f20511160 SSTcf-en.p65

PSS-Range
Modular and compact PSS
Programmable control systems PSS®
ST System Description – Item No. 18 587-09

All rights to this documentation are reserved by Pilz GmbH & Co. KG. Copies may be made
for internal purposes.
Suggestions and comments for improving this documentation will be gratefully received.
Pilz®, PIT®, PMI®, PNOZ®, Primo®, PSEN®, PSS®, PVIS®, SafetyBUS p®, SafetyEYE®,
SafetyNET p®, the spirit of safety® are registered and protected trademarks of
Pilz GmbH & Co. KG in some countries.
Contents
Introduction 1-1
Definition of symbols 1-2
Overview 2-1
PSS-range 2-1
Failsafe section 2-1
Standard section 2-2
Hardware 2-2
Modular PSS 2-2
Compact PSS 2-3
Configuration and programming 2-4
Safety 3-1
Safety guidelines 3-1
Structure (hardware) 4-1

Compact controller 4-1
Modular controller 4-1
Power supply 4-2
Battery 4-2
CPU 4-3
Memory 4-3
PG interface 4-6
User interface 4-6
Timer 4-7
32-bit timer 4-8
Counters 4-8
CPU display 4-8
Selector switch 4-9
PSS-Range: ST System Description 1

Contents
Error stack button 4-9

Input/output modules 4-10
Programming 5-1
Programming model 5-1
Creating a project 5-3
Program transfer 5-4
Addressing 5-5
Organisation blocks 5-6
Standard function blocks 5-7
Standard function block SB254 5-7
Operation 6-1
Communication with the periphery 6-1
Direct periphery access 6-1
Periphery access via process images 6-2
Program cycle 6-3
Blocks which are executed once 6-3
Blocks which are executed cyclically 6-4
Scan time and the block run times 6-6
Self-test 6-7
Registered hardware 6-7
Start adresses of word modules 6-7
Offset für freie Adressierung 6-9
Actual configuration 6-10
Hardware registry test 6-11
Output on the CPU display 6-12
Adjusting the system time of the safety system 6-13
Select FS data block 6-14
Communication with the FS section 6-15
2 PSS-Range: ST System Description

User interface in the ST section 6-18
Forming networks 6-19
3rd generation controller networks: 6-19
1st and 2nd generation controller networks 6-20
Handshaking 6-20
Communication protocol 6-21
Data transfer without protocol 6-21
Transfer with ISI protocol 6-22
Configuration of the user interface 6-25
Interface configuration DB (DB006) 6-26
Example 6-29
Sending via the user interface 6-30
Send-DB 6-31
Example 6-32
Receive via the user interface 6-33
Receive-DB 6-34
Example 6-35
Operating states and changes 6-36
Operating statuses 6-37
Change in operating status 6-38
Commissioning 7-1
Initial commissioning 7-1
Recommissioning 7-2
Changing the configuration or the user program 7-3
General reset 7-3
Fault diagnostics and rectification 8-1

Error management 8-1
Minor errors 8-2
Fatal errors in the ST section 8-3
Fatal errors in the FS section 8-4
Error stack 8-5
Display of errors as plain text 8-7
PSS-Range: ST System Description 3

Contents
Display of errors on the CPU display 8-8

Display on 1st and 2nd generation controllers 8-8
Display on 3rd generation controllers 8-10
Evaluation of the error parameters 8-15
Diagnostics 8-21
Control/force variables 8-21
Display of variables 8-22
Dynamic program display 8-23
Appendix 9-1
System data blocks 9-1
DB000 9-1
DB004 9-8
DB005 9-8
DB006 9-9
DB007 9-11
DB008 9-12
DB009 9-13
Operating system calls with SB254 9-14
Changes in the documentation 9-15
Index 10-1
4 PSS-Range: ST System Description

Introduction
This System Description forms part of the PSS system manual. It explains
how the standard section of the PSS-range of programmable safety
systems functions and operates. This description is divided into the
following chapters:
1 Introduction
2 Overview
Provides information about the most important features of a safety
system.
3 Safety
Contains safety guidelines.
4 Structure (hardware)
Explains the structure of the hardware and the functions of the
individual system units.
5 Programming
Describes the programming and the addressing for the safety
systems.
6 Operation
Explains the PSS system processes and the changes which can be
made by the operator.
7 Commissioning
Explains the procedure during initial commissioning and after a reset,
e.g. after a fault.
8 Fault diagnostics and correction
Explains how fault messages are evaluated and how faults can be
rectified.
9 Appendix
Contains the assignment of the system data blocks and an overview
of the operating system calls with SB254.
10 Index
PSS-Range: ST System Description 1-1

Introduction
Definition of symbols
Information in this manual that is of particular importance can be identified

as follows:
DANGER!
This warning must be heeded! It warns of a hazardous situation which
poses an immediate threat of serious injury or death and indicates
preventive measures that can be taken.
WARNING!
This warning must be heeded! It warns of a hazardous situation which
could lead to serious injury or death and indicates preventive measures
that can be taken.
CAUTION!
This refers to a hazard that can lead to a less serious or minor injury plus
material damage, and also provides information on preventive measures
that can be taken.
NOTICE
This describes a situation in which the unit(s) could be damaged and also
provides information on preventive measures that can be taken.
INFORMATION
This gives advice on applications and provides information on special
features, as well as highlighting areas within the text that are of particular
importance.
1-2 PSS-Range: ST System Description

Overview
PSS-range
The PSS-range comprises modular and compact programmable safety

systems.
The programmable safety systems from the PSS-range are suitable for
use in safety circuits in plants and machinery. The safe status of these
circuits is brought about by shutting down the energy supply.
Each programmable safety system incorporates a failsafe section (FS
section) and a non-failsafe - or standard - section (ST section) into a single
unit.
Control and monitoring Control of non-safety-

of safety-relevant tasks, Failsafe Standard relevant tasks with
e.g. press controller, section section monitoring, diagnostics
EMERGENCY STOP
Fig. 2-1: Functions of the FS section and the ST section
Failsafe section
The failsafe section (FS section) processes all of the safety-relevant tasks
and is designed with multi-channel diversity. Each channel has its own
microprocessor which processes the FS user program. If the microproces-
sors are not identical, the controller will immediately switch to a safe condi-
tion and switch off all the outputs.
The FS user program is created and then, once taken into operation,
approved by a body for official approval, such as the BG or TÜV, or by the
company’s internal test/quality control department.
The FS section and the ST section communicate without feedback. This
means that errors in the user program of the ST section will have no effect
on the FS section and vice versa.

Overview
Standard section
The standard section (ST section) processes all non-safety-relevant tasks

and operates in the same way as a conventional PLC (e.g. P10 from Pilz).
It has a single-channel structure.
A separate ST user program is created for the ST section. It can run inde-
pendently of the FS user program.
The FS section and the ST section communicate without feedback. This
means that errors in the ST user program will have no effect on the FS
section and vice versa.
Hardware
Modular PSS
The basic system of a modular safety system comprises a module rack, a

power supply and a CPU. Various periphery modules can be plugged onto
the module rack. Depending on the design of the module rack, both FS
and ST modules can be plugged in.
The FS and ST modules communicate via separate buses (backboard
bus) with the CPU module.
Fig. 2-2: Example of a PSS 3000 layout (from left to right): Power supply, CPU, 4 FS
modules and 5 ST modules

Compact PSS
On the compact PSS, the power supply, CPU and periphery modules are
fixed in a housing.
PSS 3074
24 V 1 24 V 1
· ·
0V X0 0V X7
· ·
3 3
RUN ST
O -2.16 1 O -1.16 1
RUN FS O+2.16 · O+1.16 ·
O 2.8 · O -1.17 ·
POWER · ·
O 2.9 O+1.17
O 2.10 X1 O -1.18 X8
AUTO PG O 2.11 · O+1.18 ·
ST SPS O 2.12 · O 4.0 ·
· ·
PG O 2.13 O 4.1
F-STACK O 2.14 9 O 4.2 9
RUN
FS O -2.17 1 O -1.19 1
STOP O +2.17 · O +1.19 ·
· O -1.20 ·
O 2.15 · ·
O/T 2.0 O +1.20
O/T 2.1 X2 O - 1.21 X9
O/T 2.2 · O +1.21 ·
· O 4.8 ·
O/T 2.3 · ·
O 4.9
9 O 4.10 9
PG USER
0V 1 0V 1 0V 1
I 1.0 · I 0.0 · I 0.16 ·
I 1.1 · I 0.1 · I 0.17 ·
· · ·
I 1.2 I 0.2 I 0.18
I 1.3 X5 I 0.3 X3 I 0.19 X10
I 1.4 · I 0.4 · I 0.20 ·
I 1.5 · I 0.5 · I 0.21 ·
· · ·
I 1.6 I 0.6 I 0.22
I 1.7 9 I 0.7 9 I 0.23 9
0V 1 0V 1 0V 1
I 1.8 · I 0.8 · I 0.24 ·
I 1.9 · I 0.9 · I 0.25 ·
· · ·
I 3.0 I 0.10 I 0.26
I 3.1 X6 I 0.11 X4 I 0.27 X11
I 3.2 · I 0.12 · I 0.28 ·
I 3.3 · I 0.13 · I 0.29 ·
· · ·
I 3.4 I 0.14 I 0.30
I 3.5 9 I 0.15 9 I 0.31 9
Fig. 2-3: PSS 3074 with power supply, CPU and periphery (example)

Overview
Configuration and programming
A PSS-range safety system needs to be configured and programmed for

operation. The data are combined into a so-called project. This project is
created and maintained using the system software PSS WIN-PRO.
The computer on which the PSS WIN-PRO system software is installed is
referred to as the programming device.
Programming can be performed in three different programming languages:

the text-oriented programming language Instruction List (IL), plus the
graphical programming languages Function Block Diagram (FBD) and
Ladder Diagram (LD).

Safety
Safety guidelines
Refer to the safety guidelines in the operating manual for the safety system
used.
WARNING!
The standard part of a safety system must only be used for non-safety-
relevant applications.

Safety
Notes

Structure (hardware)
Compact controller
A compact controller combines the following units in a single housing:

• Bus
• CPU (1)
• Power supply (2)
• Input and output modules (3)
1
2
3
Fig. 4-1: Layout of a compact controller using the PSS 3056 system as an example
Modular controller
The modular safety systems are composed of the following units:

• Module rack (1)
• Power supply (2)
• CPU (3)
• Central input and output modules for the FS section (4) and ST section
(5)
2 3 4 5
Fig. 4-2: Layout of a modular controller using the PSS 3000 system as an example

The base unit consists of a base module rack, power supply and CPU.
Input and output modules are required to input and output data.
There are different base module racks. On some base module racks you
can use only FS modules or only ST modules, whereas on other base
module racks you can use a combination of both FS and ST modules.
Two additional expansion module racks for ST modules can be connected

to a series PSS 3000 base module rack. This provides an additional 16
slots for ST modules.
The expansion module racks are connected via expansion modules. The
expansion module for the base module rack is called PSS EPBM, the one
for the expansion module rack PSS EPEM.
For accurate information about the module racks please refer to the "Instal-
lation Manual" of the modular safety system and the descriptions of the
module racks.
Power supply
The power supply provides the internal supply voltage to the CPU and bus.
Power supplies are available for different supply voltages, e.g. 230 V AC
and 24 V DC.
The power supply on modular safety systems must always occupy the first
slot on the rack.
Battery
All PSS have a battery, which acts as a buffer for the CPU memories.
On modular programmable control systems, the battery is located within
the power supply. If the CPU or power supply is removed from the module
rack, the data will be retained in the memory for one day.
On PSS with an FS operating system version >= 70, the unit can also be
operated without a battery. Operation without a battery results in the
following restrictions:
• FS section: Remanant data blocks cannot be used.
• ST section: A general reset is performed each time the section switches
from STOP-RUN.

• Each time the PSS is restarted (voltage switched off and then on again),
the system time is reset to zero.
A setting must be configured to determine whether the unit is to be
operated with or without a battery; this is done under the “Basic Settings”
tab in PSS WIN-PRO’s PSS Configurator. If the “Operate PSS without
battery” option is selected, the unit will operate without a battery,
irrespective of whether or not a battery is available.
CPU
The CPU is the safety system’s central processing unit. It controls the input
and output modules, and processes and stores the FS and ST user pro-
gram. The CPU has different operating elements and interfaces, e.g.:
• 4-digit display
• LEDs for operating mode and mains voltage
• 3-position switch for selecting the operating mode of the ST section (ST
selector switch)
• Button for scrolling through the error stack
• 2-position switch for selecting the operating mode of the FS section (FS
selector switch)
• Serial programming device interface or Ethernet-2 interface
• User interface
In the CPU the FS user program is processed by independent micropro-

cessors. One of these computers also processes the ST section. This
computer has its own bus system for communicating with the inputs/out-
puts on the central ST I/O modules.
Memory
The CPU makes available the following memories for the ST section:
• Program memory
• Data memory
Some memories are non-volatile. Non-volatile means that data is retained

in the event of a power failure.

Program memory
The microprocessor which processes the ST user program has a separate
memory for the ST user program. Depending on which operations are
used in the user program and how many data blocks are used, the
program memory can store between 4,000 and 5,000 operations. Third
generation systems can have up to 10,000 operations. The program
memory is checked by CRC and is non-volatile.
Data memory
Variable data such as set data, error messages and system data are
stored in the data memory. The size of the data memory will depend on the
safety system used.
The data memory is divided into data blocks which each have a maximum
of 1,024 memory cells. Each memory cell has a length of 16 bits and is
called a data word (DW). Bit 0 ... 7 of the data word is referred to as the
right data byte (DR) and bit 8 ... 15 as the left data byte (DL).
There are two types of data blocks:

• Read-only data blocks
can only be read by the user program, data is non-volatile
• Read/write data blocks
can both be read and written to, data is non-volatile (Exception: when
PSS is operated without a battery)
The data memory is divided in a similar manner:

• Read-only data memory
It is stored in the program memory and contains the read only data
blocks
• Read/write data memory
Contains the read/write data blocks.
PSS operated without a battery:

Values are pre-assigned to the read/write data blocks during
programming. The system operates with these values once the user
program has been downloaded to the programmable control system; the
values can also be overwritten by the user program. If the user program
is stopped and restarted, a general reset is performed and any values
that have been modified will be lost. The user program will restart with
the values entered during programming.

PSS operated with a battery:
Values are pre-assigned to the read/write data blocks during program-
ming. Once the user program has been transferred to the safety system,
these values are then used and can also be overwritten by the user
program. If the user program is stopped and restarted, it continues with
the values which have already been changed. As the memory is non-
volatile, changed values are retained even if the safety system is
switched off, and they are reused when the safety system is restarted.
In order to ensure that it is possible to restore the ST section to its
original status (general reset), a copy of every read/write data block is
saved in the program memory directly after the transfer of the user
program to the safety system. During a general reset, the values from
this copy are pre-assigned to the read/write data blocks.

PG interface
The communications between the programming device (PG) and the

safety system take place via a PG interface.
• Serial PG interface
Each safety system has a serial PG interface.
Depending on the type of safety system being used, the PG interface is
designed either as an RS-485 or as a combined RS-232/RS-485 inter-
face.
Depending on the design of the PG interface on the safety system, it
may be necessary to use a PAP interface adapter to connect the
programming device with the safety system (see chapter 5, "Program
transfer").
• Ethernet-2 interface as PG interface
If a safety system has an ETH-2 interface, then this interface can also be
used as the PG interface (see operating manual of the compact safety
system or the module with Ethernet-2 interface).
User interface
The user interface can be used for communication between the safety
system and other devices (refer also to the chapter "Operation", section
"User interface ST section").
Depending on the type of safety system, the user interface is designed

either as an RS-232 or as a combined RS-232/RS-485 interface. The
following data are defined in the default setting:
• Transmission rate: 9600 bit/s
• Parity: Even
• Stop bit: 1
• Data bit: 8
• Handshaking: On
• Timeout time when receiving: 15 ms
• Timeout time when sending: 5,000 ms

The standard settings are defined in data block DB006. The data block can
be edited, and the user interface can be configured with other data. Data
blocks DB007 and DB008 are used as the send and receive buffers.
The user interface is operated with the standard function block SB254,
FUNK = 0 ... 11 (see chapter "Operation", section "User interface ST
section").
Timer
The ST section is equipped with 64 timers: T000 ... T063.

The timers are used to create switch-on delays
The switch-on delay arises as follows:
Time = Time value x Time base
Time value: Any value in the range 1 ... 32767
Time base: 0 corresponds to 50 ms

1 corresponds to 100 ms
2 corresponds to 1 s
3 corresponds to 10 s
4 corresponds to 1 min
Example: Time should be 8 s

Time base: 2, time value: 8
Time = 1 s x 8 = 8 s
The ST section has read access to the timers T064 ... T127 of the FS
section.

32-bit timer
Safety systems with an FS operating system version ≥ 38 have a

32-bit timer.
The timer is a consecutive timer, on which the bit changes at 1 ms intervals.
The timer has a data width of 32 bits.
The current timer status at the time of the call is returned for every operating
system call SB254, FUNK = 151.
Block Input Output Key

SB254 FUNK = 151 Poll 32-bit timer
ERG = 4 Function performed without error
ERG = 16 Error during call of the SB254,
FUNK = 151
DB001 DW200 Low-order word of timer status
DW201 Higher-order word of timer status
For information on application of the SB254 please refer to the section

"Standard function block SB254" in chapter "Programming".
Counters
The ST section has over 64 counters: Z000 ... Z063.

Each counter consists of a counter word and a status bit. The counter word
can assume values between -32768 and 32767. If the value of the counter
word is > 0, then the status bit assumes the value 1.
The ST section has read access to the counters Z064 ... Z127 of the FS
section.
CPU display
The 4-digit hexadecimal display is used to output error messages (see

chapter 8) or user messages (see chapter 6, section "Output on the CPU
display").

Selector switch
The programmable safety system is equipped with two selector switches:

• ST selector switch
3-position selector switch for the standard section
• FS selector switch
2-position selector switch for the failsafe section (see FS System De-
scription)
The ST selector switch has the following functions:
AUTO PG Program starts up automatically.

SPS ST The programming device has read and write access.
PG
AUTO PG Program starts up automatically.

SPS ST The programming device is only granted read access.
PG
AUTO PG The program has stopped.

SPS ST The programming device has read and write access.
PG
Error stack button
Error messages are saved in an error stack. The current error message is
always displayed on the CPU display. To display the previous error mes-
sage, press the error stack button (see chapter 8, section "Display of
errors on the CPU display").

Input/output modules
There are a variety of central input/output modules available for communi-

cation between the safety system and the plant or machine.
• Digital input module with 32 inputs

• Output module with 32 single-pole 2 A outputs
• Input/output module with 16 inputs and 16 outputs
and others

Programming
Programming model
It is necessary to create a so-called "project” in order to operate a

PSS-range programmable safety system. All the necessary files are com-
bined within this project. The project is created and maintained using
PSS WIN-PRO.
SafetyBUS p configuration
Project
Diagnostic configuration
PSS configuration
FS project ST project
section section
FS program ST program
PSS configuration PSS configuration

DB (FS) DB (ST)
SBp
configuration DB
OBs OBs
DBs DBs
PBs PBs
FBs FBs
SBs SBs
FS allocation table ST allocation table
Fig. 5-1: Programming model

Programming
The project consists of the PSS configuration, the diagnostic configuration

and one project section each for the safety system’s FS and ST section.
If only one section of the PSS is being used, only the corresponding
project section will be processed. The other project section is available, but
remains unchanged.
The project section includes the actual program that is transmitted to the
PSS plus the allocation table.
Symbols can be assigned to the operands in the allocation table, for exam-
ple the symbol "START" to the operand "E02.08".
For the sake of clarity, the program is divided into blocks. There are five
different types of blocks:
• Organisation blocks (OB), which form the interface between the user
program and the operating system
• Program blocks (PB), which contain fundamental and plant-specific
functions
• Function blocks (FB), which are made up of functions for specific indi-
vidual tasks
• Standard function blocks (SB), which carry out standardised functions
• Data blocks (DB), which contain fixed or variable data
The PSS configuration contains all of the key settings for the safety
system.
• Basic settings (e.g. PSS type, scan time, ...)
• Registered hardware
• Test pulse configuration
• Alarm configuration for PSS and SafetyBUS p
• Configuration of word modules
• Definition of password for the FS section
The PSS configuration is generated using the PSS configurator on PSS

WIN-PRO. The data are stored in system data blocks.

PSS WIN-PRO (from Version 1.3.1) can be used to create a diagnostic
configuration for a PSS with an FS operating system version ≥ 47. This
diagnostic configuration enables detailed PSS event messages.
If the PSS is to be connected to a SafetyBUS p network, a SafetyBUS p

configuration will have to be generated for this network. This will contain
information on the structure of the network and all the connected devices.
The data for the SafetyBUS p configuration are stored in the projects of all
the programmable safety systems connected to SafetyBUS p.
The SafetyBUS p configuration is generated using the SafetyBUS p
configurator on PSS WIN-PRO.
Creating a project
Steps to take to create a project:

• Create project
• Create PSS configuration
The following steps are identical for the FS and ST project sections. They
must be performed for both project sections.
• Create an allocation table
• Program the blocks
• Link the program
After the project has been created, the FS program and the ST program
need to be linked. The programming is checked in the process.
If any errors are found, these will need to be rectified and the linking
process performed again. The program cannot be transferred to the
programmable safety system until it has been linked without error.
• Transfer the program
See next section
INFORMATION
Creating projects is covered in detail in the online help of PSS WIN-PRO.

Programming
Program transfer
PSS
Interface adapter
(e.g. PSS CONV RS 232/485)
Ethernet
COM Interface adapter

ETH-2 RS 232 RS 485
(e.g. PSS
PAP CONV RS 232/485)
RS 485
RS 232
RS 232
Ethernet
Fig. 5-2: Program transfer via the serial PG interface
The linked program is transferred to the safety system by activating a

menu item in the system software (PG). To do this, the programming
device must be connected to the safety system.
The connection can be established via the serial PG interface of the safety
system or, if available, via the ETH-2 interface. If the connection is estab-
lished via the serial PG interface, then, depending on its design (RS-485
interface or combined RS-232/RS-485 interface), you may require an
additional PAP interface adapter. To set up the connection via an ETH-2
interface, please refer to the operating manual of the compact safety sys-
tem or the module with Ethernet-2 interface.
The ST user program is transferred block by block to the safety system.

The transfer starts with a so-called preliminary telegram which contains
the name of the project. The remaining blocks are transferred once an
error-free response to the telegram has been received from the safety
system.
To prevent manipulations, the program must be linked before it is trans-
ferred, and it can only be read back in its linked form from the safety sys-
tem. Amendments can only be made to the original program, not the linked
version.

Addressing
The address of a central module results from its slot. Each slot is then
divided further into two sub-slots.
With the modular safety systems, the first sub-slot usually corresponds to
the first two plugs and the second sub-slot to the 3rd and 4th plugs on the
module.
PSS 3000
PSS 3100
0 2 4 6 8 10 12 14 10
16 Sub-slots
PS CPU 1 3 5 7 9 11 13 15 17 Sub-slots
0 1 2 3 4 5 6 7 8 Slots
Fig. 5-3: Addressing of slots using the PSS 3000 and PSS 3100 as examples
The way in which the slots and sub-slots are arranged on compact safety
systems varies from system to system. Details for each case can be found
in the operating manual of the relevant compact controller.
Each slot is allocated a slot number. The digital inputs and outputs are
addressed through the slot number and a bit number. The two entries are
separated by a full stop.
On modular safety systems the first two slots are always occupied by the
power supply and the CPU. Subsequent numbering starts from 0.

Programming
Example: Bit 8 of the module in slot 3 is to be

addressed.
Address: 3.8
Modules which have more than 32 bits are called word modules. The word
modules of the ST section are freely addressable, i.e. the addresses can
be chosen from the range 0 ... 16383. The "Programming Manual” of the
PSS WIN-PRO system software contains a detailed description of free
addressing.
Organisation blocks
The functions of the organisation blocks (OB) are set by the operating
system. Each user program must contain the cycle organisation block
OB001, which among other things, manages the program cycle. The
blocks of the user program are called up in the cycle OB. All other organi-
sation blocks are reserved for specific applications, but they do not neces-
sarily have to be used.
INFORMATION
The "PSS WIN-PRO Programming Manual" contains information about
which organisation blocks there are and what their functions are.

Standard function blocks
Standard function blocks (SB) contain the standard functions which are
shared by several machines or plants. Standard function blocks are divided
into two groups:
• Available SBs
SB002 ... 199 are freely available. They can be used for any functions.
Exception: SB003, SB007, SB011, SB015 and SB041 are reserved.
• Pre-defined/reserved SBs
SB001, SB003, SB007, SB011, SB015, SB041, SB200 ... SB255 are
pre-defined and are supplied by Pilz.
The pre-defined standard function blocks are tested and approved by

the relevant approval bodies (e.g. BG, TÜV). To prevent any changes from
being made at a later date they are encrypted to level 2, which means that
although they can be called up they cannot be edited. The dynamic pro-
gram display of these modules in PSS WIN-PRO’s online mode is also
unavailable.
The pre-defined standard function blocks are described in detail in the
"PSS WIN-PRO Programming Manual".
Standard function block SB254
The standard function block SB254 is used for communications between

the ST section and the operating system. It is used for the so-called oper-
ating system calls.
The standard function block can be called up via the operation "CAL" or
"CALC" in the user program. It has the following layout:
SB 254
StBsCall
W FUNK ERG W

Programming
The function of the block is defined by the input parameter "FUNK". De-
pending on the function, additional parameters may be required. These are
specified in data block DB004, DB006 or DB007. The output parameter
"ERG" reports whether the function has been executed correctly. In the
event of an error message the data block DB000, DB006, DB007 or
DB008 will contain the error cause.
Proceed as follows to use the standard function block:

• Enter the parameters in DB004, DB006 or DB007 (depending on the
"FUNK" function).
• Call up SB254
• At the input parameter "FUNK", enter the number of the function.
• Allocate an operand to the output parameter "ERG", e.g. a flag word.
• Poll the content of the flag word. If it contains a code for an error mes-
sage, call up data block DB000, DB006, DB007 or DB008 (depending on
the "FUNK" function). There you will find the reason for the error.
INFORMATION
Some of the functions of the SB254 are described in this System Descrip-
tion (refer to the overview in the Appendix). There are also further functions
for special applications (e.g. operation of the Interbus interface). These are
described in the corresponding manuals and operating manuals.

Operation
Communication with the periphery
The CPU can communicate in two ways with the periphery:

• direct periphery access
• periphery access via process images
Direct periphery access
• ... to input/output modules

The process of reading the signal states of the inputs or setting the out-
puts can be triggered with special operations in the user program.
Access to the inputs/outputs is made immediately, irrespective of the
cycle.
The operands for a direct periphery access are called "Periphery word
PW" or "Periphery byte PB". "Load" or "Store" are available as opera-
tions.
INFORMATION
- In order for a status of an input which has been read directly to be
transferred to the process image, the "Save" operation of the input
byte/word must be executed after the "Load" operation of the periphery
byte/word.
Example:
L PB2.08
T EB2.08
- If direct access is made to an output (example: T PB2.08), then the
process image is automatically updated.
• ... to word modules
ST word modules can only be accessed with the aid of the direct periph-
ery access. The operands are called "XW". "Load" or "Store" are avail-
able as operations.
The direct access has the advantage that signals shorter than the scan
time can also be processed. The user program can scan the inputs and
outputs several times during the program cycle and always receives the
current status.

Operation
Periphery access via process images
Communications usually take place via the process images.

In the ST section there is a process image for bit modules.
In the process image there is an area in which the states of the inputs are
saved and an area in which the states of the outputs are saved:
• PII
Memory area for the input states
• PIO
Memory area for the output states
The input states are read in at the start of a program cycle and saved in
the process image for the PII inputs. Afterwards the user program is called
up and run with the values in the process image. The generated PII
process image is sent to the outputs after the user program is completed.
Access to the process images is via operations such as "Load" or "Trans-

fer". The operands are called for example "E" and "AB".
The advantage of communicating with the periphery via process images is

that the states of the inputs and outputs remain unchanged during a pro-
gram cycle. In addition, the access time to the process image is less than
the time taken for direct periphery access.
INFORMATION
There is no process image for ST word modules. ST word modules are
only accessed through direct periphery access.

Program cycle
Before the safety system starts with the cyclic processing of the FS and
ST user program, a reset block and a start-up block are executed once.
The time required by the safety system to process the FS and ST user
program once is referred to as the scan time.
The FS and ST user programs are processed independently of each other,
i.e. if for example the FS section is in the STOP condition, then only the ST
user program is processed.
PSS STOP-RUN-
on transition
RESET STOP Start-up Cycle
FS-PSS FS block run time ST-PSS ST block run time FS- and Test Waiting
ST-PIO slices period
Fig. 6-1: Program cycle
Blocks which are executed once
RESET block
The RESET block is run through once when the safety system is switched
on. During this time the CPU display shows "❚ ❚ ❚ ❚".
In the reset block the safety system performs a self-test of the hardware
and software. After completion of the test the microprocessors are
initialised and synchronised. The safety system is then in the STOP
condition and the display shows "0000".
Duration: approximately 30 s, on 3rd generation PSS: 10 s
STOP-RUN transition
Depending on the setting of the FS selector switch, the FS section will
either switch automatically to RUN, or it will wait to do this until the FS
selector switch is operated. The same is true for the ST section.
Start-up block
As soon as the FS section changes to RUN, the start-up block is executed
for it. The same is true for the ST section.

Operation
The start-up blocks for the FS section and the ST section can be executed
at the same time. If either section is still in the STOP condition, then only
the start-up for the other section is executed. The start-up of the other
section is integrated into the cycle later on.
FS start-up: The system checks the FS user program and the structure of
the internal administration tables. Afterwards the configuration test is
carried out, the modules are tested and the start-up OB is called up.
ST start-up: The system checks the ST user program and the structure of
the internal administration tables. Afterwards the configuration test is
performed (only if the option "Configuration test" is selected in the PSS
configurator of the system software), the modules are tested and the start-
up OB or the general reset OB is called up. If the “Operate PSS without
battery” option has been selected when programming the PSS in the
system software’s PSS Configurator, a general reset will be performed on
each start-up.
Combined duration of FS and ST start-up: approx. 2 s
Blocks which are executed cyclically
FS-PII (read block for PII and XW-PII of the FS section)

The process of reading in the process image for the inputs and process
image for the read segments of the FS section is described in detail in the
FS system description.
Duration: a few ms, on 3rd generation PSS: 0.2 ms
FS block run time (execution of the FS user program)

The FS user program is started after successful alignment of the read in
values. For safety reasons all of the microprocessors process the user
program of the FS section. At the end of the program another
synchronisation of the microprocessors takes place.
The duration of the FS user program varies as it usually comprises various
program parts, and a different number of these program parts is run
through in any given cycle.
Duration: max. 100 ms for FS and ST user program together, depends on
the program

ST-PII (read block for the PII of the ST section)
The process image for the inputs of the ST section is read in.
Duration: a few ms, on 3rd generation PSS: 0.1 ms
ST block run time (execution of the ST user program)

The ST user program is executed. The program of the ST section is only
processed by one microprocessor.
The duration of the ST user program varies as it usually comprises various
program parts, and a different number of these program parts is run
through in any given cycle.
Duration: max. 100 ms for FS and ST user program together, depends on
the program
FS and ST-PIO (output block for PIO and XW-PIO of the FS section
and PIO of the ST section)
The process images for the outputs created during execution of the FS and
ST user programs are output.
The process of outputting of the process image for the outputs and the
process image for the output segments of the FS section is described in
detail in the FS system description.
Duration: 0.3 ms
Test slices
A test block is processed at the end of a cycle. All of the tests on the
system are divided into slices with a duration of 1 ms. The operating
system automatically performs one test slice in each test block.
The number of test slices can be influenced by the user via an operating
system call in the FS section.
Waiting period for minimum scan time (optional)

A waiting period can be inserted in order to keep the scan time constant,
i.e. to ensure a minimum scan time. During this waiting period the
operating system will run test slices.
The length of the waiting period results from the selected minimum scan
time. The minimum scan time is defined in the PSS configurator of the

Operation
system software (PG). It is comprised of:
FS block run time

+ ST block run time
+ Operating system run time for ‘Read PII’, ‘Output PIO’
and a test slice
+ Time for additional test slices
+ Waiting period
_______________________________________________
= Minimum scan time
The minimum scan time must be less than or equal to 100 ms.
Scan time and the block run times
The minimum scan time and the FS and ST block run times are pre-
assigned in the FS section (see FS system description).
If no FS user program is loaded into the safety system, then the maximum
scan time is automatically 100 ms. It is not possible to pre-assign a
minimum scan time.
If a value of 0 is entered for the ST block run time in the FS section, then
the ST section is not called up.
If the ST block run time is exceeded, then the ST section changes to the
STOP condition.
FS alarms can interrupt the ST user program. The processing time for the
alarms is part of the FS block run time.
In the event of an error in the alarm processing, the ST section is
interrupted and not continued until the next cycle, i.e. in this cycle there is
no output of the process image for the outputs, and in the next cycle there
is no reading in of the process image for the inputs in the ST section.

Self-test
The self-test is performed in the FS section, see FS system description.
Registered hardware
The controller automatically detects all bit modules. However, it needs to

be told which slots are occupied by word modules. As word modules are
freely addressable, the start address also needs to be entered for each
word module.
Start adresses of word modules
The start address for the word modules can be entered in the PSS
configurator of the PSS WIN-PRO system software (see PSS WIN-PRO
Online Help). The PSS configurator then enters the start addresses at the
correct points in the DB005.
The start addresses can also be entered in the DB005 in the OB020 (start-
up OB, see PSS WIN-PRO programming manual) or OB022 (general reset
OB, see PSS WIN-PRO programming manual).
Assignment of the DB005:
Data word Start address for module on

DW000 Slot 0
DW001 Slot 1
. .
. .
. . .
DW008 Slot 8 (base or expansion module rack)
DW009 Slot 9 (expansion module rack)
. .
. .
. .

Operation
The start addresses must be entered in the format "F" (16-bit fixed point
number).
Start address requirements:

• The start address is the address through which the first input or output on a
module is addressed. The second input or output contains the address =
start address + 1 etc.
• The start address must be an integer multiple of the number of addresses
that the module requires.
Example: Module with 8 addresses
Permitted start addresses: 0, 8, 16, 24, 32, .... (decimal)
• Permitted address range: 0 ... 16383 (decimal)
• The modules’ address ranges are not permitted to overlap
Example:
Addressing the PSS AIO module on a PSS 3000
The module occupies 8 addresses. The start address must therefore be

divisible by 8. 4096 (decimal) would be possible, for example.
Analogue inputs are addressed with an offset of 0 ... 5 and analogue
outputs are addressed with an offset of 6 and 7.
Start address: 4096 decimal
Module addresses:
XW4096 1st Input
XW4097 2nd Input
XW4098 3rd Input
XW4099 4rd Input
XW4100 5rd Input
XW4101 6rd Input
XW4102 1st Output

XW4103 2nd Output

Offset for free addressing
To be able to perform the programming mostly independent of the start

address, the operating system call up SB254, FUNK = 180 has been
introduced since the FS operating system version 38. This operating
system call up specifies the start address as offset. Then the addressing is
performed as if the start address was 0. The offset is valid until a different
block is called, or until the end of the block.
Block Entry Output Key

SB254 FUNK = 180 Offset for free addressing
ERG = 16 Error calling up SB254,
FUNK = 180 (start address trans-
ferred in DW200 was greater than
16383)
DB004 DW200 Start address of the word module
For information on the application of SB254 please refer to the section

“Standard function block SB254” in chapter "Programming".

Operation
Actual configuration
The controller automatically detects the actual configuration, i.e. which ST

modules are occupying which slots on the module rack. The results are
kept in DB000.
The slots are numbered from 0 ... 8 on the base module rack. If one or two
expansion module racks is/are connected, then the numbering is 0 ... 7 on
the base module rack, 8 ... 15 on the first expansion module rack and
16 ... 23 on the second expansion module rack.
A code is assigned to each module (refer to the description of the module).

This code is located in the data words DW020 ... 043 of DB000:
Data word Assignment

DW0020 Actual configuration: Code for module on slot 0
. .
. .
. . .
The code is displayed in hexadecimal format.
INFORMATION
The actual configuration only shows the ST modules, not the FS modules.

Hardware registry test
During the hardware registry test, the actual hardware is compared with
the registered hardware. The registered hardware must be specified in
DB004, DW0020 ... 0043.
If a configuration error is found, then "S-05" is shown on the CPU display,
error OB OB023 is processed and then the ST section changes to a STOP
condition. If OB023 is not available, the ST section will immediately switch
to a STOP condition.
The hardware registry test in the ST section is an option. It can be

executed during the ST start-up (STOP - RUN transition) and/or cyclically.
You can configure whether and when the hardware registry test should be
performed in the PSS configurator of the PSS WIN-PRO system software
(see PSS WIN-PRO Online Help), or you can enter this information in
DB004.
Assignment of the DB004:

Data word Assignment
DW0018 Cyclic configuration test
0 = switched on
1 = switched off (default setting)
DW0019 Configuration test during start-up
0 = switched on (default setting)
1 = switched off
DW0020 Registered hardware: Code for module on slot 0
. .
. .
. . .
The information must be given in hexadecimal format.

Operation
Output on the CPU display
Hexadecimal numbers can be output on the display of the CPU. The

operating system call SB254, FUNK = 32 is used to do this.
INFORMATION
Error messages from the system are displayed as the top priority.

SB254 FUNK = 32 Output on the CPU display
DB004 DW200 = 0000H ... 0000H ... FFFEH: Hexadecimal
FFFFH number which is to be output on the
CPU display
FFFFH: Clear CPU display, it is not
possible to clear FS error messages
The number currently displayed on the CPU display is saved in data blocks
DB000, DW0015. The message type is encoded in DW0014.

Adjusting the system time of the safety system
The real-time clock of the safety system can be adjusted using the PSS
WIN-PRO system software (see Online Help) or via the operating system
call SB254, FUNK = 12.
The real-time clock is reset every time SB254, FUNK=12 is called up, and
the current time is copied to the data block DB000, DW000 ... DW003.

SB254 FUNK = 12 Set System Time
ERG = 16 Value in one of the data words
DB004, DW200 ... DW203 was
invalid, the system time remains
unchanged
DB004 DW200 0 ... 99: Year
DW201, DL 1 ... 12: Month
DW201, DR 1 ... 31: Day
DW202, DL 0 ... 23: Hour
DW202, DR 0 ... 59: Minute
DW203, DL 0 ... 59: Second
DW203, DR 0

Operation
Select FS data block
A data block needs to be selected before its data words can be accessed.
The "Select data block" operation is available in all programming
languages for selecting the ST data blocks. Operating system call SB254,
FUNK = 36 is used to select FS data blocks.
After selecting an FS data block, the ST section has read access to this
DB. If the FS data block which is to be selected does not exist, then the ST
section switches to a STOP condition.
INFORMATION
FS data blocks can only be selected if the FS section is in RUN mode. This
can be checked with the aid of the FS status flags (see section
"Communication with the ST section").

SB254 FUNK = 36 Select FS data block
DB004 DW200 1 ... 255: Data block number

Communication with the FS section
Various flags are available for communication between the FS section and
the ST section:
• Communication flags
M100.00 ... 104.31
M105.00 ... 109.31 (only on PSS with operating system ≥ 43)
The communication flags can be written to and read by the ST user
program. The FS section only has read-access to these flags. The flags
are available to the user for free use.
• Fixed flags
Flag Description
M110.00 FALSE (RLO-0)
Flag content is always = 0
M110.01 TRUE (RLO-1)
Flag content is always = 1
The fixed flags have a fixed status. They are often used to set the RLO
to "1" or "0". To do this, the corresponding flag is loaded with the "Load"
operation.
The FS section and the ST section only have read access.
• Arithmetic flags
Flag Description
M111.00 Carry
= 1 if the carry flag has been set by an arithmetic operation
M111.01 Overflow
= 1 if the overflow flag has been set by an arithmetic operation
M111.02 Zero
= 1 if the zero flag has been set by an arithmetic operation
M111.03 Sign
= 1 if the sign flag has been set by an arithmetic operation
Arithmetic flags are used by the operating system during arithmetic

operations. The FS section and the ST section only have read access.

Operation
• FS status flags
Flag Description
M113.00 = 0 if status of FS section is STOP
= 1 if status of FS section is RUN, only set after the first cycle
M113.01 = 0 if status of FS section is "No error"
= 1 if status of FS section is "Error"
M113.02 = 1 if FS section has been stopped by a STOP operation
M113.03 = 1 after start-up (STOP > RUN) of the FS section, only
active for one cycle
M113.04 = 1 after restart (OFF > RUN) of the FS section, only active for
one cycle
M113.05 = 1, if SafetyBUS p 0 is in a RUN condition
M113.06 = 1, if SafetyBUS p 1 is in a RUN condition
M113.08 = 1 if the remanent DBs in the FS section have been reset;
flag must be reset through SB255, FUNK = 50. Provided the
flag is set, the remanent DBs will be reset each time the PSS
is cold/warm started. The flag is non-volatile.
FS status flags provide information about the status of the FS section.


• ST status flags
Flag Description
M112.00 = 0 if status of ST section is STOP
= 1 if status of ST section is RUN, only set after the first cycle
M112.01 = 0 if status of ST section is "No error"
= 1 if status of ST section is "Error"
M112.02 = 1 if ST section has been stopped by a STOP operation
M112.03 = 1 after start-up (STOP > RUN) of the ST section, only
M112.04 = 1 after restart (OFF > RUN) of the ST section, only active for
one cycle
M112.05 = 1 if a general reset was performed in the ST section, only
ST status flags provide information about the status of the ST section.

INFORMATION
The FS section cannot access the operands of the ST section. Communi-
cation is only possible via the above flags.
The ST section can obtain read access to the process images of the inputs
and outputs (PII and PIO, but not XW-PII and XW-PIO), the flags, the data
blocks, the timers and counters of the FS section.

Operation
User interface in the ST section
The user interface (refer also to the chapter "Structure", section "User
interface") can be used either in the FS section or in the ST section for
communication with other devices. The section which accesses the user
interface first obtains the access rights. If the user interface has already
been configured for the FS section, then it cannot be used by the ST sec-
tion again until a general reset is performed in the ST section and the
power supply to the PSS is switched off and back on again.
Networks can be formed with a maximum of 32 subscribers with the aid of

the user interface, see section "Forming networks". The transfer can take
place without a protocol or with an ISI protocol, see section "Communica-
tion protocol". "Handshaking" can be used during the transfer - see section
"Handshaking".
Access from the ST section to the user interface is provided with the aid of
the following functions of the SB254:
FUNK Description
000 Status poll for the configuration
001 Configure
002 Acknowledge configuration error
004 Status poll for sending
005 Send
006 Acknowledge send error
008 Status poll for receiving
010 Acknowledge receive error
011 Acknowledge receipt

Forming networks
Using the ISI protocol (see section "Communication protocol"), it is possi-

ble to form a network with a maximum of 32 subscribers (one Master and
31 Slaves) and a maximum cable run of 1,200 m.
3rd generation controller networks:
All 3rd generation controllers have a terminating resistor which can be

activated via the terminating switch RT (USER). The terminating resistor is
activated when the switch is pressed.
In a network the terminating resistor must be activated at the Master and

at the end device. The terminating resistor must be deactivated on all other
devices.
PSS 3000
RS 232/
RS 485
Master
PSS 3000 PSS 3000 PSS 3000
Slave 1 Slave 2 Slave 31

Fig. 6-2: 3rd generation controller networks

Operation
1st and 2nd generation controller networks
In order to form a network using 1st and 2nd generation controllers, you will
need to use a PAP interface adapter (RS 232 -> RS 485).
PSS 3000
RS 485
RS 232 PAP
Master PAP PAP PAP
PSS 3000 PSS 3000 PSS 3000
Slave 1 Slave 2 Slave 31
Fig. 6-3: 1st and 2nd generation controller network
Handshaking
The interface has the following handshake signals:

• RTS
• CTS
• DTR
• DSR
During data transfers without handshaking the input signals DSR and
CTS are not taken into account. The output signals DTR and RTS are
used.
During data transfers with handshaking the output signals DTR and RTS
are used to control the partner, and the input signals CTS and DTS are
used for synchronisation with the partner. The signals have the following
meaning:
• DTR output signal
The output signal signals to the partner when the user interface is ready
to receive data:
- DTR = 1: User interface ready to receive
- DTR = 0: User interface not ready to receive, either because the
receive buffer is full or because the received data are being processed
(see Assignment of the interface configuration-DB DB006, DW012).

• RTS output signal
The output signal reports when the user interface is ready to send:
- RTS = 0: Rest condition
- RTS = 1: RTS is reset to 0 immediately before the start of each send
cycle, during sending and after completion of sending.
The output signal generally switches interface adapters to send mode.
• DSR input signal:
The input signal reports when the partner is ready to receive data. The
safety system interrogates the status of this input before a send cycle
starts:
- DSR = 1: start send process
- DSR = 0: Partner not ready to receive, delay send process until
DSR = 1.
• CTS input signal:
This input signal is generally used by an interface converter to signal
whether it has switched to send mode. The safety system interrogates
the status of this input before a send cycle starts:
- CTS = 1: Start send process
- CTS = 0: Partner not ready to receive, delay send process until
CTS = 1.
Communication protocol
Data transfer without protocol
During a transfer without protocol, the data which are to be sent are output
without change from the send buffer via the interface.
The received data are written block by block without change to the receive
buffer. Expiry of the receive timeout time signals the end of a block.
The receive timeout time is an aid which can be used to detect the end of
a data block during a data transfer without protocol. A timer is started when
a character is received. Each further character which is received re-
triggers this timer. The interface interprets it as the end of a data block If
the timer expires, and writes the received data to the receive buffer. The
timeout time is configurable (see Assignment of the interface configuration-
DB DB006, DW010). Output signal DTR is set to 0 when the data block
end is detected.

Operation
Transfer with ISI protocol
During a transfer with ISI protocol, the data in the send buffer are given a
protocol framework:
LF (0A hex.) Start of telegram

Telegram Slave address ID Slave address: 1 ... 31, ID field: 0 ...3
header Data length low No. of data bytes, Low Byte
Data length high No. of data bytes, High Byte
First data (DR)
Data ... max 2,042 bytes.
last data (DL)
End of CRC Checksum
telegram
CR (0D hex.) End of telegram
Fig. 6-4: ISI protocol
A received protocol is checked for protocol errors. Error-free telegrams are

written to the receive buffer once the protocol framework has been re-
moved.
The ISI protocol operates in accordance with the Master-Slave principle.
Only one of the subscribers must be defined as the master. After every
send command from the Master the addressed slave must answer within
the defined timeout time (see Assignment of the interface configuration-DB
DB006, DW009). A slave will only send data on request.
Calculation of the checksum CRC:

CRC = 0 - (ID byte of the Slave address
+ Data length low
+ Data length high
+ Sum of all data bytes)
The first databyte is located in DR003.

Please note the following when sending data with the ISI protocol:
• The value "3" must be entered in data block DB006, data word DW005
(8 data bits, see section "Configuration of the user interface").
• If the safety system is a Slave:
- If a telegram cannot be sent because the Master is not ready to receive
then the Master will request the answer again (no send error).
- Data word DW003 from data block DB007 is the first send data,
DW002 is reserved for the Slave address (see section "Sending via the
user interface").
- Only change the send buffer (DB007) after a telegram has been re-
ceived from the Master. If the Master requests the last telegram again
because errors were encountered during receipt, then the
safety system automatically repeats the telegram which is in the send
buffer.
• If the safety system is a Master:
- The Slave address must be entered in data word DW002 of data block
DB007, data word DW003 contains the first send data (see section
"Sending via the user interface").
- The send process is not complete until the addressed Slave has an-
swered and the receipt of the answer or a send error has been ac-
knowledged. If the answer from the Slave has not been acknowledged,
then the status poll SB254, FUNK = 4 returns ERG = 2 as a result (see
section "Sending via the user interface"). A receive status poll needs to
be performed in order to establish whether or not the Slave is
responding.
- If the slave does not answer without errors within the timeout time, then
the safety system repeats the telegram 3 times. If the Slave still does
not answer without errors, then the safety system reports a receive
error.
ID handling
• If the safety system is the Master:
After the interface has been configured the telegram is sent with ID = 0.
After an error-free answer from the slave the ID byte for this slave is
increased by 1. If ID = 3 and the answer to a telegram is error-free, then
the ID byte for this Slave is reset to 1.

Operation
If a Slave does not answer without errors, then the safety system repeats
the telegram 3 times with the same ID byte. If there is also no response
to the repetition, then the ID byte for this Slave is set to 0. ID = 0 for the
next telegram sent to this slave.
• If the safety system is a slave:
An addressed slave always answers with the received ID byte. If the ID
byte remains the same between two received telegrams, then this is a
repetition request for the last sent telegram. The safety system automati-
cally responds to the repetition request. If ID-Byte = 0, then the Slave is
requested to perform an initialisation.

Configuration of the user interface
The user interface is configured with default values at every STOP-RUN

transition of the ST section, i.e. the interface configuration-DB (DB006) is
initialised with the default values. In order to configure the interface with
user-specific values, it needs to be reconfigured at every STOP-RUN
transition, e.g. during the start-up OB or the general reset OB.
The receive DB (DB008) and the send DB (DB007) are deleted during
configuration.
The configuration can be performed with the aid of the following three
operating system calls.

SB254 FUNK = 000 Configuration status poll
ERG = 1 Interface ready for operation
ERG = 2 Interface currently being configured
ERG = 16 Configuration error
ERG = 32 Acknowledgement is processed

SB254 FUNK = 001 Configure

SB254 FUNK = 002 Acknowledge configuration error

Operation
Interface configuration DB (DB006)
The interface data are entered in the interface configuration-DB.
Properties
Length: at least 13 data words
Access right: Read/Write
Assignment
DW000 Reserved
DW001 Fault detected if SB254, FUNK = 000, 001 or 002 reports a
configuration error (ERG = 16).
0002H ... 000CH: Number of the faulty data word in the DB006
FFF0H: Interface is assigned to the FS section
DW001 can only be read.
DW002 Transmission rate
Value Transmission rate in bit/s
0 150
1 300
2 600
3 1,200
4 2,400
5 4,800
6 9,600 Default value
7 19,200
8* 38,400
* only on 3rd generation PSS

DW003 Parity bit
Value Parity bit
0 None
1 Odd
2 Even Default value

DW004 Number of stop bits
Value Stop bits
0 1 Default value
1 1.5
2 2
DW005 Number of data bits

Value Number of data bits
0 5
1 6
2 7
3 8 Default value
DW006 Handshake
Value Handshake
0 No
1 Yes Default value
DW007 ISI protocol

Value ISI protocol
0 No Default value
1 Yes
DW008 CPU as Master or Slave (with ISI protocol only)
Value CPU as Master or Slave

0 Master Default value
1 ... 31 Slave, with corresponding
address
DW009 Timeout for Slave response (for ISI protocol only)
Value Timeout
0 none Default value
1 ... Timeout in ms
65535

Operation
DW010 Receive timeout
Value Timeout
15 15 ms Default value
1 ... Timeout in ms
65,535
DW011 Send timeout (only for transfer

with handshaking)
Value Timeout
0 infinite
5,000 5,000 ms Default value
1 ... Timeout in ms
65,535
DW012 DTR controller

The receive-DB has enough space for 2,044 bytes. In order to
prevent bytes from being lost, it is possible to stop the send
process before the receive-DB is full. The DTR control line is set
to 0 to do this. DW012 contains the information how many bytes
before 2,044 the send process is to be stopped.
Value range: 0 ... 2,044, default value: 3
Example: DW012 = 5, i.e. after 2,039 Bytes DTR = 0 is set, as a

result of which the partner is requested to terminate the send
process.

Example
Call up SB255, FUNK = 000 and evaluate ERG. The configuration must
only be performed if ERG = 1 or ERG = 16.
ERG = 1
or
ERG = 16 The interface can be configured.
Assign the desired values to DB006 (interface configuration-

DB).
Call up SB254, FUNK = 001 and evaluate ERG:

ERG = 2 while the configuration is running.
If ERG = 1 then the configuration was successful.
If ERG = 16 then an error has occurred during configuration.
DW001 of DB006 contains the fault identifier. The error must be
rectified and acknowledged with SB254, FUNK = 002,
or a new configuration command (SB254, FUNK = 001) needs
to be issued. ERG = 32 during the processing of the acknowl-
edgement. Once the processing has finished, ERG = 1.
ERG = 2 Interface is currently being configured.
ERG = 32 Acknowledgement is processed.

Operation
Sending via the user interface
The process of sending data via the user interface takes place with the aid
of the following operating system calls.

SB254 FUNK = 004 Send status poll
ERG = 2 Data are being sent
ERG = 16 Send errors

SB254 FUNK = 005 Send

SB254 FUNK = 006 Acknowledge send error

Send-DB
The data which are to be sent are entered in the send-DB (DB007).
Properties
Assignment
DW000 Number of bytes to be sent
DW001 Fault detected if SB254, FUNK = 004, 005 or 006 reports a
send error (ERG = 16).
0: Timeout exceeded on send (partner not ready to re-
ceive)
16: Number of bytes to be sent is too high
17: Send command currently not available, e.g. because a
telegram is just being sent.
18: Interface not yet configured
FFFFH: No error
DW002 with ISI protocol: Slave address if the safety system is the
Master
without ISI protocol: first send data word
DW003 ... 1023 Send data
Send sequence without ISI protocol:
DR2 (2nd right data word), DL2 (2nd left data word), DR3,
DL3, ....
Send sequence with ISI protocol:
DR3, DL3, DR4, DL4, ...

Operation
Example
SB255, call up FUNK = 004 and evaluate ERG. It is only permissible to

save new send data in the send-DB (DB007) if ERG = 1 or ERG = 16.
ERG = 1
or
ERG = 16 Data can be sent.
Assign values to DB007 (send-DB).
Call up SB254, FUNK = 005 and evaluate the ERG:

During sending, ERG = 2.
If ERG = 1, then the data have been sent successfully.
If ERG = 16, then an error has occurred during sending. DW001
of DB007 contains the fault identifier. The error must be rectified
and acknowledged with SB254, FUNK = 006, or a new send
command (SB254, FUNK = 005) needs to be executed.
ERG = 32 during the processing of the acknowledgement. Once
the processing has finished, ERG = 1.

Receive via the user interface
The process of receiving data via the user interface takes place with the
aid of the following operating system calls.

SB254 FUNK = 008 Receive status poll
ERG = 1 No data received
ERG = 2 Data are being received
ERG = 4 Receive telegram is complete
ERG = 8 Receipt acknowledgem.being processed
ERG = 16 Receive errors

SB254 FUNK = 010 Receive

SB254 FUNK = 011 Acknowledge receive error

Operation
Receive-DB
The received data are entered in the receive-DB (DB008).
Properties
Assignment
DW000 Number of bytes received
DW001 Error detected if SB254, FUNK = 008, 010 or 011 re-
ports a receive error (ERG = 16).
0: Send timeout exceeded (for ISI protocol only)
1: Parity error
2: Receive "Break"
3: Stop bit error
8: Overflow error; characters have been lost, e.g. because
the last telegram received was not acknowledged
quickly enough.
9: Number of the receive-DB
10: Slave not answering in time (for ISI protocol only)
11: Number of received bytes incorrect (for ISI protocol
only)
12: CRC error (for ISI protocol only)
13: ID error (for ISI protocol only)
14: Incorrect Slave answering (for ISI protocol only)
15: End identifier missing or end of telegram contains too
few characters (for ISI protocol only)
17: Command not permitted at this time
19: Telegram header contains too few characters (for ISI
protocol only)
FFFFH: No error
DW002 with ISI protocol: not relevant
without ISI protocol: first received data word
DW003...1023 Receive data
Send sequence without ISI protocol:
DR2 (2nd right data word), DL2 (2nd left data word), DR3,

DL3, ....
Receive sequence with ISI protocol:
DR3, DL3, DR4, DL4, ...
Example
Call SB255, FUNK = 008 and evaluate ERG.
ERG = 1 The interface is not receiving any data.

ERG = 2 Data are currently being received. The data are saved in the
receive-DB (DB008).
ERG = 4 All data have been received in full. A telegram is complete if no
more characters are received within the receive timeout. This is
detected during the next cycle change or during the next status
poll.
Now the received data can be processed in the receive-DB
(DB008).
The data need to be read out from the receive-DB, and their
receipt needs to be acknowledged with SB254, FUNK = 011.
During processing or receipt acknowledgement ERG = 8; after
error-free acknowledgement ERG = 1.
If an error occurs while receiving, then ERG = 16. DW001 of DB008 con-
tains the error identifier. The error must be rectified and acknowledged with
SB254, FUNK = 10 or FUNK = 11. ERG = 32 during the processing of the
acknowledgement. Once the processing has finished, ERG = 1.
A regular status poll needs to be performed with SB254, FUNK = 8 to
enable the user program to detect whether data have been received via
the interface.
If the safety system is the Master, then any exceeding of the send timeout
is reported as a receive error. The receive status must be polled while
waiting for the answer from the slave. The next telegram cannot be sent
until the receipt or receive error has been acknowledged.
If the safety system is a Slave, then faulty telegrams or telegrams which
are not addressed to the selected Slave address are discarded by the
operating system without warning. Repetition requests (ID byte is
unchanged) are automatically answered by the safety system.

Operation
Operating states and changes
PSS
switched off
Switch on
voltage
1
ST-STOP
LED "ST RUN":
off
CPU display:
"0000", "S-xx or "F-xx"
2 no
AUTO AUTO AUTO yes

PG ST or
PG ST PG ST Error
PLC
PG
PLC
PG
PLC OB
PG
or STOP operation
system software or minor
system software error
ST-RUN
LED "ST RUN":
on
CPU display:
"0000" or "F-xx"
fatal error fatal error

in FS in ST
part part
4 5 7 6
Fatal Error ST Fatal Error

LED "ST RUN": LED "ST RUN":
any status flashing
CPU display: CPU display:
"+xxx" or "*xxx" "S-80"
Fig. 6-5: Operating states of ST section

This section describes the operating states that can be assumed by the ST
section of the safety system, which changes in status can take place, what
happens while the status change is happening and what you can do to
trigger a status change.
The numbers identify status changes which are described on the next
pages.
Operating statuses
Status "ST-STOP"
• The ST user program is not processed and all ST outputs are switched
off (safe condition).
• Processing of the FS user program continues unchanged.
• All of the functions of the system software (PG) are available.
• "ST RUN" LED: Off
• CPU display: Error class of the error "S-xx" (if any FS errors are also
entered in the error stack, then these are displayed as the top priority "F-
xx")
Status "ST-RUN"
• The ST user program is processed.
• All of the functions of the system software (PG) are available
(Exceptions: transfer or delete program).
• "ST RUN" LED: On
• CPU display: "0000" or "F-xx"
Status "ST Fatal Error"

• The ST section is out of service, all outputs are switched off.
• No communication with the programming device is possible.
• "ST RUN" LED: flashing
• CPU display: Error identifier "S-80" (if any FS errors are also entered in
the error stack, then these are displayed as the top priority "F-xx")

Operation
Status "Fatal Error"

• FS and ST section are inoperative, all outputs are switched off (safe
condition).
• "ST RUN" LED: any status
• CPU display: Fault detection "*xxx" or "+xxx"
Change in operating status
Switch on voltage ➀
The following happens after the voltage is switched on:
• All of the outputs of the ST modules are switched off.
• The system time (real-time clock) is read out and the current time is
entered in DB000. Exception: If the “Operate PSS without battery” option
has been selected when programming the PSS in the system software’s
PSS Configurator, the system time is set to zero.
• ST status flag M112.04 = 1 (this only remains set for one cycle), all other
ST status flags are set to 0.
• The system checks whether the contents of the read/write data memory
were changed while the safety system was switched off (memory is
"corrupted"); if "yes" then a general reset is performed (see chapter
"Commissioning").
If the “Operate PSS without battery” option has been selected when
programming the PSS in the system software’s PSS Configurator, a
general reset will be performed in each case.
• The communication flags are set to 0.
• The PIO and the PII of the FS section are assigned the value 0.
• The dynamic program display is switched off.
• The variable display is shut down.
• The ST section switches to a STOP condition.

Status change from ST-STOP to ST-RUN (start-up) ➁
This change takes place automatically after switching on if the ST selector
switch is in the position "PLC" or "AUTO PG".
If the ST section is in STOP mode and no ST error is present, then you

can proceed as follows to return to RUN mode:
• Set the ST selector switch from "PG" to "PLC" or "AUTO PG", or
• start the ST section with the aid of the system software.
If the ST section is in STOP mode due to an error which has occurred (if
no FS error "F-xx" is present, then the CPU display shows: "S-xx") then
you will need to proceed as follows to return to the RUN condition:
• Read out the error stack (see chapter "Fault diagnostics and correction",
section "Error stack").
• If necessary use the dynamic program display (system software) to
search for the error.
• Rectify the error.
• Start the ST section (move the ST selector switch from the "PG" setting
to the "PLC" or "AUTO PG" setting, or start the ST section with the aid of
the system software).
The following happens during the changeover of the ST section from

STOP to RUN:
• If expansion modules are being used, the system checks whether the
voltage supply to the expansion modules is still intact. If after a time of 3
s has elapsed, no supply voltage is present then the ST section remains
in STOP mode.
• The ST user program is checked.
• ST timers are stopped and reset to 0.
• ST counters are reset to 0.
• The PIO and the PII of the ST section are assigned the value 0.
• The user interface is initialised using the default values.
• The actual configuration is entered in DB000.
• Status flags
- M112.00 = 1 (only set after the first cycle)
- M112.01 = 0
- M112.02 = 0
- M112.03 = 1 (only remains set for one cycle)
Operation
• A general reset is triggered and M112.05 = 1 is set (M112.05 only re-

mains set for one cycle) if one of the following conditions is met:
- OB022 is present in the user program.
- With the error stack button pressed, the ST selector switch was moved
from the "PG" setting to "PLC" or "AUTO PG".
- The contents of the read/write data memory were changed while the
safety system was switched off (memory has become "corrupted").
- if the “Operate PSS without battery” option has been selected when
programming the PSS in the system software’s PSS Configurator
• If present, the general reset-OB (OB022) or start-up-OB (OB020) is
executed.
• The hardware registry test (if configured) is executed.
• Word modules are initialised.
• During the first STOP-RUN transition after the transfer of the ST program
to the safety system: DBs of the ST section are initialised using the
values specified in the system software (PG).
Status change from ST-RUN to ST-STOP ➂

Reasons:
• The ST selector switch was set to "PG" or
• the STOP function was called up in the system software (PG), or
• the STOP operation was called up in the ST user program, or
• a minor error has occurred.
Minor errors include:
- Error in the user program
- Battery error
The corresponding error organisation block is called up on errors belong-
ing to error classes S-04, S-05, S-21, S-22, S-23, S-24 or S-26. If the
error organisation block is not present, then the ST section changes to a
STOP condition, otherwise the error organisation block is executed and
the ST section remains in RUN mode. (Refer to the PSS WIN-PRO
Programming Manual for more information about "Error organisation
blocks").
During this change of status the following happens:

• The ST user program is stopped.

• The PIO of the ST section is assigned the value 0.
• Status flag M112.00 = 0
• After a STOP on account of a STOP operation in the ST user program:
Status flag M112.02 = 1
• After a STOP on account of a minor error:
Status flag M112.01 = 1
• The STOP organisation block OB024 is called up.
The OB024 is called up every time the system changes into the STOP
condition. OB024 is only available for PSS with an operating system
version ≥ 43.
(Refer to the PSS WIN-PRO programming manual for more information
about "STOP organisation blocks").
• After a STOP on account of execution of the stop function in the system
software or actuation of the FS selector switch:
First the STOP organisation block OB128 is called up, followed by the
STOP organisation block OB024 (Refer to the PSS WIN-PRO program-
ming manual for more information about "STOP organisation blocks").
Status change from ST-RUN or ST-STOP to "Fatal Error" ➃

Reason: A fatal error has occurred in the FS section.
Fatal errors can include:
• Major system defect
• Error during self-test

• All the outputs are shut down.
• The FS and ST user programs are stopped.
Status change from "Fatal error" to ST-RUN ➄

It is not possible for the user to rectify the error. If the PSS is in this state,
then the only option is to:
• Note the conditions under which the error occurred.
• Write down the displayed fault detection.
• Switch the PSS off and back on again and then read out the error stack
(see chapter "Fault diagnostics and rectification", section "Error stack").
• Contact Pilz.

Operation
Status change from ST-RUN or ST-STOP to "ST Fatal Error" ➅

Reason: A fatal error has occurred in the ST section, i.e. there is a major
defect in the ST section.

• Status flags M112.00 = 0 and M112.01 = 1
Status change from "ST Fatal Error" to ST-RUN ➆

Proceed as follows to return to the RUN condition:
(see section "Error stack").
• Contact Pilz.

Commissioning
Initial commissioning
Hardware requirements
• Supply voltage connected to PSS
(modular PSS: see power supply operating manual; compact PSS: see
PSS operating manual)
• Supply voltage for inputs and outputs connected
(modular PSS: see I/O modules operating manual; compact PSS: see
PSS operating manual)
• For modular PSS: Correct module rack configuration
(first slot must be occupied by the power supply and the second by the
CPU module)
Software requirements
• Configuration data (slot configuration, start addresses of the word mod-
ules etc.) entered in the PSS configurator of the system software are
correct.
• Executable user program is available in a linked form (see "Link" in the
online help of the system software).
Initial commissioning procedure

• Set the ST selector switch to the "PG" or "Auto PG" setting. Set the ST
selector switch to "AUTO PG" if you wish the ST section to start auto-
matically after downloading the program. If you wish to start the ST
section yourself, set the ST selector switch to "PG".
• Switch on the power supply (position "I")
Reaction: "Power" LED on the power supply and the CPU module
light up.
CPU carries out a self-test, CPU display shows: "❚ ❚ ❚ ❚"
• If the self-test is successful, the CPU display will show: "0000"
• Transfer program (see online help of the system software)
• If the ST selector switch is set to "AUTO PG", then the ST section will
start automatically. If the ST selector switch is set to "PG", set it to "PLC"
or start the ST section with the aid of the system software.
The program is executed. The "ST RUN" LED comes on.
If a configuration error is indicated, this may also have been caused by the
registered hardware entered in the PSS during the function test (at Pilz).
Safety System: ST System Description 7-1

Commissioning
The remedy in this case is to perform a general reset (set the ST selector
switch to the "PG" setting, then press the "Error Stack" button and, at the
same time, set the ST selector switch back from "PG" to "PLC").
Error messages are described in chapter 8.
Recommissioning
If a hardware or software error occurs, there will be an error reaction from

the safety system. The error will be shown on the CPU display (see Chap-
ter 8 for details of error messages) and the "ST RUN" LED will either flash
or go out. The following states are available:
• The "ST RUN" LED flashes and the CPU display shows "S-80" (if FS
errors are also entered in the error stack, then these are displayed as the
top priority "F-xx"): a fatal error has occurred in the ST section.
Recommissioning:
- Note the conditions under which the error occurred.
- Write down the displayed fault detection.
- Switch the PSS off and back on again and then read out the error stack
- Contact Pilz.
• The "ST RUN" LED goes out and the CPU display indicates an error
("S-xx"; if any FS errors are also entered in the error stack, then these
are displayed as the top priority "F-xx"): a minor error has occurred.
Recommissioning:
- Read out the error stack (see chapter "Fault diagnostics and correc-
tion", section "Error stack").
- If necessary use the dynamic program display (system software) to
- Rectify the error.
- Start the ST section (move the ST selector switch from the "PG" setting
to the "PLC" or "AUTO PG" setting, or start the ST section with the aid
of the system software).
• "RUN" LED any status, CPU display shows "+xxx" or "* xxx": a fatal error
has occurred. The system is defective.
The user will not be able to rectify the error. If the PSS is in this state,
7-2 Safety System: ST System Description

- Note the conditions under which the error occurred.
- Write down the displayed fault detection.
- Switch the PSS off and back on again and then read out the error stack
(see chapter "Fault diagnostics and rectification", section "Error stack").
- Contact Pilz.
Changing the configuration or the user program
Sequence:
• Enter the changes to the configuration, e.g. changed registered hard-
ware, in the PSS configurator (see online help of the system software).
• If necessary change the user program (see online help of the system
software)
• Re-link the program (see online help of the system software).
• Proceed as for the initial commissioning procedure
General reset
The ST section is reset during a general reset.
A general reset can be triggered both manually and automatically:

• Manual: with the error stack button pressed, move the ST selector switch
from the "PG" setting to "PLC" or "AUTO PG".
• Automatic: if the OB022 is present in the user program during the STOP-
RUN transition of the ST section.
OB022 may contain user-specific initialisation settings which are exe-
cuted in addition to the general reset initialisation.
• Automatic: if the content of the read/write data memory was changed
while the safety system was switched off (memory is "corrupted").
• Automatic: if the “Operate PSS without battery” option has been selected
when programming the PSS in the system software’s PSS Configurator.
Safety System: ST System Description 7-3

Commissioning
The CPU carries out the following steps during a general reset:
• A message that a "general reset" is to be performed is entered in the
error stack (S-20, error number 14).
• All of the flags of the ST section are set to 0.
• ST timers are stopped and set to 0.
• ST counters are set to 0.
• General reset flag M112.05 = 1.
• The PIO and the PII of the ST section are assigned the value 0.
• The system time (real-time clock) is set to 00:00 (not on 3rd generation
controllers)
• The current ST block run time and the maximum ST block run time in
DB000 are set to 0.
• The actual configuration is entered in DB000 and DB004.
• The cyclic configuration test is switched off.
• The configuration test during start-up is switched on.
• Parameters for operating system calls (SB254) in DB004 are assigned
the value 0.
• The dynamic program display and the variable display are switched off.
The tables are assigned the value 0.
• If a valid ST user program is present in the safety system, then the read/
write data blocks are assigned the same values again that were entered
in the read/write data blocks during programming (see chapter "Structure
(hardware)", section "Data memory").
7-4 Safety System: ST System Description

Fault diagnostics and rectification
Error management
The safety system continuously checks the hardware and software during
the program cycle. If an error is discovered, the following sequence is
triggered:
• The fault detection is displayed on the CPU display.
• The error is entered in the error stack.
• Execution of the error reaction.
The reaction of the safety system to an error depends on the severity of

the error.
ST-RUN
LED "ST RUN":
on
CPU display:
"0000" or "F-xx"
Minor
error
Error yes
OB
no
ST-STOP
Fatal error Fatal error
in FS LED "ST RUN": in ST
section off section
CPU display:
"0000", "S-xx or "F-xx"
Fatal Error ST Fatal Error

LED "ST RUN": LED "ST RUN":
any display flashing
CPU display: CPU display:
"+xxx" or "*xxx" "S-80"
Fig. 8-1: Change in operating status on account of an error

Minor errors
Possible causes
• Error in the user program
• Battery error
PSS reaction
An error OB is called up for some minor errors (see Programming Manual
for PSS WIN-PRO). A reaction to the error can be programmed in this error
OB. If an error OB is present, it is processed, and the ST section remains
in RUN mode. If no error OB is available, the ST section will switch to a
STOP condition.
The following happens during the switch to the STOP condition:
• The PIO of the ST section is assigned the value 0.
• Status flags M112.00 = 0 and M112.01 = 1
The PSS operates as follows in the STOP condition:

• The ST user program is not processed and all ST outputs are switched
off (safe condition).
• All of the functions of the system software (PG) are available.
• "ST RUN" LED: Off
• CPU display: Error class of the error "S-xx" (if any FS errors are also
entered in the error stack, then these are displayed as the top priority "F-
xx")
Remedy
• Read out the error stack (see section "Error stack").
• If necessary use the dynamic program display (system software) to
• Rectify the error.
• Start the ST section (move the ST selector switch from the "PG" setting
to the "PLC" or "AUTO PG" setting, or start the ST section with the aid of
the system software).

Fatal errors in the ST section
Possible causes
• Major defect in the ST section
Reaction
The ST section changes status to "ST Fatal Error". The following happens
during the switch to this status:
The PSS operates as follows in the "ST Fatal Error" condition:

• The ST section is inoperative, all outputs are switched off.
• "ST RUN" LED: flashing
• CPU display: Error identifier "S-80" (if any FS errors are also entered in
the error stack, then these are displayed as the top priority "F-xx")
Remedy
It is not possible for the user to rectify the error. If the ST section is in this
state then the only option is to:
• Contact Pilz.

Fatal errors in the FS section
Possible causes
• Major system defect
• Error during self-test
Reaction
The safety system changes to "Fatal Error". The following happens during
the switch to this status:
• The FS and ST user programs are stopped.
The PSS operates as follows in the "Fatal Error" condition:

• FS and ST section are inoperative, all outputs are switched off (safe
condition).
• "ST RUN" LED: any status
• CPU display: Fault detection "*xxx" or "+xxx"
Remedy
It is not possible for the user to rectify the error. If the PSS is in this state,
• Contact Pilz.

Error stack
The error stack can record a maximum of 16 error entries. In system data
block DB000 it occupies data words DW085 ... DW148. Each error entry
occupies 4 words.
DW Assignment
084 Indicator pointing to current error entry
1st Error entry:
085 Bit 0 ... 7: Error class
Bit 8: if = 1 => it is an FS-error
if = 0 => it is an ST-error
Bit 9 ... 15: ID of the microprocessor
086 Bit 0 ... 6: Error number
Bit 7: if = 1 then error parameters -1/-2 are
present
087 Error parameter -1
089 ... 092 2nd Error entry
093 ... 096 3rd Error entry
097 ... 100 4th Error entry

As the error stack is organised as a ring memory, data words are accessed
via the indicator in DW084. The indicator always points to the data word
containing the error class of the current error entry.
If more than 16 errors occur, the first entry is overwritten. The error stack
contains errors from both the FS and ST sections.
What the entries mean

• Error class
The error class tells you what type of error it is, e.g. errors of the error
class "06" are in the FS section "module errors".
• Error number
All of the errors within an error class are numbered. The error number
specifies an error more accurately within an error class. Example: FS
section, error class "06", error number "73" means "module error", "short
circuit between test pulse outputs and 24 V".
• Error parameter-1, Error parameter-2
The error parameters contain additional information about an error. The
contents of the error parameter depend on the type of error.
The "error list" in the "PSS System Manual" describes the information
behind an error entry. The errors can however also be displayed as plain
text messages, i.e. with descriptive text (see section "Display of errors as
plain text").
INFORMATION
Messages are also entered in the error stack which are not error mes-
sages. Instead, these are information messages intended for the user.
These messages neither have an influence on the operating status nor the
program cycle. This could for example be the information that a restart of
the FS section was carried out (error class: F-20; error number: 01).

Display of errors as plain text
The display of errors as plain text, i.e. with a descriptive text, is possible for
example as follows:
• with the system software
Connect the programming device and display the error stack of the PSS
in the system software (PG) (see online help of the system software). A
plain text message is displayed for every error in the error stack. A rem-
edy can be displayed for each error as required.
• with a text display
Connect a text display. If the FS section has changed to the STOP con-
dition because of an error, then the ST section can read out the error
stack or the content of DB000, DW085 ... DW0148 and output a plain
text message to the text display. Standard function blocks from the "Error
evaluation" software package from Pilz can be used for this purpose.

Display of errors on the CPU display
If no error has occurred in the FS or ST section since the last change into
RUN, then the CPU display will show the following:
0000
Any error which has occurred is displayed, e.g.:

F-06
The errors saved in the error stack can be displayed on the CPU display by
pressing the "Error stack" button.
Display on 1st and 2nd generation controllers
Press and hold the error stack button. The data for the first entry in the
error stack are shown on the display in sequence, e.g.:
F020
Error class (hexadecimally encoded)

Entry number in error stack
(hexadecimally encoded)
ID for the FS/ST section
F = error in FS section
C=20 S = error in the ST section

ID for the error class
N=03
Error number (hexadecimally encoded)
ID for the error number
Release the error stack button again, then press and hold it again. The
data for the next entry in the error stack are now displayed, e.g.:

F106

S = error in the ST section
C=06
ID for the error class
N=07
AT ID for "The first error parameter follows"
FFFE Error parameter -1
PARA ID for "The second error parameter follows"
INFORMATION
It depends on the error whether or not error parameters are displayed. The
way in which the error parameters should be interpreted also depends on
the error. The error parameters for every error are described in detail in the
"Error list" in the "PSS System Manual". Help on the evaluation of the data
in the error parameters can be found in the section "Evaluation of the error
parameters" in this chapter.

If you press and hold the error stack button again, then the data for the
next entry will be displayed. After the last entry in the error stack, the
display goes back to the first entry.
Display on 3rd generation controllers
Briefly press the error stack button.

If the CPU display showed "0000" before the error stack button was
pressed, the data for the first entry in the data stack will now be shown in
sequence on the display.
If an error was displayed before the error stack button was pressed (e.g.
"F-06"), then the data for this error will be displayed in sequence, i.e. the
display starts with the entry of the last error which occurred, not with the
first entry in the error stack.
Example:
ER02
ID for the entry number in the error stack
F-06

S = error in the ST section
N-02

AT ID for "An error parameter follows"

The data display is repeated three times, then the rotation mode stops and
the CPU display reverts back to its initial status.
If you wish to have the data for the next entry in the error stack displayed
as well, then you should briefly press the error stack button while the
rotation mode is still running.
In this way you can get the system to display the entire error stack.
To manually exit the rotation mode, press the error stack button for at least
3 seconds.
If the operating status changes while the rotation mode is active (e.g. due
to the operation of a selector switch on the PSS, or due to the FS section
changing to the STOP condition in response to an error), then the rotation
mode is also stopped.
If an entry in the error stack has error parameters, the system displays
error parameter-1 first and then error parameter-2. The display is
introduced by means of an ID:
PARA
ID for "An error parameter follows"
AT
For some errors a range is indicated, e.g. the first and last defective input
of a module:
0318 Address 3.18
TO ID for a range specification
0320 Address 3.20

INFORMATION
It depends on the error whether or not error parameters are displayed. The
way in which the error parameters should be interpreted also depends on
the error. The error parameters for every error are described in detail in the
"Error list" in the "PSS System Manual". Help on the evaluation of the data
in the error parameters can be found in the section "Evaluation of the error
parameters" in this chapter.
On PSS with an FS operating system version ≥ 60, further information can

be called up after the final error entry.
To do this, briefly press the error stack button while the final error entry is
still running in rotation mode.
The ID “OrNo” is displayed, followed by the order number in rotation mode.
If you press the error stack button again, the next ID will be displayed,
followed by the data in rotation mode. This way you can call up all the
information.
OrNo ID for “The PSS order number follows”
0030 Order number, e.g. 301 200
1200
SrNo ID for “The PSS serial number follows”
0016 Serial number, e.g. 165 668
5668

IPAd ID for “The IP address of the Ethernet interface
follows”1)
169. IP address, e.g. 169.254.060.001
254:
060.
001
SubN ID for “The subnet mask of the Ethernet interface

follows”1)
255. Subnet mask, e.g. 255.255.255.240
255:
255.
240
R-IP ID for “The IP address of the Router follows”1)
169. IP address, e.g. 169.254.060.001
254:
060.
001
ETH ID for “The port for the Ethernet Configurator follows”1)
Port, e.g. 18080

0001
8080

PG ID for “The port for PSS WIN-PRO follows” 1)
0000 Port, e.g. 1025
1025
DHCP ID for “DHCP information follows” 1)
ON DHCP is activated
VERS ID for “Versions follow”
FS60 FS operating system version, e.g. 60
SB05 SafetyBUS p bus version, e.g. 5
S101 ST operating system version, e.g. 101
1)
Only on PSS with Ethernet interface and an FS operating system version
≥ 60. This information is only available if the network connection is active.
This can take 1 to 2 minutes after a PSS cold start.

Evaluation of the error parameters
In order to evaluate the error parameters of an error, you will first need to
look at the "Error list" in the "PSS System Manual" to see what the content
of the error parameters is for the particular error (e.g. "Block" or "Slot
number"). You can then interpret the display on the CPU according to the
content.
Each error parameter corresponds to one data word in the error stack. As
the CPU display has four digits, the error parameters are usually displayed
as a hexadecimal number. The two left-hand digits on the display corres-
pond to the left data byte (DL) and the two right-hand digits to the right
data byte (DR).
Table for converting hexadecimal code into binary code:
Hexadecimal Binary Hexadecimal Binary

0 0000 8 1000
1 0001 9 1001
2 0010 A 1010
3 0011 B 1011
4 0100 C 1100
5 0101 D 1101
6 0110 E 1110
7 0111 F 1111
Example: FFFB -> 1111 1111 1111 1011

The error parameters listed below require a special evaluation. All other
error parameters are numbers in hexadecimal format or, if specified expli-
citly in the error list, numbers in decimal format.
Absolute address, decimal

4-digit display, decimal code
• DL corresponds to the slot number
• DR contains the bit address
Example: The display "0318" corresponds to the address "3.18"
Absolute address, hexadecimal

4-digit display, hexadecimal code
The hexadecimal code on the display needs to be converted into binary
code.
• Bit 0 … 4: Bit section of address
• Bit 5 … 15: Slot number
Example: The conversion of the display "00B1" into binary code yields
"0000 0000 1011 0001". The resulting address is "5.17".
Block
• DL indicates the block type
08 = DB
10 = SB
20 = PB
40 = FB
80 = OB
• DR contains the block number in hexadecimal code

Bit sequence
2 or 4-digit display in hexadecimal code
The hexadecimal code on the display needs to be converted into binary
code.
With 1st and 2nd generation controllers, the defective inputs/outputs on

module and wiring errors are output as a bit sequence. Each bit in the bit
sequence corresponds to one input/output on the module.
Bit = 1 means that the corresponding input/output is error-free, and bit = 0
means that the corresponding input/output is faulty.
Bit number in bit sequence

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
corresponding bit address on the upper sub-slot of a single-pole

I/O module
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
corresponding bit address on the lower sub-slot of a single-pole

I/O module
31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16
corresponding bit address on the upper sub-slot of a dual-pole

I/O module
7- 6- 5- 4- 3- 2- 1- 0- 7+ 6+ 5+ 4+ 3+ 2+ 1+ 0+
corresponding bit address on the lower sub-slot of a dual-pole

I/O module
23- 22- 21- 20- 19- 18- 17- 16- 23+ 22+ 21+ 20+ 19+ 18+ 17+ 16+
In order to determine the absolute bit address, you also need to know the
slot and sub-slot. These details can be found in error parameter-2.

Example table for a faulty bit on an upper sub-slot
Hexadecimal Conversion to Bit address

code on the binary code
CPU display single-pole dual-pole
FFFE 1111 1111 1111 1110 X.00 X.00+
FFFD 1111 1111 1111 1101 X.01 X.01+
FFFB 1111 1111 1111 1011 X.02 X.02+
FFF7 1111 1111 1111 0111 X.03 X.03+
FFEF 1111 1111 1110 1111 X.04 X.04+
FFDF 1111 1111 1101 1111 X.05 X.05+
FFBF 1111 1111 1011 1111 X.06 X.06+
FF7F 1111 1111 0111 1111 X.07 X.07+
FEFF 1111 1110 1111 1111 X.08 X.00-
FDFF 1111 1101 1111 1111 X.09 X.01-
FBFF 1111 1011 1111 1111 X.10 X.02-
F7FF 1111 0111 1111 1111 X.11 X.03-
EFFF 1110 1111 1111 1111 X.12 X.04-
DFFF 1101 1111 1111 1111 X.13 X.05-
BFFF 1011 1111 1111 1111 X.14 X.06-
7FFF 0111 1111 1111 1111 X.15 X.07-

Example table for a faulty bit on a lower sub-slot
Hexadecimal Conversion to Bit address

code on the binary code
CPU display single-pole dual-pole
FFFE 1111 1111 1111 1110 X.16 X.16+
FFFD 1111 1111 1111 1101 X.17 X.17+
FFFB 1111 1111 1111 1011 X.18 X.18+
FFF7 1111 1111 1111 0111 X.19 X.19+
FFEF 1111 1111 1110 1111 X.20 X.20+
FFDF 1111 1111 1101 1111 X.21 X.21+
FFBF 1111 1111 1011 1111 X.22 X.22+
FF7F 1111 1111 0111 1111 X.23 X.23+
FEFF 1111 1110 1111 1111 X.24 X.16-
FDFF 1111 1101 1111 1111 X.25 X.17-
FBFF 1111 1011 1111 1111 X.26 X.18-
F7FF 1111 0111 1111 1111 X.27 X.19-
EFFF 1110 1111 1111 1111 X.28 X.20-
DFFF 1101 1111 1111 1111 X.29 X.21-
BFFF 1011 1111 1111 1111 X.30 X.22-
7FFF 0111 1111 1111 1111 X.31 X.23-
INFORMATION
If more than one input/output is faulty, then there will be a 0 at the relevant
positions.
Example: "FAFB" corresponds to "1111 1010 1111 1011", i.e. the bits 10, 8
and 2 are defective.

Error code
2 or 4-digit display in hexadecimal code
The error code is used by Pilz for fault diagnostics. The error code cannot
be evaluated by the user.
I/O group
00 ... 1F = Hexadecimally coded number of the I/O group
FE = All I/O groups which are assigned to the LD
FF = All I/O groups
Item
2-digit display in hexadecimal code
00 = Item 0, corresponds to I/OD A
FF = Item 1, corresponds to I/OD B
Sub-slot
00 = Total module
(for single-pole I/O modules: Bit addresses 0 ... 31;
for two-pole I/O modules: Bit addresses 0+/- ... 23+/-)
01 = Upper sub-slot
02 = Lower sub-slot

Diagnostics
Various tools are available for fault diagnostics in the system software
(PG):
• Displays of variables
• Dynamic program display
• Control/Force variables
Control/force variables
Here, to "force" means to set an input or an output to a fixed preset status,

regardless of the user program.
On the other hand, flags, data bytes and data words, timers and counters
are set just once to the preset value, in other words, controlled. In contrast
to the inputs and outputs they can be changed by the user program.
Information on how to control/force the variables can be found in the online

help of the system software (PG).
Permitted for controlling/forcing:
Type Operand Force Control

Inputs E00.00 ... E23.31
EB00.00 ... EB23.24 X
EW00.00 ... EW23.16
Outputs A00.00 ... A23.31
AB00.00 ... AB23.24 X
AW00.00 ... AW23.16
Data bytes/data DW0 ... DW1023
words DL0 ... DL1023 X
(DB010 ... 255) DR0 ... DR1023
Flags M00.00 ... M63.31 X
Timers T00 ... T63 X
Counters ZW00 ... ZW63 X
Words of word XW0 ... XW16383 X
modules

Display of variables
In the system software (PG), the values of any operand(s) from one or
more blocks are displayed as part of the variables display. The system can
also display the absolute addresses of the safety system (e.g. inputs and
outputs).
Information on how to display the variables can be found in the online help
of the system software (PG).
Fig. 8-2: Display of variables in PSS WIN-PRO

Dynamic program display
When a block is shown in dynamic program display in the system software

(PG), the contents of the indirect addresses, operands, RLO, accumulator
and auxiliary accumulator are shown next to the program code.
Information on how to perform the dynamic program display can be found

in the online help of the system software (PG).
Fig. 8-3: Dynamic program display in PSS WIN-PRO

Notes

Appendix
System data blocks
Data blocks are available for communication between the ST user program
or the system software (PG) and the operating system. The tables below
give an overview of their assignment.
DB000
DB000 contains general program data. It cannot be changed from the user
program.
INFORMATION
DB000 can only be read from the standard section.
Data Word Format Assignment

000 KY Current year
Byte 1: 00
Byte 2: 00 ... 99
001 KY Byte 1: Current month 01 ... 12
Byte 2: Current day 01 ... 31
002 KY Byte 1: Current hour 00 ... 23
Byte 2: Current minute 00 ... 59
003 KY Byte 1: Current second 00 ... 59
Byte 2: free
004 KH FS operating system version
005 KH Hardware version
006 KH Reserved
007 KH Current scan time in ms
008 KH Max. scan time in ms since the
FS section was last started
009 KH Current FS block run time in ms
010 KH Max. FS block run time in ms since the
FS section was last started
011 KH Current ST block run time in ms
012 KH Max. ST block run time in ms since the
ST section was last started

Appendix
DB000 continued

013 KH Duration of the self-test in ms
014 KH Indication of what is shown on the CPU display:
0 = user data, see DW015
1 = FS error ("F-xx")
3 = ST error ("S-xx")
015 KH If DW014 = 0: User data (hexadecimal figure) from
the CPU display
If DW014 = 1: Error class of FS error
If DW014 = 3: Error class of ST error
016 ... 019 KH Reserved
020 ... 043 KH Actual configuration of the ST section
DW020: Code for module on slot 0
...
084 KH Indicator pointing to current error entry
KH 1st Error entry:
085 Bit 0 ... 7: Error class
Bit 8: if = 1 => it is an FS-error
if = 0 => it is an ST-error
Bit 9 ... 15: ID of the microprocessor
086 Bit 0 ... 6: Error number
Bit 7: if = 1 then error parameters -1/-2 are
present
089 ... 092 KH 2nd error entry
093 ... 096 KH 3rd error entry
097 ... 100 KH 4th error entry

DB000 continued

149 KH Internal software version, microprocessor A
150 KH Internal software version, microprocessor B
151 KH Internal software version, microprocessor C
152 KH Internal hardware version, microprocessor A
153 KH Internal hardware version, microprocessor B
154 KH Internal hardware version, microprocessor C
155 KH ST operating system version
156 KH Internal hardware version of the ST section
157 ... 163 KH Operating system CRC sum
164 KH FS user program CRC sum
165 ... 168 KC Short name of FS user program
169 KH Link date of FS user program: Year
170 KY Link date of FS user program
DL: Month
DR: Day
171 KY Link date of FS user program
DL: Hour
DR: Minute
172 KH Version of SafetyBUS p interface
173 ... 176 - Reserved

Appendix
DB000 continued

177 KH SafetyBUS p bus version (SBp protocol)
178 ... 179 - Free
180 ... 181 KH IP address of Ethernet interface1)
182 ... 183 KH Subnet mask of Ethernet interface1)
184 ... 185 KH IP address of Router1)
186 KH Port for the Ethernet Configurator1)
187 KH Port for PSS WIN-PRO1)
188 KH DHCP information1)
1 = DHCP is activated
189 - Reserved
190 ... 195 - Free
196 KY Year
Byte 1: 00
Byte 2: 00 ... 99
197 KY Byte 1: Month 01 ... 12
Byte 2: Day 01 ... 31
198 KY Byte 1: Hour 00 ... 23
Byte 2: Minute 00 ... 59
199 KY Byte 1: Second 00 ... 59
Byte 2: Type of time details in DW 196 ... 199
0 = Relative time (time that has elapsed
since the programmable safety system
was first switched on)
1 = Absolute time (system time on
the programmable safety system)
200 ... 220 KH Parameters for operating system calls in the ST
section
221 ... 239 - Free

DB000 continued

240 ... 399 FS program downloads, resets of the remanent
FS-DBs and changes to the system time are
logged in data words 240 to 399.2)
Each entry is 10 data words long. The most recent
entry is always in DW240 ... DW249 and moves
older entries to the following data words.
Entry for FS program download:

1st DW CRC sum (KH)
2nd - 5th DW Short name (KC)
6th DW Link date, Bit 0 … 15 (KH)
7th DW Link date, Bit 16 … 31 (KH)
8th DW Download date, Bit 0 … 15 (KH)
9th DW Download date, Bit 16 … 31 (KH)
Entry for change to system time:

1st DW 0000 (KH)
2nd DW 0001 (KH)
3rd DW Old date, Bit 0 ... 15 (KH)
4th DW Old date, Bit 16 ... 31 (KH)
5th DW New date, Bit 0 ... 15 (KH)
6th DW New date, Bit 16 ... 31 (KH)
7th - 9th DW Free
Entry for resetting the remanent FS-DBs:

1st DW 0000 (KH)
2nd DW 0002 (KH)
3rd DW Resolution (KH)
If = 1, manual
If = 2, automatic
4th DW Date, Bit 0 ... 15 (KH)
5th DW Date, Bit 16 ... 31 (KH)
6th - 9th DW Free

Appendix
DB000 continued

Date details
Time details may be relative or absolute,
depending on DW199, Byte 2.
Absolute time details:
Bit 0 ... 5: Second
Bit 6 ... 11: Minute
Bit 12 ... 15: Month
Bit 16 ... 20: Hour
Bit 21 ... 25: Day
Bit 26 ... 31: Year (maximum 63)
Relative time details:

Bit 0 ... 5: Second
Bit 6 ... 11: Minute
Bit 12 ... 15: Day, upper 4 Bit
Bit 16 ... 20: Hour
Bit 21 ... 31: Day, lower 11 Bit
240 ... 249 1st entry (most recent entry)
250 ... 259 2nd entry
260 ... 269 3rd entry
270 ... 279 4th entry
280 ... 289 5th entry
290 ... 299 6th entry
300 ... 309 7th entry
310 ... 319 8th entry
320 ... 329 9th entry
330 ... 339 10th entry
340 ... 349 11th entry
350 ... 359 12th entry
360 ... 369 13th entry
370 ... 379 14th entry
380 ... 389 15th entry
390 ... 399 16th entry

DB000 continued

400 KY Device version (identical to the information on the
type label)
DL: Figure before the decimal point
DR: Figure after the decimal point
401 KH Reserved
402 KH Serial number (high word)
403 KH Serial number (low word)
404 KH Reserved
405 KH Order number (high word)
406 KH Order number (low word)
407 KH Reserved
408 ... 423 KC Name of PLC in plain text
424 KH Device data CRC sum
425 KY Programming date of device data
DL: Month
DR: Day
426 KY Programming date of device data
DL: Free
DR: Year
427 ... 499 KH Reserved for further device data
1)
Only on PSS with Ethernet interface and an FS operating system version
≥ 60. This information is only available if the network connection is active.
2)
Only on PSS with an FS operating system version ≥ 60.

Appendix
DB004
DB004 contains general program data for the ST section.

018 KH Cyclic configuration test (ST section)
0 = switched on
1 = switched off
019 KH Configuration test during start-up (ST section)
0 = switched on
1 = switched off
020 ... 043 KH Registered hardware of the ST section
...
DW043: Code for module on slot 23:
200 ... 220 KH Parameters for operating system calls in the ST
section
DB005
DB005 contains data for the word modules.

000 ... 023 KF Start addresses (0 ... 16383) of the word modules
DW000: Word module on slot 0
...
DW023: Word module on slot 23

DB006
DB006 is the configuration DB for the user interface.

000 KF Reserved
001 KF Error identifiers in the event of configuration error
of the user interface
0002H ... 000CH: Number of the faulty data word in
DB006
002 KF Transmission rate in bit/s
0 = 150
1 = 300
2 = 600
3 = 1,200
4 = 2,400
5 = 4,800
6 = 9,600
7 = 19,200
8 = 38,400 (only on 3rd generation PSS)
003 KF Parity bit
0 = none
1 = odd
2 = even
004 KF No. of stop bits
0=1
1 = 1.5
2=2
005 KF No. of data bits
0=5
1=6
2=7
3=8
006 KF Handshake
0 = no
1 = yes

Appendix
DB006 continued

007 KF ISI protocol
0 = no
1 = yes
008 KF CPU as Master or Slave (with ISI protocol only)
0 = Master
1 ... 31 = Slave, with corresponding address
009 KF Timeout for Slave answer (with ISI protocol only)
0 = Master
1 ... 65,535 = Timeout in ms
010 KF Timeout when receiving
1 ... 65,535 = Timeout in ms
011 KF Timeout when sending (only for transmission with
handshake)
0 = infinite
1 ... 65,535 = Timeout in ms
012 KF DTR controller
0 ... 2,044 = specifies how many bytes before 2044
sending is due to be stopped

DB007
DB007 is the send DB for the user interface.

000 KF Number of bytes to be sent
001 KF Error identifiers for send errors
0: Timeout exceeded on send (partner not
ready to receive)
16: Number of bytes to be sent is too high
17: Send command currently not available,
e.g. because a telegram is just being sent.
FFFFH: No error
002 KF with ISI protocol: Slave address if the safety
system is the Master
without ISI protocol: first send data word
003 ... KF Send data
1023 Send sequence without ISI protocol: DR2, DL2,
DR3, DL3, ....
Send sequence with ISI protocol: DR3, DL3, DR4,
DL4, ...

Appendix
DB008
DB006 is the receive DB for the user interface.
000 KF Number of bytes to be received
001 KF Error identifiers for receive errors
0: Send timeout exceeded (for ISI protocol
only)
1: Parity error
2: Receive "Break"
3: Stop bit error
8: Overflow error; characters have been lost,
e.g. because the last telegram received
was not acknowledged quickly enough.
9: Number of the receive-DB
10: Slave not answering in time (for ISI
protocol only)
11: Number of received bytes incorrect (for ISI
protocol only)
12: CRC error (for ISI protocol only)
13: ID error (for ISI protocol only)
14: Incorrect Slave answering (for ISI protocol
only)
15: End identifier missing or end of telegram
contains too few characters (for ISI
protocol only)
17: Command not permitted at this time
19: Telegram header contains too few charac-
ters (for ISI protocol only)
FFFFH: No error
002 KF with ISI protocol: not relevant
without ISI protocol: first received data word
003 ... KF Receive data
1023 Send sequence without ISI protocol: DR2, DL2,
DR3, DL3, ....
Receive sequence with ISI protocol: DR3, DL3,
DR4, DL4, ...

DB009
DB009 can be used as a remanent memory in the user program. The
content of the data module is retained after a general reset, it is not initial-
ised.

000 ... 063 KF available for free use

Appendix
Operating system calls with SB254
FUNK Description Page

0 Configuration of the user interface 6-25
1
2
4 Sending via the user interface 6-30
5
6
8 Receiving via the user interface 6-33
10
11
12 Set System Time 6-13
32 Output of hexadecimal numbers to the CPU 6-12
display
36 Selection of FS data blocks 6-14
151 Poll 32-bit timer 4-8
180 Offset for free addressing 6-9
INFORMATION
There are also further functions for special applications (e.g. operation of
the Interbus interface). These are described in the corresponding manuals
and operating manuals.

Changes in the documentation
Changes in Version 18 586-06
The System Description was completely revised.
Old New Change

page page
4-6 4-6 SB254, FUNK = 151
5-1 5-1 New: Diagnostic configuration
- 6-9 SB254, FUNK = 180
6-16 6-16 New: FS status flag M113.07 and M113.08
8-12 8-12 New: PSS information that can be called up via the
error stack button
9-1 9-1 Layout of DB000: DW172 to DW399
Old New Change

page page
- 4-3 New: Definition of "non-volatile"
6-24 6-24 FS status flag M113.07 deleted
FS status flag M113.08 amended
Old New Change

page page
4-2 4-2 New: Ability to operate PSS with an FS
operating system version >= 70 without a battery

Appendix
Notes

Index
A Communication
FS - ST 6-15
Access rights 6-17
User interface 6-18
Accumulator
Communication flags 6-15
display 8-23
Compact PSS 2-3, 4-1
Addresses
Configuration 5-2
display 8-22
Block run time 6-6
Addressing 5-5
changing 7-3
free 5-6
Registered hardware 6-7
Alarms 6-6
Scan time 6-5
Allocation table 5-2
Test 6-11
Arithmetic flags 6-15
Configuration data block
Auxiliary accumulator
User interface 6-26
display 8-23
Configuration error 6-11
Configurator 5-2
B Control
Base module rack 4-2 Counter 8-21
Battery 4-2 Data words 8-21
Binary code 8-15 Flags 8-21
Bit encoding 8-17 Inputs 8-21
Bit numbers 5-5 Outputs 8-21
Bit sequences 8-17 Timer 8-21
Block run time 6-3 Controller
Definition of 6-6 Compact 2-3, 4-1
Blocks 5-2 Modular 2-2, 4-1
Data blocks 5-2 Counter
Interface configuration DB 6-26 Display status 8-22
Receive-DB 6-34 Counter bit 4-8
Send-DB 6-31 Counter word 4-8
Function blocks 5-2 Counters 4-8
Organisation blocks 5-2, 5-6 Control 8-21
Error organisation blocks 8-2 CPU 4-3
Program blocks 5-2 CPU display 4-8
Standard function blocks 5-2, 5-7 Error display 8-8
Bus 4-3 CRC calculation 6-22
CTS 6-21
Cycle OB 5-6
C
Central processing unit 4-3 D
Channels 2-1
Checksum calculation 6-22 Data blocks 4-4, 5-2
Clock 6-13 Interface configuration DB 6-26
Code Read-only 4-4
binary 8-15 Read/write 4-4
Error code 8-20 Receive-DB 6-34
hexadecimal 8-15 Select FS 6-14
Commissioning Send-DB 6-31
Recommissioning 7-2 System data blocks 9-1
Data memory 4-4

Index
Read-only 4-4 Ethernet-2 interface 4-6

Read/write 4-4 Expansion module 4-2
Data transfer 5-4 Expansion module rack 4-2
with handshaking 6-20
with ISI protocol 6-22
without protocol 6-21
F
Data words 4-4 Failsafe section 2-1
Control 8-21 Fatal error 6-37, 6-38
Display status 8-22 FBD 2-4
DB000 9-1 Fixed flags 6-15
DB004 9-5, 9-6, 9-7 Flags
DB005 9-8 Arithmetic flags 6-15
DB006 9-9 Communication flags 6-15
DB007 9-11 Control 8-21
DB008 9-12 Display status 8-22
DB009 9-13 Fixed flags 6-15
Diagnostic configuration 5-3 Status flags 6-16
Diagnostics 8-8, 8-21 Force
Display 4-8 Inputs 8-21
Display 6-12 Outputs 8-21
Dynamic program display 8-23 FS section 2-1
Error display 8-7, 8-8 FS selector switch 4-9
Error stack 8-8 Function Block Diagram 2-4
Variables 8-22 Function blocks 5-2
Diversity 2-1
DL 4-4 G
DR 4-4
DSR 6-21 General reset 4-5
DTR 6-20
DW 4-4 H
Dynamic program display 8-23
Handshaking 6-20
Hardware registry test 6-11
E Hexadecimal code 8-15
Error
fatal 8-3, 8-4 I
Error class 8-6
ID handling 6-23
Error code 8-20
IL 2-4
Error list 8-6
Initial commissioning 7-1
Error management 8-1
Input module 4-10
Error number 8-6
Inputs
Error organisation blocks 8-2
Display status 8-22
Error parameters 8-6
Force 8-21
Error stack 8-5
Process image 6-2
button 4-9
Reading in 6-1
displaying 8-8
Instruction List 2-4
Errors
Interface adapter 5-4
display 8-7
Interface configuration DB 6-26
displaying 8-8
minor 8-2

Interfaces Operating system calls 5-7, 9-14
Programming device interface 4-6 Organisation blocks 5-2, 5-6
RS 232 4-6 Output
RS 485 4-6 Direct 6-1
User interface 4-6, 6-18 via process images 6-2
Configuring 6-25 Output block
Handshaking 6-20 FS section 6-5
Receive 6-33 ST section 6-5
Send 6-30 Output module 4-10
ISI protocol 6-22 Outputs
Item 8-20 Display status 8-22
Force 8-21
Process image 6-2
L Writing to 6-1
Ladder Diagram 2-4
LD 2-4
Linking 5-3 P
Parity bit 6-26
PB 6-1
M Periphery access
Memory Direct 6-1
Data memory 4-3 via process images 6-2
Program memory 4-3 Periphery bytes 6-1
Message errors 8-6 Periphery modules - see Input/output modules 4-10
Messages Periphery words 6-1
display 6-12 PG interface 4-6
Microprocessor 4-3 PII 6-2
Minimum scan time 6-5 PIO 6-2
Modular PSS 2-2, 4-1 Plain text messages 8-7
Module Power supply 4-2
Addressing 5-5 Process image 6-2
Module rack 4-2 Inputs 6-2
Modules Outputs 6-2
Input modules 4-10 Program 5-1
Output modules 4-10 changing 7-3
Start 4-9
N Stop 4-9
Transfer 5-4
Networks 6-19 Program blocks 5-2, 6-3
Non-volatile 4-3 Program cycle 6-3
Program display
O Dynamic 8-23
Accumulator 8-23
OB001 5-6
Auxiliary accumulator 8-23
Operating states 6-36
Indirect addresses 8-23
Fatal Error 6-38
Inputs 8-23
RUN 6-37
Outputs 8-23
ST Fatal Error 6-37
Result of logic operation 8-23
STOP 6-37
Word operands 8-23
Operating status change 6-36

Index
Program memory 4-4 FUNK 004 6-30

Program scan time 6-3 FUNK 005 6-30
Program transfer 5-4 FUNK 006 6-30
Programming 5-1 FUNK 008 6-33
Programming adapter - see Interface adapter 5-4 FUNK 010 6-33
Programming device 2-4 FUNK 011 6-33
Interface 4-6 FUNK 151 4-8
Programming languages 2-4 FUNK 180 6-9
Programming model 5-1 Scan time 6-3
Project 5-1 Definition of 6-6
Create 5-3 Minimum 6-5
Protocol Scan time block 6-5
ISI protocol 6-22 Selector switch 4-9
PSS Self-test 6-7
Compact 2-3, 4-1 Send-DB 6-31
Modular 2-2, 4-1 Slot 5-5
PSS configuration 5-2 Slot number 5-5
PSS configurator 5-2 ST section 2-2
PSS WIN-PRO 2-4 ST selector switch 4-9
PW 6-1 Standard function blocks 5-2, 5-7
Standard section 2-2
Start-up 6-3
R Start-up block 6-3
Read block Start-up procedure 4-9
FS section 6-4 States 6-36
ST section 6-5 Fatal Error 6-38
Read-only 4-4 RUN 6-37
Read-write 4-4 ST Fatal Error 6-37
Real-time 6-13 STOP 6-37
Receive-DB 6-34 Status change 6-36
Recommissioning 7-2 Status flags
Registered hardware 6-7 FS section 6-16
Reset block 6-3 ST section 6-17
Restart 4-4, 4-5 STOP 6-37
Result of logic operation Sub-slots 5-5
Display 8-23 Supply voltage 4-2
RS 232 4-6 System data 4-4
RS 485 4-6 System data blocks 9-1
RTS 6-21 System error 8-3, 8-4
RUN 6-37 System software 2-4
S T
Safety guidelines 2-1 Telegrams 6-22
SafetyBUS p Test block 6-5
Configuration 5-3 Test slices 6-5
SB254 5-7, 9-14 Tests
FUNK 000 6-25 Hardware registry test 6-11
FUNK 001 6-25 Self-test 6-7
FUNK 002 6-25 Time base 4-7

Time value 4-7
Timeout time 6-21
Timer 4-7
Display status 8-22
Timers
Control 8-21
Times
Block run time 6-3
Scan time 6-3
U
User interface 4-6, 6-18
Configuring 6-25
Receive 6-33
Send 6-30
User program 4-3, 5-1
changing 7-3
Cycle 6-3
Errors 8-2
V
Variable
Control 8-21
Force 8-21
Variable display 8-22
W
Word modules 6-7
Direct periphery access 6-1
Word operands
Display 8-23
Write protection 4-4
X
XW 6-8

Index
Notes

18 587-09, 2008-12 Printed in Germany
© Pilz GmbH & Co. KG, 2008
•… • www
In many countries we are www.pilz.com
represented by our subsidiaries
and sales partners.
• Technical
Please refer to our homepage
for further details or contact our support
headquarters. +49 711 3409-444
Pilz GmbH & Co. KG

Felix-Wankel-Straße 2
73760 Ostﬁldern, Germany
Telephone: +49 711 3409-0
Telefax: +49 711 3409-133
E-Mail: pilz.gmbh@pilz.de

f20511160 SSTcf-en.p65

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

f20511160 SSTcf-en.p65

Uploaded by

Copyright:

Available Formats

PSS-Range

Modular and compact PSS

Programmable control systems PSS®

ST System Description – Item No. 18 587-09

Structure (hardware) 4-1

PSS-Range: ST System Description 1

Error stack button 4-9

2 PSS-Range: ST System Description

Fault diagnostics and rectification 8-1

PSS-Range: ST System Description 3

Display of errors on the CPU display 8-8

4 PSS-Range: ST System Description

PSS-Range: ST System Description 1-1

Information in this manual that is of particular importance can be identified

1-2 PSS-Range: ST System Description

The PSS-range comprises modular and compact programmable safety

Control and monitoring Control of non-safety-

Fig. 2-1: Functions of the FS section and the ST section

PSS-Range: ST System Description 2-1

The standard section (ST section) processes all non-safety-relevant tasks

The basic system of a modular safety system comprises a module rack, a

2-2 PSS-Range: ST System Description

PSS-Range: ST System Description 2-3

Configuration and programming

A PSS-range safety system needs to be configured and programmed for

Programming can be performed in three different programming languages:

2-4 PSS-Range: ST System Description

PSS-Range: ST System Description 3-1

3-2 PSS-Range: ST System Description

A compact controller combines the following units in a single housing:

The modular safety systems are composed of the following units:

PSS-Range: ST System Description 4-1

Two additional expansion module racks for ST modules can be connected

4-2 PSS-Range: ST System Description

In the CPU the FS user program is processed by independent micropro-

Some memories are non-volatile. Non-volatile means that data is retained

PSS-Range: ST System Description 4-3

There are two types of data blocks:

The data memory is divided in a similar manner:

PSS operated without a battery:

4-4 PSS-Range: ST System Description

PSS-Range: ST System Description 4-5

The communications between the programming device (PG) and the

Depending on the type of safety system, the user interface is designed

4-6 PSS-Range: ST System Description

The ST section is equipped with 64 timers: T000 ... T063.

Time = Time value x Time base

Time value: Any value in the range 1 ... 32767

Time base: 0 corresponds to 50 ms

Example: Time should be 8 s

PSS-Range: ST System Description 4-7

Safety systems with an FS operating system version ≥ 38 have a

Block Input Output Key

DW201 Higher-order word of timer status

For information on application of the SB254 please refer to the section

The ST section has over 64 counters: Z000 ... Z063.

The 4-digit hexadecimal display is used to output error messages (see

4-8 PSS-Range: ST System Description

The programmable safety system is equipped with two selector switches:

The ST selector switch has the following functions:

AUTO PG Program starts up automatically.

AUTO PG Program starts up automatically.

AUTO PG The program has stopped.