1746-A10模块备件

1746-A10

2.通过试验对逻辑进行彻底的功能测试（见第9.2.2章）。
对控制器和应用程序进行了充分测试。
如果修改了用户程序，则必须仅修改受更改影响的程序组件
进行测试。为此，可以使用SILworX中的安全修订比较器来确定
并显示相对于先前版本的所有更改。
9.2.2验证配置和用户程序
要验证创建的用户程序是否执行所需的安全功能，用户必须：
为所需的系统规范创建合适的测试用例。
每个回路的独立测试（包括输入、回路中的关键互连）
应用和输出）通常是足够的。
还必须为公式的数值评估创建合适的测试用例。
等价类测试是合理的。这些测试在定义的值范围内，至少
无效值范围的限制或在无效值范围内。测试用例的选择必须确保：
可以证明计算是正确的。所需的测试用例数量取决于
在使用的公式上，必须包括临界值对。
HIMA建议在不使用数据源执行主动模拟的情况下，
因为这是证明系统中的传感器和致动器（也包括
通过与远程I/O的通信连接到系统）。这是
这也是验证系统配置的方法。
初始创建和修改用户时都必须遵循此过程
程序
9.3资源参数
危险
配置不正确可能导致人身伤害！
编程系统和控制器都不能验证特定项目
参数。因此，请正确输入这些参数并验证整个过程
进入
这些参数设置为0。
ƒ系统ID
ƒ机架ID，见5.1和系统手册（HI 801001）。
ƒ系统总线模块的责任属性，见5.2
ƒ安全时间
ƒ看门狗时间
ƒ主启用
ƒ自动启动
ƒ允许启动
ƒ允许负载
ƒ允许重新加载
ƒ允许全局强制
以下参数在SILworX中定义，用于本规范中允许的操作：
资源的安全相关操作，称为安全相关参数。
可为安全相关操作定义的参数不受任何约束
对类的特定要求。相反，每一项都必须与
负责自动化设备每个单独实现的测试机构。
9软件HIMax
第38页，共64页HI 801 003 E版本4.00
9.3.1资源的系统参数
可以在“属性”对话框的SILworX中设置资源的系统参数
资源的一部分。
参数/
转换
描述默认值
价值
安全设置
活动
名称：资源的名称，任意
系统ID[SRS]资源的系统ID
1...65 535
分配给系统ID的值必须不同于
默认值，否则无法创建项目
执行！
60000值
在
控制器
网络这
包括所有
控制器
可能是
潜在地
与
彼此
安全时间[ms]以毫秒为单位的安全时间
20…22 500毫秒
600毫秒应用程序特定
看门狗时间
[ms]
看门狗时间（毫秒）
6…7500毫秒
200毫秒应用程序特定
打开：可以打开以下开关或参数：
在操作期间随PADT发生变化
（即运行中）：
ƒ系统ID
ƒ资源看门狗时间
ƒ安全时间
ƒ目标循环时间
ƒ目标循环时间模式
ƒ自动启动
ƒ允许全局强制
ƒ全局力超时反应
ƒ允许负载
ƒ允许重新加载
ƒ允许启动
关闭：在运行期间无法更改参数
活动
主使能
仅当
PES已停止，无法设置为打开
在线 的
开关是
推荐
开启：如果处理器模块连接到
电源电压，用户程序启动
自动地
自动启动
关闭：用户程序不启动
在连接电源后自动地
电压
非应用程序特定
开启：使用PADT进行冷启动或热启动是可行的
在运行或停止状态下允许
允许开始
关闭：不允许启动
关于应用程序特定
允许加载：允许下载用户程序
关闭：不允许下载用户程序
关于应用程序特定
允许重新加载：允许重新加载用户程序
关闭：不允许重新加载用户程序。
当前正在运行的重新加载进程未启动
切换到“关闭”时中止
关于应用程序特定
全局强制打开：此资源允许的全局强制
允许关闭：此资源不允许全局强制
关于应用程序特定
HIMax 9软件
HI 801 003 E版本4.00第39页，共64页
参数/
转换
描述默认值
价值
安全设置
活动
全球力量
超时反应
指定当
全局强制超时已过期：
ƒ停止强制
ƒ停止资源
停止
强迫
应用程序特定
Max.Com。时间
片异步[ms]
高va

1746-A10

1746-A10

2. Perform a thorough functional test of the logic by trial (see Chapter 9.2.2). The controller and the application are sufficiently tested. If a user program is modified, only the program components affected by the change must be tested. To do this, the safe revision comparator in SILworX can be used to determine and display all changes relative to the previous version. 9.2.2 Verifying the Configuration and the User Program To verify that the user program created performs the required safety function, the user must create suitable test cases for the required system specification. An independent test of each loop (consisting of input, the key interconnections in the application and output) is usually sufficient. Suitable test cases must also be created for the numerical evaluation of formulas. Equivalence class tests are reasonable . These are tests within defined ranges of values, at the limits of or within invalid ranges of values. The test cases must be selected such that the calculations can be proven to be correct. The required number of test cases depends on the formula used and must include critical value pairs. HIMA reccommends not to do without performing an active simulation with data sources, since this is the only way to prove that the sensors and actuators in the system (also those connected to the system via communication with remote I/Os) are properly wired. This is also the only way to verify the system configuration. This procedure must be followed both when initially creating and when modifying the user program. 9.3 Resource Parameters DANGER Physical injury possible due to incorrect configuration! Neither the programming system nor the controller can verify certain project-specific parameters. For this reason, enter these parameters correctly and verify the whole entry. These parameters are set to 0. ƒ System ID ƒ Rack ID, see 5.1 and System Manual (HI 801 001). ƒ Responsible attribute of system bus modules, see 5.2 ƒ Safety Time ƒ Watchdog Time ƒ Main Enable ƒ Autostart ƒ Start Allowed ƒ Load Allowed ƒ Reload Allowed ƒ Global Forcing Allowed The following parameters are defined in SILworX for the operations permissible in the safety-related operation of the resource and are referred to as safety-related parameters. Parameters that may be defined for safety-related operation are not firmly bound to any specific requirement classes. Instead, each of these must be agreed upon together with the responsible test authority for each separate implementation of the automation device. 9 Software HIMax Page 38 of 64 HI 801 003 E Rev. 4.00 9.3.1 System Parameters of the Resource The system parameters of the resource can be set in SILworX, in the Properties dialog box of the resource. Parameter / Switch Description Default value Setting for safe operation Name Name of the resource Any System ID [SRS] System ID of the resource 1...65 535 The value assigned to the system ID must differ to the default value, otherwise the project cannot be executed! 60 000 Unique value within the controller network. This includes all controllers that may be potentially connected with one another. Safety Time [ms] Safety time in milliseconds 20...22 500 ms 600 ms Applicationspecific Watchdog Time [ms] Watchdog time in milliseconds 6...7500 ms 200 ms Applicationspecific ON: The following switches or parameters can be changes with the PADT during operation (i.e., in RUN): ƒ System ID ƒ Resource Watchdog Time ƒ Safety Time ƒ Target Cycle Time ƒ Target Cycle Time Mode ƒ Autostart ƒ Global Forcing Allowed ƒ Global Force Timeout Reaction ƒ Load Allowed ƒ Reload Allowed ƒ Start Allowed OFF: The parameters cannot be changed during operation. Main Enable i Main Enable can only be set to ON if the PES is stopped, and cannot be set to ON online! ON OFF is recommended ON: If the processor module is connected to the supply voltage, the user program starts automatically Autostart OFF: The user program does not start automatically after connecting the supply voltage. OFF Applicationspecific ON: A cold start or warm start using the PADT is permitted in the states RUN or STOP Start Allowed OFF: Start not allowed ON Applicationspecific Load Allowed ON: Download of the user program permitted OFF: Download of the user program not permitted ON Applicationspecific Reload Allowed ON: Reload of a user program permitted OFF: Reload of a user program not permitted. The reload process currently running is not aborted when switching to OFF ON Applicationspecific Global Forcing ON: Global forcing permitted for this resource Allowed OFF: Global forcing not permitted for this resource ON Applicationspecific HIMax 9 Software HI 801 003 E Rev. 4.00 Page 39 of 64 Parameter / Switch Description Default value Setting for safe operation Global Force Timeout Reaction Specifies how the resource should behave when the global force time-out has expired: ƒ Stop Forcing ƒ Stop resource Stop Forcing Applicationspecific Max.Com. Time Slice ASYNC [ms] Highest value in ms for the time slice used for communication during a resource cycle, see the Communication Manual (HI 801 101 E), 2...5000 ms 10 ms Applicationspecific Max. Duration of Configuration Connections [ms] It defines how much time within a CPU cycle is available for process data communication. 6 ms Applicationspecific Target Cycle Time [ms] Targeted or maximum cycle time, see Target Cycle Time Mode, 0...7500 ms. The maximum target cycle time value may not exceed the defined watchdog time (6 ms); otherwise it is rejected by the PES. 0 ms Applicationspecific Mode 1 The duration of a CPU cycle is based on the required execution time of all user programs. Mode 2 The processor provides user programs with a higher priority the execution time not needed by user programs with a lower priority. Operation mode for high availability. Multitasking Mode Mode 3 The processor waits for the unneeded execution time of user programs to expire and thus increases the cycle. Mode 1 Applicationspecific Sum of UP Max. Duration for Each Cycle [µs] Sum of the values indicated for Max. Duration for each Cycle [µs] in all the user programs; display only, not changeable. - - Use of Target Cycle Time [ms] Fixed The PES maintains the target cycle time and extends the cycle if necessary. This does not apply if the processing time of the user programs exceeds the target cycle time. Fixedtolerant Similar to Fixed, but the target cycle time is not taken into account while the processor modules are being synchronized and during the first reload activation cycle. Dynamictolerant Like Dynamic, but the target cycle time is not taken into account if the processor modules are being synchronized and during the first reload activation cycle. Target Cycle Time Mode Dynamic HIMax maintains the target cycle time as well as possible, but it also executes the cycle as quickly as possible. Fixed Applicationspecific SILworX V2 The code is generated as in SILworX version 2, except for the new functions. This setting allows the reload of a project created with version 2. SILworX V3 Code generation for HIMax version 3. This setting allows the reload of a project created with version 3. Minimum Configuration Version SILworX V4 Code generation for HIMax version 4. This setting ensures the compatibility with future versions.