It is very obvious from the comments posted in this thread that the people driving the use of the Raspberry-Pi as a PLC training tool have not conducted any professional, electrical and electronic engineering research into the design criteria required for an educational PLC or are prepared to acknowledge the legally required European Union safety compliance to IEC61508 and IEC 61131-3.
A PLC’s functional criterion is an industrial control device used to automate electrically driven machinery. The objective of any real world PLC design and training criterion is to write and test PLC programs compliant to IEC 61508 and IEC 61131-3. Being able to simulate watchdog timer failure in both software and hardware to IEC 61508 and IEC 61131-3 in the classroom educational environment is also paramount to any professional PLC training course.
Therefore; for classroom training purposes, a PLC used to emulate real world functionality requires three levels of watchdog compliance and the provision to connect the PLC to real world electrically independent failsafe simulation circuits using a low voltage power supply, usually 24 volts AC and DC.
First Level – An IEC61508 and IEC 61131-3 complaint machine language operating system containing a software watchdog timer programmed in pure machine language and burnt in a non-volatile ROM. The purpose of the CPU watchdog timer is to monitor all CPU memory functions for checksum errors and watchdog failsafe on any error generated.
Second Level – An IEC61508 and IEC 61131-3 complaint PLC will also contain an external electronic hardware watchdog circuit independent of the First Level operations. The second level watchdog’s purpose is to monitor the PLC input and output (I/O) electronics. In the event that any I/O device malfunctions, the secondary watchdog de-energises all PLC outputs.
Third Level – An IEC61508 and IEC 61131-3 complaint PLC program and PLC associated electrical interlocking circuits. This is the real world functional design.
Fourth Level – The fourth level contains electrical interlocking, failsafe safety wiring not attached to the PLC. The purpose being that in the event of any emergency all electrical equipment attached to the PLC is safely de-energised. Once de-energised; all the electrical equipment must be manually checked for electrical faults and re-energised.
Level 1 PLC programming is always written in machine language. Level 1 and Level 2 electronics functions are tightly integrated into the PLC electronics design. Level 3 is where the PLC is programming and field testing is conducted. Level 3 and Level 4 electrical interlocking wiring electrical wiring is purely the domain of electrical engineering and commissioning professionals.
If IEC61508 and IEC 61131-3 compliance cannot be programmed into the Raspberry-Pi then all you have is a programmable simulator that will not teach a person seeking PLC programming experience any serious PLC programming. Those same PLC simulators are freely available for the Windows Operating System. Therefore; I cannot see any value in investing money in a Raspberry-Pi PLC project when I can carry out the same PLC simulation on a Windows PC.
Safety Integrity Level (SIL)
ANSI/ISA S84 (Functional safety of safety instrumented systems for the process industry sector)
IEC EN 61508 (Functional safety of electrical/electronic/programmable electronic safety related systems)
IEC 61511 (Safety instrumented systems for the process industry sector)
IEC 62061 (Safety of machinery)
EN 50128 (Railway applications - Software for railway control and protection)
EN 50129 (Railway applications - Safety related electronic systems for signalling
EN 50402 (Fixed gas detection systems)
MISRA, various (Guidelines for safety analysis, modelling, and programming in automotive applications)
Defence Standard 00-56 Issue 2 - accident consequence
The use of a SIL in specific safety standards may apply different number sequences or definitions to those in IEC EN 61508.
IEC 61508 Safety: Safe software solutions according to IEC 61508 (SIL2 up to SIL3)
SafeOS: Safe PLC runtime system according to IEC 61508 to SIL3
Training Specification Sheets:
ICE65108 Safety Conformity:
Quantum Safety PLC Safety Reference Manual: