The present disclosure relates generally to industrial automation and control systems, such as those used in industrial and commercial settings. More particularly, the present disclosure relates to high reliability or safety industrial controllers and safety control programs as well as methods for validating and verifying safety control programs appropriate for use in and with devices intended to protect human life and health and/or machine integrity.
Industrial controllers are special purpose computers used in controlling industrial processes. Under the direction of a stored control program, an industrial controller examines a series of inputs reflecting the status of the controlled process and changes a series of outputs controlling the industrial process. The inputs and outputs may be binary, i.e. on or off or analog, providing a value within a substantially continuous range. The inputs may be obtained from sensors attached to the controlled process and the outputs may be provided to actuators on the controlled process.
Safety systems are systems intended to ensure the safety of humans working in the environment of an industrial process. Safety systems and control programs are also used for ensuring machine integrity. Such systems may include the electronics associated with emergency stop buttons, light curtains and other machine lockouts. Traditionally, safety systems have been implemented by a set of redundant circuits separate from the industrial control system used to control the industrial process with which the safety system is associated. Such safety systems have been hardwired from switches and relays, including specialized safety relays which provide comparison of redundant signals and internal checking of all conditions, such as welded or stuck contacts. More recently, safety systems have also been aligned with or integrated in standard control devices, systems and processes.
Safety control can be implemented in various manners, depending on the required control complexity and safety complexity, which takes into account the number of controlled zones. A safety controller can be provided in the form of a safety relay for local, small-scale and/or simple safety control, as a module for a modular, more complex configuration or as a more sophisticated but still compact programmable logic controller, fulfilling certain safety ratings. A compact safety controller can be employed within a complex safety network. Safety relays, on the other hand, are particularly useful for small scale emergency stop applications.
A safety device oftentimes is configured to comply with standardized safety requirements, such as a safety integrity level (SIL). On the other hand, it is desirable to enable users to configure not only standard control devices, but also a safety controller or safety relay by means of software, using an editor program. In general, this bears the risk that an inappropriately configured safety control program downloaded to an industrial controller fails to operate within safety requirements, thereby jeopardizing human life and health as well as machine integrity. It is, on the other hand, desirable to allow operation of an industrial controller executing a newly configured safety control program to test the performance of the industrial controller executing said safety control program for certain safety requirements, which may be standardized or customized. Accordingly, there is a need in the art for enabling flexible configuration of a safety control program for a software-configurable industrial controller for safety control in a manner that is safe and does not take compliance of the executing safety controller within safety requirements for granted.