SIMATIC PCS 7

F Systems Exercise

F - Systems Tasks

Emergency Stop switch F-shutdown / ESD Reactor pressure1

(F-DI 24 – CH 0/12 1oo2, (F-DO 10 – CH 0, SIL3) (F-AI 6 – CH 0, 4DMU)
Non-equivalent)
Agitator active Reactor pressure 2
Fill level (F-DO 10 – CH 1, SIL3) (F-AI 6 – CH 1, 4DMU)
(F-DI 24 – CH 1/13,
1oo2, Equivalent) Acknowledgment
request
Gas detection (F-DO 10 – CH 9, SIL3)
(F-DI 24 – CH 2, SIL2)

ITDA Page 1
 SIMATIC PCS 7
F Systems Exercise

Content

1 Exercise F - 1 .............................................................................................. 3
1.1 Retrieve Project ........................................................................................................... 3
2 Exercise F - 2 .............................................................................................. 4
2.1 Configure the failsafe hardware................................................................................. 4
2.2 F-channel driver......................................................................................................... 16
2.3 F-Reference ................................................................................................................ 17
3 Exercise F - 3 ............................................................................................ 17
3.1 Create a failsafe program – ESD .............................................................................. 17
3.2 Create a failsafe program - Pressure SIF ................................................................ 18
3.3 Create a failsafe program – Level SIF ..................................................................... 20
3.4 Create a failsafe program – Gas Detection SIF ...................................................... 20
3.5 F-Comparison ............................................................................................................ 21
4 Exercise F - 4 ............................................................................................ 22
4.1 Realize a user acknowledgment .............................................................................. 22
5 Exercise F – 5 ........................................................................................... 25
5.1 Maintenance Override (MOS) ................................................................................... 25
6 Exercise F - 7 ............................................................................................ 26
6.1 Safety Data Write (SDW) ........................................................................................... 26
7 Exercise F - 8 ............................................................................................ 28
7.1 Failsafe AS-AS-communication ............................................................................... 28
8 Exercise F - 9 ............................................................................................ 29
8.1 Create an F - block typical ........................................................................................ 29
Glossary .......................................................................................................... 30

ITDA Page 2
 SIMATIC PCS 7
F Systems Exercise

1 Exercise F - 1

1.1 Retrieve Project

Retrieve the project from C:\Safety Workshop Master into C:\Safety Project Student.

Make sure the HW-Config and the IP addresses of the project are consistent with your
Lab configurations, if not, make the necessary changes. Don’t configure any
failsafe module YET! , that’s the task for another exercise F-2 !
Configure PC Station, download the HW-Config to ES and AS, download the network
connections, compile and download CFC and start OS..

You should have a running project and be able to operate it from the OS.

ITDA Page 3
 SIMATIC PCS 7
F Systems Exercise

2 Exercise F - 2
2.1 Configure the failsafe hardware
Make the necessary parameter settings in the CPU, configure the failsafe ET 200M station
and complete the hardware configuration for the F-modules. A step by step procedure is
described below.

 Configuring the failsafe hardware:

1. Configure the CPU for Safety operation..

 The CPU contains a safety program and therefore has to be password

protected.
 The CPU contains Safety program must be selected.

 The OBs containing a Safety program should have a priority higher then 15.

ITDA Page 4
 SIMATIC PCS 7
F Systems Exercise

2. Select the corresponding "IM153-2" (6ES7-153-2BA10-0XB0) object from the

catalog and insert it into the PROFIBUS (1): DP master system. Make sure that you
assign the right Profibus address (3) and (4).

3. Select the corresponding input/output modules from the catalog and move them via
drag-and-drop into the slots of the IM 153-2. The “F Target Address” of each
module can follow default but the “I/O Address” must correspond to the table
below.

Module F_Dest_address I/O Address

F - DI24xDC24V 1 4
F - DO10xDC24V/2A 2 16
F - AI6x15Bit 3 512

Configure the first channels for each F-module according to the following
pictures. Deactivate all the other channels; i.e. turn off the “Group
diagnostics”!

ITDA Page 5
 SIMATIC PCS 7
F Systems Exercise

Symbolic
Comment Address I/O Module - channel
Name / Chart
GT_100 1 = No gas I4.2 F-DI 24 – CH 2, SIL2
SIF Gas detected
ESD 1 = Emergency I4.0 F-DO 10 – CH 0, SIL3
SIF Agitator stop not active (1oo2, non-equivalent)
Sensor supply via
module
LS_100 1 = Fill level ok I4.1 F-DI 24 – CH 1/13,
SIF Level 1oo2, Equivalent
PT_110 Reactor pressure 1 IW512 F-AI 6 – channel 0
SIF Pressure (1oo1 – 1 Sensor)
PT_111 Reactor pressure 2 IW518 F-AI 6 – channel 3
SIF Pressure (1oo1 – 1 Sensor)
HS_103 1 = Agitator active Q16.1 F-DO 10 – channel 1
SIF Agitator (SIL3)
H_ESD 0 = F-Shutdown / Q16.0 F-DO 10 – channel 0
SIF Agitator ESD (SIL3)
XV_110 1 = Pressure drain Q16.2 F-DO 10 – channel 2
SIF Pressure valve closed
XV_121 1 = Feed valve 1 Q16.3 F-DO 10 – channel 3
SIF Level open
XV_131 1 = Feed valve 2 Q16.4 F-DO 10 – channel 4
SIF Level open
XV_140 1 = Sprinkler Q16.5 F-DO 10 – channel 5
SIF Gas equipment off
ACK_REQ 1 = Acknowledge Q17.1 F-DO 10 – channel 9
SIF ACK request

4. Configure the DI24xDC24V:

ITDA Page 6
 SIMATIC PCS 7
F Systems Exercise

ITDA Page 7
 SIMATIC PCS 7
F Systems Exercise

ITDA Page 8
 SIMATIC PCS 7
F Systems Exercise

5. Configure the DO 10xDC24V / 2A:

ITDA Page 9
 SIMATIC PCS 7
F Systems Exercise

ITDA Page 10
 SIMATIC PCS 7
F Systems Exercise

6. Configure the AI 6x13Bit:

ITDA Page 11
 SIMATIC PCS 7
F Systems Exercise

ITDA Page 12
 SIMATIC PCS 7
F Systems Exercise

ITDA Page 13
 SIMATIC PCS 7
F Systems Exercise

ITDA Page 14
 SIMATIC PCS 7
F Systems Exercise

7. The symbolic names for the hardware addresses have to be imported from the
symbols file, which is located under the following path: D:\Safety Project Master.

 How to import the symbols file:

1. Open the symbol table:

2. Import file:

After compilation and download the “Safe LED” of every F-Module should be green!

ITDA Page 15
 SIMATIC PCS 7
F Systems Exercise

8. Archive your project up to this point; it’ll be used for another

exercise!

2.2 F-channel driver

Create the CFC charts “SIF_Acknowledgment”, “SIF_Agitation”, “SIF_GasDetection”,
“SIF_Level”, and “SIF_Pressure” in the corresponding Plant Hierarchy folders.

Use the blocks from the S7 F Systems Lib V1_3.

Insert one channel driver block for each module into the corresponding CFC chart.
Rename the blocks and interconnect them as described below:

When you insert the first F-block into your program you will be asked to define an F-
password!

F-Channel Driver Block Name Interconnection to Address…

 SIF_Agitation
o F_CH_DI → EST → EST
o F_CH_DO → HS_103 → HS_103

 SIF_Pressure
o F_CH_AI → PT_110 → PT_110

 SIF_GasDetection
o F_CH_DI → GT_100 → GT_100

Make sure the F-blocks are inserted into OB35!

Compile the entire program with the function “Generate module drivers” selected. During
compilation, assign the maximum cycle time with the default value (3000ms). Download the
program. Start Controller.

Make sure that on all F-modules the “SAFE” LED is on and no RED SF LED. This
typically indicates that the module F-Destination address set in H/W configuration and its
dip switch pattern is matching and correct.

ITDA Page 16
 SIMATIC PCS 7
F Systems Exercise

2.3 F-Reference
Save the reference of the F-Program for a comparison later.

3 Exercise F - 3
3.1 Create a failsafe program – ESD
Follow the next steps to set up an Emergency Shutdown (ESD) for the motor “HS_103” in
the CFC chart “SIF_Agitation”. When the red stop push button is triggered, the motor
should turn off and the red LED should be illuminated.

 Use converter blocks for the connection between the standard and F blocks!

 Activate “Channel 6” of the F-DO module.

Insert a channel driver into the chart “SIF_Agitation”. Rename the driver and
connect it as shown below.

F-Channel Driver Block Name Interconnection to Address…

o F_CH_DO → H_ESD → H_ESD

 Connect the output “QSTART” of the motor AND the failsafe signal “Q” of the
EST channel driver with the input “I” of the HS_103. As a result the active motor is
indicated by the green LED on the operator panel.

 Consider the different runtime groups for standard- and F-blocks!

 Connect the output signal “QN” of the EST channel driver to the input signal “IN1”
of a F_OR4 block.

 Connect the output signal “OUTN” of the F_OR4 block to the input signal “I” of the
H_ESD channel driver.

 Connect the output signal “Q” of the EST channel driver to the input of the interlock
block in the HS_103 motor chart (make sure that the connection is inverted).

 Compile, download and test your program. Troubleshoot if necessary. The failsafe
functionality should be indicated by an illuminated red LED.

ITDA Page 17
 SIMATIC PCS 7
F Systems Exercise

3.2 Create a failsafe program - Pressure SIF

Follow the next steps to set up a failsafe pressure monitoring (Safety Integrated Function,
SIF) for the valve “XV_110” in the CFC chart “SIF_Pressure”:

If the 1oo2 evaluation of the analog transmitters “PT_110” and “PT_111” detects a
specific difference in reactor pressure or the pressure surpasses the predefined valve
high limit, the pressure drain valve XV_110 will open to get into the failsafe state which is
the unlock position in order to relieve the excess pressure (Measurement range 0 – 20
bar, limit value: 18bar).

 First configure “Channel 1” of the analog input module FAI 6x13Bit as the same as
“Channel 0” is configured.

 Open the CFC chart “SIF_Pressure” and insert another analog channel driver
F_CH_AI. Name it PT_111 and connect it to its symbol.

 Set up the measuring range for both channel drivers on the inputs. VHRANGE =
20 and VLRANGE = 0.

 Insert a “F_1oo2AI” block and a “F_LIM_HL” block and make the necessary
interconnections and parameter adjustments as shown below:

ITDA Page 18
 SIMATIC PCS 7
F Systems Exercise

 Now connect the output signal “QH” of the High Limit block and the output “DIS”
of the 1oo2 block to the inputs of the interlock block in the CFC “XV_110” (invert
the signal and use converter blocks).

 Connect the output signal “V_DATA” of the channel drivers to the corresponding
input “U” of the MEAS_MON blocks of the pressure charts PT_110 and PT_111.

 Compile, download and test your program. Troubleshoot if necessary. The

failsafe functionality should be indicated by an illuminated red LED.

ITDA Page 19
 SIMATIC PCS 7
F Systems Exercise

3.3 Create a failsafe program – Level SIF

Set up a failsafe function in the CFC chart “SIF_Level” to monitor the fill level of Reactor A.

 First configure “Channel 6, 18” of the digital input module DI 24xDC24V as a

1oo2 evaluation with 2 channel equivalency.

 Insert an F_DI channel driver, name it LS_100 and connect it to the

corresponding address. Make the required connections, so that the feed valves
“XV_121” and “XV_131” should switch to the failsafe status when the level
overflow transmitter “LS_100” is triggered.

 Compile, download and test your program. Troubleshoot if necessary. The

failsafe functionality should be indicated by an illuminated red LED.

3.4 Create a failsafe program – Gas Detection SIF

Set up a failsafe function in the CFC chart “SIF_GasDetection” to monitor the gas of
another area (orange colour area in the picture “ReactorA.pdl”).

 Insert an F-DI channel driver, name it GT_100 and connect it to the

corresponding address. Make the required connections, so that the sprinkler
equipment “XV_140” should be switched on when the gas detection sensor
detects the gas.

 Compile, download and test your program. Troubleshoot if necessary. The

failsafe functionality should be indicated by an illuminated red LED.

ITDA Page 20
 SIMATIC PCS 7
F Systems Exercise

3.5 F-Comparison
Compare the saved reference with the actual F-Program.

ITDA Page 21
 SIMATIC PCS 7
F Systems Exercise

4 Exercise F - 4

4.1 Realize a user acknowledgment

Create a user acknowledgment via the block F_QUITES and configure a user
acknowledgment via the OS-Station. In addition, display the signal for the acknowledgment
request by a yellow LED on the operator panel.

 Insert a “F_QUITES” block in the “SIF_Acknowledgment” chart, name it

“ACK_REI_OS” and make the corresponding object properties changes as shown
below:

 Connect the output “OUT” of the “F_QUITES” block to all the inputs “ACK_REI” and
“ACK” of the failsafe blocks. Make sure that for all the failsafe blocks the input
“ACK_NEC” is set to a “1”.

 Connect the output “ACK_REQ” of all the failsafe blocks to the input “I” of a
DIG_MON and a CH_DO block by using an “OR” block. Connect the output
“VALUE” of the CH_DO with the symbol “Ack_Nec”:

 Compile and download the entire program.

 Compile the entire OS and open the picture “ReactorA.pdl”.

ITDA Page 22
 SIMATIC PCS 7
F Systems Exercise

 Configure the Button “Reset 6”:

 Open the object properties

 Configure the display properties for the ”Reset 6” button:

Out.Value

 Configure the mouse event for the “Reset 6” button:

ITDA Page 23
 SIMATIC PCS 7
F Systems Exercise

 Configure Button “Reset 9”

 Configure the display properties for the “Reset 9 button:

 Configure the mouse event for the “Reset 9” button the same as for “Button 6”
only with the difference that the constant of the source has to be a “9”.

ITDA Page 24
 SIMATIC PCS 7
F Systems Exercise

5 Exercise F – 5

5.1 Maintenance Override (MOS)

Use the MOS blocks to create a channel driver simulation for the voted inputs "PT_110"
and "PT_111" with the option exclusive bypass and limited simulation time.

Insert the following blocks to the CFC "SIF_Pressure":

 SWC_MOS
 F_SWC_R (substitute value for the F_CH_AI drivers)
 F_SWC_BO (enable simulation, 2 blocks with block names: PT_110 and PT_111)
 F_SWC_P (communication block)
 Use the template SWC_TR in addition to set the simulation for a limited time of
1 minute.

It's necessary to insert a plant designation for the CPU in HW config.

Set the SWC_MOS mode to "MutualExclBypass".

ITDA Page 25
 SIMATIC PCS 7
F Systems Exercise

6 Exercise F - 7

6.1 Safety Data Write (SDW)

When the OS is compiled block icons for the SDW blocks are created. Some of the
attributes of these block icons are overwritten after every compilation with the option
“Create/update block icons” because the “saving” entry of these parameters does not exist
in the configuration file @@PCS7Tyicals.cfg of the OS project. The names of these
attributes and properties are given in the configuration dialog of the block icon:

You will find the @@PCS7Tyicals.cfg file in the project path of the OS Server project on
the ES under wincproj\OS(1)\WScripts. The following attributes must be added in the file:
Upper and lower cases must be considered! After changing the file, safe and close
it!
Your file should look like the following:

ITDA Page 26
 SIMATIC PCS 7
F Systems Exercise

Follow the next steps to set up Safety Data Write (SDW) functionality for the pressure SIF
in the CFC chart “SIF_Pressure”. You should be able to start simulation and set simulation
values from the OS for the two analog inputs PT_110 and PT_111

 Open the “SIF_Pressure” chart and insert one F_CHG_R block and one
F_CHG_BO block. Rename them and assign the corresponding parameters:
SAFE_ID1, SAFE_ID2, MIN, MAX, MAXDELTA, EN_CHG.
 Remember: SAFE_ID1 is unique in CPU and SAFE_ID2 is unique in system.

 Connect the output “OUT” of the F_CHG_R block to the input SIM_V of both
analog input drivers.
 Connect the output “OUT” of the F_CHG_BO block to the input SIM_ON of both
analog input drivers.

 Compile, download and open the graphic “reactor.pdl” of the Graphics Designer in
the WinCCExplorer.
 Open the object properties of the new created block icons and assign user
authorizations as well as the corresponding SAFE ID that matches the one from
the F-block in the CFC chart.

 Activate the OS and test your SDW functionality.

ITDA Page 27
 SIMATIC PCS 7
F Systems Exercise

7 Exercise F - 8

7.1 Failsafe AS-AS-communication

 Configure or “Import” the AS station of your neighbour into your project.

 Set up a connection with this AS. Make sure that the respective networks have the
same subnet ID.

 Now set up a failsafe communication to your partner station in the CFC chart
“SIF_Agitation”

 Use the corresponding communication blocks from the F library.

 If you press the EST button on your panel, the red LED of your partner station’s
panel will be illuminated.

 Test the function in CFC online mode.

ITDA Page 28
 SIMATIC PCS 7
F Systems Exercise

8 Exercise F - 9

8.1 Create an F - block typical

For parts of the program, which are used more often, you can create them
as F-Block-typicals.

Create a chart which will be used as a typical later on in your project.

Make sure that this chart is created in a separate project or via a “dummy”
controller.

Configure an “Exclusive OR”.

Compile the chart as a block type. . Afterwards, insert this new block into
your project and test the function in the CFC online mode.

ITDA Page 29
 SIMATIC PCS 7
F Systems Exercise

Glossary
1oo1 Type of architecture: 1 channel system, may loose safety if one element
fails.
1oo1D Type of architecture: 1 channel system, may loose safety if one element
fails.; enhanced diagnostics.
1oo2 Type of architecture: 2 channel system, keeps safety even if one element
fails.
1oo2D Type of architecture: 2 channel system, keeps safety even if one element
fails; enhanced diagnostics.
E/E/PES Electrical / Electronic / Programmable Electronic System
FIT Failure in Time
FMR Flexible Modular Redundancy
HAZOP Hazard and Operability Analysis
HFT Hardware Failure Tolerance
HMS High Modular Redundancy
LOPA Level of Protection Analysis
MTBF Meantime between Failures
MTTR Meantime to repair
PFD Probability of Failure on Demand,
probability that a safety function will not work if required; used if safety
function is low demand (less than 1 per year to be used)
PFH Probability of Failure per Hour,
probability of a failure per hour in a high demand system continuously
performing the safety function)
PHA Process Hazard Analysis
QMR Quad Modular Redundancy
SDW Safety Data Write
SFF Safe Failure Fraction, measure for the percentage of failures in a safety
circuit which can be controlled
SIF Safety Instrumented Function group
SIL Safety Integrity Level: level of safety, level of required risk reduction
SIS Safety Instrumented System
SRS Safety Requirement Specification
TCl Cycletime
TCl_max max. Cycletime monitoring
TDAT Time to Acknowledge
TDP_DLY CP Delay
TDP_FD DP- Failure Detection
TDP_SO DP- Switchover
TF Runtime F-Program
TMR Tripple Modular Redundancy
TSLAVE Delay IM and backplane bus (typ. 1ms)
TSLAVE_SO Switchover Slave (IM)
TTR Target Rotation Time
TPSTO PROFISAFE Timeout I/Os
λD transfer rate to a DANGEROUS state
λDD transfer rate to a DANGEROUS DETECABLE state
λDU transfer rate to a DANGEROUS UNDETECTABLE state
λS transfer rate to a SAFE state

ITDA Page 30