Rockwell Automation 1756 GuardLogix Safety, 1769 GuardLogix Safety, 5069 Compact GuardLogix Safety Application Instruction Set

Download

Reference Manual

Original Instructions

GuardLogix Safety Application Instruction Set

1756 GuardLogix Safety, 1769 GuardLogix Safety, 5069 Compact GuardLogix Safety Publication 1756-RM095K-EN-P

GuardLogix Safety Application Instruction Set

personal injury or death, property damage, or economic loss.

IMPORTANT

for Personal Protective Equipment (PPE).

Important User Information

Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.

Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice.

If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.

In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment.

The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams.

No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual.

Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited.

Throughout this manual, when necessary, we use notes to make you aware of safety considerations.

WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to

ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss.

Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.

Identifies information that is critical for successful application and understanding of the product.

Labels may also be on or inside the equipment to provide specific precautions.

SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.

BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous

temperatures.

ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and

2 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Topic Name

Reason

updated Diagnostic Code numbers 16#4000 16384.

Test Request input, changing it from (0->1) to (1->0).

Summary of changes

This manual includes new and updated information. Use these reference tables to locate changed information.

Global changes

The Legal noticeshave been updated.

New or enhanced features

This table contains a list of topics changed in this version, the reason for the change, and a link to the topic that contains the changed information.

Dual Channel Input Stop with Test (DCST) In the Fault Codes and Corrective Actions table, updated

Fault Code numbers 16#4001 16385, 16#4002 16386, and 16#4003 16387.

In the Diagnostic Code and Corrective Actions table, updated Diagnostic Code numbers 16#4000 16384 and 16#4001 16385.

Dual-channel Input Start (DCSRT) In the Fault Codes and Corrective Actions table, updated

Fault Code numbers 16#4000 16384, 16#4001 16385, 16#4002 16386, and 16#4003 16387.

In the Diagnostic Code and Corrective Actions table

Dual Channel Input Stop with Test and Lock (DCSTL) wiring and programming example

In the programming diagram, updated Note 1 to correct the parenthetical reference to the falling edge of the

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 3

Summary of changes Preface

Safety Instructions

GuardLogix Controller Operation ............................................................. 9

Certified Instructions ................................................................................. 9

Terminology ............................................................................................... 11

Additional resources .................................................................................. 11

Legal Notices ............................................................................................... 12

Chapter 1

Safety Instructions .................................................................................... 15

Status and Safety input and output for dual channel safety

instructions .......................................................................................... 21

Dual-channel Input Start (DCSRT) ....................................................23

Dual-channel Input Start (DCSRT) wiring and programming

example ................................................................................................ 30

Dual Channel Input Monitor (DCM) .................................................. 34

Dual Channel Input Monitor (DCM) wiring and programming

example ................................................................................................. 41

Dual Channel Input Stop (DCS) .......................................................... 45

Dual Channel Input Stop (DCS) wiring and programming example

............................................................................................................... 57

Dual Channel Input Stop with Test (DCST) ...................................... 60

Dual Channel Input Stop with Test (DCST) wiring and

programming example ........................................................................ 67

Dual Channel Input Stop with Test and Lock (DCSTL) ................... 72

Dual Channel Input Stop with Test and Lock (DCSTL) wiring and

programming example ....................................................................... 84

Dual-Channel Input Stop with Test and Mute (DCSTM) ................ 89

Dual-channel Input Stop with Test and Mute (DCSTM) wiring and

programming example ..................................................................... 100

Dual Channel Analog Input (DCA - integer version) and (DCAF -

floating point version) ....................................................................... 106

Dual Channel Analog Input (DCA - integer version) and (DCAF -

floating point version) wiring and programming example ............ 118

Safety Mat (SMAT) ............................................................................. 123

Safety Mat (SMAT) wiring and programming example ................. 132

Two Hand Run Station Enhanced (THRSe) ..................................... 136

Two Hand Run Station Enhanced (THRSe) wiring and

programming example ...................................................................... 148

Configurable Redundant Output (CROUT) ..................................... 153

Configurable Redundant Output (CROUT) wiring and

programming example ...................................................................... 160

Two Sensor Asymmetrical Muting (TSAM) ..................................... 165

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 5

Table of Contents

Metal Form Instructions

Drive Safety

Two Sensor Asymmetrical Muting (TSAM) wiring and

programming example ......................................................................180

Two-sensor Symmetrical Muting (TSSM) ........................................ 186

Two Sensor Symmetrical Muting (TSSM) wiring and programming

example ............................................................................................... 201

Four Sensor Bi-Directional Muting (FSBM) ................................... 206

Four Sensor Bi-Directional Muting (FSBM) wiring and

programming example ...................................................................... 233

Chapter 2

Metal Form Instructions ......................................................................... 239

Clutch Brake Inch Mode (CBIM) ..................................................... 240

Clutch Brake Single Stroke Mode (CBSSM) .................................... 249

Clutch Brake Continuous Mode (CBCM) ........................................ 260

Crankshaft Position Monitor (CPM) ............................................... 278

CamShaft Monitor (CSM) ................................................................ 288

Eight Position Mode Selector (EPMS) ............................................. 302

Eight Position Mode Selector (EPMS) wiring and programming

example .............................................................................................. 308

Clutch Brake Wiring and Programming Example .......................... 313

Auxiliary Valve Control (AVC) ........................................................... 321

Auxiliary Valve Control (AVC) wiring and programming example

............................................................................................................. 330

Main Valve Control (MVC) ................................................................ 335

Maintenance Valve Control (MVC) wiring and programming

example ............................................................................................... 342

Maintenance Manual Valve Control (MMVC) ................................. 346

Maintenance Manual Valve Control (MMVC) wiring and

programming example ...................................................................... 355

6 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Chapter 3

Drive Safety Instructions ........................................................................ 361

Safe Brake Control (SBC) .................................................................. 361

Safe Direction (SDI) ........................................................................... 376

Safe Operating Stop (SOS) ................................................................ 384

Safe Stop 1 (SS1) .................................................................................. 395

Safe Stop 2 (SS2) ................................................................................ 407

Safely-Limited Position (SLP) .......................................................... 422

Safely-Limited Speed (SLS) ............................................................... 432

Safety Feedback Interface (SFX) ....................................................... 441

RSLogix 5000 Software, Version

14 and Later, Safety Application

Common Attributes for Safety Index

Instructions

Table of Contents

Chapter 4

Diverse Input (DIN) ................................................................................. 453

Redundant Input (RIN) ........................................................................... 461

Emergency Stop (ESTOP) ...................................................................... 470

Enable Pendant (ENPEN) ....................................................................... 478

Light Curtain (LC) ................................................................................... 486

Five Position Mode Selector (FPMS) ...................................................... 500

Redundant Output (ROUT) .................................................................... 506

Two Hand Run Station (THRS) ............................................................... 515

Execution Times for Safety Application Instructions ........................... 526

Chapter 5

Common Attributes ................................................................................. 529

Math Status Flags ..................................................................................... 529

Data Conversions ..................................................................................... 531

Elementary data types .............................................................................. 534

Floating Point Values ............................................................................... 537

Immediate values ..................................................................................... 539

Index Through Arrays ............................................................................. 540

Bit Addressing .......................................................................................... 541

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 7

Instruction Abbreviation

Instruction Name

Certification

SBC

Safe Brake Control

TÜV

SDI

Safe Direction

TÜV

SFX

Safely Feedback Interface

TÜV

SLP

Safely-Limited Position

TÜV

SLS

Safely-Limited Speed

TÜV

SS2

Safe Stop 2

TÜV

Instruction

Instruction Name

Certification

GuardLogix Controller Certified Instructions

Preface

This reference manual is intended to describe the Rockwell Automation GuardLogix Safety Application Instruction Set, which is type-approved and certified for safety-related function in applications up to and including Safety Integrity Level (SIL) 3 according to IEC61508, and Performance Level, PLe (Cat.4), according to ISO13849-1.

The timing diagrams that are presented in the manual are for illustrative purposes only. The actual response times are determined by the performance characteristics of your application.

Use this manual if you are responsible for designing, programming, or troubleshooting safety applications that use GuardLogix controllers.

You must have a basic understanding of electrical circuitry and familiarity with relay ladder logic. You must also be trained and experienced in the creation, operation, programming and maintenance of safety systems.

The term Logix5000 controller refers to any controller that is based on the Logix5000 operating system.

Operation

The GuardLogix safety controllers are part of a de-energize to trip system,

which means that all of its outputs are set to zero when a fault is detected.

The table below lists the instructions that are certified for use in GuardLogix

systems. For the latest information, see our safety certificates and revision release lists at

http://www.rockwellautomation.com/global/certification/safety.page?

Studio 5000 Logix Designer®Software Version 31 and Later Drive Safety Instructions

SOS Safe Operating Stop TÜV SS1 Safe Stop 1 TÜV

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 9

RSLogix 5000 Software Version 17 and Later Metal Form and Safety Instructions.

Abbreviation

AVC Auxiliary Valve Control TÜV

Preface

Instruction

Instruction Name

Certification

TÜV

DCSTM

Dual Channel Input Stop with Test

TÜV

floating point version

TÜV

FSBM

Four Sensor Bidirectional Muting

TÜV

SMAT

Four Sensor Bidirectional Muting

TÜV

TSSM

Four Sensor Bidirectional Muting

TÜV

Abbreviation

CBCM Clutch Brake Continuous Mode DGÜV1

TÜV

CBIM Clutch Brake Inch Mode DGÜV1

TÜV

CBSSM Clutch Brake Inch Mode DGÜV1

TÜV

CPM Crankshaft Position Monitor DGÜV1

TÜV

CROUT Configurable Redundant Output DGÜV1

TÜV

CSM Configurable Redundant Output DGÜV1

DCM Dual Channel Input Monitor DGÜV1

DCS Dual Channel Input Stop DGÜV1

DCSRT Dual Channel Input Start DGÜV1

DCST Dual Channel Input Stop with Test DGÜV1

DCSTL Dual Channel Input Stop with Test DGÜV1

DCA Dual Channel Input Stop with Test TÜV

DCAF Dual Channel Analog Input -

TÜV

EPMS Eight Position Mode Selector DGÜV1

MMVC Four Sensor Bidirectional Muting DGÜV1

MVC Four Sensor Bidirectional Muting DGÜV1

THRSe Four Sensor Bidirectional Muting DGÜV1

TSAM Four Sensor Bidirectional Muting TÜV

10 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

At the time of publication, these instructions are not DGUV-certified for use with Compact GuardLogix 5370 controllers, and are certified only for firmware versions 17...21 for GuardLogix and 1768 Compact GuardLogix controllers.

Instruction Abbreviation

Instruction Name

Certification

ESTOP

Emergency Stop

TÜV

ROUT

Redundant Output

TÜV

THRS

Two-hand Run Station

TÜV

Abbreviation

Description

CVT

Circuit Verification Test

Resource

Description

Logix Designer application.

controller system in a Logix Designer application.

RSLogix 5000 software.

publication 1768-IN004.

GuardLogix controllers.

publication 1768-UM002.

program the 1768 Compact GuardLogix controller.

Terminology

Additional resources

Preface

RSLogix 5000 Software Version 14 and Later Metal Form and General Instructions.

DIN Diverse Input TÜV

ENPEN Enable Pendant TÜV

FPMS Five-position Mode Selector TÜV

LC Light Curtain TÜV

RIN Redundant Input TÜV

In this manual, ‘programming software’ refers to both the Studio 5000 Logix Designer application and RSLogix 5000 software. The following table defines

abbreviations that are used in this manual .

AOPD Active Opto-electronic Protective Device

BCAM Brake Cam

BDDC Bottom Dead Center

DCAM Dynamic Cam

ESPE Electro-sensitive Protective Equipment

TCAM Takeover Cam

These documents contain additional information concerning related Rockwell Automation products.

GuardLogix® 5570 Controllers User Manual,

publication 1756-UM022.

GuardLogix 5570 Controllers Reference Manual,

publication 1756-RM099.

GuardLogix 5570 Controllers User Manual,

publication 1756-UM020.

Provides information on how to install, configure, and program the GuardLogix 5570 controllers in the

Contains detailed requirements for how to achieve and maintain SIL 3 with the GuardLogix 5570

Provides information on how to install, configure, and program the GuardLogix 5560 controllers in

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 11

GuardLogix Controller Systems Safety Reference

Manual, publication 1756-RM093.

CompactLogix™ Controllers Installation Instructions,

1768 Compact GuardLogix Controllers User Manual,

Contains detailed requirements for how to achieve and maintain SIL 3 with the GuardLogix 5560 controller and the 1768 Compact GuardLogix® system in RSLogix 5000 software.

Provides information on how to install 1768 Compact

Provides information on how to configure and

Preface

Resource

Description

1791ES-IN001.

publication 1734-UM013.

Safety modules

1756-RM001.

instructions.

UM001.

nonsafety applications.

DNET-UM004.

Legal Notices

CompactBlock, Guard I/O, DeviceNet Safety Module

Installation Instructions, publication 1791DS-IN002.

Guard I/O DeviceNet Safety Modules User Manual,

publication 1791DS-UM001.

Guard I/O EtherNet/IP Safety Modules Installation

Instructions, publication

Guard I/O EtherNet/IP Safety Modules User Manual,

publication 1791ES-UM001.

POINT Guard I/O Safety Modules User Manual,

Using ControlLogix® in SIL2 Applications Safety

Reference Manual, publication

Logix Controllers Instructions Reference Manual,

publication 1756-RM009.

Logix Common Procedures Programming Manual,

publication 1756-PM001.

ControlLogix System User Manual, publication 1756-

Provides information on how to install CompactBlock Guard I/O™ DeviceNet Safety modules.

Provides information on using Guard I/O DeviceNet Safety Modules.

Provides information on how to install CompactBlock Guard I/O EtherNet/IP Safety modules.

Provides information on using Guard I/O Safety modules.

Provides information on using POINT Guard I/O

Describes requirements for using ControlLogix controllers, and GuardLogix standard tasks, in SIL2 safety control applications.

Provides information on the Logix5000™ instruction set that includes general, motion, and process

Provides information on programming Logix5000 controllers, including how to manage project files, organize tags, program and test routines, and handle faults.

Provides information on using ControlLogix in

DeviceNet™ Modules in Logix5000 Control Systems

User Manual, publication

EtherNet/IP™ Modules in Logix5000 Control Systems

User Manual, publication

ENET-UM001.

ControlNet™ Modules in Logix5000 Control Systems

User Manual, publication

CNET-UM001.

Logix5000 Controllers Execution Time and Memory

Use Reference Manual, publication 1756-RM087.

Logix Import Export Reference Manual, publication

1756-RM084.

Product Certifications website,

http://ab.rockwellautomation.com.

Provides information on using the 1756-DNB module in a Logix5000 control system

Provides information on using the 1756-ENBT module in a Logix5000 control system.

Provides information on using the 1756-CNB module in Logix5000 control systems.

Provides information on how to estimate the execution time and memory use for instructions.

Provides information on using RSLogix 5000 Import/Export utility

Provides declarations of conformity, certificates, and other certification details.

You can view or download publications at

http://www.rockwellautomation.com/literature

. To order paper copies of technical documentation, contact your local Rockwell Automation distributor or sales representative.

12 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Rockwell Automation publishes legal notices, such as privacy policies, license agreements, trademark disclosures, and other terms and conditions on the

Legal Notices

page of the Rockwell Automation website.

Preface

End User License Agreement (EULA)

You can view the Rockwell Automation End-User License Agreement ("EULA") by opening the License.rtf file located in your product's install folder on your hard drive.

Open Source Licenses

The software included in this product contains copyrighted software that is licensed under one or more open source licenses. Copies of those licenses are included with the software. Corresponding Source code for open source packages included in this product are located at their respective web site(s).

Alternately, obtain complete Corresponding Source code by contacting Rockwell Automation via the Contact form on the Rockwell Automation website:

us/contact/contact.page

Please include "Open Source" as part of the request text.

http://www.rockwellautomation.com/global/about-

A full list of all open source software used in this product and their corresponding licenses can be found in the OPENSOURCE folder. The default installed location of these licenses is

Files\Rockwell\Help\FactoryTalk Services Platform\Release

Notes\OPENSOURCE\index.htm

C:\Program Files (x86)\Common

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 13

FSBM

TSAM

TSSM

FPMS

ESTOP

ROUT

RIN

ENPEN DIN

THRS

DCS

DCST

DCSTL

DCSTM

DCSRT DCM

SMAT

THRSe

CROUT

DCA

If you want to

Use this instruction

five position selector switch used in SIL3/CAT4 safety applications.

safety applications.

Safety Instructions

Chapter 1

Safety Instructions

In the controller organizer, you can recognize safety programs by the red bar

that is incorporated into the icons. The red bar indicates the program will

execute in safety memory.

The buttons for instructions that function as part of a safety program, or are supported by a safety program, have a red triangle in the right corner of

each button.

Available Instructions

Ladder Diagram

Function Block

Not available

Structured Text

Not available

Safety application instructions are intended for use within a safety system that has a controller and I/O modules. These instructions are intended for Safety Integrity Level (SIL) 3, PLe/Category (CAT) 4 applications.

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 15

Provide an interface from a programmable controller to a three-to-

Emulate the input functionality of a safety relay in a software programmable environment which is intended for use in SIL3/CAT4

Emulate the output functionality of a safety relay in a software programmable environment which is intended for use in SIL3/CAT4 safety applications.

FPMS

ESTOP

ROUT

Chapter 1 Safety Instructions

If you want to

Use this instruction

safety applications.

test of the stop device.

test of the stop device and the ability to mute the safety device.

a machine safely, for example an enable pendant.

symmetrically.

and after the light curtain’s sensing field.

output.

Control and monitor redundant outputs.

CROUT

module. (Integer version)

module. (Floating Point version)

Emulate the input functionality of a safety relay in a software programmable environment that is intended for use in SIL3/CAT4 safety applications.

Emulate the input functionality of a safety relay in a software programmable environment that is intended for use in SIL3/CAT4

Provide a manual and an automatic circuit reset interface from a programmable controller to a light curtain used in SIL3/CAT4

Provide a method to incorporate two diverse input buttons used as a single operation start button into a software programmable environment that is intended for use in SIL3/CAT4 safety applications.

Monitor dual-input safety devices whose main purpose is to provide a stop function, such as an E-stop, light curtain, or gate switch.

Monitor dual-input safety devices whose main purpose is to provide a stop function, such as an E-stop, light curtain, or gate switch. It includes the added capability of initiating a functional

RIN

ENPEN

DIN

THRS

DCS

DCST

Monitors dual-input safety devices whose main purpose is to stop

DCSTL a function, such as an E-stop, light curtain, or gate switch. It includes the added capability of initiating a functional test of the stop device and can monitor a feedback signal from a safety device and issue a lock request to a safety device.

Monitor dual-input safety devices whose main purpose is to

DCSTM provide a stop function, such as an E-stop, light curtain, or gate switch. It includes the added capability of initiating a functional

Energize dual-input safety devices whose main function is to start

DCSRT

Monitor dual-input safety devices. DCM Indicate whether or not the safety mat is occupied. SMAT Provide temporary, automatic disabling of the protective function

TSAM of a light curtain, using two muting sensors arranged asymmetrically.

Provide temporary, automatic disabling of the protective function

TSSM of a light curtain, using two muting sensors arranged

Provide temporary, automatic disabling of the protective function

FSBM of a light curtain, using four sensors arranged sequentially before

Monitor two diverse safety inputs, one from a right-hand push

THRSe button and one from a left-hand push button, to control a single

16 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Monitor two analog input channels originating from an analog input

DCA

DCAF

IMPORTANT

Chapter 1 Safety Instructions

The Safety controller is part of a De-Energize to Trip system. This means that all of its outputs are set to zero when a fault is detected.

The following sections are only applicable to these instructions:

• ESTOP

• RIN

• DIN

• ENPEN

• THRS

• LC

• ROUT

•

FPMS

De-energize to Trip System

In addition, the Safety controller automatically sets any input values associated with faulty input modules to zero. As a result, any inputs being monitored by one of the diverse input instructions (DIN or THRS) should have the normally closed input conditioned by logic as shown here:

The exact ladder logic depends on your specific system requirements, and the functionality of the Safety input module. The result, however, should be the same: to create a Safe state of one for the normally closed input of the diverse input instructions. This example logic actually overrides the input value in the input tag.

The normally closed input of the diverse input instruction should be placed in a Safe state whenever the connection to the input module is lost, or the normally closed input point is faulted.

The input value should remain intact to represent the actual state of the field device when there is a connection and the normally closed input point is not faulted.

Failure to implement this type of logic does not create an unsafe condition, but it does result in the instruction latching an Inputs Inconsistent fault, requiring a clear fault operation to be performed.

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 17

Chapter 1 Safety Instructions

IMPORTANT

System Dependencies

The safety application instructions depend on the safety I/O modules, controller operating system, and the ladder logic to perform portions of the safety functions.

Input and Output Line Conditioning

Safety I/O modules provide pulse test and monitoring capabilities. If the module detects a failure, it sets the offending input or output to the Safe state and reports the failure to the controller.

The failure indication is made via the input or output point status, and is maintained for a configurable amount of time, or until the failure is repaired, which ever comes last.

Ladder logic must be included in the application program to latch these I/O point failures and ensure proper restart behavior.

For more information on Safety I/O modules, refer to the following:

• DeviceNet Safety I/O User Manual, publication 1791DS-UM001

• Guard I/O EtherNet/IP Safety modules User Manual, publication

1791ES-UM001

• POINT Guard I/O Safety Modules User Manual, publication 1734-

UM013.

I/O Module Connection Status

A CIP SafetyTM system provides connection status for each I/O device in the safety system. If an input connection failure is detected, the operating system sets all associated inputs to the de-energized (Safe) state, and reports the failure to the ladder logic. If an output connection failure is detected, the operating system can only report the failure to the ladder logic.

Ladder logic must be included in the application program to latch these I/O point failures and ensure proper restart behavior.

How to Latch and Reset Faulted I/O

The following diagrams provide examples of the ladder logic required to latch and reset an I/O module connection or point failure. The first image shows the ladder logic for an input point, and the second shows the ladder logic for an output point.

Both of these diagrams are examples, and are for illustrative purposes only. The suitability of this logic depends upon your specific system requirements.

18 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Chapter 1 Safety Instructions

The first rung latches an internal indication that either the module connection or the specific input point has failed.

The second rung resets the internal indication, but only if the fault has been repaired, and only on the rising edge of the Fault Reset signal. This prevents the safety function from automatically restarting if the Fault Reset signal gets stuck on.

The third rung shows the input point data used in combination with the internal fault indication to control an output.

The output is internal data that may be used in combinational logic later to drive an actual output. If an actual output is used directly, it may or may not require logic similar to that shown in Figure 1.3 for latching and resetting output connection failures.

The Fault Reset contact shown in these examples is typically activated as a result of operator action. The Fault Reset could be derived as a result of combinational logic or directly from an input point (in which case it may or may not require conditioning of its own).

The ladder logic in the output example has the same latch and reset concept as that shown in the input example.

The first rung latches an internal indication that either the module connection or the specific output point has failed.

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 19

Chapter 1 Safety Instructions

I/O Module Point

Data

Point Status

Combined Status

… … …

IN n

moduleName:I.PtnData

moduleName:I.PtnInputStatus

The third rung includes application-specific logic to drive the state of an output point. This logic is conditioned by the output faulted internal indicator.

False Rung State Behavior

The information provided in this manual regarding the GuardLogix Safety application instructions depicts the "True Rung State" (Ladder Diagram Logic) behavior of the instructions.

The "False Rung State" behavior is exactly the same (internal state machines continue to run and change states based on the inputs) except that all outputs, including prompts and fault indicators, are set to zero when the instructions are disabled or on a false rung.

I/O Point Mapping

Input

The following table identifies the mapping between the Safety I/O module’s Input points and the controller tags when the Safety I/O module’s Input Status module definition is configured for Point Status or Combined Status.

Note that moduleName is the name you assign to the I/O module.

Controller Tag Reference

IN 0 moduleName:I.Pt00Data moduleName:I.Pt00InputStatus moduleName:I.InputStatus IN 1 moduleName:I.Pt01Data moduleName:I.Pt01InputStatus IN 2 moduleName:I.Pt02Data moduleName:I.Pt02InputStatus

Output

20 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

The following table identifies the mapping between the Safety I/O module’s Output points and the controller tags when the Safety I/O module’s Input Status module definition is configured for Point Status or Combined Status.

Note that moduleName is the name you assign to the I/O module.

I/O Module Point

OUT 0

moduleName:O.Pt00Data

moduleName:I.Pt00OutputStatus

OUT 1

moduleName:O.Pt01Data

moduleName:I.Pt01OutputStatus

OUT 2

moduleName:O.Pt02Data

moduleName:I.Pt02OutputStatus

… … …

OUT n

:O.PtnData

:I.PtnOutputStatus

Status and Safety input and

Data Point Status Combined Status

moduleName

output for dual channel

Controller Tag Reference

moduleName

Chapter 1 Safety Instructions

moduleName:I.OutputStatus

See also

Safety Instructions on page 15

This instruction applies to the Compact GuardLogix 5370, GuardLogix 5570,

Compact GuardLogix 5380, and GuardLogix 5580 controllers.

The Dual-channel Input Start instruction is for safety devices whose main function is to start a machine safely, for example, an enable pendant. This instruction energizes its output (O1) only if the Enable input is ON (1), and both safety inputs, Channel A and Channel B, transition to the active state within the Discrepancy Time.

Available Languages

Ladder Diagram

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 23

Function Block

This instruction is not available in function block.

Structured Text

This instruction is not available in structured text.

Operands

Unexpected operation may occur if:

• Output tag operands are overwritten.

• Members of a structure operand are overwritten.

Chapter 1 Safety Instructions

IMPORTANT

for PLd (Cat. 3) or Ple (Cat. 4) safety functions.

IMPORTANT

changes to take effect.

Operand

Data Type

Format

Description

DCSRT

DCI_START

Tag

DCSRT structure

when Channel A is 1 and Channel B is 0.

The valid range is 5...3000 ms.

Make sure safety input points are configured as single, not Equivalent or Complementary. These instructions provide all dual channel functionality necessary

If changing instruction operands while in Run mode, accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect.

ATTENTION: If changing instruction operands while in Run mode, accept the pending edits and cycle the controller mode from Program to Run for the

The following table provides the operand used to configure the instruction. This operand cannot be changed at runtime.

Safety Function DINT list item This operand provides a text name for how this

instruction is being used. Choices include enable pendant (20), start button (21), and user-defined (100). This operand does not affect instruction behavior. It is for information/documentation purposes only.

Input Type DINT list item This operand selects input channel behavior.

Equivalent - Active High (0): Inputs are in the active state when Channel A and Channel B inputs are 1.

Complementary (2): Inputs are in the active state

Discrepancy Time (ms) DINT immediate The amount of time that the inputs can be in an

inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type.

Equivalent: Inconsistent state is when either is true:

Channel A = 0 and Channel B =1 Channel A =1 and Channel B =0 Complementary: Inconsistent state is when either

is true: Channel A = 0 and Channel B =0r Channel A =1 and Channel B =1

The following table explains instruction inputs. The inputs may be field device signals from input devices or derived from user logic.

24 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Operand

Data Type

Format

Description

OFF (0): The instruction is disabled. Output 1 is not energized.

Channel A1

BOOL

tag

This input is one of the two safety inputs to the instruction.

are reset.

Operand

Data Type

Description

OFF (0): This instruction is operating normally.

not safety-related.

codes. This operand is not safety-related.

Enable BOOL tag This input enables or disables the instruction.

ON (1): The instruction is enabled. Output 1 is energized when Channel A and Channel B transition to the active state within the Discrepancy Time.

Channel B1 BOOL tag This input is one of the two safety inputs to the instruction. Input Status BOOL immediate

tag

Reset2 BOOL tag This input clears the instruction faults provided the fault

If the input is from a Guard I/O input module, make sure that the input is

If instruction inputs are from a safety I/O module, this is the status from the I/O module (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmer’s responsibility to determine the conditions.

ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid.

condition is not present. OFF (0) -> ON (1): The FP (Fault Present) and Fault Code outputs

Chapter 1 Safety Instructions

configured as single, not Equivalent or Complementary.

ISO 13849-1 stipulates instruction reset functions must occur on falling edge signals. To comply with ISO 13849-1 requirements, add this logic immediately before this instruction. Rename the Reset_Signal tag in this example to the reset signal tag name. Then use the OSF instruction Output Bit tag as the reset source of the instruction.

The following table explains instruction outputs. The outputs can be used to drive external tags (safety output modules) or internal tags for use in other logic routines.

Output 1 (01) BOOL This output is energized when the input conditions have been

satisfied. The output becomes de-energized when:

• Either Channel A or Channel B transitions to the safe state.

• The Input Status input is OFF(0).

• The Enable input turns OFF(0)

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 25

Fault Present (FP) BOOL ON (1): A fault is present in the instruction.

Fault Code DINT This output indicates the type of fault that occurred. See the

Fault Codes section for a list of fault codes. This operand is

Diagnostic Code DINT This output indicates the diagnostic status of the instruction.

See the Diagnostic Codes section below for a list of diagnostic

Chapter 1 Safety Instructions

IMPORTANT

Condition/State

Action Taken

Prescan

Same as Rung-condition-in is false.

Rung-condition-in is false

The .O1 and .FP are cleared to false.

Rung-condition-in is true

The instruction executes as described in the Normal operation section.

Postscan

Same as Rung-condition-in is false.

Do not write to any instruction output tag under any circumstances.

Affects Math Status Flags

Major/Minor Faults

None specific to this instruction. See Index Through Arrays for arrayindexing faults.

Execution

Operation

Normal

The timing diagram illustrates the normal operation for a start device, for example, an enable pendant. At (A), Output 1 is not energized because the Enable input is OFF (0). At (B), Output 1 is not energized because the transition of the Enable signal ON (1) can never enable Output 1. At (C), Output 1 is energized 50 ms after the safety inputs transition through the safe state and to the active state with the Enable input ON (1). At (D), Output 1 is de-energized when either one of the safety inputs transition to the safe state. At (E), Output 1 is energized 50 ms after the safety inputs return to the active state. At (F), Output 1 is de-energized because the Enable input has transitioned to OFF (0).

26 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Chapter 1 Safety Instructions

Normal (Equivalent Inputs)

This diagram demonstrates the same behavior as in the previous timing diagram except that the Input Type is Complementary.

Normal (Complementary Inputs)

Input Status Fault Operation

The timing diagram illustrates fault behavior when the Input Status becomes invalid. At (A), Output 1 is not energized because the Input Status has not become active for the first time. At (B), with the Input Status active, and after a 50 ms delay, Output 1 is energized because the safety inputs have transitioned through the safe state to the active state. At (C), the Input Status becomes invalid, which immediately de-energizes Output 1 and generates a fault. At (D), the fault cannot be reset because the Input Status is still inactive.

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 27

Chapter 1 Safety Instructions

At (E), the fault is reset because the Input Status is now active and a reset is triggered. At (F), Output 1 is active.

Discrepancy Fault Operation

The timing diagram illustrates a discrepancy fault occurring when Channel A and Channel B are in an inconsistent state for longer than the Discrepancy Time configuration operand. At (A), a fault is generated when the safety inputs are in an inconsistent state for longer than the Discrepancy Time, for example, 250 ms. At (B), the fault is cleared because both safety inputs are inactive and the reset went active. At (C), Output 1 is energized 50 ms after both safety inputs transition to the active state together within the Discrepancy Time. At (D), Output 1 is de-energized when Channel B transitions to the safe state. At (E), a fault is generated because the safety inputs are again in an inconsistent state for longer than the Discrepancy

28 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

Fault Code

Description

Corrective Action

• Reset the fault.

was in the active state.

Chapter 1 Safety Instructions

Time. At (F), the fault is cleared, but Output 1 is not energized until both safety inputs transition to the active state together.

False Rung State Behavior

When the instruction is executed on a false rung, all instruction outputs are de-energized.

Fault Codes and Corrective Alarms

The fault codes are listed in hexadecimal format followed by decimal format.

0 No fault. None.

16#20

16#4000

16384

16#4001

16385

The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing.

Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state.

Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B

• Check the I/O module connection or the internal logic used to source input status.

• Check the wiring.

• Perform a functional test of the

device (put Channel A and Channel B in a safe state).

• Reset the fault.

Rockwell Automation Publication 1756-RM095K-EN-P - September 2020 29

Chapter 1 Safety Instructions

Fault Code

Description

Corrective Action

while Channel A remained active.

No fault.

None.

Dual-channel Input Start

16#4002 16386

16#4003 16387

Channel A went to the safe state and back to the active state while Channel B remained active.

Channel B went to the safe state and back to the active state

Diagnostic Codes and Corrective Actions

The fault codes are listed in hexadecimal format followed by decimal format.

Diagnostic Code Description Corrective Action

16#20 32

16#4000 16384 16#4060 16480

The Input Status was OFF(0) when the instruction started.

The device is not in a safe state at start-up.

The device is not enabled. Enable the device (set Enable to 1).

Check the I/O module connection or the internal logic used to source input status.

Release the start device (put Channel A and Channel B in a safe state).

(DCSRT) wiring and programming example

Dual-channel Input Start (DCSRT) wiring and programming example

on page 30

Index Through Arrays on page 540

Status and Safety input and output for dual channel safety instructions on page 21

This topic demonstrates how to wire the Guard I/O module and program the instruction in the safety control portion of an application

This application example complies with ISO 13849-1, Category 4 operation.

Tip: The standard control portion of the application is not shown in the following diagram.

30 Rockwell Automation Publication 1756-RM095K-EN-P - September 2020

+ 514 hidden pages

Rockwell Automation 1756 GuardLogix Safety, 1769 GuardLogix Safety, 5069 Compact GuardLogix Safety Application Instruction Set

Specifications and Main Features

Frequently Asked Questions

User Manual

GuardLogix Safety Application Instruction Set

Important User Information

Summary of changes

Table of Contents

Preface

Terminology

Additional resources

Legal Notices

Safety Instructions

Dual-channel Input Start (DCSRT) wiring and programming example