1746-IM16
危险:未经授权操纵控制器导致人身伤害!
必须保护控制器,防止未经授权的访问!
例如:
更改登录和密码的默认设置!
控制对控制器和PADT的物理访问!
只有在使用的PADT使用当前版本的时,才能访问PES数据
SILworX和用户项目在当前运行的版本(存档)中可用
维护!)。
用户只需在加载用户程序时将PADT连接到PES,或
执行诊断。正常操作期间不需要PADT。断开
在正常运行期间,PADT和PES有助于防止未经授权的访问。
10用户程序HIMax
第44页,共64页HI 801 003 E版本4.00
10用户程序
本章介绍了对用户程序非常重要的安全相关方面。
10.1一般顺序
安全相关设备的HIMax自动化设备编程的一般顺序
应用:
1.指定控制器功能
2.编写用户程序
3.编译用户程序:
用户程序是无错误的,可以运行
4.验证和验证用户程序。
完成这些步骤后,可以测试用户程序,PES可以开始测试
安全操作。
10.2安全相关使用范围
(有关规范、法规和安全要求说明的更多信息,请参见
第3.4章“安全要求”)
用户程序必须使用SILworX编程软件编写。为了进一步
有关为个人计算机发布的操作系统的详细信息,请参阅该版本
要使用的SILworX版本的文档。
基本上,SILworX包括:
输入(程序编辑器)、监控和文档
具有符号名称和数据类型的全局变量(BOOL、UINT等)
HIMax控制器的分配(硬件编辑器)
将用户程序编译成可加载到PES中的格式
通信配置
10.2.1编程基础
应由控制器执行的任务应在规范或附录中定义
规范的要求。本文件是检查其正确性的基础
在用户程序中实现。规范格式取决于要执行的任务
表演。这些措施包括:
组合逻辑
因果图
与功能和功能块的连接逻辑
具有指定特性的功能块
顺序控制器(顺序控制系统)
这是步骤及其启用条件的书面说明,以及
要控制的致动器。
流程图
阶跃启动条件和待控制致动器的矩阵或表格形式
约束的定义,如操作模式、紧急停止等。
系统的I/O概念必须包括对磁场电路的分析,即电流类型
传感器和执行器:
HIMax 10用户程序
HI 801 003 E版本4.00,第45页,共64页
传感器(数字或模拟)
正常运行期间的信号(“数字传感器断电跳闸”原理,“模拟传感器寿命零点”)
发生故障时的信号:
所需安全相关冗余的定义(1oo2、2oo3)
(见本章)
差异监测和反应
执行器
正常运行期间的定位和激活
停机或断电后的安全反应/定位
用户程序的编程目标
易于理解。
易于跟踪和跟踪。
易于测试。
易于修改。
10.2.2用户程序的功能
编程不受硬件限制。用户程序功能可以是
自由编程。
编程时,考虑物理输入的“断电跳闸”原则
以及输出。仅符合IEC 61131-3及其功能要求的元件
在逻辑中允许需求。
物理输入和输出通常按照“断电触发”原则运行,即其安全状态为0。
用户程序包括有意义的逻辑和/或算术函数,而不考虑
物理输入和输出的“断电跳闸”原则。
程序逻辑应清晰、易于理解,并有良好的文档记录,以便:
协助调试。这包括使用功能图。
为了简化逻辑,所有功能块和变量的输入和输出都可以
以任何给定顺序反转。
编程器必须评估来自输入/输出或逻辑的故障信号
阻碍。
将函数封装在自建函数块和函数中,包括:
推荐标准功能。这确保了用户程序可以清晰地显示
在模块(功能、功能块)中结构化。可以查看和测试每个模块
以个人为基础。通过将较小的模块分组到较大的模块中,然后全部组合在一起
进入单用户程序后,用户有效地创建了一个全面、复杂的
作用
10.2.3系统
1746-IM16
1746-IM16
Danger: Physical injury due to unauthorized manipulation of the controller! The controller must be protected against unauthorized access! For instance: Changing the default settings for login and password! Controlling the physical access to the controller and PADT! PES data can only be accessed if the PADT in use is operating with the current version of SILworX and the user project is available in the currently running version (archive maintenance!). The user only need to connect the PADT to the PES when loading the user program or performing diagnostics. The PADT is not required during normal operation. Disconnecting the PADT and PES during normal operation helps to prevent against unauthorized access. 10 User Program HIMax Page 44 of 64 HI 801 003 E Rev. 4.00 10 User Program This chapter describes the safety-related aspects that are important for the user programs. 10.1 General Sequence General sequence for programming HIMax automation devices for safety-related applications: 1. Specify the controller functionality 2. Write the user program 3. Compile the user program: the user program is error-free and can run 4. Verify and validate the user program. Upon completing these steps, the user program can be tested and the PES can begin the safe operation. 10.2 Scope for Safety-Related Use (For more on specifications, regulations and explanation of safety requirements, see Chapter 3.4 "Safety Requirements") The user program must be written using the SILworX programming software. For further details on the operating system released for personal computer, refer to the release documentation for the SILworX version to be used. Essentially, SILworX includes: Input (Program Editor), monitoring and documentation Global variables with symbolic names and data types (BOOL, UINT, etc.) Assignment of HIMax controllers (Hardware Editor) Compilation of user program into a format that can be loaded into the PES Configuration of communication 10.2.1 Programming Basics The tasks to be performed by the controller should be defined in a specification or a requirements specification. This documentation serves as the basis for checking its proper implementation in the user program. The specification format depends on the tasks to be performed. These include: Combinational logic Cause/effect diagram Logic of the connection with functions and function blocks Function blocks with specified characteristics Sequential controllers (sequence control system) This is a written description of the steps and their enabling conditions, and a description of the actuators to be controlled. Flow charts Matrix or table form of the step enabling conditions and the actuators to be controlled Definition of constraints, e.g., operating modes, EMERGENCY STOP, etc. The I/O concept of the system must include an analysis of the field circuits, i.e. the type of sensors and actuators: HIMax 10 User Program HI 801 003 E Rev. 4.00 Page 45 of 64 Sensors (digital or analog) Signals during normal operation ('de-energize-to-trip' principle with digital sensors, 'lifezero' with analog sensors) Signals in the event of a fault: Definition of required safety-related redundancies (1oo2, 2oo3) (see Chapter ) Discrepancy monitoring and reaction Actuators Positioning and activation during normal operation Safe reaction/positioning at shutdown or after power loss Programming goals for user program Easy to understand. Easy to trace and follow. Easy to test. Easy to modify. 10.2.2 Functions of the User Program Programming is not subject to hardware restrictions. The user program functions can be freely programmed. When programming, account for the 'de-energize-to-trip' principle for the physical inputs and outputs. Only elements complying with IEC 61131-3 together with their functional requirements are permitted within the logic. The physical inputs and outputs usually operate in accordance with the 'de-energize-totrip' principle, i.e., their safe state is 0. The user program includes meaningful logic and/or arithmetic functions irrespective of the 'de-energize-to-trip' principle of the physical inputs and outputs. The program logic should be clear and easy to understand and well documented to assist in debugging. This includes the use of functional diagrams. To simplify the logic, the inputs and outputs of all function blocks and variables can be inverted in any given order. The programmer must evaluate the fault signals from the inputs/outputs or from logic blocks. The packaging of functions in self-created function blocks and functions consisting of standard functions is reccommended. This ensures that a user program can be clearly structured in modules (functions, function blocks). Each module can be viewed and tested on an individual basis. By grouping smaller modules into larger ones and then all together into a single user program, the user is effectively creating a comprehensive, complex function. 10.2.3 System Parameters of the User Program The following user program switches and parameters can be set in the Properties dialog box of the user program: 10 User Program HIMax Page 46 of 64 HI 801 003 E Rev. 4.00 Switch / Parameter Function
Copyright ©2019-2022 瑞昌明盛自动化设备有限公司 版权所有 赣ICP备2021006016号
