Safety PLC and ordinary PLC difference
With the maturing of industrial automation, modern factories have abandoned the original equipment is simple, single function, lack of security. Therefore, in our field of industrial automation, EMERGENCY STOP button, safety door lock and safety system are more and more applied to our automated production equipment and production lines. Their use has added the security guarantee to the originally dangerous equipment . Our work process has been safely monitored, which not only enables the field operators to have a better safety production environment, but also contributes to the efficient production and safety management of the enterprise.
As the most important part of the safety family, safety PLC has been more and more recognized, but in the course of using, there are still many users confused why a similar PLC used in the past was crowned with safety PLC , Safety PLC and ordinary PLC in the end what are the differences, in this and everyone to share.
As we all know, the concept of safety design, we must remember three words: 1. Redundancy; 2. Disparate; 3. Self-test.
And only realize the above three safety concept design products, we can think it is a safety product, and ordinary PLC products do not have a safe design. Then we look at how the safety PLC is designed to achieve these three concepts.
1. Redundancy
Ordinary PLC internal CPU number one or more, but the program is usually a process, the function of multiple CPU is the program logic, arithmetic, communication functions to share, that is, collaborative processing.
At least two or more CPUs are available in the safety PLC. The functions of the two CPUs are: Executed separately for the same program, and then compared with each other. If the result is consistent, output is performed. If not, the selection is made. Safe output (usually not output or shutdown)
Therefore, only CPUs with redundant design can be called safety PLCs.
In addition, the CPU in the safety PLC detects clock detection, watchdog timer, sequence check, and memory check.
Clock Measurement: In a processor circuit, two different oscillators cross-check their behavior, using one clock per processor to check if the other is operating. If in a certain period, it is detected that the other party is not running, the CPU will enter a safe state. The firmware checks the accuracy of both oscillators every second.
Watch Clock: A hardware and a firmware watchdog check the PLC's activity and execute user logic execution time. This is the same as a conventional PLC system.
Sequence checking: Sequence checking monitors the execution of different parts of the CPU operating system.
Memory Checks: All static memory areas, including flash memory and RAM, are detected using Cyclic Redundancy Codes (CRC) and are double coded. The dynamic memory area is protected by double codes and periodically tested. These tests are reinitialized on cold start.
From the above analysis we can see that the diagnosis and detection of safety PLC is much more than the detection of conventional PLC, so the design of hardware and software is relatively more complicated. Of course, the scope of testing and diagnosis is broader and more detailed.
Different
Safety PLCs usually have two processors, usually processors are provided by two different manufacturers, such as a Motorola, an Intel, while decoding and execution. This difference provides the following benefits of failure detection:
1. Two executable code generated by itself, the compiler makes the difference in the generation of the code, easy to detect system failure.
2. The two generation codes are executed by different processors, so the CPU can detect the system failure and random failure of the PLC when the code is executed.
3. Two separate memory areas are used for both processors so that the CPU can detect a random failure of the RAM which can not be detected at all RAM checks per scan cycle.
Self-test
Safety PLC self-test reflected in all aspects, including the CPU processing self-test, self-test power monitoring, safety input and output points of the circuit board status self-test.
Here we introduce how the safety input and output design reflects the safety concept of self-test design.
Safety digital input
The yellow part is the unique circuit design of the safety input point, there is no ordinary input point.
Internal Diagnostics: One common input circuit and two independent acquisition chains per input channel, each microprocessor driving a digital input serializer (DIS) to sample incoming information. In addition, the microprocessor also drives a digital input reducer (DID), which drives the diagnostic function block to diagnose and compare the recovered data with the incoming data.
Input channel error detection: digital input monitor field-side power supply, the use of external wiring for leakage current detection, the minimum leakage current is 1mA, if there is no leakage current, on behalf of the external circuit open fault, dry contact in the case, A 10k ohm pull-up resistor is connected in parallel at both ends of the contact for disconnection detection of the external line. Each input circuit is configured with switches that are periodically forced to 1 or 0 to detect the health of the circuit. Each input circuit is independently tested, and if a problem is found, the diagnostic bit is set to 1, declaring that the channel is not healthy.
Safety digital output
The yellow part is the unique circuit design of the safety input point, there is no ordinary input point.
Internal Diagnostics: In order to check if the switch can be opened and closed, a pulse test is performed on the output module (inside the module's circuitry, with periodic diagnostic cycles inserted).
Diagnostic sequences include:
Change the switch command, this time is very short, will not affect the actuator, the maximum does not exceed 1ms; verify the test results, and restore the correct switch command.
Power Monitoring: Each output circuit consists of two switches in series, with two processors individually controlled. The first microprocessor used a Digital Output Reducer (DOD) to drive its switch, while the second microprocessor activated its switch after the reducer. In each cycle, the midpoint voltage of both microprocessor systems should be compared to a threshold and then swapped if they were to evaluate midpoint status and diagnose switch status. If you check the error behavior in one channel, stop immediately and set diagnostic bits to notify the CPU that a fault message will be reflected in the CPU.
In summary, I hope everyone on the difference between safety PLC and ordinary PLC has a more understanding, but also through the above introduction, learned three important concepts of security product design. When using safety-related products in the future, these safety products can be recognized in the light of what they share today, and they are designed to differentiate themselves from standard control products.