JP2018067054A - Safety system development assistance device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a safety system development assistance device for reducing a load of a safety system developer.SOLUTION: A safety system development assistance device 21 for supporting program creation of a safety system comprises: system component change means (input unit 22) for changing system components of the safety system; related element identification means (influence range specifying unit 25) for identifying the system component affected by change work by the system component change means; and display means (display unit 23) for displaying information of works which are required to perform for the system component identified by the related element identification means.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a safety system development support apparatus that supports development work of a safety system introduced into a production site such as a factory.

  There is a safety system for ensuring the safety of workers when various devices such as industrial robots (hereinafter referred to as FA devices) that realize factory automation have failed. The safety system includes a device that detects a danger, a control device that stops the operation of the specific device when the danger is detected, and the like. A program for operating various devices constituting the safety system is created according to the system configuration, and changes occur when the system configuration is changed.

  One conventional invention for supporting the development work of a safety system is described in Patent Document 1. In the risk evaluation support apparatus described in Patent Literature 1, risk evaluation is performed for each danger source when a safety system is constructed using a network, and the evaluation result is notified to the user.

JP 2003-263212 A

  In the conventional safety system, when the system is changed, the developer of the program needs to investigate the safety function affected by the system change. It was also necessary for the program developer to investigate the work required to change the affected safety function. In the invention described in Patent Document 1, the user can know the evaluation result, but the user has to investigate the work necessary for improving the system. Thus, until now, there has been a problem that the developer who performs the change work needs to investigate the safety function that requires the change and the necessary work contents, and the time required for the development work increases.

  The present invention has been made in view of the above, and an object of the present invention is to provide a safety system development support device that can identify a necessary work for developing a safety system and indicate it to an operator. To do.

  In order to solve the above-described problems and achieve the object, the present invention is a safety system development support device for supporting a safety system development work. A safety system development support apparatus includes a system component changing unit that changes a system component of the safety system, and a related element specifying unit that specifies a system component that is affected by a change operation by the system component changing unit. . In addition, the safety system development support apparatus includes a display unit that displays information on an operation that needs to be performed on the system component specified by the related element specifying unit.

  According to the present invention, there is an effect that it is possible to realize a development support device for a safety system that can identify a necessary work for developing a safety system and show it to an operator.

The figure which shows the structural example of the safety system with which the development assistance apparatus of the safety system concerning Embodiment 1 is applied. The figure which shows the structural example of the development assistance apparatus of the safety system concerning Embodiment 1. Diagram showing an example of a safety system configuration The figure which shows an example of the information which a system component management part manages Diagram showing an example of required work information 1 is a flowchart showing an operation example of a safety system development support apparatus according to a first embodiment; The figure which shows the structural example of the development assistance apparatus of the safety system concerning Embodiment 2. 10 is a flowchart showing an operation example of the safety system development support apparatus according to the second embodiment. The figure which shows an example of the screen display which shows the content of the required work information currently hold | maintained by the required work information management part concerning Embodiment 2. The figure which shows the hardware structural example of the computer which implement | achieves the development assistance apparatus of a safety system

  Hereinafter, a development support device for a safety system according to an embodiment of the present invention will be described in detail with reference to the drawings. Note that the present invention is not limited to the embodiments.

  First, a safety system to which a program created using the safety system development support device according to the present invention is assumed will be described.

  The safety system to which the program created using the safety system development support apparatus according to the present invention is assumed is assumed to be a safety system introduced into a production site such as a factory. It is necessary to develop a safety system to be introduced at a production site based on some standard for the purpose of ensuring the safety of workers. This standard may be a standard determined by a public institution, or based on a standard determined by a public institution, a company owning a factory may decide on a more stringent standard on its own. . Safety standards such as ISO 13849-1 and IEC 61508 are known as standards determined by public institutions. ISO 13849-1: 2006, which is one of safety standards, defines a plurality of performance levels. The safety function realized by the safety system needs to satisfy a performance level required for each safety function (hereinafter referred to as a required performance level). Here, the safety function is a function for ensuring the safety of the worker by removing or reducing the danger existing at the production site. In general, there are a plurality of dangers at the production site, and a plurality of safety functions are used to remove or reduce the danger of the entire production site. The work required when developing a safety system according to ISO 13849-1: 2006 depends on the performance level that each of the safety functions implemented by the safety system should satisfy, that is, the required performance level for each safety function. The performance level is an index indicating the level of safety level realized by the safety function. When the configuration of the safety system is changed, an operation is required to ensure that each safety function realized by the changed safety system satisfies the required performance level. The work required for each component when changing the configuration of the safety system is different for each component. The work to be performed on the component includes document change and process change.

  Next, each embodiment of the safety system development support apparatus according to the embodiment of the present invention will be described. In each embodiment, a safety system development support apparatus that supports creation of a safety system program according to ISO 13849-1: 2006 will be described. That is, a safety system development support apparatus that supports creation of a program for a safety system that provides a safety function that satisfies the performance level defined in ISO 13849-1: 2006 will be described. However, the safety system development support apparatus according to the embodiment is also applicable to the case of creating a safety system program according to another safety standard.

Embodiment 1 FIG.
FIG. 1 is a diagram illustrating a configuration example of a safety system to which a safety system development support apparatus according to a first embodiment of the present invention is applied. In the configuration example shown in FIG. 1, the computer 11 realizes the safety system development support apparatus according to the first embodiment. The controller 12, the communication device 13, the communication device 14, the safety input device 15, the communication device 16 and the safety output device 17 constitute the safety system 100. In the safety system 100, the controller 12 transmits and receives information to and from the computer 11. The communication device 13 transmits / receives information to / from the controller 12 and transmits / receives information to / from the communication devices 14 and 16. The communication device 14 transmits / receives information to / from the communication device 13 and receives information from the safety input device 15. The safety input device 15 is connected to the communication device 14 and transmits input data to the controller 12. The communication device 16 transmits / receives information to / from the communication device 13 and transmits information to the safety output device 17. The safety output device 17 is connected to the communication device 16 and receives output data from the controller 12. The safety input device 15 is a device that detects occurrence of danger such as a sensor, a switch, a light curtain, and an operation button. The safety output device 17 is a device equipped with a danger removal function or a device equipped with a danger notification function that stops operation or starts operation when danger is detected, such as a robot, a display device, or a buzzer. A robot can be exemplified as the danger removal function-equipped device, and a display device and a buzzer can be exemplified as the danger notification function-equipped device. In FIG. 1, the number of controllers constituting the safety system 100 is one, but two or more controllers may be used. Moreover, although the controller 12 and the communication device 13 are configured separately, a single device having these functions may be used. In other words, the controller 12 may have the function of the communication device 13. Similarly, the communication device 14 and the safety input device 15 may be a single device, and the communication device 16 and the safety input device 17 may be a single device. Further, the computer 11 and the controller 12 need not always be connected. The computer 11 and the controller 12 are connected when information is transmitted and received between the computer 11 and the controller 12, such as when a program created in the safety system development support device realized by the computer 11 is transferred to the controller 12. It only has to be in the state.

  An outline of the operation of the safety system 100 shown in FIG. 1 will be described. In the safety system 100, when input data is generated by a sensor as the safety input device 15 detecting an operator or the like, the input data is transmitted to the controller 12 via the communication devices 14 and 13. The controller 12 that has received the input data executes a program corresponding to the input data, and transmits the output data to the safety output device 17 via the communication devices 13 and 16. When the safety output device 17 receives the output data from the controller 12, the safety output device 17 performs an operation corresponding to the received output data. When the safety output device 17 is a robot and the output data received from the controller 12 instructs to stop the operation, the robot as the safety output device 17 stops the operation. That is, when the safety input device 15 is a sensor and the safety output device 17 is a robot, the sensor as the safety input device 15 in the safety system 100 monitors whether a person approaches the robot as the safety output device 17. When it is detected that a person is approaching, information indicating that fact is sent to the controller 12, and the controller 12 sends information indicating an operation stop to the safety output device 17. When the safety output device 17 receives the information for instructing to stop the operation, the safety output device 17 stops the operation and prevents the approaching person from being in danger. The safety system 100 shown in FIG. 1 is an example of a safety system with a simple configuration, and one safety input device 15, one safety output device 17, and the controller 12 realize one safety function. A configuration in which one safety function is realized by a plurality of safety input devices and a single safety output device is also conceivable. For example, a case where a safety function is realized by a sensor and a switch as a safety input device, a robot as a safety output device, and a controller can be considered. In this case, the controller stops the robot when the sensor detects the approach of a person to the robot or the switch is operated while the robot is operating. A configuration in which one safety function is realized by a single safety input device and a plurality of safety output devices is also conceivable. A configuration in which one safety function is realized by a plurality of safety input devices and a plurality of safety output devices is also conceivable.

  FIG. 2 is a diagram of a configuration example of the development support apparatus for the safety system according to the first embodiment. The safety system development support apparatus 21 according to the present embodiment is realized by the computer 11 and supports the developer's work when developing the safety system program. The program development support device 21 receives an operation by a user and generates input data indicating operation contents, a display unit 23 that displays a display screen according to the operation state of the development support device 21 of the safety system, A system component management unit 24 that manages information related to the components of the safety system, an influence range specifying unit 25 that specifies a range affected by the change when the safety system is changed, and a performance level that is a specified safety level A necessary work information management unit 26 that manages necessary work information, which is information of work necessary for realizing a safety function corresponding to each of the above.

  When the safety system development support apparatus 21 according to the present embodiment receives information indicating a safety system configuration change from the user via the input unit 22, the range affected by the configuration change, that is, a change operation is required. Identify the system components that In addition, the safety system development support apparatus 21 specifies the contents of the work that needs to be performed for each of the specified system components after specifying the system components that need to be changed. The work that needs to be performed for each of the system components that require the change work is work for ensuring that each safety function realized by the safety system satisfies the required performance level. The safety system development support device 21 identifies the system components that need to be changed and identifies the contents of the tasks that need to be performed on each identified system component, and then displays the identification results on the display unit 23. Notify the user by displaying it. Changes to the safety system configuration include adding safety input devices, replacing safety input devices, deleting safety input devices, adding safety output devices, replacing safety output devices, deleting safety output devices, etc. It is not limited to these. The work necessary to change the safety function is realized by changing the system component specification, changing the system component setting, changing the safety system circuit, changing the safety system control program, and the safety system. The operation verification of each safety function is included.

  The operation of the safety system development support apparatus 21 will be described below. As an example, a case where the communication device 18 and the safety output device 19 are added to the safety system having the configuration shown in FIG. 1 and the safety system is changed to the configuration shown in FIG. 3 will be described.

  First, information managed by the system component management unit 24 as the system component management unit and information managed by the necessary work information management unit 26 as the necessary work information management unit will be described.

  Information on the system components managed by the system component management unit 24 includes information on devices that realize each safety function as system components, specifically, various devices such as controllers, safety input devices, safety output devices, and communication devices. Information and performance level information to which each safety function corresponds. In other words, the information on the system components managed by the system component management unit 24 should correspond to the information indicating which devices each of the safety functions constituting the safety system are configured with. Information including performance level information. FIG. 4 is a diagram illustrating an example of information managed by the system component management unit 24. In FIG. 4, “PL” indicates a performance level. As shown in FIG. 4, the system component management unit 24 includes information on each safety function that constitutes the safety system, a performance level (PL) that each safety function should correspond to, and a device that constitutes each safety function. Are stored in a form in which the correspondence between each piece of information is understood. Hereinafter, the information shown in FIG. 4, that is, the information managed by the system component management unit 24 is referred to as safety system configuration information. In the example shown in FIG. 4, each information of the safety function, the PL, and the component device is tabulated and managed as safety system configuration information. The method for managing these pieces of information is the one shown in FIG. It is not limited to. The performance level to which the safety function should correspond indicates which performance level the safety function realizes, that is, what level of safety level needs to be achieved. The safety system configuration information managed by the system component management unit 24 is created in advance by a safety system developer or the like in accordance with ISO 13849-1: 2006, whose performance level is defined, and is registered in the system component management unit 24. It is assumed that The creator of the safety system configuration information uses, for example, a dedicated engineering tool not shown in FIG. 2, and each piece of information of the safety system configuration information, that is, “safety function” and “PL” shown in FIG. And input the information of “Component Device”. The method for generating the safety system configuration information is not limited to this. It may be automatically generated using an AI (Artificial Intelligence) function.

  The necessary work information managed by the necessary work information management unit 26 is information indicating the content of work that needs to be performed on each component constituting the safety system when the safety system is constructed. The necessary work information indicates the work contents for each performance level necessary for each component to realize each performance level. FIG. 5 is a diagram illustrating an example of necessary work information. In FIG. 5, “PL” indicates a performance level. As shown in FIG. 5, the necessary work information indicates work necessary for realizing each of a plurality of performance levels for each type of device constituting the safety system. Necessary tasks include changing system component specifications, changing system component settings, changing safety system circuits, changing safety system control programs, and verifying the operation of each safety function implemented by the safety system. Etc. can be illustrated. In the example shown in FIG. 5, the device type, PL, and necessary work information are tabulated and managed as necessary work information. However, the method for managing these pieces of information is limited to that shown in FIG. 5. Not. The work necessary for realizing each performance level is defined for each type of equipment constituting the safety system in ISO 13849-1: 2006. It is assumed that the necessary work information managed by the necessary work information management unit 26 is created in advance by the developer of the safety system in accordance with the safety standard and registered in the necessary work information management unit 26. The necessary work information is created by a safety system developer using a dedicated engineering tool, or automatically using an AI function, similarly to the safety system configuration information shown in FIG.

  FIG. 6 is a flowchart of an operation example of the safety system development support apparatus 21 according to the first embodiment. FIG. 6 shows an operation example when the safety system 100 having the configuration shown in FIG. 1 is added to the safety system 100a by adding the communication device 18 and the safety output device 19 to the safety system 100a. It is assumed that the controller 12, the safety input device 15, the safety output device 17, and the communication devices 13, 14, and 15 realize one safety function. Further, it is assumed that the added communication device 18 and safety output device 19 realize one safety function.

  First, a safety system developer, who is a user, uses a mouse, a keyboard, and the like that are the input unit 22 of the safety system development support device 21, and the communication device 18 and the safety output to the safety system 100 shown in FIG. The addition of the device 19 is input (step S11). In step S11, the developer realizes that the communication device 18 and the safety output device 19 realize one safety function, and the required performance level of the safety function to be realized, that is, the communication device 18 and the safety output device 19 realize. Enter the performance level that satisfies the safety function. The input unit 22 which is a system component changing unit accepts the work contents by the developer.

  The input unit 22 as a system component changing unit receives the contents of the work by the developer, and then notifies the system component management unit 24 of the change of the system component when detecting that the work is finished. . Upon receiving this notification, the system component management unit 24 updates the managed safety system configuration information (step S12). Specifically, the input unit 22 includes information indicating that the communication device 18 and the safety output device 19 are added, and that these devices realize one safety function, and performance corresponding to the safety function to be realized. Input data including information indicating the level is generated and output to the system component management unit 24. When the system component management unit 24 receives the information of the added communication device 18 and safety output device 19 from the input unit 22, the system component management unit 24 adds each received information to the corresponding portion of the table of safety system configuration information shown in FIG. sign up. Specifically, the system component management unit 24 registers the safety function identification information realized by the communication device 18 and the safety output device 19 in the “safety function”, and sets the performance level corresponding to the safety function to “PL”. And the identification information of the communication device 18 and the identification information of the safety output device 19 are “configured devices”. When the safety system configuration information to be managed is updated, the system component management unit 24 notifies the influence range specifying unit 25 that the safety system configuration information has been updated. Here, the system component management unit 24 notifies the influence range specifying unit 25 that the communication device 18 and the safety output device 19 have been added.

  Next, the influence range specifying unit 25, which is a related element specifying means, specifies the influence range due to the change of the system component (step S13). In step S <b> 13, the influence range specifying unit 25 specifies an existing safety function that is affected by the change of the system component based on the safety system configuration information managed by the system component management unit 24. Specifically, the influence range specifying unit 25 includes a performance level corresponding to a safety function (hereinafter referred to as an added safety function) realized by the added communication device 18 and the safety output device 19, and an existing safety function. Compare the performance level supported by. That is, the influence range specifying unit 25 compares the performance level of the added safety function with the performance levels of the safety functions A, B,... Registered in the safety system configuration information table shown in FIG. The influence range specifying unit 25 determines that the existing safety function is affected when the performance level corresponding to the added safety function is higher. On the other hand, when the performance level supported by the added safety function is the same as or lower than the performance level supported by the existing safety function, the influence range specifying unit 25 does not affect other safety functions. to decide. In step S <b> 13, the influence range specifying unit 25 operates as a determination unit that determines whether an existing safety function is affected when a safety function is added to the safety system. The influence range specifying unit 25 compares the performance level supported by the added safety function with the performance level supported by the existing safety function for all existing safety functions, and Identify the impact of the change. When the contents of the safety system configuration information table managed by the system component management unit 24 are as shown in FIG. 4 and the performance level of the added safety function is “c”, the influence range specifying unit 25 Determines that the safety function B with the performance level “a” is affected. That is, when the influence range specifying unit 25 is affected by the controller C1, the communication devices # 15, # 18, # 19, the input devices # 24, # 27, the output device # 35,. to decide. Further, the influence range specifying unit 25 does not allow the communication device 18 and the safety output device 19 to realize a new safety function, that is, the communication device 18 and the safety output device 19 are for improving the existing safety function. If it is added and implements (improves) the existing safety function together with the existing system component, it is determined that it only affects the existing safety function of the addition destination. For example, when the communication device 18 and the safety output device 19 are added to improve the safety function A, the influence range specifying unit 25 determines that only the safety function A is affected. In other words, the influence range specifying unit 25 determines that the controller C1, the communication devices # 11, # 12, the input device # 21, the output devices # 31, # 32,. To do.

  Next, the influence range specifying unit 25 determines whether or not the added system component affects other system components based on the processing result in step S13, that is, other system components that are affected. Is checked (step S14). If the added system component does not affect other system components (step S14: No), the safety system development support device 21 ends the operation. When the added system component does not affect other system components, the performance level supported by the added safety function is the same as or higher than the performance level supported by the existing safety function. This is the case when the value is low.

  When the added system component affects other system components (step S14: Yes), the necessary work information management unit 26 performs a task that needs to be performed on the affected system component. (Step S15). When an added system component affects other system components, the performance level supported by the added safety function is higher than the performance level supported by the existing safety function. To do. When the added system component affects other system components, the affected range identification unit 25 notifies the required work information management unit 26 of the affected system components. For example, when the addition of the communication device 18 and the safety output device 19 affects the controller 12, the communication device 13, the communication device 14, the safety input device unit 15, the communication device 16, and the safety output device 17, the influence range specifying unit 25 If it is determined, these devices are notified to the work information management unit 26. The necessary work information held by the necessary work information management unit 26 is created in advance by the developer and registered in the necessary work information management unit 26 as described above. The necessary work information management unit 26 includes each of the system components related to the safety function specified by the influence range specifying unit 25, that is, the safety function determined to be affected by the addition of the system component. The necessary work is identified by confirming the corresponding necessary work information. Specifically, the necessary work information management unit 26 identifies the necessary work for each system component notified from the influence range specifying unit 25 based on the device type of the system component and the corresponding performance level. . The required work information management unit 26 refers to the required work information shown in FIG. 5, the device type of the system component notified from the influence range specifying unit 25 corresponds to “type # 1”, and the corresponding performance level When “a” is “a”, it is determined that the necessary operations are “A1” and “A2”.

  Next, the display unit 23 serving as a display unit generates and displays a display screen indicating the content of the necessary work specified by the necessary work information management unit 26, and presents it to the developer (step S16). That is, the safety system development support apparatus 21 displays system components that need to be changed on the display unit 23, and displays work contents for the displayed system components on the display unit 23.

  Note that the content of the screen displayed on the display unit 23 indicates the contents of work performed on the system components related to the affected safety function and the system components related to the affected safety function. Anything is acceptable. Further, the safety system development support apparatus 21 responds in addition to the system component related to the affected safety function and the work content to be performed on the system component related to the affected safety function. The performance level may be displayed on the display unit 23. When the safety system development support device 21 is configured to display the performance level and the necessary work contents, the developer can grasp whether the correspondence between the safety function to be realized and the performance level is correct or not. It can contribute to prevention of mistakes.

  As described above, the safety system development support device according to the present embodiment manages the safety system configuration information, which is information on the system components of the safety system, and when the system components of the safety system are changed, The affected safety functions are identified based on information of system components of the safety system. Furthermore, the contents of the work to be performed on the identified safety function, that is, the system component related to the safety function affected by the configuration change are specified and presented to the developer. According to the present embodiment, it is possible to realize a safety system development support apparatus that can investigate a safety function that is affected by a configuration change and specify a necessary work and show it to a developer.

  In the present embodiment, an example of a safety system development support apparatus that supports creation of a safety system program in accordance with ISO 13849-1: 2006 has been described. In the case of a safety system development support device that supports the creation of a safety system program according to another safety standard, an index indicating the level of safety is represented by another name different from the performance level.

Embodiment 2. FIG.
FIG. 7 is a diagram of a configuration example of the development support apparatus for the safety system according to the second embodiment. The safety system development support device 21a according to the second embodiment is realized by the computer 11 in the same manner as the safety system development support device 21 according to the first embodiment.

  The safety system development support device 21a according to the second embodiment has a configuration in which a necessary work information specifying unit 27 is added to the safety system development support device 21. Since the components other than the necessary work information specifying unit 27 are the same as those in the first embodiment, the description thereof is omitted.

  In the safety system development support device 21 of the first embodiment, the developer creates and registers necessary work information managed by the necessary work information management unit 26 in advance. On the other hand, the safety system development support device 21a according to the present embodiment is configured so that necessary work information can be registered by using the necessary work information specifying unit 27, thereby reducing the load of registration work of necessary work information. Realize.

  The necessary work information specifying unit 27 sets the system components of the safety system to the respective performance levels based on the performance level information and safety standards specified by each developer, that is, the system components of the safety system. The contents of the work necessary for handling are specified, and necessary work information indicating the specified work contents is generated and registered in the necessary work information management unit 26.

  FIG. 8 is a flowchart of an operation example of the safety system development support apparatus according to the second embodiment.

  First, the developer determines a performance level to be supported for each type of each device constituting the safety system in accordance with the safety standard, and inputs a performance level to be supported for each type of each device using the input unit 22. (Step S21). Next, the developer inputs safety standard information in which the performance level is defined from the input unit 22 (step S22). Here, information indicating ISO 13849-1: 2006 is input.

  The input unit 22 receives the work performed by the developer in steps S <b> 21 and S <b> 22, generates information indicating the received work content, and outputs the information to the necessary work information specifying unit 27. The necessary work information specifying unit 27 is based on information indicating the work contents received in steps S21 and S22, specifically, information on performance levels and safety standards to be supported for each type of each device constituting the safety system. The work required for the various devices to correspond to the performance level determined by the developer is specified (step 23). Here, details of work required for various devices constituting the safety system to achieve each performance level are defined in the safety standard for each type of device constituting the safety system. Therefore, the necessary work information specifying unit 27 holds in advance information on details of work contents defined in the safety standards, and holds information on performance levels and safety standards corresponding to each device. Refer to the stored information and identify the necessary work.

  Next, the necessary work information specifying unit 27 generates necessary work information indicating the content of the work specified in step S <b> 23 and transmits it to the necessary work information management unit 26. The necessary work information management unit 26 holds the necessary work information received from the necessary work information specifying unit 27 and presents the contents of the received necessary work information on the display unit 23 to be presented to the developer (step) S24). The display unit 23 presents the content of the necessary work information being managed to the developer by displaying the screen having the content shown in FIG. FIG. 9 is a diagram illustrating an example of a screen display indicating the contents of necessary work information held by the necessary work information management unit 26.

  After the work of steps S21 and S22 is performed, the developer corrects the displayed work content when the content of the required work information held in the necessary work information management unit 26 is displayed on the display unit 23. Whether or not (step S25). When the correction is not performed (step S25: No), the developer uses the input unit 22 to perform an operation for finishing the work, and finishes the work. When the screen shown in FIG. 9 is displayed on the display unit 23, the developer ends the confirmation by clicking the confirmation end button 52 using the mouse. On the other hand, when the correction is made (step S25: Yes), the developer performs the correction work using the input unit 22 (step S26). In this case, the developer starts the correction work by clicking the correction start button 51 on the screen shown in FIG. The developer uses an input device such as a mouse and a keyboard to correct the work content, that is, the information registered in the “necessary work”.

  When the developer starts the correction work, the input unit 22 receives the work performed by the developer, generates information indicating the received work content, and outputs the information to the necessary work information management unit 26. The necessary work information management unit 26 receives information indicating the details of the work performed by the developer from the input unit 22 and, when detecting that the correction work has been completed, the necessary work information management unit 26 holds the required work according to the work content indicated by the received information. Information is updated (step S27). For example, when the work of adding “A3” is performed as a work necessary for the device of the model type “type # 1” to support PL “a”, the necessary work information management unit 26 manages it. “A3” is added to the corresponding field of the necessary work information. Further, when the work of changing “A11” to “A11a” among the work necessary for the device of model type “type # 2” to support PL “b” is performed, the necessary work information management unit 26 changes “A11” registered in the corresponding field of the necessary work information being managed to “A11a”. The necessary work information management unit 26 constitutes correction means together with the input unit 22.

  When the processes shown in steps S21 to S27 are executed and the required work information management unit 26 holds the required work information, the safety system development support apparatus 21a performs the safety described in the first embodiment. Operation similar to that of the system development support apparatus 21 is possible.

  In the safety system development support device 21a of the present embodiment, the necessary work information is generated and the necessary work information management unit 26 holds the necessary work information, that is, stores the necessary work information, and then displays the stored necessary work information. However, the present invention is not limited to this configuration. When the development support device 21a of the safety system receives an operation for starting editing of necessary work information held by the necessary work information management unit 26 after the above-described processing of steps S21 to S27 is completed, You may make it start the operation | movement for correcting required work information.

  As described above, the safety system development support device according to the present embodiment receives and inputs the performance level corresponding to each device constituting the safety system and the information of the safety standard that defines the performance level. Based on the received information, the work content necessary to correspond to the input performance level is specified, and necessary work information indicating the specified work content is generated and held. The safety system development support apparatus has a function for a developer to correct the generated necessary work information. Thereby, the work for registering the required work information in the required work information management unit 26 is simplified only by inputting the performance level and the safety standard, and the workload of the developer can be reduced.

  The hardware configuration of the computer 11 that implements the safety system development support devices 21 and 21a described in each embodiment will be described. The computer 11 that implements the safety system development support devices 21 and 21a includes at least the processor 101, the memory 102, the input device 103, and the display device 104 shown in FIG. The input device 103 is a mouse, a keyboard, a touch panel, or the like. The display device is a display or the like.

  In the system component management unit 24, the affected range identification unit 25, the necessary work information management unit 26, and the necessary work information identification unit 27 described in each embodiment, the processor 101 stores a program for realizing each function in the memory 102. This is realized by reading from and executing. The input unit 22 is realized by the input device 103. The display unit 23 is realized by the display device 104.

  The configuration described in the above embodiment shows an example of the contents of the present invention, and can be combined with another known technique, and can be combined with other configurations without departing from the gist of the present invention. It is also possible to omit or change the part.

  11 Computer, 12 Controller, 13, 14, 16, 18 Communication equipment, 15 Safety input equipment, 17, 19 Safety output equipment, 21, 21a Safety system development support device, 22 Input section, 23 Display section, 24 System components Management part, 25 Influence range specifying part, 26 Required work information management part, 27 Required work information specifying part, 100, 100a Safety system.

Claims (6)

A safety system development support device for supporting safety system development work,
System component changing means for changing system components of the safety system;
Related element specifying means for specifying a system component affected by the change work by the system component changing means;
Display means for displaying information of work that needs to be performed on the system component specified by the related element specifying means;
A safety system development support device characterized by comprising:   The safety system development support apparatus according to claim 1, wherein the information displayed by the display unit indicates a content of work performed on the identified system component. The display means displays the information together with a safety level realized by a corresponding system component;
The safety system development support device according to claim 1 or 2. Necessary work information management means for managing necessary work information indicating the contents of work that needs to be performed on the system components when the safety system is constructed;
Correction means for correcting the required work information managed by the required work information management means;
The safety system development support apparatus according to any one of claims 1 to 3, further comprising: System component management means for managing information related to the system component;
Necessary work information management means for managing necessary work information indicating the contents of work that needs to be performed on the system components when the safety system is constructed;
With
The related element specifying unit is configured to add a safety function to the safety system based on information managed by the system component management unit and necessary work information managed by the necessary work information management unit. Identify the necessary work,
The display means displays the necessary work information;
The development support device for a safety system according to claim 1. A safety system development support device for supporting safety system development work,
System component management means for managing information on system components of the safety system;
Determining means for determining whether an existing safety function is affected when a safety function is added to the safety system;
A safety system development support device characterized by comprising:

Images