Section 1 Introduction Control Software
3BSE036351-510 A 51
• Oscillator supervision
• CRC on firmware and data storage
An SM811 operates like an SM810 for SIL2 but can also together with the PM865
form a controller compliant with SIL3 according to IEC61508, certified by TÜV.
The ModuleBus telegrams used in a High Integrity system with the S800 High
Integrity modules use the concept of long frames. Long frames are ModuleBus
telegrams that are extended with a safety header, comprising additional diagnostics
data and CRC32. S800 ModuleBus telegrams sent to the S800 I/O High Integrity
modules uses data from the PM865 and an inverted CRC32 from the
SM810/SM811. The I/O module checks that the safety header is correct. Data
received from the S800 I/O High Integrity modules over the ModuleBus have the
safety header independently verified by both SM810/SM811 and PM865. Any
CRC32 or other faults in the safety header will result in a retry transmission and, if
repeated, a shutdown of the faulty S800 I/O High Integrity module.
Control Software
The software used by the AC 800M Controller is named Control Software.
This name does not stand for a specific software package; is merely a generic name
for the scope of functions used in a controller. These functions are provided by:
• Hardware functions (supervision, communication buses, I/O buses)
• Firmware functions loaded into the controller (real time executive system, real
time clock, redundant communication)
• Application programs loaded into the controller (library functions,
communication protocols).
To produce an application, it is necessary to use the Control Builder M tool. This
tool is extremely versatile, having many useful functions in addition to system
configuration.