Single-Chip-Solution up to SIL3 – The Safety Chip Concept
|
Currently, technical realizations of safety-relevant devices usually have a
two-channel structure in order to achieve a SIL3 certification according to IEC
61508. In the case of electronic safety-relevant devices, for example, two
micro-controllers are present, which reciprocally monitor their functions (e.g.
via cross-comparison).
The aim of development of the CANopen Safety Chip consists of using only one
micro-controller and thus to simplify, ultimately to reduce costs. Therefore the
two-channel capability is realized within the micro-controller. This solution
approach requires an increased effort in the diagnosis functions for the
micro-controller (e.g. RAM, FLASH, stack, register, addressing, Op-code) and the
periphery (e.g. timer, oscillator) and in the logical and temporal monitoring of
the program execution.
The CANopen Safety Chip is based on a micro-controller, pre-programmed with a
safety-relevant permanent firmware which contains the CANopen Safety protocol
and the diagnostics functions. The user-specific software, realizing the
application-specific safety functions, can be downloaded to the CANopen Safety
Chip to accomplishing the permanent firmware.
A well thought out data and function interface enables communication between
both parts of software. Consequently, using the interface the application can
access the CANopen functionality, the safety-relevant data and the object
directory. It is possible to extend the object directory by several entries.
|
|
|
|
Sitemap
Printversion
We appreciate your feedback!