1747-L551模块备件

1747-L551

用户程序的相互影响是可能的！
在多个用户程序中使用相同的全局变量可能会导致不同的结果
用户程序之间的相互影响所导致的后果。
ƒ仔细规划在多个用户程序中使用相同的全局变量。
ƒ使用SILworX中的交叉引用检查全局数据的使用。全球数据
只能由一个实体（在用户程序中）从
安全相关输入或通过安全相关通信协议！
用户有责任排除由于以下原因造成的任何潜在操作干扰：
用户程序的相互影响！
有关多任务处理的详细信息，请参阅系统手册（HI 801 001 E）
10.2.12测试机构的验收
HIMA建议在设计测试时尽快让测试机构参与
须经批准的系统。
本验收测试仅适用于用户功能，但不适用于安全相关的功能
已批准的HIMax系统的模块和自动化设备。
10.3创建用户程序的检查表
为了在编程阶段遵守所有安全相关方面，HIMA
建议在加载新的或修改的文件之前和之后使用以下检查表：
程序检查表可用于帮助规划和演示
后来，规划阶段仔细完成。
检查表以Microsoft®Word®格式在HIMA网站上提供。
HIMax 11配置通信
HI 801 003 E版本4.00第51页，共64页
11.配置通信
除了使用物理输入和输出变量外，还可以使用变量值
通过数据连接与其他系统交换。在这种情况下，变量为：
由编程系统SILworX从
对应的资源。
11.1标准协议
许多通信协议仅确保非安全相关的数据传输。这些
协议可用于自动化任务的非安全相关方面。
危险
因使用不安全的导入数据而造成的人身伤害
请勿将从不安全源导入的任何数据用于用户的安全功能
程序
以下标准协议可用：
ƒ在通信模块的以太网接口上：
-Modbus TCP（主/从）
-Modbus，冗余（从）。
-SNTP
-发送/接收TCP
-PROFINET IO（控制器、设备）。
ƒ在通信模块的现场总线接口（RS485）上，根据
设备型号：
-Modbus（主/从）。
-Modbus，冗余（从）。
-PROFIBUS DP（主/从）
11.2安全相关协议：安全以太网
使用safeethernet编辑器配置如何监控安全相关通信。
有关安全以太网的更多详细信息，请参阅通信手册（HI 801 101 E）。
注
可能出现意外过渡到安全状态！
ReceiveTMO是一个安全相关参数！
ReceiveTMO是PES 1的监控时间，在此时间内，PES 2做出正确响应
必须接收。
i ReceiveTMO也适用于从PES 2到PES 1的其他方向！
如果没有从ReceiveTMO内的通信伙伴接收到正确的响应，
HIMax终止安全相关通信。本发明的输入变量
safeethernet连接根据预设参数“冻结数据打开”做出反应
丢失连接[ms]。“使用初始数据”设置只能用于与安全相关的应用程序
这些功能通过安全以太网实现。
11.配置通信HIMax
第52页，共64页HI 801 003 E版本4.00
i在以下等式中用于确定坏情况下的反应时间、目标循环时间和反应时间
如果目标循环时间模式设置为auf Fix或
固定和容忍。
HIMax 11配置通信
HI 801 003 E版本4.00第53页，共64页
11.3安全以太网的坏情况反应时间
在以下示例中，仅适用于计算坏情况下反应时间的公式
如果参数安全时间=2，则申请与HIMatrix控制器连接*
看门狗时间已设置。这些公式始终适用于HIMax控制器。
i允许的坏情况反应时间取决于工艺，必须达成一致
以及负责终检验的测试机构。
条款
ReceiveTMO：PES 1的监控时间，在此时间内PES 2做出正确响应
必须接收。否则，安全相关的通信将被禁用
在时间到期后终止。
生产率：两次数据传输之间的小间隔。
看门狗时间：控制器运行周期允许的大持续时间。这个
运行周期的持续时间取决于用户的复杂性
程序和安全以太网连接的数量。看门狗
必须在资源属性中输入时间（WDT）。
坏的情况
反应时间
坏情况下的反应时间是两次事件之间的时间
PES 1的物理输入信号（in）和对其的反应
PES 2的相应输出（out）。
延迟：transm的延迟

1747-L551

1747-L551

Reciprocal influence of user programs is possible! The use of the same global variables in several user programs can lead to a variety of consequences caused by the reciprocal influence among the user programs. ƒ Carefully plan the use of the same global variables in several user programs. ƒ Use the cross-references in SILworX to check the use of global data. Global data may only be assigned values by one entity, either within a user program, from safety-related inputs or through safety-related communication protocols! The user is responsible to exclude any potential operation interferences due to reciprocal influence of user programs! Refer to the System Manual (HI 801 001 E) for details on multitasking 10.2.12 Acceptance by Test Authority HIMA recommends involving the test authority as soon as possible when designing a system that is subject to approval. This acceptance test only applies to the user functionality, but not to the safety-related modules and automation devices of the HIMax system that have already been approved. 10.3 Checklist for Creating a User Program To comply with all safety-related aspects during the programming phase, HIMA recommends using the following checklist prior to and after loading a new or modified program. The checklist can be used for helping with planning as well as to demonstrate later on that the planning phase was carefully completed. The checklists is available in Microsoft® Word® format on the HIMA website. HIMax 11 Configuring Communication HI 801 003 E Rev. 4.00 Page 51 of 64 11 Configuring Communication In addition to using the physical input and output variables, variable values can also be exchanged with other system through a data connection. In this case, the variables are declared with the programming system SILworX, from within the Protocols area of the corresponding resource. 11.1 Standard Protocols Many communication protocols only ensure a non-safety-related data transmission. These protocols can be used for the non-safety-related aspects of an automation task. DANGER Physical injury due to usage of unsafe import data Do not use any data imported from unsafe sources for safety functions in the user program. The following standard protocols are available: ƒ On the Ethernet interfaces on the communication module: - Modbus TCP (master/slave) - Modbus, redundant (slave). - SNTP - Send/Receive TCP - PROFINET IO (controller, device). ƒ On the fieldbus interfaces (RS485) of the communication module according to the device model: - Modbus (master/slave). - Modbus, redundant (slave). - PROFIBUS DP (master/slave) 11.2 Safety-Related Protocol: safeethernet Use the safeethernet Editor to configure how safety-related communication is monitored. Refer to the Communication Manual (HI 801 101 E) for further details on safeethernet. NOTE Unintentional transition to the safe state possible! ReceiveTMO is a safety-related parameter! ReceiveTMO is the monitoring time of PES 1 within which a correct response from PES 2 must be received. i ReceiveTMO also applies in the other direction from PES 2 to PES 1! If a correct response is not received from the communication partner within ReceiveTMO, HIMax terminates the safety-related communication. The input variables of this safeethernet connection react in accordance with the preset parameter Freeze Data on Lost Connection [ms]. The Use Initial Data setting may only be used for safety-related functions implemented via safeethernet. 11 Configuring Communication HIMax Page 52 of 64 HI 801 003 E Rev. 4.00 i In the following equations for determining the worst case reaction time, the target cycle time can be used instead of the watchdog time, if the target cycle time mode is set to auf Fix or Fixed-tolerant. HIMax 11 Configuring Communication HI 801 003 E Rev. 4.00 Page 53 of 64 11.3 Worst Case Reaction Time for safeethernet In the following examples, the formulas for calculating the worst case reaction time only apply for a connection with HIMatrix controllers if the parameter Safety Time = 2 * Watchdog Time is set. These formulas always apply to HIMax controllers. i The allowed worst case reaction time depends on the process and must be agreed upon together with the test authority responsible for the final inspection. Terms ReceiveTMO: Monitoring time of PES 1 within which a correct response from PES 2 must be received. Otherwise, safety-related communication is terminated after the time has expired. Production Rate: Minimum interval between two data transmissions. Watchdog Time: Maximum duration permitted for a controller's RUN cycle. The duration of the RUN cycle depends on the complexity of the user program and the number of safeethernet connections. The watchdog time (WDT) must be entered in the resource properties. Worst Case Reaction Time The worst case reaction time is the time between a change in a physical input signal (in) of PES 1 and a reaction on the corresponding output (out) of PES 2. Delay: Delay of a transmission path e.g., with a modem or satellite connection. For direct connections, an initial delay of 2 ms can be assumed. The responsible network administrator can measure the actual delay on a transmission path. To the calculations of the maximum reaction times specified below, the following conditions apply: ƒ The signals transmitted over safeethernet must be processed in the corresponding controllers within one CPU cycle. ƒ Further, the reaction time of the sensors and actuators must be added. The calculations also apply to signals in the opposite direction.