Switcher Block (v3.2)
Description
- Full function block name: Lib.Mervis.v3_2.SwitcherBlock
- Inherits from: Lib.Mervis.v2_0.BaseAlarmBlock
- Required project references: Lib.Mervis, Lib.Mervis.Alarms
A universal block for safely switching a single-stage physical device (pump, fan, compressor, valve, heating rod). It bundles the standard functionality needed around such a device: Auto / Manual-On / Manual-Off operating modes, running-feedback supervision, two built-in alarms (Fail-to-start and Failure/Emergency), a periodic exercise “kick”, a run-down overrun, an emergency shutdown that overrides everything, and maintenance counters (operating hours and start count). Because it inherits from BaseAlarmBlock, the block exposes a unified alarm interface that can be chained into the project alarm system.
ST call
PROGRAM PUMP_CONTROL_DEMO VAR Heating_Demand : BOOL; Pressure_Switch : BOOL; Thermal_Fault : BOOL; PumpSwitcher : Lib.Mervis.v3_2.SwitcherBlock; Pump_Relay : BOOL; END_VAR PumpSwitcher( OperatingMode := OperatingModeType#Automatic, Demand := Heating_Demand, Feedback := BOOL_TO_USINT(Pressure_Switch), // 0/1; use 2 to ignore feedback Failure := Thermal_Fault, RunDown := T#2m, // 2 min overrun to dissipate residual heat FeedbackTimeout := T#10s // wait 10 s for pressure to build up ); Pump_Relay := PumpSwitcher.Command; END_PROGRAM
Inputs
| Name | Data Type | Allowed Range | Retain | Required | Description |
|---|---|---|---|---|---|
| OperatingMode | OperatingModeType | Yes | No | Desired operating mode (Automatic / On / Off). The “Off” mode is dominant and prevents starting by any other function. Default: Off. |
|
| Demand | bool | No | Yes | Request for an operational state in Automatic mode (industry-standard “call for heat / call for run”). Ignored in Manual modes. | |
| Feedback | usint | 0..2 | No | No | Running-status feedback. A boolean signal can be mapped directly via BOOL_TO_USINT. Default: 2 (feedback not connected → feedback logic is bypassed). |
| FeedbackManual | bool | No | No | Indicates a manual hardware override (e.g. a HOA switch on the cabinet). Reflected in CompositeState. Default: false. |
|
| Failure | bool | No | No | External hardware fault report (motor trip, thermal overload, inverter fault, …). Raises the Failure alarm. Default: false. |
|
| EmergencyShutdown | bool | No | No | Emergency stop. Immediately deactivates Command and overrides all modes. Default: false. |
|
| OperatingHoursReset | bool | No | No | Rising trigger that resets the operating-hours and start counters. Default: false. |
|
| ControlFlags | uint | 0..15 | No | No | Bit array defining extended behaviour (see table below). Default: 0. |
| RunDown | time | No | No | Overrun / post-run time: the device keeps running this long after Demand is removed (heat-dissipation cycles). If 0, disabled. Default: T#5m. |
|
| FeedbackTimeout | time | No | No | Time allowed for Feedback to become active after Command is issued before the Not Run alarm is raised. Default: T#30s. |
|
| KickFunctionInterval | time | No | No | Interval of the periodic exercise (anti-seize) function. If 0, disabled. Default: T#0s (off). |
|
| KickFunctionDuration | time | No | No | How long the device runs during a periodic exercise kick. Default: T#1m. |
|
| NotRunAlarmPriority | AlarmPriorityType | No | No | Alarm class for the “Fail to Start” (Not Running) alarm. Default: 32. |
|
| FailureAlarmPriority | AlarmPriorityType | No | No | Alarm class for the external Failure alarm. Default: 32. |
|
| EmergencyAlarmPriority | AlarmPriorityType | No | No | Alarm class for the Emergency-Shutdown-as-alarm reaction (see ControlFlags bit 3). Default: 32. |
Description of Feedback values
| Value | Meaning |
|---|---|
| 0 | Feedback inactive (device not running). |
| 1 | Feedback active (device running). |
| 2 | Feedback not connected (default) — feedback logic is bypassed; the running state mirrors Command. |
Description of ControlFlags values
| Bit | Mask | Meaning |
|---|---|---|
| 0 | 1 | If TRUE, all alarm evaluation is completely disabled. |
| 1 | 2 | If TRUE, Command is dropped on an active fault while in Automatic mode. |
| 2 | 4 | If TRUE, Command is dropped on an active fault while in Manual (On) mode. |
| 3 | 8 | If TRUE, an EmergencyShutdown that coincides with a start request is also reported as a Failure alarm. |
| 4..15 | - | Unused. |
Outputs
| Name | Data Type | Description |
|---|---|---|
| Command | bool | Operational command output (TRUE = Run, FALSE = Stop). |
| CompositeState | uint | Bit array describing the complete internal state of the block (see table below). |
| OperatingHours | time | Total accumulated running time (retained). Reset by OperatingHoursReset. |
| StartCounter | udint | Total number of starts (retained). Reset by OperatingHoursReset. |
Being a BaseAlarmBlock descendant, the block also provides the inherited alarm interface (AlarmsInterface / Reset/Acknowledge/GetActiveAlarmsMask…) used to chain its two internal alarms into the project alarm system.
Description of CompositeState output values
| Bit | Mask | Meaning |
|---|---|---|
| 0 | 1 | Command is active. |
| 1 | 2 | Feedback is active (Feedback = 1, or Feedback = 2 while Command is active). |
| 2 | 4 | Manual mode is active (OperatingMode ≠ Automatic, or a manual hardware override is reported). |
| 3 | 8 | Manual On is active (OperatingMode = On, or manual override while running). |
| 4 | 16 | Demand is active. |
| 5 | 32 | Kick (periodic exercise) is currently active. |
| 6 | 64 | Run-down (overrun) is currently active. |
| 7 | 128 | A flagged alarm is present. |
| 8..9 | - | Current OperatingMode representation. |
Detailed Function Description
The block runs an internal state machine (Off → WaitForFeedback → On → Run-Down, with parallel Failure, Kick and Emergency branches) and manages two alarms:
- Not Run (Fail to Start): raised if
Commandis issued butFeedbackdoes not become active withinFeedbackTimeout. Priority =NotRunAlarmPriority. - Failure: raised by the external
Failureinput (and optionally byEmergencyShutdown, see ControlFlags bit 3). Priority =FailureAlarmPriority/EmergencyAlarmPriority.
Core capabilities:
- Operating Modes: Automatic, Manual On, Manual Off.
Offis dominant;EmergencyShutdownoverrides all modes. - Feedback Monitoring: verifies the device actually started; if
Feedback= 2 the feedback logic is bypassed and the running state mirrorsCommand. - Run-Down (Overrun): after
Demandis removed in Automatic mode the device keeps running forRunDown(e.g. to dissipate residual heat) before stopping. A device that never reported feedback, or that is dropped on the very first cycle, skips the run-down. - Periodic Kick (Exercise): in Automatic mode, if the device has been idle for
KickFunctionInterval, it is run forKickFunctionDurationto prevent mechanical seizing. The kick has its own feedback supervision. - Emergency Shutdown: sets
Command= FALSE immediately, regardless of mode. If configured (ControlFlags bit 3), a coinciding start request raises a Failure alarm. - Fault reaction: ControlFlags bits 1/2 decide whether
Commandis dropped on a fault separately for Automatic and Manual modes (e.g. keep a critical pump running on a soft alarm in Manual). - Maintenance Counters: accumulated
OperatingHoursandStartCounter, resettable viaOperatingHoursReset.
Execution logic: In Automatic mode a start is requested by Demand; in Manual On it is forced. On a start the block enters WaitForFeedback, asserts Command and waits up to FeedbackTimeout for Feedback. On success it goes On and increments StartCounter; on timeout it raises the Not Run alarm. A Failure input or EmergencyShutdown diverts to the corresponding branch at any time. When Demand clears, the Run-Down branch keeps the device running for RunDown before final stop.
Application Example from a Real Project
Scenario: Redundant refrigerant pump to the ice-rink floor collector
Two pumps (M4/M5) circulate refrigerant to the floor. Each pump is driven by its own SwitcherBlock:
- The lead/lag demand from the twin-pump logic is wired to Demand; a differential-pressure switch (dP) is mapped to Feedback via
BOOL_TO_USINT. - If the PLC asserts
Commandbut no dP appears within FeedbackTimeout =T#10s, a Not Run alarm flags a broken coupling or seized rotor and the twin-pump logic can switch to the standby pump. - A motor-protection / inverter fault is wired to Failure; with ControlFlags bit 1 set, the pump's
Commandis dropped on fault in Automatic mode. - To avoid seizing during summer standstill, KickFunctionInterval =
T#7dand KickFunctionDuration =T#30sexercise the pump weekly. - A short RunDown keeps refrigerant moving briefly after the demand stops.
Command drives the pump relay; AlarmsInterface is chained into the machine-room alarm aggregator, and OperatingHours / StartCounter feed the maintenance view.