11/5/2009 1:12 AM | |
Joined: 10/7/2005 Last visit: 10/15/2024 Posts: 3024 Rating: (1054)
|
Hello Jasner the TUV certificate is in general the "ultimate" certificate to have for it, but good on you for questioning what is really going on behind the scenes and how does Siemens "get away" with doing CAT4/SIL3 certified safetyin a single F-CPU. The answer is in general quite simple: Through time based redundancy and diversity. What this means is this: You program your safety logic in F-LAD and/or F-FBD. When youhit the compile button, the compiler takes your safety logic andinverts it as well as converts it toa WORD based logic (this gives you diversity). When the Safety program is executed, it willbe executed twice every time its called (without you as a programmer having to "worry" about it). First execution is done on what youprogrammed followed by an execution of the "diversified" (inverted and WORD based) logic that the compiler created for you (this is the "time based redundancy" part). Whenboth executions are done the safety call compares the resultsand "expects" that they will be exactly opposite (and if not shut down the CPU). This is how Siemens is able to achieve TUV certified CAT4/SIL3 rating for a single CPUand it is not only pretty "safe" but also pretty clever in my humble opinion. Attached is a pic to help visualising the above description and it would be nice if Siemens would promote this a bit more in their glossy F-System brochures(it is not a secret but something that is frequently being "questioned" by customers and users alike). Below is additionally a link to an (independent) ARC white paper pdf on Siemens Safety integrated: ARC white paper on Siemens Safety integrated I hope this helps |
Last edited by: fritz at: 11/5/2009 1:18 AMAdded ARC white paper link Cheers |
|
This contribution was helpful to9 thankful Users |
11/5/2009 1:55 AM | |
Joined: 1/4/2008 Last visit: 9/26/2024 Posts: 703 Rating: (96) |
Hello Jasner, as addition to very good explanation fromFritz, seemsto me that you mix the two different things - "fail safe" and "fault tolerant (redundant)". The difference is verywell described by Daniel Chartier in this thread. If you need also fault tolerant system along with the fail safe, you would use the FH systems, but as I know, there areonly the CPUsfrom theS7-400 family of this type. Regards Sydney |
6/16/2019 8:59 PM | |
Posts: 32 Rating: (0) |
Not to worry... I've found it! Thx. any way! |
Follow us on