It is possible to define mapping elements for internal variables and I/O variables to referencethe data with tag name interfaces. If you define tag names using the Tag Name Builder forBOOL, DINT or REAL-type internal variables, mapping elements are created in the communi-cation input/output (%WB) area.If you define tag names for discrete I/O variables, they are associated with %Z mapping ele-ments. If you define tag names for analog I/O variables, they are associated with %WB map-ping elements.

n Data items of mapping elements associated with internal variablesAll mapping elements of internal variables provide the OPMK data item.

SEEALSO For more information about an explanation of OPMK (Operation Mark), refer to:

“n Data items common to mapping blocks/mapping elements” on page D2-6

l Data items of mapping elements (%WB) associated with BOOL-typevariables (PV)

Boolean values of BOOL-type internal variables are displayed as PV. It is displayed in the HIStuning view and the parameter display area of instrument faceplate, and will be a target of da-ta collection for tuning trend. Data entry from an HIS is not allowed.The range is 0 or 1.

l Data items of mapping elements (%WB) associated with DINT-type variable(PVI32)

Integer values of DINT-type internal variables are displayed as PVI32. It is displayed in theHIS tuning view and the parameter display area of instrument faceplate. Data entry from anHIS is not allowed.The range is all signed 32-bit integers.

l Data items of mapping elements (%WB) associated with REAL-typevariables (PVF32)

Real values of REAL-type internal variables are displayed as PVF32. It is displayed in the HIStuning view and the parameter display area of instrument faceplate. Data entry from an HIS isnot allowed.The range is all single precision real numbers.

n Data items of mapping elements associated with I/O variablesMapping elements of I/O variables commonly support the OPMK data item.

SEEALSO For more information about an explanation of OPMK (Operation Mark), refer to:


<D2.2 Tag name interfaces for internal variables and I/O variables > D2-9


l Data items of mapping elements (%Z) associated with IO_BOOL-typevariables (PV)

Discrete data values are displayed as PV. It is displayed in the HIS tuning view and the pa-rameter display area of instrument faceplate, and will be a target of data collection for tuningtrend. Data entry from an HIS is not allowed.The range is 0 or 1.

l Data items of mapping elements (%WB) associated with IO_REAL-typevariables (PVF32)

Analog data real values are displayed as PVF32. It is displayed in the HIS tuning view and theparameter display area of instrument faceplate. Data entry from an HIS is not allowed.The range is all single precision real numbers.

n Data access via process input/output terminal numbers (%Z)Process input/output terminal numbers (%Z) corresponding to IO_BOOL type I/O variablesare outlined below.• Discrete inputs and outputs are accessed not only via tag names but also process input/

output terminal numbers.

• 0 is obtained if data of input/output channels whose I/O variables are not wired is refer-enced via process input/output terminal number.

l Specification syntax%Znnusmm

%Z:nn:u:s:mm:

Process input/output identifier (fixed to %Z): Node number (01 to 14)Slot number (1 to 8)Segment number (fixed to 1)Terminal number (01 to 16)

n Data items used to reference data statusThe table below lists data items used to reference the data status of I/O variables using tagname interfaces.

Table D2.2-1 Referencing data status by tag namesMapping ele-

ment Description Data item used fordata reference

Data item used for datastatus reference

%Z Discrete (IO_BOOL type) inputs andoutputs

PV #PV (*1)

%WB Analog (IO_REAL type) inputs and out-puts

PVF32 #PVF32 (*1)

*1: The bit arrangement of the data status that can be referenced with #PV and #PVF32 is the same as the format used for FCS.

n Input/output status information that can be referenced from HIS andFCS of CENTUM

The I/O status information, which is the basis of the data status of I/O variables, is stored inthe CPU. The status information is 32-bit data and structured in the same way as for an FCS.



This 32-bit data is transmitted when HISs and FCSs reference the status of inputs and out-puts of an SCS.The data status of I/O variables is determined by whether or not the BAD status bit is on.

n Logical data of I/O variablesData corresponding to an I/O variable consists of physical data and logical data. Physical datais concrete data such as data input from sensors and data output to actuators. Logical data isthe data that can be referenced via an application logic.The data read by tag name interfaces is logical data. The following table shows how to ac-cess data via mapping elements associated with I/O variables.

Table D2.2-2 Access to logical data of I/O variables via tag namesDiscrete Analog

Reading (logical data) • Tag name defined for a discrete I/O variable(%Z)

• Process input/output terminal number (%Z)

Tag name defined for an analoginput variable (%WB)

Writing Not possible Not possible

Dictionary View of SCS Manager can display both physical data and logical data of I/O varia-bles.

SEEALSO For more information about physical data and logical data, refer to:

A4.2, “I/O variable” on page A4-4

n Conditions under which tag names can be specifiedThe conditions under which it is allowed to define tag names and assign mapping elementsfor I/O variables are explained in this section. Discrete I/O variables are of the IO_BOOL typeand analog I/O variables are of the IO_REAL type. Specify the Direction attribute for thesevariables in Dictionary View of SCS Manager. There are three options for the Direction attrib-ute: Input, Output and Internal.• Specify the Input attribute for input variables. When the Input attribute is specified, the

variable can be connected to a channel of an input module in Wiring View.

• Specify the Output attribute for output variables. When the Output attribute is specified,the variable can be connected to a channel of an output module in Wiring View.

It is possible to define tag names for IO_BOOL-type and IO-REAL type variables in Tag Build-er. The table below shows whether or not tag names can be defined with the Direction attrib-ute. Tag names can be defined for variables with either the Input or Output attribute.

Table D2.2-3 Direction attribute of variables and tag name assignmentDirection (*1)

Input Output InternalIO_REAL OK OK NG

IO_BOOL OK OK NG

*1: OK: Tag name can be specifiedNG: Tag name cannot be specified



D2.3 Tag name interfaces of function blocksBy specifying tag names for function blocks using the Tag Name Builder and associatingthem with mapping blocks/mapping elements, it becomes possible to call them via the tagnames from CENTUM and notify process alarms.This section explains mapping blocks and mapping elements of the following function blocks.• Analog input function blocks with data status (ANLG_S)

• Analog input indication (ANLGI)

• Velocity limit alarm (VEL)

• Annunciator (ANN)

• First-up alarm annunciator (ANN_FUP) (*1)

• Subsystem communication inputs/outputs (SCI_B, SCI_I, SCI_R, SCO_B, SCO_I,SCO_R)

*1: Applicable only when integrated with CENTUM VP R4.02 or later.

SEEALSO For more information about override FB, refer to:

D3.2, “Tag name interfaces and process alarms of override function blocks” on page D3-4

For more information about the grouping override FB, refer to:

D3.4, “Tag name interfaces and process alarms of grouping override function block” on page D3-12

For more information about password FB, refer to:

D3.7, “Tag name interfaces and process alarms of password function blocks” on page D3-21

For more information about BOOL-type data manual operation function block with answerback (MOB_11), re-fer to:

D4.1.6, “Tag name interfaces and process alarms of MOB_11 and MOB_21” on page D4-16

For more information about auto-reset BOOL-type data manual operation, refer to:

D4.2.2, “Tag name interfaces and process alarms of MOB_RS” on page D4-26

For more information about analog-type data manual operation, refer to:

D4.3.2, “Tag name interfaces and process alarms of MOA” on page D4-32

For more information about external communication function blocks, refer to:

D5.2, “Tag name interfaces of external communication function blocks” on page D5-3

n Data items of mapping blocks associated with analog input functionblocks with data status (ANLG_S)

Mapping blocks associated with analog input function blocks with data status are S_ANLG_S.Among the data items of mapping blocks, the data items unique to S_ANLG_S are explainedhere. All of these data items are displayed in the HIS tuning view with the exception of MODEand INV. Note that data entry for these data items from an HIS is not allowed.

SEEALSO For more information about an explanation of MODE (Block mode), AFLS (Alarm flashing status), AF (Alarm

detection), AOFS (Alarm inhibition), OPMK (Operation mark), and UAID (User application ID), refer to:


l MODE (block mode)This data item indicates block mode.

<D2.3 Tag name interfaces of function blocks > D2-12


The default value of MODE is O/S (AUT).

l ALRM (alarm status)This data item displays alarm status.The default value of ALRM is NR.

l INV (input value)This item is associated with the IN parameter (analog input) of ANLG_S.• Range

INV is normalized data (0 to 100 %) or a physical quantity.

• DefaultThe default value of IN (0) of ANLG_S is reflected in the default value of INV.

l PV (scale conversion value)This data item is associated with the OUT parameter (analog output) of ANLG_S. It is dis-played in the parameter display area of instrument faceplate and will be a target of data col-lection for tuning trend.In the SCS databases created by R1.03.00 or later versions, the PV data are affixed with datastatus signals. When the data status of IN signal of ANLG_S becomes BAD, the data statusof PV will be set as BAD. However, the data status only indicates BAD. IOP, NFP or other sta-tuses will be ignored.

TIP • To affix the data status, the item [PV Status of S_ANLG_S] on SCS tab of SCS Constants Builder needsto be defined.

• When the database is created, the PV data are affixed with data status signals at default setting. Howev-er, if the above setting is not defined, when CENTUM station read the PV, even though the PV has datastatus signal, the PV will be always marked as Normal regardless the actual data status.

• In the SCS database created by R1.02, the PV of ANLG_S does not have data status signal.

• RangePV is normalized data (0 to 100 %) or a physical quantity.

• DefaultThe default value of PV is the SL specified in Tag Name Builder.

l HH (high trip setting level)This data item is associated with the HH parameter (HI trip setting level) of ANLG_S. The HHvalue of ANLG_S is reflected in this item.

l PH (high pre-alarm setting level)This data item is associated with the PH parameter (HI pre-alarm setting level) of ANLG_S.The PH value of ANLG_S is reflected in this item.

l PL (low pre-alarm setting level)This data item is associated with the PL parameter (LO pre-alarm setting level) of ANLG_S.The PL value of ANLG_S is reflected in this item.

l LL (low trip setting level)This data item is associated with the LL parameter (LO trip setting level) of ANLG_S. The LLvalue of ANLG_S is reflected in this item.



l HYS (hysteresis)This data item is associated with the HYS parameter (hysteresis) of ANLG_S. The HYS valueof ANLG_S is reflected in this item.

l SH (scale high limit)This data item displays the scale high limit defined using the Tag Name Builder.

l SL (scale low limit)This data item displays the scale low limit defined using the Tag Name Builder.

n Data items of mapping blocks associated with analog input functionblocks (ANLGI)

Mapping blocks associated with analog input indication function blocks are S_ANLGI.Among the data items of mapping blocks, the data items unique to S_ANLGI are explainedhere. All of these data items are displayed in the HIS tuning view with the exception of MODEand INV. Note that data entry for these data items from an HIS is not allowed.



“n List of data items of mapping blocks/mapping elements” on page D2-5

l MODE (block mode)This data item indicates block mode.The default value of MODE is O/S (AUT).


l INV (input value)This data item is associated with the IN parameter (analog input) of ANLGI.• Range

INV is normalized data (0 to 100 %) or a physical quantity.

• DefaultThe default value of IN (0%) of ANLGI is reflected in the default value of INV.

l PV (scale conversion value)This data item is associated with the OUT parameter (output value) of ANLGI. It is displayedin the parameter display area of instrument faceplate and will be a target of data collection fortuning trend.• Range

PV is normalized data (0 to 100 %) or a physical quantity.




l HH (high trip setting level)This data item is associated with the HH parameter (High trip setting level) of ANLGI. The HHvalue of ANLGI is reflected in this item.

l PH (high pre-alarm setting level)This data item is associated with the PH parameter (High pre-alarm setting level) of ANLGI.The PH value of ANLGI is reflected in this item.

l PL (low pre-alarm setting level)This data item is associated with the PL parameter (Low pre-alarm setting level) of ANLGI.The PL value of ANLGI is reflected in this item.

l LL (low trip setting level)This data item is associated with the LL parameter (Low trip setting level) of ANLGI. The LLvalue of ANLGI is reflected in this item.

l HYS (hysteresis)This data item is associated with the HYS parameter (hysteresis) of ANLGI. The HYS value ofANLGI is reflected in this item.



n Data items of mapping blocks associated with velocity limit alarmfunction blocks (VEL)

Mapping blocks associated with velocity limit alarm function blocks are S_VEL.Among the data items of mapping blocks, the data items unique to S_VEL are explained here.All of these data items are displayed in the HIS tuning view with the exception of MODE. Notethat data entry for these data items from an HIS is not allowed.








l PV (output value)This data item is associated with the OUT parameter (output value) of VEL. It is displayed inthe parameter display area of instrument faceplate and will be a target of data collection fortuning trend.• Range

PV is normalized data (0 to 100 %) or a physical quantity.


l VL (velocity limit alarm setting value)This data item is associated with the VL parameter (velocity limit alarm setting level) of VEL.• Default

The VL value of VEL is reflected in this item.

l HYS (hysteresis)This data item is associated with the HYS parameter (hysteresis) of VEL. The HYS value ofVEL is reflected in this item.



n Data items of mapping elements associated with annunciatorfunction blocks (ANN)

Annunciator messages are message outputs that simulate behaviors of annunciator panels ofinstrument faceplate on an HIS. When you create ANN function blocks for the application log-ic, %AN mapping elements are created as well. By defining %AN messages in the Tag NameBuilder, annunciator messages can be checked from an HIS. Tag name definition is not man-datory.

SEEALSO For more information about an explanation of AOFS (Alarm inhibition), OPMK (Operation mark), and UAID

(User application ID), refer to:


l ALRM (alarm status)This data item displays alarm status. It is displayed in the HIS tuning view but data entry froman HIS is not allowed.The default value of ALRM is NR.

l PV (input value)This data item is associated with the IN parameter (input value) of ANN. It is displayed in theHIS tuning view and the parameter display area of instrument faceplate, and will be a target ofdata collection for tuning trend. Data entry from an HIS is not allowed.• Range

The range of PV is 0 or 1.

• Default



The default value of IN (0) of ANN is reflected for the default value of PV.

n Data items of mapping elements associated with first-up alarmannunciator function blocks (ANN_FUP)

The first-up alarm annunciator function block has the function to identify the first signal thatshifts to the safe state within the same group. The annunciator message is output only whenthe received signal is the first safe state signal in the group to which the function block be-longs.When you create ANN_FUP function blocks for the application logic, %AN mapping ele-ments are created as well. By defining %AN messages in the Tag Name Builder, annunciatormessages can be checked from an HIS (*1). Tag name definition is not mandatory.Data items of this mapping block are exactly the same as the annunciator function block.

*1: Checking annunciator messages from HIS is supported only when integrated with CENTUM VP R4.02.

n Data items of mapping elements associated with subsystemcommunication inputs/outputs

When you create tag names for SCI_B, SCI_I, SCI_R, SCO_B, SCO_I and SCO_R functionblocks in the Tag Name Builder, mapping elements are created in the communication input/output (%WB) area.Among the data items of mapping elements, the data items unique to subsystem communica-tion inputs/outputs are explained here.

SEEALSO For more information about an explanation of OPMK (Operation mark), the data item that has subsystem

communication inputs and outputs, refer to:


l %WB data items associated with SCI_B and SCO_B (PV: BOOL data)Mapping elements of SCI_B and SCO_B function blocks have PV (BOOL data) data items.This data item displays BOOL-type data of the function blocks. It is displayed in the HIS tun-ing view and the parameter display area of instrument faceplate, and will be a target of datacollection for tuning trend. Data entry from an HIS is not allowed.The range is 0 or 1.

l %WB data items associated with SCI_I and SCO_IIn the case of SCI_I and SCO_I, data items of mapping elements vary depending on the datatype of communication inputs/outputs (%WB) wired to the function blocks.Each data item displays integer data of the associated function block and is displayed in theHIS tuning view and the parameter display area of instrument faceplate. Data entry from anHIS is not allowed.Data items for each data type of communication inputs/outputs are as follows.• PVI32 (integer data)

This data item is used when the data type of communication inputs/outputs wired to theassociated function block is signed 32-bit integer.The range is all signed 32-bit integers.

• PVI16 (integer data)This data item is used when the data type of communication inputs/outputs wired to theassociated function block is signed 16-bit integer.The range is all signed 16-bit integers.



• PVU16 (integer data)This data item is used when the data type of communication inputs/outputs wired to theassociated function block is unsigned 16-bit integer.The range is all unsigned 16-bit integers.

l %WB data items associated with SCI_R and SCO_R (PVF32: real numberdata)

Mapping elements of SCI_R and SCO_R function blocks have PVF32 (real number data) da-ta items.This data item displays the real number data value of the associated function block. It is dis-played in the HIS tuning view and the parameter display area of instrument faceplate. Dataentry from an HIS is not allowed.The range is all single precision real numbers.



D3. Override operation from HISThe override operations can be carried out from an HIS to an SCS. To perform the overrideoperation, an override function block or grouping override function block is used. Using group-ing override function blocks allows you to manage these function blocks as a group. Thischapter explains the following points related to override operations from an HIS.• Overview of override function blocks

• Tag name interfaces and process alarms of override function blocks

• Overview of grouping override function blocks

• Tag Name Interfaces and Process Alarms of Grouping Override Function Block

• Status Management of Function Blocks Used for Override

• Management of override using password function block

• Tag Name Interfaces and Process Alarms of Password Function Blocks

n Function blocks related to override operationsDuring the normal operation of SCS, the operation override is performed from an HIS to fixthe variable value to a predefined value that is different from the actual value.The operation uses an override function block or grouping override function block, and is per-mitted by hardware switch or the password function block.The following function blocks are supported for override operation.

Table D3-1 Function blocks related to override operationsType of FB Name of FB Description

override FB OVR_B BOOL-type data override

OVR_I Integer-type data override

OVR_R REAL-type data override

OVR_IB IO_BOOL-type data override

OVR_IR IO_REAL-type data override

Groupingoverride FB

GOV_B BOOL-type data grouping override

GOV_IB IO_BOOL-type data grouping override

Password FB PASSWD Password

<D3. Override operation from HIS > D3-1


D3.1 Overview of override FBTo perform override to the data from HIS that is not required for group management, theOverride function block can be used. An override function block is provided for each datatype.

n Mechanism of override function blocksThe following figure illustrates an example where an input variable is overridden using anoverride function block for IO_BOOL-type variable (OVR_IB). In the example of overriding aninput variable, the override function block is positioned immediately after the variable to beoverridden.

OVR_IB

STS

IN OUT

VAL

SW

<IO_BOOL-Type data> IO_BOOL-Type variable

Override permission (BOOL-Type variable)

TRUE

Figure D3.1-1 Example of using OVR_IB function block for an input variable

In the normal status where the variable is not overridden, the OVR_IB function block outputsthe data input via input parameter IN as is from output parameter OUT. When an override op-eration is specified from the HIS via the mapping block, the OVR_IB function block outputsthe value specified for input parameter VAL (TRUE in this case) from output parameter OUT.During overriding, the data status of output parameter OUT is always TRUE (GOOD). If theoverride operation is canceled from the HIS, the OVR_IB function block outputs the data inputvia input parameter IN as is from output parameter OUT again.A BOOL-type variable is specified for input parameter SW of the OVR_IB function block. Un-der normal circumstances, this BOOL-type variable is set to be an input variable from a keyswitch. If the user operates the key switch, the BOOL-type variable value changes. If theBOOL-type variable becomes TRUE, input parameter SW of OVR_IB also becomes TRUE,and an override operation is permitted. If the variable becomes FALSE, the override operationis prohibited.Note that the override operation is not canceled even if input parameter SW changes fromTRUE to FALSE while the override instruction is active; output parameter OUT keeps on out-putting the value specified for input parameter VAL.

TIP It is possible to change values of BOOL-type variables by entering data along with the correct password fromthe faceplate of an HIS by using the password function block. Utilizing this mechanism, it can be specifiedwhether or not to allow override operations using the password function instead of using hardware such as akey switch.

SEEALSO For more information about the password function block, refer to:

C5.3, “PASSWD (password)” on page C5-8

For more information about the engineering tasks involved in override function blocks, refer to:

2.1.5, “Engineering for overriding from HIS” in Integration with CENTUM VP/CS 3000 (IM32Q01E10-31E)

<D3.1 Overview of override FB > D3-2


n Data status of I/O variablesOVR_IB and OVR_IR are override function blocks for IO_BOOL-type variables and IO_REAL-type variables, respectively. These override function blocks fix the data status of output pa-rameter OUT of the associated variables to TRUE (GOOD), which is output when the varia-bles are placed in the override status.The figure below illustrates a usage example of the override function block for IO_REAL-typevariables. When the override status of the function block is activated via a mapping block froman HIS, output parameter OUT outputs the following.• The data value of OUT (member "v" of structure IO_REAL) is set to the value input via

input parameter VAL, which is then output to the output side. The output is fixed to 20.0 inthe example of the figure below.

• The data status of OUT (member "status" of structure IO_REAL) is fixed to TRUE(GOOD).

OVR_IR

STS

IN OUT

VAL

SW

IO_REAL-Type input variable <IO_REAL-Type data>

20.0

Override permission (BOOL-Type variable)

Figure D3.1-2 Override of IO_REAL-type variable

When the override operation of the function block is activated, the data status of output pa-rameter OUT is fixed to TRUE (GOOD) but the data status of input variables connected to in-put parameter IN is not influenced. If the override function block is placed in the override sta-tus, only output parameters OUT and STS change.

<D3.1 Overview of override FB > D3-3


D3.2 Tag name interfaces and process alarmsof override function blocks

To be able to perform override operations from an HIS using an override function block, it isnecessary to define the tag name in the Tag Name Builder and associate it with a mappingblock.

n Mapping blocks associated with override function blocksThe following table shows mapping blocks associated with override function blocks.

Table D3.2-1 Mapping blocks associated with override function blocksOverride FB type Mapping block type

OVR_B S_OVR_B

OVR_I S_OVR_I

OVR_R S_OVR_R

OVR_IB S_OVR_IB

OVR_IR S_OVR_IR

SEEALSO For more information about the procedure to define mapping blocks of override function blocks, refer to:

2.1.5, “Engineering for overriding from HIS” in Integration with CENTUM VP/CS 3000 (IM32Q01E10-31E)

n Settings in the Tag Name BuilderTo be able to perform override operations from an HIS, it is necessary to make settings forinstances of override function blocks in the Tag Name Builder.Use the Tag Name Builder to make specification for alarms during override operation and an-swerback error alarms.• Override ON alarm

Specify either [Yes] or [No].The default is [Yes].

• Answerback error alarmSpecify either [Both] or [No].The default is [Both].

SEEALSO For more information about items defined in the tag name builder, refer to:


n Data items of mapping blocks associated with override functionblocks

Among the data items of mapping blocks, the data items unique to mapping blocks of overridefunction blocks are explained here. All of these data items are displayed in the HIS tuningview with the exception of MODE. Note that data entry for these data items from an HIS isallowed only for MV.

<D3.2 Tag name interfaces and process alarms of override function blocks > D3-4







l PV (answerback input value)This data item displays the override status and will be a target of data collection for tuningtrend.• Associating parameters of function blocks

The STS parameter (override status) of override function blocks is associated with PV.

• RangeThe range of PV is 0 or 1.

• Correspondence between changes of the parameter value of override function blocks andchanges of PVIf STS of an override function block is TRUE, PV=1 and override operations from an HISare executed.

• DefaultThe default value of STS (0) is reflected in the default value of PV.

l MV (manipulated output value)Override operations are permitted if SW of an override function block is 1, and MV can be ma-nipulated from an HIS. This item will be a target of data collection for tuning trend.• Range

The range of MV is 0 or 1.

• DefaultThe default value of MV is 0.

l INV (input value)This data item is associated with the IN parameter (input) of an override function block This isdisplayed in the parameter display area of instrument faceplate. This value is output fromOUT when no override operation is performed. The IN value of an override function block isreflected in this item.

l VAL (fixed value)This data item is associated with the VAL parameter (override value) of an override functionblock This is displayed in the parameter display area of instrument faceplate. This value isoutput from OUT when override operations are performed. The VAL value of an override func-tion block is reflected in this item.



l OUTV (output value)This data item is associated with the OUT parameter (output value) of an override functionblock This is displayed in the parameter display area of instrument faceplate. The OUT valueof an override function block is reflected in this item.

l SW (switch)This data item is associated with the SW parameter of an override function block. The rangeis 0 or 1. Override operations are permitted when the value of SW is 1. The SW value of anoverride function block is reflected in this item.

n Process alarmMapping blocks of the override function blocks generate two types of process alarms, over-ride ON and answerback error alarms. It is possible to specify whether or not to initiate thisprocess alarms using the Tag Name Builder.

l Answerback error alarmsAnswerback error alarms can be used to examine whether or not an override operation froman HIS is functioning as instructed. A mapping block mediates the override operation betweena faceplate on the HIS side and an override function block.

D030201E.ai

HIS Control bus Application logic

Mapping block

OVR_B

VAL

STS

TAG0301 Internal variable

<BOOL data> BOOL variable IN OUT

SCS

SW <BOOL data>

TRUE ON

OFF

MV PV

PV MV

TAG0301

Faceplate

PV

MV

Figure D3.2-1 Flow of data between override function block and mapping block

If you perform an override operation from the faceplate of the HIS, the mapping block storesthe value "1", which means "instruct override", in its own data item MV. The data of MV is thenset to the internal variable of the override function block. The override function block exam-ines the validity of the set data. If the data is considered valid, the override function blockgoes into override condition and changes the STS from FALSE to TRUE.The mapping block reads the STS value of the override function block into the PV of the map-ping block at the next scan period. The scan period of the mapping block is the same as thescan period of the external communication function. The default value is 1 second.If the value (MV) instructed by the mapping block and the status value (PV) read back fromthe STS output of the override function block do not match, the mapping block generates ananswerback error alarm. If they match later, the mapping block recovers from the answerbackerror alarm.An answerback error alarm is generated under the following conditions.• ON side answerback error alarm (ANS+)

MV = 1 and PV ≠ 1



• OFF side answerback error alarm (ANS-)MV = 0 and PV ≠ 0

The mapping block recovers from an answerback error alarm under the following conditions.• ON side answerback error alarm (ANS+)

When PV changes to 1 or MV changes to a value other than 1

• OFF side answerback error alarm (ANS-)When PV changes to 0 or MV changes to a value other than 0

l Override ON alarmOverride ON alarms can be used to notify an operator that the function block corresponding tothe tag name of an SCS is being overridden. A mapping block generates an override ONalarm if an override function block is placed in the override status. Once the override status iscanceled, the mapping block recovers from the override ON alarm.An override ON alarm is generated under the following condition.• PV = 1 (STS of the override function block is 1)

The mapping block recovers from an override ON alarm under the following condition.• PV = 0 (STS of the override function block is 0)



D3.3 Overview of grouping override functionblock

When it is necessary to exclusively manage override operations from an HIS to multiple dataitems, grouping override function blocks can be used.Types of grouping override function block are shown below.• GOV_B BOOL-type data grouping override

• GOV_IB IO_BOOL-type data grouping override

This section explains the following functions of grouping override function block. GOV_B andGOV_IB differ only in the type of data they can handle. Their basic functions are identical.• Group function

• Override permit switch

• Override enable status

• Block mode

• Override status cancel function

• Data status for OUT parameter of GOV_IB function block

• Operation of grouping override function block

n Group functionBy using a grouping override function block, it is possible to restrict the override operation ofmultiple data items that are defined as a group to only one at a time. Multiple groups can bedefined within an SCS. The override operations can be performed simultaneously to groupingoverride function blocks that belong to separate groups.There are no limits to the number or types of grouping override function blocks that can bedefined as a group. Both GOV_B and GOV_IB can be included in a same group.• If the override operation is performed for a grouping override function block in a group,

the operation cannot be performed on other function blocks in the same group until itcompletes. When the override operation is attempted simultaneously on another functionblock within the same group, the override operation for that function block will be disa-bled.

• It is also possible to enable the override operation for individual function blocks, withoutgrouping, using a grouping override function block.

l Group numberGroup number is defined for GRP. Multiple groups can be defined by assigning different groupnumbers.• Up to 128 groups can be managed by a single SCS. Specify a group number (1 to 128)

for GRP.

• When the group number is set to 0, that grouping override function block does not belongto any group. The number limitation on simultaneous operations will be invalid, and theoverride operation can be performed without being affected by the exclusive control onthe override operations for other grouping override function blocks.

• The override operation cannot be performed if the group number is set to a negativenumber or a number equal to or greater than 129.

<D3.3 Overview of grouping override function block > D3-8


n Override permit switchThe override operation can be performed from an HIS when the override permit switch (SW)is set to TRUE (override allowed). When SW is set to FALSE (override prohibited), the over-ride operation cannot be performed from an HIS.

n The Override Enabled statusOverride Enable Status (ENS) indicates whether the override operation for a grouping over-ride function block is allowed.When SW is set to TRUE (override allowed) and there are no other grouping override functionblocks for which override is being executed within the same group, ENS becomes TRUE(override enable status), and the override operation can be performed.However, if there is a function block for which override is being executed within the samegroup, ENS of other function blocks in the group becomes FALSE (override disable status),and the override operation cannot be performed.If SW is set to FALSE (override prohibited), ENS will always be FALSE (override disable sta-tus).

TIP • When the group number is 0When the group number is set to 0, if the override permit switch (SW) is TRUE, the override enable sta-tus (ENS) is always TRUE. MODE indicated on the HIS instrument faceplate is MAN.

• When the group number is negative, or 129 or greaterWhen a value outside the range is specified as the group number, the override enable status (ENS) isfixed to FALSE regardless of the state of override permit switch (SW). The override operation is not al-lowed. MODE indicated on the HIS instrument faceplate is always AUT.

n Block mode• The override enable status can be checked from the block mode (MODE) by specifying

the tag name assigned to a grouping override function block and then calling the HIS in-strument faceplate. The block mode reflects the state of the function block's override ena-ble status (ENS). MODE becomes MAN when ENS is TRUE, and AUT when FALSE.

• The override operation is allowed only when MODE is MAN. When the override operationis not permitted because the override permit switch (SW) is FALSE, or when override isbeing executed for another function block in the same group, MODE indicates AUT.

n Override status cancel functionGrouping override function blocks have the override status cancel function.By changing from TRUE to FALSE the override permit switch (SW) of a grouping overridefunction block for which override is being executed, the override status will be canceled. Atthat time, the override enable status (ENS) becomes FALSE.

TIP The override status is canceled under the following conditions as well.

• When a forced cancellation command is issued from the SYS_OVR block

• When the group number is changed (The group number should be set to a fixed value. The onlinechange download during the override operation is prohibited.)



n Data status for OUT parameter of GOV_IB function blockDuring the override execution of GOV_IB function block, the data status of IO_BOOL-typeoutput (OUT) will be GOOD. When override is not being executed, the data status of input pa-rameter IN will be output as the data status of OUT.During the override execution, if the override permit switch (SW) changes from TRUE toFALSE, or if SYS_OVR issues a forced cancellation command, the override status will becanceled even if IN data status is BAD.

n Operation of grouping override function blocks

l Execution of overrideGrouping override function block outputs the data input from IN as is from OUT when there isno override execution.1. Set the override permit switch (SW) to TRUE.

2. If there are no function blocks for which override is being executed within the group,MODE of tag assigned to the function block becomes MAN, the override operation can beperformed. If the override operation is not allowed, MODE stays AUT.

3. If MV is set to 1 from the HIS instrument faceplate and PV of answerback signal changesto 1, data specified by VAL will be output from OUT of the grouping override functionblock. At this time, the mode of other function blocks that belong to the same group willbe AUT.

TIP When the override operation is disabled, or when the override status is canceled by setting SW to FALSE,MV will be reset to 0 and PV of answerback signal will be 0 as well.

l End of override

When MV is set to 0 from an HIS and the override status is canceled, the data input from INwill be output again from OUT of the grouping override function block. At this time, the modeof all function blocks that belong to the same group becomes MAN (*1).

*1: Even if it belongs in the same group, the mode of the function block whose override permit switch (SW) is set to FALSE staysAUT.

l Data change during overrideThe figure below shows the changes in each data when block A and block B that belong tothe same group are connected to the same override permit signal, and the override operationis performed for block A.



SW

OUT

ENS

IN VAL IN VAL IN

SW

OUT

ENS

IN

Block A

Block B

Block A is the function block for which override is executed, while block B is another function block within the same group.

Permit switch changed to TRUE

Block A override execution

Block A override cancellation

Block A override execution

Permit switch changed to FALSE

T F

T F

Mapping block A

MODE

MV (PV)

AUT MAN AUT

AUT MAN AUT AUT MAN Mapping block B MODE

T F

T F

Figure D3.3-1 State transition of blocks in the same group



D3.4 Tag name interfaces and process alarmsof grouping override function block

To perform the override operation from an HIS using the group function, it is necessary tospecify the tag name with Tag Name Builder and assign mapping blocks.

n Mapping blocks associated with grouping override function blocksMapping blocks associated with grouping override function blocks are shown in the table be-low.

Table D3.4-1 Mapping blocks associated with grouping override function blocksOverride FB type Mapping block type

GOV_B S_GOV_B

GOV_IB S_GOV_IB

n Settings in the Tag Name BuilderWhen the override operation is performed from an HIS, set necessary items for the instanceof grouping override function block with Tag Name Builder.The following item is set for Alarm in Overriding.• Alarm in overriding




n Data items of mapping blocks associated with grouping overridefunction blocks

Among the data items of mapping blocks, the data items unique to mapping blocks associ-ated with grouping override function blocks are explained here. All of these data items are dis-played in the HIS tuning view. Note that data entry for these data items from an HIS is allowedonly for MV.




l MODE (block mode)This data item indicates block mode. It is possible to check whether the override operationcan be performed. MAN indicates the operation enable status, while AUT means the systemprohibits override execution and MV manipulation (executing/ending override) from an HIS isnot allowed in this case.It is not possible to change the block mode to AUT or MAN from an HIS or FCS. The defaultvalue of MODE is O/S (AUT). This is displayed in the parameter display area of instrumentfaceplate.• Associating parameters of function blocks

<D3.4 Tag name interfaces and process alarms of grouping override function block > D3-12


The ENS parameter (override enable status) of grouping override function blocks is asso-ciated with MODE.

• Change in block mode (AUT/MAN)If ENS is TRUE, the block mode is MAN; if FALSE, AUT.


l PV (answerback input value)This data item displays the override status This item will be a target of data collection for tun-ing trend.• Associating parameters of function blocks

The STS parameter (output status) of grouping override function blocks is associated withPV.


• Correspondence between changes of the parameter value of grouping override functionblocks and changes of PVIf STS of a grouping override function block is TRUE, PV = 1 and override operationsfrom an HIS are executed.

• DefaultThe default value of STS (0) is reflected in the default value of PV.

l MV (manipulated output value)Override operations are permitted if the block mode is MAN, and MV can be manipulatedfrom an HIS. This item will be a target of data collection for tuning trend.• Range



l INV (input value)This data item is associated with the GRP parameter (group number) of a grouping overridefunction block. This is displayed in the parameter display area of instrument faceplate. Thisvalue is output from OUT when no override operation is performed.The IN value of a grouping override function block is reflected in this item.

l VAL (fixed value)This data item is associated with the VAL parameter (fixed value) of a grouping override func-tion block and is displayed in the parameter display area of instrument faceplate. This value isoutput from OUT when override operations are performed. The VAL value of a grouping over-ride function block is reflected in this item.

l OUTV (output value)This data item is associated with the GRP parameter (group number) of a grouping overridefunction block. This is displayed in the parameter display area of instrument faceplate. TheOUT value of a grouping override function block is reflected in this item.



l SW (switch)This data item is associated with the SW parameter (override permit switch) of a groupingoverride function block.• Range

The range of SW is 0 or 1. The SW value of a grouping override function block is reflec-ted in this item.

• Operations by SW changesOverride operations are permitted only if the SW value is 1. However, the override opera-tion can actually be performed for the function block only when the MODE is MAN.When SW changes from 1 to 0, the override status is canceled.

l GRNO (group number)This data item is associated with the GRP parameter (group number) of a grouping overridefunction block. This item indicates the group number to which the function block belongs. Ifthe value is 0, the function block does not belong to any group. The GRP value of a groupingoverride function block is reflected in this item.

n Process alarmOverride ON alarms are notified from grouping override function blocks.

l Override ON alarmOverride ON alarms can be used to notify an operator that a function block is being overrid-den. A mapping block generates an override ON alarm if an override function block is placedin the override status. Once the override status is canceled, the mapping block recovers fromthe override ON alarm.An override ON alarm is generated under the following condition.• PV = 1 (STS of the override function block is 1)

The mapping block recovers from an override ON alarm under the following condition.• PV = 0 (STS of the override function block is 0)



D3.5 Status management of function blocksused for override

The SYS_OVR system function block can equally manage the statuses of override functionblocks and grouping override function blocks regardless of function block types. In this sec-tion, override function blocks and grouping override function blocks are collectively referred toas override function blocks.

SEEALSO For more information about SYS_OVR, refer to:

C10.9, “SYS_OVR (override function blocks management)” on page C10-18

n Cancellation of all override statusesThe SYS_OVR function block can cancel the override statuses of all override function blocksin an SCS at once.When UNOV is changed from FALSE to TRUE, all override statuses are forcibly canceled anda system alarm is generated.It is possible to cancel all override statuses for a group of grouping override function blocks byinputting the same permit switch to all function blocks within the group and setting the permitswitch to FALSE.

n Management of the Override Enabled statusThe SYS_OVR function block can manage the override enable statuses of all override func-tion blocks in an SCS.The override enable status refers to the condition where the SW input parameter value of afunction block is TRUE.The following types of management can be performed for override enable statuses of all over-ride function blocks within the SCS.

TIP If there is a grouping override function block with a group number outside the specification range, the overridepermission signal operation for that function block is considered a part of the override enable status manage-ment.

• SWONSWON indicates whether or not there is a function block in the override enable status.

• NUMSNUMS indicates the number of override function blocks in the override enable status.For instance, if a common override permission signal is input to all the grouping overridefunction blocks that comprise a group of 10 function blocks, setting the override permis-sion signal to 1 makes NUMS to be 10.

• SWC, NOVSSWC is used to specify the maximum number of override function blocks that can be si-multaneously placed in the override enable status. NOVS indicates whether or not themaximum number has been exceeded.If TRUE is set for SW of more override function blocks than the number specified bySWC, a system alarm is generated. However, it is possible to place override functionblocks in the override enable status even after the maximum number has been exceededand the system alarm has been generated.In the case of grouping override function blocks, when a common permission signal is in-put to all the function blocks within the group, the number of all function blocks that be-long to that group will be counted by SWC if the override permission signal is set to 1.

<D3.5 Status management of function blocks used for override > D3-15


• CKTS, TUPSCKTS is used to specify the maximum duration of the status where at least one overridefunction block in the override enable status exists. TUPS indicates whether or not the sta-tus has been continuing longer than the maximum duration.If the status continues longer than the duration specified by CKTS, a system alarm isgenerated.

n Management of the override statusThe SYS_OVR function block can manage the override statuses of all override functionblocks in an SCS.The override status refers to the condition where MV is set to 1 from an HIS by calling thefaceplate that corresponds to the tag name assigned to the function block, and the overrideoutput value specified in VAL is being output from OUT of the function block.• OVR

OVR indicates whether or not there is an override function block in the override status.

• NUMONUMO indicates the number of override function blocks in the override status.For instance, when there are two groups (A and B) of grouping override function blocks, ifa function block in A is placed in the override status and a function block in B is alsoplaced in the override state simultaneously, NUMO becomes 2.

• OVRC, NOVOOVRC is used to specify the maximum number of override function blocks that can beplaced in the override status simultaneously. NOVO indicates whether or not the maxi-mum number has been exceeded.If more function blocks than the number specified by OVRC are placed in the overridestatus, a system alarm is generated. However, it is possible to override even after themaximum number has been exceeded and the system alarm has been generated.For instance, when grouping override function blocks are used and OVRC is set to 2, ifthe override operation is performed for the third group, a system alarm is generated.

• CKTO, TUPOCKTO is used to specify the maximum duration of the status where at least one overridefunction block in the override status exists. TUPO indicates whether or not the status hasbeen continuing longer than the maximum duration.If the status continues longer than the duration specified by CKTO, a system alarm isgenerated.

<D3.5 Status management of function blocks used for override > D3-16


D3.6 Permission for override by password FBIt is possible to use the password function block to set a BOOL variable of an application logicto TRUE or FALSE from the faceplate of an HIS with password verification.

n Operation to allow overrideIn order to authenticate the override operations on override function blocks, a password blockcan be used instead of using a hardware key switch. The permission can be granted or de-nied by authenticating the password.How to utilize the password function block for authenticating the override operations will beexplained below.

HIS

Control bus

CENTUM integration function

Application logic

SCS

OVR_IB

STS

Internal variable

Input variable

Input variable

IN OUT <IO_BOOL data>

TRUE

OVR_IB

STS

Internal variable

IN OUT <IO_BOOL data>

TRUE

PV

MV

TAG0301

PV

MV

TAG0303

ON

MV PV

TAG0301

OFF

MV PV

ON

MV PV

TAG0303

OFF

MV PV

VAL SW

VAL SW

OVRSW

OVRSW

BOOL variable

Mapping block

Mapping block

Mapping block

PV

TAG0399

OUT PSWD <Password>

PASSWD 1

ON

MV PV

Faceplate

Faceplate

Faceplate

OFF

MV PV

TAG0399

Password FB

Override FB

Override FB

MV With password

OVRSW

Figure D3.6-1 Switching override permission status by password (example)

<D3.6 Permission for override by password FB > D3-17


The operation procedure of setting data with password verification in Figure, "Switching over-ride permission status by password (example)" is shown below.The default value of the output of the password function block is FALSE. The default status ofthe faceplate is OFF for both MV and PV.

Set the switch of faceplate

TAG0399 to ON A dialog box for entering the password appears

Enter the password character string

A confirmation dialog box showing <tag name> <comment> <label>

appears

Confirm the information in the confirmation dialog box

MV of the faceplate changes from OFF to ON

(PV remains OFF)

The validity of password entered is checked by the mapping block

Is the password correct? An error dialog box forwrong password appears

MV of the faceplatechanges from ON to OFF

The soundness and correctness of password character string

entered is checked by the password function block (*1)

The password function block’s output value of the output

parameter OUT changes from FALSE to TRUE

Start

Perform the override operation

A system alarm notifying the reception of data setting is output from the password

function block (*2)

PV of the faceplate is turned ON

Operations of HIS/SCS

NO

YES

User operation from HIS

*1: If there are any problems during checks by the password function block, the password function block outputs a system alarm that includes a tag name and aborts the processing.*2: System alarm messages include the password function block instance name and tag name.

Figure D3.6-2 Permitting override operation by password function block

When override operation is complete, operation of the override function block is prohibited inthe following manner.



A dialog box for entering the password appears

Enter the password character string

A confirmation dialog box showing <tag name> <comment> <label>

appears

Confirm the information in the confirmation dialog box

MV of the faceplate changes from ON to OFF

(PV remains ON)

The validity of password entered is checked by the mapping block

Is the password correct? An error dialog box forwrong password appears

MV of the faceplatechanges from OFF to ON

The soundness and correctness of password character string

entered is checked by the password function block (*1)

The password function block’s output value of the output

parameter OUT changes from TRUE to FALSE

End the override operation

End

A system alarm notifying the reception of data setting is output from the password

function block (*2)

PV of the faceplate is turned OFF

Operations of HIS/SCS

NO

YES

Set the switch of faceplate

TAG0399 to ON

User operation from HIS

*1: If there are any problems during checks by the password function block, the password function block outputs a system alarm that includes a tag name and aborts the processing.*2: System alarm messages include the password function block instance name and tag name.

Figure D3.6-3 Prohibiting override operation with password function block

n Management of password function blockThe status of the PASSWD function block can be managed by a SYS_PSWD system functionblock. The SYS_PSWD function block has the following functions.



• The PASSWD function block is able to forcibly return the output from output parameterOUT of all PASSWD function blocks within an SCS to FALSE. A system alarm is gener-ated when the SYS_PSWD function block is used for this purpose.

• The SYS_PSWD function block displays whether or not there are any PASSWD functionblocks that output TRUE via output parameter OUT within an SCS. The number of suchPASSWD function blocks can also be displayed.

• The SYS_PSWD function block generates a system alarm if the number of PASSWDfunction blocks outputting TRUE from output parameter OUT exceeds the specified maxi-mum number. It is still possible to set more passwords even after the system alarm indi-cating that the maximum number is exceeded has been generated, however.

• The SYS_PSWD function block generates a system alarm if the status where there is oneor more PASSWD function blocks outputting TRUE continues longer than the specifiedtime.

SEEALSO For more information about SYS_PSWD, refer to:

C10.10, “SYS_PSWD (password function blocks management)” on page C10-22



D3.7 Tag name interfaces and process alarmsof password function blocks

In order to set values of a PASSWD function block from an HIS, it is necessary to define thetag name using the Tag Name Builder and associate it with a mapping block. S_PASSWDmapping blocks are associated with PASSWD function blocks.

n Settings in the Tag Name BuilderUse the Tag name builder to make a specification for password ON alarms and answer-backerror alarms.• Password ON alarms




n Data items of S_PASSWDAmong the data items of S_PASSWD, the data items unique to mapping blocks ofS_PASSWD are explained here. All of these data items are displayed in the HIS tuning viewwith the exception of MODE. Note that data entry for these data items from an HIS is allowedonly for MV.






l PV (answerback input value)This data item is associated with the OUT parameter of PASSWD. It is displayed in the pa-rameter display area of instrument faceplate and will be a target of data collection for tuningtrend.• Range

The range of PV is 0 or 1.

• Correspondence between changes of the parameter value of PASSWD and changes ofPVIf the input password character string is correct, TRUE is output to OUT of PASSWD andPV becomes 1.

• DefaultThe default value of OUT (0) is reflected in the default value of PV.

<D3.7 Tag name interfaces and process alarms of password function blocks > D3-21


l MV (manipulated output value)Manipulate MV from an HIS to enter a password. It is displayed in the parameter display areaof instrument faceplate and will be a target of data collection for tuning trend.• Range



n Process alarmsThe mapping block of PASSWD FB can initiate a process alarm for Password ON. It is possi-ble to specify whether or not to initiate this process alarms using the Tag Name Builder.

l Password ON alarmPassword ON alarms can be used to notify an operator that the PASSWD function block iscurrently outputting TRUE. A mapping block generates a password ON alarm if the PASSWDfunction block outputs TRUE via output parameter OUT. The system recovers from the pass-word ON alarm if 0 is set with password from the faceplate.A password ON alarm (PWON) is generated under the following condition.• PV = 1 (OUT of the PASSWD function block is TRUE)

The system recovers from a password ON under the following condition.• PV = 0 (OUT of the PASSWD function block is FALSE)

<D3.7 Tag name interfaces and process alarms of password function blocks > D3-22


D4. Manipulation of manual operationfunction blocks from HIS

Manual operation function blocks are used to output values manipulated by an operator via anHIS to the application logic. Note that it is also possible to prohibit manipulation from an HISand set output values of function blocks with the application logic.There are the following four types of manual operation function blocks.• MOB_11 (BOOL-type data manual operation function block with two-position answer-

back)

• MOB_21 (BOOL-type data manual operation function block with three-position answer-back)

• MOB_RS (auto-reset BOOL-type data manual operation)

• MOA (analog-type data manual operation)

SEEALSO For more information about MOB_11, refer to:

• C5.4, “MOB_11 (BOOL-type data manual operation function block with two-position answerback)”on page C5-10

• D4.1, “HIS interfaces of MOB_11 and MOB_21 (BOOL-type data manual operation function blockwith answerback)” on page D4-3

For more information about MOB_21, refer to:

• C5.5, “MOB_21 (BOOL-type data manual operation function block with three-position answerback)”on page C5-14

• D4.1, “HIS interfaces of MOB_11 and MOB_21 (BOOL-type data manual operation function blockwith answerback)” on page D4-3

For more information about MOB_RS, refer to:

• C5.6, “MOB_RS (auto-reset BOOL-type data manual operation)” on page C5-18

• D4.2, “HIS interfaces of MOB_RS (auto-reset BOOL-type data manual operation)” on page D4-20

For more information about MOA, refer to:

• C5.7, “MOA (analog-type data manual operation)” on page C5-20

• D4.3, “HIS interfaces of MOA (analog-type data manual operation)” on page D4-28

n Overview of manual operation from HISFor each of the four types of manual operation function blocks, parameter values of functionblocks can be changed by manual operations by an operator from an HIS. It is also possibleto specify whether or not to permit such manual operations with the application logic. If man-ual operations are prohibited, output values can be changed from the application logic. Somemanual operation function blocks can also receive shutdown signals from the application log-ic, forcing them to output shutdown signals.All manual operation function blocks have functions to read back the results of manual opera-tions, so that the operator is able to check via HIS instrument faceplate that operation instruc-tions are correctly received. These function blocks are safety function blocks. There is noneed for users to take safety measures as in the case of external communication functionblocks.

<D4. Manipulation of manual operation function blocks from HIS > D4-1


HIS SCS

TAG0399 TAG0399

MV PV

MV PV

MV=2

MV=0

OFF

MV

PV

SHDN

SW

AIN

PSWD

OUT

ON OFF

ON Output of Open side

Click

Click

Instrument faceplate

Control bus

Mapping block

Manual Operation

Manual Operation

Manual operation block

Integration with CENTUM function

Application Logic

<Shutdown signal>

<Manual operation permission signal>

<Answerback signal>

<Password string>

Output variable

Motor valve

(I/O parameters are partially omitted in this figure)

Figure D4-1 Overview of manual operation from HIS

<D4. Manipulation of manual operation function blocks from HIS > D4-2


D4.1 HIS interfaces of MOB_11 and MOB_21(BOOL-type data manual operationfunction block with answerback)

BOOL-type data manual operation function blocks with answerback have 1 or 2 DI inputs,which are typically used to connect the answerback input from a limit switch, and 1 DO out-put, which is typically connected to a valve. In addition to manipulation of the output valuefrom an HIS, it is possible to set the output value from the application logic.BOOL-type data manual operation function blocks with answerback also have a parameter forreceiving shutdown events; they can output shutdown logic signals with the highest priority atoccurrence of shutdown events.This section explains the following functions of MOB_11 and MOB_21.• Manual Operation Permission Function

• Password at Manual Operations

• Output Enable Status Display Function



SEEALSO For more information about an explanation of MOB_11 parameters, refer to:

C5.4, “MOB_11 (BOOL-type data manual operation function block with two-position answerback)” onpage C5-10

For more information about an explanation of MOB_21 parameters, refer to:

C5.5, “MOB_21 (BOOL-type data manual operation function block with three-position answerback)” onpage C5-14

n Types of BOOL-type data manual operation function blocks withanswerback

There are two types of BOOL-type data manual operation function blocks with answerback,which are distinguished by the number of answerback inputs.• MOB_11 (BOOL-type Data manual operation function block with two-position answer-

back)This type corresponds to SIO-11 function block of FCS and receives answerback inputfrom either one of the limit switches, open or close.

• MOB_21 (BOOL-type data manual operation function block with three-position answer-back)This type is also corresponds to SIO-21 function block of FCS and receives answerbackinput from both limit switches, open and close.

SEEALSO For more information about FCS switch instrument, refer to:

• 2.4, "Switch Instrument Block and Enhanced Switch Instrument Block" in the Function Blocks Ref-erence Vol.2 (IM 33K03E23-50E)

• D3.4, "Switch Instrument Block and Enhanced Switch Instrument Block" in the Reference FunctionBlock Details (IM 33M01A30-40E)

• D3.4, "Switch Instrument Block and Enhanced Switch Instrument Block" in the Reference FunctionBlock Details (IM 33S01B30-01E)

<D4.1 HIS interfaces of MOB_11 and MOB_21 (BOOL-type data manual operation function block with

answerback) > D4-3


n Example of configuration of MOB_11 and MOB_21The figure below shows a usage example of MOB_11 in a CENTUM integration structure.

FALSE

LIMSW_OPEN

T#5000ms

AIN_DSTS

OUT_DSTS

OUT_Enabled

'password'

MAN NR

MO

DE

ALR

M

PV

MV

SHDN

SS

IN

SW

AIN

MTM

IOP

OOP

OTEN

PSWD

OUT

NANP

NANM

CENTUM

SCS

Output logic

Shutdown logic

Output logic in AUT mode

Manual operation permission logic

Figure D4.1-1 Usage example of BOOL-type data manual operation function block with two-positionanswerback

The figure below shows a usage example of MOB_21 in a CENTUM integration structure.


answerback) > D4-4


FALSE

LIMSW_OPEN

T#5000ms

AIN_DSTS

OUT_DSTS

OUT_Enabled

'password'

MO

DE

ALR

M

PV

MV

SHDN

SS

IN

SW

MTM

IOP

OOP

OTEN

PSWD

OUT

NANP

NANM

CENTUM

SCS

AINP

LIMSW_CLS

NPER

AINM

MAN NR

Output logic

Shutdown logic



Figure D4.1-2 Usage example of BOOL-type data manual operation function block with three-positionanswerback

The associated parameter values of SCS function blocks are sent to indicate the block mode(MODE), process alarms (ALRM) and answerback input values (PV) on the CENTUM side viamapping blocks. The value of OUT is displayed as MV on the HIS instrument faceplate andoperations on MV from the HIS are sent to OUT of the SCS in the manual mode (MAN).

n Overview of processing BOOL-type data manual operation functionblock with answerback

The figure below shows an overview of the processing of BOOL-type data manual operationfunction blocks with answerback in SCS and data flow.


answerback) > D4-5


HIS

OUT

SHDN

SS

SW

IN

AIN

BOOL-Type data manual operation block with answerbackFlow of control

Flow of data

Man

ual o

pera

tion

Dis

play

cur

rent

dat

a of

OU

T

Dis

play

act

ual f

ield

val

ue

Value from HIS (MV)

SW equal to FALSE

SW equal to TRUE

Answerback input Limit switch

Comparison AINwith OUT

SHDN equal to SS

SHDN not equal to SS

This variable always follows the value of OUT except when the data from HIS is received.

Figure D4.1-3 Flow of control and data (example of MOB_11)

l Shutdown processingIf the input value of SHDN (shutdown signal) matches the safe state specified by the inputvalue of SS, the safe state is output from OUT. At this point, all data settings from input pa-rameters other than SHDN and SS as well as an HIS are ignored.

l Prohibition of manual operationsIf the input value of SHDN does not match the safe state specified by the input value of SSand the manual operation permit switch SW is set to FALSE (manual operations prohibited),data input to IN is output to OUT as is. If an operator attempts to perform manual operationsfrom an HIS when the input to SW is FALSE, the attempt will fail. IN can be used to changethe output value of OUT from the application logic when no shutdown instruction is input toSHDN (i.e., the system is in a safe state).For example, after the value of SHDN becomes FALSE in the DTS logic and the valve closes,FALSE should be input to SW and the IN value kept as FALSE. In this way, it is possible toprevent the valve from opening immediately when the value of SHDN becomes TRUE as theshutdown conditions are removed.

l Permission of manual operationsIf the input value of SHDN does not match the safe state specified by the input value of SSand SW is set to TRUE (manual operations permitted), the result of manual operations carriedout by an operator from an HIS is output from OUT. Note that password entry is required toperform manual operations. The password is checked within a function block. If the pass-words do not match, the value of OUT does not change. The status where manual operationsare permitted can be used when it is desired to open/close a valve by a user operation with-out issuing a shutdown instruction from SHDN (i.e., the system is in a safe state).

l Answerback checkRegardless of whether the input to SW is TRUE or FALSE, it is checked whether the OUTvalue and answerback input value match as an answerback input check.For example, by connecting OUT to the output signal to a valve and the answerback input val-ue (AIN for MOB_11) to the limit switch of the valve, it is possible to confirm that the output


answerback) > D4-6


result of OUT is correctly transmitted to the process. It is also possible to bypass the answer-back input value check for a fixed period of time only after changing the value of OUT, takinginto consideration the time that the valve requires to change from full open to full close.


answerback) > D4-7


D4.1.1 Manual operation permission functionWith MOB_11 and MOB_21, it is possible to switch between whether or not manual opera-tions from an HIS are permitted. If MV is manipulated from an HIS when manual operationsare permitted, the output from OUT of function blocks is set accordingly. Prohibition of manualoperations can be used to prevent operations from an HIS at occurrence of demands otherthan shutdown to output a value determined by the application logic.

n Switching between whether or not manual operations are permittedIn MOB_11 and MOB_21, it is possible to specify whether or not manual operations are per-mitted. When shutdown events occur, however, the shutdown processing takes the priority,and outputs set by manual operations as explained in this section and outputs from the appli-cation logic connected to IN become invalid.The following parameters are related to specification of whether or not manual operations arepermitted in MOB_11 and MOB_21.

MOB_11

IN OUT

SW

Note: Other parameters are omitted.

Figure D4.1.1-1 Parameters related to manual operations

l Overview of manual operations• SW is TRUE: The value set by a manual operation from an HIS to this FB is output from

OUT.

• SW is FALSE: The value input to IN is output from OUT.

l Details of manual operations• If the input value of SW is TRUE, manual operations from an HIS are permitted. This sta-

tus is called manual mode and MAN is displayed for the block mode in HIS instrumentfaceplate. The value of OUT changes according to the changes of MV which is manipu-lated from an HIS (for example, from a instrument faceplate). The value of IN is not used.

• If the input value of SW is FALSE, manual operations from an HIS are not allowed. Thevalue determined by the application logic and input to IN of a function block is output fromOUT. If the value of OUT changes due to a change in the input to IN, the associated MVvalue on the CENTUM side also changes accordingly. This status is called automaticmode and AUT is displayed for the block mode in HIS instrument faceplate.


answerback) > D4-8


D4.1.2 Password at manual operationsIt is possible to prompt users to enter passwords for the purpose of limiting the member ofusers that are able to manipulate function blocks via manual operations from an HIS.

n Password processingThe following parameters are related to password entry when manual operations are permit-ted.

MOB_11

SW OUT

PSWD


Figure D4.1.2-1 Parameters related to password entry when manual operations are permitted

l Overview• Set a password in PSWD when you create POU.

• If the input to SW is TRUE, manual operations from an HIS are permitted and entry of apassword is required when an operator enters a value for MV. Manipulations of MV arepermitted only if the set password and the input password match.

l Setting password character stringA password for allowing MV manipulations from an HIS should be set in PSWD in advance.Set PSWD as specified below.• Specify a password character string as a character constant.

• A character string of up to 16 single-byte alphanumeric characters can be set. If youspecify a character string exceeding 16 characters, only the first 16 characters are set asthe password character string and the remaining part is ignored.

• It is recommended to specify a password character string for each instance of the func-tion blocks that require passwords (PASSWD, MOB_21, MOB_11 and MOA) and be sureeach password is unique within a system.

• If it is not necessary to restrict MV manipulations via password entry, specify an emptycharacter string for PSWD. In this case, an operator can simply press the return key inthe password input dialog box displayed in an HIS before manipulating MV.

l Operation in HISIf the input to SW is TRUE, i.e., the system is in the manual mode (MAN), a user is allowed toperform manual operations from an HIS. In this case, the user is required to enter a pass-word.The entered password is checked within the SCS function block. If the password is incorrect,a warning message for the illegal operation will be displayed and the MV will be unchanged.If a communication error with an HIS occurs during manual operations, OUT retains the cur-rent value.


answerback) > D4-9


D4.1.3 The Output Enable status display functionIt is possible to display the output enable status in the instrument faceplate.

n The Output Enable status displayThe following parameters are related to output enable status display of MOB_11 andMOB_21.

MOB_11

OTEN OUT


Figure D4.1.3-1 Parameters related to the Output Enable status display

l Overview of the Output Enable status displayIf a signal indicating output enable status is input to OTEN, the output enable status is dis-played in HIS instrument faceplate as block mode. If the value of OTEN is FALSE, IMAN isdisplayed as block mode.

l Details of the Output Enable status displayAcquire the output status associated with a channel connected to OUT using an SYS_OUT-EN function block, and then connect it to OTEN.The value of OTEN does not affect output behaviors or answerback check operations ofMOB_11 and MOB_21.


answerback) > D4-10


D4.1.4 Answerback check functionThe operation of answerback check is different for MOB_11 and MOB_21.

n Answerback check of MOB_11The following parameters are related to answerback check of MOB_11.

MOB_11

AIN OUT

NANP

NANM

MTM


Figure D4.1.4-1 Parameters related to answerback check of MOB_11

The table below explains the parameters.

Table D4.1.4-1 Explanation of parameters related to answerback check


IN AIN BOOL Answerback input valueTRUE: Open statusFALSE: Close status

MTM TIME Answerback check mask time(Must be an integer multiple of the scan period)

OUT OUT BOOL Open/close operation output valueTRUE: Open instructionFALSE: Close instruction

NANP BOOL Answerback status of the open sideTRUE: Normal statusFALSE: Abnormal status

NANM BOOL Answerback status of the close sideTRUE: Normal statusFALSE: Abnormal status

l Details of answerback processing for MOB_11• Answerback check operation

In an answerback check operation, the answerback input value (AIN) is compared withthe OUT value to see if they are the same. The check result is output from NANP (an-swerback status of the open side) and NANM (answerback status of the close side) of afunction block as well as notified to an HIS as a process alarm (ANS+ or ANS-) on theCENTUM side.Note that detection of answerback errors does not affect the output behavior of OUT.

• Answerback check maskIn practice, it takes some time for operations to be completed after changing the value ofOUT. For this reason, MOB_11 is equipped with MTM (answerback check mask time). Bysetting this parameter, it is possible to prevent errors from being notified for a fixed timespecified by MTM after OUT is changed, even if the value of OUT and the answerbackinput values are different. After the value of OUT is changed, if the answerback input sta-tus is still abnormal after the time specified by MTM has elapsed, answerback errors onthe open and close sides are output to NANP and NANM, respectively.


answerback) > D4-11


• Timing to perform answerback check processingThe answerback check and answerback check mask processing can be performed eitherwhile a shutdown instruction is being output, application logic signals are being output be-cause the input to SW is FALSE, or manual operations from an HIS are performed be-cause the input to SW is TRUE.

l Relationship between answerback check and parametersThe figure below shows how each parameter changes due to answerback check processing.

OUT

AIN

NANP

NANM

T F

T F

MTM 0

T F

T F

Open Open Close Close

Mask Timer

Figure D4.1.4-2 Detection of answerback errors in MOB_11

• When OUT changes, the mask timer for answerback check will be started. The mask foranswerback check will continue until the time specified by MTM has elapsed. Within thismasked time period, the answerback error will be ignored.

• Immediately after the value of OUT is changed, TRUE (normal) is set to NANP andNANM once. Process alarms of answerback errors are also canceled once.

n Answerback check for MOB_21The following parameters are related to answerback check for MOB_21.

MOB_21

AINM OUT

NANP

NANM

NPER

AINP

MTM


Figure D4.1.4-3 Parameters related to answerback check of MOB_21



answerback) > D4-12


Table D4.1.4-2 Explanation of parameters related to answerback checkIN/OUT Argu-


IN AINP BOOL Answerback input value on the open side.TRUE: Full open status.FALSE: Not full-open status.

AINM BOOL Answerback input value on the close side.TRUE: Full close status.FALSE: Not full-close status.


OUT OUT BOOL Open/close operation output value.TRUE: Open instruction.FALSE: Close instruction.

NANP BOOL Answerback status of the open side.TRUE: Normal status.FALSE: Abnormal status.

NANM BOOL Answerback status of the close side.TRUE: Normal status.FALSE: Abnormal status.

NPER BOOL Answerback pattern.TRUE: Normal status.FALSE: Abnormal status.

l Details of answerback processing of MOB_21• Answerback check operation

In the case of MOB_21, the input values of both AINP (answerback input value of theopen side) and AINM (answerback input value of the close side) are compared with thevalue of OUT to see if they are the same in the answerback check processing. The checkresult is output from NANP (answerback status of the open side) and NANM (answerbackstatus of the close side) of a function block as well as notified to an HIS as a processalarm (ANS+ or ANS-) on the CENTUM side.MOB_21 checks answerback pattern errors as well. Answerback pattern errors refer to anabnormal status where a full open signal and a full close signal are input at the sametime. If a status where AINP (answerback input value of the open side) is TRUE (full openstatus) and AINM (answerback input value of the close side) is also TRUE (full close sta-tus) occurs,• FALSE (abnormal status) is output from NPER (answerback pattern)

• and is also notified to the HIS as a process alarm (PERR) on the CENTUM side.

Note that detection of answerback errors does not affect the output behavior of OUT.

• Answerback check maskIn practice, it takes some time for operations to be completed after changing the value ofOUT. For this reason, MOB_21 is equipped with MTM (answerback check mask time). Bysetting this parameter, it is possible to prevent errors from being notified for a fixed timespecified by MTM after OUT is changed, even if the value of OUT and the answerbackinput values are different. After the value of OUT is changed, if the answerback input sta-tus is still abnormal after the time specified by MTM has elapsed, answerback errors onthe open and close sides are output to NANP and NANM, respectively.Note that NPER (answerback pattern error) is detected independently of the answerbackcheck mask time.

• Timing to perform answerback check processingThe answerback check and answerback check mask processing can be performed eitherwhile• a shutdown instruction is being output,


answerback) > D4-13


• application logic signals are being output because the input to SW is FALSE,

• or manual operations from an HIS are performed because the input to SW is TRUE.

l Relationship between answerback check and parametersThe figure below shows how each parameter changes due to answerback check processing.

OUT

AINP Open side

answerback

NANP Error of open side

answerback

NANM Error of close side

answerback

T F

T F

MTM 0

T F

T F

NPER Answerback pattern error

T F

AINM Close side

answerback

T F

MV 2 0

PV 2 1 0

NR NR NR PERR NR ANS+ ANS-

Open Close Open Open Close

Hold previous value

Answerback error alarm of ON side

Answerback error alarm of OFF side

Answerback inconsistency

alarm

Mask timer

Alarm status

Instrument faceplate of CENTUM

Figure D4.1.4-4 Detection of answerback errors in MOB_21

• When OUT changes, the mask timer for answerback check will be started. The mask foranswerback check will continue until the time specified by MTM has elapsed. Within thismasked time period, the answerback error will be ignored.

• Immediately after the value of OUT is changed, TRUE (normal) is set to NANP andNANM once. Process alarms of answerback errors are also canceled once.

• In the case of an answerback pattern error (NPER is FALSE), the answerback statuseson both the open and close sides (NANP and NANM) are retained.

• In detection of answerback pattern errors (NPER), answerback check mask is ignored.FALSE (abnormal) is thus output to NPER as soon as the conditions for pattern error aremet (AINP = TRUE and AINM = TRUE).

• When the answerback check is masked and the answerback pattern error occurs, the an-swerback check mask will be disabled. If the answerback pattern error is recovered andthe answerback check is performed, the results will be available in NANP and NANM.


answerback) > D4-14


D4.1.5 Monitoring IOP and OOPIOP and OOP are functions that monitor the statuses of inputs and outputs and notify processalarms on the CENTUM side. Inputs to IOP and OOP do not affect output operations and an-swerback check operations of the function block.

n Parameters related to IOP/OOPParameters related to IOP and OOP are the same for MOB_11 and MOB_21.

MOB_11

IOP

OOP


Figure D4.1.5-1 Parameters related to IOP and OOP


Table D4.1.5-1 Explanation of parameters related to IOP/OOPIN/OUT Argu-


IN IOP BOOL Signal for monitoring input statusTRUE: Normal statusFALSE: Abnormal status

OOP BOOL Signal for monitoring output statusTRUE: Normal statusFALSE: Abnormal status

l Signal connection to IOP• In the case of MOB_11, connect the data status of the answerback input (input variable

connected to AIN) and similar signals to IOP.

• In the case of MOB_21, connect the logical product of the data statuses of the two an-swerback inputs (input variables connected to AINP and AINM) and similar signals to IOP.

l Signal connection to OOPConnect the data status of the output (output variable connected to OUT) and similar signalsto OOP.


answerback) > D4-15


D4.1.6 Tag name interfaces and process alarms of MOB_11and MOB_21

In order to manually operate BOOL-type data manual operation function blocks with answer-back from an HIS, it is necessary to specify the tag names using the Tag Name Builder andassociate them with mapping blocks. This allows them to be called via tag names and notifi-cation of process alarms.The following mapping blocks are associated with BOOL-type data manual operation functionblocks with answerback.• Mapping blocks of MOB_11: S_MOB_11

• Mapping blocks of MOB_21: S_MOB_21

n Settings in the Tag Name BuilderTo perform manual operations from an HIS, make settings for the relevant instances ofMOB_11 and MOB_21 in the Tag Name Builder. Specify whether or not to notify answerbackerror alarms according to the following procedure.• Answer back Alarm (answerback error alarm)

Specify either [Both], [ON], [OFF] or [No].The default is [Both].Specify [ON] to detect only ANS+ alarms (PV ≠ 2 when MV = 2) and [OFF] to detect onlyANS- alarms (PV ≠ 0 when MV = 0).

n Data items of S_MOB_11 and S_MOB_21Among the data items of mapping blocks, the data items unique to S_MOB_11 andS_MOB_21 are explained here. All of these data items are displayed in the HIS tuning view.




l MODE (block mode)This data item indicates block mode. The block mode cannot be changed into AUT or MANfrom an HIS. The default value of MODE is O/S (AUT).• Associating parameters of function blocks

The SHDN (shutdown signal), SW (manual operation permit/prohibit toggle switch) andOTEN (signal indicating output enable status) parameters of a function block are associ-ated with MODE.

• Changes of block mode (AUT/MAN)The block mode becomes AUT if SHDN matches with SS (safe state specification). If theydo not match, the block mode becomes MAN if TRUE is input to SW and AUT if FALSE isinput to SW.

• Changes of block mode (output enable status)The block mode IMAN is added to the block mode if OTEN is FALSE and IMAN is removefrom the block mode if OTEN is TRUE.

l ALRM (alarm status)This data item displays alarm status.Data entry from an HIS is not allowed.The default value of ALRM is NR.


answerback) > D4-16


l SHDN (shutdown signal)This data item displays signals used for shutdown logic. Data entry from an HIS is not al-lowed.• Associating parameters of function blocks

The SHDN parameter (shutdown signal) of a function block is associated with SHDN. TheSHDN value of a function block is reflected in this data item.

• RangeThe range of SHDN is 0 or 1.

• Correspondence between changes of the parameter value of function blocks andchanges of SHDNChanges of the SHDN (shutdown signal) value of a function block match with changes ofSHDN.If the value of SHDN matches with SS (safe state specification), the value of SHDN isoutput as a shutdown signal from the OUT parameter (corresponding to the data itemMV) of a function block.

l SS (safe state specification)This data item displays the safe state (value output as a shutdown signal) of a shutdown sig-nal. Data entry from an HIS is not allowed.• Associating parameters of function blocks

The SS parameter (safe state specification) of a function block is associated with SS. TheSS value of a function block is reflected in this data item.

• RangeThe range of SS is 0 or 1.

l INV (logic input value)This data item is associated with the value specified to be output under conditions where theshutdown logic is not effective and operations from an HIS are prohibited. Data entry from anHIS is not allowed.• Associating parameters of function blocks

The IN parameter (specified output value when manual operations are prohibited) of afunction block is associated with INV. The default value of IN of MOA is reflected in thisdata item.

• RangeThe range of INV is 0 or 2.

• Correspondence between changes of the parameter value of function blocks andchanges of INVINV is 2 if the IN parameter of a function block is TRUE and 0 if IN is FALSE.

l SW (switch)This data item displays the status of the manual operation permit/prohibit toggle switch ofMOA. Data entry from an HIS is not allowed. Operations on MV from an HIS are permittedwhen the value of SW is 1 and MODE becomes MAN.• Associating parameters of function blocks

The SW parameter (manual operation permit/prohibit toggle switch) of a function block isassociated with SW. The SW value of a function block is reflected in this item.

• RangeThe range of SW is 0 or 1.


answerback) > D4-17


l PV (answerback input value)This data item displays answerback input signals of a function block. Data entry from an HISis not allowed. It is displayed in the parameter display area of instrument faceplate and will bea target of data collection for tuning trend.• Associating parameters of function blocks

For MOB_11, the AIN parameter (answerback input value), and for MOB_21, the combi-nation of values of AINP (answerback input value of the open side) and AINM (answer-back input value of the close side) is associated with PV.

• RangeThe range of PV is 0, 1 or 2.

• Correspondence between changes of the parameter value of MOB_11 and changes ofPVPV=2 if AIN (answerback input value) of MOB_11 is TRUE (open) and PV=0 if FALSE(close).

• Correspondence between changes of the parameter value of MOB_21 and changes ofPVIn MOB_21, the value of PV changes according to the combination of values of AINP (an-swerback input value of the open side) and AINM (answerback input value of the closeside).• PV=2 if AINP=TRUE (full open) and AINM=FALSE (not full-close)

• PV=1 if AINP=FALSE (not full-open) and AINM=FALSE (not full-close)

• PV=0 if AINP= FALSE (not full-open) and AINM=TRUE (full close)

• PV retains the previous value if AINP=TRUE (full open) and AINM=TRUE (full close)

• DefaultThe default value (0) of the associated parameter of the function block is reflected in thedefault value of PV.

l MV (manipulated output value)This data item is associated with the operation output value of a function block. Its value canbe changed if manual operations from an HIS are permitted (MODE=MAN). It is displayed inthe parameter display area of instrument faceplate and will be a target of data collection fortuning trend.• Associating parameters of function blocks

The OUT parameter (open/close operation output value) of function blocks is associatedwith MV.

• RangeThe range of MV is 0 or 2.

• Correspondence between changes of the parameter value of function blocks andchanges of MVThe value of OUT of the associated function block is TRUE (the operation output value isopen) if MV=2, and OUT is FALSE (the operation output value is close) if MV=0.When operations from an HIS are permitted (MODE=MAN), the output value OUT of afunction block is changed if MV is manipulated from the HIS. Changes of the value ofOUT can be monitored on the HIS as changes of MV.



answerback) > D4-18


l MTM (mask time)This data item display the answerback check mask time. The default value is 0. The unit isseconds and the fractional part indicates milliseconds. Data entry from an HIS is not allowed.• Associating parameters of function blocks

The MTM parameter (answerback check mask time) of a function block is associated withMTM.

n Process alarmsMOB_11 and MOB_21 notify process alarms of answerback error and IOP/OOP.

l Answerback error alarmsIf an answerback error occurs, a process alarm is notified when the associated parameter of afunction block changes under the following conditions. Notification of generation of answer-back pattern errors and recovery from the errors is made only from MOB_21.

• Notification of answerback error on the open side (ANS+):

• Notification of answerback error on the close side (ANS-):

• Notification of answerback pattern error (PERR):

At a falling edge of NANPAt a falling edge of NANMAt a falling edge of NPER

If the system recovers from an answerback error, a process alarm is notified. The notificationis made if the parameters of a function block change under the following conditions.

• Recovery notification of answerback error on the open side(ANS+ cancellation):

• Recovery notification of answerback error on the close side(ANS- cancellation):

• Recovery notification of answerback pattern error (PERR can-cellation):

At a rising edge ofNANPAt a rising edge ofNANMAt a rising edge ofNPER

l IOP and OOPIf you connect a signal indicating whether or not the answerback input signal is normal to theIOP parameter and a signal indicating whether or not the output signal is normal to the OOPparameter, input/output errors can be notified as process alarms. The notification is made ifthe parameters of a function block change under the following conditions.

• Input error occurrence alarm:

• Output error occurrence alarm:

At a falling edge of IOPAt a falling edge of OOP

The notification of recovery is made if the parameters of the function blocks change under thefollowing conditions.

• Input error recovery alarm:

• Output error recovery alarm:

At a rising edge of IOPAt a rising edge of OOP


answerback) > D4-19


D4.2 HIS interfaces of MOB_RS (auto-resetBOOL-type data manual operation)

Auto-reset BOOL-type data manual operation function blocks output pulses when operatedmanually from an HIS.

<D4.2 HIS interfaces of MOB_RS (auto-reset BOOL-type data manual operation) > D4-20


D4.2.1 Operations of MOB_RS from HISThis section explains the following functions of MOB_RS.• Permission of manual operations and automatic reset of operation output values


SEEALSO For more information about an explanation of MOB_RS parameters, refer to:

C5.6, “MOB_RS (auto-reset BOOL-type data manual operation)” on page C5-18

n Example of configuration of MOB_RSThe following figure shows a usage example of MOB_RS in a CENTUM integration structure.

MO

DE

PV

MV

SW

AIN

MTM

OUT Q1

NANM

CENTUM

SCS

SET

RESET1

ADIR FALSE

T#1s

MAN NR

ANSV


Application logic

Figure D4.2.1-1 Overview of MOB_RS configuration

The associated parameter values of the SCS function block are sent to indicate the blockmode (MODE) and answerback input value (PV) on the CENTUM side via the mappingblocks. The value of OUT is displayed as MV on the HIS instrument faceplate and operationson MV from the HIS are sent to OUT of the SCS in the manual mode (MAN).



n Overview of processing MOB_RS

HIS

OUT

SW

FALSE

Pulse generator

Auto-Reset BOOL-Type data manual operation block

Flow of control

Flow of data

Value from HIS (MV)

SW equal to FALSE

SW equal to TRUE

This variable always follows the valve of OUT except when the data from HIS is received.

Figure D4.2.1-2 Flow of control and data of MOB_RS

• Prohibition of Manual operationsIf the manual operation permit switch SW is FALSE, OUT is fixed to FALSE. If an operatorattempts to perform manual operations from an HIS when the input to SW is FALSE(manual operations prohibited), the attempt will fail.

• Permission of Manual Operations and Automatic Reset of Operation Output ValueManual operations by an operator from an HIS are permitted if TRUE is input to SW. IfMV is changed from 0 to 2 in an HIS, the output value of OUT of MOB_RS changes toTRUE. The output of OUT returns to FALSE automatically after the next scan in the scanperiod. The value of MV in the CENTUM system also returns to 0.

l Confirmation of MOB_RS behavior via answerback inputThe output value of MOB_RS caused by manual operations returns to FALSE quickly and anoperator typically cannot check whether the manual operations were acknowledged or not. Toalleviate this problem, it is a good idea to create a latch variable or similar that is reset by apulse signal output from MOB_RS and input its value to the answerback input of MOB_RS.The changes of this value can then be displayed in the instrument faceplate. This way, it ispossible to check whether the manual operations took effect through the instrument faceplate.

n Answerback checkThe following parameters are related to answerback check of MOB_RS.

MOB_RS

AIN

OUT

NANM

ADIR

MTM

Note: The SW parameter is omitted.

Figure D4.2.1-3 Parameters related to answerback check of MOB_RS




Table D4.2.1-1 Explanation of parameters related to answerback checkIN/OUT Argu-


IN AIN BOOL Answerback input value.

ADIR BOOL Answerback operation direction specification.TRUE: Forward operation.FALSE: Reverse operation.


OUT OUT BOOL Operation output value for logic reset (pulse signal).

NANM BOOL Answerback status.TRUE: Normal status.FALSE: Abnormal status.

l Answerback operation directionSpecify whether the answerback input signal becomes TRUE at normal or abnormal status,using the answerback operation direction specification (ADIR).• Specification of forward operation

A forward operation refers to an operation where the answerback signal is latched toTRUE when the specified events occur and return to FALSE due to the pulse output fromOUT. Specify TRUE for ADIR.

• Specification of reverse operationA reverse operation refers to an operation where the answerback signal is latched toFALSE when the specified events occur and return to TRUE due to the pulse output fromOUT. Specify FALSE for ADIR.

l Answerback operation at forward operationIn a forward operation, the relationship between the output signal OUT and the answerbacksignal is as illustrated in the figure below.

MANNR

MANNR

MANNR

MANNR

MANNR

AUTNR

MV = 0PV = 0

MV = 0PV = 2

MV = 0PV = 2

MV = 2PV = 2

MV = 0PV = 2

MV = 0PV = 0

2 0 MV

PVMV

OUT TF

TF

TF

AIN

SW

MV PV

Transition by application


Manual operationby operator

Auto-Reset byfunction block

If the latch is not unlatched in some reason, ANS- occurs

At normal Demand occurs Demand cleared Unlatch operation MV auto-reset Unlatched

Figure D4.2.1-4 Relationship between MV manipulation and answerback (forward operation)



The data items of CENTUM and parameter values of MOB_RS are related in the followingways.• The AIN parameter (answerback input value) of MOB_RS is associated with PV on the

CENTUM side. PV=2 if AIN=TRUE and PV=0 if AIN=FALSE.

• The OUT parameter of MOB_RS is associated with MV on the CENTUM side.OUT=TRUE if MV=2 and OUT=FALSE if MV=0.

1. At normal status, MV=0 and FALSE is output to OUT of MOB_RS.

2. Create application logic such that AIN of MOB_RS is latched to TRUE at the occurrenceof a demand. If AIN becomes TRUE, PV becomes 2.

3. If MV is changed to 2 from an HIS to reset the latch, OUT of MOB_RS changes to TRUE.OUT returns to FALSE after one scan (automatic reset).

4. Create application logic such that the latch is reset upon changes of OUT from FALSE toTRUE and AIN returns to FALSE. PV becomes 0 if AIN becomes FALSE.

l Answerback operation at reverse operationIn a reverse operation, the relationship between the output signal OUT and the answerbacksignal is as illustrated in the figure below.

MANNR

MANNR

MANNR

MANNR

MANNR

AUTNR

2 0 MV

OUT TF

TF

TF

AIN

SW

MV

MV PV

PV

MV = 0PV = 2

MV = 0PV = 0

MV = 0PV = 0

MV = 2PV = 0

MV = 0PV = 0

MV = 0PV = 2



Manual operationby operator

Auto-Reset byfunction block

If the latch is not unlatched in some reason, ANS- occurs

At normal Demand occurs Demand cleared Unlatch operation MV auto-reset Unlatched

Figure D4.2.1-5 Relationship between MV manipulation and answerback (reverse operation)

A reverse operation is normal if the values of PV and MV are opposite in the HIS instrumentfaceplate.

l Notification of answerback errorsAn answerback error occurs if AIN (answerback signal) does not return to the normal valuewithin the time specified by MTM (answerback check mask time) after a pulse signal is gener-ated by manipulation of MV. The normal value of AIN is FALSE in the case of forward opera-tions and TRUE in the case of reverse operations. If an answerback error is detected, FALSEis output from NANM (answerback status) and a notification is made to an HIS as a processalarm (ANS-) on the CENTUM side.



The system recovers from an answerback error if MV is manipulated again or AIN (answer-back signal) returns to the normal value. On recovery, TRUE is output from NANM (answer-back status).Note that if 0 seconds are specified for MTM, answerback check is started from the next scanafter OUT becomes TRUE.



D4.2.2 Tag name interfaces and process alarms of MOB_RSIn order to manually operate auto-reset BOOL-type data manual operation function blocksfrom an HIS, it is necessary to specify the tag names using the Tag Name Builder and associ-ate them with mapping blocks. This allows them to be called via tag names and notification ofprocess alarms.Mapping blocks associated with auto-reset BOOL-type data manual operation function blocksare S_MOB_RS.

n Settings in the Tag Name BuilderTo perform manual operations from an HIS, make settings for the relevant instances ofMOB_RS in the Tag Name Builder. Specify whether or not to notify answerback error alarmsaccording to the following procedure.• Answer back Alarm (answerback error alarm)

Specify either [Both] or [No].Specify [Both] to notify answerback error alarms. Only ANS- process alarms are gener-ated even if [Both] is specified.

n Data items of S_MOB_RSAmong the data items of mapping blocks, the data items unique to S_MOB_RS are explainedhere. All of these data items are displayed in the HIS tuning view.





The SW parameter (manual operation permit/prohibit toggle switch) of MOB_RS is asso-ciated with MODE.

• Changes of block mode (AUT/MAN)The block mode becomes MAN if TRUE is input to SW, and AUT if FALSE is input.


l PV (answerback input value)This data item displays answerback input signals connected to MOB_RS. Data entry from anHIS is not allowed. It is displayed in the parameter display area of instrument faceplate andwill be a target of data collection for tuning trend.• Associating parameters of function blocks

The AIN parameter (answerback input value) of MOB_RS is associated with PV.




• Correspondence between changes of the parameter value of MOB_RS and changes ofPVPV=2 if AIN (answerback input value) of MOB_RS is TRUE and PV=0 if FALSE.

• DefaultThe default value (0) of AIN is reflected in the default value of PV.

l MV (manipulated output value)This data item is associated with the operation output value of MOB_RS. Its value can bechanged if manual operations from an HIS are permitted (block mode=MAN). It is displayed inthe parameter display area of instrument faceplate and will be a target of data collection fortuning trend.• Associating parameters of function blocks

The OUT parameter (logic reset operation output value) of MOB_RS is associated withMV.

• RangeThe range of MV is 0 or 2.

• Correspondence between changes of the parameter value of function blocks andchanges of MVMV=2 if OUT of MOB_RS is TRUE and MV=0 if FALSE.When operations from an HIS are permitted (MODE=MAN), OUT of MOB_RS changes ifMV is manipulated from the HIS.


l SW (switch)This data item displays the status of the manual operation permit/prohibit toggle switch ofMOA. Data entry from an HIS is not allowed.• Associating parameters of function blocks

The SW parameter (manual operation permit/prohibit toggle switch) of a function block isassociated with SW. The SW value of MOB_RS is reflected in this item.


l MTM (mask time)This data item display the answerback check mask time. The unit is seconds and the fraction-al part indicates milliseconds. Data entry from an HIS is not allowed.• Associating parameters of function blocks

The MTM parameter (answer back check mask time) of MOB_RS is associated withMTM.

• DefaultThe default value of MTM is 0.

n Process alarmsMOB_RS notifies answerback error alarms.

l Answerback error alarmsIf an answerback error occurs, a process alarm is notified when NANM of MOB_RS changesunder the following condition.• Notification of answerback error occurrence (ANS-): At a falling edge of NANM



D4.3 HIS interfaces of MOA (analog-type datamanual operation)

Analog-type data manual operation function blocks can monitor the values of analog outputvariables via an HIS, and it is possible to change the output values from the HIS.Analog-type data manual operation function blocks also have a parameter for receiving shut-down events and are able to output the shutdown logic signal with the highest priority at theoccurrence of a shutdown event.

<D4.3 HIS interfaces of MOA (analog-type data manual operation) > D4-28


D4.3.1 Operations of MOA from HISThis section explains the following functions of MOA.• Feedback input

• OOP detection

The password for manual operations is the same as MOB_11 and MOB_21.

SEEALSO For more information about an explanation of MOA parameters, refer to:

C5.7, “MOA (analog-type data manual operation)” on page C5-20

For more information about password for manual operations, refer to:

D4.1.2, “Password at manual operations” on page D4-9

For more information about output enable status display, refer to:

D4.1.3, “The Output Enable status display function” on page D4-10

n Example of configuration of MOAThe figure below shows a usage example of MOA in a CENTUM integration structure.

'password'

MAN NR

MO

DE

ALR

M

FV

MV

SHDN

IN

SW

OOP OTEN PSWD

OUT

CENTUM

SCS

0.0

FEEDBACK AOVAR.status

OUTEN

SDV

FV

AOVAR.v

Shutdown logic



Figure D4.3.1-1 Analog-type data manual operation function blocks

The associated parameter values of the SCS function block are sent to indicate the blockmode (MODE), process alarms (ALRM) and feedback input value (FV) on the CENTUM sidevia the mapping blocks. The value of OUT is displayed as MV on the HIS instrument faceplateand operations on MV from the HIS are sent to OUT of the SCS in the manual mode (MAN).



n Overview of processing MOA

HIS

OUT

SHDN

SW

IN

SDV

Analog-Type data manual operation Flow of control

Flow of data

Value from HIS (MV)

SW equal to FALSE

SW equal to TRUE

SHDN equal to FALSE

SHDN equal to TRUE

This variable always follows the value of OUT except when the data from HIS is received.

Figure D4.3.1-2 Flow of control and data (MOA)

l Shutdown processingIf the input value of SHDN (shutdown signal) becomes FALSE, the value of SDV (shutdownoutput value) is output from OUT. At this point, all data settings from input parameters otherthan SHDN and SDV as well as an HIS are ignored. The SHDN input of MOA supports onlyDTS logic (normal: TRUE, abnormal: FALSE). Connect a reversed shutdown logic signal toSHDN in the case of ETS logic (normal: FALSE, abnormal: TRUE).

l Prohibition of manual operationsIf the input value of SHDN is set to TRUE (status where shutdown processing is not per-formed) and the manual operation permit switch SW is set to FALSE (manual operations pro-hibited), the value input to IN is output to OUT as is. If an operator attempts to perform man-ual operations from an HIS when the input to SW is FALSE, the attempt will fail. IN can beused to change the output value of OUT from the application logic when no shutdown instruc-tion is input to SHDN (i.e., the system is in a safe state).

l Permission of manual operationsIf the value of SHDN input is set to TRUE (i.e., the system is in a status where shutdown pro-cessing is not performed) and the SW input is set to TRUE (manual operations permitted), re-sults of manual operations carried out by an operator from an HIS are output from OUT. Notethat password entry is required to perform manual operations. The password is checked with-in a function block. If the password is incorrect, a warning message for the illegal operationwill be displayed and OUT will be unchanged. The status where manual operations are per-mitted can be used when it is desired to change the output value by a user operation withoutissuing a shutdown instruction from SHDN (i.e., the system is in a safe state).

n Feedback inputThe feedback input (FV: data type is REAL) can be used for the purpose of checking the re-sult of manipulating MV from an HIS on instrument faceplate and so on. Input a signal indicat-ing the degree of opening of a valve or similar connected to the output variable channel con-nected to OUT, to FV.• It is not checked that the values of OUT and FV match.



• The value of FV is used for checking purposes only in an HIS. It has no influence on theoutput behavior of OUT.

n OOP detectionIt is possible to use OOP (whose data type is BOOL) to check whether or not an output signalis normal. Input the data status of an output signal (output variable connected to OUT) or sim-ilar to OOP. Process alarms are notified on the CENTUM side according to the change of theOOP value.• The value of OOP has no influence on the output behavior of OUT.



D4.3.2 Tag name interfaces and process alarms of MOAIn order to manually operate analog-type data manual operation function blocks from an HIS,it is necessary to specify the tag names using the Tag Name Builder and associate them withmapping blocks. This allows them to be called via tag names and notification of processalarms.Mapping blocks associated with analog-type data manual operation function blocks are dis-played as S_MOA.

n Settings in the Tag Name BuilderTo perform manual operations from an HIS, make settings for the relevant instances of MOAin the Tag Name Builder. The settings related to MOA are as follows.

l Output high and low limitsThe output scale high and low limits are valid setting items when the block is in the mode thatmanual operation is allowed (MODE=MAN). This indicates the range of MV value that can beset by the operator without confirmation. When a value beyond the limits is set from HIS tothe MV, a dialog box will be displayed for confirmation to set the MV beyond the limits. If youapprove, the MV value is set.This function is different from the Output Limiter function of FCS.• Output high limit

Specify a value in the range from 0.0 to 100.0%. The default is 100.0%.This item is associated with data item MH of mapping block.

• Output low limitSpecify a value in the range from 0.0 to 100.0%. The default is 0.0%.This item is associated with data item ML of mapping block.

l Output scale high and low limitsThe output scale high and low limits are valid setting items when the block is in the mode thatmanual operation is allowed (MODE=MAN). These settings indicate the upper and lower lim-its at entering MV value from HIS. A value beyond these high and low limits cannot be en-tered from HIS.• Output Scale High Limit

The value of this item is fixed to 100.0%. The value cannot be changed.This item is associated with data item MSH of mapping block.

• Output Scale Low LimitThe value of this item is fixed to 0.0%. The value cannot be changed.This item is associated with data item MSL of mapping block.

TIP When a block is in a block mode that the manual operation is not allowed (MODE=AUT), the output from OUTwill not be affected by the output high and low limits or the output scale high and low limits. The values speci-fied by the parameters of IN or SDV of MOA will be intact and directly outputted.

n Data items of S_MOAAmong the data items of mapping blocks, the data items unique to S_MOA are explainedhere. All of these data items are displayed in the HIS tuning view with the exception of SHand SL.







The SHDN (shutdown signal), SW (manual operation permit/prohibit toggle switch) andOTEN (signal indicating output enable status) parameters of MOA are associated withMODE.

• Changes of block mode (AUT/MAN)The block mode becomes AUT if SHDN is FALSE. If SHDN is TRUE, the block mode be-comes MAN if TRUE is input to SW and AUT if FALSE is input to SW.

• Changes of block mode (output enable status)The block mode IMAN is added to the block mode if OTEN is FALSE and IMAN is removefrom the block mode if OTEN is TRUE.


l FV (feedback input value)This data item displays the feedback input signal connected to MOA. Data entry from an HISis not allowed. It is displayed in the parameter display area of instrument faceplate and will bea target of data collection for tuning trend.• Associating parameters of function blocks

The FV parameter (feedback input value) of MOA is associated with FV. The value of FVchanges according to the changes of the FV value of MOA.

• RangeThe range of FV is 0 to 100%.

• DefaultThe default value of parameter (0%) of MOA is reflected in the default value of FV.

l MV (manipulated output value)This data item is associated with the operation output value of MOA. Its value can bechanged if manual operations from an HIS are permitted (block mode=MAN). It is displayed inthe parameter display area of instrument faceplate and will be a target of data collection fortuning trend.• Associating parameters of function blocks

The OUT parameter (analog operation output value) of MOA is associated with MV. Thevalue of MV changes according to the changes of the OUT value of MOA.

• RangeThe range of MV is 0 to 100%.

• DefaultThe default value of MV is 0%.



l SHDN (shutdown signal)This data item displays signals used for shutdown logic. Data entry from an HIS is not al-lowed.• Associating parameters of function blocks

The SHDN parameter (shutdown signal) of MOA is associated with SHDN. The SHDNvalue of MOA is reflected in this data item.

• RangeThe range of SHDN is 0 or 1.

• Correspondence between changes of the parameter value of function blocks andchanges of SHDNChanges of the SHDN (shutdown signal) value of MOA match with changes of SHDN.If the value of SHDN is 0, the value of SDV (shutdown output value) is output as a shut-down signal from the OUT parameter (corresponding to a data item MV) of MOA.

l SDV (shutdown output value)This data item displays a value output as a shutdown signal when shutdown processing isperformed. Data entry from an HIS is not allowed.• Associating parameters of function blocks

The SDV parameter (shutdown output value) of MOA is associated with SDV. The SDVvalue of MOA is reflected in this data item.

• RangeThe range of SDV is 0 to 100%.

l INV (logic input value)This data item is associated with the value specified to be output under conditions where theshutdown logic is not effective and operations from an HIS are prohibited. Data entry from anHIS is not allowed.• Associating parameters of function blocks

The IN parameter (specified output value when manual operations are prohibited) ofMOA is associated with INV. The default value of IN of MOA is reflected in this data item.The value of INV changes according to changes of the IN value of MOA.

• RangeThe range of INV is 0 to 100%.

l SW (switch)This data item displays the status of the manual operation permit/prohibit toggle switch ofMOA. Data entry from an HIS is not allowed. Operations on MV from an HIS are permittedwhen the value of SW is 1 and MODE becomes MAN.• Associating parameters of function blocks

The SW parameter (manual operation permit/prohibit toggle switch) of MOA is associatedwith SW. The SW value of MOA is reflected in this item.


l MSH (output range high limit)This data item displays the output scale high limit. Data entry from an HIS is not allowed. Thevalue is fixed to 100%.



l MSL (output range low limit)This data item displays the output scale low limit. Data entry from an HIS is not allowed. Thevalue is fixed to 0%.

l MH (output high limit)This data item displays the output high limit defined in the Tag Name Builder. Data entry froman HIS is not allowed. The range is 0 to 100%.

l ML (output low limit)This data item displays the output low limit defined in the Tag Name Builder. Data entry froman HIS is not allowed. The range is 0 to 100%.

l SH (FV scale high limit)This data item is used to display the high limit of FV bar in an instrument faceplate. The valueis fixed to 100%.

l SL (FV scale low limit)This data item is used to display the low limit of the FV bar in an instrument faceplate. Thevalue is fixed to 0%.

n Process alarmsMOA notifies process alarms of OOP.

l OOPIf you connect a signal indicating whether or not the output signal is normal to the OOP pa-rameter of MOA, output errors are notified as process alarms. The notification is made if theparameter of MOA changes under the following condition.• Output error occurrence alarm: At a falling edge of OOP

The notification of recovery is made if the parameter of MOA changes under the followingcondition.• Output error recovery alarm: At a rising edge of OOP



D5. Data setting using externalcommunication function blocks

Data setting from FCSs is performed via tag name interfaces using external communicationfunction blocks dedicated for data setting. These function blocks allow data setting not onlyfrom FCS, but also from HIS. External communication function blocks are provided for each ofthe data types.

n Data setting from FCSIn order to set data via tag name interfaces, define tag names for instances of external com-munication function blocks in Tag Builder in an SENG. Once tag names are defined, mappingelements (%WB) are generated. By accessing these mapping elements using the syntax"<tag name>.<data item>," data can be referenced and set. The table below lists data itemnames used when accessing data.

Table D5-1 Data items of tag name interfacesExternal communication FB Data item name(referencing and setting)

ECW_B PV

ECW_I PVI32

ECW_R PVF32

Tag name interfaces use the same data item names for referencing and setting data. For ex-ample, if the tag name TAG0702 is defined for an ECW_I function block, the specification"TAG0702.PVI32" can be used when both referencing and setting data of this function block.If the tag name TAG0703 is set for an ECW_R function block, "TAG0703.PVF32" is used toaccess data.

Control bus

Application logic

SCS

Internal variable ECW_R

FCS

SFC block

HIS

OUT

TAG0701 mapping

element (%WB)

TAG0702 mapping

element (%WB)

TAG0703 mapping

element (%WB)

Tag name interface

Tag name interface

Tag name interface

Internal variable ECW_B

OUT

Internal variable ECW_I

OUT

<BOOL data>

<DINT data>

<REAL data>

CENTUM integration function

TAG0701.PV

TAG0702.PVI32

TAG0703.PVF32 Application

accessing data by the tag name

Figure D5-1 Data setting using tag name interfaces of external communication function blocks

<D5. Data setting using external communication function blocks > D5-1


D5.1 Confirmation of setting dataIn order to use data set by external communication function blocks in an application used in asafety loop, it is necessary to incorporate certain safety measures (various functions to securesafety) with a user application.An example that uses an application logic that checks the status of data set from an HIS orFCS as a safety measure is shown below.

n Confirmation of data set via tag name interfacesThe data set from an FCS is stored temporarily in a mapping element (WT003) and then re-flected in an external communication function block. The figure below shows an example ofan application that checks whether the set data reached the application logic or not.

Control bus

Application logic

SCSFCS

UserApplication

WT003mapping

element (%WB)

RB003mapping

element (%WB)

Tag name interfaceOUT

CENTUMintegration function

WT003.PVI32

RB003.PVI32

Internalvariable

ECW_I

READBACK

DINT-typevariable

Tag name interface

Figure D5.1-1 Example of application that checks data setting using readback variable

Connect the variable READBACK (DINT-type variable) to the OUT variable so that the outputfrom the OUT variable can be read back with a user application. By doing so, it can be con-firmed that the data has been set correctly.The procedure to set DINT-type data is shown below.1. Define a tag name for data setting for an ECW_I (external communication function block)

(WT003 in the example).

2. Define a tag name for data readback for the variable that will be used for reading the de-sired data back (RB003 in the example).

3. Set data from the external device (FCS in this example) using the specification "<tagname for data setting>.PVI32." In the example, data is set via WT003.PVI32.

4. Read the data back to the external device (FCS in the example) using the specification"<tag name for data readback>.PVI32." In the example, data is read back viaRB003.PVI32.

<D5.1 Confirmation of setting data > D5-2


D5.2 Tag name interfaces of externalcommunication function blocks

This section explains data items of mapping elements associated with external communica-tion function blocks.

n Data items of mapping elements associated with externalcommunication function blocks

By associating tag names with ECW_B, ECW_I and ECW_R type function blocks, it becomespossible to set data from outside an SCS using tag name interfaces. If you define tag namesusing the Tag Name Builder, mapping elements are created in the communication input/output(%WB) area.Mapping elements of external communication commonly have OPMK data items.

SEEALSO For more information about an explanation of OPMK (Operation mark), refer to:


l Data items of mapping elements (%WB) associated with ECW_B (PV)The Boolean value of ECW_B is displayed as PV. It is displayed in the HIS tuning view andthe parameter display area of instrument faceplate, and will be a target of data collection fortuning trend. Data entry from an HIS is allowed.The range is 0 or 1. The default value of ECW_B is reflected in the default value of PV.

l Data items of mapping elements (%WB) associated with ECW_I (PVI32)The integer value of ECW_I is displayed as PVI32. It is displayed in the HIS tuning view andthe parameter display area of instrument faceplate. Data entry from an HIS is allowed.The range is all signed 32-bit integers. The default value of ECW_I is reflected in the defaultvalue of PVI32.

l Data items of mapping elements (%WB) associated with ECW_R (PVF32)The value of ECW_R is displayed as PVF32 (a real number). It is displayed in the HIS tuningview and the parameter display area of instrument faceplate. Data entry from an HIS is al-lowed.The range is all single precision real numbers. The default value of ECW_R is reflected in thedefault value of PVF32.

<D5.2 Tag name interfaces of external communication function blocks > D5-3


D6. SCS global switch communicationBy using SCS global switch communication of the SCS link transmission function, data can besent and received between a CENTUM station (FCS, APCS, and GSGW, hereafter collective-ly referred to as FCS) and an SCS.

<D6. SCS global switch communication > D6-1


D6.1 Referencing FCS data from SCSWhen sending of global switch value to other stations is permitted at an FCS, values set from%GS001 to %GS256 at the FCS can be received at an SCS as BOOL-type data.

n Referencing FCS dataThe LTFCS function block is used to reference FCS %GS data. LTFCS is an interference-freefunction block. It cannot be used for safety loop.Data referenced with the LTFCS function block is defined by wiring the link transmission dataarea and LTFCS function block in SCS Link Transmission Builder.

Sender FCS

LTFCS FB (Interference-free)

Link transmission data area (32 bytes)

Global switch (%GS001 to %GS256)

Logic SCS

Control bus (link transmission)

Figure D6.1-1 Referencing FCS data

l Data check using CENTUM• For data set to an SCS from an FCS, check global switch data of the FCS.

• To check the data received at an SCS from CENTUM stations, connect BOOL data toGSV parameter of the LTFCS function block and give a tag name to the BOOL data.

• To check the status of data received at an SCS from CENTUM stations, connect BOOLdata to STS parameter of the LTFCS function block and give a tag name to the BOOLdata.

n Diagnosis of communication errorThe communication status with an FCS is checked at an SCS. Regardless of the scan periodof SCS application logic, if data update from the FCS stops for 3 seconds, the SCS judgesthat a communication error has occurred and starts the input processing at fault. Possiblecauses of communication error are shown below.• The sending side FCS failed.

• Control bus failed on both bus1 and bus2.

n Processing upon communication errorIf a SCS global switch communication error, including the sending side FCS stop, has occur-red, the SCS starts the input processing at fault.

l Receive data/data status• Logical data of the link transmission data area received by the SCS will be set depending

on the input value at error occurrence defined on the Data Wiring definition of SCS LinkTransmission Builder.

<D6.1 Referencing FCS data from SCS > D6-2


• The data status will be BAD.

The data and data status above are output from the LTFCS function block.

l Notification of communication errorA diagnostic information message indicating "Diagnostic Error" will be sent from the SCS.However, no diagnostic information message notifying errors related to SCS Link Transmis-sion will be sent during the SCS startup.



l Processing upon communication error recoveryAfter the cause of communication error is removed and the receive data from the FCS be-comes normal, the error condition recovers automatically. If latching the data at communica-tion error is necessary, write the data latching logic in application logic.

l Receive data/data status• Logical data of the link transmission data area received by the SCS will be the %GS val-

ue sent by the FCS.

• The data status will be GOOD.

The data and data status above are output from the LTFCS function block.

l Notification of recovery from communication errorA diagnostic information message indicating "Recovery from Diagnostic Error" will be sentfrom the SCS. However, no diagnostic information message related to SCS Link Transmissionnotifying the recovery from the errors those occurred during the SCS startup will be sent.



<D6.1 Referencing FCS data from SCS > D6-3


D6.2 Data setting from SCS to FCSIf reception of global switch values from other stations is permitted at an FCS, data from thelink transmission data area of an SCS can be received by the FCS as global switch data%GS001 to %GS128. The data received at FCS from %GS129 to %GS256 are meaninglessand thus should not be referenced on the FCS side.

n FCS data settingThe LTSND function block is used for setting data to an FCS. Input the BOOL-type data to besent to the LTSND function block, and perform wiring between the LTSND function block andlink transmission data area in SCS Link transmission builder.

Receiving side FCS

LTSND FB (Safety)

Link transmission data area (16 bytes)

Global switch (%GS001 to %GS128)

Logic

SCS

Control bus (link transmission)

Figure D6.2-1 FCS data setting

SEEALSO For more information about engineering procedure flow, refer to:

“ SCS link transmission” in 2.1.6, “Settings for exchanging data between FCS and SCS” in Integrationwith CENTUM VP/CS 3000 (IM 32Q01E10-31E)

For more information about engineering functions required in engineering, refer to:

5.3, “SCS Link Transmission Definition” in Engineering Reference (IM 32Q04B10-31E)

For more information about important points regarding FCS data setting, refer to:

2.9, “SCS Link Transmission” in Engineering Guide (IM 32Q01C10-31E)

l When SCS is in the Output Disable statusWhen the data sending side SCS is in the Output Disable status, %GS of the FCS is set to 0and the data status will be BAD.After the SCS output enable operation is performed, data specified in SCS Link TransmissionBuilder will be set to %GS and the data status will change to GOOD.

<D6.2 Data setting from SCS to FCS > D6-4


Appendix 1. IEC61131-3 standardfunctions/standard functionblocks

This appendix provides explanations about IEC61131-3 standard functions/standard functionblocks that are described in the Workbench User's Guide. The explanations are based onWorkbench User's Guide.

<Appendix 1. IEC61131-3 standard functions/standard function blocks> App.1-1


Appendix 1.1 Safety standard functionsThe following list shows the safety standard functions that are described in this part:• * (MUL)

• + (ADD)

• – (SUB)

• / (DIV)

• 1 GAIN

• ABS

• AND

• Equal

• Greater Than or Equal

• Greater Than

• Less Than or Equal

• Less Than

• LIMIT

• MAX

• MIN

• MUX4

• MUX8

• NOT

• Not Equal

• OR

• ROL

• ROR

• SEL

• SHL

• SHR

• SQRT

• XOR

<Appendix 1.1 Safety standard functions> App.1-2


Appendix 1.1.1 * (MUL)

Figure Appendix 1.1.1-1 * (MUL)

For this operator, the number of inputs can be extended to more than two up to 16. If youspecify only one input or more than 16 inputs, the Integrity Analyzer will detect it as an error.

n Arguments

Table Appendix 1.1.1-1 Arguments of *IN/OUT Arguments Data type Description

IN - DINTREAL

Can be INTEGER or REAL (all inputs must have the same for-mat)

OUT - DINTREAL

Signed multiplication of the input terms

n DescriptionMultiplication of two or more integer or real variables.

n Example

Figure Appendix 1.1.1-2 FBD example with multiplication operators



Appendix 1.1.2 + (ADD)

Figure Appendix 1.1.2-1 + (ADD)

For this operator, the number of inputs can be extended to more than two up to 16. If youspecify only one input or more than 16 inputs, the Integrity Analyzer will detect it as an error.

n Arguments

Table Appendix 1.1.2-1 Arguments of +IN/OUT Arguments Data type Description

IN - DINTREALSTRINGTIME

Can be INTEGER, REAL, STRING, or TIME (all inputs musthave the same format)

OUT - DINTREALSTRINGTIME

Signed addition of the input terms

n DescriptionAddition of two or more integer or real variables.

n Example

Figure Appendix 1.1.2-2 FBD example with addition operators



Appendix 1.1.3 – (SUB)

Figure Appendix 1.1.3-1 – (SUB)

n Arguments

Table Appendix 1.1.3-1 Arguments of –IN/OUT Arguments Data type Description

IN IN1 DINTREALTIME

Can be INTEGER, REAL, or TIME (IN1 and IN2 must have thesame format)

IN2 DINTREALTIME

Can be INTEGER, REAL, or TIME (IN1 and IN2 must have thesame format)

OUT Q DINTREALTIME

Subtraction of two integer or real variables (first - second)

n DescriptionSubtraction of two integer or real variables (first - second).

n Example

Figure Appendix 1.1.3-2 FBD example with subtraction operators



Appendix 1.1.4 / (DIV)

Figure Appendix 1.1.4-1 / (DIV)

n Arguments

Table Appendix 1.1.4-1 Arguments of /IN/OUT Arguments Data type Description

IN IN1 DINTREAL

Can be INTEGER or REAL (operand)

IN2 DINTREAL

Non-zero integer or real value (divisor) (IN1 and IN2 musthave the same format)

OUT Q DINTREAL

Signed integer or real division of IN1 by IN2

n DescriptionDivision of two integer or real variables (the first divided by the second).

n Example

Figure Appendix 1.1.4-2 FBD example with division operators



Appendix 1.1.5 1 GAIN

Figure Appendix 1.1.5-1 1 GAIN

n Arguments

Table Appendix 1.1.5-1 Arguments of 1 GAININ/OUT Arguments Data type Description

IN IN Any type -

OUT Q Any type -

n DescriptionAssignment of one variable into another one.This Block is very useful to directly link a diagram input and a diagram output. It can also beused (with a Boolean negation line) to invert the state of a line connected to a diagram output.

n Example

Figure Appendix 1.1.5-2 FBD example with assignment operators



Appendix 1.1.6 ABS

Figure Appendix 1.1.6-1 ABS

n Arguments

Table Appendix 1.1.6-1 Arguments of ABSIN/OUT Arguments Data type Description

IN IN REAL Any signed real value

OUT Q REAL Absolute value (always positive)

n DescriptionGives the absolute (positive) value of a real value.

n Example

Figure Appendix 1.1.6-2 FBD program using a "ABS" function



Appendix 1.1.7 AND

Figure Appendix 1.1.7-1 AND

For this Operator, the number of inputs can be extended to more than two up to 16. If youspecify only one input or more than 16 inputs, the Integrity Analyzer will detect it as an error.

n Arguments

Table Appendix 1.1.7-1 Arguments of ANDIN/OUT Arguments Data type Description

IN - BOOL -

OUT - BOOL Boolean AND of the input terms

n DescriptionBoolean AND between two or more terms.

n Example

Figure Appendix 1.1.7-2 FBD example with "AND" operators



Appendix 1.1.8 Equal

Figure Appendix 1.1.8-1 Equal

n Arguments

Table Appendix 1.1.8-1 Arguments of EqualIN/OUT Arguments Data type Description

IN IN1 BOOLDINTREALTIMESTRING

Both inputs must have the same type. The TIME input only ap-plies to the ST language.

IN2 BOOLDINTREALTIMESTRING

OUT Q BOOL TRUE if IN1 = IN2

n DescriptionTests if one value is EQUAL TO another one (on integer, real, and string variables).The equality test on a TIME variable is not recommended for testing output of TIME blockssuch as TON, TP, TOF.

n Example

Figure Appendix 1.1.8-2 FBD example with "Is equal to" operators



Appendix 1.1.9 Greater Than or Equal

Figure Appendix 1.1.9-1 Greater Than or Equal

n Arguments

Table Appendix 1.1.9-1 Arguments of Greater Than or EqualIN/OUT Arguments Data type Description

IN IN1 DINTREALTIMESTRING


IN2 DINTREALTIMESTRING

OUT Q BOOL TRUE if IN1 >= IN2

n DescriptionTests if one value is GREATER THAN or EQUAL TO another one (on integers, reals, orstrings).The equality test on a TIME variable is not recommended for testing output of TIME blockssuch as TON, TP, TOF.

n Example

Figure Appendix 1.1.9-2 FBD example with "Greater or equal to" operators



Appendix 1.1.10 Greater Than

Figure Appendix 1.1.10-1 Greater Than

n Arguments

Table Appendix 1.1.10-1 Arguments of Greater ThanIN/OUT Arguments Data type Description


Both inputs must have the same type


OUT Q BOOL TRUE if IN1 > IN2

n DescriptionTests if one value is GREATER THAN another one (on integers, reals, times or strings).

n Example

Figure Appendix 1.1.10-2 FBD example with "Greater than" operators



Appendix 1.1.11 Less Than or Equal

Figure Appendix 1.1.11-1 Less Than or Equal

n Arguments

Table Appendix 1.1.11-1 Arguments of Less Than or EqualIN/OUT Arguments Data type Description




OUT Q BOOL TRUE if IN1 <= IN2

n DescriptionTests if one value is LESS THAN or EQUAL TO another one (on integers, reals, or strings).The equality test on a TIME variable is not recommended for testing output of TIME blockssuch as TON, TP, TOF.

n Example

Figure Appendix 1.1.11-2 FBD example with "Less or equal to" operators



Appendix 1.1.12 Less Than

Figure Appendix 1.1.12-1 Less Than

n Arguments

Table Appendix 1.1.12-1 Arguments of Less ThanIN/OUT Arguments Data type Description


Both inputs must have the same type.


OUT Q BOOL TRUE if IN1 < IN2

n DescriptionTests if one value is LESS THAN another one (on integers, reals, times or strings).

n Example

Figure Appendix 1.1.12-2 FBD example with "Less than" operators



Appendix 1.1.13 LIMIT

Figure Appendix 1.1.13-1 LIMIT

n Arguments

Table Appendix 1.1.13-1 Arguments of LIMITIN/OUT Arguments Data type Description

IN MIN DINT Minimum allowed value

IN DINT Any signed integer value

MAX DINT Maximum allowed value

OUT Q DINT Input value bounded to allowed range

n DescriptionLimits an integer value into a given interval. Whether it keeps its value if it is between mini-mum and maximum, or it is changed to maximum if it is above, or it is changed to minimum ifit is below.

n Example

Figure Appendix 1.1.13-2 FBD program using a "LIMIT" function



Appendix 1.1.14 MAX

Figure Appendix 1.1.14-1 MAX

n Arguments

Table Appendix 1.1.14-1 Arguments of MAXIN/OUT Arguments Data type Description

IN IN1 DINT Any signed integer value (cannot be REAL)

IN2 DINT Any signed integer value (cannot be REAL)

OUT Q DINT Maximum of both input values

n DescriptionGives the maximum of two integer values.

n Example

Figure Appendix 1.1.14-2 FBD program using "MIN" and "MAX" functions



Appendix 1.1.15 MIN

Figure Appendix 1.1.15-1 MIN

n Arguments

Table Appendix 1.1.15-1 Arguments of MININ/OUT Arguments Data type Description

IN IN1 DINT Any signed integer value (cannot be REAL)

IN2 DINT Any signed integer value (cannot be REAL)

OUT Q DINT Minimum of both input values

n DescriptionGives the minimum of two integer values.

n Example

Figure Appendix 1.1.15-2 FBD program using "MIN" and "MAX" functions



Appendix 1.1.16 MUX4

Figure Appendix 1.1.16-1 MUX4

n Arguments

Table Appendix 1.1.16-1 Arguments of MUX4IN/OUT Arguments Data type Description

IN SEL DINT Selector integer value (must be in set [0..3])

IN1 DINT Any integer value




OUT Q DINT = value1 if SEL = 0= value2 if SEL = 1= value3 if SEL = 2= value4 if SEL = 3= 0 for all other values of the selector

n DescriptionMultiplexer with 4 entries: selects a value between 4 integer values.

n Example

Figure Appendix 1.1.16-2 FBD program using a "MUX4" function



Appendix 1.1.17 MUX8

Figure Appendix 1.1.17-1 MUX8

n Arguments

Table Appendix 1.1.17-1 Arguments of MUX8IN/OUT Arguments Data type Description

IN SEL DINT Selector integer value (must be in set [0..7])



...


OUT Q DINT = value1 if selector = 0= value2 if selector = 1...= value8 if selector = 7= 0 for all other values of the selector

n DescriptionMultiplexer with 8 entries: selects a value between 8 integer values.



n Example

Figure Appendix 1.1.17-2 FBD program using a "MUX8" function



Appendix 1.1.18 NOT

Figure Appendix 1.1.18-1 NOT

n Arguments

Table Appendix 1.1.18-1 Arguments of NOTIN/OUT Arguments Data type Description

IN IN - Any Boolean variable or complex expression

OUT Q - TRUE when IN is FALSEFALSE when IN is TRUE

n DescriptionReturns the negation of a complete Boolean expression.

n Example

Figure Appendix 1.1.18-2 FBD example with a "NOT" operator



Appendix 1.1.19 Not Equal

Figure Appendix 1.1.19-1 Not Equal

n Arguments

Table Appendix 1.1.19-1 Arguments of Not EqualIN/OUT Arguments Data type Description

IN IN1 BOOLDINTREALSTRING

Both inputs must have the same type

IN2 BOOLDINTREALSTRING

OUT Q BOOL TRUE if first <> second

n DescriptionTests if one value is not equal to another one (on integer, real, and string variables).

n Example

Figure Appendix 1.1.19-2 FBD example with "Is not equal to" operators



Appendix 1.1.20 OR

Figure Appendix 1.1.20-1 OR

For this Function, the number of inputs can be extended to more than two up to 16. If youspecify only one input or more than 16 inputs, the Integrity Analyzer will detect it as an error.

n Arguments

Table Appendix 1.1.20-1 Arguments of ORIN/OUT Arguments Data type Description

IN - BOOL -

OUT - BOOL Boolean OR of the input terms

n DescriptionBoolean OR of two or more terms.

n Example

Figure Appendix 1.1.20-2 FBD example with "OR" operators



Appendix 1.1.21 ROL

Figure Appendix 1.1.21-1 ROL

n Arguments

Table Appendix 1.1.21-1 Arguments of ROLIN/OUT Arguments Data type Description

IN IN DINT Any integer value

NbR DINT Number of 1 bit rotations (in set [1..31])

OUT Q DINT Left rotated valueno effect if NbR <= 0

n DescriptionMakes the bits of an integer rotate to the left. Rotation is made on 32 bits:

Figure Appendix 1.1.21-2 Rotation to the left of the bits of an integer

n Example

Figure Appendix 1.1.21-3 FBD program using a "ROL" function



Appendix 1.1.22 ROR

Figure Appendix 1.1.22-1 ROR

n Arguments

Table Appendix 1.1.22-1 Arguments of RORIN/OUT Arguments Data type Description


NbR DINT Number of 1 bit rotations (in set [1..31])

OUT Q DINT Right rotated valueno effect if NbR <= 0

n DescriptionMakes the bits of an integer rotate to the right. Rotation is made on 32 bits:

Figure Appendix 1.1.22-2 Rotation to the right of the bits of an integer

n Example

Figure Appendix 1.1.22-3 FBD program using a "ROR" function



Appendix 1.1.23 SEL

Figure Appendix 1.1.23-1 SEL

n Arguments

Table Appendix 1.1.23-1 Arguments of SELIN/OUT Arguments Data type Description

IN SEL1 BOOL Indicates the chosen value



OUT Q DINT = IN1 if SEL is FALSE= IN2 if SEL is TRUE

n DescriptionBinary selector: selects a value between 2 integer values.

n Example

Figure Appendix 1.1.23-2 FBD program using a "SEL" function



Appendix 1.1.24 SHL

Figure Appendix 1.1.24-1 SHL

n Arguments

Table Appendix 1.1.24-1 Arguments of SHLIN/OUT Arguments Data type Description


NbS DINT Number of 1 bit shifts (in set [1..31])

OUT Q DINT Left shifted value0 is used to replace lowest bitno effect if NbS <= 0

n DescriptionMakes the bits of an integer shift to the left. Shift is made on 32 bits:

Figure Appendix 1.1.24-2 Shift to the left of the bits of an integer

n Example

Figure Appendix 1.1.24-3 FBD program using a "SHL" function



Appendix 1.1.25 SHR

Figure Appendix 1.1.25-1 SHR

n Arguments

Table Appendix 1.1.25-1 Arguments of SHRIN/OUT Arguments Data type Description


NbS DINT Number of 1 bit shifts (in set [1..31])

OUT Q DINT Right shifted valueno effect if NbS <= 0highest bit is copied at each shift.

n DescriptionMake the bits of an integer shift to the right. Shift is made on 32 bits.

Figure Appendix 1.1.25-2 Shift to the right of the bits of an integer

n Example

Figure Appendix 1.1.25-3 FBD program using a "SHR" function



Appendix 1.1.26 SQRT

Figure Appendix 1.1.26-1 SQRT

n Arguments

Table Appendix 1.1.26-1 Arguments of SQRTIN/OUT Arguments Data type Description

IN IN REAL Must be greater than or equal to zero

OUT Q REAL Square root of the input value

n DescriptionCalculates the square root of a real value.

n Example

Figure Appendix 1.1.26-2 FBD program using a"SQRT" function



Appendix 1.1.27 XOR

Figure Appendix 1.1.27-1 XOR

n Arguments

Table Appendix 1.1.27-1 Arguments of XORIN/OUT Arguments Data type Description

IN IN1 BOOL -

IN2 BOOL -

OUT Q BOOL Boolean exclusive OR of the two input terms

n DescriptionBoolean exclusive OR between two terms.

n Example

Figure Appendix 1.1.27-2 FBD example with "XOR" operators



Appendix 1.2 Safety standard function blocksThe following list shows the safety standard function blocks that are described in this part:• F_TRIG

• R_TRIG

• RS

• SR

• TOF

• TON

• TP

<Appendix 1.2 Safety standard function blocks> App.1-31


Appendix 1.2.1 F_TRIG

Figure Appendix 1.2.1-1 F_TRIG

n Arguments

Table Appendix 1.2.1-1 Arguments of F_TRIGIN/OUT Arguments Data type Description

IN CLK BOOL Any Boolean variable

OUT Q BOOL TRUE when CLK changes from TRUE to FALSEFALSE if all other cases

n DescriptionDetects a falling edge of a Boolean Variable.

n Example

Figure Appendix 1.2.1-2 FBD program using a "F_TRIG" block



Appendix 1.2.2 R_TRIG

Figure Appendix 1.2.2-1 R_TRIG

n Arguments

Table Appendix 1.2.2-1 Arguments of R_TRIGIN/OUT Arguments Data type Description

IN CLK BOOL Any Boolean variable

OUT Q BOOL TRUE when CLK rises from FALSE to TRUEFALSE in all other cases

n DescriptionDetects a Rising Edge of a Boolean Variable.

n Example

Figure Appendix 1.2.2-2 FBD program using a "R_TRIG" block



Appendix 1.2.3 RS

Figure Appendix 1.2.3-1 RS

n Arguments

Table Appendix 1.2.3-1 Arguments of RSIN/OUT Arguments Data type Description

IN SET BOOL If TRUE, sets Q1 to TRUE

RESE BOOL If TRUE, resets Q1 to FALSE (dominant)

OUT Q1 BOOL Boolean memory state

n DescriptionResets dominant bistable.

Table Appendix 1.2.3-2 Truth table for RSSET RESE Previous Q1 Result Q1

FALSE FALSE FALSE FALSE

TRUE TRUE

FALSE TRUE FALSE FALSE

TRUE FALSE

TRUE FALSE FALSE TRUE

TRUE TRUE

TRUE TRUE FALSE FALSE

TRUE FALSE

n Example

Figure Appendix 1.2.3-2 FBD program using a "RS" block



Appendix 1.2.4 SR

Figure Appendix 1.2.4-1 SR

n Arguments

Table Appendix 1.2.4-1 Arguments of SRIN/OUT Arguments Data type Description

IN SET1 BOOL If TRUE, sets Q1 to TRUE (dominant)

RESE BOOL If TRUE, resets Q1 to FALSE

OUT Q1 BOOL Boolean memory state

n DescriptionSets dominant bistable.

Table Appendix 1.2.4-2 Truth table for SRSET1 RESE Previous Q1 Result Q1

FALSE FALSE FALSE FALSE

TRUE TRUE

FALSE TRUE FALSE FALSE

TRUE FALSE

TRUE FALSE FALSE TRUE

TRUE TRUE

TRUE TRUE FALSE TRUE

TRUE TRUE

n Example

Figure Appendix 1.2.4-2 FBD program using a "SR" block



Appendix 1.2.5 TOF

Figure Appendix 1.2.5-1 TOF

n Arguments

Table Appendix 1.2.5-1 Arguments of TOFIN/OUT Arguments Data type Description

IN IN BOOL If Falling Edge, starts increasing internal timerIf Rising Edge, stops and resets internal timer

PT TIME Maximum programmed time

OUT Q BOOL If TRUE: total time is not elapsed

ET TIME Current elapsed time

n DescriptionIncreases an internal timer up to a given value.

Figure Appendix 1.2.5-2 Timing diagram



Appendix 1.2.6 TON

Figure Appendix 1.2.6-1 TON

n Arguments

Table Appendix 1.2.6-1 Arguments of TONIN/OUT Arguments Data type Description

IN IN BOOL If Rising Edge, starts increasing internal timerIf Falling Edge, stops and resets internal timer


OUT Q BOOL If TRUE, programmed time is elapsed






Appendix 1.2.7 TP

Figure Appendix 1.2.7-1 TP

n Arguments

Table Appendix 1.2.7-1 Arguments of TPIN/OUT Arguments Data type Description

IN IN BOOL If Rising Edge, starts increasing internal timer (if not already in-creasing)If FALSE and only if timer is elapsed, resets the internal timerAny change on IN during counting has no effect


OUT Q BOOL If TRUE: timer is counting






Appendix 1.3 Interference-free standardfunctions

The following list shows the Interference-free standard functions that are described in thispart:• ACOS

• ANY_TO_BOOL

• ANY_TO_DINT

• ANY_TO_REAL

• ANY_TO_TIME

• ASIN

• ATAN

• COS

• LOG

• MOD

• POW

• SIN

• TAN

<Appendix 1.3 Interference-free standard functions> App.1-39


Appendix 1.3.1 ACOS

Figure Appendix 1.3.1-1 ACOS

n Arguments

Table Appendix 1.3.1-1 Arguments of ACOSIN/OUT Arguments Data type Description

IN IN REAL Must be in set [-1.0 .. +1.0]

OUT Q REAL Arc-cosine of the input value (in set [0.0 .. PI])= 0.0 for invalid input

n DescriptionCalculates the arc-cosine of a real value.

n Example

Figure Appendix 1.3.1-2 FBD program using "COS" and "ACOS" functions



Appendix 1.3.2 ANY_TO_BOOL

Figure Appendix 1.3.2-1 ANY_TO_BOOL

n Arguments

Table Appendix 1.3.2-1 Arguments of ANY_TO_BOOLIN/OUT Arguments Data type Description

IN IN DINTREALSTRINGTIME

any non-Boolean value

OUT Q BOOL TRUE for non-zero numerical valueFALSE for zero numerical valueTRUE for 'TRUE' stringFALSE for 'FALSE' string

n DescriptionConverts any variable to a Boolean one.

n Example

Figure Appendix 1.3.2-2 FBD example with "Convert to Boolean" operators



Appendix 1.3.3 ANY_TO_DINT

Figure Appendix 1.3.3-1 ANY_TO_DINT

n Arguments

Table Appendix 1.3.3-1 Arguments of ANY_TO_DINTIN/OUT Arguments Data type Description

IN IN BOOLREALSTRINGTIME

Any non-integer value

OUT Q DINT 0 if IN is FALSE / 1 if IN is TRUEnumber of milliseconds for a timerinteger part for realdecimal number represented by a string

n DescriptionConverts any variable to an integer one.

IMPORTANTIf a value that is generated when a floating point is converted to DINT using ANY_TO_DINTfunction is less than the integer-type minimum or more than the integer-type maximum, acomputation error occurs due to a type-conversion overflow. At this time, SCS behaves ac-cording to the specified Behavior at Abnormal Calculation of SCS Constants Builder.

n Example

Figure Appendix 1.3.3-2 FBD example with "Convert to Integer" operators



Appendix 1.3.4 ANY_TO_REAL

Figure Appendix 1.3.4-1 ANY_TO_REAL

n Arguments

Table Appendix 1.3.4-1 Arguments of ANY_TO_REALIN/OUT Arguments Data type Description

IN IN DINTBOOLSTRINGTIME

Any non-real value

OUT Q REAL 0.0 if IN is FALSE / 1.0 if IN is TRUEnumber of milliseconds for a timerequivalent number for integer

n DescriptionConverts any variable to a real one.

n Example

Figure Appendix 1.3.4-2 FBD example with "Convert to Real" operators



Appendix 1.3.5 ANY_TO_TIME

Figure Appendix 1.3.5-1 ANY_TO_TIME

n Arguments

Table Appendix 1.3.5-1 Arguments of ANY_TO_TIMEIN/OUT Arguments Data type Description

IN IN DINTBOOLREALSTRING

0 or any positive non-timer value

OUT Q TIME Time value represented by IN

n DescriptionConverts any variable to a timer one.

IMPORTANTThe input to ANY_TO_TIME should be a value between 0 and 86400000 regardless of thedata type. If a value beyond this range is used, it cannot return a proper time. Especially, if aREAL value that is more than 4294967295 (= a 32-bit unsigned integral maximum) or lessthan -2147483648 (= a 32-bit signed integral maximum) is specified, a computation error oc-curs due to a type-conversion overflow. At this time, SCS behaves according to the specifiedBehavior at Abnormal Calculation of SCS Constants Builder.

n Example

Figure Appendix 1.3.5-2 FBD example with "Convert to Timer" operators



Appendix 1.3.6 ASIN

Figure Appendix 1.3.6-1 ASIN

n Arguments

Table Appendix 1.3.6-1 Arguments of ASININ/OUT Arguments Data type Description

IN IN REAL Must be in set [-1.0 .. +1.0]

OUT Q REAL Arc-sine of the input value (in set [-PI/2 .. +PI/2])= 0.0 for invalid input

n DescriptionCalculates the arc-sine of a real value.

n Example

Figure Appendix 1.3.6-2 FBD program using "SIN" and "ASIN" functions



Appendix 1.3.7 ATAN

Figure Appendix 1.3.7-1 ATAN

n Arguments

Table Appendix 1.3.7-1 Arguments of ATANIN/OUT Arguments Data type Description

IN IN REAL Any real value

OUT Q REAL Arc-tangent of the input value (in set [-PI/2 .. +PI/2])= 0.0 for invalid input

n DescriptionCalculates the arc-tangent of a real value.

n Example

Figure Appendix 1.3.7-2 FBD program using "TAN" and "ATAN" functions



Appendix 1.3.8 COS

Figure Appendix 1.3.8-1 COS

n Arguments

Table Appendix 1.3.8-1 Arguments of COSIN/OUT Arguments Data type Description


OUT Q REAL Cosine of the input value (in set [-1.0 .. +1.0])

n DescriptionCalculates the cosine of a real value.

n Example

Figure Appendix 1.3.8-2 FBD program using "COS" and "ACOS" functions



Appendix 1.3.9 LOG

Figure Appendix 1.3.9-1 LOG

n Arguments

Table Appendix 1.3.9-1 Arguments of LOGIN/OUT Arguments Data type Description

IN IN REAL Must be greater than zero

OUT Q REAL Logarithm (base 10) of the input value

n DescriptionCalculates the logarithm (base 10) of a real value.If the input value is smaller than or equal to 0, a fixed value (-1E35) will be output.

n Example

Figure Appendix 1.3.9-2 FBD program using a "LOG" function



Appendix 1.3.10 MOD

Figure Appendix 1.3.10-1 MOD

n Arguments

Table Appendix 1.3.10-1 Arguments of MODIN/OUT Arguments Data type Description

IN IN DINT Any signed INTEGER value

Base DINT Must be greater than zero

OUT Q DINT Modulo calculation (input MOD base)returns -1 if Base <= 0

n DescriptionCalculates the modulo of an integer value.If a value smaller than or equal to 0 is used for Base, a fixed value (-1) will be output. Howev-er, this output is not distinguishable from the correct value of (-1) resulted from the correct cal-culation.

n Example

Figure Appendix 1.3.10-2 FBD program using a "MOD" function



Appendix 1.3.11 POW

Figure Appendix 1.3.11-1 POW

n Arguments

Table Appendix 1.3.11-1 Arguments of POWIN/OUT Arguments Data type Description

IN IN REAL Real number to be raised

EXP REAL Power (exponent)

OUT Q REAL (INEXP)1.0 if IN is not 0.0 and EXP is 0.00.0 if IN is 0.0 and EXP is negative0.0 if both IN and EXP are 0.00.0 if IN is negative and EXP does not correspond to an inte-ger

n DescriptionGives the real result of the operation: (base exponent). 'base' being the first argument and 'ex-ponent' the second one. The exponent is a real value.

n Example

Figure Appendix 1.3.11-2 FBD program using a "POW" function



Appendix 1.3.12 SIN

Figure Appendix 1.3.12-1 SIN

n Arguments

Table Appendix 1.3.12-1 Arguments of SININ/OUT Arguments Data type Description


OUT Q REAL Sine of the input value (in set [-1.0 .. +1.0])

n DescriptionCalculates the sine of a real value.

n Example

Figure Appendix 1.3.12-2 FBD program using "SIN" and "ASIN" functions



Appendix 1.3.13 TAN

Figure Appendix 1.3.13-1 TAN

n Arguments

Table Appendix 1.3.13-1 Arguments of TANIN/OUT Arguments Data type Description

IN IN REAL Cannot be equal to PI/2 modulo PI

OUT Q REAL Tangent of the input value= 1E+38 for invalid input

n DescriptionCalculates the tangent of a real value.

n Example

Figure Appendix 1.3.13-2 FBD program using "TAN" and "ATAN" functions



Appendix 1.4 Interference-free standardfunction blocks

The following list shows the Interference-free standard function blocks that are described inthis part:• AVERAGE

• LIM_ALRM

<Appendix 1.4 Interference-free standard function blocks> App.1-53


Appendix 1.4.1 AVERAGE

Figure Appendix 1.4.1-1 AVERAGE

n Arguments

Table Appendix 1.4.1-1 Arguments of AVERAGEIN/OUT Arguments Data type Description

IN RUN BOOL TRUE=run / FALSE=reset

XIN REAL Any real Variable

N DINT Application defined number of samples

OUT XOUT REAL Running average of XIN value

When setting or changing the value for N, you need to set RUN to FALSE, and then set itback to TRUE.

n DescriptionStores a value at each cycle and calculates the average value of all already stored values.Only the N last values are stored.The number of samples N cannot exceed 128.If the "RUN" command is FALSE (reset mode), the output value is equal to the input value.When the maximum N of stored values is reached, the first stored value is erased by the lastone.

n Example

Figure Appendix 1.4.1-2 FBD program using a "AVERAGE" block



Appendix 1.4.2 LIM_ALRM

Figure Appendix 1.4.2-1 LIM_ALRM

n Arguments

Table Appendix 1.4.2-1 Arguments of LIM_ALRMIN/OUT Arguments Data type Description

IN H REAL High limit value

X REAL Input: any real value

L REAL Low limit value

EPS REAL Hysteresis value (must be greater than zero)

OUT QH BOOL "high" alarm: TRUE if X above high limit H

Q BOOL Alarm output: TRUE if X out of limits

QL BOOL "low" alarm: TRUE if X below low limit L

n DescriptionHysteresis on a real value for high and low limits.A hysteresis is applied on high and low limits. The hysteresis delta used for either high or lowlimit is one half of the EPS parameter.

n Example






INDEXSymbols

–...................................................................App.1-5*................................................................... App.1-3/....................................................................App.1-6+.................................................................. App.1-41 GAIN.........................................................App.1-7

AABS............................................................. App.1-8ACCUM.......................................................... C13-1ACOS........................................................ App.1-40AGA_3............................................................C13-1AGA_7............................................................C13-1AGA_R........................................................... C13-1AND.............................................................App.1-9ANLG_S......................................................... C3-22ANLG1OO2D................................................... C3-8ANLGI.............................................................C3-29ANLGVOTER................................................. C3-13ANN..................................................................C7-2ANN_FUP.......................................................C3-45ANY_TO_BOOL........................................ App.1-41ANY_TO_DINT..........................................App.1-42ANY_TO_REAL.........................................App.1-43ANY_TO_TIME..........................................App.1-44ASIN.......................................................... App.1-45ATAN......................................................... App.1-46AVERAGE................................................. App.1-54

BB_TO_IB.........................................................C3-43BOOLVOTER................................................. C3-20BUF_DIF_B....................................................C12-1BUF_DIF_I..................................................... C12-1BUF_DIF_R....................................................C12-1BUF_TIM_I.....................................................C12-1BUF_TIM_R................................................... C12-1BUF_TRIG_B................................................. C12-1

BUF_TRIG_I...................................................C12-1BUF_TRIG_R.................................................C12-1

CCONS_B...........................................................C4-8CONS_I.......................................................... C4-11CONS_R........................................................ C4-13COS...........................................................App.1-47CTD................................................................C3-39CTU................................................................C3-37CTUD............................................................. C3-41

DDNP3_AI_16.................................................. C14-1DNP3_AI_32.................................................. C14-1DNP3_AI_SF..................................................C14-1DNP3_AO_16 ................................................C14-1DNP3_AO_32.................................................C14-1DNP3_AO_SF................................................C14-1DNP3_BI........................................................ C14-1DNP3_BO.......................................................C14-1DNP3_CT_16 ................................................C14-1DNP3_CT_32.................................................C14-1

EECW_B.............................................................C9-1ECW_I..............................................................C9-1ECW_R............................................................ C9-1ECWR_B........................................................C13-1ECWR_I......................................................... C13-1ECWR_R........................................................C13-1Equal......................................................... App.1-10

FF_TRIG......................................................App.1-32FILTER............................................................. C3-4FILTER_S.........................................................C3-6FUP_RST.......................................................C3-48

Ind-1


GGOV_B.............................................................C5-5GOV_IB............................................................C5-5Greater Than............................................. App.1-12Greater Than or Equal...............................App.1-11

IIB_TO_S.........................................................C2-11IB_TO_V.........................................................C2-10IR_TO_S........................................................ C2-13IR_TO_V........................................................ C2-12

LLess Than..................................................App.1-14Less Than or Equal................................... App.1-13LIM_ALRM.................................................App.1-55LIMIT......................................................... App.1-15LOG...........................................................App.1-48LOGE............................................................... C6-2LTFCS.............................................................. C7-9LTRCV............................................................C4-16LTSND............................................................C4-15

MMAX...........................................................App.1-16MIN............................................................App.1-17MOA............................................................... C5-20MOB_11......................................................... C5-10MOB_21......................................................... C5-14MOB_RS........................................................ C5-18MOD.......................................................... App.1-49MUX4.........................................................App.1-18MUX8.........................................................App.1-19MUXBOOL4..................................................... C2-2MUXBOOL8..................................................... C2-3MUXREAL4......................................................C2-4MUXREAL8......................................................C2-5

NNOT...........................................................App.1-21Not Equal...................................................App.1-22

OOR............................................................. App.1-23OVR_B............................................................. C5-2OVR_I...............................................................C5-2OVR_IB............................................................ C5-2OVR_IR............................................................C5-2OVR_R.............................................................C5-2

PPASSWD..........................................................C5-8POW..........................................................App.1-50POWE.............................................................. C6-3PROD_B...........................................................C4-2PROD_I............................................................C4-4PROD_R.......................................................... C4-6

RR_TO_IR........................................................ C3-44R_TRIG..................................................... App.1-33REPEATTIMER................................................C3-2ROL........................................................... App.1-24ROR...........................................................App.1-25RS..............................................................App.1-34

SSCALER...........................................................C2-6SCI_B...............................................................C8-2SCI_I................................................................ C8-4SCI_R...............................................................C8-6SCO_B............................................................. C8-8SCO_I.............................................................C8-10SCO_R...........................................................C8-12SEL............................................................App.1-26SEL_R..............................................................C2-8SEL_T.............................................................. C2-9SHL............................................................App.1-27SHR...........................................................App.1-28SIN.............................................................App.1-51SOE_B............................................................. C7-3SOE_I...............................................................C7-5SOE_R............................................................. C7-7SQRT.........................................................App.1-29SR..............................................................App.1-35SYS_ALARM..................................................C11-7SYS_ALLSD.................................................C10-25SYS_ALRDSP..............................................C11-18SYS_CERR..................................................C10-46SYS_CHST.................................................. C10-41SYS_DIAG................................................... C10-12SYS_ESBINF............................................... C11-12SYS_FORCE..................................................C10-3SYS_FORCE_BD...........................................C10-7SYS_FORCE_LT............................................C10-5SYS_FORCE_SC.........................................C11-20SYS_INST....................................................C10-39SYS_IOALLST............................................. C10-29SYS_IOMDSP.............................................. C11-16

Ind-2


SYS_IOSD................................................... C10-27SYS_LTSTS................................................. C10-10SYS_NETST...................................................C11-9SYS_NODEINF............................................ C11-14SYS_NODEST............................................. C10-31SYS_OUTEN................................................C10-43SYS_OUTST................................................C10-33SYS_OUTST16............................................C10-36SYS_OVR.................................................... C10-18SYS_PSWD................................................. C10-22SYS_SCAN.................................................... C11-2SYS_SCANEXT........................................... C10-48SYS_SEC_CTL............................................C10-16SYS_SECURE............................................. C10-14SYS_SETTIME...............................................C11-5

SYS_STAT..................................................... C10-2SYS_STAT_SC.............................................C11-22SYS_TIME......................................................C11-4

TTAN............................................................App.1-52TOF........................................................... App.1-36TON...........................................................App.1-37TP..............................................................App.1-38

VVEL.................................................................C3-34

XXOR...........................................................App.1-30

Ind-3


Revision InformationTitle : Safety Control Station Reference

Manual No. : IM 32Q03B10-31E

Jan. 2015/4th Edition/R3.02.20 or later*

*: Denotes the release number of the Software Product corresponding to the contents of this Man-ual. The revised contents are valid until the next edition is issued.

Introduction ProSafe-RS document map has been removed, descriptions of "Safety, Protection, andModification of the Product" have been modified.

B4.1 Table: Details of codes for input/output hardware failure has been changed.

B4.2 The explanations about ProSafe-SLS communication function and DNP3 communica-tion have been added.

B6.3 Descriptions of "Actions taken at minor error occurrence and recovery procedure" havebeen modified and relocated.

C1.1 Tables, List of safety FUs and FBs, List of safety Ladder elements, and List of interfer-ence-free FUs and FBs have been modified.

C3.11 The explanations about CTD have been changed.

C3.12 The explanations about CTUD have been changed.

C12 A link for "Function blocks for data buffering function" has been added.

C13 A link for "Function blocks for gas flow rate calculation function" has been added.

C14 A link for "Function blocks for DNP3 communication" has been added.

Appendix 1 Newly added.

INDEX Newly added.

Oct. 2013/3rd Edition/R3.02.10 or later

Introduction Description of station types has been changed.

C1.1 Information on LOGE, POWE, and SYS_SETTIME has been added.

C6 A new section for interference-free functions has been added.

C6.1 A description of LOGE has been added.

C6.2 A description of POWE has been added.

C7 to C11 Chapters C6 to C10 in the previous edition have been moved to C7 to C11.

C11.3 A description of SYS_SETTIME has been added.

Dec. 2012/2nd Edition/R3.02 or later

Parts A, B, C, and D A summary page has been added.

A2, B4.2 Information on Ethernet communication modules has been added.

A4.4 The term "accuracy guarantee range" has been changed to "setting range."

A6.1, C9.5 Descriptions of DLYT have been unified.

B4.1 Descriptions of hardware failure of input/output modules have been changed.

C4.4, C4.5, C4.6 Setting values of OUTT have been changed.

Aug. 2011/1st Edition/R3.01 or laterNewly published

Rev-1


n

For Questions and More InformationOnline Query: A query form is available on the following URL for online query.http://www.yokogawa.com/iss

n Written by Yokogawa Electric Corporationn Published by Yokogawa Electric Corporation

2-9-32 Nakacho, Musashino-shi, Tokyo 180-8750, JAPAN

Rev-2


Documents

User's Manual Safety Control Station Referencecdn2.us.yokogawa.com/IM32Q03B10-31E.pdf · Manual Safety Control Station Reference IM 32Q03B10-31E IM 32Q03B10-31E 4th Edition. Introduction