ABB AC500-S Safety User Manual page 35

The watchdog time of the Safety CPU set using SF_WDOG_TIME_SET is the maximum permissible time
allowed for SM560-S cycle time run. If the time set in SF_WDOG_TIME_SET is exceeded during the pro-
gram execution on SM560-S, then SM560-S goes to a SAFE STOP state (no valid telegrams are generated
by the device) with I-ERR LED = ON.
NOTICE!
POU SF_WDOG_TIME_SET must be called in the user program only one time to set some watchdog
value greater than 0. If SF_WDOG_TIME_SET is not called in the user application program, the
default watchdog time = 0 is used, which leads SM560-S Safety CPU directly to a SAFE STOP state
with I-ERR LED = ON.
To avoid occasional stops of SM560-S due to cycle time overrun detected by the cycle time moni-
toring, one shall observe the Safety CPU load in the test run of the user application program to make
sure that the selected watchdog monitoring value was correctly set.
NOTICE!
The watchdog value set in POU SF_WDOG_TIME_SET is used for SM560-S Safety CPU cycle time
monitoring only in RUN (Safety) mode. In DEBUG RUN and DEBUG STOP modes of SM560-S Safety
CPU, the watchdog value is ignored.
Using a special PLC Browser command "setpwd", it is possible to set a password for SM560-S Safety CPU
to prevent an unauthorized access to its data (application project, etc.). Without knowledge of this password,
no connection to Safety PLC can be established.
3.1.2.4 Power supply supervision
The internal power supply (+3.3 V) of SM560-S is supervised for under- and overvoltage. In case of under-
or overvoltage is detected, SM560-S goes to a SAFE STOP state (no valid telegrams are generated by the
device) with I-ERR LED = ON. To avoid continuous automatic restart of SM560-S after power supply is back
within an allowed voltage range, one can set the maximum allowed number of SM560-S restarts using POU
SF_MAX_POWER_DIP_SET (
as the maximum allowed number of SM560-S restarts is exceeded, the Safety CPU does not restart auto-
matically and remains in the SAFE STOP state until the user explicitly executes powering off/on procedure.
3.1.2.5 Address / configuration switch
The setting of two rotary switches for PROFIsafe address and/or system configuration (for example, these
switches can be used for safety program flow control) can be read out in the safety application program
using POU SF_SM5XX_OWN_ADR (
Switch address values 0xFF, 0xFE, 0xFD and 0xFC are used for internal SM560-S system functions
described below:
Switch address value 0xFF during the start of SM560-S prevents loading the boot project to SM560-S
n
Safety CPU on start-up (The boot project still remains in the Flash memory of SM560-S). As a result, the
user is able to log-in to SM560-S and load a new correct boot project. This can be needed if the boot
project is corrupt and could lead to a SAFE STOP state of SM560-S. SM560-S goes to DEBUG (Stop)
state after start-up and successful 0xFF command execution.
n Switch address value 0xFE during the start of SM560-S allows deleting the boot project from the Flash
memory of SM560-S. The boot project is finally deleted after SM560-S powering off/on is executed. This
can be needed if the boot project is corrupt and could lead to a SAFE STOP state of SM560-S. SM560-S
goes to SAFE STOP state after start-up and 0xFE command execution.
30.03.2017
Ä Chapter 4.6 "AC500-S Libraries" on page 224 for further details). As soon
Ä Chapter 4.6 "AC500-S Libraries" on page 224 for further details).
AC500-S
AC500-S Safety Modules
SM560-S Safety CPU > Functionality
35