1756 rm095 - en P

Safety Reference Manual
GuardLogix Safety Application Instruction Set

Catalog Numbers 1756-L61S, 1756-L62S, 1756-L63S, 1756-LSP, 1756-L72S, 1756-L73S, 1756-L7SP, 1756-L72SXT, 1756L7SPXT, 1768-L43S, 1768-L45S
Important User Information

Solid-state equipment has operational characteristics differing from those of electromechanical equipment. Safety Guidelines for the Application, Installation and Maintenance of Solid State Controls (publication SGI-1.1 available from your local Rockwell Automation sales office or online at http://www.rockwellautomation.com/literature/) describes some important differences between solid-state equipment and hard-wired electromechanical devices. Because of this difference, and also because of the wide variety of uses for solid-state equipment, all persons responsible for applying this equipment must satisfy themselves that each intended application of this equipment is acceptable. In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment. The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams. No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual. Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited. Throughout this manual, when necessary, we use notes to make you aware of safety considerations. WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss. ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence. SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present. BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures. IMPORTANT Identifies information that is critical for successful application and understanding of the product.
Allen-Bradley, Rockwell Automation, GuardLogix, Guard I/O, CompactBlock Guard I/O, ControlLogix, Logix5000, and TechConnect are trademarks of Rockwell Automation, Inc. Trademarks not belonging to Rockwell Automation are property of their respective companies.
Summary of Changes
This manual contains new and updated information. Changes throughout this revision are marked by change bars, as shown to the right of this paragraph.
New and Updated Information
This table contains the changes made to this revision.

Topic Added information on changing parameters while in Run mode to each instruction Dual-channel Analog Input (DCA) instruction Corrected diagnostic signal code for Actuate input Clarified the operational description of the Output 1 (O1) and Fault Present (FP) parameters of the Cam Shaft Monitor (CSM) instruction Updated execution times Page Throughout 91 136 248 Appendix B
Rockwell Automation Publication 1756-RM095E-EN-P - February 2012
Summary of Changes
Notes:
Table of Contents
Preface
GuardLogix Controller Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 1 General Safety Application Instructions

Dual-channel Input Start (DCSRT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCSRT Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCSRT Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCSRT Input Status Fault Operation. . . . . . . . . . . . . . . . . . . . . . . . DCSRT Discrepancy Fault Operation. . . . . . . . . . . . . . . . . . . . . . . . DCSRT False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . DCSRT Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . DCSRT Wiring and Programming Example . . . . . . . . . . . . . . . . . . Dual-channel Input Monitor (DCM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCM Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCM Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCM Input Status Fault Operation. . . . . . . . . . . . . . . . . . . . . . . . . . DCM Discrepancy Fault Operation . . . . . . . . . . . . . . . . . . . . . . . . . . DCM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCM Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . DCM Wiring and Programming Example . . . . . . . . . . . . . . . . . . . . Dual-channel Input Stop (DCS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCS Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCS Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCS Input Status Fault (Manual Cold Start) . . . . . . . . . . . . . . . . . DCS Cycle Inputs Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCS Discrepancy Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCS False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCS Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCS Wiring and Programming Example . . . . . . . . . . . . . . . . . . . . . Dual-channel Input Stop with Test (DCST) . . . . . . . . . . . . . . . . . . . . . . . DCST Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCST Functional Test Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . DCST False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCST Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . DCST Wiring and Programming Example. . . . . . . . . . . . . . . . . . . . Dual-channel Input Stop with Test and Lock (DCSTL). . . . . . . . . . . . . DCSTL Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCSTL Start-up Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DCSTL Device Not Tested After Unlock Fault . . . . . . . . . . . . . . . DCSTL Functional Test After Fault Operation . . . . . . . . . . . . . . . DCSTL False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . DCSTL Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . DCSTL Wiring and Programming Example . . . . . . . . . . . . . . . . . .
18 18 21 22 23 23 24 25 28 28 31 32 33 33 34 35 38 38 41 46 48 49 49 50 51 54 54 57 58 59 60 64 65 68 70 71 72 72 74
5
Table of Contents
Dual-channel Input Stop with Test and Mute (DCSTM) . . . . . . . . . . . 79 DCSTM Instruction Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 DCSTM Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 DCSTM Muting Lamp Status Fault Operation . . . . . . . . . . . . . . . 84 DCSTM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . 84 DCSTM Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . 85 DCSTM Wiring and Programming Example . . . . . . . . . . . . . . . . . 86 Dual-channel Analog Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 [(DCA) - integer version] [(DCAF) - floating point version] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 DCA(F) Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 DCA(F) Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 DCA(F) Input Status Fault. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 DCA(F) Discrepancy Fault. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 DCA(F) False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . 100 DCA(F) Fault and Diagnostic Codes. . . . . . . . . . . . . . . . . . . . . . . . 101 DCA(F) Wiring and Programming Example . . . . . . . . . . . . . . . . . 101 Safety Mat (SMAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 SMAT Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 SMAT Circuit Verification Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 SMAT Manual Restart Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 109 SMAT Automatic Restart Operation. . . . . . . . . . . . . . . . . . . . . . . . 110 Safety Mat Occupied Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Safety Mat Unoccupied Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 SMAT Fault Detection Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 113 SMAT False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 SMAT Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . 114 SMAT Wiring and Programming Example . . . . . . . . . . . . . . . . . . 115 Two-hand Run Station Enhanced (THRSe) . . . . . . . . . . . . . . . . . . . . . 118 THRSe Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Disconnecting the Two-hand Run Station. . . . . . . . . . . . . . . . . . . . . 120 Connecting the Two-hand Run Station . . . . . . . . . . . . . . . . . . . . . . . 120 THRSe Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 THRSe Button Held Down Diagnostic Operation . . . . . . . . . . . 122 THRSe Button Glitch Diagnostic Operation . . . . . . . . . . . . . . . . 123 THRSe Button Discrepancy Fault (Channel-to-Channel) Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 THRSe Run Station Disconnected (Station Bypassed) Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 THRSe False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . 126 THRSe Fault and Diagnostic Codes. . . . . . . . . . . . . . . . . . . . . . . . . 126 THRSe Wiring and Programming Example. . . . . . . . . . . . . . . . . . 127 Configurable Redundant Output (CROUT) . . . . . . . . . . . . . . . . . . . . . . 131 CROUT Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 CROUT Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 CROUT Feedback Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 CROUT False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . 135
6 Rockwell Automation Publication 1756-RM095E-EN-P - February 2012
Table of Contents
CROUT Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . CROUT Wiring and Programming Example . . . . . . . . . . . . . . . . Two-sensor Asymmetrical Muting (TSAM) . . . . . . . . . . . . . . . . . . . . . . . TSAM Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Invalid Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Tolerated Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Dangerous Portion of Cycle . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Override Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Fault Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Diagnostic Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSAM Wiring and Programming Example . . . . . . . . . . . . . . . . . . Two-sensor Symmetrical Muting (TSSM). . . . . . . . . . . . . . . . . . . . . . . . . TSSM Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Invalid Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Tolerated Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Dangerous Portion of Cycle. . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Override Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Fault Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TSSM Wiring and Programming Example . . . . . . . . . . . . . . . . . . . Four-sensor Bidirectional Muting (FSBM) . . . . . . . . . . . . . . . . . . . . . . . . FSBM Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Invalid Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Tolerated Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Dangerous Portion of Cycle. . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Override Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM False Rung State Behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Fault Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSBM Wiring and Programming Example . . . . . . . . . . . . . . . . . . .
136 137 141 142 144 146 147 148 149 149 150 153 154 159 160 163 165 166 167 168 168 169 172 172 177 178 181 184 185 186 187 188 188 200 200
Chapter 2 Metal Form Instructions

Clutch Brake Inch Mode (CBIM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBIM Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBIM Energizing Output 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBIM De-energizing Output 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBIM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . CBIM Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Clutch Brake Single Stroke Mode (CBSSM). . . . . . . . . . . . . . . . . . . . . . . CBSSM Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBSSM Energizing Output 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBSSM De-energizing Output 1. . . . . . . . . . . . . . . . . . . . . . . . . . . .
206 207 209 211 212 213 215 216 218 220
7
Table of Contents
CBSSM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . CBSSM Diagnostic Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Clutch Brake Continuous Mode (CBCM) . . . . . . . . . . . . . . . . . . . . . . . . CBCM Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBCM Energizing Output 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBCM Immediate Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBCM Immediate with Arming Mode . . . . . . . . . . . . . . . . . . . . . . CBCM Half Stroke with Arming Mode . . . . . . . . . . . . . . . . . . . . . CBCM Stroke-and-a-half with Arming Mode. . . . . . . . . . . . . . . . CBCM De-energizing Output 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . CBCM Safety Enable and Takeover Mode . . . . . . . . . . . . . . . . . . . CBCM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . CBCM Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Crankshaft Position Monitor (CPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CPM Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CPM Cam Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CPM Normal Operation with Cam Profile A . . . . . . . . . . . . . . . . CPM - Normal Operation with Cam Profile B . . . . . . . . . . . . . . . . . CPM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . CPM Fault and Diagnostic Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . Camshaft Monitor (CSM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM Input Pulse Conversion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM Uncommanded Motion Fault . . . . . . . . . . . . . . . . . . . . . . . . . CSM Start Time Exceeded Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM Stop Time Exceeded Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM Loss of Motion Fault (Case 1). . . . . . . . . . . . . . . . . . . . . . . . . CSM Loss of Motion Fault (Case 2). . . . . . . . . . . . . . . . . . . . . . . . . CSM Input Status Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . CSM Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . Clutch Brake Wiring and Programming Example . . . . . . . . . . . . . . . . . . Eight-position Mode Selector (EPMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . EPMS Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EPMS Lock Input OFF (0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EPMS Lock Input ON (1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EPMS False Rung State Behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . EPMS Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . EPMS Wiring and Programming Example . . . . . . . . . . . . . . . . . . . Auxiliary Valve Control (AVC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AVC Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Normal Auxiliary Valve Reaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Immediate Auxiliary Valve Reaction . . . . . . . . . . . . . . . . . . . . . . . . . . Auxiliary Valve Feedback Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AVC False Rung State Behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . AVC Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . .
221 221 224 225 228 229 230 231 232 233 234 235 235 238 239 241 243 244 244 245 246 246 249 250 251 252 253 254 255 256 257 257 259 267 268 270 271 271 272 272 276 277 279 281 282 282 283
Table of Contents
AVC Wiring and Programming Example . . . . . . . . . . . . . . . . . . . . Main Valve Control (MVC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MVC Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MVC Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MVC Feedback Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MVC False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . MVC Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . MVC Wiring and Programming Example . . . . . . . . . . . . . . . . . . . Maintenance Manual Valve Control (MMVC) . . . . . . . . . . . . . . . . . . . . MMVC Instruction Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . MMVC Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MMVC Actuate in Non-permissive State . . . . . . . . . . . . . . . . . . . . MMVC Fault After Output 1 Energized. . . . . . . . . . . . . . . . . . . . . MMVC False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . MMVC Fault and Diagnostic Codes . . . . . . . . . . . . . . . . . . . . . . . . MMVC Wiring and Programming Example . . . . . . . . . . . . . . . . .
284 289 289 291 292 292 293 294 298 299 301 302 303 303 304 305
Appendix A RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions
General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . De-energize to Trip System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . False Rung State Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I/O Point Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Diverse Input (DIN) Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation with Inconsistent Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation with Circuit Reset Held On - Manual Reset Only . . . . Cycle Inputs Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Diverse Input with Manual Reset Wiring Example . . . . . . . . . . . . . Diverse Input with Manual Reset Programming Example . . . . . . . Diverse Input with Automatic Reset Wiring Example . . . . . . . . . . Diverse Input with Automatic Reset Programming Example . . . . Redundant Input (RIN) Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation with Inconsistent Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation with Circuit Reset Held On - Manual Reset Only . . . . Cycle Inputs Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redundant Input with Manual Reset Wiring Example. . . . . . . . . . Redundant Input with Manual Reset Programming Example. . . . Redundant Input with Automatic Reset Wiring Example . . . . . . . Redundant Input with Automatic Reset Programming Example . Emergency Stop (ESTOP) Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation with Inconsistent Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . .
311 311 312 315 315 317 317 319 320 321 321 322 322 323 324 325 325 327 328 329 329 330 330 331 332 333 333 335 336
9
Table of Contents
Operation with Circuit Reset Held On - Manual Reset Only . . . . Cycle Inputs Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Emergency Stop with Manual Reset Wiring Example . . . . . . . . . . . Emergency Stop with Manual Reset Programming Example . . . . . Emergency Stop with Automatic Reset Wiring Example . . . . . . . . Emergency Stop with Automatic Reset Programming Example . . Enable Pendant (ENPEN) Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation with Inconsistent Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation with Circuit Reset Held On - Manual Reset Only . . . . Cycle Inputs Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enable Pendant with Manual Reset Wiring Example . . . . . . . . . . . Enable Pendant with Manual Reset Programming Example . . . . . Enable Pendant with Automatic Reset Wiring Example . . . . . . . . Enable Pendant with Automatic Reset Programming Example . . Light Curtain (LC) Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Light Curtain Muting Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inputs Inconsistent Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Circuit Reset Held On Operation - Manual Reset Mode Only . . Cycle Inputs Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Input Filter Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Light Curtain with Manual Reset Wiring Example . . . . . . . . . . . . . Light Curtain with Manual Reset Programming Example . . . . . . . Light Curtain with Automatic Reset Wiring Example . . . . . . . . . . Light Curtain with Automatic Reset Programming Example . . . . Five-position Mode Selector (FPMS) Instruction . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Five-position Mode Selector Wiring Example . . . . . . . . . . . . . . . . . . Five-position Mode Selector Programming Example . . . . . . . . . . . . Redundant Output with Continuous Feedback Monitoring (ROUT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redundant Output with Negative Feedback Wiring Example . . . Redundant Output with Negative Feedback Programming Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redundant Output with Positive Feedback Wiring Example . . . . Redundant Output with Positive Feedback Programming Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Two-hand Run Station (THRS) Instruction . . . . . . . . . . . . . . . . . . . . . . Instruction Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Normal Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Button Tie-down Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
337 337 338 338 339 340 341 341 343 344 345 345 346 346 347 348 349 350 352 352 354 355 355 356 356 357 359 360 362 362 363 364 364 366 366 367 370 370 372 372 374 375 377 378
Table of Contents
Cycle Buttons Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Button Fault Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Two-hand Run Station with Active Pin Disabled Wiring Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Two-hand Run Station with Active Pin Disabled Programming Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Two-hand Run Station with Active Pin Enabled Wiring Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Two-hand Run Station with Active Pin Enabled Programming Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
379 380 381 382 383 384
Appendix B Execution Times for Safety Application Instructions Index
11
Table of Contents
12
Preface
Topic GuardLogix Controller Operation Terminology Additional Resources
Page 13 14 15
This reference manual is intended to describe the Rockwell Automation GuardLogix Safety Application Instruction Set which is type-approved and certified for safety-related function in applications up to and including Safety Integrity Level (SIL) 3 according to IEC61508, and Performance Level, PLe (Cat.4), according to ISO13849-1. For the latest information and safety certificates, see http:// www.rockwellautomation.com/products/certification/safety/. The timing diagrams presented in the manual are for illustrative purposes only. The actual response times will be determined by the performance characteristics of your application. Use this manual if you are responsible for designing, programming, or troubleshooting safety applications that use GuardLogix controllers. You must have a basic understanding of electrical circuitry and familiarity with relay ladder logic. You must also be trained and experienced in the creation, operation, programming, and maintenance of safety systems.
GuardLogix Controller Operation
The GuardLogix Safety controller is part of a de-energize to trip system. This means that all of its outputs are set to zero when a fault is detected.
13
Preface
Terminology
The following table defines abbreviations used in this manual.

Abbreviation AOPD BCAM BDC CVT DCAM ESPE TCAM AVC CBCM CBIM CBSSM CPM CROUT CSM DCM DCS DCSRT DCST DCSTL DCSTM DCA EPMS FSBM MMVC MVC SMAT THRSe TSAM TSSM DIN ENPEN ESTOP FPMS LC RIN ROUT THRS Description Active Opto-electronic Protective Device Brake Cam Bottom Dead Center Circuit Verification Test Dynamic Cam Electro-sensitive Protective Equipment Takeover Cam Auxiliary Valve Control Clutch Brake Continuous Mode Clutch Brake Inch Mode Clutch Brake Single Stroke Mode Crankshaft Position Monitor Configurable Redundant Output Camshaft Monitor Dual Channel Input Monitor Dual Channel Input Stop Dual Channel Input Start Dual Channel Input Stop with Test Dual Channel Input Stop with Test and Lock Dual Channel Input Stop with Test and Mute Dual Channel Analog Input Eight Position Mode Selector Four Sensor Bidirectional Muting Maintenance Manual Valve Control Main Valve Control Safety Mat Two Hand Run Station Enhanced Two Sensor Asymmetrical Muting Two Sensor Symmetrical Muting Diverse Input Enable Pendant Emergency Stop Five-position Mode Selector Light Curtain Redundant Input Redundant Output Two-hand Run Station
Version 17 and Later Metal Form and General Instructions
Version 14 and Later General Instructions
14
Preface
Additional Resources
Resource
These documents contain additional information concerning related products from Rockwell Automation.
Description Provides information on installing, configuring, and programming the 1756 GuardLogix controller Provides information on installing Compact GuardLogix controllers Provides information on configuring and programming the 1768 Compact GuardLogix controller Contains detailed requirements for achieving and maintaining SIL 3 with the GuardLogix controller system
GuardLogix Controllers User Manual, publication 1756-UM020 CompactLogix Controllers Installation Instructions, publication 1768-IN004 1768 Compact GuardLogix Controllers User Manual, publication 1768-UM002 GuardLogix Controller Systems Safety Reference Manual, publication 1756-RM093
CompactBlock Guard I/O DeviceNet Safety Module Installation Instructions, publication Provides information on installing CompactBlock Guard I/O DeviceNet Safety modules 1791DS-IN002 Guard I/O DeviceNet Safety Modules User Manual, publication 1791DS-UM001 Guard I/O EtherNet/IP Safety Modules Installation Instructions, publication 1791ES-IN001 Guard I/O EtherNet/IP Safety Modules User Manual, publication 1791ES-UM001 Using ControlLogix in SIL2 Applications Safety Reference Manual, publication 1756-RM001 Logix5000 General Instruction Set Reference Manual, publication 1756-RM003 Logix Common Procedures Programming Manual, publication 1756-PM001 ControlLogix System User Manual, publication 1756-UM001 DeviceNet Modules in Logix5000 Control Systems User Manual, publication DNET-UM004 EtherNet/IP Modules in Logix5000 Control Systems User Manual, publication ENET-UM001 ControlNet Modules in Logix5000 Control Systems User Manual, publication CNET-UM001 Provides information on using Guard I/O DeviceNet Safety modules Provides information on installing CompactBlock Guard I/O EtherNet/IP Safety modules Provides information on using Guard I/O EtherNet/IP Safety modules Describes requirements for using ControlLogix controllers, and GuardLogix standard tasks, in SIL2 safety control applications Provides information on the Logix5000 Instruction Set Provides information on programming Logix5000 controllers, including managing project files, organizing tags, programming and testing routines, and handling faults Provides information on using ControlLogix in non-safety applications Provides information on using the 1756-DNB module in a Logix5000 control system Provides information on using the 1756-ENBT module in a Logix5000 control system Provides information on using the 1756-CNB module in Logix5000 control systems
Logix5000 Controllers Execution Time and Memory Use Reference Manual, publication Provides information on estimating the execution time and memory use for instructions 1756-RM087 Logix Import Export Reference Manual, publication 1756-RM084 Product Certifications website, http://ab.com Provides information on using RSLogix 5000 Import/Export utility Provides declarations of conformity, certificates, and other certification details
You can view or download publications at http://www.literature.rockwellautomation.com. To order paper copies of technical documentation, contact your local Allen-Bradley distributor or Rockwell Automation sales representative.
15
Preface
Notes:
16
Chapter
General Safety Application Instructions
Topic Dual-channel Input Start (DCSRT) Dual-channel Input Monitor (DCM) Dual-channel Input Stop (DCS) Dual-channel Input Stop with Test (DCST) Dual-channel Input Stop with Test and Lock (DCSTL) Dual-channel Input Stop with Test and Mute (DCSTM) Dual-channel Analog Input Safety Mat (SMAT) Two-hand Run Station Enhanced (THRSe) Configurable Redundant Output (CROUT) Two-sensor Asymmetrical Muting (TSAM) Two-sensor Symmetrical Muting (TSSM) Four-sensor Bidirectional Muting (FSBM)
Page 18 28 38 54 64 79 91 106 118 131 141 159 177
17
Chapter 1
Dual-channel Input Start (DCSRT)
The Dual-channel Input Start instruction is for safety devices whose main function is to start a machine safely, for example, an enable pendant. This instruction will energize its output (O1) only if the Enable input is ON (1), and both safety inputs, Channel A and Channel B, transition to the active state within the Discrepancy Time.
DCSRT Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. Make sure your safety input points are configured as single, not Equivalent or Complementary. These instructions provide all dual-channel functionality necessary for PLd (Cat. 3) or PLe (Cat. 4) safety functions. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect.
IMPORTANT
18
Chapter 1
The following table provides the parameters that are used to configure the instruction. These parameters cannot be changed at runtime.
Table 1 - DCSRT Configuration Parameters
Parameter Safety Function Data Type List Description This parameter provides a text name for how this instruction is being used. Choices include enable pendant, start button, and userdefined. This does not affect instruction behavior. It is for information/documentation purposes only. This parameter selects input channel behavior. Equivalent - Active High: Inputs are in the active state when Channel A and Channel B inputs are 1. Complementary: Inputs are in the active state when Channel A is 1 and Channel B is 0. The amount of time that the inputs are allowed to be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. Equivalent: Inconsistent state is when either is true: Channel A = 0 and Channel B = 1 Channel A = 1 and Channel B = 0 Complementary: Inconsistent state is when either is true: Channel A = 0 and Channel B = 0 Channel A = 1 and Channel B = 1 The valid range is 5...3000 ms.
Input Type
List
Discrepancy Time (ms)
Integer
The following table explains instruction inputs. The inputs may be field device signals from input devices or derived from user logic.
Table 2 - DCSRT Inputs
Name Enable Data Type Boolean Description This input enables or disables the instruction. ON (1): The instruction is enabled. Output 1 is energized when Channel A and Channel B transition to the active state within the Discrepancy Time. OFF (0): The instruction is disabled. Output 1 is not energized. This input is one of the two safety inputs to the instruction. This input is one of the two safety inputs to the instruction. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Channel A(1) Channel B(1) Input Status
Boolean Boolean Boolean
Reset(2)
Boolean
(1) If this input is from a Guard I/O input module, make sure the input is configured as single, not Equivalent or Complementary. (2) ISO 13849-1 stipulates instruction reset functions must occur on falling edge signals. To comply with ISO 13849-1 requirements, add this logic immediately before this instruction. Rename the Reset_Signal tag in this example to your reset signal tag name. Then use the OSF instruction Output Bit tag as the instructions reset source.
19
Chapter 1
The following table explains instruction outputs. The outputs may be used to drive external tags (safety output modules) or internal tags for use in other logic routines.
Table 3 - DCSRT Outputs
Name Output 1 (O1) Data Type Boolean Description This output is energized when the input conditions have been satisfied. The output becomes de-energized when: either Channel A or Channel B transitions to the safe state. the Input Status input is OFF (0). the Enable input turns OFF (0). ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 4 on page 24 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 5 on page 24 for a list of diagnostic codes. This parameter is not safety-related.
Fault Present (FP) Fault Code Diagnostic Code
Boolean Integer Integer
IMPORTANT
Do not write to any instruction output tag under any circumstances.
20
Chapter 1
DCSRT Normal Operation

The timing diagram in Figure 1 illustrates the normal operation for a start device, for example, an enable pendant. At (A), Output 1 is not energized because the Enable input is OFF (0). At (B), Output 1 is not energized because the transition of the Enable signal ON (1) can never enable Output 1. At (C), Output 1 is energized 50 ms after the safety inputs transition through the safe state and to the active state with the Enable input ON (1). At (D), Output 1 is de-energized when either one of the safety inputs transition to the safe state. At (E), Output 1 is energized 50 ms after the safety inputs return to the active state. At (F), Output 1 is de-energized because the Enable input has transitioned to OFF (0).
Figure 1 - Normal Operation (Equivalent Inputs) Timing Diagram
Channel A
1 0
Channel B
1 0 1
Enable
0 1 50 ms 50 ms
Output 1
0 A B Input Type = Equivalent - Active High
C D E Discrepancy Time = 250 ms
If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
Figure 2 demonstrates the same behavior as in the previous timing diagram except that the Input Type is Complementary.
Figure 2 - Normal Operation (Complementary Inputs) Timing Diagram
Channel A
1 0
Channel B
1 0
Enable
1 0 1
Output 1
50 ms
50 ms
0 A B C D E F
Input Type = Complementary Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
21
Chapter 1
DCSRT Input Status Fault Operation

Figure 3 illustrates fault behavior when the Input Status becomes invalid. At (A), Output 1 is not energized because the Input Status has not become active for the first time. At (B), with the Input Status active and after a 50 ms delay, Output 1 is energized because the safety inputs have transitioned through the safe state to the active state. At (C), the Input Status becomes invalid, which immediately deenergizes Output 1 and generates a fault. At (D), the fault cannot be reset because the Input Status is still inactive. At (E), the fault is reset because the Input Status is now active and a reset is triggered. At (F), Output 1 is active.
Figure 3 - Input Status Fault Timing Diagram
Channel A
1 0
Channel B
1 0 1
Enable
0 1
Input Status
0 1
Reset
0 1 0 1
Fault Present
Output 1
0 A
50 ms
50 ms
Input Type = Equivalent - Active High Discrepancy Time = 250 ms
22
Chapter 1
DCSRT Discrepancy Fault Operation

Figure 4 illustrates a discrepancy fault occurring when Channel A and Channel B are in an inconsistent state for longer than the configured Discrepancy Time. At (A), a fault is generated when the safety inputs are in an inconsistent state for longer than the Discrepancy Time, for example, 250 ms. At (B), the fault is cleared because both safety inputs are inactive and the Reset input went active. At (C), Output 1 is energized 50 ms after both safety inputs transition to the active state together within the Discrepancy Time. At (D), Output 1 is de-energized when Channel B transitions to the safe state. At (E), a fault is generated because the safety inputs are again in an inconsistent state for longer than the Discrepancy Time. At (F), the fault is cleared, but Output 1 will not be energized until both safety inputs transition to the active state together.
Figure 4 - Discrepancy Fault Timing Diagram
Channel A
1 0 250ms 1 250ms
Channel B
0 1 0
Enable
Reset
1 0
Fault Present
1 0
Output 1 1
0 A
50ms
Input Type = Equivalent - Active High Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
DCSRT False Rung State Behavior

When the instruction is executed on a false rung, all instruction outputs are deenergized.
23
Chapter 1
DCSRT Fault and Diagnostic Codes

Table 4 - DSCRT Fault Codes and Corrective Actions
Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B was in the active state. Channel A went to the safe state and back to the active state while Channel B remained active. Channel B went to the safe state and back to the active state while Channel A remained active. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the wiring. Perform a functional test of the device (put Channel A and Channel B in a safe state). Reset the fault.
4000H
4001H
4002H 4003H
Table 5 - DSCRT Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 20H 4000H 4060H Description No fault. The Input Status input was OFF (0) when the instruction started. The device is not in a safe state at startup. The device is not enabled. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Release the start device (put Channel A and Channel B in a safe state). Enable the device (set Enable to 1).
24
Chapter 1
DCSRT Wiring and Programming Example

This example complies with ISO 13849-1, Category 4 operation. The standard control portion of the application is not shown.
Figure 5 - Wiring Diagram
24V DC Momentary Push Button (reset)
Momentary Push Button
1 V
3 I0
4 I1
14 T1
13 T0
24 I11
DeviceNet
1791-DS-IB12
G
Module 1
11
24V Ground
This programming diagram shows the instruction with inputs and test outputs.
Figure 6 - Programming Diagram
Equivalent Active High TBD ms See Note 1 Module1:I.Pt06Data Module1:I.Pt07Data Module1:I.Combined Status See Note 3 MomentaryPushButton DCSRT Input Type Output 1 Discrepancy Time Enable Channel A Channel B Input Status Reset Fault Present See Note 2
Note 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. Note 2: This is an internal Boolean tag used by other parts of the user application not shown in this example. Note 3: The source can be mapped or safety data.
Key: Color code represents data or value typically used.

Tag-mapped Variable Safety Input Configuration Constant/Value Standard Output Safety Output Internal Safety Variable
25
Chapter 1
Figure 7 - Ladder Logic

DCSRT Dual Channel Input Start MomentaryPushButton DCSRT START BUTTON Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) SeeNote1 Enable 0 Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 O1 FP
Note 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example.
RSLogix 5000 software is used to configure the input and output parameters of the Guard I/O module, as illustrated.
Figure 8 - Module Definition
Rockwell Automation suggests using Exact Match, as shown. However, setting Electronic Keying to Compatible Match is allowed.
26
Chapter 1
Figure 9 - Module Input Configuration
Figure 10 - Module Test Output Configuration
27
Chapter 1
Dual-channel Input Monitor (DCM)
The Dual-channel Input Monitor instruction monitors dual-input safety devices and sets Output 1 based on the Input Type parameter and the combined state of Channel A and Channel B.
DCM Instruction Parameters

IMPORTANT
28
Chapter 1
Table 6 - DCM Configuration Parameters
Parameter Safety Function Data Type List Description This parameter provides a text name for how this instruction is being used. Choices include cam switch, position limit switch, and user-defined. This does not affect instruction behavior. It is for information/documentation purposes only. This parameter selects input channel behavior. Equivalent - Active High: Inputs are in the active state when Channel A and Channel B inputs are 1. Equivalent - Active Low: Inputs are in the active state when Channel A and Channel B inputs are 0. Complementary: Inputs are in the active state when Channel A is 1 and Channel B is 0. The amount of time that the inputs are allowed to be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. Equivalent: Inconsistent state is when either is true: Channel A = 0 and Channel B = 1 Channel A = 1 and Channel B = 0 Complementary: Inconsistent state is when either is true: Channel A = 0 and Channel B = 0 Channel A = 1 and Channel B = 1 If this parameter is 0, the Discrepancy Time checking is disabled (0 = infinite). The valid range is 0...3000 ms.
Input Type
List
Integer
Table 7 - DCM Inputs
Name Channel A(1) Channel B(1) Input Status Data Type Boolean Boolean Boolean Description This input is one of the two inputs being monitored. When either input is in the safe state, Output 1 is de-energized. This input is one of the two inputs being monitored. When either input is in the safe state, Output 1 is de-energized. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Reset(2)
Boolean
(1) If this input is from a Guard I/O input module, make sure the input is configured as single, not Equivalent or Complementary. (2) ISO 13849-1 stipulates instruction reset functions must occur on falling edge signals. To comply with ISO 13849-1 requirements, add this logic immediately before this instruction. Rename the Reset_Signal tag in this example to your reset signal tag name. Then use the OSF instruction output Bit tag as the instructions reset source.
29
Chapter 1
The following table explains instruction outputs. The outputs may be external tags (safety output modules) or internal tags for use in other logic routines.
Table 8 - DCM Outputs
Name Output 1 (O1) Data Type Boolean Description This output is energized when the input conditions are satisfied. The output becomes de-energized when: either Channel A or Channel B transitions to the safe state. the Input Status input is OFF (0). Instruction Status (IS) Fault Present (FP) Fault Code Diagnostic Code Boolean Boolean Integer Integer This output is ON (1) when Output 1 of this instruction is valid (no faults or diagnostics are present). ON (1): A fault is present in the instruction. OFF (0): This instruction is operating normally. This output indicates the type of fault that occurred. See Table 9 on page 34 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 10 on page 34 for a list of diagnostic codes. This parameter is not safety-related.
IMPORTANT
30
Chapter 1
DCM Normal Operation

The timing diagram in Figure 11 illustrates the normal monitoring of a dualchannel input with the Input Type configured as Equivalent - Active High. Output 1 is ON (1) initially because the safety inputs are in the active state. At (A), Channel A transitions to the safe state, which causes Output 1 to go to the safe state. At (B), both of the safety inputs have transitioned to the active state, which energizes Output 1. At (C), Output 1 is de-energized and energized again at (D). The Instruction Status output is ON (1) the entire time because no faults or diagnostics occur.
Figure 11 - Normal Operation Timing Diagram
1
Channel A
0 1
Channel B
0 1
Instruction Status
0 1 0
A B C D
Output 1
31
Chapter 1
DCM Input Status Fault Operation

Figure 12 illustrates instruction behavior with fault conditions. At (A), Output 1 turns ON (1) when the Input Status becomes valid. This also energizes Output 1 because the safety inputs are in the active state. At (B), a fault is generated when the Input Status becomes invalid. This also turns OFF (0) the Instruction Status output. At (C), the fault cannot be reset because the Input Status is still invalid. At (D), the fault is cleared when a reset is triggered with the Input Status being valid. This also turns the Instruction Status output ON (1).
Channel A
1 0 1
Channel B
0 1
Reset
0 1
Input Status
0 1
Instructions Status
0 1 0
Fault Present
Output 1
1 0
A B C D
Input Type = Equivalent - Active High Discrepancy Time = 250 ms
32
Chapter 1
DCM Discrepancy Fault Operation

Figure 13 illustrates a discrepancy fault occurring when Channel A and Channel B are in an inconsistent state for longer than the configured Discrepancy Time. At (A), a fault is generated when the safety inputs are in an inconsistent state for longer than the Discrepancy Time. This also turns Output 1 OFF (0). At (B), the fault is cleared because a Reset is triggered when the safety inputs are no longer in an inconsistent state. At (C), a fault is generated when the safety inputs are again in an inconsistent state for longer than the Discrepancy Time. At (D), the fault is reset.
1
Channel A
0 250ms 1 250ms
Channel B
0 1
Reset
0 1
Instruction Status
0 1 0
Fault Present
Output 1
1 0 A B C D
DCM False Rung State Behavior

33
Chapter 1
DCM Fault and Diagnostic Codes

Table 9 - DCM Fault Codes and Corrective Actions
Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B was in the active state. Channel A went to the safe state and back to the active state while Channel B remained active. Channel B went to the safe state and back to the active state while Channel A remained active. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the wiring. Perform a functional test of the device (put Channel A and Channel B in a safe state). Reset the fault.
4000H
4001H
4002H 4003H
Table 10 - DCM Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 20H Description No fault. The Input Status input was OFF (0) when the instruction started. Corrective Action None. Check the I/O module connection or the internal logic used to source input status.
34
Chapter 1
DCM Wiring and Programming Example

Cam Switch
1 V
3 I0
4 I1
14 T1
13 T0
24 I11
DeviceNet
1791-DS-IB12
G
Module 1
11
24V Ground
This programming diagram shows the instruction with inputs and outputs.
Equivalent Active High TBD ms Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.Combined Status Module1:I.Pt11Data CamSwitch DCM Output 1 Input Type Discrepancy Time Instruction Status Channel A Channel B Input Status Reset Fault Present See Note 1
Note 1: This is an internal Boolean tag used by other parts of the user application not shown in this example.

35
Chapter 1

DCM Dual Channel Input Monitor CamSwitch DCM CAM SWITCH Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 O1 IS FP
36
Chapter 1
37
Chapter 1
Dual-channel Input Stop (DCS)
The Dual-channel Input Stop instruction monitors dual-input safety devices whose main function is to stop a machine safely, for example, an E-stop, light curtain, or safety gate. This instruction can only energize Output 1 when both safety inputs, Channel A and Channel B, are in the active state as determined by the Input type parameter, and the correct reset actions are carried out.
DCS Instruction Parameters

IMPORTANT
38
Chapter 1
Table 11 - DCS Configuration Parameters
Parameter Safety Function Data Type List Description This parameter provides a text name for how this instruction is being used. Choices include E-stop, safety gate, light curtain, area scanner, safety mat, cable (rope) pull switch, and user-defined. This does not affect instruction behavior. It is for information/documentation purposes only. This parameter selects input channel behavior. Equivalent - Active High: Inputs are in the active state when Channel A and Channel B inputs are 1. Complementary: Inputs are in the active state when Channel A is 1 and Channel B is 0. The amount of time that the inputs are allowed to be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. Equivalent: Inconsistent state is when either is true: Channel A = 0 and Channel B = 1 Channel A = 1 and Channel B = 0 Complementary: Inconsistent state is when either is true: Channel A = 0 and Channel B = 0 Channel A = 1 and Channel B = 1 The valid range is 5...3000 ms. Restart Type List This input configures Output 1 for either Manual or Automatic Restart. Manual Automatic A transition of the Reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1. Output 1 is energized 50 ms after all of the enabling conditions are met.
Input Type
List
Integer
!
Cold Start Type List Manual Automatic
ATTENTION: Automatic Restart may be used only in application situations where you can prove that no unsafe conditions can occur as a result of its use, or the reset function is being performed elsewhere in the safety circuit (for example, output function).
This parameter specifies the Output 1 behavior when applying controller power or mode change to Run. Output 1 is not energized when the Input Status becomes valid or when the Input Status fault is cleared. (The device must be tested before Output 1 can be energized.) Output 1 is energized immediately when the Input Status becomes valid or when the Input Status fault is cleared and both inputs are in their active state.
39
Chapter 1
Table 12 - DCS Inputs
Name Channel A Channel B
(1) (1)
Data Type Boolean Boolean Boolean
Description This is one of the two safety inputs to the instruction. This is one of the two safety inputs to the instruction. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. If Restart Type = Manual, this input is used to energize Output 1 once Channel A and Channel B are both in the active state. If Restart Type = Automatic, this input is not used to energize Output 1. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Input Status
Reset(2)
Boolean
Table 13 - DCS Outputs
Name Output 1 (O1) Data Type Boolean Description The output is energized when the input conditions are satisfied. The output becomes de-energized when the following occurs: Either Channel A or Channel B transitions to the safe state. The Input Status input is OFF (0). Fault Preset (FP) Fault Code Diagnostic Code Boolean Integer Integer ON (1): A fault is present in the instruction. OFF (0): This instruction is operating normally. This output indicates the type of fault that occurred. See Table 14 on page 50 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 15 on page 50 for a list of diagnostic codes. This parameter is not safety-related.
IMPORTANT
40
Chapter 1
DCS Normal Operation

The timing diagram in Figure 20 illustrates normal operation with Restart Type configured for Manual and Cold Start Type configured for Manual. At (A), Output 1 will not be energized because the safety inputs have not been through the safe state (0 in this case). At (B), Output 1 is energized because the safety inputs have been cycled through the safe state and are in the active state when the reset is triggered. At (C), Output 1 is de-energized because one of the safety inputs (Channel A) has transitioned to a safe state. At (D), Output 1 is once again energized when a reset is triggered with both safety inputs in the active state.
Figure 20 - Normal Operation (Manual Restart, Manual Cold Start) Timing Diagram
Channel A
0 1
Channel B
0 1
Reset
0 1 0
A B C D
Output 1
Input Type = Equivalent - Active High Restart Type = Manual Cold Start Type = Manual Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
41
Chapter 1
Figure 21 demonstrates the same behavior as in the previous timing diagram except that the Input Type is Complementary.
Figure 21 - Normal Operation (Manual Restart, Manual Cold Start, Complementary) Timing Diagram
1
Channel A
0 1
Channel B
0 1
Reset
0 1 0
A B C D
Output 1
Input Type = Complementary Restart Type = Manual Cold Start Type = Manual Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
42
Chapter 1
Figure 22 illustrates normal operation with Cold Start Type configured for Automatic. When Cold Start Type is Automatic, Output 1 will be energized as soon as the Input Status becomes valid [OFF (0) to ON (1) transition] for the first time, such as when power is applied to a PLC controller. At (A), Output 1 is energized when the Input Status becomes valid with the safety inputs in the active state. At (B), Output 1 is de-energized when one of the safety inputs transitions to the safe state. Output 1 will not be energized again until (C), when the reset is triggered with the safety inputs in the active state. The Automatic Cold Start only has effect the first time the Input Status becomes valid.
Figure 22 - Normal Operation (Manual Restart, Automatic Cold Start) Timing Diagram
Channel A
1 0
Channel B
1 0
Reset
1 0 1
Input Status
0 1
Output 1
0
A B C
Input Type = Equivalent - Active High Restart Type = Manual Cold Start Type = Automatic Discrepancy Time = 250 ms
43
Chapter 1
Figure 23 illustrates normal operation with Automatic Restart and Manual Cold Start. Because Cold Start Type is Manual, both safety inputs must go through the safe state before Output 1 can be energized. At (A), Output 1 is energized automatically 50 ms after the safety inputs transition to the active state (1 in this case). At (B), Output 1 is de-energized when one of the safety inputs transitions to the safe state. At (C), Output 1 is automatically energized 50 ms after both safety inputs transition back to the active state.
Figure 23 - Normal Operation (Automatic Restart, Manual Cold Start) Timing Diagram
1 0
Channel A
Channel B
1 0 1
50 ms
Output 1
0
A
50 ms
Input Type = Equivalent - Active High Restart Type = Automatic Cold Start Type = Manual Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram. There is always a 50 ms delay before energizing Output 1 when it is configured to be energized automatically (Restart Type = Automatic).
44
Chapter 1
Figure 24 illustrates normal operation with Automatic Restart and Automatic Cold Start. Here the instruction does not have to wait for the safety inputs to go through the safe state. At (A), Output 1 is energized immediately after the Input Status becomes valid for the first time with the safety inputs in the active state.
Figure 24 - Normal Operation (Automatic Restart, Automatic Cold Start) Timing Diagram
1 0
Channel A
Channel B
1 0 1
Input Status
0 1
50 ms
Output 1
0
A B C
Input Type = Equivalent - Active High Restart Type = Automatic Cold Start Type = Automatic Discrepancy Time = 250 ms There is always a 50 ms delay before energizing Output 1 when it is configured to be energized automatically (Restart Type = Automatic).
45
Chapter 1
DCS Input Status Fault (Manual Cold Start)

The timing diagram in Figure 25 illustrates a fault occurring when the Input Status becomes invalid. When Cold Start Type is configured for Manual, the safety inputs must go through the safe state after a fault has been cleared. At (A), Output 1 is energized when a reset is triggered with the safety inputs in the active state. At (B), a fault occurs because the Input Status becomes invalid, which deenergizes Output 1. At (C), the fault cannot be cleared because the Input Status is still invalid. At (D), the fault is cleared, but Output 1 cannot yet be energized because the safety inputs must transition through the safe state when Cold Start Type is Manual. At (E), the safety inputs have gone through the safe state. At (F), Output 1 is once again energized when the reset is triggered.
Figure 25 - Input Status Fault (Manual Cold Start) Timing Diagram
Channel A
1 0
Channel B
1 0
Reset
1 0
Input Status
1 0
Fault Present
1 0
Output 1 1
0
A B C D E F
Input Type = Equivalent - Active High Restart Type = Manual Cold Start Type = Manual Discrepancy Time = 250 ms
46
Chapter 1
Figure 26 illustrates a fault occurring when the Input Status becomes invalid. When Cold Start Type is configured for Automatic, the safety inputs are not required to go through the safe state after a fault has been cleared. At (A), Output 1 is energized when the Input Status becomes valid because the Cold Start Type is Automatic. At (B), a fault occurs because the Input Status becomes invalid, which de-energizes Output 1. At (C), the fault cannot be cleared because the Input Status is still invalid. At (D), the fault is cleared because the Input Status is valid and a reset occurred. Output 1 is then energized because the Cold Start Type is Automatic. It is not necessary for the Safety Inputs to go through the safe state after an Input Status fault is cleared when the Cold Start Type is Automatic.
Figure 26 - Input Status Fault (Automatic Cold Start) Timing Diagram
Channel A
1 0
Channel B
1 0 1
Reset
0 1
Input Status
0 1 0
Fault Present
Output 1
1 0
A B C D
Input Type = Equivalent - Active High Restart Type = Manual Cold Start Type = Automatic Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (=1) for the entire timing diagram.
47
Chapter 1
DCS Cycle Inputs Fault

Figure 27 illustrates one of the two safety inputs transitioning to the safe state and back to the active state while Output 1 is energized. At (A), Output 1 is energized in the normal way. At (B), Channel A transitions to the safe state, which immediately de-energizes Output 1. At (C), Channel A transitions back to the active state before the 250 ms Discrepancy Time causes a fault. At (D), Output 1 is energized because the safety inputs have cycled through the safe state, and a reset has been triggered.
Figure 27 - Cycle Inputs Fault Timing Diagram
1 0
Channel A
Channel B
1 0 1
Reset
0 1 0
Fault Present
Output 1
1 0 A B C D
48
Chapter 1
DCS Discrepancy Fault

Figure 28 illustrates a fault occurring when Channel A and Channel B are in an inconsistent state for longer than the configured Discrepancy Time. At (A), a Discrepancy fault occurs because Channel A has been in the active state and Channel B has been in the safe state for 250 ms (Discrepancy Time). At (B), the fault is reset, but Output 1 is not energized because the safety inputs must cycle through the safe state after a Discrepancy fault is cleared, in order to energize Output 1. At (C), Output 1 is energized because the safety inputs have transitioned through the safe state and a reset has been triggered. At (D), another Discrepancy fault occurs when the safety inputs are again in an inconsistent state for longer than 250 ms.
1 0 250ms 250ms
Channel A
Channel B
1 0
Reset
1 0
Fault Present
1 0
Output 1
1 0 A B C D
DCS False Rung State Behavior

49
Chapter 1
DCS Fault and Diagnostic Codes

Table 14 - DCS Fault Codes and Corrective Actions
Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B was in the active state. Channel A went to the safe state and back to the active state while Channel B remained active. Channel B went to the safe state and back to the active state while Channel A remained active. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Reset the fault.
4000H
4001H
4002H 4003H
Table 15 - DCS Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 05H 20H 4000H 4001H Description No fault. The Reset input is held ON (1). The Input Status input was OFF (0) when the instruction started The device was not functionally tested at startup. The device was not functionally tested after a fault occurred. Corrective Action None. Set the Reset input to OFF (0). Check the I/O module connection or the internal logic used to source input status. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state).
50
Chapter 1
DCS Wiring and Programming Example

24V DC Momentary Push Button (reset) Latching E-stop
1 V
3 I0
4 I1
14 T1
13 T0
24 I11
DeviceNet
1791-DS-IB12
Module 1
G 11
24V Ground
Equivalent Active High TBD ms Manual Manual Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.Combined Status Module1:I.Pt11Data MainPanelEStop DCS Input Type Output 1 Discrepancy Time Restart Type Coldstart Type Channel A Channel B Input Status Reset Fault Present See Note 1
Note 1:This is an internal Boolean tag used by other parts of the user application not shown in this example.

51
Chapter 1

DCS Dual Channel Input Stop MainPanelEStop DCS EMERGENCY STOP Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) MANUAL Restart Type MANUAL Cold Start Type Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0
O1 FP
52
Chapter 1
53
Chapter 1
Dual-channel Input Stop with Test (DCST)
The Dual-channel Input Stop with Test instruction monitors dual-input safety devices whose main function is to stop a machine safely, for example, an E-stop, light curtain, or safety gate. This instruction can only energize Output 1 when both safety inputs, Channel A and Channel B, are in the active state as determined by the Input Type parameter, and the correct reset actions are carried out. In addition, this instruction has the ability to force a functional test of the stop device upon request. The timing diagrams from the Dual-channel Input Stop (DCS) instruction are applicable to this instruction as well. DCST operation diagrams, beginning on page 57, highlight the features of the test-related parameters such as Test Request and Test Command.
DCST Instruction Parameters

IMPORTANT
54
Chapter 1
Table 16 - DCST Configuration Parameters
Parameter Safety Function Data Type List Description This parameter provides a text name for how this instruction is being used. Choices include E-stop, safety gate, light curtain, area scanner, safety mat, cable (rope) pull switch, and user-defined. This does not effect instruction behavior. It is for information/documentation purposes only. This parameter selects input channel behavior. Equivalent - Active High: The inputs are in the active state when Channel A and Channel B inputs are 1. Complementary: The inputs are in the active state when Channel A is 1 and Channel B is 0. The amount of time that the inputs are allowed to be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. Equivalent: Inconsistent state is when either is true: Channel A = 0 and Channel B = 1 Channel A = 1 and Channel B = 0 Complementary: Inconsistent state is when either is true: Channel A = 0 and Channel B = 0 Channel A = 1 and Channel B = 1 The valid range is 5...3000 ms. Restart Type List This input configures Output 1 for either Manual or Automatic Restart. Manual Automatic A transition of the Reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1. Output 1 is energized 50 ms after all of the enabling conditions are met.
Input Type
List
Integer
!
ATTENTION: Automatic Restart may be used only in application situations where you can prove that no unsafe conditions can occur as a result of its use, or the reset function is being performed elsewhere in the safety circuit (for example, output function).
This parameter specifies the Output 1 behavior when applying controller power or mode change to Run. Output 1 is not energized when the Input Status becomes valid or when the Input Status fault is cleared. (The device must be tested before Output 1 can be energized.) Output 1 is energized immediately when the Input Status becomes valid or when the Input Status fault is cleared and both inputs are in their active state.
55
Chapter 1
Table 17 - DCST Inputs
Name Channel A(1) Channel B(1) Test Request Data Type Boolean Boolean Boolean Description This input is one of the two safety inputs to the instruction. This input is one of the two safety inputs to the instruction. This signal forces a functional test to occur. ON (1) -> OFF (0): Triggers a functional test. Output 1 is de-energized and the Test Command output is energized, prompting you to perform a functional test. The functional test is complete and the Test Command output is de-energized when Channel A and Channel B go to the safe state. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. If Restart Type = Manual, this input is used to energize Output 1 once Channel A and Channel B are both in the active state. If Restart Type = Automatic, this input is used to energize Output 1. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Input Status
Boolean
Reset(2)
Boolean
Table 18 - DCST Outputs
Name Output 1 (O1) Data Type Boolean Description This output is energized when the input conditions are satisfied. The output becomes de-energized when the following occurs: Either Channel A or Channel B transitions to the safe state. The Input Status input is OFF (0). A functional test is requested [Test Request->OFF (0)]. Test Command (TC) Fault Present (FP) Fault Code Diagnostic Code Boolean Boolean Integer Integer This output is energized when a functional test must be carried out. This parameter is not safety-related. ON (1): A fault is present in the instruction. OFF (0): This instruction is operating normally. This output indicates the type of fault that occurred. See Table 19 on page 59 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 20 on page 59 for a list of diagnostic codes. This parameter is not safety-related.
IMPORTANT
56
Chapter 1
DCST Functional Test Operation

The timing diagram in Figure 35 illustrates a manual function test being performed on a safety device, for example, a safety gate, with the instruction configured for Manual Restart. At (A), a manual functional test is requested because the Test Request input transitions from ON (1) to OFF (0). This immediately de-energizes Output 1 and energizes the Test Command output prompting you to test the device. At (B), the functional test is complete, so the Test Command output is de-energized. At (C), Output 1 is energized again when a reset is triggered.
Figure 35 - Functional Test Operation (Manual Restart) Timing Diagram
1 0
Channel A
Channel B
1 0 1
Reset
0 1 0
Test Request
Test Command
1 0
Output 1
1 0 A B C
57
Chapter 1
Figure 36 illustrates a manual function test being performed with Restart Type equal to Automatic. At (A), Output 1 is de-energized because the Test Request transitions from ON (1) to OFF (0). The Test Command output is also energized at this point. At (B), the Test Command output is de-energized because the functional test is complete. At (C), Output 1 is automatically energized 50 ms after the safety inputs enter the active state because the Restart Type is Automatic.
Figure 36 - Functional Test Operation (Automatic Restart) Timing Diagram
1
Channel A
0 1
Channel B
0 1
Test Request
0 1 0 1
Test Command
Output 1
0 A B C
50 ms
Input Type = Equivalent - Active High Restart Type = Automatic Cold Start Type = Automatic Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram. There is always a 50 ms delay before energizing Output 1 when it is configured to be energized automatically (Restart Type = Automatic).
DCST False Rung State Behavior

58
Chapter 1
DCST Fault and Diagnostic Codes

Table 19 - DCST Fault Codes and Corrective Actions
Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B was in the active state. Channel A went to the safe state and back to the active state while Channel B remained active. Channel B went to the safe state and back to the active state while Channel A remained active. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Reset the fault.
4000H
4001H
4002H 4003H
Table 20 - DCST Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 05H 20H 4000H 4001H Description No fault. The Reset input is held ON (1). The Input Status input was OFF (0) when the instruction started. The device was not functionally tested at startup. The device was not functionally tested after a fault occurred. Corrective Action None. Set the Reset input to OFF (0). Check the I/O module connection or the internal logic used to source input status. Perform a functional test of the device (put Channel A and Channel B in a safe state). Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Perform a functional test of the device (bring Channel A and Channel B to the safe state).
4030H
Waiting for the manual functional test to occur.
59
Chapter 1
DCST Wiring and Programming Example

24V DC Safety Gate Momentary Push Button (reset)
Stop
1 V
3 I0
13 T0
4 I1
14 T1
24 I11
DeviceNet
1791-DS-IB12
Module 1
T2 25
G 11
Test Prompt Lamp
24V Ground
60
Chapter 1
Equivalent Active High TBD ms Manual Manual Module1:I.Pt00Data Module1:I.Pt01Data See Note 1 Module1:I.Combined Status Module1:I.Pt11Data MainGate DCST Input Type Output 1 Discrepancy Time Test Command Restart Type Coldstart Type Channel A Channel B Test Request Input Status Reset Fault Present See Note 2 Module1:O.Test02Data
Note 1:This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. The falling edge (0->1) of the Test Request input forces a test to be executed (safe state must be observed). Connecting this input to the output that enables the hazard forces a test to be executed every time the hazard is stopped. Note 2: This is an internal Boolean tag used by other parts of the user application not shown in this example.


DCST Dual Channel Input Stop With Test MainGate DCST SAFETY GATE Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) MANUAL Restart Type MANUAL Cold Start Type Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 SeeNote1 Test Request 0 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 MainGate.TC O1 TC FP
Module1:O.Test02Data
Note 1:This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. The falling edge (0->1) of the Test Request input forces a test to be executed (safe state must be observed). Connecting this input to the output that enables the hazard forces a test to be executed every time the hazard is stopped.
61
Chapter 1
62
Chapter 1
63
Chapter 1
Dual-channel Input Stop with Test and Lock (DCSTL)
The Dual-channel Input Stop with Test and Lock instruction monitors dualinput safety devices whose main function is to stop safely, for example, an E-stop, light curtain, or safety gate. This instruction can only energize Output 1 when both safety inputs, Channel A and Channel B, are in the active state as determined by the Input type parameter, and the correct reset actions are carried out. In addition, this instruction has the ability to monitor a locked feedback signal from a safety device and issue a lock request to a safety device, for example a safety gate with guard locking. The Unlock Request input is used to request an electromagnetic lock or unlock. However, the hazard protected by this instruction must be stopped for the instruction to issue an unlock command. The Lock Feedback input is used to determine whether the safety device is currently locked. To energize Output 1, the Lock Feedback input must be ON (1) in addition to the requirements of the DCST instruction. The operation timing diagrams from the Dual-channel Input Stop (DCS) instruction and the Dual-channel Input Stop Test (DCST) instruction are applicable to this instruction as well. DCSTL operation diagrams, beginning on page 68, highlight the features of the lock-related parameters such as Unlock Request, Lock Feedback, Hazard Stopped, and Unlock Command.
64
Chapter 1
DCSTL Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. Make sure your safety input points are configured as single, not Equivalent or Complementary. These instructions provide all dual-channel functionality necessary for PLd (Cat. 3) or PLe (Cat. 4) safety functions. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect. The following table provides the parameters that are used to configure the instruction. These parameters cannot be changed at runtime.
Table 21 - DCSTL Configuration Parameters
Parameter Safety Function Input Type Data Type List List Description This parameter provides a text name for how this instruction is being used. Choices include slide lock, safety gate and user-defined. This does not affect instruction behavior. It is for information/documentation purposes only. This parameter selects input channel behavior. Equivalent - Active High: Inputs are in the active state when Channel A and Channel B inputs are 1. Complementary: Inputs are in the active state when Channel A is 1 and Channel B is 0. The amount of time that inputs are allowed to be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. Equivalent: Inconsistent state is when either is true: Channel A = 0 and Channel B = 1 Channel A = 1 and Channel B = 0 Complementary: Inconsistent state is when either is true: Channel A = 0 and Channel B = 0 Channel A = 1 and Channel B = 1 The valid range is 5...3000 ms. Restart Type List This input configures Output 1 for either Manual or Automatic Restart. Manual Automatic A transition of the Reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1. Output 1 is energized 50 ms after all of the enabling conditions are met. ATTENTION: Automatic Restart may be used only in application situations where you can prove that no unsafe conditions can occur as a result of its use, or the reset function is being performed elsewhere in the safety circuit (for example, output function).
IMPORTANT
Integer
!
This parameter specifies the Output 1 behavior when applying controller power or mode change to Run. Output 1 is not be energized when the Input Status becomes valid or when the Input Status fault is cleared. (The device must be tested before Output 1 can be energized.) Output 1 is energized immediately when the Input Status becomes valid or when the Input Status fault is cleared and both inputs are in their active state.
65
Chapter 1
Table 22 - DCSTL Inputs
Name Channel A(1) Channel B(1) Test Request Data Type Boolean Boolean Boolean Description This input is one of the two safety inputs to the instruction. This input is one of the two safety inputs to the instruction. This signal forces a functional test to occur. See the Test Type parameter for more information. ON (1) -> OFF (0): Triggers a functional test. Output 1 is de-energized and the Test Command output is energized, prompting you to perform a functional test. IMPORTANT: Do not request a test when a hazard is present (Hazard Stopped = 0) because the machine will stop and cause a fault in this instruction. This input is used to request a lock and unlock of electromechanical locking devices. OFF (0): Lock is requested (the Unlock command is de-energized). ON (1): Unlock is requested if the machine hazard is stopped. The Unlock command is energized if the Hazard Stopped input equals ON (1). This signal must also be used before locking and unlocking manual locks. Otherwise, a fault can occur because of invalid sequencing. This is the current state of the locking device. This input must be ON (1) to energize Output 1. OFF (0): The safety monitoring device is currently is not locked. ON (1): The safety monitoring device is currently locked. This is the hazard condition feedback signal. This input must be ON (1) for the instruction to issue an unlock command (energize the Unlock Command output). OFF (0): The Unlock Command output cannot be energized. ON (1): The Unlock Command output can be energized. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. If Restart Type = Manual, this input is used to energize Output 1 once Channel A and Channel B are both in the active state. If Restart Type = Automatic, this input is not used to energize Output 1. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Unlock Request
Boolean
Lock Feedback
Boolean
Hazard Stopped
Boolean
Input Status
Boolean
Reset(2)
Boolean
66
Chapter 1
Table 23 - DCSTL Outputs
Name Output 1 (O1) Data Type Boolean Description This output is energized when the input conditions are satisfied. The output becomes de-energized when the following occurs: Either Channel A or Channel B transitions to the safe state. The Input Status input is OFF (0). A functional test is requested, that is Test Request -> OFF (0). The Lock Feedback signal turns OFF (0). An unlock is requested and the hazard stops, that is Unlock Request -> ON (1) and Hazard Stopped -> ON (1). This output is energized when a functional test must be carried out. This parameter is not safety-related. This is an unlock signal for an electromechanical locking device or to prompt for manual unlock. ON (1): A fault is present in the instruction. OFF (0): This instruction is operating normally. This output indicates the type of fault that occurred. See Table 24 on page 72 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 25 on page 73 for a list of diagnostic codes. This parameter is not safety-related.
Test Command (TC) Unlock Command (ULC) Fault Present (FP) Fault Code Diagnostic Code
Boolean Boolean Boolean Integer Integer
IMPORTANT
67
Chapter 1
DCSTL Start-up Operation

The timing diagram in Figure 43 illustrates Output 1 being energized when the Cold Start Type is Manual. At (A), the gate is closed and requested to lock. At (B), the gate is considered locked when the Lock Feedback input transitions from OFF (0) to ON (1). At (C), Output 1 is energized when a reset is triggered. At (D), an unlock is requested when the Unlock Request signal transitions from OFF (0) to ON (1). At (E), the Unlock Command output is not energized until the Hazard Stopped input transitions from OFF (0) to ON (1). Output 1 is also de-energized at this point. At (F), Output 1 is energized again when the gate is opened, closed, and locked, and a reset is triggered. The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
Figure 43 - Start-up Operation (Manual Cold Start) Timing Diagram
Channel A Channel B Reset
1 0 1 0 1 0 1
Unlock Request Lock Feedback
0 1 0
Hazard Stopped Unlock Command
1 0 1 0
Output 1
1 0 A B C D E F
68
Chapter 1
Figure 44 illustrates start-up operation when the Cold Start Type is Automatic. At (A), Output 1 is immediately energized when power is first applied because the gate is closed and locked, and the Cold Start Type is Automatic. At (B), an unlock is requested when the Unlock Request signal transitions from OFF (0) to ON (1). At (C), the Unlock Command output is not energized until the Hazard Stopped input transitions from OFF (0) to ON (1). Output 1 is also deenergized at this point. At (D), Output 1 is energized when the gate is opened, closed, and locked, and a reset is triggered. The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
Figure 44 - Start-up Operation (Automatic Cold Start) Timing Diagram
1 0 1
Channel A Channel B Reset
0 1 0 1
Unlock Request Lock Feedback
0 1 0 1
Hazard Stopped Unlock Command
0 1 0 1
Output 1
0 A B C D
Input Type = Equivalent - Active High Restart Type = Manual Cold Start Type = Automatic Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
69
Chapter 1
DCSTL Device Not Tested After Unlock Fault

Figure 45 illustrates how a gate must be tested each time after it is unlocked if the Cold Start Type is Manual. At (A), Output 1 is energized when a reset is triggered. At (B), a fault is generated when the device is unlocked and re-locked without the gate being opened. At (C), the fault is cleared when a reset is triggered. Output 1 does not become energized because a functional test has not be performed on the gate. The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
Figure 45 - Device Not Tested After Unlock Fault (Manual Cold Start) Timing Diagram
Channel A Channel B Reset Unlock Request
0 1 0 1 0 1 0 1
Lock Feedback Hazard Stopped
0 1 0 1
Fault Present Unlock Command
0 1 0 1
Output 1
0 A B C
70
Chapter 1
DCSTL Functional Test After Fault Operation

The timing diagram in Figure 46 illustrates how the gate must be functionally tested after a fault occurs. At (A), Output 1 is energized when a reset is triggered with the gate closed and locked. At (B), a fault occurs because the gate is unlocked because the Unlock request never transitioned from OFF (0) to ON (1). At (C), the fault is reset when the reset is triggered, but Output 1 cannot be energized because the gate was not functionally tested after the fault occurred. At (D), the gate has been functionally tested and the gate is opened, unlocked, and the hazard has stopped, but Output 1 cannot be energized because the gate is not locked. At (E), Output 1 is energized when a reset is triggered with the gate now locked. The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
Figure 46 - Functional Test After Fault Timing Diagram
Channel A Channel B Reset Unlock Request
1 0 1 0 1 0 1 0 1
Lock Feedback
0 1
Hazard Stopped Fault Present Unlock Command Output 1
0 1 0 1 0 1 0 A B C D E
71
Chapter 1
DCSTL False Rung State Behavior

DCSTL Fault and Diagnostic Codes

Table 24 - DSCTL Fault Codes and Corrective Actions
Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B was in the active state. Channel A went to the safe state and back to the active state while Channel B remained active. Channel B went to the safe state and back to the active state while Channel A remained active. The device is locked in a non-active state. For example, a gate is open and locked. Check the wiring. Make sure the device is unlocked. Reset the fault. The device was not functionally tested after being unlocked. Unlock the device. Put the device in the safe state, for example, open gate. Reset the fault. Check the wiring. Check the mechanical lock components. Unlock the device. Put the device in the safe state, for example, open gate. Reset the fault. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Reset the fault.
4000H
4001H
4002H 4003H 4040H
4041H
4042H
The Lock Feedback input turned ON (1) without request. For example, the device became locked, but lock was not requested. Unlock Request input = 1 The Lock Feedback input turned OFF (0) without request. For example, the device became unlocked, but unlock was not requested. Unlock Request input = 0 The Hazard Stopped input was OFF (0) and Output 1 was not energized.
4043H
4044H
Make sure the hazard has stopped. Check the wiring. Make sure that the hazard protected by this device cannot become active without Output 1 being ON (1). Reset the fault. Make sure the hazard has stopped. Check the wiring. Make sure that the device cannot become unlocked while the hazard is running. Reset the fault.
4045H
The Lock Feedback input turned OFF (0) when the hazard was present. For example, the device became unlocked, and the Hazard Stopped input was OFF (0).
72
Chapter 1
Table 25 - DSCTL Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 05H 20H 4000H 4001H Description No fault. The Reset input is held ON (1). The Input Status input was OFF (0) when the instruction started. The device was not functionally tested at startup. The device was not functionally tested after a fault occurred. Corrective Action None. Set the Reset input to OFF (0). Check the I/O module connection or the internal logic used to source input status. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state with the device unlocked). Perform a functional test of the device (bring Channel A and Channel B to the safe state). Reset the Unlock Request input to 0 or manually lock the device. Check the wiring of the Lock Feedback input. If the device has a manual lock, make sure that it has been locked. Check the wiring of the Lock Feedback input. If the device has a manual lock, make sure that it has been unlocked. Check the wiring of the Lock Feedback input. Make sure that any machine hazard has completely stopped. Check the wiring of the Hazard Stopped input. Perform a functional test of the device (put Channel A and Channel B in a safe state).
4030H 4040H 4041H
Waiting for the manual functional test to occur. The device is unlocked. Output 1 cannot be energized until the device is locked. Waiting for the device to lock. The Unlock Request input has been set to 0, but the Lock Feedback input has not yet indicated that the device is unlocked. Waiting for the device to unlock. The Unlock Request input has been set to 1, but the Lock Feedback input has not yet indicated that the device is unlocked. Waiting for the hazard to stop. The Unlock Request input has been set to 1, but the Unlock Command cannot be issued until the Hazard Stopped input transitions to 1. The device is not functionally tested after it was unlocked.
4042H
4043H
4044H
73
Chapter 1
DCSTL Wiring and Programming Example

24V DC
A1
42
54
A2 53
22
34
Momentary Push Button (reset)
11
21
33
Safety Gate (MaintenanceGate)

1 V 5 I2 3 I0 4 I1 14 T1 13 T0 15 T0 23 O0 24 I11
DeviceNet
1791-DS-IB8XOB8
Module 1
T2 25
G 11
Test Prompt Lamp 24V Ground
74
Chapter 1
Equivalent Active High TBD ms Manual Manual Module1:I.Pt00Data Module1:I.Pt01Data See Note 1 See Note 2 Module1:I.Pt02Data MotionStopped 2 Module1:I.Combined Status Module1:I.Pt11Data MaintenanceGate DCSTL Input Type Output 1 Discrepancy Time Test Command Restart Type Unlock Command Coldstart Type Channel A Channel B Test Request Unlock Request Lock Feedback Hazard Stopped Input Status Reset Fault Present See Note 3 Module1:O.Test02Data Module1:O.Pt00Data
Note 1:This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. The falling edge (0->1) of the Test Request input forces a test to be executed (safe state must be observed). Connecting this input to the output that enables the hazard forces a test to be executed every time the hazard is stopped. Note 2: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. Note 3: This is an internal Boolean tag used by other parts of the user application not shown in this example.

75
Chapter 1

DCSTL Dual Channel Input Stop With Test And L... MaintenanceGate DCSTL SAFETY GATE Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) AUTOMATIC Restart Type MANUAL Cold Start Type Module3:I.Pt00Data Channel A 0 Module3:I.Pt01Data Channel B 0 SeeNote1 Test Request 0 SeeNote2 Unlock Request 0 Module3:I.Pt02Data Lock Feedback 0 MotionStopped Hazard Stopped 0 Module3:I.InputStatus Input Status 0 Module3:I.Pt07Data Reset 0 MaintenanceGate.TC MaintenanceGate.ULC O1 TC ULC FP
Module3:O.Test02Data Module3:O.Pt00Data
Note 1:This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. The falling edge (0->1) of the Test Request input forces a test to be executed (safe state must be observed). Connecting this input to the output that enables the hazard forces a test to be executed every time the hazard is stopped. Note 2:This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example.
76
Chapter 1
77
Chapter 1
Figure 53 - Module Output Configuration
78
Chapter 1
Dual-channel Input Stop with Test and Mute (DCSTM)
The Dual-channel Input Stop with Test and Mute instruction monitors dualinput safety devices whose main function is to stop safely, for example, an E-stop, light curtain, or safety gate. This instruction can only energize Output 1 when both safety inputs, Channel A and Channel B, are in the active state as determined by the Input type parameter, and the correct reset actions are carried out. In addition, this instruction has the ability to mute a safety device such as a light curtain. When muting is enabled, a safety device sensing field can be broken, where Channel A and Channel B can go to the safe state without de-energizing Output 1. The Muting Lamp Status input is used to monitor the status of the Muting Lamp output. If this input is ever OFF (0), a fault is generated. ATTENTION: When muting a safety device, the device is no longer protecting the hazard, so some other protection must be in place. The timing diagrams from the Dual-channel Input Stop (DCS) instruction and the Dual-channel Input Stop Test (DCST) instruction are applicable to this instruction as well. DCSTM operation diagrams, beginning on page 83, highlight the features of the mute-related parameters such as Mute, Muting Lamp Status, and Muting Lamp.
79
Chapter 1
DCSTM Instruction Description

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. Make sure your safety input points are configured as single, not Equivalent or Complementary. These instructions provide all dual-channel functionality necessary for PLd (Cat. 3) or PLe (Cat. 4) safety functions. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect. The following table provides the parameters that are used to configure the instruction. These parameters cannot be changed at runtime.
Table 26 - DCSTM Configuration Parameters
Parameter Safety Function Data Type List Description This parameter provides a text name for how this instruction is being used. Choices include area scanner, safety mat, light curtain, and user-defined. This does not affect instruction behavior. It is for information/documentation purposes only. This parameter selects input channel behavior. Equivalent - Active High: The inputs are in the active state when Channel A and Channel B inputs are 1. Complementary: The inputs are in the active state when Channel A is 1 and Channel B is 0. The amount of time that the inputs are allowed to be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. Equivalent: Inconsistent state is when either is true: Channel A = 0 and Channel B = 1 Channel A = 1 and Channel B = 0 Complementary: Inconsistent state is when either is true: Channel A = 0 and Channel B = 0 Channel A = 1 and Channel B = 1 The valid range is 5...3000 ms. Restart Type List This input configures Output 1 for either Manual or Automatic Restart. Manual Automatic A transition of the Reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1. Output 1 is energized 50 ms after all of the enabling conditions are met. ATTENTION: Automatic Restart may be used only in application situations where you can prove that no unsafe conditions can occur as a result of its use, or the reset function is being performed elsewhere in the safety circuit (for example, output function).
IMPORTANT
Input Type
List
Integer
!
This parameter specifies the Output 1 behavior when applying controller power or mode change to Run. Output 1 is not be energized when the Input Status becomes valid or when the Input Status fault is cleared. (The device must be tested before Output 1 can be energized.) Output 1 is energized immediately when the Input Status becomes valid or when the Input Status fault is cleared and both inputs are in their active state.
80
Chapter 1
Table 26 - DCSTM Configuration Parameters

Parameter Test Type Data Type List Description The parameter defines which type of test occurs when the Test Request input transitions from ON (1) to OFF (0). None Manual Turns the testing feature off. Output 1 is de-energized immediately when Test Request input transitions from ON (1) to OFF (0). The Test Command output is energized until a functional test is carried out, such as an open and close safety gate, break and clear light curtain, and reset actions are carried out depending on the setting of the Restart Type parameter. Output 1 remains energized when the Test Request input transitions from ON (1) to OFF (0) and the Test Command output is energized, which should force an automatic test of the safety device. For example, a light curtain that has test capability. If the Channel A and Channel B outputs correctly transition to the safe state and back to the active state before Test Time expires, the Test Command output is de-energized and the safety device continues normal operation. If the safety inputs do not correctly transition before Test Time expires, Output 1 is de-energized immediately and a fault is generated.
Active
Test Time
Integer
The maximum allowed time for an active test to complete. If the test does not complete within this time, a fault is generated. Refer to the Test Type parameter for more information. IMPORTANT: This time cannot exceed 150 ms for type-2 light curtains as specified by EN-61496-1. The valid range is 5...1000 ms.
Table 27 - DCSTM Input
Name Channel A(1) Channel B(1) Test Request Mute Data Type Boolean Boolean Boolean Boolean Description This input is one of the two safety inputs to the instruction. This input is one of the two safety inputs to the instruction. This signal forces a functional test to occur. See the Test Type parameter for more information. ON (1) -> OFF (0): Triggers a functional test. This input is used to mute the safety device. OFF (0): Mute is not activated. ON (1): Mute is activated. The Muting Lamp output is energized and Output 1 will not be de-energized when the safety device is tripped (Channel A or Channel B enters the safe state). This is the status of the muting lamp. If this status is not valid, Output 1 is de-energized immediately and a fault is generated. OFF (0): The Muting Lamp Status is invalid. A fault is generated. ON (1): The Muting Lamp Status is valid. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. If Restart Type = Manual, this input is used to energize Output 1 once Channel A and Channel B are both in the active state. If Restart Type = Automatic, this input is not used to energize Output 1. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): the Fault Present and Fault Code outputs are reset.
Muting Lamp Status
Boolean
Input Status
Boolean
Reset(2)
Boolean
81
Chapter 1
Table 28 - DCSTM Outputs
Name Output 1 (O1) Data Type Boolean Description This output is energized when the input conditions are satisfied. The output becomes de-energized when the following occurs: Test Command (TC) Boolean Either Channel A or Channel B transitions to the safe state. The Input Status input is OFF (0). A manual test is requested (Test Request turns OFF (0) when Test Type = Manual). An Active Test fault occurs (the Active Test does not complete with Active Test Time). The Mute input transitions from ON (1) to OFF (0) when Channel A or Channel B is in the safe state. The Muting Lamp Status input is OFF (0).
If Test Type = Manual, this output is energized when a manual functional test must be carried out. If Test Type = Active, this output is energized to notify a safety device, such as light curtain, that an automatic test should be carried out. This output is intended to drive a muting lamp.(1) The status of the muting lamp should be fed into the Muting Lamp Status input. ON (1): Muting is currently active. The Muting Lamp is turned ON (1). OFF (0): Muting is not currently active. This output turns ON (1) when the inputs are in a safe state regardless of whether the instruction is muted or not. ON (1): The inputs are currently in the safe state. OFF (0): The inputs are not currently in the safe state. ON (1): A fault is present in the instruction. OFF (0): This instruction is operating normally. This output indicates the type of fault that occurred. See Table 29 on page 85 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 30 on page 85 for a list of diagnostic codes. This parameter is not safety-related.
Muting Lamp (ML)
Boolean
Safe State (SS)
Boolean
(1) Guard I/O module test outputs, configured for muting, can be used for this purpose.
IMPORTANT
82
Chapter 1
DCSTM Normal Operation

The timing diagram in Figure 54 illustrates the normal muting behavior. At (A), the Muting Lamp output is energized when the Mute input turns ON (1). At (B), Output 1 is not de-energized because the instruction is currently muted. At (C), muting is turned OFF (0) but Output 1 remains energized because the safety inputs are now in the active state. At (D), Output 1 is de-energized because safety inputs transition to the safe state and muting is no longer turned ON (1). At (E), muting is activated again, but does not energize Output 1 because the Mute signal is never allowed to energize Output 1. At (F), Output 1 is energized 50 ms after the safety inputs enter the active state. At (G), Output 1 is de-energized when muting is disabled and the safety inputs are in the safe state.
1 0
Channel A
Channel B
1 0
Mute
1 0
Muting Lamp Status
1 0
Muting Lamp
1 0
Output 1
1 50 ms 0 A B C D E F G
Input Type = Equivalent - Active High Restart Type = Automatic Cold Start Type = Automatic Discrepancy Time = 250 ms Test Type = Manual Test Time = Not Applicable If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram. There is always a 50 ms delay before energizing Output 1 when it is configured to be energized automatically (Restart Type = Automatic).
83
Chapter 1
DCSTM Muting Lamp Status Fault Operation

Figure 55 illustrates the Muting Lamp Status fault. At (A), the safety inputs enter the safe state, but Output 1 remains energized because the instruction is muted. At (B), the Muting Lamp Status input transitions to an invalid state. This immediately de-energizes Output 1 and the Muting Lamp output and generates a fault. At (C), the fault cannot be reset because the Muting Lamp Status is still invalid. At (D), the fault is cleared because a reset is triggered and the Muting Lamp Status is now valid. This also energizes Output 1 because the safety inputs are in the active state.
Figure 55 - Muting Lamp Status Fault Timing Diagram
1
Channel A
0 1
Channel B
0 1 0
Reset
Mute
1 0
Muting Lamp Status
1 0
Muting Lamp
1 0
Fault Present
1 0
Output 1
1 0 A B C D
Input Type = Equivalent - Active High Restart Type = Manual Cold Start Type = Automatic Discrepancy Time = 250 ms Test Type = Manual Test Time = Not Applicable If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
DCSTM False Rung State Behavior

Chapter 1
DCSTM Fault and Diagnostic Codes

Table 29 - DCSTM Fault Codes and Corrective Actions
Fault Code 00H 01H 20H Description No fault. The Muting Lamp Status transitioned to an invalid state while the instruction was running. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state. Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B was in the active state. Channel A went to the safe state and back to the active state while Channel B remained active. Channel B went to the safe state and back to the active state while Channel A remained active. The Active test did not complete within the Test Time. Check the device. Make sure the test feature is working properly. Reset the fault. Corrective Action None. Check the status of the Mute input. Reset the fault. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Reset the fault.
4000H
4001H
4002H 4003H 4030H
Table 30 - DCSTM Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 05H 20H 4000H 4001H Description No fault. The Reset input is held ON (1). The Input Status input was OFF (0) when the instruction started. The device was not functionally tested at startup. The device was not functionally tested after a fault occurred. Corrective Action None. Set the Reset input to OFF (0). Check the I/O module connection or the internal logic used to source input status. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Check the wiring. Perform a functional test of the device (bring Channel A and Channel B to the safe state). Perform a functional test of the device (bring Channel A and Channel B to the safe state). Information only.
4030H 4031H
Waiting for the manual functional test to occur. The Active test is in progress.
85
Chapter 1
DCSTM Wiring and Programming Example

This example complies with ISO 13849-1, Category 4 operation. The standard control portion of the application is not shown. In this example, the safety function of the Two-hand Run Station lets the light curtain safety function be muted when both buttons are pressed. This assumes that all of the user-responsible clauses in EN 574 are met. This example also uses the inverted output of the Two-hand Run Station to drive the Test Request input of the Dual-channel Input Stop with Test and Mute instruction (DCSTM). This causes the light curtain and its associated input points and wiring to be tested every time both buttons on the Two-hand Run Station are pressed.
24V DC
+24V DC
1 1 2 3 2 4
Aux Out +24V DC Ground EDM OSSD 2 OSSD 1 0V DC Start/Restart

1 V 4 I1 3 I0 5 I2 6 I3 15 T0 17 T0 7 I4 8 I5
Two-hand Run Station
Test 0V DC
5 4 6 7 3 8
Light Curtain
16 T1 18 T1 24 I11
DeviceNet
1791-DS-IB12
Module 1
G 11
T2 25
T3 28
Muting Lamp 24V Ground
86
Chapter 1
This programming diagram shows the DCSTM instruction used with the THRSe instruction.
Equivalent Active High TBD ms Manual Manual Active TBD ms Module1:I.Pt00Data Module1:I.Pt01Data TBS ms See Note 1 0 Module1:I.Pt02Data Module1:I.Pt03Data Module1:I.Pt04Data Module1:I.Pt05Data THRSe Discrepancy Time Output 1 OperatorStationLightCurtain DCSTM See Note 2 Input Type Output 1 Discrepancy Time Module1:O.Test02Data Test Command Restart Type Module1:O.Test03Data Muting Lamp Coldstart Type Safety State Test Type Channel A Channel B Test Request Mute Muting Lamp Status Input Status Reset Fault Present
Enable Station Bypassed Module1:MutingStatus Disconnected Buttons Released Right Button Normally Open Right Button Normally Closed Left Button Normally Open Left Button Normally Closed Input Status Reset Fault Present
Module1:I.Combined Status Module1:I.Pt11Data

Note 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. Note 2: This is an internal Boolean tag used by other parts of the user application not shown in this example.

87
Chapter 1

THRSe Two Hand Run Station Enhanced OperatorStationPalmButtons THRSe 500 Discrepancy Time (Msec) SeeNote1 Enable 0 ALWAYS_CONNECTED Disconnected 0 Module1:I.Pt02Data Right Button Normally Open 0 Right Button Normally Closed Module1:I.Pt03Data 1 Module1:I.Pt04Data Left Button Normally Open 0 Module1:I.Pt05Data Left Button Normally Closed 0 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 OperatorStationPalmButtons.O1 / O1 BR SB FP
OperatorStationLightCurtain.TestRequest
DCSTM Dual Channel Input Stop With Test And Mute OperatorStationLightCurtain DCSTM LIGHT CURTAIN Safety Function EQUIVALENT - ACTIVE HIGH Input Type 500 Discrepancy Time (Msec) MANUAL Restart Type MANUAL Cold Start Type ACTIVE Test Type 150 Test Time (Msec) Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 Module1:I.Pt02Data Test Request 0 OperatorStationPalmButtons.O1 Mute 0 Muting Lamp Status Module1:I.MutingStatus 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 OperatorStationLightCurtain.TC OperatorStationLightCurtain.ML
O1 TC ML SS FP
Module1:O.Test02Data Module1:O.Test03Data
Note 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example.
88
Chapter 1
89
Chapter 1
90
Chapter 1
Dual-channel Analog Input

[(DCA) - integer version] [(DCAF) - floating point version]
The Dual-channel Analog Input instruction monitors two analog input channels originating from an analog input module. Output 1 turns on when both analog inputs, Channel A and Channel B, are within the Tolerance and the High and Low Limit settings, and the correct reset actions have been performed. IMPORTANT Do not use the DCA instruction in conjunction with the Guard I/O analog modules dual-channel feature. Set Guard I/O module inputs to singlechannel when using the DCA or DCAF instruction.
DCA(F) Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect.
91
Chapter 1
Table 31 - DCA(F) Configuration Parameters
Parameter Restart Type Data Type List Description This parameter configures Output 1 for either Manual or Automatic Restart. Manual Automatic When both Channel A and Channel B are within the Tolerance setting and within the High and Low Limit settings, a transition of the Reset input from OFF (0) to ON (1) is required to energize Output 1. Output 1 is energized 50 ms after both Channel A and Channel B are within the Tolerance setting and within the High and Low Limit settings. ATTENTION: Automatic Restart may be used only in application situations where you can prove that no unsafe conditions can occur as a result of its use, or the reset function is being performed elsewhere in the safety circuit (for example, output function).
!
This parameter specifies the Output 1 behavior when applying controller power or mode change to Run. Output 1 is not energized when the Input Status becomes valid or when the Input Status fault is cleared. When both Channel A and Channel B are within the Tolerance setting and within the High and Low Limit settings, Output 1 is energized immediately when the Input Status becomes valid or when the Input Status fault is cleared.
Table 32 - DCA(F) Inputs
Name Channel A Channel B Discrepancy Time (ms) Data Type Integer (DCA) REAL (DCAF) Integer (DCA) REAL (DCAF) Integer Description This input is one of the two safety analog inputs to the instruction. This input is one of the two safety analog inputs to the instruction. The amount of time that the Channel A and Channel B inputs are allowed to be out of tolerance before an instruction fault is generated. The valid range is 0, 5...3000 ms. A setting of 0 disables the timer. The value of 0 can only be applied via the use of a tag. IMPORTANT: Values from 1 4 are reset to the minimum value (5). Values greater than 3000 are reset to the maximum value (3000). The HTP Output turns ON when the Channel A or Channel B input exceeds this value. The LTP Output turns ON when the Channel A or Channel B input drops below this value. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset. The number of counts that Channel A and Channel B can differ by without affecting Output 1.
High Limit Low Limit Input Status
Integer (DCA) REAL (DCAF) Integer (DCA) REAL (DCAF) Boolean
Reset(1) Tolerance
Boolean Integer (DCA) REAL (DCAF)
(1) ISO 13849-1 stipulates instruction reset functions must occur on falling edge signals. To comply with ISO 13849-1 requirements, add this logic immediately before this instruction. Rename the Reset_Signal tag in this example to your reset signal tag name. Then use the OSF instruction Output Bit tag as the instructions reset source.
92
Chapter 1
The following table explains instruction outputs. The outputs may be used to drive external tags (safety output modules) or internal tags for use in other logic routines.
Table 33 - DCA(F) Outputs
Name Output 1 (O1) Data Type Boolean Description This output is energized when the input conditions have been satisfied. The output becomes de-energized when the following occurs: The difference between the Channel A and Channel B input values exceeds the Tolerance setting for longer than the Discrepancy Time. Channel A and or Channel B exceed the High or Low Limit settings. The Input Status input is OFF (0). ON (1): The Channel A or Channel B input exceeds the High Limit input value. OFF (0): The Channel A or Channel B input is less than or equal to the High Limit input value. ON (1): The Channel A or Channel B input drops below the Low Limit input value. OFF (0): The Channel A or Channel B input is greater than or equal to the Low Limit input value. This output represents the length of time in hours that Output 1 has been ON. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 34 on page 101 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 35 on page 101 for a list of diagnostic codes. This parameter is not safety-related. This output contains the firmware revision level of the instruction.
High Trip Point (HTP) Low Trip Point (LTP) O1 On Time Fault Present (FP) Fault Code Diagnostic Code Revision
Boolean Boolean Integer Boolean Integer Integer Constant
IMPORTANT
93
Chapter 1
DCA(F) Normal Operation

The timing diagram in Figure 62 illustrates normal operation with Restart Type configured for Manual and Cold Start Type configured for Manual. At (A), Output 1 is energized because the Channel A and Channel B inputs are within the Tolerance setting and within the High and Low Limits settings when the reset is triggered. At (B), Output 1 is de-energized because the Channel A input has gone below the Low Limit. Output 1 is energized at (C) when a reset is triggered because Channel A is now within the Tolerance and Limit settings.
Figure 62 - Normal Operation (Manual Restart, Manual Cold Start) Timing Diagram
High Limit Channel A Channel B Low Limit Reset HTP
1 0 1 0 1
LTP
0
Output 1
1 0 A B C
Discrepancy Time = 250 ms If the Input Status input is not shown, it is assumed that the input status is valid (ON = 1) for the entire timing diagram.
94
Chapter 1
Figure 63 illustrates normal operation with Restart Type configured for Manual and Cold Start Type configured for Automatic. When the Cold Start Type is Automatic, Output 1 is energized as soon as the Input Status input becomes valid [OFF (0) to ON (1) transition] for the first time, such as when power is applied to a PLC controller. At (A), Output 1 is energized immediately after the Input status becomes valid while the Channel A and Channel B inputs are within Tolerance and within the High and Low Limits. At (B), Output 1 is de-energized when the Channel B input falls below the Low Limit. Output 1 cannot be energized again until (C), when a reset is triggered while the Channel A and Channel B inputs are within the Tolerance and Limit settings.
Figure 63 - Normal Operation (Manual Restart, Automatic Cold Start) Timing Diagram
High Limit Channel A Channel B Low Limit
1
Reset
0 1
Input Status
0 1
HTP
0 1
LTP
0 1
Output 1
0 A B C
Discrepancy Time = 250 ms
95
Chapter 1
Figure 64 illustrates normal operation with Automatic Restart and Manual Cold Start. At (A), Output 1 is energized when a reset is triggered while the Channel A and Channel B inputs are within Tolerance and within the High and Low Limits. Output 1 is de-energized at (B) when the Channel B input drops below the Low Limit. Output 1 is automatically energized again at (C), 50 ms after the Channel B input is back within the Tolerance and Limit settings.
Figure 64 - Normal Operation (Automatic Restart, Manual Cold Start) Timing Diagram
1
Reset
0 1
50 ms
Input Status
0 1
HTP
0 1
LTP
0 1
Output 1
0
96
Chapter 1
Figure 65 illustrates normal operation with Automatic Restart and Automatic Cold Start. When the Cold Start Type is Automatic, Output 1 is energized as soon as the Input Status input becomes valid [OFF (0) to ON (1) transition] for the first time, such as when power is applied to a PLC controller. Channel A and Channel B must be within Tolerance and within the High and Low Limits for Output 1 to be energized. At (A), Output 1 is energized when the Input Status input becomes valid while the Channel A and Channel B inputs are within Tolerance and within the High and Low Limits. At (B), Output 1 is de-energized when the Channel A and Channel B inputs go above the High Limit. Output 1 is automatically energized at (C), 50 ms after the Channel A and Channel B inputs fall back within the Limits while remaining within Tolerance.
Figure 65 - Normal Operation (Automatic Restart, Automatic Cold Start) Timing Diagram
1
50 ms
Input Status
0 1
HTP
0 1
LTP
0 1
Output 1
0 A B C
97
Chapter 1
DCA(F) Input Status Fault

Figure 66 shows a fault occurring when the Input Status input becomes invalid. Output 1 is energized at (A), when a reset is triggered and the Channel A and Channel B inputs are within the Tolerance and the High and Low Limits. A fault occurs at (B) because the Input Status input becomes invalid, which de-energizes Output 1. The fault cannot be cleared at (C) because the Input Status is still invalid. At (D), Input Status is valid, the fault is cleared, and Output 1 is energized when the reset is triggered.
Figure 66 - Input Status Fault (Manual Restart, Manual Cold Start) Timing Diagram
1
Reset
0 1
Input Status
0 1
HTP
0 1
LTP
0 1
Fault Present
0 1
Output 1
0 A B C D
98
Chapter 1
Figure 67 illustrates a fault occurring when the Input Status input becomes invalid. Output 1 is energized at (A), when the Input Status becomes valid because the Cold Start Type is Automatic and the Channel A and Channel B inputs are within Tolerance and within the High and Low Limits. A fault occurs at (B) when the Input Status becomes invalid, which de-energizes Output 1. The fault cannot be cleared at (C) because the Input Status is still invalid. At (D), Input Status is valid, the fault is cleared, and Output 1 is energized when the reset is triggered.
Figure 67 - Input Status Fault (Manual Restart, Automatic Cold Start) Timing Diagram
1
Reset
0 1
Input Status
0 1
HTP
0 1
LTP
0 1
Fault Present
0 1
Output 1
0 A B C D
99
Chapter 1
DCA(F) Discrepancy Fault

Figure 68 illustrates a fault occurring when the difference between Channel A and Channel B exceeds the Tolerance for longer than the Discrepancy Time. At (A), Channel A and Channel B go out of Tolerance and the discrepancy timer starts. At (B), a discrepancy fault occurs because Channel A and Channel B have been out of Tolerance for at least 250 ms, the configured Discrepancy Time. At (C), the fault is not cleared because the difference between the Channel A and Channel B inputs is still greater than the Tolerance. The fault is cleared and Output 1 is energized at (D) when a reset is triggered and the difference between the Channel A and Channel B inputs falls within the Tolerance. At (E), the difference between Channel A and Channel B again goes beyond the Tolerance and the discrepancy timer starts. Another discrepancy fault occurs at (F) when the Discrepancy Time is exceeded.
Figure 68 - Discrepancy Fault (Manual Restart) Timing Diagram
1
250 ms 250 ms
Reset
0 1
Input Status
0 1
HTP
0 1
LTP
0 1
Fault Present
0 1
Output 1
0 A B C D E F
DCA(F) False Rung State Behavior

100
Chapter 1
DCA(F) Fault and Diagnostic Codes

Table 34 - DCA(F) Fault Codes and Corrective Actions
Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The difference between Channel A and Channel B input values exceeded the Tolerance setting for longer than the Discrepancy Time. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the wiring. Bring Channel A and Channel B to within the tolerance level. Reset the fault.
4050H
Table 35 - DCA(F) Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 05H 20H 4050H 4051H 4052H 4053H 4054H 4055H 4056H 4057H 4058H Description No fault. The Reset input is held ON (1). The Input Status input was OFF (0) when the instruction started At startup, the difference between Channel A and Channel B input values is greater than the Tolerance setting. The Low Limit setting is greater than the High Limit setting. The Channel A input value is less than the Low Limit setting. The Channel B input value is less than the Low Limit setting. The Channel A input value is greater than the High Limit setting. The Channel B input value is greater than the High Limit setting. The Tolerance input value is a negative number. The difference between Channel A and Channel B input values is greater than the Tolerance setting. The Discrepancy Time setting is not within the allowable range and is being forced to the minimum or maximum value. Change the Tolerance input value to a positive number. Verify that Channel A and Channel B inputs are valid and adjust the tolerance setting appropriately for the application. Adjust the Discrepancy Time setting to within the allowable range of 53000 ms. Verify that the Channel A and Channel B inputs are valid and adjust the High and Low Limit settings appropriately for the application. Corrective Action None. Set the Reset input to OFF (0). Check the I/O module connection or the internal logic used to source input status. Verify that Channel A and Channel B inputs are valid and adjust the tolerance setting appropriately for the application. Adjust the settings so that the Low Limit setting is less than the High Limit setting.
DCA(F) Wiring and Programming Example

This example complies with ISO13849 PLe and IEC61511 SIL 3 operation. It is an example of a relatively simple safety application where temperature sensors are represented by the two 4-wire sensors. The example shows how to interface the field devices to a 1734-IE4S POINTGuard Analog Input module. It illustrates how to configure the I/O modules and use I/O tags in the associated logic for this simple application, including how to use the Dual Channel Analog input instruction to control the safety aspects of this application. The standard/control part of this application is not shown.
101
Chapter 1
This example does not include I/O conditioning and fault latching logic which may be desired for diagnostic reasons.
+24V
1734-AENT 000
Safety Analog Input
1734-IE4S
NC
0
NC
1
V0
0
V1
1
V2 0 I2
2
V3
1
SIL 2 4-Wire Sensor1 Signal (V) Signal Return +24V Common
GND GND
2 3
I0
2
I1
3
I3
3
COM COM COM COM COM COM

4 5 4 5 4 5
V
6
V
7
S0
6
S1
7
S2
6
S3
7
COM COM COM COM

8 9 8 9
S0
10
S1
11
S2
10
S3
11
SIL 2 4-Wire Sensor1 Signal (V) Signal Return +24V Common
24V Ground
(1) Signal Return and Common are at the same potential. (2) If the sensor has a digital output for use with the Tachometer mode, it must be a push-pull type or have appropriate pull-up or pull-down resistors for NPN or PNP type. The 1734-IE4S module does not provide low impedance of these pull-up or pull-down resistors. (3) This wiring configuration is also used for SIL 2 redundant Tachometer mode. (4) For analog voltage output sensors, the signal levels for operation for the application must be outside the signal level when the signal is not present, for example, when the wire is broken.
102
Chapter 1
This programming diagram shows the instruction with inputs.

500 ms Manual Manual 100 Module1:1:I.Ch0Data Module1:1:I.Ch1Data 8000 2000 Module1:1:I.Ch0InputStatus Status Module1:1:I.Ch1InputStatus & See Note 2 Dual Channel Input Discrepancy Time Restart Type Cold Start Type Tolerance Channel A Channel B High Limit Low Limit Input Status Reset O1 High Trip Point (HTP) Low Trip Point (LTP) Fault Present O1 On Time Fault Code Diagnostic Code Revision See Note 1
Note 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. Note 2: The source can be mapped or safety data.


Module1:1:I.Ch0InputStatus Module1:1:I.Ch1InputStatus CombinedStatus
DCA Dual Channel Analog Input DCA Temperature_Sensor Revision 0 Restart Type MANUAL Cold Start Type MANUAL Channel A Module1:1:I.Ch0Data 0 Channel B Module1:1:I.Ch1Data 0 Tolerance 100 Discrepancy Time (Msec) High Limit Low Limit Input Status Reset 500 8000 2000
O1 HTP LTP FP
CombinedStatus 0 Temperature_Sensor_Reset 0 Diagnostic Code 0 Fault Code 0
RSLogix 5000 software is used to configure the input parameters of the Guard I/O module, as illustrated. Set up the module definition as shown in Figure 72 on page 104.
103
Chapter 1
Rockwell Automation suggests using Exact Match, as shown. However, setting Electronic Keying to Compatible Match is allowed. Configure the modules inputs as shown in Figure 73 and Figure 74.
Figure 73 - Module Safety Input Configuration
104
Chapter 1
Set up Module1 Alarm Configuration for Channel 0 and 1. Set up Channel 0 as shown in Figure 75, and then configure Channel 1 identical to Channel 0. IMPORTANT Do not check the Alarm check boxes. Doing so enables the Analog Modules dual channel feature which should not be used in conjunction with the DCA instruction.
Figure 75 - Alarm Configuration
105
Chapter 1
Safety Mat (SMAT)
The Safety Mat instruction indicates, through Output 1, whether or not the safety mat is occupied. Safety mats typically consist of two conductive plates held apart by nonconductive separators. Each conductive plate, Channel A and Channel B of the safety mat, are alternately sourced by the safety-mat instructions Source A and Source B outputs. Output A and Output B of the safety mat are routed to the safety mat instructions Channel A and Channel B inputs.
SMAT Instruction Parameters

IMPORTANT
106
Chapter 1
The following table provides the parameters that are used to configure the instruction.
Table 36 - SMAT Configuration Parameters
Parameter Restart Type Data Type List Description Configures Output 1 for either Manual or Automatic Restart. Manual Automatic A transition of the Reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1. Output 1 is energized 50 ms after all of the enabling conditions are met. ATTENTION: Automatic Restart may be used only in application situations where you can prove that no unsafe conditions can occur as a result of its use, or the reset function is being performed elsewhere in the safety circuit (for example, output function).
!
Short Circuit Detect Delay Time Integer
This parameter is the time (5...250 ms) that the instruction uses to determine the difference between a short circuit and someone stepping on the safety mat. When using this instruction with 1791DS I/O modules, the short-circuit detection-delay time has to be greater than the associated modules input-error latch time. The modules input-error latch time holds the test output fault generated by the two channels being shorted together for the configured amount of time. Output 1 goes to the safe state as soon as possible (task period and input filter dependent), only the declaration of a fault is delayed by this time. It has no effect on the safety reaction time.
The following table explains instruction inputs. The inputs are typically used to select different modes of application operation by enabling other instructions.
Table 37 - SMAT Inputs
Name Channel A(1) Channel B(1) Input Status Data Type Boolean Boolean Boolean Description This input is sourced by the Channel A output of the safety mat. This input is sourced by the Channel B output of the safety mat. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. If the Restart Type = Manual, this input is used to energize Output 1. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Reset(2)
Boolean
107
Chapter 1
The following table provides the outputs to the instruction. In many applications, the output tags may represent the state of actual field devices. They may also be internal tags used to represent machine state information for use with other instructions.
Table 38 - SMAT Outputs
Name Output 1 (O1) Data Type Boolean Description This output is energized when all of the input conditions are satisfied. The output becomes de-energized when the following occurs: An instruction detects an open or a short circuit condition. The normal operation of the instruction causes Output 1 to be de-energized. Source A (SRCA) Source B (SRCB) Fault Code Diagnostic Code Fault Present (FP) Boolean Boolean Integer Integer Boolean This output is used to source the Channel A input of the safety mat. This output is used to source the Channel B input of the safety mat. This output indicates the type of fault that occurred. See Table 39 on page 114 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 40 on page 114 for a list of diagnostic codes. This parameter is not safety-related. ON (1): A fault is present in the instruction. OFF (0): This instruction is operating normally.
IMPORTANT
SMAT Circuit Verification Test

The Safety Mat instruction monitors the Channel A and Channel B Safety Mat inputs. Before Output 1 can be energized, a verification of the safety mat circuit must be completed, verifying that the Source A and Source B output to Channel A and Channel B input connections are good. This is referred to as the circuit verification test (CVT) and is identified by the shaded areas in the timing diagrams. Output 1 can be energized when the CVT test is successful and the proper Restart Type conditions are met.
108
Chapter 1
SMAT Manual Restart Operation

Figure 76 illustrates the instruction being configured for Manual Restart. At (A), Output 1 is energized when the Reset input transitions from OFF (0) to ON (1) after the circuit verification test (CVT).
Figure 76 - Manual Restart Timing Diagram
Channel A
1 0
Channel B
1 0 1
Reset
0 1 0
Source A
Source B
1 0
Output 1
1 0
The shaded area is the CVT.
109
Chapter 1
SMAT Automatic Restart Operation

The timing diagram illustrates the instruction being configured for Automatic Restart. At (A), Output 1 is energized 50 ms after the circuit verification test (CVT).
Figure 77 - Automatic Restart Timing Diagram
Channel A
1 0 1
Channel B
0 1 0 1
Reset
Source A
0 1
Source B
0 1 50 ms
Output 1
0 A
110
Chapter 1
Safety Mat Occupied Operation

Figure 78 illustrates Output 1 being de-energized when the safety mat becomes occupied. At (A), the safety mat is considered occupied and Output 1 is deenergized when the Channel A and Channel B inputs are both ON (1). At (B), the Channel A and Channel B inputs follow the Source A output for as long as the safety mat is occupied.
Figure 78 - Safety Mat Occupied Timing Diagram
1 0
Channel A
1 0
Channel B
1 0
Reset
1 0
Source A
1 0
Source B
1 0
Output 1
A B
111
Chapter 1
Safety Mat Unoccupied Operation

Figure 79 illustrates the safety mat being unoccupied and the Safety Mat instruction is initializing. At (A), the Channel A and Channel B inputs begin tracking the Source A and Source B outputs. Output 1 can then be energized based on the configured Restart Type and after the circuit verification test (CVT).
Figure 79 - Safety Mat Unoccupied Timing Diagram
1 0
Channel A
Channel B
1 0 1
Reset
0 1 0
Source A
Source B
1 0
Output 1
1 0 A
112
Chapter 1
SMAT Fault Detection Operation

This instruction detects source output to channel input open circuits and short circuits. A short circuit between Channel A and Channel B appears to the instruction as though the mat is occupied, where Output 1 is de-energized. Figure 80 illustrates the safety mat being occupied and the connection between Source A and Channel A is opened. The Restart Type is configured for Manual. At (A), the circuit is opened and the Channel A input stops following the Source A output. Output 1 is de-energized and the short-circuit detect delay timer is started. At (B), the timer expires and a fault is generated. At (C), the opened circuit is corrected and the fault is reset when an OFF (0) to ON (1) transition is detected on the Reset input. At (D), the Safety Mat instruction completes the circuit verification test (CVT), and an OFF (0) to ON (1) transition is detected on the Reset input, energizing Output 1.
Figure 80 - Fault Detection Timing Diagram
1 0
Channel A
Channel B
1 0 1
Reset
0 1
Source A
0 1 0 1
Source B
Output 1
0 >t 1 0 A B C D
Fault Present
t = Short Circuit Detect Delay Time The shaded area is the CVT.
SMAT False Rung State Behavior

113
Chapter 1
SMAT Fault and Diagnostic Codes

Table 39 - SMAT Fault Codes and Corrective Actions
Fault Code 00H 20H 8000H 8001H 8002H 8003H 8004H 8005H 8006H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Channel A is shorted to power. Channel B is shorted to power. Channels A and B are shorted to power. Channel A is shorted to power and Channel B is either shorted to ground or open. Channel A is either shorted to ground or is open. Channel A is either shorted to ground or is open and Channel B is shorted to power. Channel B is either shorted to ground or open. Corrective Action None. Check the I/O module connection. Reset the fault. Correct the short or open circuit. Reset the fault.
Table 40 - SMAT Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 05H 20H Description No fault. The Reset input is held ON (1). The Input Status input was OFF (0) when the instruction started. Corrective Action None. Set the Reset input to OFF (0). Check the I/O module connection.
114
Chapter 1
SMAT Wiring and Programming Example

The standard control portion of the application is not shown.
24V DC Safety Mat Momentary Push Button (reset)
1 V0
3 I0
4 I1
28 T3
25 T2
24 I11
DeviceNet
1791-DS-IB12
Module 1
G0 11
24V Ground
Manual TBD ms Module 1:I.Pt00Data Module 1:I.Pt01Data Module 1:I.CombinedStatus Module 1:I.Pt11Data SMAT Restart Type Short Circuit Time Delay Channel A Channel B Input Status Reset Fault Present OperatorSafetyMat Output 1 Source A Source B See Note 1 Module 1:O.Test02Data Module 1:O.Test03Data
Note 1: This is an internal Boolean tag used by other parts of the user application not shown in this example. Key: Color code represents data or value typically used.
115
Chapter 1

SMAT Safety Mat OperatorSafetyMat SMAT MANUAL Restart Type 500 Short Circuit Detect Delay Time (Msec) Channel A Channel B Input Status Reset Module1:I.Pt00Data 1 Module1:I.Pt01Data 1 Module1:I.CombinedStatus 1 Module1:I.Pt11Data 0
O1 SRCA SRCB FP
OperatorSafetyMat.SRCA OperatorSafetyMat.SRCB
116
Chapter 1
117
Chapter 1
Two-hand Run Station Enhanced (THRSe)
This instruction monitors the inputs of a Two-hand Run Station. Each run station button has two inputs; one normally-closed (N.C.) contact and one normally-open (N.O.) contact. To energize Output 1, the instruction must be enabled and connected with no faults present. Then, both buttons must be pressed within 500 ms of one another. IMPORTANT The right and left buttons of the Two-hand Run Station must be pressed within 500 ms of one another to energize Output 1. To make sure this situation can be properly detected, the safety task period cannot exceed 40 ms and the input devices requested packet interval (RPI) cannot exceed 20 ms. Refer to the GuardLogix Controllers User Manual, publication 1756-UM020, and the GuardLogix Controller Systems Safety Reference Manual, publication 1756-RM093, for more information on the safety task period and the RPI.
The Buttons Released output turns ON (1) whenever the Two-hand Run Station is connected and enabled, no faults are present, and both the right and left buttons are in the released (safe) state. In this case, all four contacts are in the safe state. The Two-hand Run Station may be disconnected when not in use. To properly disconnect the Two-hand Run Station, the Disconnected input must be ON (1) and all button inputs must be OFF (0). When the Two-hand Run Station is disconnected, the Station Bypassed output turns ON (1).
118
Chapter 1
THRSe Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. Make sure your safety input points are configured as Single, not Equivalent or Complementary. These instructions provide all dual-channel functionality necessary for PLd (Cat. 3) or PLe (Cat. 4) safety functions.
IMPORTANT
ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect. The following table provides the parameter used to configure the instruction. This parameter cannot be changed at runtime.
Table 41 - THRSe Configuration Parameter
Parameter Discrepancy Time Data Type Integer Description The amount of time that the instruction lets the normally-open and normally-closed button contacts be inconsistent before generating a fault. The inconsistent state occurs when the normally-open contact and the normally-closed contact have the same logical value; that is, both are ON (1) or both are OFF (0). The valid range is 1003000 ms.
The following table explains the instruction inputs.

Table 42 - THRSe Inputs
Parameter Enable Disconnected Data Type Boolean Boolean Description ON (1): The device is enabled. Output 1 is energized when both buttons are pressed within 500 ms of one another. OFF (0): The device is disabled. Output 1 stays de-energized. This input indicates whether the run station is disconnected. When this input is ON (1) and all of the button inputs (Right Button Normally Open, Right Button Normally Closed, Left Button Normally Open, Left Button Normally Closed) are OFF (0), the Station Bypassed output turns ON (1). ON (1): The run station is disconnected. Output 1 cannot be energized. OFF (0): The run station is not disconnected. Output 1 may be energized. This is the normally-open contact for the right button. This is the normally-closed contact for the right button. This is the normally-open contact for the left button. This is the normally-closed contact for the left button. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Right Button Normally Open(1) Right Button Normally Closed Left Button Normally Open Input Status
(1) (1) (1)
Boolean Boolean Boolean Boolean Boolean
Left Button Normally Closed
Reset(2)
Boolean
119
Chapter 1
The following table explains the instruction outputs.

Table 43 - THRSe Outputs
Parameter Output 1 (O1) Data Type Boolean Description This output is energized when the run station is enabled and connected, and both buttons are pressed within 500 ms of one another. Output 1 is de-energized when one or more of the following occurs: The right or the left button is released, or any one of the four contacts transitions to the safe state. The Input Status input turns OFF (0), which indicates the inputs have become invalid. The Enable input turns OFF (0). The Disconnected input turns ON (1). This output is ON (1) when both buttons are released, the run station is connected and enabled, and no faults are present. This output is ON (1) when the run station has been properly disconnected and no faults are present. See Disconnecting the Two-hand Run Station on page 120. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 44 on page 126 for the list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 45 on page 127 for a list of diagnostic codes. This parameter is not safety-related.
Buttons Released (BR) Station Bypassed (SB) Fault Present (FP) Fault Code Diagnostic Code
Boolean Boolean Boolean Integer Integer
IMPORTANT
Disconnecting the Two-hand Run Station

To energize the Station Bypassed Output (disconnect the Two-hand Run Station), the Disconnected input must be ON (1), and all the button inputs must be OFF (0). If a fault occurs while disconnecting the Two-hand Run Station, trigger a reset after the inputs are in the correct state.
Connecting the Two-hand Run Station

To de-energize the Station Bypassed Output (connect the Two-hand Run Station), the Disconnected input must be OFF (0), and the button inputs must be in the released safe state. If a fault occurs while connecting the Two-hand Run Station, trigger a reset after the inputs are in the correct state.
120
Chapter 1
THRSe Normal Operation

As shown in Figure 87, the Buttons Released output turns ON (1) whenever both buttons are released, the run station is connected and enabled, and no faults are present. Before (A), the left and right buttons are both pressed, but Output 1 has not yet been energized because the Enable input is OFF (0). When the Enable input transitions from OFF (0) to ON (1) at (A), Output 1 is not energized because the buttons must be pressed while the Enable input is ON (1). At (B), the right button is pressed but the left button is still released, which turns OFF (0) the Buttons Released output. At (C), both buttons have been pressed within 500 ms of one another, which energizes Output 1 after a 50 ms delay. Output 1 is deenergized when the left button is released at (D). Output 1 is energized 50 ms after both buttons are pressed at (E). Lastly, at (F), Output 1 is de-energized because the Enable input turns OFF (0).
Enable
1 0 1
Disconnected
0 1
Right Button Normally Open

0 1
Right Button Normally Closed

0 1
Left Button Normally Open
0 1

0 1
Input Status
0 1
Fault Present
0 1 0 1
Buttons Released
Station Bypassed
0 1
Output 1
0
50 ms
50 ms
121
Chapter 1
THRSe Button Held Down Diagnostic Operation

Output 1 cannot be energized when the right and left buttons are not pressed within 500 ms of one another. At (A), the right button is pressed while the left button remains released. At (B), the buttons have been in an inconsistent state for 500 ms, which generates a diagnostic signal that requires both buttons be released before Output 1 can be energized again. At (C), the left button is pressed, but Output 1 is not energized because both buttons have not been released after the right button was held down longer than 500 ms. Both buttons are released, which clears the diagnostic signal at (D). Output 1 is energized after a 50 ms delay when both buttons are pressed within 500 ms of one another at (E).
Figure 88 - Button Held Down Timing Diagram
1

0
500 ms

0 1

0 1

0 1 0 1
Fault Present
Buttons Released
0 1 0
Station Bypassed
Output 1
1 0
50 ms
50 ms
A B C D E Discrepancy Time = 250 ms For simplicity, the Enable and Input Status inputs are not shown and are assumed to be ON (1). Similarly, the Disconnected input is assumed to be OFF (0).
122
Chapter 1
THRSe Button Glitch Diagnostic Operation

When one button is released while the other button remains pressed, both buttons must be released to the safe state before Output 1 can be energized again. At (A), Output 1 is de-energized because the right button is released. At (B), the right button is pressed, but the left button remained released since (A). This generates a diagnostic signal that requires both buttons to be released before Output 1 can be energized again. Both buttons are released at (C), which clears the diagnostic signal. At (D), Output 1 is energized after a 50 ms delay when both buttons are pressed within 500 ms of one another.
Figure 89 - Button Glitch Timing Diagram
1 0 1

0 1

0 1

0 1 0 1
Fault Present
Buttons Released
0 1 0 1
Station Bypassed
Output 1
0
50 ms 50 ms
For simplicity, the Enable and Input Status inputs are not shown and are assumed to be ON (1). Similarly, the Disconnected input is assumed to be OFF (0).
123
Chapter 1
THRSe Button Discrepancy Fault (Channel-to-Channel) Operation

A discrepancy fault occurs when the two channels of one button are in an inconsistent state for more than the configured Discrepancy Time (250 ms in this example). At (A), the right button is pressed, but only the normally-open contact of the left button turns ON (1) while the normally-closed contact remains OFF (0). After the Left Button Normally Open and the Left Button Normally Closed inputs have been inconsistent for 250 ms, the fault occurs at (B). At (C), the fault is cleared by a Reset. Lastly, at (D), Output 1 is energized 50 ms after both buttons are pressed.
Figure 90 - Button Discrepancy Fault Timing Diagram
1 0 1

0 1

0 1 0 1
250ms
Reset
0 1 0 1
Fault Present
Buttons Released
0 1
Station Bypassed
0 1
50ms
Output 1
0
50ms
For simplicity, the Enable and Input Status inputs are not shown and are assumed to be ON (1). Similarly, the Disconnected input is assumed to be OFF (0).
124
Chapter 1
THRSe Run Station Disconnected (Station Bypassed) Operation

When the run station is properly disconnected, Output 1 cannot be energized. The Station Bypassed output is energized whenever the run station is properly disconnected. At (A), Output 1 is energized 50 ms after both buttons are pressed. At (B), Output 1 is de-energized and a fault occurs when the Disconnected input turns ON (1). To clear the fault, both buttons must be released and a reset triggered at (C). The Station Bypassed output turns ON (1). At (D), the Station Bypassed output turns OFF (0) and a fault occurs when the Right Button Normally Open input turns ON (1) while the Disconnected input is ON (1). At (E), the fault is cleared and the Station Bypassed output is turned ON (1) when a reset is triggered with the Disconnected input ON (1) and all button inputs OFF (0). Lastly, at (F), the Enable input transitions from ON (1) to OFF (0) to ON (1), but has no effect on the Station Bypassed output, which remains ON (1).
Figure 91 - Run Station Disconnected Timing Diagram
Enable
1 0 1
Disconnected
0 1

0 1 0
1 0
1 0
Reset
1 0
Fault Present
1 0 1
Buttons Released
0 1 0 1
Station Bypassed
Output 1
0
50 ms
Discrepancy Time = 250 ms A B C D E F For simplicity, the Input Status input is not shown and is assumed to be ON (1), which indicates the inputs are valid.
125
Chapter 1
THRSe False Rung State Behavior

THRSe Fault and Diagnostic Codes

Table 44 - THRSe Fault Codes and Corrective Actions
Fault Code 00H 20H 7001H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The right button contacts were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, the Right Button Normally Open was ON (1) and the Right Button Normally Closed was OFF (0). The right button contacts were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, the Right Button Normally Closed was ON (1) and the Right Button Normally Open was OFF (0). The left button contacts were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, the Left Button Normally Open was ON (1) and the Left Button Normally Closed was OFF (0). The left button contacts were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, the Left Button Normally Closed was ON (1) and the Left Button Normally Open was OFF (0). The Right Button Normally Open input transitioned from ON (1) to OFF (0) to ON (1) while the Right Button Normally Closed input remained ON (1). The Right Button Normally Closed input transitioned from ON (1) to OFF (0) to ON (1) while the Right Button Normally Open input remained ON (1). The Left Button Normally Open input transitioned from ON (1) to OFF (0) to ON (1) while the Left Button Normally Closed input remained ON (1). The Left Button Normally Closed input transitioned from ON (1) to OFF (0) to ON (1) while the Left Button Normally Open input remained ON (1). The Disconnected input was ON (1), but all of the button inputs were not OFF (0). Check the wiring. Release the right button, bringing both contacts to the OFF (0) state. Reset the fault. Check the wiring. Release the left button, bringing both contacts to the OFF (0) state. Reset the fault. To disconnect the Two-hand Run Station, set all button inputs to OFF (0) and reset the fault. To connect the run station, set the Disconnected input to OFF (0) and reset the fault. To disconnect the Two-hand Run Station, set the Disconnected input to ON (1) and reset the fault. To connect the Two-hand Run Station, set all button inputs to their normal state and reset the fault. Check the wiring. Bring the left button contacts to a consistent state. Reset the fault. Corrective Action None. Check the I/O module connection. Reset the fault. Check the wiring. Bring the right button contacts to a consistent state. Reset the fault.
7002H
7003H
7004H
7005H 7006H 7007H 7008H 7030H
7031H
The button inputs were disconnected for longer than the Discrepancy Time, but the Disconnected input was OFF (0).
126
Chapter 1
Table 45 - THRSe Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 20H 7001H 7002H 7003H 7004H 7005H 7060H 7061H Description No fault. The Input Status was OFF (0) when the instruction started. The device is not in the safe state for startup. Corrective Action None. Check the I/O module connection. Release both buttons to OFF (0).
The right button is held down. The left and right buttons have been in an inconsistent state for longer than 500 ms. Release both buttons to OFF (0). The left button is held down. The left and right buttons have been in an inconsistent state for longer than 500 ms. The right button was released and then pressed while the left button remained pressed. The left button was released and then pressed while the right button remained pressed. The run station is not enabled. The run station is bypassed. Release both buttons to OFF (0). Release both buttons to OFF (0). Release both buttons to OFF (0). Enable or disconnect the run station. No action required.
THRSe Wiring and Programming Example

This example complies with ISO 13849-1 Category 4 operation. The standard control portion of the application is not shown. Two two-hand run stations are shown connected to a 1791DS-IB12 module.
24V DC RunStand1 Momentary Push Button (reset)
Dummy Plug
1 V
3 I0
4 I1
15 T0
13 T0
5 I2
6 I3
16 T1
14 T1
7 I4
17 T0
24 I11
DeviceNet
1791DS-IB12
Module 1
G 11
I7 8
I6 7
T0 19
T0 31
I9 22
I8 21
T1 18
T1 20
I10 23
T0 33
Dummy Plug
RunStand2 24V Ground
127
Chapter 1
This programming diagram logically illustrates the use of two THRSe instructions. If one of the Two-hand Run Stations buttons is released, the output is de-energized and the other Two-hand Run Stations buttons must also be released before the output can be energized again.
500 ms 1 Module1:I.Pt04Data Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.Pt02Data Module1:I.Pt03Data Module1:I.CombinedStatus THRSe Discrepancy Time RunStand1 Output 1 Station Bypassed Enable Buttons Released Disconnected Right Button Normally Open Right Button Normally Closed Left Button Normally Open Left Button Normally Closed Input Status Reset Fault Present RunStand2 Output 1 Station Bypassed
>=1 &
S R Q Q
& &
RunStationStart
Module1:I.Pt11Data
500 ms 1 Module1:I.Pt10Data Module1:I.Pt06Data Module1:I.Pt07Data Module1:I.Pt08Data Module1:I.Pt09Data
THRSe Discrepancy Time Enable
>=1
ButtonsReleased Disconnected Buttons Released Right Button Normally Open Right Button Normally Closed Left Button Normally Open Left Button Normally Closed Input Status Reset Fault Present
>=1
NOTE 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example.

128
Chapter 1

THRSe Two Hand Run Station Enhanced RunStand1 THRSe 500 Discrepancy Time (Msec) ALWAYS_ENABLED Enable 1 Module1:I.Pt04Data Disconnected 0 Module1:I.Pt00Data Right Button Normally Open 1 Right Button Normally Closed Module1:I.Pt01Data 1 Module1:I.Pt02Data Left Button Normally Open 0 Module1:I.Pt03Data Left Button Normally Closed 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 THRSe Two Hand Run Station Enhanced RunStand2 THRSe 500 Discrepancy Time (Msec) ALWAYS_ENABLED Enable 1 Module1:I.Pt10Data Disconnected 0 Module1:I.Pt06Data Right Button Normally Open 0 Right Button Normally Closed Module1:I.Pt07Data 1 Module1:I.Pt08Data Left Button Normally Open 0 Module1:I.Pt09Data Left Button Normally Closed 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 RunStand1.BR RunStand2.BR RunStand2.SB O1 BR SB FP
O1 BR SB FP
ButtonsReleased L
ButtonsReleased RunStationStart
RunStand1.O1
RunStand2.O1 RunStand2.SB
RunStationStart ButtonsReleased U
RSLogix 5000 software is used to configure the input and test output parameters of the Guard I/O module, as illustrated.
129
Chapter 1
130
Chapter 1
Configurable Redundant Output (CROUT)
The Configurable Redundant Output instruction controls and monitors redundant outputs. The reaction time for output feedback is configurable. The instruction supports positive and negative feedback signals.
CROUT Instruction Parameters

131
Chapter 1
Table 46 - CROUT Configuration Parameters
Parameter Feedback Type Data Type List Description This parameter defines the feedback ON and OFF states. Positive Negative Feedback Reaction Time Integer ON (1): Feedbacks ON / Outputs ON OFF (0): Feedbacks OFF / Outputs OFF ON (1): Feedbacks OFF / Outputs ON OFF (0): Feedbacks ON / Outputs OFF
This parameter specifies the amount of time that the instruction waits for Feedback 1 and Feedback 2 to reflect the state of Output 1 and Output 2 as specified by the configured Feedback Type. The valid range is 51000 ms.

Table 47 - CROUT Inputs
Parameter Actuate Data Type Boolean Description This input controls the energizing and de-energizing of Output 1 and Output 2. ON (1): Output 1 and Output 2 are energized if no faults exist. OFF (0): Output 1 and Output 2 are de-energized. This input is constantly monitored to make sure that it reflects the state of Output 1. When Output 1 transitions, this input must detect the transition within the Feedback Reaction Time. This input is constantly monitored to make sure that it reflects the state of Output 2. When Output 2 transitions, this input must detect the transition within the Feedback Reaction Time. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. The output status of the I/O module or modules used for Output 1 and Output 2 signals. ON (1): The I/O connection and the I/O module are operational. OFF (0): The module is faulted or the connection to the module has been lost. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Feedback 1 Feedback 2 Input Status
Output Status
Boolean
Reset(1)
Boolean
132
Chapter 1

Table 48 - CROUT Outputs
Parameter Output 1 (O1) Data Type Boolean Description This output is typically used to control channel A of the output device. Output 1 is de-energized when one or more of the following occurs: A feedback fault occurs. Input Status or Output Status inputs become invalid (OFF = 0). The Actuate input turns OFF (0). This output is typically used to control channel B of the output device. Output 2 is de-energized when one or more of the following occurs: A feedback fault occurs. Input Status or Output Status inputs become invalid (OFF = 0). The Actuate input turns OFF (0). ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 49 on page 136 for the list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 50 on page 136 for a list of diagnostic codes. This parameter is not safety-related.
Output 2 (O2)
Boolean
IMPORTANT
133
Chapter 1
CROUT Normal Operation

This timing diagram in Figure 98 shows normal operation of this instruction to control dual channel outputs when the Feedback Type is Positive. Outputs 1 and 2 are energized at (A) when the Actuate input turns ON (1). Both feedback inputs react before the Feedback Reaction timer has expired, so Output 1 and Output 2 remain energized in steady state at (B). Outputs 1 and 2 are deenergized at (C) when the Actuate input turns OFF (0). At (D), both feedback inputs react before the Feedback Reaction timer has expired, so Output 1 and Output 2 remain de-energized in steady state.
Actuate
1 0
Feedback 1
1 0 1
Feedback 2
0 1 0
Feedback Reaction Time
Output 1
Output 2
1 0
A B
C D
Input Status and Output Status inputs (not shown) are assumed to be valid (ON = 1).
134
Chapter 1
CROUT Feedback Fault

A feedback fault can occur when either Feedback 1 or Feedback 2 fails to correctly reflect the state of Output 1 and Output 2. The Feedback Type is configured as Positive in this diagram example. Output 1 and Output 2 are energized at (A), but at (B), Feedback 2 has not turned ON (1) before the Feedback Reaction timer expires, generating a feedback fault. The fault cannot be cleared at (C), because Feedback 1 and Feedback 2 do not yet reflect the state of Output 1 and Output 2. The fault is cleared at (D) when the Reset input turns ON (1) and both Feedback 1 and Feedback 2 are OFF (0), correctly reflecting the state of Output 1 and Output 2.
Figure 99 - Feedback Fault Timing Diagram
1 0 1
Actuate
Feedback 1
0 1
Feedback 2
0 1
Reset
0 1 0 1
Fault Present
Output 1
0 1
Output 2
0 A B C D
Input Status and Output Status inputs (not shown) are assumed to be valid (ON = 1).
CROUT False Rung State Behavior

135
Chapter 1
CROUT Fault and Diagnostic Codes

Table 49 - CROUT Fault Codes and Corrective Actions
Fault Code 00H 20H 21H 5000H 5001H 5002H 5003H 5004H 5005H 5006H 5007H 5008H 5009H 500AH 500BH Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The Output Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Feedback 1 and Feedback 2 turned OFF (0) unexpectedly. Feedback 1 turned OFF (0) unexpectedly. Feedback 2 turned OFF (0) unexpectedly. Feedback 1 and Feedback 2 turned ON (1) unexpectedly. Feedback 1 turned ON (1) unexpectedly. Feedback 2 turned ON (1) unexpectedly. Feedback 1 and Feedback 2 did not turn ON (1) within the Feedback Reaction Time. Feedback 1 did not turn ON (1) within the Feedback Reaction Time. Feedback 2 did not turn ON (1) within the Feedback Reaction Time. Feedback 1 and Feedback 2 did not turn OFF (0) within the Feedback Reaction Time. Feedback 1 did not turn OFF (0) within the Feedback Reaction Time. Feedback 2 did not turn OFF (0) within the Feedback Reaction Time. Corrective Action None. Check the I/O module connection. Reset the fault. Check the I/O module connection. Reset the fault. Check the feedback signals. Reset the fault. Check the Feedback 1 signal. Reset the fault. Check the Feedback 2 signal. Reset the fault. Check the feedback signals. Reset the fault. Check the Feedback 1 signal. Reset the fault. Check the Feedback 2 signal. Reset the fault. Check the feedback signals or adjust the Feedback Reaction Time. Reset the fault. Check the Feedback 1 signal or adjust the Feedback Reaction Time. Reset the fault. Check the Feedback 2 signal or adjust the Feedback Reaction Time. Reset the fault. Check the feedback signals or adjust the Feedback Reaction Time. Reset the fault. Check the Feedback 1 signal or adjust the Feedback Reaction Time. Reset the fault. Check the Feedback 2 signal or adjust the Feedback Reaction Time. Reset the fault.
Table 50 - CROUT Diagnostic Codes and Corrective Actions

Diagnostic Code 00H 20H 21H 5000H Description No fault. The Input Status was OFF (0) when the instruction started. The Output Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The Actuate input is held ON (1). Corrective Action None. Check the I/O module connection. Check the I/O module connection. Set the Actuate input to OFF (0).
136
Chapter 1
CROUT Wiring and Programming Example

This example complies with ISO 13849-1 Category 4 operation. The standard control portion of the application is not shown. This wiring diagram shows how to use the Configurable Redundant Output instruction with a 1791DS-IB8XOB8 module for motor control. The application includes a momentary push button for reset.
24V DC
L1 L2 L3
Fuses
K1
K2
Contact Protection (for example, thermal cut-out or suppression)
1 V0
21 V1
13 T0
3 I0
14 T1
4 I1
10 I07
DeviceNet
1791DS-IB8XOB8
Module 1
G0 11
G1 31
O0 23
O1 24
Fuses
K1 K2
24V Ground
137
Chapter 1
This programming diagram logically illustrates the instruction with inputs and outputs.
CROUT Feedback Type Feedback Reaction Time Actuate Feedback 1 Feedback 2 Input Status Output Status Reset Fault Present MotorControl Output 1 Output 2 Module1:O.Pt00Data Module1:O.Pt01Data
Negative TBD ms See Note 1 Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.InputStatus Module1:I.OutputStatus Module1:I.Pt07Data
NOTE 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. Key: Color code represents data or value typically used.

CROUT Configurable Redundant Output MotorControl CROUT NEGATIVE Feedback Type 250 Feedback Reaction Time (Msec) Actuate SeeNote1 0 Module3:I.Pt00Data Feedback 1 0 Module3:I.Pt01Data Feedback 2 0 Module3:I.InputStatus Input Status 0 Module3:I.OutputStatus Output Status 0 Module3:I.Pt07Data Reset 0 MotorControl.O1 MotorControl.O2
O1 O2 FP
Module3:O.Pt00Data Module3:O.Pt01Data
NOTE 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example.
138
Chapter 1
139
Chapter 1
140
Chapter 1
Two-sensor Asymmetrical Muting (TSAM)
This instruction provides a temporary, automatic disabling of the protective function of a light curtain, allowing material to be transported though the light curtain sensing field without stopping the machine. Muting sensors differentiate between materials and personnel, and must act together along with the light curtain, in a specific switching sequence when the appropriate material passes the sensing field.
141
Chapter 1
Two-sensor Asymmetrical Muting uses two muting sensors arranged asymmetrically on either side of the light curtain. Their sensors intersect just behind the light curtain in the center of the protected opening.
Figure 107 - Two-sensor Asymmetrical Muting Application
Sensor 1 Muting Lamp
Material
Sensor 2
ATTENTION: The muting sensors must be arranged so a person cannot activate the muting sensors in the same switching sequence as the material and enter the area when a hazardous condition exists. Sensor setup must take into account material size, shape, and speed. Additional guarding may also be necessary. Specific guarding requirements should be identified through a hazard or risk assessment of your application.
TSAM Instruction Parameters

142
Chapter 1
The following table provides the parameters that are used to configure the instruction. The parameters cannot be changed at runtime.
Table 51 - TSAM Configuration Parameters
Parameter Restart Type Data Type List Description Configures Output 1 for either Manual or Automatic Restart. Manual Automatic A transition of the Reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1. Output 1 is energized 50 ms after all of the enabling conditions are met. ATTENTION: Automatic Restart may be used only in application situations where you can prove that no unsafe conditions can occur as a result of its use.
!
S1-S2 Time Integer S2-LC Time Integer
The maximum amount of time allowed between clearing or blocking of the muting sensor inputs (Sensor 1 and Sensor 2) before generating a fault. The valid range is 5180,000 ms. Setting this input to 0 disables the S1-S2 timer. The maximum amount of time allowed between clearing or blocking of the Sensor 2 muting sensor and the Light Curtain before generating a fault. The valid range is 5180,000 ms. Setting this input to 0 disables the S2-LC timer. The maximum amount of time during which the instruction lets the protective function of the light curtain be disabled before generating a fault. The valid range is 03600 s. Setting this input to 0 disables the Maximum Mute timer. The maximum amount of time that the instruction lets the override feature energize the Output 1 output. The valid range is 030 s. Setting this input to 0 disables the Maximum Override timer.
Maximum Mute Time
Integer
Maximum Override Time
Integer

Table 52 - TSAM Inputs
Parameters Light Curtain Data Type Boolean Description An input channel with OFF (0) as its safe state, this input represents the current state of the physical light curtain. You are responsible for properly conditioning this input. Typically this is accomplished by using Dual-channel Input Stop instruction controlling a light curtain. ON (1): The light curtain is clear. OFF (0): The light curtain is blocked. One of two muting sensors, Sensor 1 must be the first sensor to be blocked and the last to be cleared in the muting sequence. ON (1): Sensor 1 is clear. OFF (0): Sensor 1 is blocked. One of two muting sensors, Sensor 2 must be the second sensor to be blocked and the first to be cleared in the muting sequence. ON (1): Sensor 2 is clear. OFF (0): Sensor 2 is blocked. This input allows the protective function of the light curtain to be disabled (muted) when the correct muting sequence occurs. ON (1): The protective function of the light curtain is disabled when the correct muting sequence occurs. OFF (0): The protective function of the light curtain is always enabled. This input allows a temporary bypass of the muting instructions function. Output 1 is energized regardless of the status of the Input Status input or the existence of faults. OFF (0): Override function is disabled. OFF (0) -> ON (1): Output 1 is energized regardless of the status of the Input Status input or the existence of faults. Output 1 remains energized while the Override input remains ON (1) or until the Maximum Override timer expires.
Sensor 1
Boolean
Sensor 2
Boolean
Enable Mute
Boolean
Override
Boolean
!
Input Status Boolean
ATTENTION: Activation of the override function requires the use of a hold-to-run device where the
operator can see the point of hazard, that is, the light curtain sensing field.
If the instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If the instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid.
143
Chapter 1
Table 52 - TSAM Inputs

Parameters Muting Lamp Status Data Type Boolean Description This input represents the status of the muting lamp. ON (1): The muting lamp is operating properly. The light curtains protective function is disabled (muted) after the correct muting sequence is followed. OFF (0): The muting lamp is defective or missing. The light curtains protective function is always enabled. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset. Output 1 is energized when the Restart Type is Manual. Output 1 is not energized at the same time faults are cleared.
Reset(1)
Boolean

Table 53 - TSAM Outputs
Parameter Output 1 (O1) Muting Lamp (ML) Data Type Boolean Boolean Description ON (1): The light curtain sensing field is not obstructed, the light curtain is being muted, or the light curtain is being overridden. This output indicates the status of the light curtains protective function. ON (1): The light curtains protective function is disabled. OFF (0): The light curtains protective function is enabled. This output indicates when the light curtain sensing field must be cleared (all muting sensors and the light curtain are ON) before processing can continue. ON (1): The light curtain sensing field must be cleared. This output indicates the type of fault that occurred. See TSAM Fault Codes on page 150 for the list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 58 on page 153 for a list of diagnostic codes. This parameter is not safety-related. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally.
Clear Area (CA)
Boolean
Fault Code Diagnostic Code Fault Present (FP)
Integer Integer Boolean
IMPORTANT
TSAM Normal Operation

One sequence of muting sensor and light-curtain input transitions lets the protective function of the light curtain be disabled (muted). That sequence must start with both of the muting sensors and the light curtain in their ON (1) state. This indicates that the light-curtain sensing field is clear of all personnel and material. At (A), the Sensors and the Light Curtain are cleared and the Output 1 output is energized when the Reset input turns ON (1). At (B), the material blocks Sensor 1, starting the S1-S2 timer. At (C), the material blocks Sensor 2 within the S1-S2 Time period, so the S1-S2 timer stops. The S2-LC and Maximum Mute timers start. The Muting Lamp output turns ON (1), indicating that muting is enabled. At (D), the material blocks the Light Curtain within the S2-LC Time period, so the S2-LC timer stops. From (D) to (E), Output 1 remains energized while the material passes through the Light Curtain. At (E), the material clears the Light
Chapter 1
Curtain, starting the LC-S2 timer. At (F), the material clears Sensor 2 within the S2-LC and Maximum Mute time periods, so both timers stop. The S2-S1 timer starts and the Muting Lamp output turns OFF (0), indicating that muting is disabled. At (G), the material clears Sensor 1, stopping the S2-S1 timer.
1 0 1
Enable Mute
Sensor 1
0 t1 1 t1
Sensor 2
0 t2 t2 1 0 t3
Light Curtain
Reset
1 0
Muting Lamp Status 1

0
Output 1
1 0
Muting Lamp
1 0
t1: S1-S2 Time t3: Maximum Mute Time
t2: S2-LC Time Restart Type = Manual
145
Chapter 1
TSAM Invalid Sequence

Any input sequence other than the normal operation sequence results in Output 1 being de-energized. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), Sensor 1 and Sensor 2 are simultaneously blocked, causing Output 1 to be deenergized and the Fault Present and Clear Area outputs to turn ON (1). The override feature can be used to clear the material from the light curtain sensing field and de-energize the Clear Area output.
Figure 109 - Invalid Sequence Timing Diagram
Enable Mute
1 0
Sensor 1
1 0 1
Sensor 2
0 1 0 1
Light Curtain
Reset
0

0
Clear Area
1 0
Output 1
1 0 1
Fault Present
0 A B
Restart Type = Manual
146
Chapter 1
TSAM Tolerated Sequence

The Two-sensor Asymmetrical Muting (TSAM) instruction tolerates application dynamics that might cause an input to oscillate due to over-travel or load vibration. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), Sensor 1 turns OFF (0), starting the S1-S2 timer. Sensor 1 turns ON (1) at (C), stopping the S1-S2 timer. At (D), the material completely blocks Sensor 1, turning it OFF (0), and the normal muting sequence continues. A sensor may glitch, as illustrated from (B) to (C), as a result of over-travel or load vibration. As long as the final input sequence is valid, the instruction lets the muting function occur.
Figure 110 - Tolerated Sequence Timing Diagram
Enable Mute
1 0
Sensor 1
1 0 t1 1 t1
Sensor 2
0 t2 t2 1 0 t3
Light Curtain
Reset
1 0

0 1
Output 1
0 1 0
Muting Lamp
B C
t1: S1-S2 Time t3: Maximum Mute Time
147
Chapter 1
TSAM Dangerous Portion of Cycle

The Enable Mute input enables or disables the protective function of the light curtain. When the Enable Mute input is OFF (0), the protective function of the light curtain is enabled and material may not pass through the light curtain sensing field. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), the material blocks Sensor 1, turning it OFF (0) and starting the S1-S2 timer. At (C), the material blocks Sensor 2 within the S1-S2 time period so the S1-S2 timer stops and the S2-LC timer starts. Because the Enable Mute input is OFF (0), muting is disabled and the Muting Lamp output remains OFF (0). The material blocks the Light Curtain at (D), and Output 1 is de-energized.
Figure 111 - Dangerous Portion of Cycle Timing Diagram
Enable Mute
1 0 1
Sensor 1
0 t1 1
Sensor 2
0 t2 1
Light Curtain
0 1
Reset
0 1 0 1
Muting Lamp Status
Output 1
0 1 0
Muting Lamp
t1: S1-S2 Time Restart Type = Manual
t2: S2-LC Time
148
Chapter 1
TSAM Override Operation

The override feature lets an operator manually energize Output 1 so that material can be cleared from the sensing field. ATTENTION: The Override function may be used only with a hold-torun device where the operator can see the point of hazard, that is, the light curtain sensing field. At (A), the Override input turns ON (1). Output 1 is energized and the Maximum Override timer starts. At (B), the material clears Sensor 1 and the Clear Area output is turned OFF (0). At (C), the Override input turns OFF (0) within the Maximum Override time period. Output 1 is de-energized and the Maximum Override timer stops.
Figure 112 - Override Timing Diagram
Override
1 0 t1 1
Enable Mute
0 1
Sensor 1
0 1 0
Sensor 2
Light Curtain
1 0
Reset
1 0

0 1
Clear Area
0 1
Output 1
0
t1: Maximum Override Time
TSAM False Rung State Behavior

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012 149
Chapter 1
TSAM Fault Codes

Table 54 - TSAM General Fault Codes
Fault Code 00H 20H Description No fault. The Input Status input went from ON (1) to OFF (0) while the instruction was executing. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault.
Table 55 - TSAM Sensor Input Pattern Fault Codes

Fault Code 9600H Description An illegal input pattern was detected. Sensor 1 and the Light Curtain are blocked and Sensor 2 is cleared. Corrective Action Sensor 2 should also be blocked. Check the Sensor 2 circuit. Reset the fault.
S1 S2 LC 0 1 0
9601H An illegal input pattern was detected. Sensor 2 and the Light Curtain are blocked and Sensor 1 is cleared. Sensor 1 should also be blocked. Check the Sensor 1 circuit. Reset the fault.
S1 S2 LC 1 0 0
9602H An illegal input pattern was detected. Sensor 2 is blocked when Sensor 1 and the Light Curtain are cleared. Sensor 2 should also be clear. Sensor 1 should be the first to be blocked. Check the Sensor 2 circuit and the alignment of Sensors 1 and 2. Reset the fault.
S1 S2 LC 1 0 1
9603H An illegal input pattern was detected. Sensor 1 and Sensor 2 are cleared and the Light Curtain is blocked. The Light Curtain should not be blocked when Sensors 1 and 2 are clear. Check the Light Curtain circuit. Reset the fault.
S1 S2 LC 1 1 0
Figure 113 - Normal and Tolerated Muting Sequences
Normal Tolerated Illegal An illegal muting sequence is a legal input combination that deviates from the normal or tolerated sequences.
S1 S2 LC 1 1 1 0 0 0 0 0 1 1 1 0 1 0 0 0 1 1 1 1 1
Step
1 2 3 4 5 6 1
150
Chapter 1
Table 56 - TSAM Muting Sequence Fault Codes

Fault Code 9500H Description An illegal muting sequence was detected when Sensor 1 (S1) and Sensor 2 (S2) are simultaneously blocked in step 1. Fault Code 9501H Description An illegal muting sequence was detected when Sensor 1, Sensor 2, and the Light Curtain (LC) are simultaneously blocked in step 1.
S1 S2 LC 1 1 1 0
9502H
Step
S1 S2 LC 1 1 1 0
9503H
Step
An illegal muting sequence was detected when Sensor 2 and the Light Curtain are simultaneously blocked in step 2.
An illegal muting sequence was detected when Sensor 1 and Sensor 2 are simultaneously cleared in step 3.
S1 S2 LC 1 1 1 0 1 0 0 1 0
Step
1 2
S1 S2 LC 1 1 1 0 1 0 0 1 1
9505H
Step
1 2 3
1 1 1
9504H
An illegal muting sequence was detected when Sensor 1, Sensor 2, and the Light Curtain are simultaneously cleared in step 4.
An illegal muting sequence was detected when Sensor 2 and the Light Curtain are simultaneously cleared in step 4.
S1 S2 LC 1 1 1 0 0 0 1 1 0 0 1 1 1 0 1
Step
1 2 3 4
S1 S2 LC 1 1 1 0 0 0 0 1 0 0 1 1 1 0 1
Step
1 2 3 4
151
Chapter 1
Table 56 - TSAM Muting Sequence Fault Codes

Fault Code 9506H Description An illegal muting sequence was detected when Sensor 1 and Sensor 2 are simultaneously cleared in step 5. Fault Code 9507H Description An illegal muting sequence was detected when Sensor 2 and the Light Curtain are simultaneously blocked in step 6.
S1 S2 LC 1 1 1 0 0 0 0 1 1 0 0 0 1 1 1 0 1 1
Step
1 2 3 4 5
S1 S2 LC 1 1 1 0 0 0 0 0 0 1 0 0 0 1 0 1 1 0 1 1 0
Step
1 2 3 4 5 6
9508H
An illegal muting sequence was detected after the sequence transitions from step 5 to step 6 to step 5 (a tolerated sequence) when Sensor 1 and Sensor 2 are cleared.
9509H
An illegal muting sequence was detected after the sequence transitions from step 5 to step 6 to step 5 (a tolerated sequence) when the Light Curtain is blocked.
S1 S2 LC 1 1 1 0 0 0 0 0 0
1
Step
1 2 3 4 5 6 5
S1 S2 LC 1 1 1 0 0 0 0 0 0
0
Step
1 2 3 4 5 6 5
1 0 0 0 1 0 1
1 1 0 1 1 1 1
1 0 0 0 1 0 0
1 1 0 1 1 1 0
152
Chapter 1
To correct an invalid sequence fault, check the alignment of the sensors with regard to the material being moved and the system timing and then reset the fault.
Table 57 - Correcting Invalid Sequence Faults
Fault Code 9000H 9410H 9411H 9412H 9413H Description The Light Curtain was muted for longer than the configured Maximum Mute Time. Too much time elapsed between Sensor 1 and Sensor 2 being blocked. Too much time elapsed between Sensor 2 and the Light Curtain being blocked. Too much time elapsed between the Light Curtain and Sensor 2 being cleared. Too much time elapsed between Sensor 2 and Sensor 1 being cleared. Corrective Action The Maximum Mute Time parameter may be set too short or there may be an anomaly with the sensors. The S1-S2 Time parameter may be set too short or there may be an anomaly with Sensor 2. The S2-LC Time parameter may be set too short or there may be an anomaly with Sensor 2. The S2-LC Time parameter may be set too short or there may be an anomaly with Sensor 2. The S1-S2 Time parameter may be set too short or there may be an anomaly with Sensor 2.
TSAM Diagnostic Codes

Table 58 - TSAM Diagnostic Codes and Corrective Actions
Diagnostic Code 00H 01H Description No fault. The Muting Lamp Status input is OFF (0). Corrective Action None. Check the muting lamp and replace it, if necessary. If a muting lamp is not required, set the Muting Lamp Status input to ON (1). Set the Reset input to OFF (0). Check the I/O module connection or the internal logic used to source input status.
05H 20H
The Reset input is held ON (1). The Input Status input was OFF (0) when the instruction started.
153
Chapter 1
TSAM Wiring and Programming Example

This example complies with ISO 13849-1 Category 4 operation. The standard control portion of the application is not shown. This wiring diagram shows how to wire a light curtain and two muting sensors to a 1791DS-IB12 module to illustrate the use of the Two-sensor Asymmetrical Muting instruction. The application includes a hold-to-run switch and a momentary push button for reset.
24V DC Muting Sensors + 24V DC + 24V DC OSSD 1 OSSD 2 0V DC Light Curtain
1 V 3 I0 4 I1 5 I2 6 I3 20 T1 19 T0 9 I6 10 I7 24 I11
Hold-to-run Key Switch
0V DC
DeviceNet
1791DS-IB12
G T2 25
Module 1
T3 28
11
Clear Area Lamp 24V Ground
Muting Lamp
154
Chapter 1
The programming diagram logically illustrates how the Two-sensor Asymmetrical Muting instruction is typically used with a DCI Stop (light curtain) and DCI Start (hold-to-run switch) instruction.
Equivalent Active High TBD ms Automatic Automatic Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.CombinedStatus Module1:I.Pt11Data Light Curtain1 DCS Input Type Output 1 Discrepancy Time Restart Type Coldstart Type Channel A Channel B Input Status Reset Fault Present Manual TBD ms TBD ms TBD ms TBD ms TwoSensorAsymmetricalMutingFunction TSAM Output 1 Restart Type See Note 2 Muting Lamp S1-S2 Time Module1:O.Test03Data Clear Area S2-LC Time Module1:O.Test02Data Maximum Mute Time Maximum Override Time Light Curtain Sensor 1 Sensor 2 Enable Mute Override Input Status Muting Lamp Status Reset HoldToRunKeySwitch DCSRT Input Type Output 1 Discrepancy Time Fault Present
Module1:I.Pt02Data Module1:I.Pt03Data See Note 1
Module1:I.MutingStatus
Equivalent Active High TBD ms
1 Module1:I.Pt06Data Module1:I.Pt07Data
Enable Channel A Channel B Input Status Reset Fault Present
Note 1:This is an internal Boolean tag representing the non-hazardous portion of the machine cycle. Its value is determined by other parts of the user application not shown in this example. When the protected hazard is present, this tag value should be False (0). When the protected hazard is not present, this tag value should be True (1). When the value of this tag is True (1), the muting instruction allows the light curtain to become muted only if the proper input sequence is detected. When the value of this tag is False (0), the muting instruction does not allow the light curtain to become muted, even if the proper input sequence is detected. Note 2:This is an internal Boolean tag used by other parts of the user application not shown in this example.

155
Chapter 1

DCS Dual Channel Input Stop LightCurtain1 DCS LIGHT CURTAIN Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) AUTOMATIC Restart Type AUTOMATIC Cold Start Type Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 DCSRT Dual Channel Input Start HoldToRunKeySwitch DCSRT USER DEFINED Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) ALWAYS_ENABLED Enable 1 Module1:I.Pt06Data Channel A 0 Module1:I.Pt07Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 TSAM Two Sensor Asymmetrical Muting TSAM TwoSensorAsymmetricalMutingFunction MANUAL Restart Type 5000 S1-S2 Time (Msec) 5000 S2-LC Time (Msec) 20 Maximum Mute Time (Sec) 10 Maximum Override Time (Sec) LightCurtain1.O1 Light Curtain 0 Module1:I.Pt02Data Sensor 1 0 Module1:I.Pt03Data Sensor 2 1 SeeNote1 Enable Mute 0 HoldToRunKeySwitch.O1 Override 0 Module1:I.CombinedStatus Input Status 1 Module1:I.MutingStatus Muting Lamp Status 1 Module1:I.Pt11Data Reset 0 TwoSensorAsymmetricalMutingFunction.ML TwoSensorAsymmetricalMutingFunction.CA O1 FP
O1 FP
O1 ML CA FP
Note 1:This is an internal Boolean tag representing the non-hazardous portion of the machine cycle. Its value is determined by other part the user application not shown in this example. When the protected hazard is present, this tag value should be False (0). When protected hazard is not present, this tag value should be True (1). When the value of this tag is True (1), the muting instruction allows the light curtain to become muted only if the proper input sequence is detected. When the value of this tag is False (0), t muting instruction does not allow the light curtain to become muted, even if the proper input sequence is detected.
156
Chapter 1
RSLogix 5000 software is used to configure the input and output parameters of the Guard I/O module, as illustrated. When defining the module, selecting Combined Status-Muting lets the muting lamp be monitored. Choosing Test for Output Data lets safety logic control Test Output 3 to drive the Muting Lamp and Test Output 2 to drive the Clear Area lamp.
Rockwell Automation suggests using Exact Match, as shown. However, setting Electronic Keying to Compatible Match is allowed. The safety inputs that interface with the Light Curtain (Points 1 and 2) are not pulse-tested because the Light Curtain pulse-tests its own signals.
157
Chapter 1
Configuring Test Output 3 for Muting Lamp causes the I/O module to monitor the lamp connected to this output.
158
Chapter 1
Two-sensor Symmetrical Muting (TSSM)
This instruction provides a temporary, automatic disabling of the protective function of a light curtain, allowing material to be transported though the light curtain sensing field without stopping the machine. Muting sensors differentiate between materials and personnel, and must act together along with the light curtain, in a specific switching sequence when the appropriate material passes the sensing field.
159
Chapter 1
Two-sensor Symmetrical Muting uses two muting sensors arranged symmetrically on either side of the light curtain. Their sensors intersect at or just behind the light curtain in the center of the protected opening.
Figure 120 - Two-sensor Symmetrical Muting Application
Sensor 1 Muting Lamp
Material
Sensor 2
TSSM Instruction Parameters

160
Chapter 1
The following table provides the parameters used to configure the instruction. The parameters cannot be changed at runtime.
Table 59 - TSSM Configuration Parameters
!
S1S2 Discrepancy Time S1S2-LC Minimum Time Integer Integer
The maximum amount of time the muting sensors (Sensor 1 and Sensor 2) may be inconsistent before a fault occurs. The valid range is 5180,000 ms. When material is entering the light curtain sensing field, this time specifies how long to wait before the material is allowed to block the Light Curtain after Sensor 1 and Sensor 2 have been blocked. When material is exiting the light curtain sensing field, this time specifies how long to wait before the material is allowed to clear Sensor 1 and Sensor 2 after clearing the Light Curtain. If the S1S2-LC Minimum Time is exceeded, a fault occurs. The valid range is 5180,000 ms. When material is entering the light curtain sensing field, this time specifies the maximum time to wait for the material to block the Light Curtain after Sensor 1 and Sensor 2 have been blocked. When material is exiting the light curtain sensing field, this time specifies the maximum time to wait for the material to clear Sensor 1 and Sensor 2 after clearing the Light Curtain. If the S1S2-LC Maximum Time is exceeded, a fault occurs. The valid range is 5180,000 ms. The maximum amount of time during which the instruction lets the protective function of the light curtain be disabled before generating a fault. The valid range is 03600 s. Setting this input to 0 disables the Maximum Mute timer. The maximum amount of time that the instruction lets the override feature energize the Output 1 output. The valid range is 030 s. Setting this input to 0 disables the Maximum Override timer.
S1S2-LC Maximum Time
Integer
Maximum Mute Time
Integer
Time
161
Chapter 1

Table 60 - TSSM Inputs
Parameter Light Curtain Data Type Boolean Description An input channel with OFF (0) as its safe state, this input represents the current state of the physical light curtain. You are responsible for properly conditioning this input. Typically this is accomplished by using Dual-channel Input Stop instruction controlling a light curtain. ON (1): The light curtain is clear. OFF (0): The light curtain is blocked. One of two muting sensors, Sensor 1 must be blocked or cleared within the S1S2 Discrepancy Time of Sensor 2 being blocked or cleared. ON (1): Sensor 1 is clear. OFF (0): Sensor 1 is blocked. One of two muting sensors, Sensor 2 must be blocked or cleared within the S1S2 Discrepancy Time of Sensor 1 being blocked or cleared. ON (1): Sensor 2 is clear. OFF (0): Sensor 2 is blocked. This input allows the protective function of the light curtain to be disabled (muted) when the correct muting sequence occurs. ON (1): The protective function of the light curtain is disabled when the correct muting sequence occurs. OFF (0): The protective function of the light curtain is always enabled. This input allows a temporary bypass of the muting instructions function. OFF (0): Override function is disabled. OFF (0) -> ON (1): Output 1 is energized regardless of the status of the Input Status input or the existence of faults. Output 1 remains energized while the Override input remains ON (1) or until the Maximum Override timer expires.
Sensor 1
Boolean
Sensor 2
Boolean
Enable Mute
Boolean
Override
Boolean
!
ATTENTION: Activation of the override function requires the use of a hold-to-run device where the operator can see the point of hazard, that is, the light curtain sensing field.
If the instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If the instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input represents the status of the muting lamp. ON (1): The muting lamp is operating properly. The light curtains protective function is disabled (muted) after the correct muting sequence is followed. OFF (0): The muting lamp is defective or missing. The light curtains protective function is always enabled. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset. Output 1 is energized when the Restart Type is Manual. Output 1 is not energized at the same time faults are cleared.
Muting Lamp Status
Boolean
Reset(1)
Boolean
162
Chapter 1

Table 61 - TSSM Outputs
Parameter Output 1 (O1) Muting Lamp (ML) Data Type Boolean Boolean Description ON (1): The light curtain sensing field is not obstructed, the light curtain is being muted, or the light curtain is being overridden. This output indicates the status of the light curtains protective function. ON (1): The light curtains protective function is disabled. OFF (0): The light curtains protective function is enabled. This output indicates when the light curtain sensing field must be cleared (all muting sensors and the light curtain are ON) before processing can continue. ON (1): The light curtain sensing field must be cleared. This output indicates the type of fault that occurred. See TSSM Fault Codes on page 169 for the list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 66 on page 172 for a list of diagnostic codes. This parameter is not safety-related. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally.
Clear Area (CA)
Boolean
Fault Code Diagnostic Code Fault Present (FP)
IMPORTANT
TSSM Normal Operation

One sequence of muting sensor and light-curtain input transitions lets the protective function of the light curtain be disabled (muted). That sequence must start with both of the muting sensors (S1, S2) and the light curtain in their ON (1) state. This indicates that the light-curtain sensing field is clear of all personnel and material. See Figure 121 on page 164.
163
Chapter 1
At (A), the Sensors and the Light Curtain are cleared and the Output 1 output is energized when the Reset input turns ON (1). The material blocks Sensor 1 at (B), starting the S1S2 Discrepancy timer. At (C), the material blocks Sensor 2, stopping the S1S2 Discrepancy timer and starting the S1S2-LC Minimum, the S1S2-LC Maximum, and the Maximum Mute timers. At (D), the S1S2-LC Minimum time period expires, starting the Maximum Mute timer and turning the Muting Lamp output ON (1). At (E), the material blocks the Light Curtain within the S1S2-LC Maximum time period, stopping the S1S2-LC Maximum timer. From (E) to (F), Output 1 remains energized while the material passes through the Light Curtain. At (F), the material clears the Light Curtain and the S1S2-LC Minimum timer starts. At (G), the S1S2-LC Minimum time period expires. The Muting Lamp output turns OFF (0) and the Maximum Mute timer is stopped, indicating that muting is disabled. The material clears Sensor 2 at (H), starting the S1S2 Discrepancy timer. At (I), the material clears Sensor 1 within the S1S2-LC Maximum time period, stopping the S1S2 Discrepancy timer.
Enable Mute
1 0
Sensor 1
1 0 t1 t1
Sensor 2
1 0 > t2 > t2
Light Curtain
1 0 t3 t3 t4 0
Reset

0 1
Output 1
0 1 0 A B C D E F G H I
Muting Lamp
t1: S1S2 Discrepancy Time t3: S1S2-LC Maximum Time Restart Type = Manual
t2: S1S2-LC Minimum Time t4: Maximum Mute Time
164
Chapter 1
TSSM Invalid Sequence

Any input sequence other than the normal operation sequence results in Output 1 being de-energized. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), the material blocks Sensor 1, starting the S1S2 Discrepancy timer. The material blocks Sensor 2 at (C), stopping the S1S2 Discrepancy timer, starting the S1S2LC Minimum timer and the S1S2 Maximum timer. At (D), the Light Curtain is blocked during the S1S2-LC Minimum Time period, causing Output 1 to be deenergized. The S1S2-LC Maximum timer stops.
Enable Mute
1 0
Sensor 1
1 0 < t1 1
Sensor 2
0 < t2 1 0 t3
Light Curtain
Reset
1 0
uting Lamp Status 1

0 1
Output 1
0 1 0 A B C D
Muting Lamp
t1: S1S2 Discrepancy Time t3: S1S2-LC Maximum Time
t2: S1S2-LC Minimum Time Restart Type = Manual
165
Chapter 1
TSSM Tolerated Sequence

The Two-sensor Symmetrical Muting (TSSM) instruction tolerates application dynamics that might cause an input to oscillate due to over-travel or load vibration. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), Sensor 2 turns OFF (0), starting the S1S2 Discrepancy timer. Sensor 2 turns ON (1) at (C), stopping the S1S2 Discrepancy timer. At (D), the material completely blocks Sensor 2, turning it OFF (0), and the normal muting sequence continues. A sensor may glitch, as illustrated from (B) to (C), as a result of over-travel or load vibration. As long as the final input sequence is valid, the instruction lets the muting function occur.
Enable Mute
1 0
Sensor 1
1 0 t1 t1 t1
Sensor 2
1 0 > t2 > t2
Light Curtain
1 0 t3 t3 t4 0
Reset

0 1
Output 1
0 1 0 A B C D
Muting Lamp
t1: S1S2 Discrepancy Time t3: S1S2-LC Maximum Time Restart Type = Manual
166
Chapter 1
TSSM Dangerous Portion of Cycle

The Enable Mute input enables or disables the protective function of the light curtain. When the Enable Mute input is OFF (0), the protective function of the light curtain is enabled and material may not pass through the light curtain sensing field. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), the material blocks Sensor 1 and Sensor 2, turning them OFF (0) and starting the S1S2-LC Minimum, the S1S2-LC Maximum, and the Maximum Mute timers. Because the Enable Mute input is OFF (0), muting is disabled and the Muting Lamp output remains OFF (0). At (C), the S1S2-LC Minimum time period expires. The material blocks the Light Curtain at (D), and Output 1 is deenergized.
Enable Mute
1 0
Sensor 1
1 0
Sensor 2
1 0 > t1
Light Curtain
1 0 t2
Reset
1 t3 0

0
Output 1
1 0
Muting Lamp
1 0
C D
t2: S1S2-LC Maximum Time Restart Type = Manual
167
Chapter 1
TSSM Override Operation

The override feature lets an operator manually energize Output 1 so that material can be cleared from the light curtain sensing field. ATTENTION: The Override function may be used only with a hold-to-run device where the operator can see the point of hazard, that is, the light curtain sensing field. At (A), the Override input turns ON (1). Output 1 is energized and the Maximum Override timer starts. At (B), the material clears Sensor 1 and the Clear Area output turns OFF (0). At (C), the Override input turns OFF (0) within the Maximum Override time period. Output 1 is de-energized and the Maximum Override timer stops.
1
Override
0 t1 1
Enable Mute
0 1
Sensor 1
0 1 0 1
Sensor 2
Light Curtain
0 1
Reset
0

0 1
Clear Area
0 1
Output 1
0 A B C
TSSM False Rung State Behavior

Chapter 1
TSSM Fault Codes

Table 62 - TSSM General Fault Codes
Fault Code 00H 20H Description None. The Input Status input went from ON (1) to OFF (0) while the instruction was executing. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault.
Table 63 - TSSM Sensor Input Pattern Fault Codes

Fault Code 9A00H Description An illegal input pattern was detected. Sensor 1 and the Light Curtain are blocked and Sensor 2 is cleared. Corrective Action Sensor 2 should also be blocked. Check the Sensor 2 circuit. Reset the fault.
S1 S2 LC 0 1 0
9A01H An illegal input pattern was detected. Sensor 2 and the Light Curtain are blocked and Sensor 1 is cleared. Sensor 1 should also be blocked. Check the Sensor 1 circuit. Reset the fault.
S1 S2 LC 1 0 0
9A02H An illegal input pattern was detected. Sensor 1 and Sensor 2 are cleared and the Light Curtain is blocked. The Light Curtain should not be blocked when Sensors 1 and 2 are clear. Check the Light Curtain circuit. Reset the fault.
S1 S2 LC 1 1 0
169
Chapter 1
Normal Tolerated Illegal INC = Inconsistent state where Sensor 1 and Sensor 2 are not both ON (1) or both OFF (0). An illegal muting sequence is a legal input combination that deviates from the normal or tolerated sequences.
S1 S2 LC 1 1 1 0 0 INC 0 0 1 0 0 1 1 1 0 1 1
Step
1 2 3 4 5 6
Table 64 - TSSM Muting Sequence Fault Codes

Fault Code 9900H Description An illegal muting sequence was detected when Sensor 1, Sensor 2, and the Light Curtain are simultaneously blocked in step 1. Fault Code 9901H Description An illegal muting sequence was detected while the S1S2-LC Minimum timer is timing and the Light Curtain becomes blocked in step 2.
S1 S2 LC 1 1 1 0 0 0
Step
S1 S2 LC 1 1 1 0 0 0 0 1 0
Step
1 2
9902H
An illegal muting sequence was detected after the S1S2-LC Minimum Time expires and Sensor 1 and Sensor 2 are simultaneously cleared in step 2.
9903H
An illegal muting sequence was detected when Sensor 1, Sensor 2, and the Light Curtain are simultaneously cleared in step 3.
S1 S2 LC 1 1 1 0 1 0 1 1 1
Step
1 2
S1 S2 LC 1 1 1 0 0 1 0 0 1 1 0 1
Step
1 2 3
170
Chapter 1
Table 64 - TSSM Muting Sequence Fault Codes

Fault Code 9904H Description An illegal muting sequence was detected when Sensor 1 and Sensor 2 became inconsistent while the Light Curtain was blocked in step 4. Fault Code 9905H Description An illegal muting sequence was detected while the LC-S1S2 Minimum timer is timing and Sensor 1 and Sensor 2 are cleared in step 4.
S1 S2 LC 1 1 1 0 0 INC
9906H
Step
1 2 3
S1 S2 LC 1 1 1 0 0 0 1
9907H
Step
1 2 3 4
0 0
1 0 0
0 0 0 1
1 0 1 1
An illegal muting sequence was detected while the LC-S1S2 Minimum timer is timing and Sensor 1 and Sensor 2 become inconsistent in step 4.
An illegal muting sequence was detected while the S1S2 Discrepancy timer is timing in step 2 (a tolerated sequence) when Sensor 1, Sensor 2, and the light curtain are simultaneously blocked.
S1 S2 LC 1 1 1 0 0 0 INC 0 0 0 1 0 1 1
Step
1 2 3 4
S1 S2 LC 1 1 1 INC 0 0 1 0
Step
1 2
To correct an invalid sequence fault, check the alignment of the sensors with regard to the material being moved and the system timing and then reset the fault.
Fault Code 9000H 9810H 9811H 9812H Description The Light Curtain was muted for longer than the configured Maximum Mute Time. Too much time elapsed between Sensor 1 and Sensor 2 becoming consistent. Too much time elapsed between Sensor 1 and Sensor 2 being blocked and the Light Curtain being blocked. Too much time elapsed between the Light Curtain being cleared and Sensor 1 or Sensor 2 being cleared. Corrective Action The Maximum Mute Time parameter may be set too short or there may be an anomaly with the sensors. The S1S2 Discrepancy Time parameter may be set too short or there may be an anomaly with the sensors. The S1S2-LC Maximum Time parameter may be set too short or there may be an anomaly with the sensors.
171
Chapter 1
TSSM Diagnostic Codes

Table 66 - TSSM Diagnostic Codes and Corrective Actions
Diagnostic Code 00H 01H Description No fault. The Muting Lamp Status input is OFF (0). Corrective Action None. Check the muting lamp and replace it, if necessary. If a muting lamp is not required, set the Muting Lamp Status input to ON (1). Set the Reset input to OFF (0). Check the I/O module connection or the logic used to source input status.
05H 20H
TSSM Wiring and Programming Example

This example complies with ISO 13849-1 Category 4 operation. The standard control portion of the application is not shown. This wiring diagram shows how to wire a light curtain and two muting sensors to a 1791DS-IB12 module to illustrate the use of the Two-sensor Symmetrical Muting instruction.
24V DC Muting Sensors Momentary Push Button (reset)
+ 24V DC
+ 24V DC OSSD 1 OSSD 2 Hold-to-run Key Switch
0V DC Light Curtain
0V DC
1 V
3 I0
4 I1
5 I2
6 I3
20 T1
19 T0
9 I6
10 I7
24 I11
DeviceNet
1791DS-IB12
G T2 25
Module 1
T3 28
11
Muting Lamp
172
Chapter 1
This programming diagram logically illustrates how the Two-sensor Symmetrical Muting instruction is typically used with a DCI Stop (light curtain) and DCI Start (hold-to-run switch) instruction.
Equivalent Active High TBD ms Automatic Automatic Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.CombinedStatus Module1:I.Pt11Data Light Curtain1 DCS Input Type Output 1 Discrepancy Time Restart Type Coldstart Type Channel A Channel B Input Status Reset Fault Present TwoSensorSymmetricalMutingFunction TSSM Restart Type See Note 2 Output 1 Module1:O.Test03Data S1-S2 Discrepancy Time Muting Lamp Module1:O.Test02Data S1, S2-LC Minimum Time Clear Area S1, S2-LC Maximum Time Maximum Mute Time Maximum Override Time Light Curtain Sensor 1 Sensor 2 Enable Mute Override Input Status Muting Lamp Status Reset HoldToRunKeySwitch DCSRT Output 1 Input Type Discrepancy Time Fault Present
Manual TBD ms TBD ms TBD ms TBD ms TBD ms
Module1:I.Pt02Data Module1:I.Pt03Data See Note 1
Equivalent Active High TBD ms
Note 1:This is an internal Boolean tag representing the non-hazardous portion of the machine cycle. Its value is determined by other parts of the user application not shown in this example. When the protected hazard is present, this tag value should be False (0). When the protected hazard is not present, this tag value should be True (1). When the value of this tag is True (1), the muting instruction allows the light curtain to become muted only if the proper input sequence is detected. When the value of this tag is False (0), the muting instruction does not allow the light curtain to become muted, even if the proper input sequence is detected. Note 2:This is an internal Boolean tag used by other parts of the user application not shown in this example.

173
Chapter 1

DCS Dual Channel Input Stop LightCurtain1 DCS LIGHT CURTAIN Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) AUTOMATIC Restart Type AUTOMATIC Cold Start Type Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 DCSRT Dual Channel Input Start HoldToRunKeySwitch DCSRT USER DEFINED Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) ALWAYS_ENABLED Enable 1 Module1:I.Pt06Data Channel A 0 Module1:I.Pt07Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 TSSM Two Sensor Symmetrical Muting TSSM TwoSensorSymmetricalMutingFunction MANUAL Restart Type 1000 S1-S2 Discrepancy Time (Msec) 5000 S1,S2-LC Minimum Time (Msec) 8000 S1,S2-LC Maximum Time (Msec) 20 Maximum Mute Time (Sec) 10 Maximum Override Time (Sec) LightCurtain1.O1 Light Curtain 0 Module1:I.Pt02Data Sensor 1 0 Module1:I.Pt03Data Sensor 2 1 SeeNote1 Enable Mute 0 HoldToRunKeySwitch.O1 Override 0 Module1:I.CombinedStatus Input Status 1 Module1:I.MutingStatus Muting Lamp Status 1 Module1:I.Pt11Data Reset 0 TwoSensorSymmetricalMutingFunction.ML TwoSensorSymmetricalMutingFunction.CA O1 FP
O1 FP
O1 ML CA FP
Note 1:This is an internal Boolean tag representing the non-hazardous portion of the machine cycle. Its value is determined by other parts of the user application not shown in this example. When the protected hazard is present, this tag value should be False (0). When the protected hazard is not present, this tag value should be True (1). When the value of this tag is True (1), the muting instruction allows the light curtain to become muted only if the proper input sequence is detected. When the value of this tag is False (0), the muting instruction does not allow the light curtain to become muted, even if the proper input sequence is detected.
174
Chapter 1
RSLogix 5000 software is used to configure the input and output parameters of the Guard I/O module, as illustrated. When defining the module, setting the Input Status to Combined Status-Muting provides the smallest input packet possible and lets the muting lamp status be monitored. Choosing Test for Output Data lets safety logic control Test Output 3 to drive the Muting Lamp and Test Output 2 to drive the Clear Area Lamp.
175
Chapter 1
176
Chapter 1
Four-sensor Bidirectional Muting (FSBM)
This instruction provides a temporary, automatic disabling of the protective function of a light curtain, allowing material to be transported though the light curtain sensing field without stopping the machine. Muting sensors differentiate between materials and personnel and must act together along with the light curtain, in a specific switching sequence when the appropriate material passes the sensing field. The Direction input sets the expected direction from which the material passes through the sensing field. Once this direction is established, and providing the proper sequencing of the sensors and light curtain is maintained, bidirectional movement of the material is permitted.
177
Chapter 1
Four-sensor Bidirectional Muting uses four muting sensors arranged sequentially before and after the light curtains center of the protected opening.
Figure 133 - Four-sensor Bidirectional Muting Application
Muting Lamp Sensor 1 Sensor 2 Sensor 3 Sensor 4
Material
FSBM Instruction Parameters

178
Chapter 1
The following table provides the parameters used to configure the instruction. The parameters cannot be changed at runtime.
Table 67 - FSBM Configuration Parameters
!
S1-S2 Time S2-LC Time LC-S3 Time S3-S4 Time Maximum Mute Time Time Time Time Time Time
The maximum amount of time allowed between Sensor 1 being blocked and Sensor 2 being blocked before a fault occurs. The valid range is 5180,000 ms. Setting this input to 0 disables the S1-S2 timer. The maximum amount of time allowed between Sensor 2 being blocked and the Light Curtain being cleared before a fault occurs. The valid range is 5180,000 ms. Setting this input to 0 disables the S2-LC timer. The maximum amount of time allowed between Sensor 3 being blocked and the Light Curtain being blocked before a fault occurs. The valid range is 5180,000 ms. Setting this input to 0 disables the LC-S3 timer. The maximum amount of time allowed between Sensor 3 being blocked and Sensor 4 being blocked before a fault occurs. The valid range is 5180,000 ms. Setting this input to 0 disables the S3-S4 timer. The maximum amount of time during which the instruction lets the protective function of the light curtain be disabled before generating a fault. The valid range is 03600 s. Setting this input to 0 disables the Maximum Mute timer. The maximum amount of time that the instruction lets the override feature energize the Output 1 output. The valid range is 030 s. Setting this input to 0 disables the Maximum Override timer.
Time

Table 68 - FSBM Inputs
Parameters Direction Data Type Boolean Description This input specifies the sequencing direction. ON (1): Forward. The muting sequence begins with the blocking of Sensor 1. OFF (0): Reverse. The muting sequence begins with the blocking of Sensor 4. An input channel with OFF (0) as its safe state, this input represents the current state of the physical light curtain. You are responsible for properly conditioning this input. Typically this is accomplished by using Dual-channel Input Stop instruction controlling a light curtain. ON (1): The light curtain is clear. OFF (0): The light curtain is blocked. One of four muting sensors. When material is moving in the forward direction, it is the first sensor to be blocked and cleared. When material is moving in the reverse direction, it is the fourth to be blocked and cleared. ON (1): Sensor 1 is clear. OFF (0): Sensor 1 is blocked. One of four muting sensors. When material is moving in the forward direction, it is the second sensor to be blocked and cleared. When material is moving in the reverse direction, it is third to be blocked and cleared. ON (1): Sensor 2 is clear. OFF (0): Sensor 2 is blocked. One of four muting sensors. When material is moving in the forward direction, it is the third sensor to be blocked and cleared. When material is moving in the reverse direction, it is second to be blocked and cleared. ON (1): Sensor 3 is clear. OFF (0): Sensor 3 is blocked. One of four muting sensors. When material is moving in the forward direction, it is the fourth sensor to be blocked and cleared. When material is moving in the reverse direction, it is first to be blocked and cleared. ON (1): Sensor 4 is clear. OFF (0): Sensor 4 is blocked.
Light Curtain
Boolean
Sensor 1
Boolean
Sensor 2
Boolean
Sensor 3
Boolean
Sensor 4
Boolean
179
Chapter 1
Table 68 - FSBM Inputs

Parameters Enable Mute Data Type Boolean Description This input allows the protective function of the light curtain to be disabled (muted) when the correct muting sequence occurs. ON (1): The protective function of the light curtain is disabled when the correct muting sequence occurs. OFF (0): The protective function of the light curtain is always enabled. This input allows a temporary bypass of the muting instructions function. Output 1 is energized regardless of the status of the Input Status input or the existence of faults. OFF (0): Override function is disabled. OFF (0) -> ON (1): Output 1 is energized regardless of the status of the Input Status input or the existence of faults. Output 1 remains energized while the Override input remains ON (1) or until the Maximum Override timer expires.
Override
Boolean
!
ATTENTION: Activation of the override function requires the use of a hold-to-run device where the operator can see the point of hazard, that is, the light curtain sensing field.
If the instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If the instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input represents the status of the muting lamp. ON (1): The muting lamp is operating properly. The light curtains protective function is disabled (muted) after the correct muting sequence is followed. OFF (0): The muting lamp is defective or missing. The light curtains protective function is always enabled. This input clears instruction and circuit faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset. Output 1 is energized when the Restart Type is Manual. Output 1 is not energized at the same time faults are cleared.
Muting Lamp Status
Boolean
Reset(1)
Boolean

Table 69 - FSBM Outputs
Parameter Output 1 (O1) Muting Lamp (ML) Clear Area (CA) Data Type Boolean Boolean Boolean Description ON (1): The light curtain sensing field is not obstructed, the light curtain is being muted, or the light curtain is being overridden. OFF (0): The light curtain sensing field is obstructed or the muting sensors sequence is incorrect.FS ON (1): The light curtains protective function is disabled. OFF (0): The light curtains protective function is enabled. This status output indicates when the light curtain sensing field and all muting sensors must be cleared (ON) before processing can continue. ON (1): The light curtain sensing field must be cleared. OFF (0): Normal operation. This output indicates the diagnostic status of the instruction. See Table 74 on page 200 for a list of diagnostic codes. This parameter is not safety-related. This output indicates the type of fault that occurred. See FSBM Fault Codes on page 188 for the list of fault codes. This parameter is not safety-related. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally.
Diagnostic Code Fault Code Fault Present (FP)
IMPORTANT
180
Chapter 1
FSBM Normal Operation

One forward direction and one reverse direction sequence of muting sensor and light-curtain input transitions let the protective function of the light curtain be disabled (muted). Both sequences start with the four muting sensors and the light curtain in their ON (1) state. This indicates that the light-curtain sensing field is clear of all personnel and material. At (A), when Sensors 1 through 4 and the Light Curtain are clear, the Output 1 output is energized when the Reset input turns ON (1). At (B), material blocks Sensor 1, starting the S1-S2 timer. At (C), the material blocks Sensor 2, stopping the S1-S2 timer. The S2-LC and Maximum Mute timers start. The Muting Lamp turns ON (1), indicating that muting is enabled. At (D), the material blocks the Light Curtain, stopping the S2-LC timer and starting the LC-S3 timer. At (E), the material blocks Sensor 3, stopping the LC-S3 timer and starting the S3-S4 timer. At (F), the material blocks Sensor 4, stopping the S3-S4 timer. The material is blocking all of the Sensors and the Light Curtain. From (G) through (K), the material clears the sensors and the Light Curtain in the same order in which they were blocked, starting and stopping the timers, until the material clears all of the sensors and the Light Curtain. Figure 134 on page 182 shows this sequence as described for the forward direction. Figure 135 on page 183 shows this sequence in reverse direction.
181
Chapter 1
Figure 134 - Normal Operation, Forward Direction Timing Diagram

Direction
1 0
Enable Mute
1 0 1
Sensor 1
0 t1 1 t1
Sensor 2
0 t2 1 t2
Light Curtain
0 t3 1 t3
Sensor 3
0 t4 1 t4
Sensor 4
0 t5 1
Reset
0

0
Muting Lamp
1 0
Output 1
1 0
t1: S1-S2 Time t4: S3-S4 Time Restart Type = Manual
t2: S2-LC Time t3: LC-S3 Time t5: Maximum Mute Time
182
Chapter 1
Figure 135 - Normal Operation, Reverse Direction Timing Diagram

1
Direction
0 1
Enable Mute
0 1
Sensor 1
0 < t1 1 < t1
Sensor 2
0 < t2 1 < t2
Light Curtain
0 < t3 1 < t3
Sensor 3
0 < t4 1 < t4
Sensor 4
0 < t5 1
Reset
0

0 1
Muting Lamp
0 1 0 A B C D E F G H I J K
Output 1
t1: S1-S2 Time t2: S2-LC Time t3: LC-S3 Time t4: S3-S4 Time t5: Maximum Mute Time Restart Type = Manual
183
Chapter 1
FSBM Invalid Sequence

Any input sequence other than the normal operation sequence results in Output 1 being de-energized. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), the material blocks Sensor 1, starting the S1-S2 timer. At (C), the material simultaneously blocks Sensor 2 and the Light Curtain, stopping the S1-S2 timer. Output 1 is de-energized and the Clear Area and Fault Present outputs turn ON (1). The override feature can be used to clear the material from the sensing field and turn the Clear Area output OFF (0).
1
Direction
0 1
Enable Mute
0 1
Sensor 1
0 <t1 1
Sensor 2
0 1
Light Curtain
0 1
Sensor 3
0 1
Sensor 4
0 1
Reset
0 1 0 1
Muting Lamp Status
Fault Present
0 1
Clear Area
0 1 0 A B C
Output 1
t1: S1-S2 Time
184
Chapter 1
FSBM Tolerated Sequence

The Four-sensor Bidirectional Muting (FSBM) instruction tolerates application dynamics that might cause an input to oscillate due to over-travel or load vibration. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), Sensor 1 turns OFF (0), starting the S1-S2 timer. Sensor 1 turns ON (1) at (C), stopping the S1-S2 timer. At (D), the material completely blocks Sensor 1, turning it OFF (0), and the normal muting sequence continues. A sensor may glitch, as illustrated from (B) to (C), as a result of over-travel or load vibration. As long as the final input sequence is valid, the instruction lets the muting function occur.
1
Direction
0 1 0
Enable Mute
Sensor 1
1 0 < t1 < t1
Sensor 2
1 0 < t2 < t2
Light Curtain
1 0 < t3 1 < t3
Sensor 3
0 < t4 < t4 1 0 < t5
Sensor 4
Reset
1 0

0
Muting Lamp
1 0
Output 1
1 0 A B C D
t1: S1-S2 Time t4: S3-S4 Time
t2: S2-LC Time t5: Maximum Mute Time
t3: LC-S3 Time Restart Type = Manual
185
Chapter 1
FSBM Dangerous Portion of Cycle

The Enable Mute input enables or disables the protective function of the light curtain. When the Enable Mute input is OFF (0), the protective function of the light curtain is enabled and material may not pass through the light curtain sensing field. At (A), Output 1 is energized just as in a normal sequence of operation. At (B), the material blocks Sensor 1, starting the S1-S2 timer. At (C), the material blocks Sensor 2, stopping the S1-S2 timer and starting the S2-LC timer. Because the Enable Mute input is OFF (0), muting is disabled and the Muting Lamp output remains OFF (0). The material blocks the Light Curtain at (D), stopping the S2LC timer. Output 1 is de-energized because the Enable Mute input is OFF (0).
Direction
1 0
Enable Mute
1 0
Sensor 1
1 0 < t1 1 < t1
Sensor 2
0 1 < t2 < t2
Light Curtain
0 1 < t3 < t3
Sensor 3
0 < t4 < t4 1 0
Sensor 4
Reset
1 0

0 1
Muting Lamp
0 1
Output 1
0 A B C D
t1: S1-S2 Time t4: S3-S4 Time
t3: LC-S3 Time
186
Chapter 1
FSBM Override Operation

The override feature that lets an operator manually energize Output 1 so that material can be cleared from the light curtain sensing field. ATTENTION: The Override function may be used only with a hold-torun device where the operator can see the point of hazard, that is, the light curtain sensing field. At (A), the Override input turns ON (1). Output 1 is energized and the Maximum Override timer starts. At (B), the material clears Sensor 3 and Sensor 4 and the Clear Area output turns OFF (0). At (C), the Override input turns OFF (0) within the Maximum Override time period. Output 1 is de-energized and the Maximum Override timer stops.
Override
1 0 t1
Direction
1 0 1
Enable Mute
0
Sensor 1
1 0 1
Sensor 2
0 1
Light Curtain
0 1
Sensor 3
0 1 0 1
Sensor 4
Reset
0

0
Clear Area
1 0
Output 1
1 0 A B C
187
Chapter 1
FSBM False Rung State Behavior

FSBM Fault Codes

Table 70 - FSBM General Fault Codes
Fault Code 00H 20H Description No fault. The Input Status input went from ON (1) to OFF (0) while the instruction was executing. Corrective Action None. Check the I/O module connection or the logic used to source input status. Reset the fault.
Table 71 - FSBM Sensor Input Fault Codes

Fault Code 9200H Description The Light Curtain, Sensors 1, 2, and 4 are blocked, while Sensor 3 is clear.
S1 0 S2 0 LC 0 S3 1 S4 0
9201H
Sensors 1, 2, 3, and 4 are blocked and the Light Curtain is clear.
S1 0
S2 0
LC 1
S3 0
S4 0
9202H
Sensors 1, 2, and 3 are blocked and the Light Curtain and Sensor 4 are clear.
S1 0
S2 0
LC 1
S3 0
S4 1
9203H
Sensors 1, 2, and 4 are blocked and the Light Curtain and Sensor 3 are clear.
S1 0
S2 0
LC 1
S3 1
S4 0
9204H
Sensors 1, 3, and 4 and the Light Curtain are blocked and Sensor 2 is clear.
S1 0
S2 1
LC 0
S3 S4 0 0
9205H
Sensors 1, 3, and the Light Curtain are blocked and sensors 2 and 4 are clear.
S1 0
S2 1
LC 0
S3 0
S4 1
9206H
Sensors 1, 4 and the Light Curtain are blocked and Sensors 2 and 3 are clear.
S1 0
S2 1
LC 0
S3 S4 1 0
9207H
Sensor 1 and the Light Curtain are blocked and Sensors 2, 3, and 4 are clear.
S1 0
S2 1
LC 0
S3 S4 1 1
9208H
S1 0
S2 1
LC 1
S3 0
S4 0
9209H
Sensors 1 and 3 are blocked and Sensors 2 and 4 and the Light Curtain are clear.
S1 0
S2 1
LC 1
S3 S4 0 1
188
Chapter 1
Table 71 - FSBM Sensor Input Fault Codes

Fault Code 920AH Description Sensors 1 and 4 are blocked and Sensors 2 and 3 and the Light Curtain are clear.
S1 0 S2 1 LC 1 S3 1 S4 0
920BH
Sensors 2 and 3 and the Light Curtain are blocked and Sensors 1 and 4 are clear.
S1 1
S2 0
LC 0
S3 S4 0 1
920CH
Sensors 2 and 4 and the Light Curtain are blocked and Sensors 1 and 3 are clear.
S1 1
S2 0
LC 0
S3 S4 1 0
920DH
S1 1
S2 0
LC 0
S3 1
S4 1
920EH
Sensors 2, 3, and 4 are blocked and Sensor 1 and the Light Curtain are clear.
S1 1
S2 0
LC 1
S3 0
S4 0
920FH
S1 1
S2 0
LC 1
S3 0
S4 1
9210H
S1 1
S2 0
LC 1
S3 S4 1 0
9211H
Sensor 2 is blocked and Sensors 1, 3, and 4 and the Light Curtain are clear.
S1 1
S2 0
LC 1
S3 1
S4 1
9212H
S1 1
S2 1
LC 0
S3 S4 0 1
9213H
S1 1
S2 1
LC 0
S3 1
S4 0
9214H
The Light Curtain is blocked and Sensors 1, 2, 3, and 4 are clear.
S1 1
S2 1
LC 0
S3 1
S4 1
9215H
Sensor 3 is blocked and Sensors 1, 2, and 4 and the Light Curtain are clear.
S1 1
S2 1
LC 1
S3 0
S4 1
Follow these steps to recover from an illegal input fault. 1. Check that the sensors and the light curtain are properly aligned, are applied to the appropriate instruction inputs, and are not being improperly blocked. 2. Reset the fault.
189
Chapter 1

S1 S2 1 1 0 0 0 0 0 1 1 1 1 LC 1 1 1 0 0 0 0 0 1 1 1 S3 1 1 1 1 0 0 0 0 0 1 1 S4 1 1 1 1 1 0 0 0 0 0 1
Step
0 1 2 3 4 5 6 7 8 9 10
Normal Tolerated Illegal An illegal muting sequence is a legal input combination that deviates from the normal or tolerated sequences.
1 0 0 0 0 0 1 1 1 1 1
Table 72 - FSBM Muting Sequence Fault Codes

Fault Code 9100H Description Fault Code 9101H Description Fault Code 9102H Description
An illegal muting sequence was detected in step 0 when the Sensors and the Light Curtain transitioned to one of the following invalid sequence states.
S1 1 0 S2 LC 1 0 1 1 S3 S4 1 1 S3 1 0 1 1 S4 1 0
Step Step Step
S1 1 0
S2 LC 1 0 S2 1 0 1 0 LC 1 0
S3 1 1 S3 1 0
S4 1 1 S4 1 0
Step
S1 S2 1 0 1 0
LC 1 0
S3 1 0
S4 1 1
Step
9103H
S1 1 0
S2 LC 1 0 S2 1 1 1 0 LC 1 1
9104H
S1 1 1
Step
9105H
S1 1 1
S2 LC 1 1 1 0
S3 S4 1 0 1 0
Step
9106H
S1 1 1
S3 S4 1 0 1 0
190
Chapter 1

S1 1 0 0 S2 LC 1 1 0 1 1 0 S3 1 1 1 S3 1 1 0 S3 1 1 1 S4 1 1 1 S4 1 1 0 S4 1 1 0
Step Step Step
S1 1 0 0
S2 LC 1 1 0 1 1 0
S3 1 1 0 S3 1 1 0
S4 1 1 1 S4 1 1 0
Step
S1 1 0 0
S2 LC 1 1 0 1 1 0
S3 1 1 0 S3 1 1 0
S4 1 1 0 S4 1 1 0
Step
0 1
0 1
0 1
9113H
S1 1 0 1
S2 LC 1 1 0 1 1 0
9114H
S1 1 0 1
S2 LC 1 1 1 1 1 0
Step
9115H
S1 1 0 1
S2 LC 1 1 1 1 1 1
Step
0 1
0 1
0 1
9116H
S1 1 0 1
S2 LC 1 1 1 1 1 1
0 1
An illegal muting sequence was detected in step 2 when the Sensors and the Light Curtain transitioned to one of the following invalid sequence states. 9120H
S1 1 0 0 1 S2 LC 1 1 0 1 1 1 1 1 S3 1 1 1 1 S3 1 1 1 0 S3 1 1 1 1 S4 1 1 1 1 S4 1 1 1 0 S4 1 1 1 0
Step Step Step
9121H
S1 1 0 0 0
S2 1 1 0 0
LC 1 1 1 0
S3 S4 1 1 1 0 S3 1 1 1 0 1 1 1 1 S4 1 1 1 0
Step
9122H
S1 1 0 0 0
S2 1 1 0 0 S2 1 1 0 1
LC 1 1 1 0 LC 1 1 1 1
S3 1 1 1 0 S3 1 1 1 0
S4 1 1 1 0 S4 1 1 1 0
Step
0 1 2
0 1 2
0 1 2
9123H
S1 1 0 0 1
S2 LC 1 1 0 0 1 1 1 0
9124H
S1 1 0 0 1
S2 LC 1 1 0 1 1 1 1 0
Step
9125H
S1 1 0 0 1
Step
0 1 2
0 1 2
0 1 2
9126H
S1 1 0 0 1
S2 LC 1 1 0 1 1 1 1 1
0 1 2
191
Chapter 1

S1 1 0 0 0 1 S2 LC 1 1 0 0 1 S2 1 1 0 0 0 1 1 1 0 1 LC 1 1 1 0 0 LC 1 1 1 0 1 S3 1 1 1 1 1 S3 1 1 1 1 0 S3 1 1 1 1 1 S4 1 1 1 1 1 S4 1 1 1 1 0 S4 1 1 1 1 0
Step Step Step
S1 S2 1 0 0 0 0 1 1 0 0 1 S2 1 1 0 0 1
LC 1 1 1 0 1 LC 1 1 1 0 0
S3 1 1 1 1 1 S3 1 1 1 1 0
S4 1 1 1 1 1 S4 1 1 1 1 0
Step
S1 1 0 0 0 0
S2 1 1 0 0 0
LC 1 1 1 0 0
S3 1 1 1 1 0 S3 1 1 1 1 0
S4 1 1 1 1 0 S4 1 1 1 1 0
Step
0 1 2 3
0 1 2 3
0 1 2 3
9133H
S1 1 0 0 0 1
9134H
S1 1 0 0 0 1
Step
9135H
S1 1 0 0 0 1
S2 LC 1 1 0 0 1 1 1 1 0 1
Step
0 1 2 3
0 1 2 3
0 1 2 3
9136H
S1 S2 1 0 0 0 1 1 1 0 0 1
0 1 2 3
192
Chapter 1

S1 1 0 0 0 0 1 S2 LC 1 1 0 0 0 1 S2 1 1 0 0 0 0 S2 1 1 0 0 0 1 1 1 1 0 0 1 LC 1 1 1 0 0 0 LC 1 1 1 0 0 1 S3 S4 1 1 1 1 0 1 S3 1 1 1 1 0 0 1 1 1 1 1 1 S4 1 1 1 1 1 0
Step Step Step
S1 1 0 0 0 0 0
S2 1 1 0 0 0 1 S2 1 1 0 0 0 1
LC 1 1 1 0 0 1 LC 1 1 1 0 0 0
S3 1 1 1 1 0 1 S3 S4 1 1 1 1 0 0 1 1 1 1 1 0
S4 1 1 1 1 1 1
Step
S1 1 0 0 0 0 0
S2 1 1 0 0 0 0
LC 1 1 1 0 0 1
S3 1 1 1 1 0 1 S3 1 1 1 1 0 0
S4 1 1 1 1 1 1 S4 1 1 1 1 1 0
Step
0 1 2 3 4
0 1 2 3 4
0 1 2 3 4
9143H
S1 1 0 0 0 0 1
9144H
S1 1 0 0 0 0 1
Step
9145H
S1 1 0 0 0 0 1
S2 LC 1 1 0 0 0 1 1 1 1 0 0 1
Step
0 1 2 3 4
0 1 2 3 4
0 1 2 3 4
9146H
S1 1 0 0 0 0 1
S3 S4 1 1 1 1 0 1 1 1 1 1 1 0
0 1 2 3 4
193
Chapter 1

S1 1 0 0 0 0 0 1 S2 1 1 0 0 0 0 1 S2 1 1 0 0 0 0 0 LC 1 1 1 0 0 0 1 LC 1 1 1 0 0 0 0 S3 1 1 1 1 0 0 1 S3 1 1 1 1 0 0 1 S3 1 1 1 1 0 0 1 S4 1 1 1 1 1 0 1 S4 1 1 1 1 1 0 1 S4 1 1 1 1 1 0 0
Step Step Step
S1 S2 1 0 0 0 0 0 0 1 1 0 0 0 0 1 S2 1 1 0 0 0 0 1
LC 1 1 1 0 0 0 1 LC 1 1 1 0 0 0 0
S3 1 1 1 1 0 0 1 S3 1 1 1 1 0 0 0
S4 1 1 1 1 1 0 1 S4 1 1 1 1 1 0 0
Step
S1 1 0 0 0 0 0 0
S2 1 1 0 0 0 0 0
LC 1 1 1 0 0 0 1
S3 1 1 1 1 0 0 1
S4 1 1 1 1 1 0 1
Step
0 1 2 3 4 5
0 1 2 3 4 5
0 1 2 3 4 5
9153H
S1 1 0 0 0 0 0 0
9154H
S1 1 0 0 0 0 0 1
Step
9155H
S1 1 0 0 0 0 0 1
S2 LC 1 1 0 0 0 0 1 1 1 1 0 0 0 1
S3 1 1 1 1 0 0 0
S4 1 1 1 1 1 0 0
Step
0 1 2 3 4 5
0 1 2 3 4 5
0 1 2 3 4 5
9156H
S1 1 0 0 0 0 0 1
S2 LC 1 1 0 0 0 0 1 1 1 1 0 0 0 1
0 1 2 3 4 5
194
Chapter 1

Fault Code 9160H Description Fault Code
Step
Description
Fault Code
Step
Description
S1 1 0 0 0 0 0 1 1 S2 LC 1 1 0 0 0 0 0 1 S2 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 1 LC 1 1 1 0 0 0 0 0 S3 1 1 1 1 0 0 0 1 S3 1 1 1 1 0 0 0 1 S3 1 1 1 1 0 0 0 1 S4 1 1 1 1 1 0 0 1 S4 1 1 1 1 1 0 0 1 S4 1 1 1 1 1 0 0 0
Step Step
9161H
S1 1 0 0 0 0 0 1 0
S2 1 1 0 0 0 0 0 1 S2 1 1 0 0 0 0 0 0
LC 1 1 1 0 0 0 0 1 LC 1 1 1 0 0 0 0 0
S3 1 1 1 1 0 0 0 1 S3 1 1 1 1 0 0 0 0
S4 1 1 1 1 1 0 0 1 S4 1 1 1 1 1 0 0 1
9162H
S1 1 0 0 0 0 0 1 0
S2 1 1 0 0 0 0 0 0 S2 1 1 0 0 0 0 0 1
LC 1 1 1 0 0 0 0 1 LC 1 1 1 0 0 0 0 1
S3 1 1 1 1 0 0 0 1 S3 1 1 1 1 0 0 0 0
S4 1 1 1 1 1 0 0 1 S4 1 1 1 1 1 0 0 0
Step
0 1 2 3 4 5 6
0 1 2 3 4 5 6
0 1 2 3 4 5 6
9163H
S1 1 0 0 0 0 0 1 0
9164H
S1 1 0 0 0 0 0 1 0
Step
9165H
S1 1 0 0 0 0 0 1 1
Step
0 1 2 3 4 5 6
0 1 2 3 4 5 6
0 1 2 3 4 5 6
9166H
S1 1 0 0 0 0 0 1 1
S2 LC 1 1 0 0 0 0 0 1 1 1 1 0 0 0 0 1
0 1 2 3 4 5 6
195
Chapter 1

S1 1 0 0 0 0 0 1 1 1 S2 1 1 0 0 0 0 0 1 1 LC 1 1 1 0 0 0 0 0 1 LC 1 1 1 0 0 0 0 0 0 LC 1 1 1 0 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 1 S4 1 1 1 1 1 0 0 0 1 S4 1 1 1 1 1 0 0 0 0
Step Step Step
S1 1 0 0 0 0 0 1 1 0
S2 1 1 0 0 0 0 0 1 1 S2 1 1 0 0 0 0 0 1 0
LC 1 1 1 0 0 0 0 0 1 LC 1 1 1 0 0 0 0 0 0
S3 1 1 1 1 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 0
S4 1 1 1 1 1 0 0 0 1 S4 1 1 1 1 1 0 0 0 1
Step
S1 1 0 0 0 0 0 1 1 0
S2 1 1 0 0 0 0 0 1 0
LC 1 1 1 0 0 0 0 0 1 LC 1 1 1 0 0 0 0 0 0
S3 1 1 1 1 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 0
S4 1 1 1 1 1 0 0 0 1 S4 1 1 1 1 1 0 0 0 0
Step
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
9173H
S1 S2 1 0 0 0 0 0 1 1 0 1 1 0 0 0 0 0 1 0
9174H
S1 1 0 0 0 0 0 1 1 0
Step
9175H
S1 S2 1 0 0 0 0 0 1 1 0 1 1 0 0 0 0 0 1 0
Step
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
9176H
S1 S2 1 0 0 0 0 0 1 1 1 1 1 0 0 0 0 0 1 1
0 1 2 3 4 5 6 7
196
Chapter 1

Fault Code 9180H Description Fault Code
Step
Description
Fault Code 9182H
Description
S1 1 0 0 0 0 0 1 1 1 1 S2 1 1 0 0 0 0 0 1 1 1 S2 1 1 0 0 0 0 0 1 1 0 S2 1 1 0 0 0 0 0 1 1 0 LC 1 1 1 0 0 0 0 0 1 1 LC 1 1 1 0 0 0 0 0 1 0 LC 1 1 1 0 0 0 0 0 1 0 S3 1 1 1 1 0 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 0 0 S4 1 1 1 1 1 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 0 0
Step Step
9181H
S1 1 0 0 0 0 0 1 1 1 0
S2 1 1 0 0 0 0 0 1 1 1 S2 1 1 0 0 0 0 0 1 1 0
LC 1 1 1 0 0 0 0 0 1 1 LC 1 1 1 0 0 0 0 0 1 0
S3 1 1 1 1 0 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 0 0
S4 1 1 1 1 1 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 0 1
Step
S1 1 0 0 0 0 0 1 1 1 0
S2 1 1 0 0 0 0 0 1 1 0 S2 1 1 0 0 0 0 0 1 1 0
LC 1 1 1 0 0 0 0 0 1 1 LC 1 1 1 0 0 0 0 0 1 0
S3 1 1 1 1 0 0 0 0 0 1 S3 1 1 1 1 0 0 0 0 0 0
S4 1 1 1 1 1 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 0 0
Step
0 1 2 3 4 5 6 7 8
0 1 2 3 4 5 6 7 8
0 1 2 3 4 5 6 7 8
9183H
S1 1 0 0 0 0 0 1 1 1 0
9184H
S1 1 0 0 0 0 0 1 1 1 0
Step
9185H
S1 1 0 0 0 0 0 1 1 1 0
Step
0 1 2 3 4 5 6 7 8
0 1 2 3 4 5 6 7 8
0 1 2 3 4 5 6 7 8
9186H
S1 1 0 0 0 0 0 1 1 1 1
0 1 2 3 4 5 6 7 8
197
Chapter 1

S1 1 0 0 0 0 0 1 1 1 1 0 S2 1 1 0 0 0 0 0 1 1 1 1 S2 1 1 0 0 0 0 0 1 1 1 0 LC 1 1 1 0 0 0 0 0 1 1 1 LC 1 1 1 0 0 0 0 0 1 1 0 S3 1 1 1 1 0 0 0 0 0 1 1 S3 1 1 1 1 0 0 0 0 0 1 0 S4 1 1 1 1 1 0 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 0 0 1
Step Step
S1 1 0 0 0 0 0 1 1 1 1 0
S2 1 1 0 0 0 0 0 1 1 1 0 S2 1 1 0 0 0 0 0 1 1 1 0
LC 1 1 1 0 0 0 0 0 1 1 1 LC 1 1 1 0 0 0 0 0 1 1 0
S3 1 1 1 1 0 0 0 0 0 1 1 S3 1 1 1 1 0 0 0 0 0 1 0
S4 1 1 1 1 1 0 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 0 0 0
Step
S1 1 0 0 0 0 0 1 1 1 1 0
S2 1 1 0 0 0 0 0 1 1 1 0 S2 1 1 0 0 0 0 0 1 1 1 0
LC 1 1 1 0 0 0 0 0 1 1 0 LC 1 1 1 0 0 0 0 0 1 1 0
S3 1 1 1 1 0 0 0 0 0 1 1 S3 1 1 1 1 0 0 0 0 0 1 0
S4 1 1 1 1 1 0 0 0 0 0 1 S4 1 1 1 1 1 0 0 0 0 0 0
Step
0 1 2 3 4 5 6 7 8 9
0 1 2 3 4 5 6 7 8 9
0 1 2 3 4 5 6 7 8 9
9193H
S1 1 0 0 0 0 0 1 1 1 1 0
9194H
S1 1 0 0 0 0 0 1 1 1 1 0
Step
9195H
S1 1 0 0 0 0 0 1 1 1 1 1
Step
0 1 2 3 4 5 6 7 8 9
0 1 2 3 4 5 6 7 8 9
0 1 2 3 4 5 6 7 8 9
198
Chapter 1

Fault Code 9196H Description
S1 1 0 0 0 0 0 1 1 1 1 1 S2 1 1 0 0 0 0 0 1 1 1 1 LC 1 1 1 0 0 0 0 0 1 1 0 S3 1 1 1 1 0 0 0 0 0 1 0 S4 1 1 1 1 1 0 0 0 0 0 0
Step
Fault Code
Description
Fault Code
Description
0 1 2 3 4 5 6 7 8 9
An illegal muting sequence was detected when Sensor 1 or Sensor 4 transitioned to one of the following invalid sequence states. The first sensor blocked does not correspond to the value of the Direction input. 91A0H
S1 1 1 S2 1 1 LC 1 1 S3 S4 1 1 1 0
Step
91A1H
S1 1 0
S2 LC 1 1 1 1
S3 S4 1 1 1 1
Step
To recover from invalid sequence faults 9100H9196H, check the alignment of the sensors with regard to the material being moved and the system timing and then reset the fault. To recover from invalid sequence faults 91A0H and 91A1H, check the value of the Direction input parameter with respect to the movement of the material and reset the fault.
Fault Code 9000H 9010H 9011H 9012H 9013H Description The Light Curtain was muted for longer than the configured Maximum Mute Time. Too much time elapsed between Sensor 1 and Sensor 2 being blocked. Too much time elapsed between Sensor 2 and the Light Curtain being blocked. Too much time elapsed between the Light Curtain and Sensor 3 being cleared. Too much time elapsed between Sensor 3 and Sensor 4 being cleared. Corrective Action The Maximum Mute Time parameter may be set too short or there may be an anomaly with the sensors. The S1-S2 Time parameter may be set too short or there may be an anomaly with Sensor 2 (forward direction) or Sensor 1 (reverse direction). The S2-LC Time parameter may be set too short or there may be an anomaly with the Light Curtain (forward direction) or Sensor 2 (reverse direction). The LC-S3 Time parameter may be set too short or there may be an anomaly with Sensor 3 (forward direction) or the Light Curtain (reverse direction). The S3-S4 Time parameter may be set to short or there may be an anomaly with Sensor 4 (forward direction) or Sensor 3 (reverse direction).
199
Chapter 1
FSBM Diagnostic Codes

Table 74 - FSBM Diagnostic Codes and Corrective Actions
Diagnostic Code 00H 01H Description No fault. The Muting Lamp Status input is OFF (0). Corrective Action None. Check the muting lamp and replace it, if necessary. If a muting lamp is not required, set the Muting Lamp Status input to ON (1). Set the Reset input to OFF (0). Check the I/O module connection or the logic used to source input status.
05H 20H
FSBM Wiring and Programming Example

This example complies with ISO 13849-1 Category 4 operation. The standard control portion of the application is not shown. This wiring diagram shows how to wire a light curtain and four muting sensors to a 1791DS-IB12 module to illustrate the use of the Four-Sensor Bidirectional Muting instruction. The application includes a hold-to-run switch and a momentary push button for reset.
24V DC Muting Sensors Momentary Push Button (reset)
+ 24V DC
+ 24V DC OSSD 1 OSSD 2
0V DC Light Curtain
0V DC
Hold-to-run Key Switch
1 V
3 I0
4 I1
5 I2
6 I3
7 I4
8 I5
20 T1
19 T0
9 I6
10 I7
24 I11
DeviceNet
1791DS-IB12
G 11 T2 25
Module 1
T3 28
Muting Lamp
200
Chapter 1
The programming diagram in Figure 142 logically illustrates how the FourSensor Bidirectional Muting instruction is typically used with a DCI Stop (light curtain) and DCI Start (hold-to-run switch) instruction.
Equivalent - Active High TBD ms Automatic Automatic Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.CombinedStatus Module1:I.Pt11Data Muting Sensors Module1:I.Pt02Data Module1:I.Pt03Data Module1:I.Pt04Data Module1:I.Pt05Data See Note 2 Light Curtain DCS Input Type Output 1 Discrepancy Time Restart Type Coldstart Type Channel A Channel B Input Status Reset Fault Present
Manual TBD ms TBD ms TBD ms TBD ms TBD ms TBD ms See Note 1
FourSensorBiDirectionalMutingFunction FSBM Output 1 Restart Type See Note 3 Muting Lamp S1-S2 Time Module1:O.Test03Data Clear Area S2-LC Time Module1:O.Test02Data LC-S3 Time S3-S4 Time Maximum Mute Time Maximum Override Time Direction Light Curtain Sensor 1 Sensor 2 Sensor 3 Sensor 4 Enable Mute Override Input Status Muting Lamp Status Reset Fault Present
Equivalent - Active High TBD ms
DCSRT Input Type Discrepancy Time
HoldToRunKeySwitch Output 1 Test Command
Note 1:This is an internal Boolean tag representing the direction of travel. Its value is determined by other parts of the user application not shown in this example. If the direction is Forward (0) the sensors sequence will be S1, S2, LC, S3, S4. If the direction is Reverse (1), the sensor sequence will be S4, S3, LC, S2, S1. Note 2:This is an internal Boolean tag representing the non-hazardous portion of the machine cycle. Its value is determined by other parts of the user application not shown in this example. When the protected hazard is present, this tag value should be False (0). When the protected hazard is not190 present, this tag value should be True (1). When the value of this tag is True (1), the muting instruction allows the light curtain to become muted only if the proper input sequence is detected. When the value of this tag is False (0), the muting instruction does not allow the light curtain to become muted, even if the proper input sequence is detected. Note 3: This is an internal Boolean tag used by other parts of the user application not shown in this example.

201
Chapter 1

DCS Dual Channel Input Stop LightCurtain1 DCS LIGHT CURTAIN Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) AUTOMATIC Restart Type AUTOMATIC Cold Start Type Module1:I.Pt00Data Channel A 1 Module1:I.Pt01Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 DCSRT Dual Channel Input Start HoldToRunKeySwitch DCSRT USER DEFINED Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) ALWAYS_ENABLED Enable 1 Module1:I.Pt06Data Channel A 0 Module1:I.Pt07Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 FSBM Four Sensor Bi-Directional Muting FSBM FourSensorBiDirectionalMutingFunction MANUAL Restart Type 3000 S1-S2 Time (Msec) 3000 S2-LC Time (Msec) 3000 LC-S3 Time (Msec) 3000 S3-S4 Time (Msec) 20 Maximum Mute Time (Sec) 5 Maximum Override Time (Sec) SeeNote1 Direction 0 LightCurtain1.O1 Light Curtain 0 Module1:I.Pt02Data Sensor 1 0 Module1:I.Pt03Data Sensor 2 1 Module1:I.CombinedStatus Sensor 3 1 Module1:I.MutingStatus Sensor 4 1 SeeNote2 Enable Mute 0 HoldToRunKeySwitch.O1 Override 0 Module1:I.CombinedStatus Input Status 1 Module1:I.MutingStatus Muting Lamp Status 1 Module1:I.Pt11Data Reset 0 FourSensorBiDirectionalMutingFunction.ML FourSensorBiDirectionalMutingFunction.CA
O1 FP
O1 FP
O1 ML CA FP
202
Chapter 1
RSLogix 5000 software is used to configure the input and output parameters of the Guard I/O module, as illustrated. When defining the module, setting the Input Status to Combined Status-Muting provides the smallest input packet possible and lets the muting lamp status be monitored. Choosing Test for Output Data lets safety logic control Test Output 3 to drive the Muting Lamp and Test Output 2 to drive the Clear Area Lamp.
203
Chapter 1
204
Chapter
Metal Form Instructions
Topic Clutch Brake Inch Mode (CBIM) Clutch Brake Single Stroke Mode (CBSSM) Clutch Brake Continuous Mode (CBCM) Crankshaft Position Monitor (CPM) Camshaft Monitor (CSM) Clutch Brake Wiring and Programming Example Eight-position Mode Selector (EPMS) Auxiliary Valve Control (AVC) Main Valve Control (MVC) Maintenance Manual Valve Control (MMVC)
Page 206 215 224 238 246 259 267 276 289 298
205
Chapter 2
Clutch Brake Inch Mode (CBIM)
The Clutch Brake Inch Mode instruction is used in press applications where minor slide adjustments are required, for example, during press set up. During inch-mode operation, the flywheel is driven at a very low speed by either the main motor or another drive mechanism. WARNING: Per Section 5.4.1.3 of EN692-2005: In the event of an intervention of a safety system (interlocking guard, ESPE using the AOPD), separate manual reset functions are required to restore the normal intended operation. Reset controls shall be within viewing distance of the danger zone, but out of reach from the danger zone. The reset functions shall fulfill at least a single system with monitoring (S & M). Do not use automatic acknowledgement when access within the danger zone can go undetected. This instruction, configured for automatic acknowledgment, must be used in combination with other instructions, at least one of which must fulfill the manual reset requirement.
ATTENTION: This instruction is specified with the intent that the Slide Zone input is sourced only by the Slide Zone output of the Crankshaft Position Monitor (CPM) instruction or application logic that satisfies the Slide Zone requirements listed in Table 76 on page 208. This instruction is specified with the intent that the Enable input is sourced only by an Ox output(1) of the Eight Position Mode Selector (EPMS) instruction that is not already sourcing the Enable input of another Clutch Brake Inch Mode (CBIM), Clutch Brake Single Stroke Mode (CBSSM), or Clutch Brake Continuous Mode (CBCM) instruction.
(1) Where x = 18.
206
Chapter 2
WARNING: Per Section 5.5.2 of EN692-2005; facilities shall be provided to allow the movement of the slide during tool-setting, maintenance and lubrication to be carried out with guards and protective devices in position and operational (see 5.3.2). Where this is not practicable, at least one of the following facilities shall be provided:
a. Rotation of the crankshaft by hand, with power isolated b. Slow speed (equal or less than 10 mm/s) and hold-to-run control device c. Two-hand control device in accordance with 5.5.9 and arranged so that it cannot be used for production, for example, when the cycle stops at least three times during one revolution of the crankshaft d. Using the inching device
The Inch Time parameter can be configured to fulfill the requirements of stopping three times during a press cycle as specified in 5.5.2 c of EN692-2005.
CBIM Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect. The following table provides the parameters used to configure the instruction. These parameters cannot be changed at runtime.
Table 75 - CBIM Configuration Parameters
Parameter Ack Type Data Type List Description This parameter specifies how to acknowledge a Safety Enable OFF (0) to ON (1) transition. This acknowledgment must be made before Output 1 can be energized. Automatic Manual Inch Time Integer The acknowledgement is made automatically when the Safety Enable input transitions from OFF (0) to ON (1). The acknowledgment is made when Safety Enable Ack transitions from OFF (0) to ON (1) after the Safety Enable input transitions from OFF (0) to ON (1).
This parameter selects the amount of time Output 1 is allowed to remain energized while the Start input is ON (1). Output 1 is de-energized when the Start input transitions from ON (1) to OFF (0) while the timer is timing. The valid range is 05000 ms. A value of 0 disables the timer.
207
Chapter 2

Table 76 - CBIM Inputs
Parameter Enable Data Type Boolean Description This input is the signal to activate this instruction; for example, by an Eight Position Mode Selector (EPMS) Ox output, where x = 18. ON (1): The instruction is selected and operational. OFF (0): The instruction is not operating. All instruction outputs are de-energized. Safety Enable Boolean This input represents the status of safety-related permissive devices such as E-stops, light curtains, or safety gates. ON (1): Permissive devices are actively guarding the danger zone. Permits the energizing of Output 1. OFF (0): Permissive devices are in a state that doesnt allow Output 1 to be energized. Standard Enable Boolean Indicates the state of non safety-related permissive devices. ON (1): Permits the energizing of Output 1. OFF (0): Prevents the energizing of Output 1. This parameter is not safety-related. Start Boolean Input to start press movement. ON (1): Energize Output 1 if all input conditions have been met. OFF (0): Output 1 is de-energized. Press In Motion Boolean This input is typically sourced by Output 1 of the Camshaft Monitor (CSM) instruction or by user application logic. Feedback from the press safety valve needs to be included in the building of this signal. ON (1): Indicates that the press is moving. OFF (0): Indicates that the press is stopped. Slide Zone Integer This input represents the position of the slide and the position information status. It is sourced by the Crankshaft Position Monitor (CPM) instruction's Slide Zone output or user application logic that provides the following bit-mapped information. Bit 0: Status OFF (0) - The Slide Zone information is invalid. Prevents the energizing of Output 1 on an initial start or immediately stops the press. ON (1) - Slide Zone information is valid. Bits 1 and 2: Slide Zone The following table lists how Bits 02 are used to represent the valid slide zones. Bit 2 0 0 1 Bits 331: Unused; Set to 0. Motion Monitor Fault Boolean Stops the press immediately when a press motion problem has been detected. This input is sourced by the Fault Present output of the Camshaft Monitor (CSM) instruction or application logic that performs motion diagnostics. ON (1): Indicates that press motion is valid. Permits Output 1 to be energized. OFF (0): Indicates that a press motion problem exists. Prevents Output 1 from being energized or immediately de-energizes Output 1. Safety Enable Ack Boolean This input is required when the configured Ack Type is Manual. OFF (0)->ON (1): Acknowledges that the Safety Enable input has transitioned from OFF (0) to ON (1). Bit 1 0 1 0 Bit 0 1 1 1 Slide Zone Down Up Top Decimal Value 1 3 5
208
Chapter 2

Table 77 - CBIM Outputs
Parameter Output 1 (O1) Data Type Boolean Description Output used to source the Actuate input of the Main Valve Control instruction. ON (1): The output is energized. OFF (0): The output is de-energized. See CBIM Energizing Output 1 on page 209 and CBIM De-energizing Output 1 on page 211 for details. Diagnostic Code Integer This output indicates the diagnostic status of the instruction. See Table 78 on page 213 for a list of diagnostic codes. This parameter is not safety-related.
IMPORTANT
CBIM Energizing Output 1

Output 1 is energized only when the Start input transitions from OFF (0) to ON (1) and all of these conditions are met: The Enable input is ON (1). The Safety Enable input has been acknowledged. The Standard Enable input is ON (1). The Motion Monitor Fault input is ON (1). The Press In Motion input is OFF (0). The Safety Enable Ack input is OFF (0). If the Ack Type is Manual, an acknowledgement of the Safety Enable input is required when the Enable input transitions from OFF (0) to ON (1) and before the Start input turns ON (0). WARNING: When the configured Ack Type is Automatic, Output 1 is energized when the Safety Enable, Standard Enable, Press In Motion, and Motion Monitor Fault inputs return to the active or valid state at the same time the Start input transitions from OFF (0) to ON (1). ATTENTION: The cam switches that determine slide position are monitored by the CPM instruction. This instruction uses the Slide Zone output of the CPM instruction as a representation of the cam switches that determine slide position.
IMPORTANT
209
Chapter 2
The timing diagram in Figure 147 demonstrates the acknowledgement of the Safety Enable input, at (A). Output 1 is energized when the Start input transitions from OFF (0) to ON (1) at (B) and all input conditions have been met. The safety enable acknowledgment only needs to be made once while the Safety Enable input is ON (1) when the configured Ack Type is Manual.
Figure 147 - Energizing Output 1 Timing Diagram
1
Enable
0
Safety Enable
1 0
Standard Enable
1 0
Start
1 0
1 Press In Motion 0 1
Motion Monitor Fault

0
Slide Zone
Any Zone
Safety Enable Ack
1 0
Output 1
1 0 A B
210
Chapter 2
CBIM De-energizing Output 1

Once energized, Output 1 is de-energized when one or more of the following occurs: The Enable input transitions from ON (1) to OFF (0). The Start input transitions from ON (1) to OFF (0). The Safety Enable input transitions from ON (1) to OFF (0). The Standard Enable input transitions from ON (1) to OFF (0). The slide moves to the Top zone. The Inch timer expires. The Monitor Motion Fault input transitions from ON (1) to OFF (0). The Press In Motion input is not checked to de-energize Output 1. It is only checked to energize Output 1. Figure 148 on page 212 demonstrates the de-energizing of Output 1 when the Safety Enable input transitions from ON (1) to OFF (0) at (A). An acknowledgement of the Safety Enable input is required when the Safety Enable input transitions from OFF (0) to ON (1) at (B) before Output 1 can be reenergized.
211
Chapter 2
Figure 148 - De-energizing Output 1 Timing Diagram

1
Enable
0 1
Safety Enable
0
Standard Enable
1 0 1
Start
0 1
Press In Motion
0 1
0
Slide Zone
Any Zone
1
Safety Enable Ack
0 1
Output 1
0 A B
CBIM False Rung State Behavior

212
Chapter 2
CBIM Diagnostic Codes

Diagnostics 2001H2009H are detected when attempting to start press movement by energizing Output 1. Diagnostics 2021H202AH are used to diagnose the reason for stopping press movement by de-energizing Output 1.
Table 78 - CBIM Diagnostic Codes and Corrective Actions
Diagnostic Code 0000H 2000H 2001H Description No fault. Not used by this instruction. Output 1 failed to energize when the Start input turned ON (1) due to the Press In Motion input being ON (1). Wait for the press to come to a complete stop before initiating press movement. Verify that the device monitoring press movement is working correctly. Verify that only one mode of operation is selected. This diagnostic is cleared when the Press In Motion input turns OFF (0). Verify that the active opto-electronic protective devices (AOPDs) and electro-sensitive protective equipment (ESPEs) used to source the Safety Enable input are protecting their respective areas. Then, to clear the diagnostic for manual Ack Types, acknowledge the Safety Enable input by turning the Safety Enable Ack input ON (1). For automatic Ack Types, this diagnostic is cleared when the Safety Enable input turns ON (1). Verify that the devices used to source the Standard Enable input are functioning properly. This diagnostic is cleared when the Standard Enable input is ON (1). Check the Camshaft Monitor (CSM) instruction or the application logic used to monitor press movement. This diagnostic is cleared when the motion monitor functions are properly monitoring motion and the Motion Monitor Fault input is ON (1). Turn the Safety Enable Ack input OFF (0). This diagnostic is cleared when the Safety Enable Ack input turns OFF (0). Check the Camshaft Monitor (CSM) instruction or the application logic used to monitor press movement. This diagnostic is cleared at the next attempt to begin press movement. Corrective Action None.
2002H
Output 1 failed to energize when the Start input turned ON (1) prior to the acknowledgement of the Safety Enable input.
2003H
Output 1 failed to energize when the Start input turned ON (1) due to the Standard Enable input being OFF (0). Output 1 failed to energize when the Start input turned ON (1) due to the Motion Monitor Fault input being OFF (0).
2008H
2009H
Manual Ack Type Output 1 failed to energize when the Start input turned ON (1) due to the Safety Enable Ack input being ON (1). Automatic Ack Type N/A
2021H
Output 1 is de-energized due to the Motion Monitor Fault input turning OFF (0).
2022H 2023H
Not used by this instruction. Output 1 is de-energized due to the Safety Enable input turning OFF (0). Verify that the AOPDs and ESPEs used to source the Safety Enable input are protecting their respective areas. This diagnostic is cleared at the next attempt to begin press movement. Verify that the devices and application logic used to source the Standard Enable input are functioning properly. This diagnostic is cleared at the next attempt to begin press movement. Output 1 is de-energized when the Start input turns OFF (0) regardless of slide zone. This diagnostic is cleared at the next attempt to begin press movement.
2024H
Output 1 is de-energized due to the Standard Enable input turning OFF (0).
2025H
Output 1 is de-energized due to the Start input turning OFF (0).
213
Chapter 2
Table 78 - CBIM Diagnostic Codes and Corrective Actions

Diagnostic Code 2026H Description Output 1 is de-energized because the Inch Mode timer timed out. Corrective Action Output 1 is always de-energized when Inch Mode timer times out. Verify that the Inch Time parameter value is correct for your application. This diagnostic is cleared at the next attempt to begin press movement.
2027H 2028H 2029H 202AH Output 1 is de-energized due to the slide entering the Top zone. Output 1 is always de-energized when the slide enters the Top zone. This diagnostic is cleared at the next attempt to begin press movement. Not used by this instruction.
214
Chapter 2
Clutch Brake Single Stroke Mode (CBSSM)
The Clutch Brake Single Stroke Mode instruction is used in single-cycle press applications. WARNING: Per Section 5.4.1.3 of EN692-2005: In the event of an intervention of a safety system (interlocking guard, ESPE using the AOPD), separate manual reset functions are required to restore the normal intended operation. Reset controls shall be within viewing distance of the danger zone, but out of reach from the danger zone. The reset functions shall fulfill at least a single system with monitoring (S & M). Do not use automatic acknowledgement when access within the danger zone can go undetected. This instruction, configured for automatic acknowledgment, must be used in combination with other instructions, at least one of which must fulfill the manual reset requirement.
(1) Where x = 18.
215
Chapter 2
CBSSM Instruction Parameters

Table 79 - CBSSM Configuration Parameters
Parameter Ack Type Data Type List Description This parameter specifies how to acknowledge a Safety Enable OFF (0) to ON (1) transition. This acknowledgment must be made before Output 1 can be energized. Automatic Manual Takeover Mode List The acknowledgement is made automatically when the Safety Enable input transitions from OFF (0) to ON (1). The acknowledgment is made when Safety Enable Ack transitions from OFF (0) to ON (1) after the Safety Enable input transitions from OFF (0) to ON (1).
This parameter determines where the press is stopped when the Safety Enable and/or Start input transitions from ON (1)to OFF (0) while the slide is in the Up zone. IMPORTANT: When using this instruction with Takeover Mode Enabled, safety devices that are continuously active, such as E-stops, must directly drive the Enable parameter of the CBSSM instruction. The application developer is responsible for determining the safety devices that are not continuously active, such as certain light curtains, two-hand run stations, and others, which may be used to drive the Safety Enable parameter and can be muted during press upstoke. Enabled Disable The press is stopped when the slide enters the Top zone. The press is stopped immediately.

Table 80 - CBSSM Inputs
Parameter Enable Data Type Boolean Description This input is the signal to activate this instruction; for example, by an Eight Position Mode Selector (EPMS) Ox output, where x = 18. ON (1): The instruction is selected and operational. OFF (0): The instruction is not operating. All instruction outputs are de-energized. Safety Enable Boolean This input represents the status of safety-related permissive devices such as E-stops, light curtains or safety gates. ON (1): Permissive devices are actively guarding the danger zone. Permits the energizing of Output 1. OFF (0): Permissive devices are in a state that doesnt allow Output 1 to be energized. Standard Enable Boolean Indicates the state of non safety-related permissive devices. ON (1): Permits the energizing of Output 1. OFF (0): Prevents the energizing of Output 1. This parameter is not safety-related. Start Boolean Input to start press movement. ON (1): Energize Output 1 if all input conditions have been met. OFF (0): Output 1 is de-energized. Press In Motion Boolean This input is typically sourced by Output 1 of the Camshaft Monitor (CSM) instruction or by user application logic. Feedback from the press safety valve needs to be included in the building of this signal. ON (1): Indicates that the press is moving. OFF (0): Indicates that the press is stopped.
216
Chapter 2
Table 80 - CBSSM Inputs

Parameter Slide Zone Data Type Integer Description This input represents the position of the slide and the position information status. It is sourced by the Crankshaft Position Monitor (CPM) instruction's Slide Zone output or user application logic that provides the following bit-mapped information. Bit 0: Status OFF (0) - The Slide Zone information is invalid. Prevents the energizing of Output 1 on an initial start or immediately stops the press. ON (1) - Slide Zone information is valid. Bits 1 and 2: Slide Zone The following table lists how Bits 02 are used to represent the valid slide zones. Bit 2 0 0 1 Bits 331: Unused; Set to 0. Motion Monitor Fault Boolean Stops the press immediately when a press motion problem has been detected. This input is sourced by the Fault Present output of the Camshaft Monitor (CSM) instruction or application logic that performs motion diagnostics. ON (1): Indicates that press motion is valid. Permits Output 1 to be energized. OFF (0): Indicates that a press motion problem exists. Prevents Output 1 from being energized or immediately de-energizes Output 1. Safety Enable Ack Boolean This input is required when the configured Ack Type is Manual. OFF (0)->ON (1): Acknowledges that the Safety Enable input has transitioned from OFF (0) to ON (1). Bit 1 0 1 0 Bit 0 1 1 1 Slide Zone Down Up Top Decimal Value 1 3 5

Table 81 - CBSSM Outputs
Parameter Output 1 (O1) Data Type Boolean Description Output used to source the Actuate input of the Main Valve Control (MVC) instruction. ON (1): The output is energized. OFF (0): The output is de-energized. See CBSSM Energizing Output 1 and CBSSM De-energizing Output 1 on page 220 for details. Diagnostic Code Integer See Table on page 221. This parameter is not safety-related.
IMPORTANT
217
Chapter 2
CBSSM Energizing Output 1

Output 1 is energized only when the Start input transitions from OFF (0) to ON (1) and all of these conditions are met: The Enable input is ON (1). The Safety Enable input has been acknowledged. The Standard Enable input is ON (1). The Slide Zone input represents the Top zone. The Motion Monitor Fault input is ON (1). The Press In Motion input is OFF (0). The Safety Enable Ack input is OFF (0). IMPORTANT If the Ack Type is Manual, an acknowledgement of the Safety Enable input is required when the Enable input transitions from OFF (0) to ON (1) and before the Start input turns ON (0). WARNING: When the configured Ack Type is Automatic, Output 1 is energized when the Safety Enable, Standard Enable, Press In Motion, and Motion Monitor Fault inputs return to the active or valid state at the same time the Start input transitions from OFF (0) to ON (1). ATTENTION: Output 1 can be re-energized when the Slide Zone input is Down, providing that Output 1 had been initially energized when the Slide Zone input was Top, and Output 1 was de-energized because the Start input turned OFF (0). Any other reason for Output 1 being de-energized requires that the slide be inched back to the Top position. ATTENTION: The cam switches that determine slide position are monitored by the CPM instruction. This instruction uses the Slide Zone output of the CPM instruction as a representation of the cam switches that determine slide position.
218
Chapter 2
Figure 149 illustrates the acknowledgement of the Safety Enable input (A) and the energizing of Output 1 when the Start input transitions from OFF (0) to ON (1) at (B) and all input conditions are met. The Safety Enable acknowledgement needs to be made only once while the Safety Enable input is ON (1) and the configured Ack Type is Manual.
Figure 149 - Energizing Output 1 Timing Diagram
Enable
1 0
Safety Enable
1 0
Standard Enable
1 0 1
Start
0 1 0
Press In Motion
1 0
Slide Zone
Safety Enable Ack

0 1
Output 1
0 A B
Zone: T = Top D = Down U = Up
219
Chapter 2
CBSSM De-energizing Output 1

Once energized, Output 1 is de-energized when one or more of the following occurs: The Enable input transitions from ON (1) to OFF (0). The Start input transitions from ON (1) to OFF (0). When this transition occurs while the slide is in the Up zone and the Takeover Mode is Enabled, Output 1 is de-energized when the slide enters the Top zone. Otherwise, when the Takeover Mode is Disabled, Output 1 is de-energized immediately. Output 1 is also de-energized immediately when this transition occurs while the slide is in the Top or Down zones. The Safety Enable input transitions from ON (1) to OFF (0). When this transition occurs while the slide is in the Up zone and Takeover Mode is enabled, Output 1 is de-energized when the slide enters the Top zone. Otherwise, when the Takeover Mode is disabled, Output 1 is deenergized immediately. Output 1 is also de-energized immediately when this transition occurs while the slide is in the Top or Down zones. The Standard Enable input transitions from ON (1) to OFF (0). When this transition occurs while the slide is in the Up zone, Output 1 is de-energized when the slide enters the Top zone. Otherwise, Output 1 is de-energized immediately. The Slide Zone input value becomes invalid. The slide transitions to the Top zone. The Monitor Motion Fault input transitions from ON (1) to OFF (0). The direction of the press appears to be running in reverse. The Press In Motion input is OFF (0) when the slide transitions from Top to Down. The Press in Motion input transitions from ON (1) to OFF (0).
220
Chapter 2
Figure 150 shows the de-energizing of Output 1 when the Safety Enable input transitions from ON (1) to OFF (0) at (A). An acknowledgement of the Safety Enable input is required when the Safety Enable input transitions from OFF (0) to ON (1) at (B) before Output 1 can be re-energized.
Figure 150 - De-energizing Output 1
1 0
Enable
Safety Enable
1 0
Standard Enable
1 0 1
Start
0 1 0
Press In Motion
1 0
Slide Zone
Safety Enable Ack
1 0 1
Output 1
0 A B
CBSSM False Rung State Behavior

CBSSM Diagnostic Codes

Diagnostics 2000H200AH are detected when attempting to start press movement by energizing Output 1. Diagnostics 2020H202D are used to diagnose the reason for stopping press movement by de-energizing Output 1.
Chapter 2
Table 82 - CBSSM Diagnostic Codes and Corrective Actions

Diagnostic Code 0000H 2000H Description No fault. Output 1 failed to energized when the Start input turned ON (1), due to an invalid Slide Zone input value. Output 1 failed to energize when the Start input turned ON (1) due to the Press In Motion input being ON (1). Corrective Action None. Check the Crankshaft Position Monitor (CPM) instruction or the application logic used to source this input. This diagnostic is cleared when a valid Slide Zone is established. Wait for the press to come to a complete stop before initiating press movement. Verify that the device monitoring press movement is working correctly. Verify that only one mode of operation is selected. This diagnostic is cleared when the Press In Motion input turns OFF (0). Verify that the active opto-electronic protective devices (AOPDs) and electro-sensitive protective equipment (ESPEs) used to source the Safety Enable input are protecting their respective areas. Then, to clear the diagnostic for manual Ack Types, acknowledge the Safety Enable input by turning the Safety Enable Ack input ON (1). For automatic Ack Types, this diagnostic is cleared when the Safety Enable input turns ON (1). Verify that the devices used to source the Standard Enable input are functioning properly. This diagnostic is cleared when the Standard Enable input is ON (1). Check the Camshaft Monitor (CSM) instruction or the application logic used to monitor press movement. This diagnostic is cleared when the motion monitor functions are properly monitoring motion and the Motion Monitor Fault input is ON (1). Turn the Safety Enable Ack input OFF (0). This diagnostic is cleared when the Safety Enable Ack input turns OFF (0). The slide must be in the Top zone to initiate press movement. This diagnostic is cleared when the slide is inched back to the Top zone. Check the Crankshaft Position Monitor (CPM) instruction or the application logic used to source this input. This diagnostic is cleared at the next attempt to begin press movement. Check the Camshaft Monitor (CSM) instruction or the application logic used to monitor press movement. This diagnostic is cleared at the next attempt to begin press movement. Verify the direction of the press. This diagnostic is cleared at the next attempt to begin press movement. Verify that the AOPDs and ESPEs used to source the Safety Enable input are protecting their respective areas. This diagnostic is cleared at the next attempt to begin press movement. Verify that the devices and application logic used to source the Standard Enable input are functioning properly. This diagnostic is cleared at the next attempt to begin press movement.
2001H
2002H
Output 1 failed to energize when the Start input turned ON (1) prior to the acknowledgement of the Safety Enable input.
2003H
Output 1 failed to energize when the Start input turned ON (1) due to the Standard Enable input being OFF (0). Output 1 failed to energize when the Start input turned ON (1) due to the Motion Monitor Fault input being OFF (0).
2008H
2009H
Manual Ack Type Output 1 failed to energize when the Start input turned ON (1) due to the Safety Enable Ack input being ON (1). Automatic Ack Type N/A
200AH
Output 1 failed to energize when the Start input turned ON (1) due to the slide being in the Up or Down zone.
2020H
Output 1 is de-energized due to the Slide Zone input value becoming invalid.
2021H
2022H
Output 1 is de-energized due to the detection of press movement in the reverse direction.
2023H
Output 1 is de-energized due to the Safety Enable input turning OFF (0) while the slide was in the Top or Down zone.
2024H
Output 1 is de-energized due to the Standard Enable input turning OFF (0) while the slice was in the Top or Down zones.
222
Chapter 2
Table 82 - CBSSM Diagnostic Codes and Corrective Actions

Diagnostic Code 2025H Description Output 1 is de-energized due to the Start input turning OFF (0) while the slide was in the Top or Down zones. Corrective Action Output 1 is always de-energized when the Start input turns OFF (0) while the slide is in the Top or Down zones. This diagnostic is cleared at the next attempt to begin press movement.
2026H 2027H
Not used by this instruction. Output 1 is de-energized immediately when the Safety Enable input turned OFF (0) while the slide was in the Up zone and the Takeover Mode is Disabled. Verify that the AOPDs and ESPEs used to source the Safety Enable input are protecting their respective areas. This diagnostic is cleared at the next attempt to begin press movement. Verify that the devices and application logic used to source the Standard enable input are functioning properly. This diagnostic is cleared at the next attempt to begin press movement. This diagnostic is cleared at the next attempt to begin press movement. Output 1 is always de-energized when the slide enters the Top zone. This diagnostic is cleared at the next attempt to begin press movement. Check the Camshaft Monitor (CSM) instruction or the application logic used to monitor press movement. This diagnostic is cleared at the next attempt to begin press movement. Verify that the AOPDs and ESPEs used to source the Safety Enable input are protecting their respective areas. This diagnostic is cleared at the next attempt to begin press movement. This diagnostic is cleared at the next attempt to begin press movement.
2028H
Output 1 is de-energized when the slide entered the Top zone due to the Standard Enable input turning OFF (0) while the slide was in the Up zone.
2029H 202AH
Output 1 is de-energized immediately when the Start input turned OFF (0) while the slide was in the Up zone and the Takeover Mode is Disabled. Output 1 is de-energized due to the slide entering the Top zone.
202BH
Output 1 is de-energized due to the Press In Motion input remaining OFF (0) when the slide entered the Down zone or the Press In Motion input transitioned from ON (1) to OFF (0).
202CH
Output 1 is de-energized when the slide entered the Top zone and the Safety Enable input turned OFF (0) while the slide was in the Up zone, when the Takeover Mode is Enabled.
202DH
Output 1 is de-energized when the slide entered the Top zone and the Start input turned OFF (0) while the slide was in the Up zone when the Takeover Mode is Enabled.
223
Chapter 2
Clutch Brake Continuous Mode (CBCM)
The Clutch Brake Continuous Mode instruction is used in press applications where continuous operation is desired. WARNING: Per Section 5.4.1.3 of EN692-2005: In the event of an intervention of a safety system (interlocking guard, ESPE using the AOPD), separate manual reset functions are required to restore the normal intended operation. Reset controls shall be within viewing distance of the danger zone, but out of reach from the danger zone. The reset functions shall fulfill at least a single system with monitoring (S & M). Do not use automatic acknowledgement when access within the danger zone can go undetected. This instruction, configured for automatic acknowledgment, must be used in combination with other instructions, at least one of which must fulfill the manual reset requirement.
(1) Where x = 18.
224
Chapter 2
The Mode parameter specifies how continuous operation is attained. An arming sequence is required for these modes: Immediate with Arming, Half Stroke with Arming, or Stroke-and-a-Half with Arming. The arming sequence requires that the Start input transitions from OFF (0) to ON (1) within five seconds of the Arm Continuous input transitioning from OFF (0) to ON (1). When the arming sequence requirements have been satisfied and the Start input has remained ON (1) as specified by the configured Mode, the press begins to operates continuously. An arming sequence is not required with Immediate mode configurations. In Immediate mode, the press begins to operate continuously when the Start input transitions from OFF (0) to ON (1).
CBCM Instruction Parameters

Table 83 - CBCM Configuration Parameters
Parameter Ack Type Data Type List Description Defines how instruction acknowledgement operates. Automatic Manual Mode List Acknowledgement is made automatically when the Safety Enable input transitions from OFF (0) to ON (1). Acknowledgment is made when Safety Enable Ack transitions from OFF (0) to ON (1) and the Safety Enable input is ON (1).
This parameter configures the different continuous modes of operation. Immediate Immediate with Arming Half Stroke with Arming Stroke-and-a-Half with Arming The press begins to operate continuously when the Start input transitions from OFF (0) to ON (1). After completion of the arming sequence the continuous mode is entered immediately. After completion of the arming sequence the Start input signal must remain ON (1) until the first upstroke zone is reached. After completion of the arming sequence, the Start input signal must remain ON (1) until the slide completes a full rotation and the second upstroke zone is reached.
Takeover Mode
List
This parameter determines when the stop occurs if the Safety Enable input transitions from ON (1) to OFF (0) while the slide is in the Up zone. Enabled Disabled The press is stopped when the slide enters the Top zone. The press is stopped immediately.
225
Chapter 2

Table 84 - CBCM Inputs
Parameter Enable Data Type Boolean Description This input is the signal to activate this instruction; for example, by an Eight Position Mode Selector (EPMS) Ox output, where x = 18. ON (1): The instruction is selected and operational. OFF (0): The instruction is not operating. All instruction outputs are de-energized. Safety Enable Boolean This input represents the status of safety-related permissive devices such as E-stops, light curtains or safety gates. ON (1): Permissive devices are actively guarding the danger zone. Permits the energizing of Output 1. OFF (0): Permissive devices are in a state that doesnt allow Output 1 to be energized. Standard Enable Boolean Indicates the state of non safety-related permissive devices. ON (1): Permits the energizing of Output 1. OFF (0): Prevents the energizing of Output 1. This parameter is not safety-related. Arm Continuous Boolean Enables arming for the Immediate with Arming, Half Stroke with Arming, and Stroke-and-a-half with Arming modes only. ON (1): Enables arming. The arming sequence ends when the Start input transitions from OFF (0) to ON (1) within 5 seconds. Start Boolean Input to start press movement. ON (1): Energize Output 1 if all input conditions have been met. OFF (0): Output 1 remains energized based on the configured continuous mode. Output 1 is de-energized if the continuous mode requirements are not met. See Mode parameter on page 225 for more information. Stop At Top Boolean This input is the request to stop press movement when the Top zone is reached. OFF (0): Prevents the energizing of Output 1. De-energize Output 1 the next time the slide enters the Top zone Press In Motion Boolean This input is typically sourced by Output 1 of the Camshaft Monitor (CSM) instruction or by user application logic. Feedback from the press safety valve needs to be included in the building of this signal. ON (1): Indicates that the press is moving. OFF (0): Indicates that the press is stopped. Slide Zone Integer This input represents the position of the slide and the position information status. It is sourced by the Crankshaft Position Monitor (CPM) instruction's Slide Zone output or user application logic that provides the following bit-mapped information. Bit 0: Status OFF (0) - The Slide Zone information is invalid. Prevents the energizing of Output 1 on an initial start or immediately stops the press. ON (1) - Slide Zone information is valid. Bits 1 and 2: Slide Zone The following table lists how Bits 02 are used to represent the valid slide zones. Bit 2 0 0 1 Bits 331: Unused; Set to 0. Motion Monitor Fault Boolean Stops the press immediately when a press motion problem has been detected. This input is sourced by the Fault Present output of the Camshaft Monitor (CSM) instruction or application logic that performs motion diagnostics. ON (1): Indicates that press motion is valid. Permits Output 1 to be energized. OFF (0): Indicates that a press motion problem exists. Prevents Output 1 from being energized or immediately de-energizes Output 1. Safety Enable Ack Boolean This input is required when the configured Ack Type is Manual. OFF (0)->ON (1): Acknowledges that the Safety Enable input has transitioned from OFF (0) to ON (1). Bit 1 0 1 0 Bit 0 1 1 1 Slide Zone Down Up Top Decimal Value 1 3 5
226
Chapter 2

Table 85 - CBCM Outputs
Parameter Output 1 (O1) Data Type Boolean Description Output used to source the Actuate input of the Main Valve Control (MVC) instruction. ON (1): The output is energized. OFF (0): The output is de-energized. See CBCM Energizing Output 1 on page 228 and CBCM De-energizing Output 1 on page 233. Continuous Armed (CA) Boolean This output is used when the instruction is configured for Immediate with Arming, Half Stroke with Arming and Stroke-and-a-half with Arming modes. ON (1): The arming sequence is in progress. OFF (0): Waiting to be armed. This parameter is not safety-related. Diagnostic Code Integer See CBCM Diagnostic Codes on page 235. This parameter is not safety-related.
IMPORTANT
227
Chapter 2
CBCM Energizing Output 1

Output 1 is energized when the Start input transitions from OFF (0) to ON (1) and all of these conditions are met: The arming sequence, if configured, is complete. The Enable input is ON (1). The Safety Enable input has been acknowledged. The Standard Enable input is ON (1). The Slide Zone input represents the Top zone. The Motion Monitor Fault input is ON (1). The Press In Motion input is OFF (0). The Safety Enable Ack input is OFF (0). The Stop At Top input is ON (1). IMPORTANT If the Ack Type is Manual, an acknowledgement of the Safety Enable input is required when the Enable input transitions from OFF (0) to ON (1) and before the Start or Arm Continuous input turns ON (0). WARNING: When the configured Mode is Immediate and the Ack Type is Automatic, Output 1 energizes when the Safety Enable, Standard Enable, Slide Zone, Press In Motion, and Motion Monitor Fault inputs return to the active, or valid state at the same time the Start input transitions from OFF (0) to ON (1). ATTENTION: When the configured Mode is Immediate with Arming, Half Stroke with Arming, or Stroke-and-a-half with Arming and the Ack Type is Automatic, the five-second arming time starts when the Safety Enable, Standard Enable, Slide Zone, Press In Motion, and Monitor Motion Fault inputs return to the ON (1), active, or valid state at the same time the Arm Continuous input transitions from OFF (0) to ON (1). ATTENTION: The cam switches that determine slide position are monitored by the CPM instruction. This instruction uses the Slide Zone output of the CPM instruction as a representation of the cam switches that determine slide position.
228
Chapter 2
CBCM Immediate Mode

The timing diagram in Figure 151 shows the acknowledgement of the Safety Enable input, at (A), and the energizing of Output 1 when the Mode is configured as Immediate. Output 1 is energized when the Start input transitions from OFF (0) to ON (1) at (B) and all input conditions are being met. Output 1 remains energized when the Start input turns OFF (0) at (C).
Figure 151 - Immediate Mode Timing Diagram
1
Enable
0 1 0
Safety Enable
Standard Enable
1 0 1
Arm Continuous
0 1 0 1
Start
Stop At Top
0 1 0
Press In Motion
Slide Zone
1 0 1
Safety Enable Ack

0 1 0 1
Output 1
Continuous Armed
0
Zone: T = Top D = Down
B C
229
Chapter 2
CBCM Immediate with Arming Mode

Figure 152 shows the acknowledgement of the Safety Enable input, at (A), and the energizing of Output 1 when the Mode is configured as Immediate with Arming. The five-second arming timer starts when the Arm Continuous input transitions from OFF (0) to ON (1) at (B) and all input conditions are being met. Within five seconds, Output 1 is energized when the Start input transitions from OFF (0) to ON (1) at (C) and all input conditions are being met. Output 1 remains energized when the Start input turns OFF (0) at (D).
Figure 152 - Immediate with Arming Mode Timing Diagram
Enable
1 0
Safety Enable
1 0
Standard Enable
1 0
Arm Continuous
1 0
Start
1 0
Stop At Top
1 0
Press In Motion
1 0
Slide Zone
1 0 1
Safety Enable Ack

0 1 0
Output 1
Continuous Armed Zone: T = Top D = Down
1 0 A B C D
230
Chapter 2
CBCM Half Stroke with Arming Mode

Figure 153 shows the acknowledgement of the Safety Enable input, at (A), and the energizing of Output 1 when the Mode is configured as Half Stroke with Arming. The five-second arming timer starts when the Arm Continuous input transitions from OFF (0) to ON (1) at (B) and all input conditions are being met. Within five seconds, Output 1 is energized when the Start input transitions from OFF (0) to ON (1) at (C) and all input conditions are being met. Output 1 remains energized when the Start input turns OFF (0) after the slide has transitioned a half-stroke at (D).
Figure 153 - Half Stroke with Arming Mode Timing Diagram
Enable
1 0
Safety Enable
1 0
Standard Enable
1 0
Arm Continuous
1 0
Start
1 0
Stop At Top
1 0
Press In Motion
1 0
Slide Zone
T 1 0
Safety Enable Ack
1 0
Output 1
1 0
Continuous Armed Zone: T = Top D = Down U = Up
1 0 A B C D
231
Chapter 2
CBCM Stroke-and-a-half with Arming Mode

Figure 154 shows the acknowledgement of the Safety Enable input, at (A), and the energizing of Output 1 when the Mode is configured as Stroke-and-a-half with Arming. The 5-second arming timer starts when the Arm Continuous input transitions from OFF (0) to ON (1) at (B) and all input conditions are being met. Within 5 seconds, Output 1 is energized when the Start input transitions from OFF (0) to ON (1) at (C) and all input conditions are being met. Output 1 remains energized when the Start input turns OFF (0) after the slide has transitioned a stroke-and-a-half at (D).
Figure 154 - Stroke-and-a-half with Arming Mode
Enable 1
0
Safety Enable
1 0
Standard Enable
1 0 1
Arm Continuous
0 1
Start
0 1
Stop At Top
0 1
Press In Motion
0 T 1 0 1 D U T D U
Slide Zone
Safety Enable Ack
0 1 0 1
Output 1
Continuous Armed
0
232
Chapter 2
CBCM De-energizing Output 1

Once energized, Output 1 is de-energized when one or more of the following occurs: The Enable input transitions from ON (1) to OFF (0). The Start input transitions from ON (1) to OFF (0) prior to entering the continuous operation. When this transition occurs while the slide is in the Up zone, Output 1 is de-energized when the slide enters the Top zone. Otherwise, Output 1 is de-energized immediately. The Safety Enable input transitions from ON (1) to OFF (0). When this transition occurs while the slide is in the Up zone and Takeover Mode is enabled, Output 1 is de-energized when the slide enters the Top zone. Otherwise, when Takeover Mode is disabled, Output 1 is deenergized immediately. Output 1 is also de-energized immediately when this transition occurs while the slide is in the Top or Down zones. The Standard Enable input transitions from ON (1) to OFF (0). When this transition occurs while the slide is in the Up zone, Output 1 is de-energized when the slide enters the Top zone. Otherwise, Output 1 is de-energized immediately. The Slide Zone input value becomes invalid. The Monitor Motion Fault input transitions from ON (1) to OFF (0). The direction of the press appears to be running in reverse. The Press In Motion input is OFF (0) when the slide goes from Top to Down. The Stop At Top input transitions from ON (1) to OFF (0) and the slide enters the Top zone. The Press in Motion input transitions from ON (1) to OFF (0).
233
Chapter 2
CBCM Safety Enable and Takeover Mode

Figure 155 shows Output 1 being de-energized when the slide enters the Top zone at (B). Output 1 is de-energized because the Safety Enable input has transitioned from ON (1) to OFF (0) during the Up zone, at (A), with Takeover Mode enabled. Before Output 1 can be re-energized, an acknowledgement of the Safety Enable input is required when the Safety Enable input transitions from OFF (0) to ON (1) at (C).
Figure 155 - Safety Enable and Takeover Mode Timing Diagram
Enable
1 0
Safety Enable
1 0 1
Standard Enable
0 1
Arm Continuous
0 1 0
Start
Stop At Top
1 0
Press In Motion
1 0
Slide Zone
1 0 1
Safety Enable Ack

0 1 0
Output 1
Continuous Armed 1
0
234
Chapter 2
CBCM False Rung State Behavior

CBCM Diagnostic Codes

Diagnostics 2000H200AH are detected when attempting to start press movement by energizing Output 1. Diagnostics 2020H202D are used to diagnose the reason for stopping press movement by de-energizing Output 1.
Table 86 - Diagnostic Codes and Corrective Actions
Diagnostic Code 0000H 2000H Description No fault. Immediate Mode Arming Modes Output 1 failed to energized when the Start input turned ON (1), due to an invalid Slide Zone input value. The five-second arming timer failed to start when the Arm Continuous input turned ON (1) due to an invalid Slide Zone input value. During the five-second arming period, the Slide Zone input value became invalid. Output 1 failed to energize when the Start input turned ON (1) due to the Press In Motion input being ON (1). The five-second timer failed to start when the Arm Continuous input turned ON (1) due to the Press In Motion input being ON (1). During the five-second arming period, the Press In Motion input turned ON (1). Corrective Action None. Check the Crankshaft Position Monitor (CPM) instruction or the application logic used to source this input. This diagnostic is cleared when a valid Slide Zone is established.
2001H
Immediate Mode Arming Modes
Wait for the press to come to a complete stop before initiating press movement. Verify that the device monitoring press movement is working correctly. Verify that only one mode of operation is selected.
2002H
Immediate Mode
Arming Modes
When the configured Ack Type is Manual, Output 1 failed to energize when Verify that the AOPDs and ESPEs used to source the the Start input turned ON (1) prior to the acknowledgement of the Safety Safety Enable input are protecting their respective Enable input. areas. When the configured Ack Type is Automatic, Output 1 failed to energize Then, to clear the diagnostic for manual Ack Types, when the Start input turned ON (1) and the Safety Enable input was OFF (0). acknowledge the Safety Enable input by turning the Safety Enable Ack input ON (1). When the configured Ack Type is Manual, the five-second timer failed to For automatic Ack Types, this diagnostic is cleared start when the Arm Continuous input turned ON (1) prior to the when the Safety Enable input turns ON (1). acknowledgement of the Safety Enable input. When the configured Ack Type is Automatic, the five-second arming timer failed to start when the Arm Continuous input and the Safety Enable inputs are OFF (0). During the five-second arming period, the Safety Enable input turned OFF (0). Output 1 failed to energize when the Start input turned ON (1) due to the Standard Enable input being OFF (0). The five-second timer failed to start when the Arm Continuous input turned ON (1) due to the Standard Enable input being OFF (0). During the five-second arming period, the Standard Enable input turned OFF (0). N/A The Start input was ON (1) when the Arm Continuous input turned ON (1). N/A The Start input did not turn ON (1) within five seconds of the Arm Continuous input turning ON (1). Turn the Arm Continuous input ON (1) to restart the arming timer and clear this diagnostic. Verify that the devices used to source the Standard Enable input are functioning properly. This diagnostic is cleared when the Standard Enable input is ON (1).
2003H
2004H
Turn the Start input OFF (0) and turn the Arm Continuous input ON (1) to clear this diagnostic.
2005H
235
Chapter 2

Diagnostic Code 2006H Description Immediate Mode Arming Modes 2007H Immediate Mode Arming Modes N/A The Start input turned ON (1) before the Arm Continuous input turned ON (1). Output 1 failed to energize when the Start input turned ON (1) due to the Stop At Top input being OFF (0). The five-second timer failed to start when the Arm Continuous input turned ON (1) due to the Stop At Top input being OFF (0). During the five-second arming period, the Stop At Top input turned OFF (0). Output 1 failed to energize when the Start input turned ON (1) due to the Motion Monitor Fault input being OFF (0). The five-second timer failed to start when the Arm Continuous input turned ON (1) due to the Motion Monitor Fault input being OFF (0). During the five-second arming period, the Motion Monitor Fault input turned OFF (0). Output 1 failed to energize when the Start input turned ON (1) due to the Safety Enable Ack input being ON (1). The five-second timer failed to start when the Arm Continuous input turned ON (1) due to the Safety Enable Ack input being OFF (0). During the five-second arming period, the Safety Enable Ack input turned OFF (0). Output 1 failed to energize when the Start input turned ON (1) due to the slide being in the Down or Up zone. The five-second timer failed to start when the Arm Continuous input turned ON (1) due to the slide being in the Down or Up zone. During the five-second arming period, the slide moved to the Down or Up zone. Check the Camshaft Monitor instruction or the application logic used to monitor press movement. This diagnostic is cleared when the motion monitor functions are properly monitoring motion and this Motion Monitor Fault input is ON (1). Turn the Safety Enable Ack input OFF (0). This diagnostic is cleared when the Safety Enable Ack input turns OFF (0). Corrective Action The Arm Continuous input must turn ON (1) before the Start input does. Turn the Start input OFF (0) and turn the Arm Continuos input ON (1) to clear this diagnostic. Turn the Stop At Top input OFF (0) and turn the Arm Continuos input ON (1) to clear this diagnostic.
2008H
2009H
200AH
The slide must be in the Top zone when press movement is initiated. This diagnostic is cleared when the slide is inched back to the Top zone.
2020H
Output 1 is de-energized due to the Slide Zone input value becoming invalid.
Check the Crankshaft Position Monitor (CPM) instruction or the application logic used to source this input. This diagnostic is cleared at the next attempt to begin press movement. Check the Camshaft Monitor (CSM) instruction or the application logic used to monitor press movement. This diagnostic is cleared at the next attempt to begin press movement. Verify the direction of the press. This diagnostic is cleared at the next attempt to begin press movement. Verify that the AOPDs and ESPEs used to source the Safety Enable input are protecting their respective areas. This diagnostic is cleared at the next attempt to begin press movement. Verify that the devices and application logic used to source the Standard Enable input are functioning properly. This diagnostic is cleared at the next attempt to begin press movement. Output 1 is always de-energized when the Start input turns OFF (0) while the slide is in the Top or Down zones. This diagnostic is cleared at the next attempt to begin press movement.
2021H
2022H
Output 1 is de-energized due to the detection of press movement in the reverse direction.
2023H
Output 1 is de-energized due to the Safety Enable input turning OFF (0) while the slide was in the Top or Down zone.
2024H
Output 1 is de-energized due to the Standard Enable input turning OFF (0) while the slide was in the Top or Down zones.
2025H
Immediate Immediate with Arming Half Stroke with Arming Mode Stroke-and-ahalf with Arming Mode
N/A
Output 1 is de-energized due to the Start input turning OFF (0) while the slide was in the Top or Down zones prior to entering continuous operation.
236
Chapter 2

Diagnostic Code 2026H 2027H Description Not used by this instruction. Output 1 is de-energized immediately when the Safety Enable input turned OFF (0) while the slide was in the Up zone and the Takeover Mode is Disabled. Verify that the AOPDs and ESPEs used to source the Safety Enable input are protecting their respective areas. This diagnostic is cleared at the next attempt to begin press movement. Verify that the devices and application logic used to source the Standard Enable input are functioning properly. This diagnostic is cleared at the next attempt to begin press movement. This diagnostic is cleared at the next attempt to begin press movement. Corrective Action
2028H
Output 1 is de-energized when the slide entered the Top zone due to the Standard Enable input turning OFF (0) while the slide was in the Up zone.
2029H 202AH 202BH
Output 1 is de-energized immediately when the Start input turned OFF (0) while the slide was in the Up zone prior to entering continuous operation, with a Takeover Mode of Disabled.
Output 1 is de-energized due to the slide entering the Top zone after a stop request has been made. This diagnostic is cleared at the next attempt to begin press movement. Output 1 is de-energized due to the Press In Motion input remaining OFF (0) when the slide entered the Down zone or the Press In Motion input transitioned from ON (1) to OFF (0). Check the Camshaft Monitor (CSM) instruction or the application logic used to monitor press movement. This diagnostic is cleared at the next attempt to begin press movement. Verify that the AOPDs and ESPEs used to source the Safety Enable input are protecting their respective areas. This diagnostic is cleared at the next attempt to begin press movement. This diagnostic is cleared at the next attempt to begin press movement.
202CH
Output 1 de-energized when the slide entered the Top zone and the Safety Enable input turned OFF (0) while the slide was in the Up zone, with Takeover Mode enabled.
202DH
Output 1 de-energized when the slide entered the Top zone and the Start input turned OFF (0) while the slide was in the Up zone prior to entering continuous operation, with Takeover Mode enabled.
237
Chapter 2
Crankshaft Position Monitor (CPM)
The Crankshaft Position Monitor instruction is used to determine the slide position of the press by monitoring the Brake (BCAM), Dynamic (DCAM), and Takeover (TCAM) cams and representing the position as Top, Down, or Up by using the Slide Zone output. Also, the Top Zone, Down Zone, and Up Zone Boolean outputs are provided for monitoring and diagnostic purposes. WARNING: This instruction is specified with the intent that the Slide Zone output is used to source the Slide Zone input of the Clutch Brake Inch Mode (CBIM), Clutch Brake Single Stroke (CBSSM), Clutch Brake Continuous Mode (CBCM), and Camshaft Monitor (CSM) instructions. Normal stopping of a press begins when the slide enters the Top zone. A successful stop occurs when the press stops in the Top zone. During normal stopping, the speed of the press may cause the press to stop in the Down zone. This is called an overrun. To minimize this, the DCAM can be enabled to generate an early Top zone, allowing the press to begin stopping early. WARNING: When required, the DCAM should only be enabled for normal stopping based on the speed of the press. Do not adjust the DCAM to account for deteriorating brake performance. WARNING: Reversing the press should only be performed during set up mode by using the Clutch Brake Inch Mode (CBIM) instruction. Reversing the press is only permitted for moving the slide from the Down zone to the Top zone where the CBIM instruction automatically stops the press at Top. A fault occurs when reverse movement continues into the Up zone.
238
Chapter 2
CPM Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect. The following table provides the parameter used to configure the instruction. This parameter cannot be changed at runtime.
Table 87 - CPM Configuration Parameter
Parameter Cam Profile Data Type Boolean Description This parameter determines the cam profile used to generate the Slide Zone values. A - See CPM Cam Profiles on page 241 and CPM Normal Operation with Cam Profile A on page 243. B - See CPM Cam Profiles on page 241 and CPM - Normal Operation with Cam Profile B on page 244.
The following table explains the instruction inputs. The inputs may be field device signals from input devices or derived from user logic.
Table 88 - CPM Inputs
Parameter Enable Data Type Boolean Description This signal is used to enable the Crankshaft Position Monitor (CPM) instruction. ON (1): The instruction outputs are enabled. OFF (0): The instruction outputs are disabled. This input is sourced by the cam monitoring device (hard cam) or application logic (soft cam). Cam Profile A This input specifies the overrun point and the Top zone when dynamic stopping is disabled. OFF (0) -> ON (1): While the press is running and dynamic stopping is disabled, this transition signals the end of the Up zone and the start of the Top zone. ON (1) -> OFF (0): While the press is stopping, this transition causes the Camshaft Monitor instruction to generate a brake fault. This input specifies the overrun point and the zone where immediate braking of the press is allowed. OFF (0) - No effect. OFF (0) -> ON (1): When detected while the press is stopping, this transition causes the Camshaft Monitor (CSM) instruction to generate a brake fault. While the press is running, this transition signals the end of the Top zone and start of the Down zone. ON (1) -> OFF (0): While the press is running, this transition must occur after the OFF (0) to ON (1) transition of the Takeover cam (TCAM).
Brake Cam (BCAM)
Boolean
Cam Profile B
Takeover Cam (TCAM)
Boolean
This input is sourced by the cam monitoring device (hard cam) or application logic (soft cam). Cam Profile A This input is used to indicate the start of the Up zone. OFF (0) -> ON (1): This transition signals the start of the end of the Down zone and the start of the Up zone. ON (1) -> OFF (0: When dynamic stopping is enabled, this transition has no effect unless the dynamic stop signal has yet to occur. When this happens, this transition signals the end of the Up zone and start of the Top zone. This input is used to indicate the start of the Up zone. OFF(0): The press is considered to be in the Down zone when the Brake cam (BCAM) is ON (1). OFF (0) -> ON (1): This transition signals the start of the Up zone and the end of the Down zone and must occur before the ON (1) to OFF (0) transition of the BCAM. ON (1) -> OFF (0): When dynamic stopping is not enabled, this transition signals the end of the upstroke and the start of the Top zone. When dynamic stopping is enabled, this transition has no effect unless the dynamic stop signal has yet to occur. In this case, the dynamic stopping enable behavior is performed.
Cam Profile B
239
Chapter 2
Table 88 - CPM Inputs

Parameter Dynamic Cam (DCAM) Data Type Boolean Description This input is used to generate an early top signal for fast-running presses. This input is sourced by a cam monitoring device (hard cam) or application logic (soft cam). This parameter is not safety-related. Cam Profile A When dynamic stopping is not required, this input should be sourced by the inverse of the Brake Cam (BCAM). OFF (0) -> ON (1): Dynamic stopping is enabled when this transition occurs at or after the ON (1) to OFF (0) transition of the BCAM. ON (1) -> OFF (0): This transition signals the end of upstroke and the start of the Top zone when it occurs before the OFF (0) to ON (1) transition of the Takeover cam (TCAM). When dynamic stopping is not required, this input should be sourced by the Takeover Cam (TCAM). OFF (0) -> ON (1): Dynamic stopping is enabled when this transition occurs at or after the OFF (0) to ON (1) transition of the TCAM. ON (1) -> OFF (0): This transition signals the end of Up zone and the start of the Top zone when it occurs at or before the ON (1) to OFF (0) transition of the TCAM.
Cam Profile B
Input Status
Boolean
This input represents the combined status of the cam monitoring functions in addition to the I/O module status. ON: Inputs are valid. The Slide Zone status bit is set to 1. OFF: Inputs are invalid. All outputs are set to their de-energized or OFF (0) state. The Slide Zone status bit is set to 0. Reversing the press should only be performed during set up mode by using the Clutch Brake Inch Mode (CBIM) instruction. Reversing the press is only permitted to move the slide from the Down zone to the Top zone where the Clutch Brake Inch Mode (CBIM) instruction automatically stops the press. A fault is generated when reverse movement is continued into the Up zone. OFF (0): Reverse operation is disabled. ON (1): When the slide is in the Down zone, this instruction lets the press move toward the Top zone. A fault is generated if this input is ON (1) when the slide is in the Up zone. This input represents the motion status of the press and is sourced by Output 1 of the Main Valve Control (MVC) instruction or other valve control application logic. OFF (0): The press has stopped or a stop request has been issued. ON (1): The press is running or a start request has been issued. IMPORTANT: When the press has been requested to stop at Top, overrun monitoring is enabled when the slide transitions from the Up to the Top zone. An overrun fault occurs when the slide continues to move into the Down zone. This input clears the instruction faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Reverse
Boolean
Press Motion Status
Boolean
Reset(1)
Boolean
240
Chapter 2
The following table explains the instruction outputs. The outputs may be field device signals or derived from user logic.
Table 89 - CPM Outputs
Parameter Slide Zone Data Type Integer Description This input represents the position of the slide based on the cam profile selected. This output is used to source the Slide Zone input of the Clutch Brake Inch Mode (CBIM), Clutch Brake Single Stroke Mode (CBSSM), Clutch Brake Continuous Mode (CBCM), and Camshaft Monitor (CSM) instructions. This is a bit-mapped value where: Bit 0: Status OFF (0) - The Slide Zone information is invalid. Prevents the energizing of Output 1 on an initial start or immediately de-energized Output 1. ON (1) - Slide Zone information is valid. Bits 1 and 2: Slide Zone The following table lists how Bits 02 are used to represent the valid slide zones. Bit 2 0 0 1 Bit 1 0 1 0 Bit 0 1 1 1 Slide Zone Down Up Top Decimal Value 1 3 5
Bits 331: Unused; Set to 0. Top Zone (TZ) Down Zone (DZ) Up Zone (UZ) Diagnostic Code Fault Code Fault Present (FP) Boolean Boolean Boolean Integer Integer Boolean This information bit indicates when the slide is in the Top zone. This information bit indicates when the slide is in the Down zone. This information bit indicates when the slide is in the Up zone. This output indicates the diagnostic status of the instruction. See Table 90 on page 245 for a list of diagnostic codes. This parameter is not safety-related. This output indicates the type of fault that occurred. See Table 91 on page 245 for a list of fault codes. This parameter is not safety-related. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally.
IMPORTANT
CPM Cam Profiles

This instruction supports two cam profiles, A or B, selected by using the Cam Profile configurable parameter. The main difference between Cam Profiles A and B is the configuration of the Brake Cam (BCAM). In profile A, the BCAM is configured to represent the Top zone and in profile B, it is configured to represent the Down zone. The Takeover Cam (TCAM) in both profiles is configured to represent the Up zone. The profile diagrams in Figure 156 on page 242 illustrate the relationships of the cams when the Dynamic Cam (DCAM) is enabled.
241
Chapter 2
When enabled, the DCAM is configured the same way, with the ON (1) to OFF (0) transition during the Up zone generating the early Top zone. Depending upon the speed of the press, this transition can be configured to occur anytime during the Up zone. However, when the DCAM is disabled, it must be configured as follows: Profile A The DCAM must be sourced by the inverse of the BCAM input source. Profile B The DCAM must be sourced by the TCAM input source.
Figure 156 - Cam Profiles A and B
Profile A Profile B
BCAM
Top Up
TCAM
Top Down
TCAM
Up
Down
BCAM
DCAM
DCAM
Range during which the DCAM is allowed to turn ON (1).
WARNING: Cam angles are not shown in these cam profiles. The cam angles should be selected by qualified personnel.
WARNING: When the Cam Profile is configured for A and dynamic stopping is disabled, the Dynamic Cam (DCAM) input must be sourced inverse of the Brake Cam (BCAM) input source. WARNING: When the Cam Profile is configured for B and dynamic stopping is disabled, the Dynamic Cam (DCAM) input must be sourced by the Takeover Cam (TCAM) input source.
242
Chapter 2
CPM Normal Operation with Cam Profile A

Figure 157 describes normal operation when Cam Profile A is selected and the press is moving in the forward direction. The press starts with the slide at Top with the Takeover cam input (TCAM) OFF (0) and the Brake cam input (BCAM) ON (1) at (A) The Slide Zone is set to Top. As the press moves, the BCAM input transitions from ON (1) to OFF (0) at (B) and the Slide Zone changes from Top to Down. As the press continues moving, the TCAM input transitions from OFF (0) to ON (1) at (C) and the Slide Zone changes from Down to Up. Further press movement causes the Slide Zone output to change from Up to Top at different points depending on the Dynamic cam input (DCAM) configuration. When the DCAM is enabled, the Slide Zone changes from Up to Top when the DCAM input transitions from ON (1) to OFF (0) while the TCAM input is ON (1) at (D). When the DCAM is disabled, the Slide Zone changes from Up to Top when the BCAM input transitions from OFF (0) to ON (1) at (D).
Figure 157 - Cam Profile A Timing Diagrams
Cam Profile Takeover Cam (TCAM) Dynamic Cam (DCAM)
1 0 1 0 A

1 0 1 0
Brake Cam (BCAM)
1 0
Brake Cam (BCAM)
1 0
Reverse
1 0
Reverse
1 0
Top Zone
1 0 1
Top Zone
1 0 1
Down Zone
0 1 0
Down Zone
0 1 0 T A B D C U D T
Up Zone
Up Zone
Slide Zone
Slide Zone
A
Dynamic Cam Enabled
Dynamic Cam Disabled
243
Chapter 2
CPM - Normal Operation with Cam Profile B

Figure 158 describes normal operation when Cam Profile B is selected and the press is moving in the forward direction. The press starts with slide at Top with Takeover cam input (TCAM) and Brake cam input (BCAM) OFF (0) at (A) and Slide Zone set to Top. As the press moves, the BCAM input transitions from OFF (0) to ON (1) at (B) and the Slide Zone changes from Top to Down. As the press continues moving, the TCAM input transitions from OFF (0) to ON (1) at (C) and Slide Zone changes from Down to Up. Further press movement causes the Slide Zone output to change from Up to Top at different points depending on the Dynamic cam input (DCAM) configuration. When the DCAM is enabled, the Slide Zone output changes from Up to Top when the DCAM input transitions from ON (1) to OFF (0) while the TCAM input is ON (1) and the BCAM input is OFF (0) at (D). When the DCAM is disabled, the Slide Zone output changes from Up to Top when the TCAM input transitions ON (1) to OFF (0) at (D).
Figure 158 - Cam Profile B Timing Diagrams
1 0 1 0 B

1 0 1 0
Brake Cam (BCAM)
1 0
Brake Cam (BCAM)
1 0
Reverse
1 0
Reverse
1 0
Top Zone
1 0
Top Zone
1 0
Down Zone
1 0
Down Zone
1 0
Up Zone
1 0
Up Zone
T A B D C U D T
1 0
Slide Zone
Slide Zone
A
T B
D C
U D
Dynamic Cam Enabled
Dynamic Cam Disabled
CPM False Rung State Behavior

244
Chapter 2
CPM Fault and Diagnostic Codes

Table 90 - Fault Codes and Corrective Actions
Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. While the press was moving forward, slide movement from the Top zone to the Up zone was detected While the press was moving forward, slide movement from the Down zone to the Top zone was detected. While the press was moving forward, slide movement from the Up zone to the Down zone was detected. While the press was moving forward, slide movement from the Up zone to the Down zone was detected. Slide movement from the Top zone to the Down zone was detected while the press was reversing. Reverse movement is only permitted toward the Top zone. Slide movement from the Down zone to the Up zone was detected while the press was reversing. Forward movement of the press is not permitted when Reverse is enabled. The Dynamic cam (DCAM) may be stuck OFF (0). The Dynamic cam (DCAM) may be stuck ON (1). Cam Profile A Cam Profile B 1009H Cam Profile A Cam Profile B 100AH Cam Profile A Cam Profile B 1020H 1040H The DCAM turned OFF (0) while the slide was in the Down zone. N/A The Takeover cam (TCAM) may be stuck ON (0). N/A N/A The Brake cam (BCAM) may be stuck ON (0). Check the TCAM. Reset the fault. Check the BCAM. Reset the fault. Set the Reverse input to OFF (0). Reset the fault. Check the brake linings for wear. Check the cam settings for proper alignment. Reset the fault. Check the DCAM. Reset the fault. Corrective Action None. Check the I/O module connection or the internal logic used to source input status. Reset the fault. Check the cams or the scan rate. Reset the fault.
1000H 1001H 1002H 1003H 1004H 1005H 1006H 1007H 1008H
A request to reverse the press was made while the slide was in the Up zone. A slide overrun fault occurred.

Diagnostic Code 00H 20H Description No fault. The Input Status input was OFF (0) when the instruction started. Corrective Action None. Check the I/O module connection or the Camshaft Monitor (CSM) instruction used to source input status. Set the Input Status input to ON (1), if the inputs are not being sourced by a safety I/O module.
245
Chapter 2
Camshaft Monitor (CSM)
This instruction monitors the starting, stopping, and running operations of a camshaft. Possible sources for the Channel A and Channel B inputs to the instruction could include proximity switches, resolvers, gray code encoders, or any device that can produce a series of pulses when the camshaft is moving. Starting and stopping diagnostics are based on the configurable Mechanical Delay Time parameter. A fault is generated whenever the Mechanical Delay Time is exceeded during a starting or stopping operation.
CSM Instruction Parameters

246
Chapter 2
Table 92 - CSM Inputs
Parameter Mechanical Delay Time Data Type Integer Description In a starting operation, this parameter determines the amount of time the instruction waits for the Channel A and Channel B inputs to indicate motion after the Motion Request input has transitioned from OFF (0) to ON (1) before generating a Start Time Exceeded fault. In a stopping operation, this parameter determines the amount of time the instruction waits for the Channel A or Channel B input to indicate a loss of motion after the Motion Request input has transitioned from ON (1) to OFF (0) before generating a Stop Time Exceeded fault. The valid range is 3002000 ms. This parameter defines the maximum time allowed between the rising and falling edges in the input pulse train before motion is considered to be stopped. The valid range is 502000 ms. This input indicates if motion is being requested. It is sourced by Output 1 of the Clutch Brake Inch Mode (CBIM), Clutch Brake Single Stroke Mode (CBSSM), or Clutch Brake Continuous Mode (CBCM) instruction. ON (1): The camshaft is being commanded to move and motion is expected. OFF (0): Camshaft motion is not requested. A pulse train at this input indicates that the camshaft is moving. A pulse train at this input indicates that the camshaft is moving. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input clears the instruction faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Max Pulse Period
Integer
Motion Request
Boolean
Channel A(1) Channel B(1) Input Status
Reset(2)
Boolean
247
Chapter 2
Table 93 - CSM Outputs
Parameter Output 1 (O1) Data Type Boolean Description This output indicates the status of camshaft motion at all times, even when the Fault Present (FP) output is ON. The only exception is when the Input Status input indicates that inputs to this instruction are invalid. In that case, this output (O1) will be OFF. This output is used to source the Press in Motion input of the Clutch Brake Inch Mode (CBIM), Clutch Brake Single Stroke Mode (CBSSM), and/or Clutch Brake Continuous Mode (CBCM) instructions. ON (1): The camshaft is moving. OFF (0): The camshaft is stopped. This output indicates the fault status of the instruction. This output is used to source the Motion Monitor Fault input of the Clutch Brake Inch Mode (CBIM), Clutch Brake Single Stroke Mode (CBSSM), and/or Clutch Brake Continuous Mode (CBCM) instruction. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 94 on page 257 for the list of possible fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 95 on page 258 for a list of possible diagnostic codes. This parameter is not safety-related. The time, in milliseconds, that it took the camshaft to start moving. This is the difference in time from when the Motion Request input turns ON (1) to the time at which both Channel A and Channel B inputs indicate motion. This parameter is not safety-related. The time, in milliseconds, that it took the camshaft to stop moving. This is the difference in time from when the Motion Request input turns OFF (0) to the time at which either the Channel A or Channel B input stopped indicating motion. This parameter is not safety-related.
Fault Present (FP)
Boolean
Fault Code Diagnostic Code Measured Start Time
Integer Integer Integer
Measured Stop Time
Integer
IMPORTANT
248
Chapter 2
CSM Input Pulse Conversion

The Channel A and Channel B input signals are a pulse train from an encoder, resolver, or proximity switch. When pulses are detected within the configured Max Pulse Period, motion is indicated. The pulse trains are conditioned to provide level input signals to the instruction logic to derive a signal that is ON (1) when there is motion and OFF (0) when there is no motion. The conversion of each channel is independent of the other. Shown here for Channel A, the signal turns ON (1) at the first pulse edge seen at the Channel A input at (A). The derived signal remains ON (1) as long as the elapsed time between pulses does not exceed the configured Max Pulse Period. If no edges are detected for more than the Max Pulse Period, the derived level signal turns OFF (0) at (B).
Figure 159 - Channel A Input Pulse Conversion
Channel A Pulse Input
1 0
Max Pulse Period Channel A 1 Level Input (Derived) 0
249
Chapter 2
CSM Normal Operation

The Motion Request input transitions from OFF (0) to ON (1) at (A), indicating that the camshaft is being commanded to move. Output 1 turns ON (1) at (B), when pulses are detected on both Channel A and Channel B within the configured Mechanical Delay Time. After the Motion Request input turns OFF (0) at (C), indicating that the camshaft is being commanded to stop, Output 1 turns OFF (0) at (D) since pulses are no longer present on both channels. Pulses must stop on either Channel A or Channel B within the configured Mechanical Delay Time to prevent a Stop Time Exceeded fault.
Motion Request
1 0
Channel A
1 0
Channel B
1 0
Input Status
1 0 1
Reset
0 1 0
Fault Present
Output 1
1 0
A B C D
250
Chapter 2
CSM Uncommanded Motion Fault

An Uncommanded Motion Fault occurs when the Motion Request input is OFF (0) but pulses on the Channel A and Channel B inputs indicate motion. The Motion Request input is OFF (0), indicating that motion is not being commanded. When pulses are detected on only one channel at (A), no fault occurs. When pulses are detected on both Channel A and Channel B at (B), a fault is generated indicating Uncommanded Motion. Output 1 tracks the presence of pulses on both Channel A and Channel B turning ON (1) at (B) and OFF (0) at (C). When no pulses are detected on either channel and the Motion Request input is OFF (0), indicating that motion is no longer requested, the fault is cleared on the next OFF (0) to ON (1) transition of the Reset input at (D).
Figure 161 - Uncommanded Motion Fault Timing Diagram
1
Motion Request
0 1
Channel A
0 1
Channel B
0 1
Input Status
0 1
Reset
0 1
Fault Present
0 1
Output 1
0
A B C D
251
Chapter 2
CSM Start Time Exceeded Fault

At (A), the Motion Request input turns ON (1), indicating that motion is being requested. The Fault Present output turns ON (1) when the configured Mechanical Delay Time expires at (B), prior to pulses being detected on both Channel A and Channel B. When pulses are present on both inputs at (C), Output 1 turns ON (1) even though the fault condition is present. When either Channel A or Channel B are no longer indicating motion at (D), Output 1 turns OFF (0). When both channels are not indicating motion (no pulses) and the Motion Request input is also OFF (0) at (E), a subsequent OFF (0) to ON (1) transition of the Reset input resets the fault condition at (F).
Figure 162 - Start Time Exceeded Fault Timing Diagram
1
Motion Request
0 1 0
Delay Time
Channel A
Channel B
1 0 1
Input Status
0 1
Reset
0 1
Fault Present
0 1 0
A B C D E F
Output 1
252
Chapter 2
CSM Stop Time Exceeded Fault

At (A), the Motion Request input turns OFF (0), indicating that motion is being commanded to stop. At (B), the Fault Present output turns ON (1) when the configured Mechanical Delay Time expires before pulses stop on either Channel A or Channel B. Output 1 transitions from ON (1) to OFF (0) when pulses stop occurring on either Channel A or Channel B at (C). When both Channel A and Channel B stop indicating motion and the Motion Request input is also OFF (0) at (D), a subsequent OFF (0) to ON (1) transition of the Reset input resets the fault condition at (E).
Figure 163 - Stop Time Exceeded Fault Timing Diagram
1
Motion Request
0 1 0
Channel A
Channel B
1 0 1
Input Status
0 1
Delay Time
Reset
0 1
Fault Present
0 1
Output 1
0
A B C D E
253
Chapter 2
CSM Loss of Motion Fault (Case 1)

The Motion Request input turns ON (1), and at (A) the Channel A and Channel B inputs both indicate motion within the configured Mechanical Delay Time. Once the Mechanical Delay Time has expired at (B), a subsequent loss of pulses on either Channel A or Channel B results in the Fault Present output turning ON (1), indicating a Loss of Motion fault at (C). Output 1 also turns OFF (0) at (C). When both Channel A and Channel B are no longer indicating motion at (D) and the Motion Request input is also OFF (0), a subsequent OFF (0) to ON (1) transition of the Reset input resets the fault condition, at (E).
Figure 164 - Loss of Motion Fault (Case 1) Timing Diagram
1
Motion Request
0 1
Delay Time
Channel A
0 1
Channel B
0 1
Input Status
0 1
Reset
0 1
Fault Present
0 1
Output 1
0
A B C D E
254
Chapter 2
CSM Loss of Motion Fault (Case 2)

The Motion Request input turns ON (1), and at (A) the Channel A and Channel B inputs both indicate motion within the configured Mechanical Delay Time. A loss of pulses on either Channel A or Channel B, at (B), before the Mechanical Delay Time expires, results Output 1 turning OFF (0). When the Mechanical Delay Time expires at (C), the Fault Present output turns ON (1), indicating a Loss of Motion fault. When both Channel A and Channel B are no longer indicating motion at (D) and the Motion Request input is also OFF (0), a subsequent OFF (0) to ON (1) transition of the Reset input resets the fault condition, at (E).
Figure 165 - Loss of Motion Fault (Case 2) Timing Diagram
1
Motion Request
0 1 0
Delay Time
Channel A
Channel B
1 0
Input Status
1 0 1
Reset
0 1
Fault Present
0 1 0
A B C D E
Output 1
255
Chapter 2
CSM Input Status Fault

At (A), the Motion Request input turns ON (1), indicating that motion is being commanded. Both Channel A and Channel B inputs indicate motion by detecting pulses within the configured Mechanical Delay Time. Output 1 turns ON (1) at (B). When the Input Status input turns OFF (0) at (C), an Input Status Fault occurs and the Fault Present output turns ON (1). Output 1 also turns OFF (0) at (C). Output 1 is always OFF (0) when the Input Status input is OFF (0). When both Channel A and Channel B no longer indicate motion at (D), the Motion Request input is also OFF (0), and the Input Status input has returned to ON (1), a subsequent OFF (0) to ON (1) transition of the Reset input resets the fault condition, at (E).
Motion Request
1 0
Channel A 1
0
Channel B 1
0
Input Status
1 0
Reset
1 0
Fault Present
1 0
Output 1
1 0
A B C D E
256
Chapter 2
CSM False Rung State Behavior

CSM Fault and Diagnostic Codes

Fault Code 0000H 0020H 6000H Description No faults. An input status error occurred. The Input Status input transitioned from ON (1) to OFF (0). Uncommanded Motion occurred. The Motion Request input is OFF (0) but both input channels indicate the camshaft is moving. Corrective Action None. Check the I/O module connection. Reset the fault. Check the devices driving the Channel A and Channel B inputs and the associated wiring. Make sure the camshaft is stopped by inspecting it visually. Reset the fault. Re-evaluate the Mechanical Delay Time value. Make sure camshaft mechanical linkages, brakes, and motion sensors are functioning. Visually check that motion has stopped. Reset the fault. Re-evaluate the Mechanical Delay Time value. Make sure mechanical linkages, brakes, and motion sensors are functioning. Visually check that motion has stopped. Reset the fault. Check the device driving the Channel A input and the associated wiring. Make sure the camshaft is stopped by inspecting it visually. Reset the fault. Check the device driving the Channel B input and the associated wiring. Make sure the camshaft is stopped by inspecting it visually. Reset the fault. Check the I/O module connection. Make sure the camshaft is stopped by inspecting it visually. Make sure all motion sensors are operating properly. Reset the fault.
6001H
Start time was exceeded. The measured time to start the camshaft exceeded the configured Mechanical Delay Time.
6002H
Stop time was exceeded. The measured time to stop the camshaft exceeded the configured Mechanical Delay Time.
6003H
Loss of Motion occurred at Channel A. The Motion Request input is ON (1), but the Channel A input stopped indicating motion. Loss of Motion occurred at Channel B. The Motion Request input is ON (1), but the Channel B input stopped indicating motion. The Motion Request input turned ON (1) before all inputs were in their safe state, OFF (0).
6004H
6005H
257
Chapter 2

Diagnostic Code 0000H 0020H 6000H Description None. The Input Status input is OFF (0) when the instruction first executed. The Channel A and Channel B inputs are both indicating motion (pulses present) when the instruction first executed. The Channel A input is indicating motion (pulses present), when the instruction first executed. The Channel B input is indicating motion (pulses present), when the instruction first executed. Corrective Action None. Check the I/O module connection. Check the devices driving the Channel A and Channel B inputs and the associated wiring. Visually check that motion has stopped. Check the device driving the Channel A input and the associated wiring. Visually check that motion has stopped. Check the device driving the Channel B input and the associated wiring. Visually check that motion has stopped.
6001H 6002H
258
Chapter 2
Clutch Brake Wiring and Programming Example
The example on the following pages illustrates the use of some of the Metal Form instructions in a press safety application, including the three Clutch Brake instructions (CBIM, CBSSM, and CBCM), the Camshaft Motion Monitor (CSM), and the Crankshaft Position Monitor (CPM).
24V DC Momentary Push Button (reset) Motion Monitor Proximity Sensors
Brake Cam
Takeover Cam
1 V
13 T0
3 I0
14 T1
4 I1
5 I2
28 T3
6 I3
29 T3
24 I11
DeviceNet
1791-DS-IB12
G
Module 1
T2 25
11
Arm Continuous Prompt Lamp 24V Ground
259
Chapter 2

RunStationStart 1 ValvesOK 1 Level1Safeties 1 Level2Safeties 1 Level3Safeties 1 MainValveActuated
1
&
A
SafetiesOK 2
A 1 Module 1:I.Pt00Data Module 1:I.Pt01Data
CPM Cam Profile Enable Press Motion Status Brake Cam Takeover Cam Dynamic Cam Input Status Reverse Reset
CrankPosition Slide Zone Top Zone Down Zone Up Zone CrankPosition.DZ

2
&
B C
DynamicCamAngle1 EncoderRegister 1 DynamicCamAngle2
1 1
LIM Low Limit Test High Limit
ReversePress 1
Fault Present
Module 1:I.CombinedStatus
&
StartDelayTime StopDelayTime
I0 Out I1 80 ms Module 1:I.Pt02Data Module 1:I.Pt03Data
CSM Mechanical Delay Time Max Pulse Period Motion Request Channel A Channel B Input Status Reset
MotionMonitor Output 1
E
MotionStopped
2
Fault Present
MotionMonitor_IS
F G
Module 1:I.Pt11Data

260
Chapter 2
Figure 169 - Programming Diagram Continued
B C
Manual 5000 ms InchModeSelected EnableInchMode 1

1
CBIM Ack Type Inch Time Enable Safety Enable Standard Enable Start Press In Motion Slide Zone Motion Monitor Fault Safety Enable Ack CBSSM Ack Type Inch Time
1 1
InchMode Output 1
SingleStrokeMode
>=1
Manual Disabled SingleStrokeSelected
Output 1
PressRun 2
EnableSingleStrokeMode
Enable Safety Enable Standard Enable Start Press In Motion Slide Zone Motion Monitor Fault Safety Enable Ack CBCM Ack Type Mode Takeover Mode ContinuousMode Output 1 Continuous Armed ArmContinuousPrompt
Manual Immediate With Arming Disabled ContinuousModeSelected EnableContinuousMode 1 ArmContinuousInput 1 StopPressInput 1
Enable Safety Enable Standard Enable Arm Continuous Start Stop At Top Press In Motion Slide Zone Motion Monitor Fault Safety Enable Ack
F G
Note 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. Note 2: This is an internal Boolean tag used by other parts of the user application not shown in this example.
261
Chapter 2

LIM Limit Test (CIRC) Low Limit DynamicCamAngle1 95 EncoderRegister Test 0 High Limit DynamicCamAngle2 320 CrankPosition.DynamicCam
CPM Crankshaft Position Monitor CrankPosition CPM A Cam Profile ALWAYS_ENABLED Enable 1 Module1:I.Pt00Data Brake Cam 1 Module1:I.Pt01Data Takeover Cam 1 Dynamic Cam CrankPosition.DynamicCam 0 Module1:I.CombinedStatus Input Status 1 ReversePress Reverse 0 MainValveActuated Press Motion Status <MainValve.O1> 0 Module1:I.Pt11Data Reset 0 MotionMonitor.O1 / MOV Move Source StartDelayTime 750 Dest MotionMonitor.MechanicalDelayTime 0 MOV StopDelayTime 1000 Dest MotionMonitor.MechanicalDelayTime 0 CSM Camshaft Monitor MotionMonitor CSM Mechanical Delay Time (Msec) MotionMonitor.MechanicalDelayTime 80 Max Pulse Period (Msec) MainValveActuated Motion Request <MainValve.O1> 0 Module1:I.Pt02Data Channel A 0 Module1:I.Pt03Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 MotionMonitor.FP / Move Source
TZ DZ UZ FP
MotionMonitor.O1
O1 FP
MotionMonitor_IS
262
Chapter 2
Figure 171 - Ladder Logic Continued

CPM Crankshaft Position Monitor CrankPosition CPM A Cam Profile ALWAYS_ENABLED Enable 1 Module1:I.Pt00Data Brake Cam 1 Module1:I.Pt01Data Takeover Cam 1 Dynamic Cam CrankPosition.DynamicCam 0 Module1:I.CombinedStatus Input Status 1 ReversePress Reverse 0 MainValveActuated Press Motion Status <MainValve.O1> 0 Module1:I.Pt11Data Reset 0 MotionMonitor.O1 / MOV Move Source StartDelayTime 750 Dest MotionMonitor.MechanicalDelayTime 0 MOV StopDelayTime 1000 Dest MotionMonitor.MechanicalDelayTime 0 CSM Camshaft Monitor MotionMonitor CSM Mechanical Delay Time (Msec) MotionMonitor.MechanicalDelayTime 80 Max Pulse Period (Msec) MainValveActuated Motion Request <MainValve.O1> 0 Module1:I.Pt02Data Channel A 0 Module1:I.Pt03Data Channel B 1 Module1:I.CombinedStatus Input Status 1 Module1:I.Pt11Data Reset 0 MotionMonitor.FP / SafetiesOK ValvesOK Move Source TZ DZ UZ FP
MotionMonitor.O1
O1 FP
MotionMonitor_IS InchMode.SafetyEnable
CBIM Clutch Brake Inch Mode CBIM Ack Type Inch Time (Msec) Enable
InchMode MANUAL 5000
O1
InchModeSelected 0 Safety Enable InchMode.SafetyEnable 1 EnableInchMode Standard Enable 0 RunStationStart Start 0 MotionMonitor.O1 Press In Motion 0 ALWAYS_OK Motion Monitor Fault 1 CrankPosition.SlideZone Slide Zone 5 (TOP) Safety Enable Ack Module1:I.Pt11Data 0
263
Chapter 2
Figure 172 - Ladder Logic Continued

SafetiesOK ValvesOK CrankPosition.FP / SingleStrokeMode.SafetyEnable
CBSSM Clutch Brake Single Stroke Mode SingleStrokeMode CBSSM Ack Type MANUAL DISABLED Takeover Mode SingleStrokeSelected Enable 0 Safety Enable SingleStrokeMode.SafetyEnable 1 EnableSingleStrokeMode Standard Enable 0 RunStationStart Start 0 MotionMonitor.O1 Press In Motion 0 MotionMonitor_IS Motion Monitor Fault 1 CrankPosition.SlideZone Slide Zone 5 (TOP) Module1:I.Pt11Data Safety Enable Ack 0
O1
SafetiesOK
ValvesOK
CrankPosition.FP /
ContinuousMode.SafetyEnable
CBCM Clutch Brake Continuous Mode ContinuousMode CBCM Ack Type MANUAL IMMEDIATE WITH ARMING Mode DISABLED Takeover Mode ContinuousModeSelected Enable 0 Safety Enable ContinuousMode.SafetyEnable 1 EnableContinuousMode Standard Enable 0 Arm Continuous ArmContinuousInput 0 RunStationStart Start 0 StopPressInput Stop At Top 0 MotionMonitor.O1 Press In Motion 0 MotionMonitor_IS Motion Monitor Fault 1 CrankPosition.SlideZone Slide Zone 5 (TOP) Module1:I.Pt11Data Safety Enable Ack 0 ContinuousMode.CA
O1 CA
ArmContinuousPrompt
InchMode.O1 SingleStrokeMode.O1 ContinuousMode.O1
PressRun
264
Chapter 2
265
Chapter 2
266
Chapter 2
Eight-position Mode Selector (EPMS)
The Eight-position Mode Selector (EPMS) instructions main function is to energize one of its eight outputs when the associated input goes active. Only one output may be energized at a time. A fault is generated when a no input active condition exists for more than 250 ms, or a multiple input active condition exists. The fault is cleared by applying an OFF (0) to ON (1) transition on the Reset input, but only after the fault condition is corrected. This instruction supports a Lock input. Updating the outputs is prohibited when the Lock input is set to ON (1). Attempting to update the outputs while the Lock input is ON (1) results in the generation of a diagnostic code and outputs are de-energized (no mode). ATTENTION: This instruction is specified to operate with Break before Make types of inputs.
267
Chapter 2
EPMS Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect. The following table explains instruction inputs. The inputs may be field device signals from input devices or derived from user logic.
Table 96 - EPMS Inputs
Name Input 1 Input 2 Input 3 Input 4 Input 5 Input 6 Input 7 Input 8 Input Status Data Type Boolean Boolean Boolean Boolean Boolean Boolean Boolean Boolean Boolean Description ON (1): Input ON (1) OFF (0): Input OFF (0) ON (1): Input ON (1) OFF (0): Input OFF (0) ON (1): Input ON (1) OFF (0): Input OFF (0) ON (1): Input ON (1) OFF (0): Input OFF (0) ON (1): Input ON (1) OFF (0): Input OFF (0) ON (1): Input ON (1) OFF (0): Input OFF (0) ON (1): Input ON (1) OFF (0): Input OFF (0) ON (1): Input ON (1) OFF (0): Input OFF (0) If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. ON (1): The instruction is locked. Any changes in the input states result in all outputs being de-energized. A diagnostic is generated. OFF (0): The instruction is unlocked. Valid input changes are accepted. This input clears instruction faults provided the fault condition is not present. OFF (0) -> ON (1): The Fault Present and Fault Code outputs are reset.
Lock
Boolean
Reset(1)
Boolean
268
Chapter 2
The following table explains instruction outputs. The outputs are typically used to select different modes of application operation by enabling other instructions (Output 1 for mode 1, and so on).
Table 97 - EPMS Outputs
Name Output 1 (O1) Output 2 (O2) Output 3 (O3) Output 4 (O4) Output 5 (O5) Output 6 (O6) Output 7 (O7) Output 8 (O8) Fault Present (FP) Diagnostic Code Fault Code Data Type Boolean Boolean Boolean Boolean Boolean Boolean Boolean Boolean Boolean Integer Integer Description ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): Output ON (1) OFF (0): Output OFF (0) ON (1): A fault is present in the instruction. OFF (0): This instruction is operating normally. This output indicates the diagnostic status of the instruction. See Table 98 on page 272 for a list of diagnostic codes. This parameter is not safety-related. This output indicates the type of fault that occurred. See Table 99 on page 272 for a list of fault codes. This parameter is not safety-related.
IMPORTANT
269
Chapter 2
EPMS Lock Input OFF (0)

The timing diagram in Figure 176 illustrates the Lock input OFF (0). At (A), a no inputs condition exists. At (B), a single input, Input x, transitions from OFF (0) to ON (1) within 250 ms and the corresponding output, Output x, turns ON (1). At (C), a no inputs condition is created when the single input, Input x, transitions from ON (1) to OFF (0). At (D), a single input, Input y, then transitions to ON (1) within 250 ms and the corresponding output, Output y, turns ON (1).
Figure 176 - Lock Input OFF (0) Timing Diagram
Input x
1 0
Input y
1 0
Lock
1 0
Output x
1 0
Output y
1 0
Fault Present
1 0 A B C D
270
Chapter 2
EPMS Lock Input ON (1)

Figure 177 illustrates the Lock input ON (1). At (A), a no inputs condition exists. At (B), a single input, Input x, transitions from OFF (0) to ON (1) within 250 ms and the corresponding output, Output x, turns ON (1). At (C), the instruction becomes locked when the Lock input transitions from OFF (0) to ON (1). At (D), an attempt is made to change the mode when the single input, Input x, transitions from ON (1) to OFF (0), creating a no inputs condition. At (E), a single input, Input y, transitions from OFF (0) to ON (1) within 250 ms, generating a diagnostic code indicating that an attempt was made to change the mode while locked. The output, Output x, transitions from ON (1) to OFF (0). At (F), the Lock input transitions from ON (1) to OFF (0) while the single input, Input y, is ON (1), the corresponding output, Output y, is turned ON (1) and the diagnostic code is cleared.
Figure 177 - Lock Input ON (1) Timing Diagram
Input x
1 0
Input y
1 0
Lock
1 0
Output x
1 0
Output y
1 0
Fault Present
1 0 A B C D E F
EPMS False Rung State Behavior

When the instruction is executed on a false rung, all instruction outputs are de-energized.
271
Chapter 2
EPMS Fault and Diagnostic Codes

Fault Code 00H 20H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. A multiple selection input was detected. A no selection input condition existed for more than 250 ms. Corrective Action None. Check the Safety I/O module connections or the internal logic used to source input status. Reset the fault. Check the mode selection inputs. Reset the fault. Check the timing of the mode selection inputs to see if they are within 250 ms. Reset the fault.
3000H 3001H

Diagnostic Code 00H 20H Description No fault. The Input Status input was OFF (0) when the instruction was started. Corrective Action None. Check the Safety I/O module connections or the internal logic used to source the input status. Set the I/O status to 1 (if the inputs are not being sourced by the safety I/ O). Only update inputs when the Lock input is OFF (0).
3000H
Input data changed while the Lock input was ON (1).
EPMS Wiring and Programming Example

1 2
Selector Switch
5 3 4
Key Switch
7 13 T0 18 T1 8 I5 24 I11
3 I0
4 I1
5 I2
6 I3
Selector Switch Position 1 - No Mode 2- Inch Mode 3 - Single Stroke Mode 4 - Continuous Mode 5 - Maintenance Mode
V0
I4
DeviceNet
1791-DS-IB12
Module 1
G0 11
24V Ground
272
Chapter 2
EPMS Module 1:I.Pt00Data Module 1:I.Pt01Data Module 1:I.Pt02Data Module 1:I.Pt03Data Module 1:I.Pt04Data 0 0 0 Module 1:I.CombinedStatus Module 1:I.Pt05Data Module 1:I.Pt11Data Input 1 Input 2 Input 3 Input 4 Input 5 Input 6 Input 7 Input 8 Input Status Lock Reset Fault Present ModeSelector Output 1 Output 2 Output 3 Output 4 Output 5 Output 6 Output 7 Output 8 NoModeSelected InchModeSelected SingleStrokeSelected 1 1 1 1 1
ContinuousModeSelected MaintenanceModeSelected
Note 1: This is an internal Boolean tag used by other parts of the user application not shown in this example. Key: Color code represents data or value typically used.

EPMS Eight Position Mode Selector ModeSelector EPMS Module1:I.Pt00Data Input 1 1 Module1:I.Pt01Data Input 2 1 Module1:I.Pt02Data Input 3 0 Module1:I.Pt03Data Input 4 1 Module1:I.Pt04Data Input 5 0 0 Input 6 Input 7 Input 8 0 O8 0 FP Input Status Module1:I.CombinedStatus 1 Module1:I.Pt05Data Lock 0 Module1:I.Pt11Data Reset 0
O1 O2 O3 O4 O5 O6 O7
273
Chapter 2
274
Chapter 2
275
Chapter 2
Auxiliary Valve Control (AVC)
The Auxiliary Valve Control (AVC) instruction controls an auxiliary valve that is used in conjunction with the main clutch or brake valves of a press. This instruction is used when a delay is desired between the enabling or disabling of the main clutch or brake valves and an auxiliary valve (for example, a soft clutch or brake application). The clutch or brake can then be engaged in a two-step sequence providing pressure relief for smoother starting or stopping of the press. One AVC instruction is required for each function that is to be carried out. For example, if a delay is needed when starting and stopping a press, one AVC instruction controls the start delay and another AVC instruction controls the stop delay. The timing of the auxiliary valve reaction is configurable. Also, the instruction can be set up to handle different valve types and positive or negative feedback signals. ATTENTION: It is not desirable at all times to allow the auxiliary valve reaction to be delayed. For example, in a press safety application, soft braking during the press downstroke is not allowed. For this reason, delays can be temporarily disabled by turning the Delay Enable input OFF (0).
276
Chapter 2
AVC Instruction Parameters

Table 100 - AVC Configuration Parameters
Parameter Feedback Type Data Type List Description This parameter defines feedback OFF and ON states for positive and negative feedback. Positive Negative Feedback Reaction Time Integer OFF (0): Output 1 OFF, Feedback 1 OFF. ON (1): Output 1 ON, Feedback 1 ON. OFF (0): Output 1 OFF, Feedback 1 ON. ON (1): Output 1 ON, Feedback 1 OFF.
This parameter specifies the amount of time that the instruction waits for the Feedback 1 input to reflect the state of Output 1 as defined by the Feedback Type parameter. The valid range is 51000 ms This parameter specifies where the auxiliary valve delay is to occur. See the timing diagrams on pages 279282 for details. ON (1): The delay occurs when the Actuate input transitions from OFF (0) to ON (1). OFF (0): The delay occurs when the Actuate input transitions from ON (1) to OFF (0). This parameter defines the time delay. The valid range is 52000 ms. This parameter specifies how the auxiliary valve reacts to the Actuate input. See the timing diagrams on pages 279282 for details. True: Output 1 changes state following the Actuate input. False: Output 1 changes state opposite to the Actuate input.
Delay Type
List
Delay Time Output Follows Actuate
Integer List
277
Chapter 2
Table 101 - AVC Inputs
Parameter Actuate Data Type Boolean Description This is the signal to actuate the valve. A change in state on this input causes Output 1 (the auxiliary valve) to react depending on the how the instruction is configured. See the timing diagrams on pages 279282 for more information. ON (1): Output 1 energizes as specified by the Delay Type and Output Follows Actuate inputs. OFF (0): Output 1 de-energizes as specified by the Delay Type and Output Follows Actuate inputs. This input indicates whether auxiliary valve delays are currently enabled. It can be used to temporarily disable auxiliary valve delays. If a delay of the auxiliary valve is not desired during any part of press operation, this input can be set to OFF (0). ON (1): Delays are currently allowed. OFF (0): Delays are not currently allowed and the auxiliary valve will react immediately. This input is constantly monitored to make sure that it reflects Output 1. When Output 1 transitions, this input must react within the configured Feedback Reaction Time. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input indicates the output status of the I/O module connected to this instruction. ON (1): The output module is operating properly. OFF (0): The output module is faulted or offline. Instruction outputs are set their safe state. This input clears the instruction faults provided the fault condition is not present. ON (1): The Fault Present and Fault Code outputs are reset.
Delay Enable
Boolean
Feedback 1 Input Status
Boolean Boolean
Output Status
Boolean
Reset(1)
Boolean
Table 102 - AVC Outputs
Name Output 1 (O1) Data Type Boolean Description This output is used to control an auxiliary valve. Output 1 is de-energized when the following occurs: A valve feedback fault occurs as described on page 282. Input Status or Output Status inputs turn OFF (0). The normal operation of the instruction causes Output 1 to be de-energized as described in the timing diagrams on pages 279281. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 103 on page 283 for a list of fault codes. This parameter is not safety-related. Diagnostic Code Integer This output indicates the diagnostic status of the instruction. See Table 104 on page 283 for a list of diagnostic codes. This parameter is not safety-related.
Fault Present (FP) Fault Code
Boolean Integer
IMPORTANT
278
Chapter 2
Normal Auxiliary Valve Reaction

Figure 184 shows a typical soft clutch setup where the auxiliary valve instruction is configured for an On-delay. When Actuate transitions from OFF (0) to ON (1) at (A), the delay timer starts if the Delay Enable input is ON (0). If the Output Follows Actuate input is True, Output 1 energizes once the delay period is over at (B). If the Output Follows Actuate input is False, Output 1 is energized only during the delay period. When the Actuate input transitions from ON (1) to OFF (0), Output 1 follows it and is de-energized immediately if the Output Follows Actuate input is True.
Figure 184 - Normal Auxiliary Valve Reaction (Delay Type = On) Timing Diagrams
Delay Type = ON (1) Output Follows Actuate = True (1)
1
Actuate
0 1
Output 1
Delay Time
0 A B C
Input Status, Output Status, and Delay Enable (not shown) = ON (1) Delay Type = ON (1) Output Follows Actuate = False (0)
1
Actuate
0 1
Output 1
0 A B
Delay Time
C
Input Status, Output Status, and Delay Enable (not shown) = ON (1)
In a soft clutch application, the time period from (A) to (B) indicates the soft part of the clutch engagement where there is pressure relief through the auxiliary valve. During this period, the main clutch valve is choked yielding a smoother clutch engagement.
279
Chapter 2
Figure 185 shows a typical brake setup where the auxiliary valve instruction is configured for an Off-delay. When the Actuate input transitions from OFF (0) to ON (1) at (A), Output 1 energizes immediately if the Output Follows Actuate input is True. When the Actuate input transitions from ON (1) to OFF (0) at (B), the delay timer starts if the Delay Enabled input is ON (1). If the Output Follows Actuate input is True, Output 1 remains energized until the delay period ends at (C). Output 1 is then de-energized. If the Output Follows Actuate input is False, Output 1 is energized only during the delay period.
Figure 185 - Normal Auxiliary Valve Reaction (Delay Type = Off) Timing Diagrams
Delay Type = OFF (0) Output Follows Actuate = True (1) Actuate
1 0
Output 1
Delay Time
0 A B C
Input Status, Output Status, and Delay Enable (not shown) = ON (1) Delay Type = OFF (0) Output Follows Actuate = False (0)
1
Actuate
0 1
Output 1
Delay Time
0 A B C
Input Status, Output Status, and Delay Enable (not shown) = ON (1)
In a soft brake application, the time period from (B) to (C) indicates the soft part of the brake engagement, where there is pressure relief from the auxiliary valve. During this period, the brake valve is choked, yielding a smoother brake engagement.
280
Chapter 2
Immediate Auxiliary Valve Reaction

Figure 186 shows the Delay Enable input changing from ON (1) to OFF (0) during the On-delay phase. When the Actuate input transitions from OFF (0) to ON (1) at (A), the delay timer starts. Then, the Delay Enable input transitions from ON (1) to OFF (0) before the delay timer expires and Output 1 is immediately energized at (B).
Figure 186 - Immediate Auxiliary Valve Reaction (Delay Type = On) Timing Diagram
Delay Type = ON (1) Output Follows Actuate (not shown) = True (1)
1 0
Actuate
Delay Enable
1 0 1
Output 1
0 A B
Delay Time
Input Status and Output Status (not shown) = ON (1)
Figure 187 shows the Delay Enable input changing from ON (1) to OFF (0) during the Off-delay phase. When the Actuate input transitions from ON (1) to OFF (0) at (A), the delay timer starts. Then, the Delay Enable input transitions from ON (1) to OFF (0) before the delay timer expires and Output 1 is immediately de-energized at (B).
Figure 187 - Immediate Auxiliary Valve Reaction (Delay Type = Off) Timing Diagram
Delay Type = OFF (0) Output Follows Actuate (not shown) = True (1) Actuate
1 0
Delay Enable
1 0 1
Output 1
0
Delay Time
A B
281
Chapter 2
Auxiliary Valve Feedback Fault

Figure 188 shows an example of a Feedback fault where the auxiliary valve did not react within the specified time with Delay Type = ON (1), Output Follows Actuate = True, and Feedback Type = Positive. When the Actuate input transitions from OFF (0) to ON (1) at (A), the delay timer begins. After the delay timer expires at (B), Output 1 is energized. At (C), the Feedback 1 input has not reacted within the specified Feedback Reaction Time, causing a fault. Output 1 is de-energized. The Fault Present output is cleared at (D) because the Reset output has been asserted and the Feedback 1 input is in the correct state. However, Output 1 cannot be energized again until (E), when the Actuate input turns OFF (0).
Figure 188 - Auxiliary Valve Feedback Fault Timing Diagram
Actuate
1 0 1
Delay Enable
0
Feedback
1 Reaction Time
Feedback 1
0 1
Reset
0 1
Fault Present
0 1
Output 1
0 A B C
Delay Time
D E
Output Follows Actuate (not shown) = True Delay Type = ON (1) Feedback type = Positive Input Status and Output Status (not shown) = ON (1)
AVC False Rung State Behavior

282
Chapter 2
AVC Fault and Diagnostic Codes

Fault Code 00H 20H 21H 5020H 5021H 5022H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The Output Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Feedback is inconsistent with the valve output. Feedback did not turn ON (1) when Output 1 transitioned from OFF (0) to ON (1). Feedback did not turn OFF when Output 1 transitioned from ON (1) to OFF (0). Corrective Action None. Check the I/O module connection. Reset the fault. Check the I/O module connection. Reset the fault. Check the feedback signal. Reset the fault. Check the feedback signal. Adjust the Feedback Reaction Time, if necessary. Reset the fault.

Diagnostic Code 00H 20H 21H 5000H Description No fault. The Input Status was OFF (0) when the instruction started. The Output Status input was OFF (0) when the instruction started. The Actuate input is held ON (1). Corrective Action None. Check the I/O module connection. Check the I/O module connection. Set the Actuate input to OFF (0).
283
Chapter 2
AVC Wiring and Programming Example

S1 S2 S3 S4
1 V0
21 V1
3 I0
13 T0
4 I1
14 T1
5 I2
15 T0
6 I3
16 T1
10 I7
DeviceNet
1791DS-IB8XOB8
Module 1
G0 11
G1 31
O0 23
O1 24
O2 25
O3 26
S1
S2
S3
S4
24V Ground
284
Chapter 2
This programming diagram shows the Auxiliary Valve Control (AVC) instruction used with a Main Valve Control (MVC) instruction.
MainValveActuated2 Negative 500 ms Press Run
1
MVC Feedback Type Feedback Reaction Time Actuate Feedback 1 Feedback 2 Input Status Output Status Reset
MainValve Output 1 Output 2 Module1:O.Pt00Data Module1:O.Pt01Data
Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.InputStatus Module1:I.OutputStatus Module1:I.Pt07Data
Fault Present
>=1
ValvesOK 2
Negative 500 ms ON 50 ms TRUE
SoftClutchValve AVC Output 1 Feedback Type Feedback Reaction Time Delay Type Delay Time Output Follows Actuate Acutate Delay Enable Feedback 1 Input Status Output Status Reset Fault Present
Module1:O.Pt02Data
SoftClutchEnable Module1:I.Pt02Data
Negative 500 ms OFF 50 ms FALSE CrankshaftPosition.DZ SoftBrakeEnable 1

1
&
SoftBrakeValve AVC Output 1 Feedback Type Feedback Reaction Time Delay Type Delay Time Output Follows Actuate Acutate Delay Enable Feedback 1 Input Status Output Status Reset Fault Present
Module1:O.Pt03Data
Module1:I.Pt03Data
NOTE 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. NOTE 2: This is an internal Boolean tag used by other parts of the user application and not shown in this example. Key: Color code represents data or value typically used.
285
Chapter 2

MVC Main Valve Control MainValve MVC NEGATIVE Feedback Type 500 Feedback Reaction Time (Msec) Actuate PressRun 0 Module3:I.Pt00Data Feedback 1 0 Module3:I.Pt01Data Feedback 2 0 Module3:I.InputStatus Input Status 0 Module3:I.OutputStatus Output Status 0 Module3:I.Pt07Data Reset 0 MainValve.O1 MainValve.O2 MainValve.FP / AVC Auxiliary Valve Control SoftClutchValve AVC NEGATIVE Feedback Type 500 Feedback Reaction Time (Msec) ON Delay Type 50 Delay Time (Msec) TRUE Output Follows Actuate Actuate PressRun 0 SoftClutchEnable Delay Enable 0 Module3:I.Pt02Data Feedback 1 0 Module3:I.InputStatus Input Status 0 Module3:I.OutputStatus Output Status 0 Module3:I.Pt07Data Reset 0 SoftClutchValve.O1 SoftBrakeEnable CrankPosition.DZ / O1 O2 FP
Module3:O.Pt00Data Module3:O.Pt01Data ValvesOK
O1 FP
Module3:O.Pt02Data SoftBrakeValve.DelayEnable
AVC Auxiliary Valve Control SoftBrakeValve AVC NEGATIVE Feedback Type 500 Feedback Reaction Time (Msec) OFF Delay Type 50 Delay Time (Msec) FALSE Output Follows Actuate Actuate PressRun 0 Delay Enable SoftBrakeValve.DelayEnable 0 Module3:I.Pt02Data Feedback 1 0 Module3:I.InputStatus Input Status 0 Module3:I.OutputStatus Output Status 0 Module3:I.Pt07Data Reset 0 SoftBrakeValve.O1
O1 FP
Module3:O.Pt03Data
MainValve.FP /
SoftClutchValve.FP /
SoftBrakeValve.FP /
ValvesOK
286
Chapter 2
287
Chapter 2
288
Chapter 2
Main Valve Control (MVC)
The Main Valve Control (MVC) instruction is used to control and monitor the main clutch or brake valve. This instruction supports valves with various reaction times and positive or negative feedback signals. Single-channel valves are supported by combining Output 1 and Output 2 to control the valve and combining Feedback 1 and Feedback 2 for monitoring.
MVC Instruction Parameters

Table 105 - MVC Configuration Parameters
Parameter Feedback Type Data Type List Description This parameter defines feedback OFF and ON states for positive and negative feedback signals. Positive Negative Feedback Reaction Time Integer OFF (0): Feedbacks OFF / Outputs OFF. ON (1): Feedbacks ON / Outputs ON. OFF (0): Feedbacks ON / Outputs OFF. ON (1): Feedbacks OFF / Outputs ON.
This parameter specifies the amount of time that the instruction waits for the Feedback 1 and Feedback 2 inputs to reflect the state of Output 1 and Output 2 as defined by the Feedback Type parameter. The valid range is 51000 ms.
289
Chapter 2
Table 106 - MVC Inputs
Parameter Actuate Data Type Boolean Description This input energizes or de-energizes Output 1 and Output 2. OFF (0) -> ON (1): Output 1 and Output 2 are energized if no faults exist. ON (1) -> OFF (0): Output 1 and Output 2 are de-energized. These inputs are constantly monitored to make sure that they reflect the state of Output 1 and Output 2. When Output 1 and Output 2 transition, these inputs must react within the Feedback Reaction Time. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid. This input indicates the output status of the I/O module or modules used by this instruction. ON (1): The output module is operating properly. OFF (0): The output module is faulted. Instruction outputs are set their de-energized (safe) state. This input clears the instruction faults provided the fault condition is not present. ON (1): The Fault Present and Fault Code outputs are reset.
Feedback 1 Feedback 2 Input Status
Output Status
Boolean
Reset(1)
Boolean
Table 107 - MVC Outputs
Parameter Output 1 (O1) Output 2 (O2) Data Type Boolean Boolean Description A redundant pair, these outputs are used to control a press clutch or brake valve. The outputs are de-energized when the following occurs: A feedback fault occurs as described on page 292. Input Status or Output Status inputs turn OFF (0). The normal operation of the instruction causes Output 1 and Output 2 to be de-energized as described in the timing diagram on page 291. ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 108 on page 293 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 109 on page 293 for a list of diagnostic codes. This parameter is not safety-related.
IMPORTANT
290
Chapter 2
MVC Normal Operation

Figure 196 shows normal operation of this instruction to control a press clutch or brake valve with Feedback Type = Positive. Outputs 1 and 2 are energized when the Actuate input transitions from OFF (0) to ON (1) at (A). Both feedback inputs react before the Feedback Reaction Time expires, so the outputs remain energized in steady state at (B). Outputs 1 and 2 are de-energized at (C) when the Actuate input transitions from ON (1) to OFF (0). Both of the feedback inputs react before the Feedback Reaction Time expires so the outputs remain deenergized in steady state at (D).
Actuate
1 0
Feedback 1
1 0 1
Feedback 2
0 1
Output 1
0 1
Output 2
0 A B C D
Feedback Type (not shown) = Positive Input Status and Output Status (not shown) = ON (1)
291
Chapter 2
MVC Feedback Fault

Figure 197 is an example of how a feedback fault can occur when either of the Feedback inputs fail to correctly reflect the state of Outputs 1 and 2 with Feedback Type = Positive. Outputs 1 and 2 are energized at (A), but at (B), Feedback 2 has not transitioned from OFF (0) to ON (1) before the Feedback Reaction Time has expired, generating a Feedback fault. The fault cannot be cleared at (C) because the Feedbacks 1 and 2 do not yet reflect the state of Outputs 1 and 2. The fault is cleared when an OFF (0) to ON (1) transition is detected on the Reset input and both Feedback inputs are OFF (0), correctly reflecting the state of Outputs 1 and 2 at (D).
Figure 197 - Feedback Fault Timing Diagram
1 0
Actuate
Feedback 1
1 0 1
Feedback 2
0 1
Reset
0
Fault Present 1
0 1
Output 1
0 1 0 A B C D
Output 2
Feedback Type (not shown) = Positive Input Status and Output Status (not shown) = ON (1)
MVC False Rung State Behavior

292
Chapter 2
MVC Fault and Diagnostic Codes

Fault Code 00H 20H 21H 5000H 5001H 5002H 5003H 5004H 5005H 5006H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The Output Status input transitioned from ON (1) to OFF (0) while the instruction was executing. Feedback 1 and Feedback 2 turned OFF (0) unexpectedly. Feedback 1 turned OFF (0) unexpectedly. Feedback 2 turned OFF (0) unexpectedly. Feedback 1 and Feedback 2 turned ON (1) unexpectedly. Feedback 1 turned ON (1) unexpectedly. Feedback 2 turned ON (1) unexpectedly. Feedback 1 and Feedback 2 did not turn ON (1) within the configured Feedback Reaction Time. Feedback 1 did not turn ON (1) within the configured Feedback Reaction Time. Corrective Action None. Check the I/O module connection. Reset the fault. Check the I/O module connection. Reset the fault. Check the feedback signals. Reset the fault. Check the Feedback 1 signal. Reset the fault Check the Feedback 2 signal. Reset the fault. Check the feedback signals. Reset the fault. Check the Feedback 1 signal. Reset the fault. Check the Feedback 2 signal Reset the fault. Check the feedback signals. Adjust the Feedback Reaction Time, if necessary. Reset the fault. Check the Feedback 1 signal. Adjust the Feedback Reaction Time, if necessary. Reset the fault. Check the Feedback 2 signal. Adjust the Feedback Reaction Time, if necessary. Reset the fault. Check the feedback signals. Adjust the Feedback Reaction Time, if necessary. Reset the fault. Check the Feedback 1 signal. Adjust the Feedback Reaction Time, if necessary. Reset the fault. Check the Feedback 2 signal. Adjust the Feedback Reaction Time, if necessary. Reset the fault.
5007H
5008H
Feedback 2 did not turn ON (1) within the configured Feedback Reaction Time.
5009H
Feedback 1 and Feedback 2 did not turn OFF (0) within the configured Feedback Reaction Time. Feedback 1 did not turn OFF (0) within the configured Feedback Reaction Time.
500AH
500BH
Feedback 2 did not turn OFF (0) within the configured Feedback Reaction Time.

Diagnostic Code 00H 20H 21H 5000H Description No fault. The Input Status was OFF (0) when the instruction started. The Output Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The Actuate input is held ON (1). Corrective Action None. Check the I/O module connection. Check the I/O module connection. Set the Actuate input to OFF (0).
293
Chapter 2
MVC Wiring and Programming Example

S1
S2
1 V0
21 V1
3 I0
13 T0
4 I1
14 T1
10 I7
DeviceNet
1791DS-IB8XOB8
Module 1
G0 11
G1 31
O0 23
O1 24
S1
S2
24V Ground
This programming diagram shows the Main Valve Control (MVC) instruction with inputs and outputs.
MainValveActuated Negative 500 ms Press Run 1 Module1:I.Pt00Data Module1:I.Pt01Data Module1:I.InputStatus Module1:I.OutputStatus Module1:I.Pt07Data MVC Feedback Type Feedback Reaction Time Actuate Feedback 1 Feedback 2 Input Status Output Status Reset Fault Present ValvesOK 2 MainValve Output 1 Output 2 Module1:O.Pt00Data Module1:O.Pt01Data
NOTE 1: This is an internal Boolean tag that has its value determined by other parts of the user application not shown in this example. NOTE 2: This is an internal Boolean tag used by other parts of the user application and not shown in this example. Key: Color code represents data or value typically used.
294
Chapter 2

MVC Main Valve Control MainValve MVC NEGATIVE Feedback Type 500 Feedback Reaction Time (Msec) Actuate ManualValveControl.O1 0 Module3:I.Pt00Data Feedback 1 0 Module3:I.Pt01Data Feedback 2 0 Module3:I.InputStatus Input Status 0 Module3:I.OutputStatus Output Status 0 Module3:I.Pt07Data Reset 0 MainValve.O1 MainValve.O2
O1 O2 FP
295
Chapter 2
296
Chapter 2
297
Chapter 2
Maintenance Manual Valve Control (MMVC)
The Maintenance Manual Valve Control (MMVC) instruction is intended to manually drive a press valve during a maintenance operation. Manual drive of the valve is permitted when the instruction is enabled and in the permissive state. The permissive state means all of these conditions have been met: A key switch is enabled. The flywheel is stopped. The slide is at bottom-dead-center (BDC). The Safety Enable input is ON (1). One instruction is required for each valve that needs to be manually controlled. ATTENTION: This instruction should only be enabled during a maintenance operation and should never be used during press operation. ATTENTION: Besides sourcing the Bottom and Flywheel Stopped inputs, you must perform a visual inspection to make sure the press is at bottom-deadcenter (BDC) and that the flywheel is not in motion before activating the keyswitch and enabling the valve. ATTENTION: The Keyswitch Enable input must only be activated with a supervised key switch.
298
Chapter 2
MMVC Instruction Parameters

IMPORTANT Do not use the same tag name for more than one instruction in the same program. Do not write to any instruction output tag under any circumstances. ATTENTION: If you change instruction parameters while in Run mode, you must accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect. The following table explains the instruction inputs. The inputs may be field device signals from input devices or derived from user logic.
Table 110 - MMVC Inputs
Parameter Enable Data Type Boolean Description This input is the instruction enable from mode switch. This instruction should be enabled in maintenance mode only. ON (1): The instruction is enabled. Output 1 can be energized after the Actuate input transitions from OFF (0) to ON (1) when the instruction is in the permissive state. OFF (0): The instruction is not enabled. Output 1 cannot be energized. This is the supervised keyswitch input for the instruction. ON: The instruction is activated. OFF: The instruction is not activated. Output 1 cannot be energized. This input indicates slide position. ON (1): The slide is at bottom-dead-center (BDC). OFF (0): The slide is not at BDC. Output 1 cannot be energized. This input indicates whether or not the flywheel is stopped. This input must be ON (1) to allow manual valve control. ON (1): The flywheel is stopped. OFF (0): The flywheel is not stopped. This input represents the status of safety-related permissive devices such as E-stops, light curtains or safety gates. This input is optional on this instruction for extra protection if required for a particular application. ON (1): Indicates that permissive devices are actively guarding the danger zone and permits the energizing of Output 1. OFF (0): Indicates that permissive devices are no longer protecting the danger zone and prevents the energizing of Output 1. This input is the signal to manually actuate the valve, energizing or de-energizing Output 1. OFF (0) -> ON (1): Output 1 is energized if the instruction is enabled, the Keyswitch input is activated, and no faults exist. ON (1) -> OFF (0): Output 1 is de-energized. If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmers responsibility to determine the conditions. ON (1): The inputs to this instruction are valid. OFF (0): The inputs to this instruction are invalid.
Keyswitch
Boolean
Bottom
Boolean
Flywheel Stopped
Boolean
Safety Enable
Boolean
Actuate
Boolean
Input Status
Boolean
299
Chapter 2
Table 110 - MMVC Inputs

Parameter Output Status Data Type Boolean Description This input indicates the output status of the I/O module connected to this instruction. ON (1): The output module is operating properly. OFF (0): The output module is faulted or offline. Instruction outputs are set their safe state. This input clears instruction faults provided the fault condition is not present. ON (1): The Fault Present and Fault Code outputs are reset.
Reset(1)
Boolean
Table 111 - MMVC Outputs
Parameter Output 1 (O1) Data Type Boolean Description This output manually controls a valve. The output is de-energized when the following occurs: The Enable input transitions from ON (1) to OFF (0). The Keyswitch input transitions from ON (1) to OFF (0). The Bottom input transitions from ON (1) to OFF (0), indicating the slide has left bottom-dead-center. The Flywheel Stopped input transitions from ON (1) to OFF (0), indicating flywheel motion. The Safety Enable input transitions from ON (1) to OFF (0). The Input Status or Output Status inputs have turned OFF (0). The Actuate input transitions from ON (1) to OFF (0). ON (1): A fault is present in the instruction. OFF (0): The instruction is operating normally. This output indicates the type of fault that occurred. See Table 112 on page 304 for a list of fault codes. This parameter is not safety-related. This output indicates the diagnostic status of the instruction. See Table 113 on page 304 for a list of diagnostic codes. This parameter is not safety-related.
IMPORTANT
300
Chapter 2
MMVC Normal Operation

Figure 205 shows normal operation of this instruction to manually drive a valve. The instruction enters the permissive state at (A) because the instruction has been enabled, bottom-dead-center (BDC) has been achieved, the flywheel is stopped, and the Safety Enable input is ON (1). Output 1 is energized at (B) because a rising edge is detected on the Actuate input, manually energizing the valve. Output 1 is de-energized at (C) because the Actuate input is turned OFF (0). Output 1 is energized again when another rising edge is detected on the Actuate input at (D). Output 1 is de-energized at (E) because the Enable input turns OFF (0), resetting the instruction. Finally, Output 1 is energized at (F) once the instruction is back in a permissive state and a rising edge is detected on the Actuate input. None of the conditions in this example results in a fault.
1 0
Enable
Keyswitch
1 0 1
Bottom
0 1 0
Flywheel Stopped
Safety Enable
1 0 1
Actuate
0 1
Output 1
0 A B C D E F
301
Chapter 2
MMVC Actuate in Non-permissive State

Figure 206 shows conditions that do not allow Output 1 to be energized because the instruction is not in a permissive state when the Actuate input transitions from OFF (0) to ON (1). Output 1 is not energized at (A) because the instruction is not enabled when the Actuate input transitions from OFF (0) to ON (1). The instruction is enabled, but faults immediately when the Actuate input transitions from OFF to ON because the Safety Enable input is OFF (0) at (B). The fault cannot be cleared because the fault condition still exists at (C). Finally, the fault is cleared at (D) when the Reset input transitions from OFF (0) to ON (1) because the Safety Enable input is now ON (1). Output 1 can now be energized when the Actuate input transitions from OFF (0) to ON (1).
Figure 206 - Actuate in Non-permissive State Timing Diagram
Enable
1 0
Keyswitch
1 0 1
Bottom
0 1
Flywheel Stopped
0 1
Safety Enable
0 1 0
Actuate
Reset
1 0
Fault Present
1 0
Output 1
1 0 A B C D
302
Chapter 2
MMVC Fault After Output 1 Energized

Output 1 is energized at (A) after the Actuate input transitions from OFF (0) to ON (1) when the instruction is in the permissive state. The instruction faults at (B) because the slide is no longer at bottom-dead-center (BDC). The fault is cleared at (C) when the Reset input transitions from OFF (0) to ON (1) and the slide has returned to BDC. Another fault is generated at (D) when the Actuate input transitions from OFF (0) to ON (1) and the flywheel is not stopped.
Figure 207 - Fault After Output 1 Energized Timing Diagram
1
Enable
0 1
Keyswitch
0 1 0 1
Bottom
Flywheel Stopped
0 1
Safety Enable
0 1
Actuate
0 1 0 1
Reset
Fault Present
0 1 0 A B C D
Output 1
MMVC False Rung State Behavior

303
Chapter 2
MMVC Fault and Diagnostic Codes

Fault Code 00H 20H 21H 5040H Description No fault. The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The Output Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The slide was not at bottom-dead-center (BDC) when the valve was enabled. Corrective Action None. Check the I/O module connection. Reset the fault. Check the I/O module connection. Reset the fault. Visually check to make sure the slide is at bottom. Check the Bottom input signal. Reset the fault. Visually check to make sure that the flywheel is not in motion. Check the Flywheel Stopped input signal. Reset the fault. Visually check that the permissive inputs tied to the Safety Enable input are functioning properly. Check the Safety Enabled input signal. Reset the fault. Turn the keyswitch on. Check the Keyswitch input signal. Reset the fault.
5041H
Flywheel motion was detected when the valve was enabled.
5042H
Safety Enable was OFF (0) when the valve was enabled.
5043H
The Keyswitch input was OFF (0) when the valve was enabled.

Diagnostic Code 00H 20H 21H 5000H 5040H 5041H 5042H Description No fault. The Input Status was OFF (0) when the instruction started. The Output Status input transitioned from ON (1) to OFF (0) while the instruction was executing. The Actuate input is held ON (1). The slide was not at bottom-dead-center (BDC). Flywheel motion detected. The Safety Enable signal is OFF (0). Corrective Action None. Check the I/O module connection. Check the I/O module connection. Set the Actuate input to OFF (0). Visually make sure that the slide is at bottom. Check the Bottom input signal. Visually make sure that the flywheel is not in motion. Check the Flywheel Stopped input signal. Visually make sure that the permissive inputs tied to the Safety Enable signal are operating properly. Check the Safety Enable input signal. Enable the Keyswitch input.
5043H
The keyswitch is disabled.
304
Chapter 2
MMVC Wiring and Programming Example

This application example complies with ISO 13849-1, Category 4 operation. The standard control portion of the application is not shown.
S1 S2
BDC Cam
Safe Speed Monitor Zero Speed
Key Switch
1 V0 21 V1 3 I0 13 T0 4 I1 14 T1 5 I2 6 I3 16 T1 15 T0 17 T0 7 I4 8 I5 19 T0 9 I6 10 I7
DeviceNet
1791DS-IB8XOB8
Module 1
G0 11
G1 31
O0 23
O1 24
S1
S2
24V Ground
305
Chapter 2
This programming diagram shows the MMVC instruction used with a Dualchannel Input Start (DCSRT) instruction and a Main Valve Control (MVC) instruction.
Level1Safeties Level2Safeties
&
MaintenanceModeSelected Module1:I.Pt06Data Module1:I.Pt04Data Module1:I.Pt05Data MaintenanceStart DCSRT Input Type Output 1 Discrepancy Time Enable Module1:I.Pt02Data Module1:I.Pt03Data Channel A Channel B Input Status Reset Module1:I.InputStatus Module1:I.OutputStatus Fault Present
ManualValveControl MMVC Output 1 Enable Keyswitch Bottom Flywheel Stopped Safety Enable Actuate Input Status Output Status Reset Fault Present
Equivalent Active High 500 ms
Module1:I.Pt07Data
Negative 500 ms
MVC Enable Feedback Reaction Time Actuate Feedback 1 Feedback 2 Input Status Output Status Reset
Output 1 Output 2
Module1:I.Pt00Data Module1:I.Pt01Data
Fault Present

306
Chapter 2

DCSRT Dual Channel Input Start MaintenanceStart DCSRT START BUTTON Safety Function Input Type EQUIVALENT - ACTIVE HIGH 500 Discrepancy Time (Msec) Module3:I.Pt06Data Enable 0 Module3:I.Pt02Data Channel A 0 Module3:I.Pt03Data Channel B 0 Module3:I.InputStatus Input Status 0 Module3:I.Pt07Data Reset 0 Level1SafetiesOK Level2SafetiesOK
O1 FP
ManualValveControl.SafetyEnable
MMVC Maintenance Manual Valve Control ManualValveControl MMVC MaintenanceModeSelected Enable 0 Module3:I.Pt06Data Keyswitch 0 Module3:I.Pt04Data Bottom 0 Module3:I.Pt04Data Flywheel Stopped 0 Safety Enable ManualValveControl.SafetyEnable 0 Actuate MaintenanceStart.O1 0 Module3:I.InputStatus Input Status 0 Module3:I.OutputStatus Output Status 0 Module3:I.Pt07Data Reset 0 MVC Main Valve Control MainValve MVC NEGATIVE Feedback Type 500 Feedback Reaction Time (Msec) Actuate ManualValveControl.O1 0 Module3:I.Pt00Data Feedback 1 0 Module3:I.Pt01Data Feedback 2 0 Module3:I.InputStatus Input Status 0 Module3:I.OutputStatus Output Status 0 Module3:I.Pt07Data Reset 0 MainValve.O1 MainValve.O2
O1 FP
O1 O2 FP
307
Chapter 2
308
Chapter 2
309
Chapter 2
Notes:
310
Appendix
RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions
Topic General Information Diverse Input (DIN) Instruction Redundant Input (RIN) Instruction Emergency Stop (ESTOP) Instruction Enable Pendant (ENPEN) Instruction Light Curtain (LC) Instruction Five-position Mode Selector (FPMS) Instruction Redundant Output with Continuous Feedback Monitoring (ROUT) Two-hand Run Station (THRS) Instruction
Page 311 317 325 333 341 349 362 366 374
General Information
This chapter provides general information about using the safety application instructions within a safety system that has a controller and I/O modules.
De-energize to Trip System

The GuardLogix Safety controller is part of a de-energize to trip system. This means that all of its outputs are set to zero when a fault is detected. In addition, the GuardLogix Safety controller automatically sets any input values associated with faulty input modules to zero. As a result, any inputs being monitored by one of the diverse input instructions (DIN or THRS) should have the normally-closed input conditioned by logic such as that shown in Figure 215.
Figure 215 - Example Ladder Logic for Instructions that Use Diverse Inputs
Input Module Connection Faulted Input Data
Input Status
311
Appendix A
The exact ladder logic depends on your specific system requirements, and the functionality of the Safety input module. The result, however, should be the same: to create a Safe state of one for the normally-closed input of the diverse input instructions. This example logic actually overrides the input value in the input tag. The normally-closed input of the diverse input instruction should be placed in a Safe state whenever the connection to the input module is lost, or the normallyclosed input point is faulted. The input value should remain intact to represent the actual state of the field device when there is a connection and the normally-closed input point is not faulted. Failure to implement this type of logic does not create an unsafe condition, but it does result in the instruction latching an Inputs Inconsistent fault, requiring a clear fault operation to be performed.
System Dependencies
The safety application instructions depend on the safety I/O modules, controller operating system, and the ladder logic to perform portions of the safety functions.
Input and Output Line Conditioning

Safety I/O modules provide pulse test and monitoring capabilities. If the module detects a failure, it sets the offending input or output to the Safe state and reports the failure to the controller. The failure indication is made via the input or output point status, and is maintained for a configurable amount of time, or until the failure is repaired, whichever comes last. IMPORTANT Ladder logic must be included in the application program to latch these I/O point failures and verify proper restart behavior.
For more information on Safety I/O modules, refer to the DeviceNet Safety I/O User Manual, publication 1791DS-UM001.
I/O Module Connection Status

A CIP Safety system provides connection status for each I/O device in the safety system. If an input connection failure is detected, the operating system sets all associated inputs to the de-energized (safe) state, and reports the failure to the
312
Appendix A
ladder logic. If an output connection failure is detected, the operating system can only report the failure to the ladder logic. IMPORTANT Ladder logic must be included in the application program to monitor and latch any connection failures and be sure of proper restart behavior.
How to Latch and Reset Faulted I/O

The diagrams in Figure 216 and Figure 217 provide examples of the ladder logic required to latch and reset an I/O module connection or point failure. Figure 216 shows the ladder logic for an input point, Figure 217 shows the ladder logic for an output point. IMPORTANT Both of these diagrams are examples, and are for illustrative purposes only. The suitability of this logic depends upon your specific system requirements.
Figure 216 - Example Ladder Logic to Latch and Reset an Input

Input Module Connection Faulted Input Faulted ***Internal Tag***
Input Point Status
Fault Reset
Fault Reset Oneshot
Input Module Connection Faulted
Input Point Status
Input Faulted ***Internal Tag***
ONS
Input Point Data
Input Faulted ***Internal Tag***
Output ***Internal Tag***
The first rung latches an internal indication that either the module connection or the specific input point has failed. The second rung resets the internal indication, but only if the fault has been repaired, and only on the rising edge of the Fault Reset signal. This prevents the safety function from automatically restarting if the Fault Reset signal gets stuck on. The third rung shows the input point data used in combination with the internal fault indication to control an output.
313
Appendix A
The output is internal data that may be used in combinational logic later to drive an actual output. If an actual output is used directly, it may or may not require logic similar to that shown in Figure 217 for latching and resetting output connection failures. The Fault Reset contact shown in these examples is typically activated as a result of operator action. The Fault Reset could be derived as a result of combinational logic or directly from an input point (in which case, it may or may not require conditioning of its own).
Figure 217 - Example Ladder Logic to Latch and Reset an Output
Output Module Connection Faulted Output Faulted ***Internal Tag***
Output Point Status
Fault Reset
Fault Reset Oneshot
Output Module Connection Faulted
Output Point Status
Output Faulted ***Internal Tag***
ONS
User-defined logic to activate User defined logic to output.
Output Faulted ***Internal Tag***
Output Point Data
activate output
The ladder logic in Figure 217 has the same latch and reset concept as that shown in Figure 216. The first rung latches an internal indication that either the module connection or the specific output point has failed. The second rung resets the internal indication, but only if the fault has been repaired, and only on the rising edge of the Fault Reset signal. This prevents the safety function from automatically restarting if the Fault Reset signal gets stuck on. The third rung includes application-specific logic to drive the state of an output point. This logic is conditioned by the output faulted internal indicator.
314
Appendix A
False Rung State Behavior

The information provided in this manual regarding the GuardLogix Safety application instructions depicts the True Rung State (Relay Ladder Logic) behavior of the instructions. The False Rung State behavior is exactly the same (internal state machines continue to run and change states based on the inputs) except that all outputs, including prompts and fault indicators, are set to zero when the instructions are disabled or on a false rung.
I/O Point Mapping

This section contains information about I/O point mapping.
Input
Table 114 identifies the mapping between the safety I/O modules input points and the controller tags when the safety I/O modules Input-Status module definition is configured for Point Status or Combined Status. Note that moduleName is the name you assign to the I/O module.
Table 114 - Input Point Mapping
I/O Module Point Data IN 0 IN 1 IN 2 IN n moduleName:I.Pt00Data moduleName:I.Pt01Data moduleName:I.Pt02Data moduleName:I.PtnData Controller Tag Reference Point Status moduleName:I.Pt00InputStatus moduleName:I.Pt01InputStatus moduleName:I.Pt02InputStatus moduleName:I.PtnInputStatus moduleName:I.InputStatus Combined Status
315
Appendix A
Output
Table 115 identifies the mapping between the safety I/O modules output points and the controller tags when the safety I/O modules Output-Status module definition is configured for Point Status or Combined Status. Note that moduleName is the name you assign to the I/O module.
Table 115 - Output Point Mapping
I/O Module Point Data OUT 0 OUT 1 OUT 2 OUT n moduleName:O.Pt00Data moduleName:O.Pt01Data moduleName:O.Pt02Data moduleName:O.PtnData Controller Tag Reference Point Status moduleName:I.Pt00OutputStatus moduleName:I.Pt01OutputStatus moduleName:I.Pt02OutputStatus moduleName:I.PtnOutputStatus moduleName:I.OutputStatus Combined Status
316
Appendix A
Diverse Input (DIN) Instruction
The basic purpose of the Diverse Input (DIN) instruction is to emulate the input functionality of a safety relay in a software-programmable environment that is intended for use in SIL3/Cat. 4 safety applications.
Instruction Parameters
IMPORTANT Make sure your safety input modules are configured as Single, not Equivalent or Complementary. These instructions provide all dual-channel functionality necessary for PLd (Cat. 3) or PLe (Cat. 4) safety functions.
This table explains the instruction inputs.

Table 116 - DIN Inputs
Parameter DIN Reset Type Channel A(1) Channel B(1) Circuit Reset Data Type Pre-defined Data Type Boolean Boolean Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not use the same pre-defined data-type tag name in more than one instruction. The reset type determines whether the instruction is using Manual or Automatic reset for Output 1. Channel A Input (Normally Open). Channel B Input (Normally Closed). Circuit Reset Input. Manual Reset - Sets Output 1 after Channel A and Channel B transition from the Safe state to the Active state, and the Circuit Reset input transitions from zero to one. Automatic Reset - Visible, but not used. After fault conditions are corrected for the instruction, the fault outputs for the instruction are cleared when this input transitions from off to on. Safe, Active, and Initial Values Manual or Automatic Safe = 0, Active = 1 Safe = 1, Active = 0 Initial = 0, Reset = 1
Fault Reset
Boolean
Initial = 0, Reset = 1
(1) If this input is from a Guard I/O input module, make sure the input is configured as single, not Equivalent or Complementary.
317
Appendix A
This table explains the instruction outputs.

Table 117 - DIN Outputs
Parameter Output 1 Cycle Inputs Data Type Boolean Boolean Description Output 1 is set to the Active state when input conditions are met. Cycle Inputs prompt for action. Before Output 1 is turned on, Channel A and Channel B inputs must be cycled through their Safe States at the same time before the circuit can be reset. This prompt is cleared when Channel A and Channel B transition to the safe state. Manual Reset - The Circuit Reset Held On prompt is set when both input channels transition to the Active states, and the Circuit Reset input is already on. The Circuit Reset Held On prompt is cleared when the Circuit Reset input is turned off. Automatic Reset - Visible, but not used. This fault is set when Channel A and Channel B inputs are in inconsistent states (one Safe and one Active) for a period of time greater than the Inconsistent Time Period (listed below). This fault is cleared when Channel A and Channel B inputs return to consistent states (both Safe or both Active) and the Fault Reset input transitions from off to on. Inconsistent Time Period: 500 ms. This is set whenever a fault is present in the instruction. Output 1 cannot enter the Active state when Fault Present is set. Fault Present is cleared when all faults are cleared and the Fault Reset input transitions from off to on. Safe, Active, and Initial Values Safe = 0, Active = 1 Initial = 0, Prompt = 1
Circuit Reset Held On
Boolean
Initial = 0, Prompt = 1
Inputs Inconsistent
Boolean
Initial = 0, Fault = 1
Fault Present
Boolean
IMPORTANT
318
Appendix A
Normal Operation
This instruction monitors the states of two input channels and turns on Output 1 when the following conditions are met: When using Manual Reset: both inputs are in the Active state and the Circuit Reset input is transitioned from a zero to a one. When using Automatic Reset: both inputs are in the Active state for 50 ms. This instruction turns Output 1 off when either one or both of the input channels returns to the Safe state. The Diverse Input (DIN) instruction has one input channel that is normally open and one that is normally-closed. This means that a zero on the normally open channel and a one on the normally-closed channel represents the Safe state and vice-versa for the Active state. See the De-energize to Trip System section on page 311 for information about how to condition the input data associated with the normally-closed channel. These normal operation state changes are shown in the following timing diagrams.
Figure 218 - Normal Operation with Manual and Automatic Reset Timing Diagrams
Manual Reset Channel A Automatic Reset Channel A
1 0 1
1 0 1
Channel B
Channel B
0
Circuit Reset
0 50 ms 1
Output 1
1 0
Output 1
1 0
319
Appendix A
Operation with Inconsistent Inputs

This instruction generates a fault if the input channels are in inconsistent states (one Safe and one Active) for more than the specified period of time. The inconsistent time period is 500 ms (t1). This fault condition is enunciated via the Inputs Inconsistent and the Fault Present outputs. Output 1 cannot enter the Active state while the Fault Present output is active. The fault indication is cleared when the offending condition is remedied and the Fault Reset input is transitioned from zero to one. These state changes are shown in the following timing diagram.
Figure 219 - Inputs Inconsistent, Fault Present, and Fault Reset Timing Diagram
1
Channel A
0
Channel B
1 0 1
Output 1
0 t1 1
Inputs Inconsistent
0 1
Fault Present
0 1
Fault Reset
0
t1 = Inputs Inconsistent Time Period
320
Appendix A
Operation with Circuit Reset Held On - Manual Reset Only

This instruction also sets the Circuit Reset Held On output prompt if the Circuit Reset input is set (1) when the input channels transition to the Active state. These state changes are shown in the following timing diagram.
Figure 220 - Circuit Reset Held On Timing Diagram
1
Channel A
0 1 0
Channel B
Circuit Reset 1
0
Output 1
1 0
Circuit Reset Held On 1

0
Cycle Inputs Operation

If, while Output 1 is active, one of the input channels transitions from the Active state to the Safe state and back to the Active state before the other input channel transitions to the Safe state, the Cycle Inputs output prompt is set, and Output 1 cannot enter the Active state again until both input channels cycle through their Safe states. These state changes are shown in the following timing diagram.
Figure 221 - Cycle Inputs Timing Diagram
1
Channel A
0 1
Channel B
0 1
Output 1
0 1
Cycle Inputs
321
Appendix A
Diverse Input with Manual Reset Wiring Example

Figure 222 is one example of how to wire a two-channel switch having diverse inputs to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
The inputs shown on this wiring diagram correspond to the inputs for the instruction.
V E1 G
IN0 T0
IN1 T1
IN2 T2
IN3
1791DS Safety Module
S2
S3
E1 - 24V Power Supply S1 - Diverse Input Switch S2 - Circuit Reset Switch S3 - Fault Reset Switch
S1
S1 as shown is in the Active state. IN0 - Normally Open, IN1 - Normally Closed.
Diverse Input with Manual Reset Programming Example

Figure 223 shows how the Diverse Input instruction with Manual Reset can be applied to the wiring diagram shown above.
1756-L62S User Program Diverse Input
DIN Reset Type Channel A Channel B Circuit Reset Fault Reset
DIN
dinData Type MA NUAL moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1 O1 CI CRHO II FP
IN 0 IN 1 IN 2 IN 3
moduleName:I.Pt02Data 0 moduleName:I.Pt03Data
0
322
Appendix A
ISO 13849-1 Category 4 requires that inputs be independently pulse tested. RSLogix 5000 programming software is used to configure the following I/O module parameters for pulse testing.
Table 118 - Input Configuration
Input Point 0 (IN0) 1 (IN1) 2 (IN2) 3 (IN3) Type Single Single Single Single Point Mode Safety Pulse Test Safety Pulse Test Safety Safety Test Source 0 (T0) 1 (T1) None None
Table 119 - Test Output

Test Output Point 0 (T0) 1 (T1) 2 (T2) 3 (T3) Point Mode Pulse Test Pulse Test Power Supply Not Used
Diverse Input with Automatic Reset Wiring Example

Figure 224 is one example of how to wire a two-channel switch having diverse inputs to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. ATTENTION: Various safety standards (EN 60204, ISO 13849-1) require that when using the Automatic Circuit Reset feature, other measures must be implemented to ensure that an unexpected (or unintended) startup will not occur in the system or application.
V E1 G
IN0 T0
IN1 T1
IN2 T2
E1 - 24V Power Supply S1 - Diverse Input Switch S2 - Fault Reset Switch
S2 S1
S1 as shown is in the Active state. IN0 - Normally Open, IN1 - Normally Closed.
323
Appendix A
Diverse Input with Automatic Reset Programming Example

Figure 225 shows how the Diverse Input instruction with Automatic Reset can be applied to the wiring diagram shown in Diverse Input with Automatic Reset Wiring Example on page 323.
1756-L62S User Program Diverse Input
DIN Reset Type Channel A Channel B Circuit Reset
DIN
dinData Type AUTOMATIC moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1 notUsedTag 0 moduleName:I.Pt02Data 0 O1 CI CRHO II FP
IN 0 IN 1
IN 2
Fault Reset
Point 0 (IN0) 1 (IN1) 2 (IN2) Type Single Single Single Point Mode Safety Pulse Test Safety Pulse Test Safety Test Source 0 (T0) 1 (T1) None

Point 0 (T0) 1 (T1) 2 (T2) Point Mode Pulse Test Pulse Test Power Supply
324
Appendix A
Redundant Input (RIN) Instruction
The basic purpose of the Redundant Input (RIN) instruction is to emulate the input functionality of a safety relay in a software-programmable environment that is intended for use in SIL3/Cat. 4 safety applications.
IMPORTANT Make sure your safety input modules are configured as single, not Equivalent or Complementary. These instructions provide all dual-channel functionality necessary for PLd (Cat. 3) or PLe (Cat. 4) safety functions.

Table 122 - RIN Inputs
Parameter RIN Data Type Pre-defined Data Type Boolean Boolean Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not use the same pre-defined data-type tag name in more than one instruction. The reset type determines whether the instruction is using Manual or Automatic reset for Output 1. Channel A Input (Normally Open). Channel B Input (Normally Open). Circuit Reset Input. Manual Reset - Sets Output 1 after Channel A and Channel B transition from the Safe state to the Active state, and the Circuit Reset input transitions from zero to one. Automatic Reset - Visible, but not used. Fault Reset Boolean After fault conditions are corrected for the instruction, the fault outputs for the instruction are cleared when this input transitions from off to on. Initial = 0, Reset = 1 Manual or Automatic Safe = 0, Active = 1 Safe = 0, Active = 1 Initial = 0, Reset = 1 Safe, Active, and Initial Values
Reset Type Channel A(1) Channel B(1) Circuit Reset
325
Appendix A

Table 123 - RIN Outputs
Parameter Output 1 Cycle Inputs Data Type Boolean Boolean Description Output 1 is set to the Active state when input conditions are met. Cycle Inputs prompt for action. Before Output 1 is turned on, Channel A and Channel B inputs must be cycled through their Safe States at the same time before the circuit can be reset. This prompt is cleared when Channel A and Channel B transition to the safe state. Manual Reset - The Circuit Reset Held On prompt is set when both input channels transition to the Active states, and the Circuit Reset input is already on. The Circuit Reset Held On prompt is cleared when the Circuit Reset input is turned off. Automatic Reset - Visible, but not used. This fault is set when Channel A and Channel B inputs are in inconsistent states (one Safe and one Active) for a period of time greater than the Inconsistent Time Period (listed below). This fault is cleared when Channel A and Channel B inputs return to consistent states (both Safe or both Active) and the Fault Reset input transitions from off to on. Inconsistent Time Period: 500 ms. This is set whenever a fault is present in the instruction. Output 1 cannot enter the Active state when Fault Present is set. Fault Present is cleared when all faults are cleared and the Fault Reset input transitions from off to on. Safe, Active, and Initial Values Safe = 0, Active = 1 Initial = 0, Prompt = 1
Boolean
Inputs Inconsistent
Boolean
Fault Present
Boolean
IMPORTANT
326
Appendix A
Normal Operation
This instruction monitors the states of two input channels and turns on Output 1 when the following conditions are met: When using Manual Reset: both inputs are in the Active state and the Circuit Reset input is transitioned from a zero to a one. When using Automatic Reset: both inputs are in the Active state for 50 ms. This instruction turns Output 1 off when either one or both of the input channels return to the Safe state. Both input channels for the Redundant Input (RIN) instruction are normally open. This means zeros on both channels represent the Safe state, and ones on both channels represent the Active state. These normal operation state changes are shown in the following timing diagrams.
Manual Reset Channel A
1 0
Automatic Reset Channel A 1

0
Channel B
Channel B
0 1
1 0 50 ms
Circuit Reset
Output 1
0 1 0
1 0
Output 1
327
Appendix A

Channel A 1
0
Channel B
1 0 1
Output 1 0
t1
Inputs Inconsistent
1 0
Fault Present
1 0
Fault Reset t1 = Inputs Inconsistent Time Period
1 0
328
Appendix A

Channel A
1 0
Channel B 1
0
Circuit Reset 1
0
Output 1
1 0
1 0

Channel A 1
0
Channel B 1
0
Output 1
1 0
Cycle Inputs
1 0
329
Appendix A
Redundant Input with Manual Reset Wiring Example

Figure 230 is one example of how to wire a two-channel switch having two normally-open contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
V E1 G
IN0 T0
IN1 T1
IN2 T2
IN3
S2
S3
E1 - 24V Power Supply S1 -Redundant Input Switch S2 - Circuit Reset Switch S3 - Fault Reset Switch
S1
Redundant Input with Manual Reset Programming Example

Figure 231 shows how the Redundant Input instruction with Manual Reset can be applied to the wiring diagram shown above.
1756-L62S User Program RIN Redundant Input
RIN rinData Type MA NUAL moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1 moduleName:I.Pt02Data 0 moduleName:I.Pt03Data 0 O1 CI CRHO II FP
IN 0 IN 1 IN 2 IN 3
Reset Type Channel A

Channel B Circuit Reset Fault Reset
330
Appendix A

Redundant Input with Automatic Reset Wiring Example

Figure 232 shows one example of how to wire a two-channel switch having two normally-open contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. ATTENTION: Various safety standards (EN 60204, ISO 13849-1) require that when using the Automatic Circuit Reset feature, other measures must be implemented to ensure that an unexpected (or unintended) startup will not occur in the system or application.
V E1 G IN0 T0 IN1 T1 IN2 T2
E1 - 24V Power Supply S1 - Redundant Input Switch S2 - Fault Reset Switch
S2 S1
331
Appendix A
Redundant Input with Automatic Reset Programming Example

Figure 233 shows how the Redundant Input instruction with Automatic Reset can be applied to the wiring diagram shown in Redundant Input with Automatic Reset Wiring Example on page 331.
Figure 233 - Programming Example
1756-L62S User Program RIN Redundant Input
RIN rinData Type AUTOMATIC moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1
Circuit Reset notUsedTag 0 moduleName:I.Pt02Data
O1 CI CRHO II FP
IN 0 IN 1

Channel B
IN 2
Fault Reset
Input Point 0 (IN0) 1 (IN1) 2 (IN2) Type Single Single Single Point Mode Safety Pulse Test Safety Pulse Test Safety Test Source 0 (T0) 1 (T1) None

Test Output Point 0 (T0) 1 (T1) 2 (T2) Point Mode Pulse Test Pulse Test Power Supply
332
Appendix A
Emergency Stop (ESTOP) Instruction
The basic purpose of the Emergency Stop (ESTOP) instruction is to emulate the input functionality of a safety relay in a software-programmable environment that is intended for use in SIL3/Cat. 4 safety applications.

Table 128 - ESTOP Inputs
Parameter ESTOP Reset Type Channel A(1) Channel B(1) Circuit Reset Data Type Pre-defined Data Type Boolean Boolean Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not use the same predefined data-type tag name in more than one instruction. The reset type determines whether the instruction is using Manual or Automatic reset for Output 1. Channel A Input (Normally Open). Channel B Input (Normally Open). Circuit Reset Input. Manual Reset - Sets Output 1 after Channel A and Channel B transition from the Safe state to the Active state, and the Circuit Reset input transitions from zero to one. Automatic Reset - Visible, but not used. After fault conditions are corrected for the instruction, the fault outputs for the instruction are cleared when this input transitions from off to on. Safe, Active and Initial Values Manual or Automatic Safe = 0, Active = 1 Safe = 0, Active = 1 Initial = 0, Reset = 1
Fault Reset
Boolean
333
Appendix A

Table 129 - ESTOP Outputs
Parameter Output 1 Cycle Inputs Data Type Boolean Boolean Description Output 1 is set to the Active state when input conditions are met. Cycle Inputs prompt for action. Before Output 1 is turned on, Channel A and Channel B inputs must be cycled through their Safe States at the same time before the circuit can be reset. This prompt is cleared when Channel A and Channel B transition to the safe state. Manual Reset - The Circuit Reset Held On prompt is set when both input channels transition to the Active states, and the Circuit Reset input is already on. The Circuit Reset Held On prompt is cleared when the Circuit Reset input is turned off. Automatic Reset - Visible, but not used. This fault is set when Channel A and Channel B inputs are in inconsistent states (one Safe and one Active) for a period of time greater than the Inconsistent Time Period (listed below). This fault is cleared when Channel A and Channel B inputs return to consistent states (both Safe or both Active) and the Fault Reset input transitions from off to on. Inconsistent Time Period: 500 ms. This is set whenever a fault is present in the instruction. Output 1 cannot enter the Active state when Fault Present is set. Fault Present is cleared when all faults are cleared and the Fault Reset input transitions from off to on. Safe, Active and Initial Values Safe = 0, Active = 1 Initial = 0, Prompt = 1
Boolean
Inputs Inconsistent
Boolean
Fault Present
Boolean
IMPORTANT
334
Appendix A
Normal Operation
This instruction monitors the states of two input channels and turns on Output 1 when the following conditions are met: When using Manual Reset: both inputs are in the Active state and the Circuit Reset input is transitioned from a zero to a one. When using Automatic Reset: both inputs are in the Active state for 50 ms. This instruction turns Output 1 off when either one or both of the input channels returns to the Safe state. Both input channels for the Emergency Stop (ESTOP) instructions are normally open. This means zeros on both channels represent the Safe state, and ones on both channels represent the Active state. These normal operation state changes are shown in the following timing diagrams.
1 0

0 1
Channel B
1 0
Channel B
0 50 ms 1 0
Circuit Reset
Output 1
0 1 0
Output 1
335
Appendix A

Channel A 1
0
Channel B
1 0 1
Output 1
0 t1
Inputs Inconsistent
1 0
Fault Present
1 0
Fault Reset
1 0
336
Appendix A

Channel A
1 0
Channel B 1
0
Circuit Reset 1
0
Output 1
1 0
1 0

Channel A 1
0
Channel B 1
0
Output 1
1 0
Cycle Inputs
1 0
337
Appendix A
Emergency Stop with Manual Reset Wiring Example

Figure 238 shows one example of how to wire a two-channel Emergency Stop switch having two normally-open contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
Figure 238 - Wiring Example
V E1 G
IN0 T0
IN1 T1
IN2 T2
IN3
S2
S3
E1 - 24V Power Supply S1 - Emergency Stop Switch S2 - Circuit Reset Switch S3 - Fault Reset Switch
S1
Emergency Stop with Manual Reset Programming Example

The following programming example shows how the Emergency Stop instruction with Manual Reset can be applied to the wiring diagram shown above.
1756-L62S User Program ESTOP Emergency Stop
E STO P Reset Type estopData Type MA NUAL O1 CI CRHO II FP
IN 0 IN 1 IN 2 IN 3
Channel A Channel B Circuit Reset Fault Reset
moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1 moduleName:I.Pt02Data 0 moduleName:I.Pt03Data

0
338
Appendix A

Emergency Stop with Automatic Reset Wiring Example

Figure 240 shows one example of how to wire a two-channel Emergency Stop switch having two normally-open contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. ATTENTION: Various safety standards (EN 60204, ISO 13849-1) require that when using the Automatic Circuit Reset feature, other measures must be implemented to ensure that an unexpected (or unintended) startup will not occur in the system or application.
V E1 G
IN0 T0
IN1 T1
IN2 T2
S2
E1 - 24V Power Supply S1 - Emergency Stop Switch S2 - Fault Reset Switch
S1
339
Appendix A
Emergency Stop with Automatic Reset Programming Example

The following programming example shows how the Emergency Stop instruction with Automatic Reset can be applied to the wiring diagram shown in Emergency Stop with Automatic Reset Wiring Example on page 339.
1756-L62S User Program ESTOP Emergency Stop
E STO P Reset Type estopData Type AUTOMATIC O1 CI CRHO II FP
IN 0 IN 1
Channel A Channel B Circuit Reset
IN 2
Fault Reset
moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1 notUsedTag 0 moduleName:I.Pt02Data

0

340
Appendix A
Enable Pendant (ENPEN) Instruction
The basic purpose of the Enable Pendant (ENPEN) instruction is to emulate the input functionality of a safety relay in a software-programmable environment that is intended for use in SIL3/Cat. 4 safety applications.

Table 134 - ENPEN Inputs
Parameter ENPEN Reset Type Channel A(1) Channel B(1) Circuit Reset Data Type Pre-defined Data Type Boolean Boolean Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not use the same predefined data-type tag name in more than one instruction. The reset type determines whether the instruction is using Manual or Automatic reset for Output 1. Channel A Input (Normally Open). Channel B Input (Normally Open). Circuit Reset Input. Manual Reset - Sets Output 1 after Channel A and Channel B transition from the Safe state to the Active state, and the Circuit Reset input transitions from zero to one. Automatic Reset - Visible, but not used. After fault conditions are corrected for the instruction, the fault outputs for the instruction are cleared when this input transitions from off to on. Safe, Active, and Initial Values Manual or Automatic Safe = 0, Active = 1 Safe = 0, Active = 1 Initial = 0, Reset = 1
Fault Reset
Boolean
341
Appendix A

Table 135 - ENPEN Outputs
Parameter Output 1 Cycle Inputs Data Type Boolean Boolean Description Output 1 is set to the Active state when input conditions are met. Cycle Inputs prompt for action. Before Output 1 is turned on, Channel A and Channel B inputs must be cycled through their Safe States at the same time before the circuit can be reset. This prompt is cleared when Channel A and Channel B transition to the safe state. Manual Reset - The Circuit Reset Held On prompt is set when both input channels transition to the Active states, and the Circuit Reset input is already on. The Circuit Reset Held On prompt is cleared when the Circuit Reset input is turned off. Automatic Reset - Visible, but not used. This fault is set when Channel A and Channel B inputs are in inconsistent states (one Safe and one Active) for a period of time greater than the Inconsistent Time Period (listed below). This fault is cleared when Channel A and Channel B inputs return to consistent states (both Safe or both Active) and the Fault Reset input transitions from off to on. Inconsistent Time Period: 3 seconds. This is set whenever a fault is present in the instruction. Output 1 cannot enter the Active state when Fault Present is set. Fault Present is cleared when all faults are cleared and the Fault Reset input transitions from off to on. Safe, Active, and Initial Values Safe = 0, Active = 1 Initial = 0, Prompt = 1
Boolean
Inputs Inconsistent
Boolean
Fault Present
Boolean
IMPORTANT
342
Appendix A
Normal Operation
This instruction monitors the states of two input channels and turns on Output 1 when the following conditions are met: When using Manual Reset: both inputs are in the Active state and the Circuit Reset input is transitioned from a zero to a one. When using Automatic Reset: both inputs are in the Active state for 50 ms. This instruction turns Output 1 off when either one or both of the input channels returns to the Safe state. Both input channels for the Enable Pendant (ENPEN) instruction are normally open. This means zeros on both channels represent the Safe state, and ones on both channels represent the Active state. These normal operation state changes are shown in the following timing diagrams.
1 0

0
Channel B
Channel B
0 1
1 0 50 ms
Circuit Reset
Output 1
0 1 0
1 0
Output 1
343
Appendix A

This instruction generates a fault if the input channels are in inconsistent states (one Safe and one Active) for more than the specified period of time. The inconsistent time period is 3 seconds (t1). This fault condition is enunciated via the Inputs Inconsistent and the Fault Present outputs. Output 1 cannot enter the Active state while the Fault Present output is active. The fault indication is cleared when the offending condition is remedied and the Fault Reset input is transitioned from zero to one. These state changes are shown in the following timing diagram.
Channel A 1
0
Channel B
1 0 1
Output 1 0
t1
Inputs Inconsistent
1 0
Fault Present
1 0
Fault Reset
1 0
344
Appendix A

Channel A
1 0
Channel B 1
0
Circuit Reset 1
0
Output 1
1 0
1 0

Channel A 1
0
Channel B 1
0
Output 1
1 0
Cycle Inputs
1 0
345
Appendix A
Enable Pendant with Manual Reset Wiring Example

The following wiring diagram is one example of how to wire a two-channel switch having two normally-open contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
V E1 G
IN0 T0
IN1 T1
IN2 T2
IN3
S2
S3
E1 - 24V Power Supply S1 - Enable PendantSwitch S2 - Circuit Reset Switch S3 - Fault Reset Switch
S1
Enable Pendant with Manual Reset Programming Example

The following programming example shows how the Enable Pendant instruction with Manual Reset can be applied to the wiring diagram shown above.
1756-L62S User Program ENPEN
Enable Pendant
ENPEN enpenData Type MA NUAL moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1 O1 CI CRHO II FP
IN 0 IN 1 IN 2 IN 3

0
346
Appendix A

Enable Pendant with Automatic Reset Wiring Example

The following wiring diagram is one example of how to wire a two-channel switch having two normally-open contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. ATTENTION: Various safety standards (EN 60204, ISO 13849-1) require that when using the Automatic Circuit Reset feature, other measures must be implemented to make sure that an unexpected (or unintended) startup will not occur in the system or application.
V E1 G
IN0 T0
IN1 T1
IN2 T2
S2
E1 - 24V Power Supply S1 - Enable Pendant Switch S2 - Fault Reset Switch
S1
347
Appendix A
Enable Pendant with Automatic Reset Programming Example

The following programming example shows how the Enable Pendant instruction with Automatic Reset can be applied to the wiring diagram shown in Enable Pendant with Automatic Reset Wiring Example on page 347.
1756-L62S User Program ENPEN
Enable Pendant
ENPEN enpenData Type AUTOMATIC moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 1 notUsedTag 0 moduleName:I.Pt02Data 0 O1 CI CRHO II FP
IN 0 IN 1

Channel B Circuit Reset
IN 2
Fault Reset

348
Appendix A
Light Curtain (LC) Instruction
The basic purpose of the Light Curtain (LC) instruction is to provide a manual and an automatic circuit-reset interface from a programmable controller to a light curtain used in SIL3/Cat. 4 safety applications. Many LC instructions pulse test their two outputs: OSSD1 and OSSD2. If these outputs are wired directly into GuardLogix controller inputs, the pulse test needs to be filtered. Otherwise, the GuardLogix controller may mistake the LO pulse test for an LC blockage. Note that most LC instructions do provide controllers or relays that essentially filter out the pulse test and provide two dry contacts for OSSD1 and OSSD2. If using these devices, then OSSD1 and OSSD2 can be wired directly to the GuardLogix controller. If you are not using the LC controller or relay, then the GuardLogix controller must provide the pulse test filtering. There are two ways for the GuardLogix controller to filter this signal. The first is hardware-based digital input filters on the Safety input modules. For more information on Safety I/O modules, refer to the DeviceNet Safety I/O User Manual, publication 1791DS-UM001. The second is a software-based filter in the LC instruction. For information on the software-based filter, see Input Filter Time on page 356 of this manual. Of these two methods, the hardware filter is preferred. If the digital input filters the LO signals for longer than the LO pulse test width, then the hardware filter will filter out the pulse test. For example, if the LC instruction signals pulse LO for 100 s during a pulse test, then the hardware must filter out LO signals that are 100 s or longer. Note that the Safety DeviceNet I/O modules have a configurable filter of 0126 ms.
349
Appendix A
If the hardware filter cannot filter the pulse test, or you choose not to use the hardware filter, then the filtering must be done in the GuardLogix controller ladder logic. Software-based filters look at the input once every program cycle. Theoretically, every time the GuardLogix controller looks at OSSD1, it may be LO if the pulse test is occurring at that exact time. In other words, you may have to make your software filter long enough to scan OSSD1 multiple times before the filter times out, and OSSD1 is set logically LO. Setting the software filter time higher than the GuardLogix controllers safety task period ensures that the input must be LO for three consecutive scans before the software filter times out. For example, if the GuardLogix controllers safety task period is 5 ms, a software filter time of 10 ms requires three LO scans. If the filter time is 15 ms, four LO scans are required. The downside of using a longer hardware or software filter is that this filter time must be directly added to the calculation of the LC safety reaction time.

Table 140 - LC Inputs
Parameter LC Data Type Pre-defined Data Type Boolean Boolean Boolean Time Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not used the same pre-defined data-type tag name in more than one instruction. The reset type determines whether the instruction is using Manual or Automatic reset for Output 1. Channel A Input. Channel B Input. This is a selectable time, from 0250 ms, used for filtering of the output pulse testing by the light curtain. Permits muting of the light curtain when it is not being used. Circuit Reset Input. Manual Reset - Sets Output 1 after Channel A and Channel B transition from the Safe state to the Active state, and the Circuit Reset input transitions from zero to one. Automatic Reset - Visible, but not used. After fault conditions are corrected for the instruction, the fault outputs for the instruction are cleared when this input transitions from off to on. Safe, Active, and Initial Values
Reset Type Channel A(1) Channel B(1) Input Filter Time Mute Light Curtain Circuit Reset
Manual or Automatic Safe = 0, Active = 1 Safe = 0, Active = 1 Initial = 0 ms Maximum = 250 ms Initial = 0, Mute Light Curtain = 1 Initial = 0, Reset = 1
Fault Reset
Boolean
350
Appendix A

Table 141 - LC Inputs
Parameter Output 1 Cycle Inputs Data Type Boolean Boolean Description Output 1 is set to the Active state when input conditions are met. Cycle Inputs prompts for action. Before Output 1 is turned on, Channel A and Channel B inputs must be cycled through their Safe States at the same time before the circuit can be reset. This prompt is cleared when Channel A and Channel B transition to the safe state. Manual Reset - The Circuit Reset Held On prompt is set when both input channels transition to the Active states, and the Circuit Reset input is already on. The Circuit Reset Held On prompt is cleared when the Circuit Reset input is turned off. Automatic Reset - Visible, but not used. This indicates that the light curtain is blocked or has lost power. This indicates that the light curtain is muted (not being used). This fault is set when Channel A and Channel B inputs are in inconsistent states (one Safe and one Active) for a period of time greater than 500 ms. This fault is cleared when Channel A and Channel B inputs return to consistent states (both Safe or both Active) and the Fault Reset input transitions from off to on. This is on whenever a fault is present in the instruction. Output 1 cannot enter the Active state when Fault Present is set. Fault Present is cleared when all faults are cleared and the Fault Reset input transitions from off to on. Safe, Active, and Initial Values Safe = 0, Active = 1 Initial = 0, Prompt = 1
Boolean
Light Curtain Blocked Light Curtain Muted Inputs Inconsistent
Initial = 0, Blocked = 1 Initial = 0, Muted = 1 Initial = 0, Fault = 1
Fault Present
Boolean
IMPORTANT
351
Appendix A
Normal Operation
This instruction monitors the states of two input channels and turns on output 1 when the following conditions are met: When using Manual Reset: both inputs are in the Active state when the Circuit Reset input is transitioned from a zero to a one. When using Automatic Reset: both inputs are in their Active state for 50 ms. The instruction turns output 1 off when either one or both of the input channels return to the Safe state. These normal operation state changes are shown in the following timing diagrams.
Figure 250 - Normal Operation with Manual and Automatic Reset Timing Diagram
1
Automatic Reset Channel A

1 0 1
Channel B
1 0
Channel B
0
50 ms
Circuit Reset
1 0
Output 1
1 0
Output 1
1 0
Light Curtain Blocked 1

0
ht Curtain Blocked
1 0
Light Curtain Muting Operation

The one exception to the above Output 1 control is Light Curtain Muting that, when enabled, permits the inputs to leave the Active state and output 1 to remain on. The Light Curtain Muted output represents the value of the Mute Light Curtain input and indicates that the light curtain is not being used. This instruction also has a Light Curtain Blocked output that indicates when the input channels are not in the Active state (ones).
352
Appendix A
These state changes are shown in the following timing diagrams.

Figure 251 - Light Curtain Muting Operation - Example 1
Channel A 1 (Input)
0
Channel B 1 (Input)
0
Circuit Reset 1 (Input)

0 1
Output 1
0
Mute Light Curtain 1 (Input)

0
Light Curtain Blocked 1 (LCB)

0
If the Mute Light Curtain input is not set properly, or the light curtain is blocked after the muting period is finished, the behavior of this instruction reverts back to the behavior defined earlier when no muting is present.
Figure 252 - Light Curtain Muting Operation - Example 2
Channel A 1 (Input)
0
Channel B 1 (Input)
0
Circuit Reset 1 (Input)

0 1
Output 1
0
Mute Light Curtain 1 (Input)

0

0
353
Appendix A
Inputs Inconsistent Operation

This instruction generates a fault if the input channels are in inconsistent states (one Safe and one Active) for more than 500 ms (t1). This fault condition is enunciated via the Inputs Inconsistent and the Fault Present outputs. Output 1 cannot enter the Active state while the Fault Present output is active. The fault indication is cleared when the offending condition is remedied and the Fault Reset input is transitioned from zero to one. These state changes are shown in the following timing diagram.
Figure 253 - Inputs Inconsistent Timing Diagram
Channel A 1
0
Channel B 1
0
Output 1 1
0 t1
Inputs Inconsistent 1
0
Fault Present 1
0
Fault Reset 1
0

0
354
Appendix A
Circuit Reset Held On Operation - Manual Reset Mode Only

Channel A 1
0
Channel B 1
0
Circuit Reset 1
0
Output 1 1
0
Circuit Reset Held 1 On

0

If, while Output 1 is active, one of the input channels transitions from the Active state to the Safe state and back to the Active state before the other input channel transitions to the Safe state, this instruction sets the Cycle Inputs output prompt, and Output 1 cannot enter the Active state again until both input channels cycle through their Safe states. These state changes are shown in the following timing diagram.
Channel A 1
0
Channel B 1
0
Output 1
1 0
Cycle Inputs
1 0
355
Appendix A
Input Filter Time

When an input filter time (t1) is specified, then, for that length of time, an input channel is allowed to go to the Safe state while the other channel is in the Active state without Output 1 going to its Safe state. However, Output 1 will go to the Safe state when both input channels are in the Safe state at the same time.
Figure 256 - Input Filter Time Timing Diagram
Channel A
1 0 t1
Channel B
1 0 t1
Output 1
1 0
t1 Input Filter Time
Light Curtain with Manual Reset Wiring Example

The following wiring diagram is one example of how to wire a light curtains two normally-open outputs and two inputs required for muting to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
Light Curtain
LCA
OSSD1
OSSD2 LCB
V E1 G
IN0 T0
IN1
IN2 T1
IN3
IN4 T2
IN5
1791DS Safety Module 1791DS Safety Module
E1 - 24V Power Supply LCA - Light Curtain Output A LCB - Light Curtain Output B MDA - Dual-input Muting Device Channel A MDB - Dual-input Muting Device Channel B S1 - Circuit Reset Switch S2 - Fault Reset Switch
Dual Input Muting Device MDA MDB
S1
S2
356
Appendix A
Light Curtain with Manual Reset Programming Example

The following programming example shows how the Light Curtain instruction with Manual Reset can be applied to the wiring diagram shown in Light Curtain with Manual Reset Wiring Example on page 356.
1756-L62S User Program
RIN Redundant Input
RIN rinData Type MA NUAL moduleName:I.Pt02Data 0 moduleName:I.Pt03Data 0 moduleName:I.Pt04Data 0 moduleName:I.Pt05Data 0
O1 CI CRHO II FP
IN 2 IN 3 IN 4 IN 5

LC Light Curtain
LC lcData Type MA NUAL moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 0 20
rinData Type.O1
O1 CI CRHO LCB LCM II FP
IN 0 IN 1

Channel B Input Filter Time Mute Light Curtain
IN 4 IN 5
Circuit Reset Fault Reset
0 moduleName:I.Pt04Data 0 moduleName:I.Pt05Data 0
357
Appendix A
Input Point 0 (IN0) 1 (IN1) 2 (IN2) 3 (IN3) 4 (IN4) 5 (IN5) Type Single Single Single Single Single Single Point Mode Safety Safety Safety Pulse Test Safety Pulse Test Safety Safety Test Source None None 0 (T0) 1 (T1) None None

358
Appendix A
Light Curtain with Automatic Reset Wiring Example

The following wiring diagram is one example of how to wire a light curtains two normally-open outputs and two inputs required for muting to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. ATTENTION: Various safety standards (EN 60204, ISO 13849-1) require that when using the Automatic Circuit Reset feature, other measures must be implemented to ensure that an unexpected (or unintended) startup will not occur in the system or application.
OSSD1
Light Curtain
LCA
OSSD2 LCB
V E1 G
IN0 T0
IN1
IN2 T1
IN3
IN4 T2
IN5
E1 - 24V Power Supply LCA - Light Curtain Output A LCB - Light Curtain Output B MDA - Dual-input Muting Device Channel A MDB - Dual-input Muting Device Channel B S1 - Fault Reset Switch S2 - Redundant Input Circuit Reset Switch
Dual-input Muting Device
S1
S2
MDA
MDB
359
Appendix A
Light Curtain with Automatic Reset Programming Example

The following programming example shows how the Light Curtain instruction with Automatic Reset can be applied to the wiring diagram shown in Light Curtain with Automatic Reset Wiring Example on page 359.
1756-L62S User Program
RIN Redundant Input
RIN rinData Type MA NUAL moduleName:I.Pt02Data 0 moduleName:I.Pt03Data 0 moduleName:I.Pt05Data 0 moduleName:I.Pt04Data 0
O1 CI CRHO II FP
IN 2 IN 3 IN 5 IN 4

LC Light Curtain
LC lcData Type AUTOMATIC moduleName:I.Pt00Data 0 moduleName:I.Pt01Data 0 20
rinData Type.O1
O1 CI CRHO LCB LCM II FP
IN 0 IN 1

Channel B Input Filter Time Mute Light Curtain Circuit Reset
0 notUsedTag 0 moduleName:I.Pt04Data 0
IN 4
Fault Reset
360
Appendix A
Input Point 0 (IN0) 1 (IN1) 2 (IN2) 3 (IN3) 4 (IN4) 5 (IN5) Type Single Single Single Single Single Single Point Mode Safety Safety Safety Pulse Test Safety Pulse Test Safety Safety Test Source None None 0 (T0) 1 (T1) None None

361
Appendix A
Five-position Mode Selector (FPMS) Instruction
The basic purpose of the Five-position Mode Selector (FPMS) instruction is to provide an interface from a programmable controller to a three-to-five-position selector switch used in SIL3/Cat. 4 safety applications.
Table 146 - FPMS Inputs
Parameter FPMS Input 1 Input 2 Input 3 Input 4 Input 5 Fault Reset Data Type Pre-defined Data Type Boolean Boolean Boolean Boolean Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not use the same pre-defined data-type tag name in more than one instruction. Mode 1 Selected Input. Mode 2 Selected Input. Mode 3 Selected Input. Mode 4 Selected Input. Mode 5 Selected Input. After fault conditions are corrected for the instruction, the Fault Present output for the instruction is cleared when this input transitions from OFF to ON. Safe, Active, and Initial Values Safe = 0, Active = 1 Safe = 0, Active = 1 Safe = 0, Active = 1 Safe = 0, Active = 1 Safe = 0, Active = 1 Initial = 0, Reset = 1
362
Appendix A

Table 147 - FPMS Outputs
Parameter Output 1 Output 2 Output 3 Output 4 Output 5 No Mode Multiple Modes Selected Fault Present Data Type Boolean Boolean Boolean Boolean Boolean Boolean Boolean Boolean Description Output associated with Input 1. Output associated with Input 2. Output associated with Input 3. Output associated with Input 4. Output associated with Input 5. No Mode Selected Fault. More than One Mode Selected Fault. This is set whenever a fault is present in the instruction. An Output cannot enter the Active state when Fault Present is set. Fault Present is cleared when all faults are cleared and the Fault Reset input transitions from OFF to ON. Safe, Active, and Initial Values Safe = 0, Active = 1 Safe = 0, Active = 1 Safe = 0, Active = 1 Safe = 0, Active = 1 Safe = 0, Active = 1 Initial = 0, Fault = 1 Initial = 0, Fault = 1 Initial = 0, Fault = 1
IMPORTANT
Operation
The Five-position Mode Selector instruction has five outputs that are associated with five inputs. Its main job is to enable one of the five outputs when its associated input goes active. It has two faults: one for more than one input active, and the other for no inputs active. These faults occur when the associated inputs conditions exist for more than 250 ms. During this 250 ms, if one of the fault conditions is detected, the outputs temporarily remain in their last state. If the fault condition is still present after the 250 ms, the Fault Present bit is set to one and the instruction's outputs are set to zero. Faults may be cleared by the rising edge of the Fault Reset signal, but only after the input fault condition has been cleared.
363
Appendix A
Five-position Mode Selector Wiring Example

The following wiring diagram is one example of how to wire a five-position selector switch to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
V E1 G
IN0 T0
IN1
IN2
IN3
IN4
IN5 T1
S2 1 2 3 4 5
S1
E1 - 24V Power Supply S1 - Five-position Selector Switch S2 - Fault Reset Switch
Five-position Mode Selector Programming Example

The following programming example shows how the Five-position Mode Selector (FPMS) instruction can be applied to the wiring diagram shown in Fiveposition Mode Selector Wiring Example on page 364.
1756-L62S User Program FPMS Five Position Mode Selector
FPMS fpmsData Type
O1 O2 O3 O4 O5 NM MMS FP
IN 0 IN 1 IN 2 IN 3 IN 4 IN 5
Input 1 Input 2 Input 3 Input 4 Input 5 Fault Reset
0 moduleName:I.Pt02Data 0 moduleName:I.Pt03Data 0 moduleName:I.Pt04Data 0

moduleName:I.Pt05Data 0
364
Appendix A
RSLogix 5000 programming software is used to configure the following I/O module parameters.
Point 0 (IN0) 1 (IN1) 2 (IN2) 3 (IN3) 4 (IN4) 5 (IN5) Type Single Single Single Single Single Single Point Mode Safety Safety Safety Safety Safety Safety
Table 149 - Output

Point 0 1 2 3 Point Mode Power Supply Power Supply Not Used Not Used
365
Appendix A
Redundant Output with Continuous Feedback Monitoring (ROUT)
The basic purpose of the Redundant Output with Continuous Feedback Monitoring (ROUT) instruction is to emulate the output functionality of a safety relay in a software-programmable environment that is intended for use in SIL3/Cat. 4 safety applications. The Redundant Output with Continuous Feedback Monitoring (ROUT) instruction can be used in two ways. Redundant Output with Negative Feedback (RONF) Redundant Output with Positive Feedback (ROPF)
Table 150 - ROUT Inputs
Parameter ROUT Feedback Type Enable Feedback 1 Data Type Pre-defined Data Type Boolean Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not use the same pre-defined data-type tag name in more than one instruction. The feedback type determines whether the instruction is using negative or positive feedback. Input to Enable the Redundant Outputs. Feedback from a device either directly or indirectly controlled by Output 1. Safe, Active, and Initial Values Negative (RONF) or Positive (ROPF) Safe = 0, Active = 1 RONF: Off = 1, On = 0 ROPF: Off = 0, On = 1 Feedback 2 Boolean Feedback from a device either directly or indirectly controlled by Output 2. RONF: Off = 1, On = 0 ROPF: Off = 0, On = 1 Fault Reset Boolean After fault conditions are corrected for the instruction, the Fault Present output for the instruction is cleared when this input transitions from off to on. Initial = 0, Reset = 1
366
Appendix A

Table 151 - ROUT Outputs
Parameter Output 1 Output 2 Data Type Boolean Boolean Description Output 1 of the redundant outputs. Output 2 of the redundant outputs. Output 1 feedback is not indicating the correct state of Output 1 within 250 ms. Output 2 feedback is not indicating the correct state of Output 2 within 250 ms. This is set whenever a fault is present in the instruction. Outputs cannot enter the Active state when Fault Present is set. Fault Present is cleared when all faults are cleared and the Fault Reset input transitions from off to on. Safe, Active, and Initial Values Safe = 0, Active = 1 Safe = 0, Active = 1 Initial = 0, Fault = 1 Initial = 0, Fault = 1 Initial = 0, Fault = 1
Output 1 Feedback Failure Boolean Output 2 Feedback Failure Boolean Fault Present Boolean
IMPORTANT
Operation
This instruction monitors a single logical input and activates two field outputs when the logical input goes Active.
Enable 1
0 1
Output 1
0 1
Output 2
It also monitors a feedback channel for each field output and generates a fault if both channels do not, within a time limit, indicate the desired state of the associated outputs.
367
Appendix A
Instruction operation is illustrated in Figure 264 and Figure 265.

Figure 264 - Negative Feedback Timing Diagrams
Enable
1 0
Enable
1 0
Output 1
1 0
Output 2
1 0
Feedback 1
1 0 250 ms
Feedback 2
1 0 250 ms
Output 1 Feedback 1 Failure 0 Fault Reset

1 0
Output 2 Feedback 1 Failure

0 1 0
Fault Reset
Enable
1 0
Enable
1 0
Output 1
1 0
Output 2
1 0
Feedback 1
1 0 250 ms
Feedback 2
1 0 250 ms
Output 1 Feedback 1 Failure 0 Fault Reset

1 0

0 1 0
Fault Reset
368
Appendix A
Figure 265 - Positive Feedback Timing Diagrams

Enable
1 0
Enable
1 0
Output 1
1 0
Output 2 1
0
Feedback 1 1
0
Feedback 2 1
0
250 ms
Output 1 Feedback Failure Fault Reset
1 0 1 0

0
250 ms
Fault Reset 1
0
Enable 1
0
Enable
1 0
Output 1 1
0
Output 2 1
0
Feedback 1 1
0
Feedback 2 1
0
250 ms

0 1 0

0
250 ms
Fault Reset
Fault Reset 1
0
369
Appendix A
Redundant Output with Negative Feedback Wiring Example

The following wiring diagram is one example of how to wire two contactors and normally-open auxiliary contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
L1 L2 L3 K1a
K1
V E1 G
V1 G1
IN0 T0
IN1 T1
IN2 T2
C0 OUT 0
C1 OUT 1
1791DS Safety Module (Relay Output)
K2
K2a
E1 - 24V Power Supply PS - Power Source (application-specific) K1a K1 - Power Contact 1 K2 - Power Contact 2 K1a - Auxiliary Contact 1 K2a - Auxiliary Contact 2 S1 - Fault Reset Switch
K2a
S1
K1
K2
PS
Redundant Output with Negative Feedback Programming Example

The following programming example shows how the Redundant Output instruction with negative feedback can be applied to the wiring diagram shown in Redundant Output with Negative Feedback Wiring Example.
1756-L62S User Program ROUT Redundant Output
ROUT routData Type POSITIVE otherData Type.O1 0 moduleName:I.Pt00Data 1 moduleName:I.Pt01Data 0
O1 O2 O1FF O2FF FP
Input from Another Safety Instruction Output
Feedback Type Enable Feedback 1 Feedback 2 Fault Reset
IN 0 IN 1 IN 2
routData Type.O1
moduleName:O.Pt00Data
routData Type.O2
370
Appendix A

Table 154 - Output Configuration

Point 0 (OUT0) 1 (OUT1) Type Single Single Point Mode Safety Safety
371
Appendix A
Redundant Output with Positive Feedback Wiring Example

The following wiring diagram is one example of how to wire two contactors and normally-open auxiliary contacts to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4.
L1 L2 L3
K1
K1a
V E1 G
V1 G1
IN0 T0
IN1 T1
IN2 T2
C0 OUT 0
C1 OUT 1
1792DS Safety Module (Relay Output)

K2 K2a
E1 - 24V Power Supply PS - Power Source (application-specific) K1a K1 - Power Contact 1 K2 - Power Contact 2 K1a - Auxiliary Contact 1 K2a - Auxiliary Contact 2 S1 - Fault Reset Switch
K1
K2
K2a
S1 PS
Redundant Output with Positive Feedback Programming Example

The following programming example shows how the Redundant Output instruction with positive feedback can be applied to the wiring diagram shown in Redundant Output with Positive Feedback Wiring Example.
1756-L62S User Program ROUT Redundant Output
ROUT routData Type POSITIVE otherData Type.O1 0 moduleName:I.Pt00Data 1 moduleName:I.Pt01Data 0
O1 O2 O1FF O2FF FP
Input from Another Safety Instruction Output
Feedback Type Enable Feedback 1 Feedback 2 Fault Reset
IN 0 IN 1 IN 2
routData Type.O1
routData Type.O2
372
Appendix A

Table 157 - Output Configuration

Point 0 (OUT0) 1 (OUT1) Type Single Single Point Mode Safety Safety
373
Appendix A
Two-hand Run Station (THRS) Instruction
The basic purpose of the Two-hand Run Station (THRS) instruction is to provide a method to incorporate two diverse input buttons used as a singleoperation start button into a software-programmable environment that is intended for use in SIL3/Cat. 4 safety applications. A run station can also be inserted or removed from controlling the process by using an Active Pin input in this instruction. The Two-hand Run Station with Active Pin instruction takes the four inputs (two from each button) and turns them into one signal for the rest of the application.
374
Appendix A

Table 158 - THRS Inputs
Parameter THRS Active Pin Type Active Pin Data Type Pre-defined Data Type Boolean Boolean Description This parameter is used to maintain instruction-specific information. Do not use the same predefined data-type tag name in more than one instruction. The Active Pin type determines whether or not the input and outputs specific to the Active Pin are processed. Active Pin for run station. Active Pin Enabled - When set, the Buttons Pressed output can enter the Active state. When clear, the Buttons Pressed output remains off. Active Pin Disabled - Visible, but not used. Right Button N.O. Contact Input. Right Button N.C. Contact Input. Left Button N.O. Contact Input. Left Button N.C. Contact Input. Fault Reset Input. Active Pin Enabled - When transitioned from off to on, and the fault cause has been cleared, the Right Button Fault, Left Button Fault, and Station Active Fault outputs are cleared. Active Pin Disabled - When transitioned from off to on, and the fault cause has been cleared, the Right Button Fault and Left Button Fault outputs are cleared. Safe, Active, and Initial Values Enabled or Disabled Initial = 0, Set = 1
Right Button Normally Open Right Button Normally Closed Left Button Normally Open Left Button Normally Closed Fault Reset
Boolean Boolean Boolean Boolean Boolean
Safe = 0, Active = 1 Safe = 1, Active = 0 Safe = 0, Active = 1 Safe = 1, Active = 0 Initial = 0, Reset = 1
375
Appendix A

Table 159 - THRS Outputs
Parameter Buttons Pressed Station Active Data Type Boolean Boolean Description Output is enabled when the run station buttons are pressed and no faults are present. Output is enabled when the run station is active. Active Pin Enabled - Set indicates that the station is active. Cleared indicates that the station is inactive. Active Pin Disabled - Visible, but not used, always zero. Indicates that both buttons were not pressed within 500 ms of each other. Cleared when both buttons are released. Set when the Button Tie-down indicator is set. Cleared when the Button Tie-down indicator is cleared. Active Pin Enabled - Fault is set when the station is inactive. Active Pin Disabled - Visible, but not used, always zero. There is a Right Button fault. Set when the Right Button Normally Closed and the Right Button Normally Open inputs are not both energized or not both de-energized within 250 ms. There is a Left Button fault. Set when the Left Button Normally Closed and the Left Button Normally Open inputs are not both energized or not both de-energized within 250 ms. One or more of the faults are present. Active Pin Enabled - Set when the Station Active Fault, Right Button Fault, or Left Button Fault outputs are set. Cleared when the Station Active Fault, Right Button Fault, and Left Button Fault outputs are cleared. Active Pin Disabled - Set when the Station Right Button Fault or Left Button Fault outputs are set. Cleared when the Right Button Fault and Left Button Fault outputs are cleared and the Fault Reset input transitions from off to on. Safe, Active, and Initial Values Safe = 0, Active = 1 Initial = 0, Active = 1
Button Tiedown Cycle Buttons Station Active Fault Right Button Fault
Boolean Boolean Boolean Boolean
Initial = 0, Active = 1 Initial = 0, Active = 1 Initial = 0, Active = 1 Initial = 0, Active = 1
Left Button Fault
Boolean
Initial = 0, Active = 1
Fault Present
Boolean
Initial = 0, Active = 1
IMPORTANT
376
Appendix A
Normal Operation
The Two-hand Run Station instruction takes the four inputs (two from each button) and turns them into one signal for the rest of the application. These normal-operation state changes are shown in the following timing diagram.
Right Button 1 Normally Open
0
Right Button 1 Normally Closed

0
Left Button Normally 1 Open

0
Left Button Normally 1 Closed

0 1 0
Buttons Pressed
See the De-energize to Trip System section on page 311 for information about how to condition the input data associated with the normally closed channel.
377
Appendix A
Button Tie-down Operation

The Two-hand Run Station instruction also monitors the four inputs to make sure none of them fail or are intentionally defeated. If the buttons are not pressed within 500 ms (t1) of each other, this instruction generates a Button Tie-down condition and prevents the Buttons Pressed output from entering the Active state. These state changes are shown in the following timing diagram.
Figure 271 - Button Tie-down Timing Diagram
0

0

0
t1

0 1
Button Tie-Down
0 1
Buttons Pressed
0
378
Appendix A
Cycle Buttons Operation

If, while Buttons Pressed is active, one of the buttons transitions from the Active state to the Safe state and back to the Active state before the other button transitions to the Safe state, this instruction sets the Cycle Buttons output prompt, and prevents the Buttons Pressed output from entering the Active state again until both buttons cycle through their Safe states. These state changes are shown in the following timing diagram.
Figure 272 - Cycle Buttons Timing Diagram
0 1
Right Button Normally Closed 0 Left Button Normally 1 Open

0

0 1 0
Cycle Buttons
Buttons Pressed
1 0
379
Appendix A
Button Fault Operation

This instruction also monitors the individual inputs from each button. If the two contacts for one of the buttons are in opposite safety states for more than 250 ms (t1), the appropriate fault is set (Left Button Fault or Right Button Fault). The Fault Present output is also set. The Buttons Pressed output is set to the Safe state whenever one of these faults exists. These state changes are shown in the following timing diagrams.
Figure 273 - Left Button Fault Operation
0
1 0 1 0 t1 1 0 1 0

0 t1 1 0
Left Button Fault
Fault Reset
1 0
Figure 274 - Right Button Fault Operation

0
1 0 1 0
t1

0 1 0
t1 1 0 1 0
Right Button Fault
Fault Reset 1
0
380
Appendix A
Two-hand Run Station with Active Pin Disabled Wiring Example

IMPORTANT The Two-hand Run Station is wired properly when the four run-button inputs are in the safe state when the run buttons are released.
The following wiring diagram is one example of how to wire Right and Left Push Buttons to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. Each Push Button has two diverse input channels.
V E1 G
IN0 T0
IN1 T1
IN2 T2
I N3 T3
IN4 V
S1
E1 - 24V Power Supply RB - Right Button LB - Left Button S1 - Fault Reset Switch
RB
LB
381
Appendix A
Two-hand Run Station with Active Pin Disabled Programming Example

The following programming example shows how the Two-hand Run Station without Active Pin instruction can be applied to the wiring diagram shown in Two-hand Run Station with Active Pin Disabled Wiring Example.
1756-L62S User Program THRS Two Hand Run Station
THRS Active Pin Type Active Pin thrsDataType DISABLED notUsedTag 0
moduleName:I.Pt00Data
BP SA BT CB 0 SA F RB F LB F FP 1
IN 0 IN 1 IN 2 IN 3 IN 4
1
0
moduleName:I.Pt03Data moduleName:I.Pt04Data
Input Point 0 (IN0) 1 (IN1) 2 (IN2) 3 (IN3) 4 (IN4) Type Single Single Single Single Single Point Mode Safety Pulse Test Safety Pulse Test Safety Pulse Test Safety Pulse Test Safety Test Source 0 (T0) 1 (T1) 2 (T2) 3 (T3) None
382
Appendix A

Test Output Point 0 (T0) 1 (T1) 2 (T2) 3 (T3) Point Mode Pulse Test Pulse Test Pulse Test Pulse Test
Two-hand Run Station with Active Pin Enabled Wiring Examples

IMPORTANT The Two-hand Run Station is wired properly when the four run-button inputs are in the safe state when the run buttons are released.
Figure 277 is one example of how to wire Right and Left Push Buttons to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. Each Push Button has two diverse input channels.
Figure 277 - Two-hand Run Station with Active Pin Enabled Control Wiring Diagram (Active Pin High - Run Station Connected to System)
V E1 G
IN0 T0
IN1 T1
IN2 T2
IN3 T3
IN4 V
IN5
S1
E1 - 24V Power Supply RB - Right Button LB - Left Button S1 - Fault Reset Switch
RB
LB
383
Appendix A
Figure 278 is one example of how to wire a Dummy Plug to a 1791DS safety I/O module to comply with ISO 13849-1 Category 4. Each Push Button has two diverse input channels.
Figure 278 - Two-hand Run Station with Active Pin Enabled Control Wiring Diagram (Active Pin Low - Run Station Not Connected to System)
V
E1
IN0 T0
IN1 T1
IN2 T2
IN3 T3
IN5 G
IN4 V
Dummy Plug
S1
E1 - 24V Power Supply S1 - Fault Reset Switch
Two-hand Run Station with Active Pin Enabled Programming Example

The following programming example shows how the Two-hand Run Station with Active Pin instruction can be applied to the wiring diagram shown in Figure 277 on page 383.
384
Appendix A

1756-L62S User Program THRS Two Hand Run Station
THRS Active Pin Type thrsDataType ENABLED BP SA 0 BT CB 0 SA F RB F LB F FP 1
IN 5 IN 0 IN 1 IN 2 IN 3 IN 4
Active Pin
moduleName:I.Pt05Data moduleName:I.Pt00Data moduleName:I.Pt01Data

1
0
moduleName:I.Pt03Data moduleName:I.Pt04Data
0
Input Point 0 (IN0) 1 (IN1) 2 (IN2) 3 (IN3) 4 (IN4) 5 (IN5) Type Single Single Single Single Single Single Point Mode Safety Pulse Test Safety Pulse Test Safety Pulse Test Safety Pulse Test Safety Safety Test Source 0 (T0) 1 (T1) 2 (T2) 3 (T3) None None

Test Output Point 0 (T0) 1 (T1) 2 (T2) 3 (T3) Point Mode Pulse Test Pulse Test Pulse Test Pulse Test
385
Appendix A
Notes:
386
Appendix
Execution Times for Safety Application Instructions
This appendix lists execution times for the GuardLogix Safety Application Instructions. Instructions were measured while enabled and operating on an enabled ladder logic rung.
Table 164 - RSLogix 5000, Version 17 and Later, Safety Application Instructions
Mnemonic Name 12 s 14 s 24 s 26 s 36 s 28 s 14 s 20 s 36 36 16 s 44 s 30 s 30 s 34 s Execution Time with 1756-L6xS Controller CROUT DCS DCST DCSTL DCSTM DCM DCSRT DCA DCAF SMAT THRSe TSAM TSSM FSBM Configurable Redundant Output Dual Channel Input - Stop Dual Channel Input - Stop With Test Dual Channel Input - Stop With Test and Lock Dual Channel Input - Stop With Test and Mute Dual Channel Input - Monitor Dual Channel Input - Start Dual Channel Analog Input Dual Channel Analog Input (Floating Point) Safety Mat Two-Hand Run Station Enhanced Two Sensor Asymmetrical Muting Two Sensor Symmetrical Muting Four Sensor Bidirectional Muting Negative Feedback Positive Feedback with 1756-L7xS Controller 9 s 9 s 13 s 13 s 18 s 15 s 8 s 10 s 16 s 16 s 10 s 19 s 19 s 16 s 18 s
Table 165 - RSLogix 5000, Version 17 and Later Metal Form Safety Application Instructions
Mnemonic Name 28 s 18 s 20 s 24 s 24 s 24 s Execution Time with 1756-L6xS Controller CBCM CBIM CBSSM CPM CSM EPMS Clutch Brake Continuous Mode Clutch Brake Inch Mode Clutch Brake Single Stoke Mode Crankshaft Position Monitor Camshaft Monitor Eight-position Mode Selector with 1756-L7xS Controller 15 s 11 s 13 s 14 s 15 s 14 s
387
Appendix B
Execution Times for Safety Application Instructions
Table 165 - RSLogix 5000, Version 17 and Later Metal Form Safety Application Instructions
Mnemonic Name 20 s 12 s 20 s Execution Time with 1756-L6xS Controller AVC MVC MMVC Auxiliary Valve Control Main Valve Control Maintenance Manual Valve Control with 1756-L7xS Controller 10 s 9 s 14 s
Table 166 - RSLogix 5000, Version 14 and Later, Safety Application Instruction
Mnemonic Name 8 s 10 s 10 s 10 s Negative Feedback Positive Feedback Auto Reset Manual Reset 10 s 14 s 12 s 16 s 12 s Active Pin Enabled Active Pin Disabled 16 s 14 s 14 s Execution Time with 1756-L6xS Controller ENPEN ESTOP RIN ROUT Enable Pendant E-Stop Redundant Input Redundant Output Auto Reset Manual Reset with 1756-L7xS Controller 6 s 6 s 7 s 7 s 6 s 9 s 8 s 8 s 9 s 10 s 10 s 9 s
DIN FPMS THRS LC
Diverse Input 5-Position Mode Selector Two Handed Run Station Light Curtain
388
Index
A
abbreviations 14 active opto-electronic protective device 14 arming sequence 228 AVC auxiliary valve feedback fault 282 diagnostic codes 283 false rung state behavior 282 fault codes 283 immediate auxiliary valve reaction 281 normal auxiliary valve reaction 279-280 parameters 277-278 programming example 285 timing diagrams 279-282 wiring example 284 circuit verification test 14, 108, 109, 110, 112, 113 clutch brake programming example 260 wiring example 259 connect the run station 120 controller tag reference 316 CPM cam profiles 241-242 diagnostic codes 245 false rung state behavior 244 fault codes 245 normal operation (cam profile A) 243 normal operation (cam profile B) 244 parameters 239-241 timing diagrams 243-244 CROUT diagnostic codes 136 false rung state behavior 135 fault codes 136 feedback fault 135 normal operation 134 parameters 132-133 programming example 138 timing diagrams 134-135 wiring example 137 CSM diagnostic codes 258 false rung state behavior 257 fault codes 257 input pulse conversion 249 input status fault 256 loss of motion fault 254, 255 normal operation 250 parameters 247-248 start time exceeded fault 252 stop time exceeded fault 253 timing diagrams 250-256 uncommanded motion fault 251 CVT See circuit verification test.
B
BCAM See brake cam. BDC See bottom dead center. bottom dead center 14 brake cam 14
C
cam angles 242 Cam Profile A normal operation 243 Cam Profile B normal operation 244 cam profiles 241-242 CBCM arming sequence 225, 226, 227 de-energizing Output 1 233 diagnostic codes 235 energizing Output 1 228 false rung state behavior 235 half stroke with arming mode 231 immediate mode 229 immediate with arming mode 230 parameters 225-227 safety enable and takeover mode 234 stroke -and-a-half with arming mode 232 timing diagrams 229-234 CBIM de-energizing Output 1 211, 212 diagnostic codes 213 energizing Output 1 209, 210 false rung state behavior 212 parameters 207-209 timing diagrams 210-212 CBSSM de-energizing Output 1 220, 221 diagnostic codes 221 energizing Output 1 218, 219 false rung state behavior 221 parameters 216-217 timing diagrams 219-221
D
DCA diagnostic codes 101 discrepancy fault 100 false rung state behavior 100 fault codes 101 input status fault 98, 99 normal operation 94-97 parameters 92-93 programming example 103 timing diagrams 94-100 wiring example 101 DCAM See dynamic cam.
389
Index
DCM diagnostic codes 34 discrepancy fault 33 false rung state behavior 33 fault codes 34 input status fault 32 normal operation 31 parameters 29-30 programming example 35 timing diagrams 31-33 wiring example 35 DCS cycle inputs fault 48 diagnostic codes 50 discrepancy fault 49 false rung state behavior 49 fault codes 50 input status fault 46, 47 normal operation 41-45 parameters 39-40 programming example 51 timing diagrams 41-49 wiring example 51 DCSRT diagnostic codes 24 discrepancy fault 23 false rung state behavior 23 fault codes 24 input status fault 22 normal operation 21 parameters 19-20 programming example 25 timing diagrams 21-23 wiring example 25 DCST diagnostic codes 59 false rung state behavior 58 fault codes 59 functional test operation 57, 58 parameters 55-56 programming example 61 timing diagrams 57-58 wiring example 60 DCSTL after unlock fault 70 diagnostic codes 73 false rung state behavior 72 fault codes 72 functional test operation 71 parameters 65-67 programming example 75 start-up operation 68, 69 timing diagrams 68-71 wiring example 74 DCSTM diagnostic codes 85 false rung state behavior 84 fault codes 85 muting lamp status fault 84 normal operation 83 parameters 80-82 programming example 87 timing diagrams 83-84 wiring example 86 de-energize to trip 13, 311
390
de-energize to trip system 311 diagnostic codes AVC 283 CBCM 235 CBIM 213 CBSSM 221 CPM 245 CROUT 136 CSM 258 DCA 101 DCM 34 DCS 50 DCSRT 24 DCST 59 DCSTL 73 DCSTM 85 EPMS 272 FSBM 200 MMVC 304 MVC 293 SMAT 114 THRSe 127 TSAM 153 TSSM 172 DIN automatic reset 323, 324 cycle inputs operation 321 instruction parameters 317 operation with circuit reset held on - manual reset only 321 programming example 322, 324 wiring example 322, 323 disconnect the run station 120 diverse input with automatic reset wiring and programming 323, 324 dummy plug 384 dynamic cam 14, 245 dynamic stopping 242
E
electro-sensitive protective equipment 14 emergency stop instruction (ESTOP) 333 emergency stop with manual reset wiring and programming 338 EN692-2005 207 enable pendant instruction (ENPEN) 341 ENPEN automatic reset 347, 348 cycle inputs operation 345 instructions parameters 341, 342 manual reset 346 normal operation 343 operation with circuit reset held on - manual reset only 345 operation with inconsistent inputs 344 programming example 346, 348 wiring example 346, 347, 348
Index
EPMS diagnostic codes 272 false rung state behavior 271 fault codes 272 lock input OFF 270 lock input ON 271 parameters 268-269 programming example 273 timing diagrams 270-271 wiring example 272 ESTOP cycle inputs operation 337 instruction parameters 333, 334 manual reset 338, 339, 340 normal operation 335 operation with circuit reset held on - manual reset only 337 operation with inconsistent inputs 336 programming example 338, 340 wiring example 338 execution times 387
F
false rung state behavior AVC 282 CBCM 235 CBIM 212 CBSSM 221 CPM 244 CROUT 135 CSM 257 DCA 100 DCM 33 DCS 49 DCSRT 23 DCST 58 DCSTL 72 DCSTM 84 EPMS 271 FSBM 188 MMVC 303 MVC 292 SMAT 113 THRSe 126 TSAM 149 TSSM 168 V14 instructions 315
fault codes AVC 283 CPM 245 CROUT 136 CSM 257 DCA 101 DCM 34 DCS 50 DCSRT 24 DCST 59 DCSTL 72 DCSTM 85 EPMS 272 FSBM 188-199 MMVC 304 MVC 293 SMAT 114 THRSe 126 TSAM 150-153 TSSM 169-171 FPMS instruction parameters 362, 363 programming example 364 wiring example 364 FSBM diagnostic codes 200 false rung state behavior 188 fault codes 188-199 forward direction 181 invalid sequence 184 normal operation 181 override operation 187 parameters 179-180 programming example 201 reverse direction 183 sequence faults 190-199 timing diagrams 181-187 tolerated sequence 185 wiring example 200
H
how to latch and reset faulted I/O 313
I
I/O module connection status 312 I/O point mapping 315
L
LC automatic reset 359, 360 circuit reset held on operation - manual reset mode only 355 cycle inputs operation 355 input filter time 356 inputs inconsistent operation 354 instruction parameters 350, 351 light curtain muting operation 352 manual reset 356, 357 normal operation 352 programming example 357, 360 wiring example 356, 357, 359, 360
Index
light curtain muting operation 352 light curtain with automatic reset wiring and programming 359, 360 line conditioning 312
M
MMVC actuate in non-permissive state 302 diagnostic codes 304 false rung state behavior 303 fault after Output 1 energized 303 fault codes 304 normal operation 301 parameters 299-300 permissive state 298, 299, 301, 303 timing diagrams 301-303 MVC diagnostic codes 293 false rung state behavior 292 fault codes 293 normal operation 291 parameters 289-290 programming example 294 timing diagrams 291-292 wiring example 294
P
parameters AVC 277-278 CBCM 225-227 CBIM 207-209 CBSSM 216-217 CPM 239-241 CROUT 132-133 CSM 247-248 DCA 92-93 DCM 29-30 DCS 39-40 DCSRT 19-20 DCST 55-56 DCSTL 65-67 DCSTM 80-82 EPMS 268-269 FSBM 179-180 MMVC 299-300 MVC 289-290 SMAT 107-108 THRSe 119-120 TSAM 143-144 TSSM 161-163 permissive state 302 MMVC 298, 299, 301, 303
programming example AVC 285 clutch brake 260 CROUT 138 DCA 103 DCM 35 DCS 51 DCSRT 25 DCST 61 DCSTL 75 DCSTM 87 DIN 322, 324 ENPEN 346, 348 EPMS 273 ESTOP 338, 340 FPMS 364 FSBM 201 LC 357, 360 MVC 294 RIN 330, 332 ROUT 370, 372 SMAT 115 THRS 382, 384 THRSe 128 TSAM 155 TSSM 173 pulse test diverse input 323, 324 emergency stop 339, 340 enable pendant 348 light curtain 358, 361 redundant input 331, 332 redundant output 371, 373 two-hand run station 382, 385
R
redundant input with automatic reset wiring and programming 331 redundant input with manual reset wiring and programming 330 redundant output with negative feedback (RONF) 366 redundant output with positive feedback (ROPF) 366 redundant output with positive feedback wiring and programming 372 reset safety information 206, 215, 224 reversing the press 238 RIN automatic reset 331 cycle inputs operation 329 instruction parameters 325, 326 manual reset 330 normal operation 327 operation with circuit reset held on - manual reset only 329 operation with inconsistent inputs 328 programming example 330, 332 wiring example 330, 331 RONF 369 ROPF 368, 372
392
Index
ROUT instruction parameters 366, 367 negative feedback examples 368 positive feedback 372 positive feedback examples 369 programming example 370, 372 wiring example 370, 372
S
sequence faults FSBM 190-199 TSAM 150-153 TSSM 170-171 SMAT automatic restart operation 110 diagnostic codes 114 false rung state behavior 113 fault codes 114 fault detection 113 mat occupied 111 mat unoccupied 112 parameters 107-108 programming example 115 restart operation 109 timing diagrams 109-113 wiring example 115 soft clutch 276, 279 system dependencies 312
T
takeover cam 14, 245 TCAM See takeover cam. terminology 14 THRS active pin disabled 381, 382 active pin enabled 383, 384 button fault operation 380 button tie-down operation 378 cycle buttons operation 379 dummy plug 384 instruction parameters 375, 376 normal operation 377 programming example 382, 384 wiring example 381, 383, 384 THRSe button discrepancy fault 124 button glitch diagnostic 123 button held down 122 diagnostic codes 127 false rung state behavior 126 fault codes 126 normal operation 121 parameters 119-120 programming example 128 run station disconnected 125 timing diagrams 121-125 wiring example 127
timing diagrams AVC 279-282 CBCM 229-234 CBIM 210-212 CBSSM 219-221 CPM 243-244 CROUT 134-135 CSM 250-256 DCA 94-100 DCM 31-33 DCS 41-49 DCSRT 21-23 DCST 57-58 DCSTL 68-71 DCSTM 83-84 EPMS 270-271 FSBM 181-187 MMVC 301-303 MVC 291-292 SMAT 109-113 THRSe 121-125 TSAM 144-149 TSSM 163-168 TSAM diagnostic codes 153 false rung state behavior 149 fault codes 150-153 invalid sequence 146 normal operation 144 override operation 149 parameters 143-144 programming example 155 sequence faults 150-153 timing diagrams 144-149 tolerated sequence 147 wiring example 154 TSSM diagnostic codes 172 false rung state behavior 168 fault codes 169-171 invalid sequence 165 normal operation 163 override operation 168 parameters 161-163 programming example 173 sequence faults 170-171 timing diagrams 163-168 tolerated sequence 166 wiring example 172 two-hand run station instruction See THRS. two-hand run station with active pin enabled wiring and programming 383, 384
393
Index
W
wiring example AVC 284 clutch brake 259 CROUT 137 DCA 101 DCM 35 DCS 51 DCSRT 25 DCST 60 DCSTL 74 DCSTM 86 DIN 322, 323 ENPEN 346, 347, 348 EPMS 272 ESTOP 338, 339, 340 FPMS 364 FSBM 200 LC 356, 357, 359, 360 MVC 294 RIN 330 ROUT 370, 372 SMAT 115 THRS 381, 383, 384 THRSe 127 TSAM 154 TSSM 172
394
Rockwell Automation Support

Rockwell Automation provides technical information on the Web to assist you in using its products. At http://www.rockwellautomation.com/support/, you can find technical manuals, a knowledge base of FAQs, technical and application notes, sample code and links to software service packs, and a MySupport feature that you can customize to make the best use of these tools. For an additional level of technical phone support for installation, configuration, and troubleshooting, we offer TechConnect support programs. For more information, contact your local distributor or Rockwell Automation representative, or visit http://www.rockwellautomation.com/support/.
Installation Assistance
If you experience a problem within the first 24 hours of installation, review the information that is contained in this manual. You can contact Customer Support for initial help in getting your product up and running.
United States or Canada Outside United States or Canada 1.440.646.3434 Use the Worldwide Locator at http://www.rockwellautomation.com/support/americas/phone_en.html, or contact your local Rockwell Automation representative.
New Product Satisfaction Return

Rockwell Automation tests all of its products to ensure that they are fully operational when shipped from the manufacturing facility. However, if your product is not functioning and needs to be returned, follow these procedures.
United States Outside United States Contact your distributor. You must provide a Customer Support case number (call the phone number above to obtain one) to your distributor to complete the return process. Please contact your local Rockwell Automation representative for the return procedure.
Documentation Feedback
Your comments will help us serve your documentation needs better. If you have any suggestions on how to improve this document, complete this form, publication RA-DU002, available at http://www.rockwellautomation.com/literature/.
Rockwell Otomasyon Ticaret A .., Kar Plaza Merkezi E Blok Kat:6 34752 erenky, stanbul, Tel: +90 (216) 5698400
www.rockwel lautomation.com
Power, Control and Information Solutions Headquarters
Americas: Rockwell Automation, 1201 South Second Street, Milwaukee, WI 53204-2496 USA, Tel: (1) 414.382.2000, Fax: (1) 414.382.4444 Europe/Middle East/Africa: Rockwell Automation NV, Pegasus Park, De Kleetlaan 12a, 1831 Diegem, Belgium, Tel: (32) 2 663 0600, Fax: (32) 2 663 0640 Asia Pacific: Rockwell Automation, Level 14, Core F, Cyberport 3, 100 Cyberport Road, Hong Kong, Tel: (852) 2887 4788, Fax: (852) 2508 1846
Publication 1756-RM095E-EN-P - February 2012

Supersedes Publication 1756-RM095D-EN-P - November 2009 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Printed in the U.S.A.
GuardLogix Safety Application Instruction Set
Safety Reference Manual

1756 rm095 - en P

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

1756 rm095 - en P

Caricato da

Copyright:

Formati disponibili

Safety Reference Manual

GuardLogix Safety Application Instruction Set

Important User Information

New and Updated Information

This table contains the changes made to this revision.

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

Chapter 1 General Safety Application Instructions

Chapter 2 Metal Form Instructions

379 380 381 382 383 384

Appendix B Execution Times for Safety Application Instructions Index

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

Topic GuardLogix Controller Operation Terminology Additional Resources

GuardLogix Controller Operation

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

The following table defines abbreviations used in this manual.

Version 17 and Later Metal Form and General Instructions

Version 14 and Later General Instructions

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

Page 18 28 38 54 64 79 91 106 118 131 141 159 177

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

Dual-channel Input Start (DCSRT)

DCSRT Instruction Parameters

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

Discrepancy Time (ms)

Channel A(1) Channel B(1) Input Status

Boolean Boolean Boolean

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

Fault Present (FP) Fault Code Diagnostic Code

Boolean Integer Integer

Do not write to any instruction output tag under any circumstances.

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

DCSRT Normal Operation

C D E Discrepancy Time = 250 ms

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

DCSRT Input Status Fault Operation

Input Type = Equivalent - Active High Discrepancy Time = 250 ms

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

DCSRT Discrepancy Fault Operation

DCSRT False Rung State Behavior

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

DCSRT Fault and Diagnostic Codes

Table 5 - DSCRT Diagnostic Codes and Corrective Actions

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

DCSRT Wiring and Programming Example

Momentary Push Button

Key: Color code represents data or value typically used.

Rockwell Automation Publication 1756-RM095E-EN-P - February 2012

General Safety Application Instructions

Figure 7 - Ladder Logic