GENERAL INFORMATION

OPERATING SECURITY Errors in operation cannot be 100% excluded despite the measures mentioned above for achieving maximum reliability. A PLC system is "operation secure" if eventual hardware or software errors do not create a machine/device failure, which could possibly cause personal injury or damage. Errors must be recognized immediately and the system must react correspondingly. All B&R PLC systems have extensive security and diagnosis functions which quickly and reliably detect hardware errors as well as software errors and bring the system to a safe operation mode in case of a defect. If an error occurs, all system outputs are set to a secure operating state, i.e. digital outputs are reset (log. 0), analog outputs are reset to 0 V or 0 mA. Diagnostic functions can be grouped as: - Hardware controlled diagnosis functions - Hardware/software controlled diagnosis functions - Software controlled diagnosis functions

Hardware Controlled Security and Diagnosis Functions Hardware controlled security and diagnosis functions are still effective in case of a complete failure of the CPU module. Hardware Watchdog The hardware watchdog is a protection function that brings the system to a secure operating mode in case of complete failure of the PLC processor or other components required for the operation of the PLC. Hardware Reset All outputs of the PLC system are reset if an error occurs. This guarantees that a safe operating mode is achieved in case of a complete CPU breakdown. Ready Relay The ready relay provides a contact that is only closed if the PLC is functioning correctly. Any hardware or software errors cause this relay to be released. The ready relay represents an additional security function when wired correctly. Hardware/Software Controlled Security and Diagnosis Functions For these functions, the fault testing is executed by the software on the appropriate hardware. Bus Monitoring The PLC bus is constantly monitored. Short circuits on the bus caused by defects or conductive pollution are immediately detected. Expansion Test MULTICONTROL systems expansion racks are also constantly tested. A defect in an expansion rack or on a connection to an expansion rack such as a bus error will be detected. 

Software Controlled Security and Diagnosis Functions The sense of software controlled diagnosis functions often comes into question since the proper operation of the CPU and the power supply module must be taken for granted. As described previously in the "Reliability" section, only 5 % of all errors in PLC controlled machines or devices are caused by the PLC itself. A closer look at the statistics of these PLC errors shows that approx. 10 % of the errors occur in the CPU or in the power supply module. The other 90 % occur in the other PLC components. That means the CPU and the power supply modules are some of the most reliable components of a PLC system. Therefore, it makes sense to place security and diagnosis functions in these components. Application Program The checksum of an application program is constantly Checksum monitored for defects in the application program memory. Software Watchdog All B&R PLC systems provide a software watchdog, that (Runtime Monitoring) checks the maximum permissible program scan time. The software watchdog recognizes a runtime error and executes a software reset if a program scan is not completed after a defined period of time (e.g. 100 msec). Endless loops are detected in an application program in this way. Trap Error Detection If the processor encounters an unknown command when the application program is being executed, a trap error occurs. Trap errors are often caused by software errors in indexed jump instructions. Stack Pointer Test The system stack memory is checked at the end of every program scan to find software errors such as a subroutine that is not terminated with RTS or errors caused by using the system stack memory as data memory