As Fe I 018 v10b Safety F POS e

Safety position, standstill and
direction detection and monitoring

safely limited speed (SLS) on the
basis of Distributed Safety
Distributed Safety
Application Description  July 2013
Applications & Tools

Answers for industry.
Siemens Industry Online Support
This article is taken from the Siemens Industry Online Support. The following link
takes you directly to the download page of this document.
http://support.automation.siemens.com/WW/view/en/49221879
Copyright  Siemens AG 2013 All rights reserved
Application of an F Position Encoder

2 V 1.0a, Entry ID: 49221879
s Task 1
Solution 2
Program Structure 3
SIMATIC F Position Encoder 4

Application of an F Position Realizing the
Encoder Functionalities 5
Required Components 6
Installation 7
Operating the Application 8
Norm Considerations 9
History 10

V 1.0a, Entry ID: 49221879 3
Warranty and Liability
Warranty and Liability

Note The application examples are not binding and do not claim to be complete
regarding configuration, equipment and any eventuality. The application
examples do not represent customer-specific solutions. They are only intended
to provide support for typical applications. You are responsible for ensuring that
the described products are used correctly. These application examples do not
relieve you of the responsibility to use sound practices in application, installation,
operation and maintenance. When using these Application Examples, you
recognize that we cannot be made liable for any damage/claims beyond the
liability clause described. We reserve the right to make changes to these
application examples at any time without prior notice. If there are any deviations
between the recommendations provided in this application example and other
Siemens publications – e.g. Catalogs – the contents of the other documents
have priority.
We accept no liability for information contained in this document.

Any claims against us - based on whatever legal reason - resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this application example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,
body or health, guarantee for the quality of a product, fraudulent concealment of a
deficiency or breach of a condition which goes to the root of the contract

(“wesentliche Vertragspflichten”). However, claims arising from a breach of a
condition which goes to the root of the contract shall be limited to the foreseeable
damage which is intrinsic to the contract, unless caused by intent or gross
negligence or based on mandatory liability for injury of life, body or health. The
above provisions do not imply a change in the burden of proof to your detriment.
It is not permissible to transfer or copy these Application Examples or excerpts

thereof without express authorization from Siemens Industry Sector.
Before using this application example, please read the warning note in
chapter 8 “Operating the Application”.
WARNING

4 V 1.0a, Entry ID: 49221879
Table of Contents
Table of Contents
Warranty and Liability ................................................................................................. 4
1 Task ..................................................................................................................... 6
2 Solution............................................................................................................... 6
3 Program Structure ............................................................................................. 8
4 F Position Encoder ............................................................................................ 9
5 Realizing the Functionalities .......................................................................... 11
5.1 Safe standstill detection ..................................................................... 11
5.2 Safely limited speed (SLS) ................................................................. 14
5.3 Safe position detection ....................................................................... 17
5.3.1 Block description ................................................................................ 17
5.3.2 Modulo consideration ......................................................................... 20
5.4 Safe direction detection ...................................................................... 24
6 Required Components .................................................................................... 26
7 Installation ........................................................................................................ 27
8 Operating the Application ............................................................................... 28
9 Norm Considerations ...................................................................................... 30
10 History............................................................................................................... 32

V 1.0a, Entry ID: 49221879 5
1 Task
1 Task
Introduction
For a multitude of industrial application the precise recording of a position is pivotal.
However, detecting a position is always accompanied by a motion of, for example,
cranes, robots or general machine parts. In many cases this can cause dangerous
situations.
Nevertheless, hazards can also occur if a desired position is not reached or a
prohibited position is reached. To avoid these hazards, these position values have
to be safe. This is also the case for position detection and for the subsequent
position processing.
This leads to the question how position detection can be realized whilst keeping
safety in mind.
2 Solution
Options of safe position detection
For the safe detection of a position, SIEMENS drives with integrated safety
functions (for example, SINAMICS G120) offer various applications.
Another option is the use of safe position encoders (below, further referred to as F
position encoders). In combination with a SIMATIC F-CPU, these securely
detected values can be processed further and corresponding responses can be
arranged.
This safety functional example describes the use of such an encoder.
Figure to automation solution
DP Master
F-CPU
DP Slave
F Position
encoder
DP
F-CPU and F position encoders communicate through the PROFIBUS DP with

each other. The safety-relevant data is exchanged through the PROFIsafe bus
profile, via the same bus line as the standard data.

6 V 1.0a, Entry ID: 49221879
2 Solution
What are the contents of this function example?

The function example shows you how you can easily integrate an F position
encoder on the PROFIBUS. As a result, you can realize a number of safety-
relevant issues with the F-CPU. In this example, the following issues are
introduced:
• Safe standstill detection
• Monitoring safely limited speed (SLS)
• Safe position detection
• Safe direction detection
These issues can be realized, since many F position encoders on the market can
output safe speed and also a safe position.
Each of theses four issues is realized in the included STEP 7 project within a
separate block (F-FB). This modularity permits you to integrate individual blocks
that have been prepared here to your individual STEP 7project and to adjust them
to your automation task.
The emphasis of this function example is the fast integration of an F encoder
(through PROFIBUS) into a STEP 7 project with prepared F blocks. The function
example has therefore a universal character.
Although error states are detected by the prepared F blocks, error handling is not
the emphasis of this function example, this is to say, the error states displayed on
the F blocks have to be processed further by you, for example, to safely switch off
of the actuators.
What are the advantages of this function example?

The document on hand, offers you the following advantages:
• Simple integration of third party products (F position encoder) to a SIMATIC F-
CPU
• Possible solution as possible alternative for a less complex system such as, for
example, SINAMICS
• The safety relevant data is transferred through the already existing standard
bus. This enables great savings on the installation and engineering.

V 1.0a, Entry ID: 49221879 7
3 Program Structure
3 Program Structure
Screenshot
Standard User Program F Program
OB1 F-PB FB15

(FB 1) SSTILL Save standstill
FC 1 detection
MAIN
F-CALL
OB35
FB16 Monitoring safely
limited speed (SLS)
SLS
FB17
F_POSITION Save position
detection
FB18
Save direction
DIR detection
Reintegration
Description
Each of the above mentioned functionalities is realized modularly in a separate and
failsafe FB (FB 15-FB 18). These function blocks are called by the F program block
FB “F_MAIN” (FB 1).
In FB “F_MAIN” (FB 1) a reintegration of the encoder is also prepared. The
reintegration is realized through the ACK variable.
Note An acknowledgement after an error or a reintegration after a passivation is

realized (positive edge) through one and the same signal (ACK).
Note After the first switch on, the F position encoder may be in passivation (no
exchange of process data). Reintegrate the F position encoder with ACK=1.
A standard user program is not prepared. Only the interrupt alarm OB (OB 35) calls
the F runtime group (F-CALL) as usual.

8 V 1.0a, Entry ID: 49221879
4 F Position Encoder
General properties
For this function example, an absolute value encoder with DP interface is used.
The encoder manufacturer has to provide the device master data file (GSD) for the
connection to PROFIBUS.
Generally, incremental encoders can also be used. However, in this case, to detect
the position, the encoder has to be referenced to the appropriate position after it
was switched on.
Since the encoder is to be used for safety-relevant applications, it has to be
certified according to IEC 62061, ISO 13849-1 and/or IEC 61508.
The safety-related data of the F position encoder that is to be evaluated by the F-
CPU can have a maximum length of 16 bits.
Encoders used in the STEP 7 project

An F position encoder (subsequently “TR encoder“) by TR Electronic is inserted in
the included STEP 7 project. In the F program, the following information of the F
position encoder is safely evaluated:
• Position
• Speed
The position is represented by

• Number of revolutions
• angle
Number of revolutions (multi turn)

For each whole revolution, the position value is counted up by 1 or counted down
by 1 for a whole revolution in counter direction. A value range from 0 to a maximum
of 32767 is covered. After 32767 the count jumps to 0 after another positive
revolution; negative values are not output, irrespective or the direction of rotation.
The value range is processed in the F program in the INTEGER data format.
This value range can be divided into more detail by the angle.
Angle (single turn)

With each rotation, a range from 0 to 360 degrees is covered. Thus, the value for
the number of revolutions is divided again. The value range of a revolution from 0
to 360 degrees is illustrated by the encoder through a numerical value of 0 to 8191;
negative values are not output, irrespective of the direction of rotation.
The value range is processed in the F program, in the INTEGER data format.
Safely limited speed value

The permitted value range comprises values from -32768 to +32767 and therefore
considers the sign. If the permitted value range is exceeded, this is safely detected
by setting a bit.
The value range is processed in the F program, in the INTEGER data format.

V 1.0a, Entry ID: 49221879 9
Assigning the address between F-CPU and TR encoder

After the integration of the TR encoder in HW Config the (modifiable) address
range is specified. The address assignment is shown in the figure below.
Details Encoder Manufacturer Address Assignment in HW Config
Byte Bit Input Data Data Type

X+0 20-215 Cam data WORD
X+1 20-27
X+2 28-215 TR Status WORD
X+3 20-27
X+4 28-215 Speed INTEGER
X+5 20-27
X+6 28-215 Actual value INTEGER
(multi turn)
X+7 20-27
X+8 28-215 Actual value INTEGER
(single turn)
X+9 20-27
X+10 20-27 Safe Status BYTE
X+11 216-223 CRC2 3 BYTES

X+12 28-215
X+13 20-27
In this example, the addresses start with 7 (see “E address” in HW Config). The
following applies for the table “details encoder manufacturer”: X=7
If you want to, for example, read out the speed safely, load the address EW 11
(due to X+4=11) in the F program.
As shown by the details of the manufacturer in the figure, the following input data is
processed in this STEP 7 project:
• Speed
• Actual value of the number of whole revolutions (multi turn)
• Actual value of the angle (single turn)
The TR encoder supplies a safe bit, which is set at inadmissibly high speed. This
bit (OV_VELO) is also processed in the F program.
The encoder values are accessed through the process image of the inputs (PII).

10 V 1.0a, Entry ID: 49221879
5 Realizing the Functionalities

What will you find here?
This chapter explains the four realizable functionalities of the function example in
more detail:
• Safe standstill detection (chap. 5.1)
• Safely limited speed (SLS) (chap. 5.2)
• Safe position detection (chap. 5.3)
• Safe direction detection (chap. 5.4)
Acknowledgement and reintegration

For the acknowledgement after an error, the same signal (ACK) is used as for the
reintegration after passivation.
5.1 Safe standstill detection

What can the block perform?
Safe standstill detection is used, for example, to release a protective door only after
the standstill of a dangerous machine.
The block provides the information that the drive connected to the F position
encoder has safely stopped. For this purpose, the current speed, provided safely
by the encoder, is compared with zero (standstill). Since the encoder in standstill
can still output various values in zero (for example, due to the noise of the analog
inputs), you can determine a tolerance value whose range still defines a standstill.
The block detects an error (ERR_STILL=1), if after requesting the safe standstill
and after a tolerance time has lapsed, the value of the current speed is above the
tolerance value defined by the standstill. The error responses, such as, for
example, safe switch off of the actuators, are to be performed by the user.
Parameter description of the FB SSTILL (FB 15)

FB SSTILL (FB 15) Input parameters Data type Description
VELO_ACT INTEGER Current speed of the encoder.
VELO_TOL INTEGER Tolerance value
(standstill defining value range)
OV_VELO BOOL 1: speed value outside of the permitted
value range Automatically set by the
encoder.
REQ_SSTILL BOOL 1: request safe standstill
T_TOL TIME Time starts at REQ_SSTILL=1.
Once time has lapsed, it has to be
VELO_ACT < VELO_TOL (applies for
the values), otherwise the
ERR_SSTILL error bit is set.
ACK BOOL 1: error acknowledgement or
reintegration
Output parameters Data type Description
SSTILL BOOL 1: safe standstill reached
ERR_SSTILL BOOL Error bit, 1: error

V 1.0a, Entry ID: 49221879 11
Description of realizing the FB SSTILL (FB 15)

The current safe speed of the encoder VELO_ACT is signed. The VELO_TOL
tolerance value, defining the standstill can also be specified signed. However, for
the error detection only the values of VELO_ACT and VELO_TOL are relevant.
If a safe standstill (REQ_SSTILL = 1) is requested, the T_TOL tolerance time starts
to expire. After the expiry of T_TOL the following has to apply:
IVELO_ACTI ≤ IVELO_TOLI.
Q is set if
• REQ_SSTILL = 1 and
• the T_TOL time has lapsed.
Note FB F_TON is a block from the Distributed Safety library. If you use the FB
SSTILL (FB 15) in a separate STEP 7 project, you also have to insert the FB
F_TON in your separate STEP 7 project
(SIMATIC Manager).

12 V 1.0a, Entry ID: 49221879
The standstill and error detection in network 6 forms the core of the FB SSTILL
(FB 15):
Each of the first two comparators (CMP) on the four AND blocks evaluate the sign of
the current speed (VELO_ACT) and the tolerance value (VELO_TOL).
Each of the third comparator on the four AND blocks compares (depending on the sign)
VELO_ACT with VELO_TOL.
If the condition on all AND blocks is not fulfilled, there is definite standstill (SSTILL=1).
If the condition is fulfilled on one AND block and the tolerance time (Q=1) has lapsed,
then the error bit (ERR_SSTILL=1) is set. The error can be acknowledged with ACK=1.
OV_VELO…Overflow bit from encoder

OV1………..Check overflow after arithmetic operation (network 3)
Variables with the “2K” ending name the two’s complement. This is required for the
sign evaluation of VELO_ACT and VELO_TOL.
Explanation to VELO_ACT_2K and VELO_TOL_2K

Since VELO_ACT is signed and VELO_TOL can also be specified with negative
signs, there can be different combinations (for example, VELO_ACT>0 and
VELO_TOL<0) between the two variables regarding the sign. To consider negative
signs, the two’s complement was formed for VELO_ACT and VELO_TOL, and
stored in the VELO_ACT_2K and VELO_TOL_2K variable.
This makes it possible to perform the comparative operations (see CMP block in
the above figure) in a way that eventually, the values of VELO_ACT and
VELO_TOL are compared with each other.

V 1.0a, Entry ID: 49221879 13
5.2 Safely limited speed (SLS)

Safely limited speed (SLS): is used, for example, to permit access to normally
dangerous areas, for example, for maintenance work.
With FB SLS (FB 16) you can request safe monitoring of limited speed (SLS)
(through REQ_SLS). The value of the current speed that is provided safely by the
encoder has to be smaller than the configured safely limited speed
(SLS_SETPOINT) after the expiry of the configured tolerance time T_TOL. If this is
not the case, this is detected as an error.
Subsequent error responses, such as, for example, safe switch off of the actuators
has to be performed by the user.
Parameter description
FB SLS (FB 16) Input parameters Data type Description
REQ_SLS BOOL 1: SLS request
VELO_ACT INTEGER Current safe speed of the encoder.
SLS_SETPOINT INTEGER Limit value for SLS

T_TOL TIME Time starts at REQ_SLS=1.
Once the time has lapsed, it has to be
IVELO_ACTI < ISLS_SETPOINTI,
otherwise the ERR_SLS error bit is set.
value range Set automatically by the
encoder.
reintegration
ERR_SLS BOOL Error bit
1: error
SLS BOOL 1: Condition
IVELO_ACTI < ISLS_SETPOINTI is
complied with at REQ_SLS=1 and no
error is pending.

14 V 1.0a, Entry ID: 49221879
Description of the realization

The current safe speed of the encoder VELO_ACT is signed. The SLS_SETPOINT
setpoint that must not be exceeded to achieve safe speed can also specified
signed. However, for the error detection only the values of VELO_ACT and
SLS_SETPOINT are relevant.
If a safe speed (REQ_SLS = 1) is requested, the T_TOL tolerance time starts to
expire. After the expiry of T_TOL the following has to apply:
IVELO_ACTI ≤ ISLS_SETPOINTI.
Q is set if
• REQ_SLS = 1 and
• the T_TOL time has lapsed.
Note FB F_TON is a block from the Distributed Safety library. If you use the FB SLS
(FB 16) in a separate STEP 7 project, you also have to insert FB F_TON in your
separate STEP 7 project (SIMATIC Manager).

V 1.0a, Entry ID: 49221879 15
The core of the block is monitoring whether after requesting (REQ_SLS=1) and
after the expiry of the T_TOL tolerance time, the VELO_ACT current speed is
below the configured SLS_SETPOINT limit value.
Each of the first two comparators (CMP) on the four AND blocks evaluate the sign
of the current speed (VELO_ACT) and the tolerance value (VELO_TOL) for the
safely limited speed SLS_SETPOINT.
The third comparator each on the four AND blocks compares (depending on the
sign) VELO_ACT with SLS_SETPOINT.
If the condition is fulfilled on one AND block and the tolerance time (Q=1) has
lapsed, then the error bit (ERR_SLS=1) is set. The error can be acknowledged with
ACK=1.
OV_VELO…Overflow bit from encoder


16 V 1.0a, Entry ID: 49221879
5.3 Safe position detection

Introduction
Apart from the functionality of the block (chap. 5.3.1), this chapter deals with the
modulo issue (chap. 5.3.2) separately.
5.3.1 Block description

You can define a start and an end position as danger range on this block. If the
current position is within the danger range, this is safely detected.
Start position End position
Danger range
Position value
The start and end position is each clearly determined through the number of whole
revolutions (multi turn) and angles (single turn):
Start position End position
Danger range
Position value
POS_SAFE_MULTI_BEGIN
POS_SAFE_SINGLE_BEGIN
POS_SAFE_MULTI_END
POS_SAFE_SINGLE_END
The appropriate FB F_POSITION (FB 17) block also includes standstill detection.
This is not required for the actual position detection, however, this is dealt with
when discussing the modulo issue.

V 1.0a, Entry ID: 49221879 17
FB “F_POSITION“ Input parameters Data type Description
(FB 17)
POS_MULTI_ACT INTEGER Current position, specified by the
number of whole revolutions of the
encoder. This value is signed.
POS_SINGLE_ACT INTEGER The current position, specified by the
number of whole revolutions of the
encoder is supplemented by this angle
value (POS_SINGLE_ACT), which
outputs a 360° area (part revolution) as
numerical value.
POS_SAFE_MULTI_ INTEGER The Start of the danger range is clearly
BEGIN (and safely) defined by two numerical
values:
• number of whole revolutions
• part revolution (0 to < 360°)
This input parameter specifies the

number of whole revolutions.
This value is signed and the following
has to apply:
POS_SAFE_MULTI_BEGIN <
POS_SAFE_MULTI_END
POS_SAFE_SINGLE INTEGER The Start of the danger range is clearly
_BEGIN (and safely) defined by two numerical
values:
This input parameter specifies the part

revolution (0 to < 360°).
POS_SAFE_MULTI_ INTEGER The End of the danger range is clearly
END (and safely) defined by two numerical
values:
This input parameter specifies the

number of whole revolutions.
This value is signed and the following
has to apply:
POS_SAFE_MULTI_BEGIN <
POS_SAFE_MULTI_END
POS_SAFE_SINGLE INTEGER The End of the danger range is clearly
_END (and safely) defined by two numerical
values:
This input parameter specifies the part

revolution (0 to < 360°).

18 V 1.0a, Entry ID: 49221879
FB “F_POSITION“ Input parameters Data type Description

(FB 17)
VELO_ACT INTEGER Current safe speed of the encoder to
detect standstill. This in turn, is used
for the modulo consideration.
VELO_TOL INTEGER Tolerance value (standstill defining
value range) to detect the standstill.
This in turn, is used for the modulo
consideration.
encoder.
reintegration
DANGER_RANGE BOOL 1: Object in danger range
ERR_MODULO BOOL 1: modulo error (see chap. 5.3.2)
ERR_VELO BOOL 1: Error during speed monitoring

It is compared whether the current position is in the danger range

(DANGER_RANGE=1) or not (DANGER_RANGE=0). This information
(DANGER_RANGE=1) does not yet contain a safety-relevant action (such as, for
example, stopping the actuators). This has to be performed by the user.

V 1.0a, Entry ID: 49221879 19
5.3.2 Modulo consideration
What does it involve?

The entire area covered by the F position encoder starts at zero:
• POS_SAFE_MULTI_BEGIN = 0
• POS_SAFE_SINGLE_BEGIN = 0
The entire area covered by the F position encoder stops at:

• POS_SAFE_MULTI_END = 32767
• POS_SAFE_SINGLE_END = 8191
POS_SAFE_MULTI_BEGIN = 0 POS_SAFE_MULTI_END = 32767

POS_SAFE_SINGLE_BEGIN = 0 POS_SAFE_SINGLE_END = 8191
Value range of F position encoder
Position value
Ensure that the position detection only takes place in this defined range so that a
counter overflow (modulo jump) does not occur.
For application where the defined value range of the F position encoder is not
sufficient, the modulo jump (transfer from the maximum count to 0 and the other
way around) has to be taken into account.
Detecting the modulo jump is important because the position detection in the F
program is mainly based on mathematical comparison (>, <, =). When comparing
the count (>, <, =), a variation of the count (for the current position), for example,
between 0 and 32767, may lead to a result that does not correspond to the reality
and may cause undesired responses.
The F_POSITION (FB 17) block of the included STEP 7 project, detects this
modulo jump. In the following, it is described how the FB F_POSITION (FB 17)
block performs this.
Explanations to the modulo jump

If a modulo jump occurs, then the ERR_MODULO output variable is set in the FB
F_POSITION (FB 17). Responses to a modulo jump are to be performed
individually by the user.
The modulo jump is detected by comparing the current actual position value with
the actual position value of the previous program cycle (whilst taking into account
the direction of count). This is illustrated below.
Note All of the following considerations assume a forward counting direction. The thus
resulting statements can also be performed for a backward counting direction.

20 V 1.0a, Entry ID: 49221879
For a forward counting direction, the following has to apply:

Current position value > previous position value
The figure below fulfills this requirement.
Count (position value)
max Modulo jump
Current position
value
Previous position
value
0
t
∆t ∆t
If a modulo jump (at forward counting direction) occurs now, the following applies:
Current position value > previous position value no longer:

Current position
value
Previous
position value
t
∆t ∆t
This Modulo jump is detected by FB F_POSITION (FB 17) by setting the

ERR_MODULO output variable.
The following scenarios are not recorded by the FB F_POSITION (FB 17):
• The speed of rotation is so large, that a modulo jump takes place and the
following applies: Current position value > previous position value (at forward
counting direction).
Current position
value
Previous position
value
t
∆t ∆t

V 1.0a, Entry ID: 49221879 21
How is the modulo jump detected?

This is how the modulo jump is detected in the F program:
• Saving the current actual position value for the next program cycle
• Standstill detection
• Modulo evaluation
Below, these three points are explained.
Saving the current actual position value for the next program cycle
The aim of networks 1 to 5 consists of the first saving of the position value to be
able to access it in the next program cycle.
NW Screenshot Explanation
1 The HELP_VAR help variable ensures that
NW1-5 is only run once to save the current
position value for the next program cycle.
2 With POS_MULTI_M the current position value
for the next program cycle is saved.
3 If the F position encoder is ready to operate

(QBAD=0) so that the current POS_MULTI_ACT
(in NW2) position was saved, HELP_VAR is set
so that NW2-4 are no longer run through.
4 As long as HELP_VAR has not been set, the

block is left at this point.
5 To jump NW2-4 at HELP_VAR=1.
After the first saving of the current position value for the next program cycle,
networks 2 to 4 are no longer run through. Saving the current position value for the
next program cycle is performed at the end of the block:
Standstill detection
The standstill detection is required since the direction of rotation of the F position
encoder is evaluated for the detection of the modulo jump. The following applies: if
a standstill is detected, there is no evaluation of the direction of rotation.
The standstill evaluation is performed the same as for the FB SSTILL (FB 15).

22 V 1.0a, Entry ID: 49221879
Modulo evaluation
If the direction of rotation is positive (forward) and the current position is smaller
than the previous position, then a modulo error is reported.
If the direction of rotation is negative (backward) and the current position is larger
than the previous position, then a modulo error is reported.

V 1.0a, Entry ID: 49221879 23
5.4 Safe direction detection

The block indicates the direction of rotation of the encoder.
FB “DIR“ (FB 18) Input parameters Data type Description
VELO_ACT INTEGER Current safe speed of the encoder.
VELO_TOL INTEGER Tolerance value
(standstill defining value range)
encoder.
reintegration
FORW BOOL 1: Encoder rotating in positive direction
BACK BOOL 1: Encoder rotating in negative
direction
ERR_DIR BOOL Error bit

1: Error (OV_VELO = 1)

Since the encoder can still output various values in standstill when it is in zero (for
example, due to the noise of the analog inputs), in this state this can lead to a
flicker of the FORW and BACK bits. To avoid this, you can indicate a VELO_TOL
tolerance value. Only if a speed value is larger than VELO_TOL, are the FORW
(positive direction) or BACK (negative direction) bits set.
If VELO_TOL was
indicated as positive
If VELO_TOL was
indicated as negative
Two‘s complement of VELO_TOL

24 V 1.0a, Entry ID: 49221879
The evaluation for the negative direction of rotation (BACK) is performed in the
same way.
You must not use the FB “DIR“ (FB18) for the evaluation of a safe standstill
detection!
WARNING In case of VELO_TOL = 0, the bits FORW und BACK will always be false.
Do not interpret this as a safe standstill!
Set for VELO_TOL a value unequal of zero.

V 1.0a, Entry ID: 49221879 25
6 Required Components
6 Required Components
Hardware components
Component Type MLFB / order information No. Manufacturer
Power supply PS307 5A 6ES7-1BA00-0AA0 1 SIEMENS
S7-CPU, can be used for CPU315F-2DP 6ES7315-6FF01-0AB0 1 SIEMENS
safety applications
Position encoder, can be CDH 75 M SN CDH75M-00003 1 TR Electronic
used for safety applications
Note You can also use similar hardware components. In this case, observe possibly
changed resolutions for the position encoder and that it is approved for safety
relevant tasks.
Configuration software and tools

Component Type MLFB / order information No. Manufacturer

SIMATIC STEP 7 V5.5 6ES7810-4CC07-0YA5 1 SIEMENS
SIMATIC Distributed Safety V5.4+SP5 6ES7833-1FC01-0YA5 1 SIEMENS

26 V 1.0a, Entry ID: 49221879
7 Installation
7 Installation
Note This chapter is only necessary if you wish to set up the offered S7 example
project.
Hardware installation
The respective hardware consists of:
• F-CPU (incl. power supply)
• F encoder
PS 307 / CPU 315F-2DP

L1
L1
N N F encoder
L+
M
L+
PE M
L+
L+
M DP
M
L+
M
Note The electric wiring of the F encoder can be found in the appropriate manual.
Software installation
No. Action
1 Install STEP 7
2 Install Distributed Safety afterwards
3 To be able to use the S7 project that is also offered,
• download the zip file into a local directory of the Windows Explorer.
• in the SIMATIC Manager go to File -> Retrieve and select the zip file. Follow the
instructions
Password
The password for the STEP 7 project is siemens

V 1.0a, Entry ID: 49221879 27
8 Operating the Application

Important notes
It is essential that you observe the following warning:
The provided STEP 7 project has the inputs and outputs of the offered
failsafe function blocks already switched with actual parameters. On the
one hand there are safe quantities provided by the F position encoder, on
WARNING the other there are flags (and thus non-safe quantities), that can be
controlled through a VAT_1 variable table.
In this way, VAT_1 was only prepared for demonstration purposes, so that
once the F position encoder is integrated on the PROFIBUS DP, you can
quickly get familiar with its functionality. For example, by turning the shaft,
you can directly monitor in VAT_1 how the numerical values (multi turn) for
the revolutions, angle (single turn) and speed are changing.
However, under no circumstances must the STEP 7 project, provided in
this way, be integrated in a real practical application! The flags in this case
have to be replaced, for example, by real signals and individual limit and
tolerance values, and for the process.
The input quantities, specified as absolute numbers in the provided STEP 7

project, also have to be adjusted to the individual framework conditions for
a real practical application!
Example for testing with VAT_1

Once the F position encoder is integrated in the PROFIBUS DP and the S7
program is loaded in the F-CPU, you can monitor and control the variables with
VAT_1 for demonstration purposes (whilst observing the above warning). The
figure on the next page shows this on the example of FB F_POSITION (FB 17):
• The framed variables indicate the positions that define a danger range. With
the VAT_1 the numerical values are transferred to FB F_POSITION (FB 17).
• Entries 10 (“MULTI“) and 11 (“SINGLE“) show the current position.
• Whilst the F position encoder (entry 7 of VAT_1 “BACK“=“true“) is rotating
backward, the current position is in the defined danger range. This is displayed
by “DANGER_RANGE“=““true” (entry 19 of VAT_1).

28 V 1.0a, Entry ID: 49221879

V 1.0a, Entry ID: 49221879 29
9 Norm Considerations
Consideration in accordance with IEC 62061
According to the manufacturer’s details sub-systems 1 and 2 have a SIL (Safety
Integrity Level) CL 3 (claim) each. If sub-system 3 is established in a way so that
there is a SIL CL 3, then the basic requirement for realizing a SIL 3 for the safety
function is fulfilled.
SRCF
Function block 1 Function block 2 Function block 3

Detect Evaluate Response
SRECS
SIL CL 3 SIL CL 3 SIL CL x
Sub-system 1 Sub-system 2 Sub-system 3
F encoder F-CPU
Depending
on
application
DP
The following applies for the entire PFHD value:

PFHD(SRCF) = PFHD(TS1) + PFHD(TS2) + PFHD(TS3) + PFHTE with
TS: sub-system
PFHTE: Probability of dangerous transmission error for digital communication
processes (here: communication of F-CPU through PROFIBUS).
“TE“ stands for Transmission Error.
The PFHD values are provided by the manufacturers of the components; the PFHTE
-9
value can be included once in the calculation with 10 .
Parameters PFHD SIL 3 according to Manufacturer

IEC 61508
PFHD (F position 8.45 ⋅10 −10 3 TR Electronic

encoder)
PFHD(F-CPU) 5.43 ⋅10 −10 3 SIEMENS
Depending on the
PFHD(TS3)
application
PFHTE (F communication) 1.00 ⋅10 −9 SIEMENS

30 V 1.0a, Entry ID: 49221879
Therefore, the following applies:

. -10 . -10 . -9
PFHD(SRCF) = 8.45 10 + 5.43 10 + PFHD(TS3) + 1.00 10
. -10
PFHD(SRCF) = 23.88 10 + PFHD(TS3)
The correlation between PFHD and SIL is available in table 3 of IEC 62061:
Safety integrity level (SIL) Probability of a dangerous failure per hour (PFHD)
3
≥ 10 −8 to < 10
−7
2
≥ 10 −7 to < 10
−6
1
≥ 10 −6 to < 10
−5
In addition, each sub-system has to fulfill a SIL CL x for SIL x.
Consideration in accordance with ISO 13849-1

Table 4 of ISO 13849-1:2006 shows the relation between the performance level
(PL) and the safety integrity level (SIL). Therefore, a PL e according to ISO 13849-
1:2006 can be assumed if the SIL 3 is achieved for the safety function.
In this example, this mainly depends on the realization of the SRP/CSResponse.
PL e PL e PL x
SRP/CSDetect SRP/CSEvaluate SRP/CSResponse
PLDetect PLEvaluate PLResponse
Here, the following also applies:

. -10 . -10 . -9
PFHD(SRCF) = 8.45 10 + 5.43 10 + PFHD(TS3) + 1.00 10
. -10
PFHD(SRCF) = 23.88 10 + PFHD(TS3)
The relation between PFHD and SIL can also be found in table 3 of IEC 62061 (see
above).

V 1.0a, Entry ID: 49221879 31
10 History
10 History
Version Date Modification
V 1.0 07/2011 First edition
V 1.0a 07/2013 Additional important note in chapter 5.4
V 1.0b 02/2017 Change I7.0 to I8.0

32 V 1.0a, Entry ID: 49221879

As Fe I 018 v10b Safety F POS e

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

As Fe I 018 v10b Safety F POS e

Uploaded by

Copyright:

Available Formats

Safety position, standstill and

direction detection and monitoring

Application Description  July 2013

Applications & Tools

Application of an F Position Encoder

SIMATIC F Position Encoder 4

Operating the Application 8

Application of an F Position Encoder

Warranty and Liability

We accept no liability for information contained in this document.

deficiency or breach of a condition which goes to the root of the contract

It is not permissible to transfer or copy these Application Examples or excerpts

Application of an F Position Encoder

Application of an F Position Encoder

Figure to automation solution

F-CPU and F position encoders communicate through the PROFIBUS DP with

Application of an F Position Encoder

What are the contents of this function example?

What are the advantages of this function example?

Application of an F Position Encoder

Standard User Program F Program

OB1 F-PB FB15

Note An acknowledgement after an error or a reintegration after a passivation is

Application of an F Position Encoder

Encoders used in the STEP 7 project

The position is represented by

Number of revolutions (multi turn)

Angle (single turn)

Safely limited speed value

Application of an F Position Encoder

Assigning the address between F-CPU and TR encoder

Details Encoder Manufacturer Address Assignment in HW Config

Byte Bit Input Data Data Type

X+11 216-223 CRC2 3 BYTES

Application of an F Position Encoder

5 Realizing the Functionalities

Acknowledgement and reintegration

5.1 Safe standstill detection

Parameter description of the FB SSTILL (FB 15)

Application of an F Position Encoder

Description of realizing the FB SSTILL (FB 15)

Application of an F Position Encoder

OV_VELO…Overflow bit from encoder

Explanation to VELO_ACT_2K and VELO_TOL_2K

Application of an F Position Encoder

5.2 Safely limited speed (SLS)

SLS_SETPOINT INTEGER Limit value for SLS

Application of an F Position Encoder

Description of the realization

Application of an F Position Encoder

OV_VELO…Overflow bit from encoder

OV1………..Check overflow after arithmetic operation (network 3)

Application of an F Position Encoder

5.3 Safe position detection

5.3.1 Block description

What can the block perform?

Start position End position

Start position End position

Application of an F Position Encoder

This input parameter specifies the

This input parameter specifies the part

This input parameter specifies the

This input parameter specifies the part