Introduction

M580 safety PACs - both standalone and Hot Standby - include a mechanism for producing an SHA256 algorithmic fingerprint of the safe application: the SourceSafeSignature. When transferring the application from the PC to the PAC, Control Expert compares the SourceSafeSignature in the PC with the SourceSafeSignature in the PAC to determine if the safe application in the PC is the same as, or different from the safe application in the PAC.

The safe signature feature is optional. Generating a SourceSafeSignature can be a time-consuming process, depending on the size of the safe application. Using the safe signature management options, you can generate a SourceSafeSignature value that creates an algorithmic value for your safe application

  • on every build, or

  • only when you want to manually generate a SourceSafeSignature and add it to the most recent build, or

  • not at all

Actions that Change the SourceSafeSignature

Both configuration edits and variable value changes can cause the SourceSafeSignature to change.

Configuration changes: The following configuration actions lead to a signature change:

Device

Action

Safety CPU

Change CPU reference via Replace Processor...

Change CPU version via Replace Processor...

Edit any parameter on the CPU Configuration or Hot Standby configuration tabs.

Edit any parameter on any tab of the CPU Ethernet Communicator Head (Security , IP Config , RSTP, SNMP, NTP, ServicePort, Safety ..).

Safety Coprocessor

Not applicable, as the coprocessor is not configurable.

Other Safety Module

Add /Delete/Move a module, either:

  • Directly (via command)

  • Indirectly (for example, by replacing an 8-slot Ethernet backplane - with a safety module in slot 7 - with a 4-slot Ethernet backplane, thereby deleting a module)

Edit of any safety module parameter, located on the Configuration tab (for example Short circuit to 24V detection, Open wire detection) and on the left pane of the editor (for example Function , Fallback ).

Modification of module ID via Renew Ids and Rebuild All command.

Modification of Device DDT instance name.

CIP Safety Module

Add /Delete a module.

Modification of any CIP Safety module parameter in either the CIP Safety device DTM editor, or the Device List of the CPU master DTM editor.

Modification of Device DDT instance name.

Safety Power Supply

Add /Delete a safety power supply.

Other Safety-Related Equipment

Modification of any topological address of equipment supporting a safety device, for example:

  • Move a rack containing a safety device.

  • Move a bus or drop containing a safety device.

Value Changes: Except as noted, the following items are included in the SourceSafeSignature computation. A change to their values causes a SourceSafeSignature change:

Type

Items

Program

SAFE task and related code sections.

Variables

All safe area variables and their attributes.

DDTs

Each safe DDT attribute, except date and version attributes.

The variables inside each DDT, including their attributes.

The safe DDTs, even if they are not used in the safe application.

DFBs

Each safe DFB attribute, except date and version attributes.

The variables inside each DFB, including their attributes.

The safe DFBs, even if they are not used in the safe application.

Safe Scope Settings

All Project Settings for Scope = safe.

Common Scope Settings

The following Project Settings for Scope = common:

Variables

  • Allow leading digits

  • Character set

  • Allow usage of EBOOL edge

  • Allow INT/DINT in place of ANY_BIT

  • Allow bit extraction of INT, WORD and BYTE

  • Directly represented array variables

  • Enable fast scanning for trending

  • Force references initialization

Program > Languages > Common

  • Allow procedures

  • Allow nested comments

  • Allow multi assignment [a:=b:=c] (ST/LD)

  • Allow empty parameters in non-formal call (ST/IL)

  • Maintain output links on disabled EF (EN=0)

  • Display complete comments of structure element

Program > Languages > LD

  • Single scan edge detection for EBOOL

General > Time1

  • Custom TimeZone

  • Time Zone

  • Time Offset

  • Automatically adjust clock for daylight saving

    • All START and END settings under Automatically adjust clock for daylight saving

1. These variables are not exported, but any change to their values change the configuration partial signature.

Managing the SourceSafeSignature

The SourceSafeSignature is managed in Control Expert in the Tools > Project Settings window, by selecting General > Build Settings , then selecting one of the following Safe Signature management settings:

  • Automatic (default): generates a new SourceSafeSignature every time a Build command is executed.

  • On user request: generates a new SourceSafeSignature when the Build > Update Safe Signature command is executed.

NOTE: If you select On user request, Control Expert generates a SourceSafeSignature value of 0 on every build. If you do not execute the Build > Update Safe Signature command, you are electing not to use the Safe Signature feature.

Transferring an Application from the PC to the PLC

When you download an application from the PC to the PAC, Control Expert compares the SourceSafeSignature in the downloaded application with one in the PAC. Control Expert behaves as follows:

New Safe Signature

PAC Safe Signature

Control Expert Displays

Any

No application

Transfer confirmation

Any (except 0)

0

Transfer confirmation

0

0

Transfer confirmation

0

Any (except 0)

Transfer confirmation; Followed by a notice “This will reset the Safe Signature”; Followed by a new transfer confirmation

XXXX = YYYY2

YYYY

Transfer confirmation

XXXX ≠ YYYY3

YYYY

Transfer confirmation; Followed by a notice “This will modify the Safe Signature”; Followed by a new transfer confirmation

1. The value “0” indicates a SourceSafeSignature was not generated automatically or manually.

2. The safe application in the PC (XXXX) and the safe application in the PAC (YYYY) are EQUAL.

3. The safe application in the PC (XXXX) and the safe application in the PAC (YYYY) are DIFFERENT.

Viewing the SourceSafeSignature

When used, each SourceSafeSignature consists of a series of hexadecimal values, and can be very long, which makes direct readings and comparisons of the value very difficult for a human user. However, it is possible to copy a SourceSafeSignature value and paste it into an appropriate text tool to make comparisons. The SourceSafeSignature value can be found in the following Control Expert locations:

  • Properties of Project > Identification tab: In the Project Browser, right click on Project and select Properties.

  • PLCScreen > Information tab: In the Project Browser , navigate to Project > Configuration > PLC bus > <CPU>, right-click and select Open, then select the Animation tab.

  • PC < - - > PLC Comparison dialog: Select this command from the PLC menu.

  • Transfer Project to PLC dialog: Select this command from the PLC menu (or in the PC < - - > PLC Comparison dialog.

Comparing the SourceSafeSignature and the SAId

The SourceSafeSignature was introduced to provide an a priori verification that the safe application is unchanged. It is recommended to use this feature each time the process application is modified to avoid unintended modification of the safe application.

The SourceSafeSignature is a reliable mechanism, but is not sufficient for safety applications because the same source code may correspond to different binary (executable) codes, depending on the kind of build used after the last modification of the safe code.

The SAId can be evaluated only at run time. Its calculation is double executed and compared by both the CPU and the COPRO, based on the binary code that is executed by the safe application. Because the SAId is sensitive to all modifications, including those that may be introduced by a Rebuild All command after a build change, it is recommended that you use a Rebuild All command to generate a reference version of the safe application. This process lets you use any form of build (Rebuild All , Build Changes online or offline) for the process application changes without any change made to the SAId.

The SAId is the recommended method used to confirm that the safe application is the one that was validated. The SAId value is not automatically tested by the application. For this reason, it is recommended that you regularly verify the SAId by any convenient mean (for example, using Control Expert or an HMI) by reading the output of the S_SYST_STAT_MX function block or the content of system word %SW169.

Modification of the Process Application Simplified Process

SAId Management