JPWO2020183559A1 - Safety control device and safety control system - Google Patents

Abstract

The safety control device (2) receives the safety input signal from the external safety input device (50) via the safety dedicated bus (8), and transmits the safety output signal to the device to be controlled. Safety control data including safety input signals and safety output signals is transmitted to the general control device (4) that performs safety control and controls other than safety control connected via the CPU bus (9). The electronic component (6) includes an input unit (6a) for inputting an electric signal and an output unit (6b) for outputting the electric signal, and the electronic component (6) temporarily converts the safety control data into optical or magnetic. Then, it is converted into an electric signal and transmitted to the general control device (4) via the CPU bus (9) via the output unit (6b), and the control data from the general control device (4). Block the reception of.

Description

The present invention relates to a safety control device and a safety control system that perform a safety function.

In factories that use robot machines and press machines, highly safe control is required, so control systems equipped with safety functions have been introduced. The safety function is a so-called fail-safe function. For example, when an abnormality occurs in the control of a controller or the like, the control is stopped and the safety control is performed so that the device to be controlled can be kept in a safe state. The function to be performed.

In Patent Document 1, a safety controller, which is a safety control device that performs safety control, and a non-safety controller, which is a general device that performs control other than safety control, are connected by a bus via a CPU bus to link the entire system. .. The safety controller is connected to other safety units by a dedicated safety bus to realize safety functions.

JP-A-2007-193843

In the safety controller and system described in Patent Document 1, since the safety controller and the non-safety controller are connected by bus connection by the CPU bus, the safety controller may take in the control data of the non-safety controller. If the safety controller uses the control data of the non-safety controller for safety control, the safety function is not guaranteed. Therefore, in the safety controller and system described in Patent Document 1, for example, the input of the control data is refused by the firmware or the like. It is set. However, there is a problem that the safety function may not be guaranteed if a bug or the like occurs in the firmware or the like.

The present invention has been made to solve the above-mentioned problems, and when the safety control device and the general control device are connected, the control data for general control does not affect the safety control. An object of the present invention is to provide a safety control device and a safety control system whose safety functions are guaranteed.

In order to solve the above-mentioned problems and achieve the object, the safety control device according to the present invention receives a safety input signal from an external safety input device via a dedicated safety bus to the device to be controlled. Safety control is performed by transmitting a safety output signal, and safety control, which is a safety input signal and a safety output signal, is performed for a general control device that performs control different from the safety control connected via the CPU bus. Send data. The safety control device includes an electronic component having an input unit into which an electric signal is input and an output unit in which the electric signal is output. The electronic component first converts the safety control data, which is an electric signal, received at the input unit via the safety dedicated bus into optical or magnetic, then converts it into an electric signal, and then via the output unit. It is transmitted to the general control device via the CPU bus, and reception of control data from the general control device is blocked.

Further, the safety control system according to the present invention is a safety control device having a safety control circuit that transmits a safety control safety output signal to a device to be controlled by a safety input signal from an external safety input device. , A plurality of general control devices that perform control different from safety control, including a CPU unit, and a dedicated safety bus used to transmit safety control data, which are safety input signals and safety output signals, to other units. An arbitration control circuit that arbitrates the CPU bus that communicates control data in the general control device, and an input unit for inputting safety control data are provided on the safety control circuit side, and the arbitration control circuit. An electronic component provided with an output unit for outputting safety control data is provided on the side. The electronic component first converts the safety control data, which is an electric signal, received at the input unit via the safety dedicated bus into optical or magnetic, then converts it into an electric signal, and then via the output unit. It is transmitted to the general control device via the CPU bus, and reception of control data from the general control device is blocked.

According to the safety control device and the safety control system according to the present invention, the safety control data which is an electric signal is once converted into an electric signal by an electronic component provided in the safety control device, and then converted into an electric signal. Since the control data can be transmitted to the CPU bus and the reception of the control data from the general control device can be blocked, the control data of the general control device is not transmitted to the safety control device, and the safety function of the system can be guaranteed.

It is a figure which shows the structure of the safety control system provided with the safety control device which concerns on Embodiment 1 of this invention. It is a figure which shows the structure of the safety control apparatus of Embodiment 1 of this invention. It is a figure which shows the structure of the control circuit for arbitration of the safety control device which concerns on Embodiment 1 of this invention. It is a figure which shows the structure of the safety control system which concerns on Embodiment 2 of this invention. It is a figure which shows the structure of the safety control system which concerns on Embodiment 3 of this invention.

Hereinafter, the safety control device and the safety control system according to the embodiment of the present invention will be described with reference to the drawings. The components common to each embodiment are designated by the same reference numerals and the description thereof will be omitted. The invention is not limited to this embodiment.

Embodiment 1.
FIG. 1 is a diagram showing a configuration of a safety control system including the safety control device according to the first embodiment of the present invention. The safety control system 100 includes power supplies 1a and 1b for supplying power, a safety CPU unit 2 which is a safety control device for safety control, a safety input / output unit 3, and a CPU which is a general control device 4 for performing control other than safety control. It is composed of a unit 4a and a general control unit 4b. The power supply 1a is built in the safety CPU unit 2, and the power supply 1b is built in the CPU unit 4a.

Here, in the field of machine safety that handles safety devices such as the safety CPU unit 2, the electrical control system related to safety is referred to as a safety-related part, and the other parts are referred to as non-safety-related parts in the entire control system. Distinguish from each other. The non-safety-related part is a control system part for mechanical equipment to exert its performance, and in the first embodiment, the general control device 4 corresponds to it. Specifically, it is a part that controls important functions of mechanical equipment such as positioning control of the movable range of the machine and control of the motor rotation speed. On the other hand, the safety-related part is a control system part that mainly ensures the safety of the workers of the mechanical equipment, and when the safety is confirmed, the start command from the general control device 4 which is the non-safety-related part. Is received and the device to be controlled operates.

In the safety control system 100 of the first embodiment, the safety input device 50 and the output device 60 to be controlled are connected to the safety CPU unit 2 which is a safety-related unit, and the CPU unit 4a which is a non-safety-related unit or general control. The output device 60 to be controlled is connected to the unit 4b. As a result, a safety control system using an FA (Factory Automation) system in the factory has been realized. The safety input device 50 refers to an input device such as an emergency stop button or a light curtain, for example. Further, the control target output device 60, which is a control target device, refers to a drive device of mechanical equipment such as a motor.

The safety input / output unit 3 is a device that receives a safety input signal from the external safety input device 50, that is, receives safety control data. The safety input / output unit 3 transmits the received safety control data to the safety CPU unit 2 via the safety dedicated bus 8. When there are a plurality of safety input devices 50, a safety input / output unit 3 is added to support the plurality of safety inputs. Although FIG. 1 shows a configuration in which only the safety input device 50 is connected to the safety input / output unit 3, the output device 60 to be controlled may be connected.

In a situation where the safety of the mechanical equipment is ensured, the safety input device 50 transmits an electric signal indicating a safety state to the safety CPU unit 2 and the safety input / output unit 3. Here, an electric signal indicating a safety state is referred to as a safety input signal. Upon receiving the safety input signal, the safety CPU unit 2 transmits an electric signal permitting operation to the output device 60 to be controlled. Here, the electric signal that permits driving is referred to as a safety output signal. In other words, the safety CPU unit 2 that has received the safety input signal outputs the safety output signal to the controlled output device 60. The controlled output device 60 that has received the safety output signal operates according to the control from the general control unit 4b.

On the other hand, when safety cannot be confirmed, for example, when it is detected that a worker in the factory has invaded the dangerous area, or when an operator of the factory equipment presses the stop switch of the machine, the safety input device 50 is set to Stop transmitting the safety input signal. That is, when there is an input from the safety input device 50, the transmission of the safety input signal is stopped. Next, the safety CPU unit 2 stops transmitting the safety output signal to the controlled output device 60. As a result, the controlled output device 60 stops operating. Although only one output device 60 to be controlled is shown in FIG. 1, a plurality of output devices 60 may be provided for each.

Here, the above-mentioned safety input signal and safety output signal are collectively referred to as safety control data. The safety control data is an electric signal for processing the safety function, is processed by the safety control circuit 5, and is communicated between the safety CPU unit 2 and the safety input / output unit 3 via the safety dedicated bus 8. .. In the present embodiment, the safety control data is a safety input signal and a safety output signal, but the safety control data is not limited to these, and information that the transmission of the safety input signal is stopped by the input of the safety input device 50. Alternatively, the information that the safety control circuit 5 has stopped outputting the safety output signal transmitted to the controlled output device 60 may be included, or the safety CPU unit 2 and the safety control circuit 5 have the safety CPU unit 2 and the safety control circuit 5. So-called configuration information such as configuration management information of the safety input / output unit 3 and information of a program describing a logic circuit may be included.

Further, the safety CPU unit 2 and the safety input / output unit 3 of the safety control system 100 are connected by a safety dedicated bus 8. Further, the CPU bus 9 is connected to the safety CPU unit 2 via the arbitration control circuit 7. The CPU unit 4a and the general control unit 4b are connected by a CPU bus 9. In the safety control system 100, the safety input / output unit 3 and the general control unit 4b may be connected to each of a plurality of buses.

The safety-only bus 8 is a bus for transmitting and receiving safety control data between the safety CPU unit 2 and the safety input / output unit 3. The safety reliability of the safety control data is guaranteed by using the safety dedicated bus 8. The CPU bus 9 transmits and receives control data other than safety control between the CPU unit 4a and the general control unit 4b, and between the general control unit 4b and the arbitration control circuit 7.

FIG. 2 is a configuration diagram of a safety CPU unit which is a safety control device according to the first embodiment of the present invention. The safety CPU unit 2, which is a safety control device, includes a power supply 1a for supplying power, a safety control circuit 5, an insulating element 6, and an arbitration control circuit 7. The safety control circuit 5 of the safety CPU unit 2 receives the safety control data from the external safety input device 50 via the safety dedicated bus 8. The safety control circuit 5 controls the output of the safety output signal to the controlled output device 60 according to the received safety control data.

The insulating element 6 of the safety CPU unit 2 converts the safety control data, which is an electric signal received from the safety dedicated bus 8, into light or magnetism and then returns it to the electric signal, thereby electrically insulating and electrically insulating the data. Send a signal. Specifically, the insulating element 6 has an input unit 6a for inputting safety control data and an output unit 6b for outputting safety control data, and the input unit 6a converts the safety control data into an optical or magnetic signal. , The output unit 6b returns the safety control data to an electric signal again, and then transmits the safety control data to the arbitration control circuit 7 described later. The arbitration control circuit 7 transmits safety control data to the general control device 4 via the CPU bus 9. That is, the insulating element 6 electrically insulates the safety CPU unit 2 and the general control device 4 that performs control other than safety control, which will be described later. The insulating element 6 is, for example, a photocoupler or a digital isolator.

Here, products with safety functions obtain safety certification in accordance with safety standards (IEC, ISO standards, etc.) before shipping, but products that have obtained safety certification are guaranteed to be controlled by the safety side. Will be done. However, if the general control device 4 that does not obtain the safety certification fails, it may be controlled by the safety side, or the device may run out of control, and the safety function may not be guaranteed. In the above case, when the control data of the general control device 4 is taken into the safety CPU unit 2 or the safety input / output unit 3 and the taken-in control data is used for the safety control, the safety function cannot be guaranteed. Therefore, the safety CPU unit 2 or the safety input / output unit 3 needs to be blocked so as not to receive the control data from the general control device 4. The control data of the general control device 4 is data for controlling the operation of the output device 60 to be controlled.

In the insulating element 6, the electric signal input unit 6a is provided on the safety control circuit 5 side, and the electric signal output unit 6b is provided on the arbitration control circuit 7 side. The output unit 6b of the insulating element 6 only transmits the safety control data converted into the electric signal again by the output unit 6b, and does not receive the electric signal. That is, the control data which is an electric signal is not received from the CPU bus 9 via the arbitration control circuit 7. As a result, the reception of control data from the CPU bus 9 can be blocked. With this configuration, the safety control data transmitted / received between the safety CPU unit 2 and the safety input / output unit 3 can be transmitted to the general control device 4, but the control data from the general control device 4 can be safely transmitted. It is possible to prevent the CPU unit 2 or the safe input / output unit 3 from receiving data.

While the safety control system 100 is operating, the safety control data is communicated in the safety dedicated bus 8 or the CPU bus 9, and the control data of the general control device 4 is always communicated in the CPU bus 9. .. Therefore, each time the input unit 6a of the insulating element 6 receives the safety control data transmitted via the safety dedicated bus 8, the input unit 6a electrically insulates the received safety control data as described above and outputs the output unit 6b. Is transmitted from the output unit 6b to the arbitration control circuit 7 via the safety dedicated bus 8.

FIG. 3 is a diagram showing a configuration diagram of the arbitration control circuit 7 of the safety CPU unit 2. The arbitration control circuit 7 is composed of a safety dedicated bus I / F (interface) 10, a safety control data receiving unit 11, a safety control data analysis unit 12, a safety control data transfer unit 13, and a CPU bus I / F 14. The arbitration control circuit 7 puts the safety control data in the memory of the CPU bus I / F 14 and transmits it to the CPU bus 9.

The safety control data receiving unit 11 receives the safety control data for processing the safety function via the safety dedicated bus I / F10, and transmits the received safety control data to the safety control data analysis unit 12. The safety control data analysis unit 12 analyzes the safety control data received from the safety control data receiving unit 11 and confirms whether or not the safety control data is garbled or has no data error. If there is no data error, data corresponding to the general control device 4 is created based on the safety control data and transmitted to the safety control data transfer unit 13. If there is a data error, the received error data itself is discarded, and a log indicating that the data error is detected is stored in a memory (not shown) provided in the arbitration control circuit 7. The user can confirm whether or not the referenced data has been updated by appropriately checking the memory with an engineering tool (not shown) connected to the CPU unit 4a of the general control device 4.

The safety control data transfer unit 13 receives the safety control data corresponding to the general control device 4 received from the safety control data analysis unit 12 via the CPU bus I / F 14 and the CPU bus 9, and each general control device 4 Send to.

The safety control data transmitted to the general control device 4 can be confirmed by an engineering tool (not shown) connected to the CPU unit 4a of the general control device 4. Here, if the safety control data received by the general control device 4 via the CPU bus 9 contains an error code or the like indicating that a failure or the like has occurred due to an internal factor of the safety CPU unit 2, the user can see the error code. The error code can be confirmed by the engineering tool connected to the CPU unit 4a. Confirming the error code means that the safety control data received by the general control device 4 via the CPU bus 9 may not be accurate information, so that the user controls the general control device 4. It is possible to perform processing such as stopping. In this way, the safety control data transmitted to the general control device 4 can be used to monitor the safety state.

The CPU unit 4a is a unit that plays a central role in controlling a PLC (programmable logic controller). It is mainly composed of a user program, an I / O memory, an execution engine, a program memory, an external communication I / F, a CPU bus I / F, and the like.

The general control unit 4b is, for example, an I / O unit, a network unit, a temperature control unit, or the like. The general control unit 4b can be selected according to the purpose depending on what the user controls in the factory or the like.

Further, in the safety control system 100, the safety CPU unit 2 has a built-in power supply 1a, and the CPU unit 4a has a built-in power supply 1b. That is, the safety control side and the general control side supply power by separate power supply systems.

Here, in a system in which a device that performs safety control and a general control device other than safety control are linked, when power is supplied by the same power supply system, if one device is turned off or reset, the other device is used. Is also turned off or reset in the same way. For example, even when the system expansion is performed only on the CPU unit, if the CPU unit is stopped by turning off the power, the safety CPU unit that does not perform the system expansion must also be temporarily stopped. Therefore, the operator will perform the work with the safety CPU unit stopped, and the safety may not be ensured.

If the safety CPU unit 2 and the CPU unit 4a are configured to be supplied with power from different power supply systems as in the safety control system 100 according to the first embodiment, only the CPU unit 4a is system-expanded or the like. Even if the power is turned off to perform the above, the safety CPU unit 2 is not affected, so that the system can be expanded while guaranteeing the safety function.

From the above, according to the safety control system according to the first embodiment, by providing an insulating element in the safety CPU unit which is a safety control device, it is not necessary to set the firmware or the like to reject the input of control data. It is possible to prevent data for general control from being taken into the safety CPU unit. In addition, the safety function can be guaranteed without considering the bug of the firmware or the like.

Furthermore, since the safety CPU unit, which is a safety control device that executes safety control, and the CPU unit, which is a general control device, have separate power supplies, even if the power supply of one unit is turned off, the function of the other unit is affected. It is possible to expand the system or change the configuration without giving. That is, the safety control system can secure the safety function even when the power is turned off in order to expand the system or change the configuration of the general control device.

Embodiment 2.
FIG. 4 is a diagram showing a configuration of a safety control system according to the second embodiment. In the safety control system 200 of FIG. 4, the insulating element 6 of the safety CPU unit 2 and the arbitration control circuit 7 are provided outside the safety CPU unit 2 as the arbitration circuit unit 15. Also in this case, the procedure for transmitting and receiving safety control data is the same as that in the first embodiment. The connection between the safety CPU unit 2 and the arbitration circuit unit 15 or the connection between the general control unit 4b and the arbitration circuit unit 15 may be connected by an expansion connector provided on the side surface of each unit, or for expansion. You may connect with the cable of.

The arbitration circuit unit 15 is composed of an insulating element 6 and an arbitration control circuit 7. Here, since the safety CPU unit 2 has a safety function, it is necessary to obtain a safety certification according to a safety standard before shipping the product. Safety certification tests are expensive, including standard application costs. Since the safety certification test tests the entire product, even if the insulation element 6 or the arbitration control circuit 7 of the safety CPU unit 2 is defective and repaired, the safety certification of the safety CPU unit 2 must be obtained again. Must not be. Therefore, by providing the insulating element 6 and the arbitration control circuit 7 outside the safety CPU unit 2, if the insulating element 6 or the arbitration control circuit 7 fails, it is not necessary to obtain the safety certification again after the repair.

From the above, according to the safety control system of the second embodiment, when the arbitration control circuit 7 is provided outside the safety CPU unit 2 as the arbitration circuit unit 15, when only the board of the arbitration circuit fails, the arbitration circuit Since it is only necessary to replace the board, it can be repaired at low cost.

Embodiment 3.
FIG. 5 is a diagram showing a configuration of a safety control system according to the third embodiment. The safety control system 300 of FIG. 5 includes a safety control engineering tool 16 connected to the safety CPU unit 2 and a general control engineering tool 17 connected to the CPU unit 4a.

The safety control engineering tool 16 is connected to the safety CPU unit 2 and sets the configuration information of the safety CPU unit 2 and the safety input / output unit 3, which is the first configuration information. The first configuration information refers to configuration management information of the safety CPU unit 2 and the safety input / output unit 3 of the safety control system 300, information of a program describing a logic circuit, and the like. Further, the safety control circuit 5 has the first configuration information. In the present embodiment, the first configuration information is set by the safety control engineering tool 16, but it may be set by the hardware parts such as switches mounted on the safety CPU unit 2. Good.

The general control engineering tool 17 is connected to the CPU unit 4a and sets the configuration information of the CPU unit 4a and the general control unit 4b, which is the second configuration information. The second configuration information includes configuration management information of the CPU unit 4a and the general control unit 4b of the safety control system 300, information on a ladder program for the general control device 4 to control the output device 60 to be controlled, and the like. To say. The second configuration information is provided by a control circuit (not shown) provided by each of the CPU unit 4a or the general control unit 4b. In the present embodiment, the second configuration information is set by the general control engineering tool 17, but it may be set by a hardware component such as a switch mounted on the CPU unit 4a. ..

With this configuration, the engineering tool or the hardware component for setting the configuration information is separated between the safety control side and the general control side, so that the setting or change of the configuration information of one of them is not affected.

Further, a control circuit (not shown) provided in the CPU unit 4a has a function of collating the first configuration information. Further, the CPU unit 4a having a function of collating the first configuration information has a safety control information holding unit (not shown). When the user inputs an instruction to read the first configuration information via the general control engineering tool 17 at the time of system startup or system change, the CPU unit 4a receives the first configuration information from the received safety control data. Is acquired and stored in the safety control information holding unit. Specifically, the control circuit included in the CPU unit 4a stores the first configuration information in the safety control information holding unit via the CPU bus 9. In the present embodiment, the user inputs an instruction to read the first configuration information, but in addition, the user may directly input the first configuration information via the general control engineering tool 17. Good.

Specifically, the first configuration information collation is the first configuration information stored in the safety control information holding unit at the time of system startup or system change, and via the CPU bus 9 during system operation. The control circuit included in the CPU unit 4a collates the first configuration information acquired from the safety control data. When it is shown that the collation results are different, the user is notified by displaying the fact on the display unit of the general control engineering tool 17.

As in the present embodiment, the user can use the safety CPU unit 2 by the function of collating and comparing the first configuration information at the time of system startup or system change with the first configuration information during system operation. Alternatively, it can be confirmed whether the safe I / O unit 3 is operating in an unintended configuration.

For example, the user of the safety control engineering tool 16 configures the output operation of the safety control performed by the safety CPU unit 2 or the safety input / output unit 3 from the operation content set at the time of system startup or system change to the unintended operation content. Even if the system is changed, it is possible to confirm whether or not the safety CPU unit 2 is performing the safety control as set.

If it is shown that the collation results are different, the general control may be stopped together with the notification to the user, or the abnormality may be notified while the general control is continued. Further, in the third embodiment, the configuration information is collated by using the general control engineering tool 17, but the collation may be performed by the firmware (not shown) in the CPU unit 4a. In this case, if the collated results are different, an error of the CPU unit 4a is displayed on a display unit (not shown) of the CPU unit 4a, and the user is notified.

From the above, according to the safety control system of the third embodiment, the general control device has a function of collating the configuration of the safety CPU unit and the safety input / output unit, so that the safety CPU unit or the safety input / output unit can be used. It is possible to confirm whether or not the user is performing the safety control according to the setting when the system is started or the system is changed, and the safety can be improved.

1a, 1b power supply, 2 safety CPU unit, 3 safety input / output unit, 4 general control device, 4a CPU unit, 4b general control unit, 5 safety control circuit, 6 insulation element, 7 arbitration control circuit, 8 safety Dedicated bus, 9 CPU bus, 10 Safety dedicated bus I / F, 11 Safety control data receiver, 12 Safety control data analysis unit, 13 Safety control data transfer unit, 14 CPU bus I / F, 15 Mediation circuit unit, 16 Safety Control engineering tools, 17 general control engineering tools, 50 safety input devices, 60 controlled output devices.

Claims (13)

Safety control is performed by receiving a safety input signal from an external safety input device via a dedicated safety bus and transmitting a safety output signal to the device to be controlled, and the device is connected via the CPU bus. A safety control device that transmits safety control data, which is the safety input signal and the safety output signal, to a general control device that performs control different from the safety control.
The safety control device includes an electronic component having an input unit into which an electric signal is input and an output unit in which the electric signal is output.
The electronic component once converts the safety control data, which is an electric signal received at the input unit via the safety dedicated bus, into optical or magnetic, then converts it into an electric signal, and then outputs the output. Transmission to the general control device via the CPU bus via the unit to block reception of control data from the general control device.
A safety control device characterized by. The safety control device includes a safety control circuit that transmits the safety output signal to the device to be controlled by the safety input signal from the safety input device.
Mediation that arbitrates the safety dedicated bus used to transmit the safety control data to other units and the CPU bus that communicates the control data in the general control device that controls differently from the safety control. To have a control circuit,
The safety control device according to claim 1. The safety control device has a power supply.
The safety control device according to claim 1 or 2. The safety control circuit controls a plurality of the other units.
The safety control device according to claim 2. The electronic component is an insulating element.
The safety control device according to any one of claims 1 to 4. A safety control device having a safety control circuit that transmits a safety control safety output signal to the device to be controlled by a safety input signal from an external safety input device.
A plurality of general control devices including a CPU unit that perform control different from safety control,
Mediation of the safety dedicated bus used to transmit the safety input signal and the safety control data which is the safety output signal to other units, and the CPU bus which communicates the control data in the general control device. Control circuit for mediation to be performed and
An input unit for inputting the safety control data is provided on the safety control circuit side, and an electronic component provided with an output unit for outputting the safety control data is provided on the mediation control circuit side. ,
The electronic component once converts the safety control data, which is an electric signal received at the input unit via the safety dedicated bus, into optical or magnetic, then converts it into an electric signal, and then outputs the output. Transmission to the general control device via the CPU bus via the unit to block reception of control data from the general control device.
A safety control system featuring. The safety control device and the general control device each have a power supply.
The safety control system according to claim 6. The safety control device holds the first configuration information, and the general control device holds the second configuration information.
The safety control system according to claim 6 or 7. The safety control data includes the first configuration information.
The safety control system according to claim 8. The engineering tool connected to the safety control device sets the first configuration information, and the engineering tool connected to the general control device sets the second configuration information.
The safety control system according to claim 8. The safety control device sets the first configuration information by the hardware component mounted on the own device, and the general control device sets the second configuration information by the hardware component mounted on the own device. Setting information,
The safety control system according to claim 8. The general control device has a safety control information holding unit that stores the first configuration information set at the time of system startup or system change, and the first configuration stored in the safety control information holding unit. Having a function of collating the relation information with the first configuration information in the safety control data acquired via the CPU bus during system operation.
The safety control system according to claim 8. The electronic component is an insulating element.
The safety control system according to any one of claims 6 to 12.

Images