ABB AC500-S Safety User Manual page 35

The watchdog time of the safety CPU set using SF_WDOG_TIME_SET is the maximum permis-
sible time allowed for its cycle time run. If the time set in SF_WDOG_TIME_SET is exceeded
during the program execution on the safety CPU, then it goes to a SAFE STOP state (no valid
telegrams are generated by the device) with I-ERR LED = ON.
Using a special PLC browser command "setpwd", it is possible to set a password for the safety
CPU to prevent an unauthorized access to its data (application project, etc.). Without knowledge
of this password, no connection to the safety PLC can be established.
3.1.2.4 Power supply supervision
The internal power supply (+3.3 V) of the safety CPU is supervised for under- and overvoltage.
In case of under- or overvoltage is detected, the safety CPU goes to a SAFE STOP state (no
valid telegrams are generated by the device) with I-ERR LED = ON. To avoid continuous restart
of the safety CPU after power supply is back within an allowed voltage range, one can set the
maximum allowed number of the safety CPU restarts using POU SF_MAX_POWER_DIP_SET
Ä Chapter 4.6.7.2 "SF_MAX_POWER_DIP_SET" on page 301. As soon as the maximum
allowed number of the safety CPU restarts is exceeded, the safety CPU does not restart and
remains in the SAFE STOP state until the user explicitly executes powering off/on procedure.
3.1.2.5 Address / configuration switch / F_Dest_Add settings
The setting of two rotary switches for PROFIsafe address and/or system configuration (for
example, these switches can be used for safety program flow control) can be read out in the
safety application program using POU SF_SM5XX_OWN_ADR
"SF_SM5XX_OWN_ADR" on page 306. Switch address values 0xFF, 0xFE, 0xFD and 0xFC are
used for internal safety CPU system functions described below:
● Switch address value 0xFF during the start of the safety CPU prevents loading the boot
project to the safety CPU on start-up (the boot project still remains in the flash memory of
the safety CPU). As a result, the user is able to log-in to the safety CPU and load a new
correct boot project. This can be needed if the boot project is corrupt and could lead to a
SAFE STOP state of the safety CPU. The safety CPU goes to DEBUG STOP (non-safety)
state after start-up and successful 0xFF command execution.
● Switch address value 0xFE during the start of the safety CPU allows deleting the boot
project from its flash memory. The boot project is finally deleted after the safety CPU pow-
ering off/on is executed. This can be needed if the boot project is corrupt and could lead to a
SAFE STOP state of the safety CPU. The safety CPU goes to SAFE STOP state after start-
up and 0xFE command execution.
2020/06/19
NOTICE!
POU SF_WDOG_TIME_SET must be called in the user program only one time
to set some watchdog value greater than 0. If SF_WDOG_TIME_SET is not
called in the user application program, the default watchdog time = 0 is used,
which leads the safety CPU directly to a SAFE STOP state with I-ERR LED =
ON.
To avoid occasional stops of the safety CPU due to cycle time overrun detected
by the cycle time monitoring, one shall observe the safety CPU load in the test
run of the user application program to make sure that the selected watchdog
monitoring value was correctly set.
NOTICE!
The watchdog value set in POU SF_WDOG_TIME_SET is used for the safety
CPU cycle time monitoring only in RUN (safety) mode. In DEBUG RUN (non-
safety) and DEBUG STOP (non-safety) modes of the safety CPU, the watchdog
value is ignored.
3ADR025091M0208, 12, en_US
Safety CPU - SM560-S / SM560-S-FD-1 / SM560-S-FD-4 > Functionality
AC500-S safety modules
Ä Chapter 4.6.7.8
35