IEC 61784-3-8:2010 pdf download – Industrial communication networks – Profiles – Part 3-8: Functional safety fieldbuses – Additional specifications for CPF 8
Conventions Conventions used in this document are defined in IEC 61 1 58 Type 1 8 and IEC 61 784-1 CPF 8.
4 Overview of FSCP 8/1 (CC-Link Safety™) Communication Profile Family 8 (commonly known as CC-Link™ 9 ) defines communication profiles based on IEC 61 1 58-2 Type 1 8, IEC 61 1 58-3-1 8, IEC 61 1 58-4-1 8, IEC 61 1 58-5-1 8, and IEC 61 1 58-6-1 8. The basic profiles CP 8/1 , CP 8/2, and CP 8/3 are defined in IEC 61 784-1 . The CPF 8 functional safety communication profile FSCP 8/1 (CC-Link Safety™ 9 ) is based on the CPF 8 basic profiles in IEC 61 784-1 and the safety communication layer specifications defined in this part. FSCP 8/1 is a protocol for communicating safety-relevant data such as emergency stop signals among participants within a distributed network using fieldbus technology in accordance with the requirements of IEC 61 508 for functional safety. This protocol may be used in various applications such as process control, manufacturing automation and machinery.
The FSCP 8/1 protocol is designed to support Safety Integrity Level SIL3 (IEC 61 508) using CPF 8 by additionally specifying mechanisms for the implementation of sequence number, time expectation, connection authentication, feedback message, data integrity assurance and different data integrity assurance safety measures. SCL capabilities for FSCP 8/1 are provided with the introduction of safety application service elements (SASE).
These SASEs are used in place of their corresponding ASEs as specified in this part. However, since they inherit directly from the parent classes defined for CPF 8, these SASEs specify required additions to CPF 8 for functional safety using a black channel approach.
5 General
5.1 External documents providing specifications for the profile Manufacturers of FSCP 8/1 safety devices are encouraged to check documents [43], [44] and [45] which provide additional specifications relevant for implementation of the SCL defined in this part.
5.2 Safety functional requirements This standard specifies the services and protocols for a functional safety communication system based on IEC 61 1 58 Type 1 8. The following requirements shall apply to the development of devices that implement FSCP 8/1 protocols. The same requirements were used in the development of FSCP 8/1 .
• The FSCP 8/1 protocols are designed to support Safety Integrity Level SIL3 (refer to IEC 61 508).
• Implementations of FSCP 8/1 shall comply with IEC 61 508.
• The basic requirements for the development of the FSCP 8/1 protocol are in IEC 61 784-3.
• The safety state for discrete data is the de-energized state (0). For analog values the de- energized state shall be defined by the safety-related application.
• Environmental conditions shall be according to IEC 61 1 31 -2 for the basic levels and IEC 61 326-3-1 , IEC 61 326-3-2 for the safety margin tests, unless there are specific product standards.
• Unless specified in this part, the CPF 8 requirements shall be unchanged for safety.
5.3 Safety measures
5.3.1 General The safety communication layer described in this standard provides the following deterministic remedial measures to implement its safety communication layer:
⎯ sequence number;
⎯ time expectation;
⎯ connection authentication;
⎯ feedback message;
⎯ data integrity assurance (CRC 32);
⎯ different data integrity assurance systems.
The selection of the various measures for possible errors is shown in Table 1 .
5.3.2 Sequence number Safety messages contain a sequence number (RNO) with a width of 4 bits and a specified sequence (see 7.1 and 7.2). If the sequence is not followed, all safety related output signals shall be set to their safe states.
5.3.3 Time expectation
An integrated watchdog timer providing the time expectation of each output channel on each safety output slave ensures a safety function response time, which is the time between the detection of an event at the safety input slave and the response at the corresponding output channel(s) on the safety output slave(s) without the processing time of the safety input. For details see also 9.3.
The safety function response time comprises the fieldbus transmission time from a safety input slave to the master and from the safety master to the safety output slave, including possible repetitions of the safety PDU due to transmission errors, the processing time on safety output slave, and the processing time within the safety relevant controller (SRC).
If the safety function response time of a specific output channel of a safety output slave is exceeded, the corresponding output channel is set to its safe state, which is usually the power OFF state. This shall be observed by the application layer of the SRP.IEC 61784-3-8 pdf download.