By Cyrilla Jane Menon, CAN in Automation
THE INTENSIVE use of serial bus systems and networks in embedded machine control systems and factory automation systems has many advantages: reduction of cabling, increasing of diagnostics, saving of engineering effort, etc. However, if safety-relevant devices have to be connected, standard communication systems are not sufficient. Additional safety-protocols are required.
This White Paper will introduce the requirements from the European certification authorities for safetyrelevant control devices and systems. It will discuss the different methods allowed to detect the single-failures. Single failures should be detected and cause the actuating devices to transit into safestate. Single failures include lost of messages, data corruption, delayed reception, etc. Allowed detection methods include crosschecking, running number, application CRC (cyclic redundancy check), etc.
The CANopen Safety Protocol will be introduced in detail. In particular, the paper will discuss the concept of serial redundancy transmitting safety-relevant data in two continuous messages with bitwise inverted content. It also will describe several implementation possibilities including a singleprocessor implementation done by a consortium of device manufacturers and system designers. This chip has been designed and tested in accordance to the IEC 61508 standard. It achieves a Safety Integrity Level (SIL) of 3.
The paper will also discuss the configuration possibilities and restrictions. The object dictionary containing all the communication and application objects accessible via the CANopen network is CRC protected in order to avoid an accidental mis-configuration.