1756-BA1模块备件

1756-BA1

安全相关的HIMax控制器可用于SIL 3以下的应用。这需要：
使用中的传感器和致动器（信号器和致动元件）也实现了以下目的：
需要SIL。
在某些情况下，传感器或执行器可能无法满足中定义的要求
应用程序，如过程值、值范围、SIL等。在这种情况下，使用
以下解决方法：
ƒ对于输入：使用满足所有要求的任何可用传感器
SIL值的例外。充分使用它们，使它们的组合提供一个
具有所需SIL的输入信号。
ƒ对于输出：使用满足所有要求的任何可用致动器
SIL的例外。使用足够的这些元素，以使它们的组合影响
使用所需的SIL进行处理。
通过输入，将各个传感器的值及其状态信息与
用户程序的一部分，由此产生具有所需SIL的全局变量
结合体
对于输出，在多个输出之间分配全局变量的值，以便
如果发生故障，过程采用安全状态。此外，致动器的组合必须：
能够以所需的方式（例如串行或并行）影响过程
阀的连接）。
对于输入和输出，设计系统，使其具有所需数量的传感器和传感器
给定过程变量的致动器，直到达到大可能的安全程度
为该过程实现。我们使用计算工具来确定SIL。
i使用多个传感器和致动器输入或输出单个信号，如
此处描述的仅旨在作为提高SIL的手段。不要将此与
使用冗余输入或输出以提高可用性
有关如何实现传感器和执行器所需SIL的信息，请参见IEC
61511-1，11.4节。
附录HIMax
60页，共64页HI 801 003 E版本4.00
定义和缩写
术语说明
ARP地址解析协议：用于分配网络地址的网络协议
到硬件地址
人工智能模拟输入
连接器板HIMax模块的连接器板
COM通信模块
循环冗余校验
数字输入
进行数字输出
电磁兼容性
欧洲规范
静电放电
FB现场总线
FBD功能框图
容错时间
ICMP互联网控制消息协议：用于状态或错误消息的网络协议
国际电工委员会
MAC地址：一个网络连接的硬件地址（媒体访问控制）
PADT编程和调试工具（符合IEC 61131-3），
带SILworX的PC
PE保护接地
骨盆保护超低电压
PES可编程电子系统
PFD：按需失效概率、按安全要求失效概率
作用
PFH每小时故障概率、每小时危险故障概率
R读
机架ID底板标识（编号）
假设两个输入电路连接到同一电源（例如
发射器）。如果输入电路不使信号失真，则称为“无功”
另一个输入电路的输出。
R/W读/写
SB系统总线（模块）
SELV安全超低电压
SFF安全故障分数，安全可管理故障的一部分
SIL安全完整性等级（符合IEC 61508）
HIMax的SILworX编程工具
SNTP简单网络时间协议（RFC1769）
SRS System.Rack。模块的插槽寻址
软件
TMO超时
三模冗余
W写
总交流分量的rP峰值
模块或程序的看门狗（WD）时间监控。如果超过了看门狗时间
模块或程序进入错误停止状态。
WDT看门狗时间

1756-BA1

1756-BA1

The safety-related HIMax controllers can be used in applications up to SIL 3. This requires
that the sensors and actuators (signalers and actuating elements) in use also achieve the
required SIL.
In some cases, sensors or actuators may not be available for the requirements defined in
the application, such as process value, range of value, SIL, etc. In this case, use the
following workaround:
ƒ For inputs: Use any of the available sensors that meet all of the requirements with the
exception of the SIL value. Use enough of them such that their combination provide an
input signal with the required SIL.
ƒ For outputs: Use any of the available actuators that meet all of the requirements with the
exception of the SIL. Use enough of them such that their combination affects the
process with the required SIL.
With inputs, associate the values of the individual sensors and their status information with
a part of the user program such that a global variable with the required SIL results from this
combination.
With outputs, distribute the value of a global variable among multiple outputs such that the
process adopts the safe state if a fault occurs. Further, the combination of actuators must
be able to affect the process in the required manner (for example, the serial or parallel
connection of valves).
For both inputs and outputs, design the system to have the required number of sensors and
actuators for a given process variable until the greatest possible degree of safety is
achieved for the process. Us a calculation tool to determine the SIL.
i The use of multiple sensors and actuators for inputting or outputting a single signal as
described here is only intended as a means of increasing the SIL. Do not confuse this with
the use of redundant inputs or outputs for improving availability

For information on how to achieve the required SIL for sensors and actuators, see IEC
61511-1, Section 11.4. 
Appendix HIMax
Page 60 of 64 HI 801 003 E Rev. 4.00
Definitions and Abbreviations
Term Description
ARP Address Resolution Protocol: Network protocol for assigning the network addresses
to hardware addresses
AI Analog Input
Connector Board Connector board for the HIMax module
COM Communication module
CRC Cyclic Redundancy Check
DI Digital Input
DO Digital Output
EMC Electromagnetic Compatibility
EN European Norm
ESD ElectroStatic Discharge
FB Fieldbus
FBD Function Block Diagram
FTT Fault Tolerance Time
ICMP Internet Control Message Protocol: Network protocol for status or error messages
IEC International Electrotechnical Commission
MAC address Hardware address of one network connection (Media Access Control)
PADT Programming And Debugging Tool (in accordance with IEC 61131-3),
PC with SILworX
PE Protective Earth
PELV Protective Extra Low Voltage
PES Programmable Electronic System
PFD Probability of Failure on Demand, probability of failure on demand of a safety
function
PFH Probability of Failure per Hour, probability of a dangerous failure per hour
R Read
Rack ID Base plate identification (number)
Non-reactive Supposing that two input circuits are connected to the same source (e.g., a
transmitter). An input circuit is termed "non-reactive" if it does not distort the signals
of the other input circuit.
R/W Read/Write
SB System Bus (Module)
SELV Safety Extra Low Voltage
SFF Safe Failure Fraction, portion of safely manageable faults
SIL Safety Integrity Level (in accordance with IEC 61508)
SILworX Programming tool for HIMax
SNTP Simple Network Time Protocol (RFC 1769)
SRS System.Rack.Slot addressing of a module
SW Software
TMO TiMeOut
TMR Triple Module Redundancy
W Write
rP Peak value of a total AC component
Watchdog (WD) Time monitoring for modules or programs. If the watchdog time is exceeded, the
module or program enters the ERROR STOP state.
WDT WatchDog Time