beautypg.com

Common trustedtm system i/o safety features, Common trusted, System i/o safety features – Rockwell Automation T8442 Trusted TMR Speed Monitor User Manual

Page 17: Trusted, Module t8442

background image

Trusted

TM

Module T8442

Issue 8 Apr 10

PD-T8442

17

1.3.5.

Common Trusted

TM

System I/O Safety Features

The following list details common safety strategies employed on Trusted

TM

series 8000 I/O modules

which apply to the T8442:

Module faults are reported through the module front panel LED indicators and via status
variables in the IEC1131 Toolset application program. There are two main types of faults:
external wiring and module/FTA faults. The module detects wiring faults through dedicated
hardware and software. Diagnostic functions are used to detect module and FTA faults.

The FCR interconnects are high speed busses, used to vote incoming IMB data and to
distribute data from the module slices to the IMB.

The HIU and FIU have galvanically isolated links for data and power. Their power supplies are
dual redundant.

The DSPs on each HIU slice perform diagnostic self-test functions.

Housekeeping functions within the HIU and FIU monitor voltages, current and temperature.

Data input from the IMB is stored in redundant error detecting RAM on each HIU slice.
Received data is majority voted by each HIU slice. All data transmissions include an
acknowledgement from the receiver.

The module performs extensive diagnostic tests.

The module is reset if a fault is detected at any stage during configuration.

Memory components are verified.

The address and data lines connecting the DSP and SRAM are scrambled (different) between
the three slices to reduce systematic failures in the RAM device affecting all three slices in the
same way.

Each slice has a 25MHz crystal oscillator, used as a local timing source for the HIA and DSP.

Voltage and currents local to each slice are monitored and verified to be within limits.

A watchdog circuit supervises critical internal power supplies.

The dual power feeds from the IMB backplane are fused and EMI filtered. Over voltage
protection is employed.

The power feed to the FPU is arranged so that the three HIU slices are able to feed power to
the display. Protection circuitry prevents a short circuit fault on any slice power supply or the
FPU from propagating.

IMB system clocks are distributed between even and odd numbered I/O slots along the IMB
backplane. The clock signals are logically NORed together and distributed to the local HIA and
to the other HIAs.

See also other documents in the category Rockwell Automation Equipment: