Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual
Page 111
SAFETY MANUAL
D oc N umber T8094
I ssue 27 – June 2013
Page 90 of 103
represents the master control relay for each slice and must be set true leaving 15
channels available as field outputs.
Output testing must occur only when all 15 channels in the group are commanded on.
The LED indication on TM117-RME/SME shows the commanded state and not
the physical state.
The rules for Structured Text put a limit on the quantity of inputs and outputs on a
function block. This limit would stop one function block receiving or transmitting all 16
channels as well as its control parameters. To prevent this problem, the solution uses
two more function blocks, PACK16 and UNPACK16, to put the 16 output channels into
one integer. This lets one RMET examine all 16 output channels of a digital output
module.
The OTSTM supports one test schedule, so it is sufficient to use one OTSTM if it is
applicable to do a test on all of the digital outputs at the same time. If it is necessary to
do tests on different outputs at different times, you have to use multiple OTSTMs.
Divide the output modules into groups and connect each group to its own OTSTM, and
set up each OTSM to the applicable schedule.
9.10.4.5 Scheduling, Running and Aborting Tests
You can configure each ITSTM and OTSTM to do its tests 1, 2, 3 or 4 times in a time
of 24 hours. To do this, set STM to the hour of the time of day for the first test, and
FRQ to the quantity of tests required (1 to 4). Also connect HR to the hour part of a
real time clock – this is usually the built-in real time clock in the Trusted
TM
controller.
When the application tests digital inputs (using the DIPT function block) the application
will react to changes in digital inputs up to 8 cycles later than usual. When the
application tests digital outputs, the RMET function block does not introduce delays
into changes made to output states.
The application must include a mechanism to make sure that the function blocks are
being executed. To do this, the application must inspect the COUNT outputs from the
ITSTM and OTSTM.
You can also start a test manually from the application. To do this, set MTS (manual
test start) to TRUE (positive logic convention). If there is no scheduled test running, the
manual test starts straight away. If there is a test running when you set MTS to TRUE,
there will be a delay of one full application cycle between the end of the scheduled test
and the start of the manual test.
The AB (abort) command is a mechanism to stop tests which are running. The
application can use the AB command to stop a time-consuming test which is running.
The controller always actions a shutdown demand, even when a test is running.
9.10.4.6 Responding to Outputs from Function Blocks
The application must react to the outputs of the function blocks in an applicable way.
The response will include one or more of the following:
•
If the DIPT issues a RAT (request autotest), the application must start a test of the
input modules to find out which half of the duplex input has a fault. To do this,
connect the RAT output of the DIPT function block to the MTS input of the ITSM
function block.
•
If the ITSTM or OTSTM give a FLT (fault) output, the application must annunciate
the fault so that repair action can be taken. If necessary, the application must also
start an applicable action to protect the safety system.
There are more details of responses in the section of Parameter Specifications.