In the field of automation technology it is often required to implement safety functions for the protection of humans, machines and the environment such as turning off a machine after opening a guard door or actuating an emergency stop switch. For this, conventional safety concepts are increasingly replaced by safety functions embedded in failsafe automation systems. These systems comprise failsafe subscribers which are decentrally connected to the network of an automation bus system, i.e., to a fieldbus system, wherein usually, the actual safety functions as well as the error-detecting and the error-controlling measures are implemented in the subscribers. According to the current state of the art, these measures have to comply with the mechanisms specified in the standards IEC 61508, ISO 13849, etc.
In current automated installations, depending on the degree of automation and the dimensions of the installations, communication systems are used which connect decentralized input/output devices (I/O devices) and controllers. The I/O devices and controllers can be standard subscribers and also subscribers with safety functions. For transporting safety-related data via common communication systems it is known to support the network through safe network protocols. Controlling standard functions and safety functions can be implemented via a common network by a centralized structure with a standard and safety controller and also by decentralized control and safety logics which are distributed in the network of a communication or fieldbus system.
One requirement for the I/O devices and controllers to be used as subscribers of a failsafe communication system for automation systems is that they are independent of a respective network and the respective controller so that the safety systems, i.e., the safety subscribers, can still be used when changing a standard controller and/or a network. For such a re-utilization possibility it is necessary to provide a handling of such failsafe automation systems that is as simple as possible. For this purpose, the safety functions of an automation system or an installation are provided separately from the standard functions and are divided into small, manageable, locally limited modules. This modularization of the safety functions and their separation from the standard functions allows a simple verification of the individual modules and therefore complies with the requirements of actual safety standards. In addition, this corresponds to the way of thinking of a person skilled in the art familiarized with the field of safety technology.
Complete installations or machines are more and more frequently composed of a multiplicity of individual and sometimes independently operating system or machine components which are assembled and commissioned at the end customer only after delivery. In the case of these installations, which are modularly built from individual components, the entire safety functions, i.e., the system-wide safety functions have to be validated prior to the commissioning and after a conversion or a flexible expansion in order to ensure the correctness of the safety functions.
According to the known prior art, the final adaptations of the safety-relevant parameters and the programming in the safe subscribers as well as the validation process for a correct safety function have to be carried out directly in the commissioning phase. Today's decentralized and modular safety functions require the use of special failsafe programming tools by means of which the safety programs and safety parameters can be uploaded directly to safety controllers or to the safety I/O devices. In the case of modifications, adaptations or expansions of an existing automation system, usually, another on-site deployment of the special failsafe programming tools is necessary by means of which uploading and validating is carried out again. The typical approaches of the prior art for validating the safety functions during commissioning require a time-consuming deployment of personnel, namely personnel which is qualified for the use of the safety-relevant programming tools, and are therefore cost-intensive.