You are on page 1of 11

FAQ on Safety Integrated

What to consider when Upgrading Failsafe Blocks (V1_2) on S7 F Systems Lib V1_3?
FAQ

Upgrading of Failsafe Blocks

Entry-ID: 30375362

Table of Contents
Table of Contents ......................................................................................................... 2 1 2 3 4 Introduction..................................................................................................... 2 Requirements for the Upgrade ...................................................................... 3 Requirements for the Acceptance Test ........................................................ 4 Procedure for Upgrading ............................................................................... 6

Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

1
Proof

Introduction
For the acceptance test after upgrading Failsafe Blocks (V1_2) on S7 F Systems Lib V1_3 you principally proceed as for the acceptance of changes. The acceptance test shall provide the proof that the changed system properties do not affect the safety of your plant. The required proof is provided by means of the method described below. The proof includes the following: 1. In the upgraded safety program only the system-related changes are contained. 2. The new behavior of S7 F Systems Lib V1_3 does not affect the safety of your plant. 3. The reaction time of the upgraded safety program is within the permissive range for your plant.

I IA/DT

Page 2/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362

2
Basics

Requirements for the Upgrade


A project can be upgraded if all used F-blocks can be upgraded. This principally applies for all blocks of Failsafe Blocks (V1_2).

F-block types created by you F-block types created by you using Failsafe Blocks (V1_2), must be upgraded to S7 F Systems Lib V1_3 before being created.
Note

Please note the rules from the manual S7 F-FH Systems Configuring and Programming, issue 07/2007 chapter 2.3.6 and 5.7: http://support.automation.siemens.com/WW/view/en/2201072

Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

Further F-blocks and F-block types All further F-blocks and F-block types from the project must be available in an S7 F Systems Lib V1_3 compatible version.
Note

For F-blocks which are not part of S7 F Systems, please contact the producer of these F-blocks.

Safety Matrix The F-blocks of Safety Matrix V6.1 are compatible with Failsafe Blocks (V1_2) and S7 F Systems Lib V1_3. Therefore you upgrade all matrixes, which you have generated using Safety Matrix V5.2, to Safety Matrix V6.1 beforehand according to the S7 F Safety Matrix Configuration Manual, issue 03/2008 chapter 2.7.

I IA/DT

Page 3/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362

Requirements for the Acceptance Test


An acceptance test is possible under certain conditions. These are: 1. F-system charts (chart name starts with @F) must only contain F-blocks which the system automatically places during the compilation. 2. The compilation protocol should not contain any warnings on the interconnections of the channel drivers with the module driver prior to the upgrade. If this warning cannot be removed you have to test the safety program at this point after the upgrade. 3. The project to be upgraded is approved according to the manual S7 FFH Systems Configuring and Programming issue 07/2007 chapter 10. http://support.automation.siemens.com/WW/view/en/2201072

Requirements

Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

4. The parameters SUBS_ON and SUBS_I of F_PA_DI must have been correctly parameterized. See also http://support.automation.siemens.com/WW/view/en/26116244 Extract: What do I need to take into account when applying channel driver F_PA_DI? The F-channel driver F_PA_DI of the F-library Failsafe Blocks (V1_2) (S7 F systems V5.2 SP4) contains the inputs SUBS_ON and SUBS_I. These inputs define which value is output during a communication or device error or for a passivation with PASS_ON = 1 at the output Q. In contrast to the default values, these inputs must be parameterized as follows: SUBS_ON = TRUE SUBS_I = FALSE Other configurations contradict the basic criterion, that for digital F-I/O the value "0" is always considered as a safe rest position. 5. F-blocks F_S_BO, F_R_BO, F_S_R and F_R_R must not be used for the communication within a shutdown group.

I IA/DT

Page 4/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362 Extract: Why is there an error message within an F-shutdown group during data transmission between F-runtime groups? Description: When transmitting data between F-runtime groups within an F-shutdown group via the F-system blocks F_S_BO/F_R_BO or F_S_R/F_R_R, you can no longer compile your program (standard user program and safety program) with S7 F-Systems V5.2 SP4. In this case you receive the following error message: "When interconnecting between F-runtime groups 'X' and 'Y' no communication blocks are required since the F-runtime groups are located in the same shutdown group."

Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

Remedy: Replace the data transmission via the F-system blocks F_S_BO/F_R_BO or F_S_R/F_R_R within an F-shutdown group by interconnecting the blocks directly.

Note: Using the F-system blocks for data transmission between F-runtime groups within an F-shutdown group produces dead times of one OB-cycle each, since the receive block comes before the send block in the run sequence. In each case check, that the safety of your plant is not affected by these dead times. Should one of these requirements not be fulfilled in your project, you first change the project accordingly. Please note the procedure from the manual S7 F-FH Systems Configuring and Programming, issue 07/2007 chapter 10.3: http://support.automation.siemens.com/WW/view/en/2201072

I IA/DT

Page 5/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362

Procedure for Upgrading


Prior to the upgrade to S7 F Systems Lib V1_3 you create a backup copy of the entire S7-project for the later comparison.

Step 1: Create a backup copy

Step 2: Upgrade the project Please upgrade the project according to the manual S7 F-FH Systems Configuring and Programming, issue 07/2007 chapter 2.3.6 and 5.7: Please ensure taking the described additional measures in particular, if applicable to your project. http://support.automation.siemens.com/WW/view/en/2201072 Step 3: Check textual interconnections
Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

Check that no textual interconnections with F-blocks exist. If textual interconnections have been created through the upgrade, they must be completed or deleted prior to the compilation. Step 4: Comparison between safety programs and backup copy Compare the safety program with the safety copy. Use the Comparing... button in the "Edit safety program" dialog of the SIMATIC Manager. You record that only permitted differences are detected. Permitted are: New system runtime groups "@F_IN_3x_y" and "@F_OUT_3x_y": Runtime Group "@F_IN_3x_y": Added Those blocks which need to be processed at the beginning of a shutdown group are moved to the "@F_IN_3x_y" runtime group. Prior to the upgrade these F-blocks were located in the first runtime group of the user and are listed as deleted here during the comparison. Runtime Group "@F_OUT_3x_y": Added Those F-blocks which need to be processed at the end of a shutdown group are moved to the "@F_OUT_3x_y" runtime group. Prior to the upgrade these F-blocks were located in the last runtime group of the user and are listed as deleted here during the comparison.

Moving runtime groups by means of the additional or moved system runtime groups Runtime group "Runtime Group": Run Position Changed 'y'<->'z'

I IA/DT

Page 6/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362

Output for moving F-blocks which must be processed at the beginning or end of a shutdown group. In the original runtime group these are indicated as deleted. This affects the block types F_BO_FBO, F_R_FR, F_QUITES, F_SENDBO, F_RCVBO, F_SENDR, F_RCVR, F_S_BO, F_R_BO, F_S_R, F_R_R, F_PLK, F_PLK_O. Z.B.
| +--o Runtime Group "UserRtg": Run Position Changed '4'<->'3' | | +--o Block "UserChart\Convert1": Deleted | | +--o Block "UserChart\Receive1": Deleted

Output on deleted module drivers. This concerns block types F_M_DI8, F_M_DI24, F_M_AI6, F_M_DO8, F_M_DO10, F_MPA_I, e.g.
| +--o Runtime Group "UserRtg": Run Position Changed '4'<->'3' | | +--o Block "@F_(1)\DI8xNAMUR_[EEx_1": Deleted

Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

Output on system runtime groups "@F_ShutDn", "@F_ShutDn_3x", "@F_CycCo-OB3x", "@F_TestMode" All listed changes on these runtime groups can be ignored. This applies for the changes of this runtime group as well as for the contained Fblocks, e.g.
| +--o Runtime Group "@F_CycCo-OB34": Run Position Changed '2'<->'1' | | +--o Block "@F_CycCo-OB34\F_CYC_CO-OB34": Signature Changed, Interface Changed | | | +--o TESTM_DB Added | | | +--o TEST_DB Added | | | +--o ANZ_PSG Added | | | +--o OFFS_PSG Added | | +--o Block "@F_CycCo-OB34\F_TEST": Signature Changed | +--o Block "@F_CycCo-OB34\F_TESTC": Signature Changed | | +--o F_CNT_W.DATA Value: '62' <- '59'

Output on the connections from and to "@F_(x)". All connections describe the interconnection from the channel drivers to the module drivers. These are automatically generated and checked during compilation, e.g.
| | | +--o CHADDR Value: '@F_(2)\DI24xDC24V_3\CHADDRI00' <'@F_(1)\DI24xDC24V_3\CHADDR01

Output on the charts @F_(x), @F_CycCo-OB3x, @F_DbInitx, @F_Initx, @F_RtgDiagx, @F_ShutDn and @F_TestMode can be ignored. These charts are automatically generated during compilation. These changes affect the charts as well as the subsequently listed Fblocks, e.g.
+--o Chart "@F_(2)": +--o Block "DI24xDC24V_3": Deleted +--o Block "DO8xDC24V_2A_1": Different Block Type 'F_PS_12' <-- 'F_M_DO8'

I IA/DT

Page 7/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362 Output types on interface expansions of F-blocks from Failsafe Blocks (V1_2). E.g. interface expansion of F_CH_DI:
| | +--o Block "13_ET200M\E56_4": Signature Changed, Interface Changed | | | +--o CHADDR Value: '@F_(2)\DI24xDC24V_3\CHADDRI00' <- '@F_(1)\DI24 | | | +--o CHADDR_R Added | | | +--o CH_INF Added | | | +--o CH_INF_R Added

Output on the deleted parameters SUBS_ON and SUBS_I of F_PA_DI, e.g.


| Interface | | | +--o Block "14_PA\E66_0": Signature Changed, Changed | | | | +--o SUBS_ON Deleted +--o SUBS_I Deleted

Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

Output on the parameter I_PAR_OK of F_PA_AI, e.g.


+--o Block "Rtg\EW123": Signature Changed, Interface Changed | +--o I_PAR_OK Data Type: '43' <- '1'

The data type of these parameters of F_PA_AI was changed from Bool to F-Bool. This deletes interconnections from these parameters during upgrading. If necessary you correct these automatic changes. Output on changed signatures of F-blocks from Failsafe Blocks (V1_2). e.g. +--o Block "Name": Signature Changed

Output on empty runtime groups, e.g. empty output for runtime group Name1:
+--o Runtime Group "Name1": +--o Runtime Group "Name2":

Output on parameter DELTA of F_1oo2_R or F_2oo3_R, e.g.


+--o Block "Rtg\Voter": Signature Changed, Interface Changed | +--o DELTA Data Type: '43' <- '8'

The data type of parameter DELTA of F_1oo2_R or F_2oo3_R was changed from Real to F-Real. This deletes a possible existing interconnection or configuration to this parameter during upgrading. The value of DELTA is therefore always 0.0 after upgrading. If necessary you correct these automatic changes. Statements on the reliability of outputs on F-blocks which do not origin from Failsafe Blocks (V1_2), must be provided by the producer of these blocks. Outputs on changed interconnections of OUT parameters can always be ignored, since the output of the interconnection of IN parameters describes the logic completely.

I IA/DT

Page 8/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362 Step 5: Check F-converter blocks For the F-converter blocks F_BO_FBO and F_R_FR you check that the interconnections have remained unchanged, for example with the chart reference data of CFC or with Version Cross Manager. Step 6: Check communication blocks Check the communication blocks: Generate the backup printout with the upgraded project. Ensure that the configurations and interconnections of all communication blocks have remained unchanged. To do this, compare the printout of the safety program including the printed charts of the upgraded project with the backup printout of the acceptance test.
Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

In the charts you compare all installation locations of F_SENDBO, F_RCVBO, F_SENDR, F_RCVR, F_S_BO, F_R_BO, F_S_R, F_R_R and F_QUITES Vergleichen Sie alle Ausgaben zu unsichtbaren Parametern dieser F-FBs

Step 7: Check the HW configuration Check that the HW configuration has remained unchanged: Compile and save the HW configuration. Compare the CRCs of your HW in the backup printout. Note: If PROFISafe-Mode = PROFISafe, the CRCs change. This can be avoided by configuring an F-CPU from the following list:
Designation F-CPU CPU 414-4H CPU 414-4H CPU 417-4H CPU 417-4H MLFB 6ES7 414-4HJ00-0AB0 6ES7 414-4HJ04-0AB0 6ES7 417-4HL01-0AB0 6ES7 417-4HL04-0AB0

The actually used F-CPU must be allowed as a replacement for the configured CPU.

I IA/DT

Page 9/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362 Step 8: Check startup behavior Check the relevance of the changed startup behavior of F_XOUTY, F_LIM_HL, F_LIM_LL and F_R_TRIG. A startup of the F-program occurs during a cold start, warm start (restart) or after an F-stop with subsequent positive edge at the RESTART input of the F-block F_SHUTDN. The initial values of the OUTN parameter of F_XOUTY or of the QHN parameter of F_LIM_HL or of the QLN parameter of F_LIM_LL were changed from 0 to 1. For all interconnections with these parameters it must be checked that: the output is not processed or in the run sequence the instances of F_XOUTY, F_LIM_HL and F_LIM_LL lie before the respective F-blocks which use the output parameter and the initial value therefore never becomes effective or the initialization is irrelevant for the safety of the plant.

Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

The used outputs for which the initial value becomes effective through the run sequence are labeled with * in the printout of the safety program. For these outputs the checking method can be , for example, an FMEA. For F_R_TRIG the changed startup behavior must be checked. The checking method can be , for example, an FMEA. During startup (CPU restart or restart after F-STOP) it must not be relevant for the safety of the plant, whether or not an edge is generated upon a pending 1 in the first cycle.

Step 9: Check changed processing of NaN Check the relevance of the changed processing of NaN by F_LIM_HL or F_LIM_LL. The changed processing is not relevant if SUBS_IN = 1. See manual S7 F-FH Systems Configuring and Programming, issue 07/2007 chapter A.5.3: If the calculation in the F-block has produced invalid floating point numbers (NaN) the substitute value, at the input SUBS_IN at the output QH (or QL), is output instead of "1". Step 10: Check error treatment in F_CH_AI Check the relevance of the changed error treatment in F_CH_AI. Error treatment has been described in the manual S7 F-FH Systems Configuring and Programming version 07/2007 chapter A.2.6.7. http://support.automation.siemens.com/WW/view/en/2201072

I IA/DT

Page 10/11

Upgrading of Failsafe Blocks

Entry-ID: 30375362 Step 11: Calculate reaction times Recalculate the reaction times of the plant using the table in http://support.automation.siemens.com/WW/view/en/22557362 . Check that the reaction times do not affect the safety of the plant. Step 12: Add interconnections or parameterizations Add the interconnections or parameterizations to the parameter DELTA of F_1oo2_R and F_2oo3_R analog to the safety copy and the result of the comparator of S7 F Systems. See manual S7 F-FH Systems Configuring and Programming, issue 07/2007 chapter 2.3.4: Additional measures if your project contains the F-blocks F_1oo2_R or F_2oo3_R.
Copyright Siemens AG 2008 All rights reserved 30375362_S7_F_acceptance_upgrade_F-Lib_V1_2_to_V1_3.pdf

Note

This method only considers blocks from Failsafe Blocks (V1_2). For other F-blocks contact the respective producer.

I IA/DT

Page 11/11