CANopen Safety - datamicro.ru

CANCANopen safety deviceSRDO(Safety IF)PDO/SDO(Control IF)Multiple deviceI/O lines(Process IF)Object dictionaryLogicaldevice 1Virtualdevice 1toVirtualdevice ntoLogicaldevice 8Virtualdevice 1toVirtualdevice nSDO(Configuration IF)Emergency/SDO(Diagnostics IF)© CiA

CANCommunication profile areaIndex range Description1000 h to 1029 h General communication objects1200 h to 12FF h SDO parameter objects1300 h to 13FF h CANopen safety objects1400 h to 1BFF h PDO parameter objects1F00 h to 1F11 h SDO manager objects1F20 h to 1F27 h Configuration manager objects1F50 h to 1F54 h Program control objects1F80 h to 1F89 h NMT master objects© CiA

CANCommunication protocols◆ Service Data Object (SDO) protocols◆ Standard SDO protocols◆ SDO block protocols◆ Safety-Related Data Object (SRDO) protocol◆ Process Data Object (PDO) protocol◆ Special object protocols:◆ Synchronization (SYNC) protocol◆ Time Stamp (TIME) protocol◆ Emergency (EMCY) protocol◆ Network Management protocols:◆ NMT Message protocol◆ Boot-Up protocol◆ Error Control protocols- Heartbeat protocol- Node guarding protocol© CiA

CANCANopen network with safe nodesPLCCANSafety PowerSwitchS1 N1 S2 N2 N3 D1S3EmergencyPush ButtonSLMSx Safety Node (S3: Saftey controller)Nx Normal NodeDx Drive ControllMDriveControll© CiA

CANSafety-relevant Data ObjectrequestCAN Data Frame 11 to 8 ByteBit-wise inverted Data Fieldof CAN Data Frame 11 to 8 Byteindication(s)© CiA

CANSRDO TimingSRDO1SRDO1SRDO1refresh-timerefresh-timeSCT expiredSCTSCTSCTtimeSRDO1SRDO1SRDO1SRVTexpiredSRVTSRVTSRVTtime© CiA

CANSRDO parameter recordIndex Sub-Index Field in SRDO Communication Parameter Record Data Type13xx h0 h Number of entries UNSIGNED81 h Information direction (TX or RX) UNSIGNED82 h Refresh-time/SCT (in ms) UNSIGNED163 h SRVT (in ms) UNSIGNED84 h Transmission type UNSIGNED85 h COB ID1 UNSIGNED326 h COB ID2 UNSIGNED32© CiA

CANOptionally reserved IDsObjectGlobal failsafe commandSafety-relevant data objects (SRDO)Flying masterDynamic SDO requestNode claiming procedureNode claiming procedureLayer setting services (LSS)CAN identifier1h101h to 180h71h to 76h6E0h6E1h to 6E3h6F0h to 6FFh7E4h, 7E5h© CiA

CANSRDO mappingObject DictionaryIndex Sub Object contents1381 h01 h2000 h01 h8 h1381 h02 h2003 h03 h10 hSRDO_11381 h03 h2003 h01 h8 hObject AObject GObject E2000 h01 hObject A2000 h02 hObject B2001 h00 hObject C2002 h00 hObject D2003 h01 hObject E2003 h02 hObject F2003 h03 hObject G© CiA

CANVariable SRDO mappingObject DictionaryIndex Sub Object contents1381 h01 h2000 h01 h8 h1381 h02 h2003 2001 h03 00 h10 hSRDO_11381 h03 h2003 h01 h8 hObject AObject GCObject E2000 h01 hObject A2000 h02 hObject B2001 h 00 h Object C2002 h00 hObject D2003 h01 hObject E2003 h02 hObject F2003 h 03 h Object G© CiA

CANObject dictionary extensionIndex Object Name Type Acc. 1 M/O1300h VAR GFC parameter UNSIGNED8 rw OSRDO Communication Parameter1301h RECORD 1 st SRDO parameter SRDO Parameter (26h) rw M1302h RECORD 2 nd SRDO parameter SRDO Parameter (26h) rw M/O*::::: ::::: ::::: ::::: ::::: :::::1340h RECORD 64 th SRDO parameter SRDO Parameter (26h) rw M/O*1341hreserved::::: :::::1380hreservedSRDO Mapping Parameter1381h ARRAY 1 st SRDO mapping UNSIGNED32 rw M1382h ARRAY 2 nd SRDO mapping UNSIGNED32 rw M/O*::::: ::::: ::::: ::::: ::::: :::::13C0h ARRAY 64 th SRDO mapping UNSIGNED32 rw M/O*13C1hreserved::::: :::::13FDhreserved13FEh VAR Configuration valid UNSIGNED 8 rw M13FFh ARRAY Safety Configuration Checksum UNSIGNED16 ro M© CiA

CANBIA approval© CiA

CANCommunication failures(1) Message repetition(2) Message lost(3) Message insertion(4) Wrong message sequence(5) Message corruption(6) Message delay(7) Coupling© CiA

CANFailure-avoiding methods(1) Running number in safety-relevant messages(2) Relative, absolute or double time-marks(3) Time-out(4) Confirmation of message(5) Identifying of producer and consumer(6) Application CRC(7) Redundancy with cross-checking© CiA

CANBIA recommendationsRunning numberTime markTime-outConfirmationIdentificationCRCCross-checkDifferent dataRepetitionLostInsertionWrong sequenceCorruptionDelayCouplingxxxx---x--x-x------xx 3-- -x -x 1- -x -- -x 1 xx 2- x -- x -- x --x--x -x 4-- -- x1) application-specific2) only for producer3) mandatory4) low error-rate shall betestableMethods used byCANopen Safety© CiA

CANCANopen safety chipSensorActuatorsafety switchingdevicesafety shutoff2nd shutoff pathcontrolsignaldual channeltestsignalmonitoringsignaldual channelcontrolsignaldual channel1 Chip 16-Bit MCUSafety Applikationobject dictionary(DS4xx)monitoring the2nd shutoff pathevent leadingto safetycriticalshutoffCANopen Stackredundant CANopen safety-relevantmonitoring, cross comparison.sequence monitoring, time monitoringobject dictionary (OD)(CANopen datastructures according toDS301 and DS304)diagnosticfunctions(eg. RAM/ ROM/Op- Code Test,Register,Periphery)triggersignalwatchdogwith independenttime base/NMIalternating transmissionCAN- Controller 1 CAN- Controller 2higher level supplyvoltage/voltagemonitoringCAN Tx 1CAN Rx 1CAN Tx 2 CAN Rx 2CAN- TransceiverCAN-Bus© CiA

CANRequirements (Consortium)CANopen Safety• 2 independent CAN controllers• 2 TSRDO + 2 RSRDO• Minimal SRVT: 5 ms• Minimal refresh-time: 20 msCANopen• 2 TPDO + 2 RPDO• SRDO/PDO linking• SRDO/PDO static mapping• Heartbeat producer• Emergency producer© CiA