Dual Channel Input Stop with Test and Lock (DCSTL)
This instruction applies to the Compact GuardLogix 5370, GuardLogix 5570, Compact GuardLogix 5380, and GuardLogix 5580 controllers.
The Dual Channel Input Stop with Test and Lock (DCSTL) instruction monitors dual-input safety devices whose main function is to stop safely, for example, an E-stop, light curtain, or safety gate. This instruction can only energize Output 1 when both safety inputs, Channel A and Channel B, are in the active state as determined by the Input type operand, and the correct reset actions are carried out.
In addition, this instruction has the ability to monitor a locked feedback signal from a safety device and issue a lock request to a safety device, for example a safety gate with guard locking. The Unlock Request input is used to request an electromagnetic lock or unlock. However, the hazard must not be present for the instruction to issue an unlock command. The Lock feedback input is used to determine whether or not the safety device is currently locked. To energize Output 1, the Lock Feedback input must be ON (1) in addition to the requirements of the DCST instruction.
The operation timing diagrams from the Dual Channel Input Stop (DCS) and the Dual Channel Input Stop Test (DCST) instruction are applicable to this instruction as well.
DCSTL operation diagrams, shown below, highlight the features of the lock-related operands, such as Unlock Request, Lock Feedback, Hazard Stopped, and Unlock Command.
Available Languages
Ladder Diagram
Function Block
This instruction is not available in function block.
Structured Text
This instruction is not available in structured text.
Operands
IMPORTANT:
Unexpected operation may occur if:
- Output tag operands are overwritten.
- Members of a structure operand are overwritten.
- Structure operands are shared by multiple instructions.
IMPORTANT:
Make sure safety input points are configured as single, not Equivalent or Complementary. These instructions provide all dual channel functionality necessary for PLd (Cat. 3) or Ple (Cat. 4) safety functions.
WARNING:
ATTENTION:
If changing instruction operands while in Run mode, accept the pending edits and cycle the controller mode from Program to Run for the changes to take effect.This table provides the operands that are used to configure the instruction. These operands cannot be changed at runtime.
Operand | Data Type | Format | Description |
|---|---|---|---|
DCSTL | DCI_STOP_TEST_LOCK | tag | DCSTL structure |
Safety Function | DINT | list item | This operand provides a text name for how this instruction is being used. Choices include slide lock (6) , safety gate (1) and user-defined (100). This operand does not affect instruction behavior. It is for information/documentation purposes only. |
Input Type | DINT | list item | This operand selects input channel behavior. Equivalent - Active High (0): Inputs are in the active state when Channel A and Channel B inputs are 1.Complementary(2): Inputs are in the active state when Channel A is 1 and Channel B is 0. |
Discrepancy Time (ms) | DINT | immediate | The amount of time that the inputs can be in an inconsistent state before an instruction fault is generated. The inconsistent state depends on the Input Type. Equivalent: Inconsistent state is when either is true: Channel A = 0 and Channel B =1 Channel A =1 and Channel B =0 Complementary: Inconsistent state is when either is true: Channel A = 0 and Channel B =0 Channel A =1 and Channel B =1 The range is 5...3000 ms. |
Restart Type | BOOL | list item | This input configures Output 1 for either manual or automatic restart. Manual (0): - A transition of the reset input from OFF (0) to ON (1), while all of the Output 1 enabling conditions are met, is required to energize Output 1Automatic (1): - Output 1 is energized 50 ms when all of the enabling conditions are met. ATTENTION: Automatic restart may only be used in application situations where no unsafe conditions can occur as a result of its use, or the reset function is being performed elsewhere in the safety circuit (for example, output function). |
Cold Start Type | BOOL | list item | This operand specifies the Output 1 behavior when applying controller power or mode change to Run. Manual (0): - Output 1 is not energized when the Input Status becomes valid or when the Input Status fault is cleared. The device must be tested before Output 1 can be energized.Automatic (1): - Output 1 is energized immediately when the Input Status becomes valid or when the Input Status fault is cleared and both inputs are in their active state. |
The following table explains instruction inputs. The inputs may be field device signals from input devices or derived from user logic.
Operand | Data Type | Format | Description |
|---|---|---|---|
Channel A 1 | BOOL | tag | This input is one of the two safety inputs to the instruction. |
Channel B 1 | BOOL | tag | This input is one of the two safety inputs to the instruction. |
Test Request | BOOL | tag | This signal forces a functional test to occur. See the Test Type operand for more information. ON (1) -> OFF (0): Triggers a functional test. Output 1 is de-energized and the Test Command output is energized, which prompts for a functional test to be performed. Important: Do not request a test when a hazard is present (Hazard Stopped = 0) because the machine stops and causes a fault in this instruction. |
Unlock Request | BOOL | tag | This input is used to request a lock and unlock of electromechanical locking devices. OFF (0): Lock is requested (the Unlock command is de-energized).
ON (1): Unlock is requested if the machine hazard is stopped. The Unlock command is energized if the Hazard Stopped equals 1. This signal must also be used before locking and unlocking manual locks. Otherwise, a fault can occur because of invalid sequencing. |
Lock Feedback | BOOL | tag | This input is the current state of the locking device. This input must be ON (1) in order to energize Output 1. OFF (0): The safety monitoring device currently is not locked.
ON (1): The safety monitoring device is currently locked. |
Hazard Stopped | BOOL | tag | This input is the hazard condition feedback signal. This input must be ON (1) in order for the instruction to issue an unlock command (energize the Unlock Command output). OFF (0): The Unlock Command output cannot be energized.
ON (1): The Unlock Command output can be energized. |
Input Status | BOOL | immediate tag | If instruction inputs are from a safety I/O module, this is the status from the I/O module or modules (Connection Status or Combined Status). If instruction inputs are derived from internal logic, it is the application programmer’s responsibility to determine the conditions. ON (1): The inputs to this instruction are valid.
OFF (0): The inputs to this instruction are invalid. |
Reset 2 | BOOL | tag | If Restart Type = Manual, this input is used to energize Output 1 once Channel A and Channel B are both in the active state. If Restart Type = Automatic, this input is not used to energize Output 1. This input clears instruction and circuit faults provided the fault condition is not present.
OFF (0) -> ON (1): The FP (Fault Present) and Fault Code outputs are reset. |
1
If the input is from a Guard I/O
input module, make sure that the input is configured as single, not Equivalent or Complementary. 2
ISO 13849-1 stipulates instruction reset functions must occur on falling edge signals. To comply with ISO 13849-1 requirements, add this logic immediately before this instruction. Rename the Reset_Signal tag in this example to the reset signal tag name. Then use the OSF instruction Output Bit tag as the reset source of the instruction.
This table explains instruction outputs. The outputs may be external tags (safety output modules) or internal tags for use in other logic routines
Operand | Data Type | Description |
|---|---|---|
Output 1 (O1) | BOOL | This output is energized when the input conditions have been satisfied. The output becomes de-energized when:
|
Test Command (TC) | BOOL | This output is energized when a functional test must be carried out. This operand is not safety-related. |
Unlock Command (ULC) | BOOL | This output is an unlock signal for an electromechanical locking device or to prompt for manual unlock. |
Fault Present (FP) | BOOL | ON (1): A fault is present in the instruction.
OFF (0): This instruction is operating normally. |
Fault Code | DINT | This output indicates the type of fault that occurred. See the Fault Codes section below for a list of fault codes. This operand is not safety-related. |
Diagnostic Code | DINT | This output indicates the diagnostic status of the instruction. See the Diagnostic Codes section below for a list of diagnostic codes. This operand is not safety-related. |
IMPORTANT:
Do not write to any instruction output tag under any circumstances.
Affects Math Status Flags
No
Major/Minor Faults
None specific to this instruction. See Index Through Arrays for array-indexing faults.
Execution
Condition/State | Action Taken |
|---|---|
Prescan | Same as Rung-condition-in is false. |
Rung-condition-in is false | The .O1, .TC , .ULC and .FP are cleared to false. |
Rung-condition-in is true | The instruction executes as described in the Operation section |
Postscan | Same as Rung-condition-in is false. |
Operation
Start-up Operation (Manual Cold Start)
The timing diagram illustrates Output 1 being energized when the Cold Start Type is Manual. At (A), the gate is closed and requested to lock. At (B), the gate is considered locked when the Lock Feedback transitions from OFF (0) to ON (1). At (C), Output 1 is energized when a reset is triggered. At (D), an unlock is requested when the Unlock Request signal transitions from OFF (0) to ON (1). At (E), the Unlock Command output is not energized until the Hazard Stopped input transitions from OFF (0) to ON (1). Output 1 is also de-energized at this point. At (F), Output 1 is energized again when the gate is opened, closed, and locked, and a reset is triggered.
The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
Start-up Operation (Automatic Cold Start)
The timing diagram illustrates the same behavior as the manual restart diagram, except that Cold Start Type is automatic. At (A), Output 1 is immediately energized when power is first applied because the gate is closed and locked, and the cold start type is automatic. At (B), an unlock is requested when the Unlock Request signal transitions from OFF (0) to ON (1). At (C), the Unlock Command output is not energized until the Hazard Stopped input transitions from OFF (0) to ON (1). Output 1 is also de-energized at this point. At (D), Output 1 is energized when the gate is opened, closed, and locked, and a reset is triggered.
The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
Device Not Tested After Unlock Fault (Manual Cold Start)
The timing diagram illustrates how a gate must be tested each time after it is unlocked if the Cold Start type is manual. At (A), Output 1 is energized when a reset is triggered. At (B), a fault is generated when the device is unlocked and relocked without the gate being opened. At (C), the fault is cleared when a reset is triggered. Output 1 does not become energized because a functional test has not been performed on the gate.
The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
Functional Test after Fault Operation
The timing diagram illustrates how the gate must be functionally tested after a fault occurs. At (A), Output 1 is energized when a reset is triggered with the gate closed and locked. At (B), a fault occurs because the gate is unlocked because the Unlock Request never transitioned from OFF (0) to ON (1). At (C), the fault is reset when the reset is triggered, but Output 1 cannot be energized because the gate was not functionally tested after the fault occurred. At (D), the gate has been functionally tested and the gate is opened, unlocked, and the hazard has stopped, but Output 1 cannot be energized because the gate is not locked. At (E), Output 1 is energized when a reset is triggered with the gate now locked.
The devices being monitored in these timing diagrams are assumed to be a safety gate with lock.
False Rung State Behavior
When the instruction is executed on a false rung, all instruction outputs are de-energized.
Fault Codes and Corrective Actions
The fault codes are listed in hexadecimal format followed by decimal format.
Fault Code | Description | Corrective Action |
|---|---|---|
00 | No fault. | None. |
16#20 32 | The Input Status input transitioned from ON (1) to OFF (0) while the instruction was executing. |
|
16#4000 16384 | Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the active state. Channel B was in the safe state. |
|
16#4001 16385 | Channel A and Channel B were in an inconsistent state for longer than the Discrepancy Time. At the time of the fault, Channel A was in the safe state. Channel B was in the active state. | |
16#4002 16386 | Channel A went to the safe state and back to the active state while Channel B remained active. | |
16#4003 16387 | Channel B went to the safe state and back to the active state while Channel A remained active. | |
16#4040 16448 | The device is locked in a non-active state. For example, a gate is open and locked. |
|
16#4041 16449 | The device is not functionally tested after being unlocked. |
|
16#4042 16450 | The Lock Feedback input turned ON (1) without request. For example, the device became locked, but lock was not requested. Unlock Request = 1 |
|
16#4043 16451 | The Lock Feedback input turned OFF (0) without request. For example, the device became unlocked, but unlock was not requested. Unlock Request = 0 | |
16#4044 16452 | The Hazard Stopped was OFF (0) and Output 1 was not energized. |
|
16#4045 16453 | The Lock Feedback input turned OFF (0) when the hazard was present. For example, the device became unlocked, and the Hazard Stopped input was OFF (0). |
|
Diagnostic Codes and Corrective Actions
The diagnostic codes are listed in hexadecimal format followed by decimal format.
Diagnostic Code | Description | Corrective Action |
|---|---|---|
0 | No fault. | None. |
5 | The Reset input is held ON (1) | Set the Reset input to OFF (0) |
16#20 32 | The Input Status was OFF(0) when the instruction started. | Check the I/O module connection or the internal logic used to source input status. |
16#4000 16384 | The device was functionally not tested at startup. | Perform a functional test of the device (bring Channel A and Channel B to the safe state). |
16#4001 16385 | The device was not functionally tested after a fault occurred. |
|
16#4030 16432 | Waiting for the manual functional test to occur. | Perform a functional test of the device (bring Channel A and Channel B to the safe state). |
16#4040 16448 | The device is unlocked. Output 1 cannot be energized until the device is locked. |
|
16#4041 16449 | Waiting for the device to lock. The Unlock Request input has been set to 0, but the Lock Feedback input has not yet indicated that the device is unlocked. |
|
16#4042 16450 | Waiting for the device to unlock. The Unlock Request has been set to 1, but the Lock Feedback has not yet indicated that the device is unlocked. | |
16#4043 16451 | Waiting for the hazard to stop. The Unlock Request input has been set to 1, but the Unlock Command cannot be issued until the Hazard Stopped input transitions to 1. |
|
16#4044 16452 | The device is not functionally tested after it was unlocked. | Perform a functional test of the device (put Channel A and Channel B in a safe state). |
Provide Feedback