In automation systems with a functionality characterised by the input values e, the status values q, and the output values a, active and passive functional errors may occur as a function of whether in the case of a deviation from the intended function a = a(q,e) there occurs an unintended output or an intended output fails.
Depending on the effects of the errors, a difference is made between hazardous and harmless functional errors. If an error is hazardous or harmless always depends on the concrete situation.
In general, active functional errors in a drive controller are hazardous because they may lead to an uncontrolled start of the drive.
With positioning drives, passive errors may be dangerous because they may prevent the switch-off of the drive, if necessary.
In monitoring systems, both passive and active functional errors may have dangerous or undesirable consequences, e. g., if an alarm message is blocked because of a passive error or if an anti-emergency program is started without reason as a result of an active error.
Dangerous functional errors are errors that are to such an extent likely to lead to destructions, damage to material and machinery, costly machine or plant downtimes, environmental pollution, or danger to persons that a correspondingly acceptable
Tolerable risk will be exceeded.
Harmless errors are errors with a possibly resulting scale of damage remaining within reasonable limits.
