You are here:  Home  Products  CANopen Software & Tools  CANopen SAFETY  CANopen Safety Protocol
Services
Sitemap Sitemap  Print Printversion

Advanced Search advanced search

Navigation
Home
Company
References
Products
System on Modules
PLC Solutions - IEC 61131-3
PC - CAN Interfaces
CANopen I/O Devices
CANopen Software & Tools
CANopen Introduction
CANopen Source Code
CANopen SAFETY
 -  CANopen Safety Chip
 -  CANopen Safety Concept
 -  CANopen Safety Protocol
 -  Development Kit CANopen Safety Chip CSC01
 -  Development Kit CANopen Safety Chip CSC02
CANopen Configuration Suite
CANopen Device Monitor
CANopen Configuration Manager
CAN-REport
PCAN-Explorer 3
ProCANopen
Powerlink Software & Tools
Compact Module - COMBI Serie
Add-on Hardware & Accessory
Development Tools
Product catalog
Services
Downloads
Contact us
News & Events
Support

Events & Fairs

CANopen Safety Protocol - CiA DSP-304 CANopen Framework
The CiA Draft Standard Proposal 304 "CANopen Framework for Safety Relevant Communication" defines the CANopen protocol expansions for the integration of safety relevant devices in CANopen networks. The protocol enables safety relevant devices to operate along with non-safety relevant devices in a CANopen network. The safety functions are realized via special communication objects, SRDOs (safety relevant data object).

An SRDO consists of two CAN messages. The following rules apply for construction
of an SRDO:
  1. The CAN identifiers for both CAN messages vary in at least two bit positions.
  2. The data contents of both CAN messages is redundant. However the data of the second CAN telegram is inverted bit for bit.
  3. An SRDO is transferred periodically, whereby the period between two SRDOs is determined by the SCT (safeguard cycle time).
  4. The period between both CAN messages assigned to an SRDO must not exceed the SRVT (safety relevant object validation time).
The sequence of both CAN messages assigned to an SRDO must be maintained. First the real data is transferred and then the inverted data.

The recepient (data sink) checks the validity of an SRDO. The temporal and logical succession of both CAN messages assigned to an SRDO is compared with an expected value. Subsequently the user data undergoes verification. Recognized errors will result in a change into the secure state of the assigned actuators. The secure state is to be defined by the device manufacturer and/or user, based on the application requirements.

The properties of the SRDO (CAN identifier, SCT, SRVT, Mapping) are stored in the Object Dictionary and checked for validity by a CRC (16-Bit cyclic redundant check).

In order to reduce the reaction time in safety relevant systems, there is a "global failsafe command" (GFC) defined in DSP304. It consists of two high-priority CAN messages (CAN identifier 1 and 2). Upon receipt of one of the two CAN messages the GFC is valid. The GFC contains no data and can therefore be sent by all networked nodes. Whoever sends the GFC must inform the network of the reason for this GFC transmission via SRDO.

The CANopen Safety Protocol allows safety relevant sensors and actors to be connected directly with one another. A safety relevant control unit (e.g. PLC, safety monitor) is not required. Therefore logically comparable safety chains, like those found in standard wired technology, can be realized (e.g. emergency stop button effects the safety monitoring relay directly).




We appreciate your feedback!
This page last updated: 4. June, 2010
Sitemap | Contact Us | Terms&Conditions |
© 2004 - 2012 SYS TEC electronic GmbH. All rights reserved.