Wilamowski B.M., Irwin J.D. The Industrial Electronics Handbook. Second Edition: Industrial Communication Systems
Подождите немного. Документ загружается.
45-8 Industrial Communication Systems
e.two.parity.bits.for.the.ID.are.calculated.using.the.following.equations:
.
P0 ID0 ID1 ID2 ID4
= ⊕ ⊕ ⊕ . (45.2)
.
P1 ID1 ID ID ID= ⊕ ⊕ ⊕3 4 5
.
(45.3)
45.5.4 Data Field
e.data.eld.is.the.rst.part.of.the.response..e.response.can.also.be.generated.in.the.master.by.the.
slav
e
.task.and.can.consi
st
.of.one.to.eigh
t
.data.byte
s.
.As.desc
ribed
.abov
e,
.the.ID.dete
rmines
.the.numbe
r
.
of.byte
s
.unle
ss
.anot
her
.leng
th
.is.indi
cated.
.e.signa
ls
.are.tran
smitted
.in.the.data.byte
s,
.star
ting
.with.
the.leas
t
.signi
cant
.bit.(LSB
).
.A.data.byte.consi
sts
.of.a.star
t
.bit,.eigh
t
.data.bits
,
.and.a.stop.bit..A.pari
ty
.
bit.is.not.tra
nsferred.
45.5.5 Checksum
ere.is.a.distinction.in.LIN.between.a.so-called.classic.checksum.and.an.enhanced.checksum..e.
LIN.proto
col
.versi
on
.1.3.uses.the.clas
sic
.chec
ksum.
.LIN.versi
on
.2.x.uses.the.enha
nced
.chec
ksum
.and.
incl
udes
.the.PID
.
.e.enh
anced
.che
cksum
.is.onl
y
.use
d
.for.the.IDs.0x0
–0x3B
.(0–
59).
45.5.6 Frame Length
e.minimum.and.the.maximum.header.and.frame.length.are.specied.in.the.LIN.specication..e.
maxi
mum
.valu
es
.are.140%.of.the.mini
mal
.time
s.
.An.unde
r
.run.of.the.mini
mum
.time
s
.is.not.pos-
si
ble
.beca
use
.they.exac
tly
.corr
espond
.to.at.leas
t
.the.nece
ssary
.bit.time
s.
.Tabl
e
.45.3.summ
arizes
.thes
e
.
para
meters.
45.5.7 time-triggered Data transmission
Modern.automotive.networking.solutions.favor.the.time-triggered.model.for.message.scheduling.so.
that.the.over
all
.timi
ng
.of.mess
ages
.in.the.syst
em
.can.be.dete
rministic.
.In.a.time
-triggered
.netw
ork,
.
mess
ages
.are.tran
smitted
.agai
nst
.a.pred
ened
.mess
age
.sche
dule
.tabl
e
.and.ther
e
.is.a.noti
on
.of.a.glob
al
.
cloc
k
.to.ensu
re
.prop
er
.time.sync
hronization.
.e.Flex
Ray
.netw
ork
.is.an.exam
ple
.of.such.an.autom
otive
.
time
-triggered
.netw
ork.
.Sinc
e
.LIN.is.a.subn
etwork
.that.can.be.used.in.conj
unction
.with.larg
er
.netw
orks
.
in.a.sys
tem,
.LIN.sup
ports
.tim
e-triggered
.ope
rations.
LIN
.cont
rols
.the.time
-triggered
.tran
smission
.by.using.sche
dule
.tabl
es,
.whic
h
.are.impl
emented
.in.
the.mast
er.
.us,.the.syst
em
.can.be.dete
rministic,
.that.is,.the.time.when.a.mess
age
.is.tran
smitted
.can.
be.exac
tly
.pred
icted
.and.guar
antees
.the.peri
odicity
.of.signa
ls.
.e.sche
dule
.tabl
es
.den
e
.a.time.slot.for.
ever
y
.sch
eduled
.fra
me,
.as.are.des
cribed
.in.the.LDF.by.the.sys
tem
.desi
gner.
TABLE 45.3 Nominal.and.Maximum.
Tran
smission
.Tim
e
.of.Hea
ders
.and.Fra
mes
Name
T
Header_Nominal
34.T
Bit
T
Response_Nominal
10*(N.
Data
.+.1).T
Bit
T
Frame_Nominal
T
Header_Nominal
.+.T
Response_Nominal
T
Header_Maximum
1.4*T
Header_Nominal
T
Response_Maximum
1.4*T
Response_Nominal
T
Frame_Maximum
T
Header_Maximum
.+.T
Response_Maximum
© 2011 by Taylor and Francis Group, LLC
LIN-Bus 45-9
45.5.8 Frame types
ere.are.three.dierent.ways.of.transmitting.frames.on.the.LIN.bus:.unconditional,.event-triggered,.
and.sporadic.frames..Diagnostic.frames.are.also.supported.
45.5.8.1
Unconditional Frame
Unconditional
.frame.transfer.signals.may.use.the.IDs.0x0–0x3B.(0–59)..Every.frame.can.have.only.one.
transmitter.(publisher).but.one.or.several.receivers.(subscribers)..e.setup.of.the.frame.is.described.
in.the.LIN.description.le..Unconditional.frames.can.be.transferred,.as.shown.in.the.relationships.of.
Figure.45.4.
45.5.8.2
Event-triggered Frame
e
.unconditional.frame.can.be.considered.as.the.normal.LIN.frame..LIN2.0.also.denes.a.so-called.
event-triggered.frame..Event-triggered.frames.improve.the.response.time.of.the.master–slave.system.by.
mapping.unconditional.frames.with.rare-event.data.of.multiple.slaves.into.one.event-triggered.frame..
is.reduces.the.cycle.time.of.the.time.schedule.table.because.the.master.does.not.have.to.poll.the.slave.
nodes.individually..Several.frame.IDs.can.be.dened.as.“event.triggered”.within.the.network..If.the.
master.requests.such.an.“event-triggered”.frame,.all.corresponding.slaves.will.begin.to.transmit.their.
data..However,.corresponding.slave.nodes.only.provide.their.frame.response.when.the.values.in.their.
data.elds.have.changed..But,.multiple.slaves.can.provide.a.frame.response.to.a.single.event-triggered.
frame..To.enable.the.master.to.recognize.which.slave.node.has.responded,.the.rst.byte.of.the.associated.
unconditional.frames.have.to.contain.their.frame.ID.
As
.more.than.one.slave.can.answer,.by.updating.data.in.the.frame,.it.is.possible.that.a.collision.can.
occur.on.the.bus.line..e.master.recognizes.such.a.collision.situation.and.resolves.it.by.switching.auto-
matically
.to.the.so-called.collision.resolving.schedule.table..e.table.will,.at.a.minimum,.contain.the.
associated.unconditional.frames.and.it.will.be.a.member.of.schedule.table.set.
45.5.8.3
Sporadic Frame
e
.sporadic.frames.were.introduced.in.the.LIN.version.2.0.for.better.utilization.of.bandwidth..is.
method.provides.some.dynamic.behavior.to.the.otherwise.static.LIN.protocol..ey.are.in.principle.
placeholders.in.the.time.schedule.table.in.which.the.master.can.send.several.dierent.messages.that.
carry.signals.that.seldom.change,.for.example,.commands..e.master.sends.the.message.only.if.a.signal.
carried.by.this.message.is.changed..Hence.the.time.slot.can.remain.empty..e.assignment.of.the.uncon-
ditional
.frames.to.the.sporadic.frame.takes.place.in.the.LIN.description.le..Figure.45.8.shows.a.simple.
example..In.slot.three,.the.master.can.transfer.either.the.unconditional.frame.“Master.Command”.or.
“Outdoor.Temperature”.or.it.can.leave.the.slot.empty.
Slot 1 Slot 2 Slot 3 Slot 4
Window
status
Mirror
status
Master
command
Keyboard
status
Empty
slot
Outdoor
temperature
FIGURE 45.8 Principle.of.sporadic.frames.
© 2011 by Taylor and Francis Group, LLC
45-10 Industrial Communication Systems
45.5.9 Diagnostic Frame
Diagnostic.frames.always.carry.transport.layer.data..ere.are.two.types,.the.master.request.frame.
(MRF).and.the.slave.response.frame.(SRF)..e.transmitter.is.always.the.master..e.MRF.has.the.ID.
0x3C.(60).and.always.has.eight.data.bytes..It.is.the.“go-to-sleep”.command.if.the.rst.byte.carries.0x00,.
otherwise.it.carries.a.transport.layer.protocol..e.SRF.transfers.the.slave.response.of.the.transport.layer.
protocol.to.the.master..It.has.the.ID.0x3D.(61).and.also.has.eight.data.bytes.
45.6 Network and Status Management
e.network.and.the.status.management.features.are.very.simple..e.network.management.feature.
supports.only.the.“wake-up”.and.“go-to-sleep”.signals..e.corresponding.slave.state.diagram.is.shown.
in.Figure.45.9..e.slave.node.enters.the.Initializing.state.aer.power-on,.reset.or.wake-up..In.the.opera-
tional
.mode.state.that.the.slave.node.can.transmit.and.receive.frames..In.the.bus.sleep.mode.state,.the.
node.is.normally.in.power.save.mode..e.bus.line.is.set.to.the.recessive.level.(logical.1)..Any.node.can.
send.a.wake-up.request.for.the.cluster..Each.slave.node.can.detect.the.wake-up.request.and.listen.for.bus.
commands.for.a.short.period..e.master.node.can.also.wake-up.and.send.frame.headers.to.establish.
the.cause.of.the.wake-up.
e
.slave.nodes.enter.the.bus.sleep.node.if.they.receive.the.go-to-sleep.command.from.the.master.or.
if.the.bus.is.inactive.for.a.minimum.of.4.s..Bus.inactivity.means.no.transitions.between.logical.0.and.1.
bit.values.and.so.covers.the.IDLE.state.and.a.short.circuit.condition.with.V
SUP
.or.GND.
For
.status.management.each.slave.node.monitors.its.communication..e.slave.provides.two.status.
bits.for.status.management.within.its.own.node:.error_in_response.and.successful_transfer..If.it.detects.
an.error.(bit.error,.framing.error,.or.checksum.error),.it.sets.the.response_error.signal..is.is.carried.
as.a.one.bit.scalar.signal.in.an.unconditional.frame.to.the.master..e.position.in.the.frame.is.dened.
in.the.LDF..Based.on.this.single.bit,.the.master.node.can.interpret.the.error.states.as.listed.in.Table.45.4.
Initializing
Bus sleep
mode
Operational
mode
Go-to-sleep
command
Wake up
signal
Reset or power on
FIGURE 45.9 Slave.node.state.diagram.
TABLE 45.4 Interpretation.of.the.Response_error.
Signal.by.the.Master.Node
Response_error Interpretation
False e
.slave.node.is.
operating.correctly
True e
.slave.node.has.
intermittent.problems
e
.slave.node.did.not.answer e.slave.node,.bus,.
ormaster.node.has.
serious.problems
© 2011 by Taylor and Francis Group, LLC
LIN-Bus 45-11
e.successful_transfer.status.is.set.when.a.frame.has.been.successfully.transferred.by.the.slave,.that.
is,.a.frame.has.either.been.received.or.transmitted.
45.7 transport Layer Protocol
e.LIN.transport.layer.provides.a.data.transfer.between.master.and.slave.node.for.diagnostic,.slave.node.
conguration,.and.identication.purposes..It.achieves.segmentation/desegmentation.and.ow.control..e.
diagnostics.message.transfer.is.compatible.with.CAN-based.diagnostic.protocols..Typically.diagnostics.
are.performed.from.a.tester.where.a.LIN.master.can.pass.the.received.tester.requests.to.the.relevant.LIN.
slaves..A.LIN.slave.receives.requests,.routes.them.to.the.appropriate.service,.and.constructs.the.response.
LIN
.version.2.0.denes.a.transport.layer.protocol.that.was.deduced.from.the.ISO.15765-2.protocol.
[ISO15765-2]..It.tunnels.Keyword.Protocol.2000.(KWP-2000).and.Unied.Diagnostic.Services.(UDS),.
as.dened.in.ISO.15765-2.and.ISO.14229-1.[ISO14229-1],.and.provides.the.conguration.and.diagnostic.
service.for.LIN.slaves..erefore,.the.full.transport.layer.specication.does.not.have.to.be.implemented.
in.all.slave.nodes;.LIN.version.2.1.species.three.diagnostic.classes.as:
Class 1
.supports.single.frame.transport.protocol.only,.with.fault.indication.by.signals.
Class 2
.provides.node.identication.support,.implementing.the.multi-frame.transport.protocol,.
but.supporting.only.the.UDS/KWP-2000.“read.by.identier”.service.
Class 3
.slave.nodes.are.the.most.complex.nodes..ey.execute.additional.tasks.beyond.the.basic.
sensor.and.support.the.services:.diagnostic.session.control,.input/output.control,.read/clear.
diagnostic.trouble.code.information,.as.well.as.optional.ash.programming.features.
e
.transport.layer.protocol.uses.two.diagnostic.frames:.the.MRF.and.the.SRF..e.MRF.(ID.=.0x3C).
is.the.diagnostic.request,.where.the.master.transmits.both.the.frame.header.and.the.frame.response.to.
a.slave.node..e.SRF.(ID.=.0x3D).represents.the.diagnostic.response,.where.the.master.transmits.the.
header,.and.a.slave.transmits.the.response.to.the.master.that.contains.the.answer.of.the.preceding.MRF..
e.protocol.uses.single.frames.(SF),.but.for.multi-frame.support,.rst.frames.(FF).and.consecutive.
frames.(CF).are.mapped.into.the.eight.data.bytes.of.a.LIN.frame..A.MRF.is.always.transmitted.to.all.
slave.nodes.(broadcast.trac)..erefore,.the.slave.node.address,.the.so-called.node.address.for.diag-
nostics
.(NAD).is.stored.in.the.rst.data.byte..e.second.data.byte.stores.the.protocol.control.informa-
tion
.(PCI).of.the.transport.layer.and.the.third.data.byte.stores.the.service.identier.(SID).dened.in.the.
standards.ISO.15765-3.(KWP-2000).[ISO15765-3].and.ISO.14229-1.(UDS).[ISO14229-1].
A
.simple.example.for.use.of.a.single.frame.transport. protocol.is.the.node.conguration.service.
“assign.NAD”.(see.Figure.45.10)..With.this.service,.the.slave.nodes.in.a.cluster.can.assign.a.unique.NAD..
Initial
NAD
Initial
NAD
PCI
0×06
PCI
0×01
SID
0×B0
RSID
0×F0
D1
Supplier ID
LSB
D1
0×FF
D2
Supplier ID
MSB
D2
0×FF
D3
Function ID
LSB
D3
0×FF
D4
Function ID
MSB
D4
0×FF
D5
new NAD
D5
0×FF
MRF
assign NAD
request
SRF
positive
assign NAD
response
Master
Slave
ID = 0×3C
ID = 0×3D
FIGURE 45.10 e.“assign.NAD”.service.as.an.example.for.a.single.frame.
© 2011 by Taylor and Francis Group, LLC
45-12 Industrial Communication Systems
eidentication.of.the.slaves.is.provided.by.the.LIN.Product.Identication,.where.a.32.bit.value.
iden
ties
.the.suppl
ier
.ID,.the.func
tion
.ID,.and.the.vari
ant.
.e.data.eld.of.the.“ass
ign
.NAD”.requ
est
.
(it.is.a.MRF).carr
ies
.the.foll
owing
.info
rmation:
.rst.byte.is.the.init
ial
.NAD.(old.NAD)
;
.high.nibb
le
.of.
seco
nd
.byte.is.the.ID.of.SF.(0x0
);
.low.nibb
le
.of.seco
nd
.byte.is.the.data.leng
th
.plus.one.(for.the.SID.or.
RSID
);
.thir
d
.byte
,
.the.SID.(0xB
0—assign
.NAD)
;
.byte.four.and.ve.is.the.suppl
ier
.ID;.byte.six.and.seve
n
.
is.the.func
tion
.ID.and.byte.eigh
t
.is.the.new.NAD..If.the.NAD,.the.suppl
ier
.ID,.and.the.func
tion
.ID.
matc
h,
.the.slav
e
.answ
ers
.to.the.head
er
.of.the.SRF.with.a.posi
tive
.“ass
ign
.NAD”.resp
onse.
.e.thir
d
.byte.
carr
ies
.the.resp
onse
.serv
ice
.iden
tier
.(RSI
D).
.e.SID.+.0x04
0
.repr
esents
.a.posi
tive
.ackn
owledgment
.
(her
e,
.0xF0.for.posi
tive
.assi
gn
.NAD.resp
onse).
45.8 Conguration
As.stated.earlier,.a.LIN.cluster.can.be.congured.using.automated.tools.that.use.the.CLD.to.describe.the.
clus
ter,
.in.an.LDF..A.rst.step.is.to.crea
te
.a.clus
ter
.mess
age
.stra
tegy
.to.comp
letely
.desc
ribe
.the.requ
ired
.
comm
unication
.betw
een
.all.unit
s
.in.the.clus
ter.
.A.list.of.all.fram
es
.is.gene
rated
.that.incl
udes
.fram
e
.IDs,.
publ
ishers
.and.subs
cribers,
.data.cont
ent,
.etc..A.sche
dule
.tabl
e
.can.also.be.desc
ribed
.for.the.clus
ter.
.
All.of.the
se
.par
ameters
.are.des
cribed
.by.the.LDF
.
LIN2.x
.also.den
es
.the.“o-
the-shelf”
.appr
oach
.for.a.dyna
mic
.con
guration,
.whic
h
.aor
ds
.a.simpl
e
.
plug
-and-play
.feat
ure
.for.the.slav
e
.node
s.
.is.appr
oach
.is.base
d
.on.the.node.con
guration
.and.iden
ti-
cation
.serv
ices.
.e.main.serv
ices
.for.the.node.con
guration
.are.the.abov
e-mentioned
.“assi
gn
.NAD”.
as.well.as.the.“assi
gn
.fram
e
.ID”.(LIN
2.0)
.and.“assi
gn
.fram
e
.ID.rang
e”
.(LIN
2.1)
.serv
ices.
.With.the.latt
er
.
serv
ice,
.one.can.assi
gn
.and.cha
nge
.the.pro
tected
.ide
ntier
.of.a.fra
me.
If
.more.iden
tical
.slav
e
.node
s
.are.used.in.a.clus
ter
.(e.g
.,
.damp
er
.motor
s
.in.an.air-
conditioning
.syst
em),
.
the.addr
ess
.con
ict
.can.be.reso
lved
.via.a.slav
e
.node.posit
ion
.dete
ction
.(SNP
D)
.proc
edure
.only
.
.One.
possi
ble
.algo
rithm
.is.the.Bus.Shut.Meth
od
.(als
o
.call
ed
.“coo
l-LIN”)
.that.is.desc
ribed
.in.the.pate
nt
.WO.
03/0
94001
.A1.[WO0
3].
.Anot
her
.algo
rithm
.is.the.Extr
a
.Wire.Dais
y
.Chai
n
.meth
od.
.(In.this.area
,
.ther
e
.
are.mor
e
.pat
ents,
.e.g
.
.[US
59].)
45.9 relationship between SaE J2602 and LIN2.0
In.March.of.2004,.the.SAE.approved.the.SAE.J2602.recommended.practice.for.the.use.of.LIN,.based.
upon.the.rel
eased
.LIN
2.0
.spe
cication.
e
.SAE.J260
2
.reco
mmended
.prac
tice
.narr
ows
.down.some.of.the.choi
ces
.allo
wed
.in.the.LIN2
.0
.spec
-
ication
.to.ensu
re
.a.grea
ter
.degr
ee
.of.inte
roperability
.and.to.prov
ide
.a.mini
mum
.leve
l
.of.perf
ormance
.
char
acteristics
.amo
ng
.SAE.J26
02
.com
pliant
.nod
es.
e
.most.signi
cant
.die
rences
.in.impl
ementing
.an.SAE.J260
2
.comp
liant
.LIN.netw
ork
.and.a.LIN2
.0
.
comp
liant
.netw
ork
.are.in.the.diag
nostics
.and.netw
ork
.con
guration
.supp
ort
.as.well.as.the.rest
riction
.
on.a.singl
e
.bus.spee
d
.of.10.4
17
.kbps.that.allo
ws
.tigh
tening
.of.the.physi
cal
.laye
r
.spec
ications.
.It.was.
deci
ded
.that.the.LIN2
.0
.diag
nostics
.requ
irements
.shou
ld
.be.optio
nal
.for.SAE.J260
2
.impl
ementations.
.
Usag
e
.of.the.netw
ork
.con
guration
.meth
ods
.were.also.simpl
ied
.and.furt
her
.spec
ied,
.part
icularly
.the.
incl
usion
.of.a.dev
ice
.nod
e
.numb
er
.(DN
N)
.as.a.par
t
.of.the.sla
ve
.nod
e
.add
ress
.(NA
D).
45.10 Conclusion
is.chapter.has.introduced.the.LIN.bus.concepts.and.has.provided.an.insight.into.the.LIN.specica-
tions,
.high
lighting
.some.of.the.more.impo
rtant
.tech
nical
.deta
ils.
.LIN.has.now.been.esta
blished
.as.the.
de.facto.netw
ork
.tech
nology
.for.the.impl
ementation
.of.simpl
e
.and.cost
-eective
.equi
pment
.clus
ters
.in.
the.vehi
cle.
.Toda
y,
.nume
rous
.vehi
cles
.empl
oy
.LIN.in.the.body
/convenience
.area
s
.of.the.vehi
cle.
.LIN.
will.succ
eed
.into.the.futu
re
.as.it.has.many.adva
ntages
.in.that.it.is.simpl
e
.to.engi
neer,
.with.many.sup-
p
orting
.desig
n
.tools
.
.Hard
ware
.comp
onents
.are.read
ily
.avai
lable,
.the.impl
ementations
.are.very.cost.
© 2011 by Taylor and Francis Group, LLC
LIN-Bus 45-13
eective,.and.there.is.no.protocol.license.required..e.main.versions.are.LIN1.3.and.LIN2.0,.and.in.
fut
ure
.LIN
2.1
.as.wel
l.
.If.nod
es
.are.use
d
.wit
h
.di
erent
.LIN.ver
sions
.wit
hin
.a.clu
ster,
.the.mas
ter’s
.ver
sion
.
lev
el
.mus
t
.be.at.the.sam
e
.ver
sion
.lev
el
.or.at.a.hig
her
.ver
sion
.lev
el
.tha
n
.any.sla
ve
.nod
e.
.e.mas
ter
.has.to.
res
pect
.th
e
.di
verse
.pr
operties
.of.th
e
.sl
ave
.no
des.
references
[Grz05]. A.. Grzemba,. C. v.d.. Wense:. LIN-Bus—Systeme,. Protokolle,. Tests. von. LIN-Systemen,. Tools,.
Har
dware,
.Ap
plikationen;
.Fra
nzis-Verlag,
.Mün
chen,
.Ger
many;
.2005;.ISB
N
.3-7723-4009-1.
[ISO14229-1]
.Road.vehic
les—Diagnostic
.system
s—Part
.1:.Diag
nostic
.serv
ices;
.Int
ernational
.Sta
ndard
.
ISO.14229-1.6,.Is
sue
.6,.2001-02-22.
[ISO15765-2]
.Road.vehic
les—Diagnostics
.on.Con
troller
.Are
a
.Netw
ork
.(CAN)—Par
t
.2:.Netw
ork
.lay
er
.
serv
ices;
.In
ternational
.St
andard
.ISO.15765-2.4,.Is
sue
.4,.2002-06-21.
[ISO15765-3]
.Road.vehic
les—Diagnostics
.on.cont
roller
.are
a
.netw
ork
.(CAN)—Par
t
.3:.Imp
lementation
.of.
diag
nostic
.ser
vices;
.In
ternational
.St
andard
.ISO.15765-3.5,.Is
sue
.5,.2002-12-12.
[ISO9141]
. Road. vehic
les—Diagnostic
. system
s—Requirement
. for. inter
change
. of. digit
al
. Info
rmation;
.
Int
ernational
.St
andard
.ISO9141,.1st.edn.,.1989.
[LIN1.0]
.LIN.Sp
ecication
.Pac
kage
.Re
vision
.1.0,.1999,.ww
w.lin-subbus.org
[LIN1.3]
.LIN.Sp
ecication
.Pac
kage
.Re
vision
.1.3..De
cember
.12,.2002..ww
w.lin-subbus.org
[LIN2.0]
.LIN.Sp
ecication
.Pac
kage
.Re
vision
.2.0..Sep
tember
.23,.2003..ww
w.lin-subbus.org
[LIN2.1]
.LIN.Sp
ecication
.Pac
kage
.Re
vision
.2.1..No
vember
.24,.2006..ww
w.lin-subbus.org
[TR0363]
.TR0363—e.LIN.Ph
ysical
.La
yer;
.Re
v.
.2.0;Ju
ly
.7,.2008;.Te
chnical
.Rep
ort;
.nxp.
[US59]
.Au
tomatic
.no
de
.congura
tion
.wi
th
.ident
ical
.no
des;
.U.S..pa
tent
.5,914,957.
[WO03]
.Meth
od
.for.Addres
sing
.the.user
s
.of.a.bus.system.by.mea
ns
.of.identic
ation
.ows;.pat
ent
.WO.
03/094001.A1;.2003-11-13;.or.U.S..pa
tent
.7,0918,76.
© 2011 by Taylor and Francis Group, LLC
46-1
46.1 Introduction
Prosafe.is.a.comprehensive.and.integrated.solution.with.the.aim.to.support.safe.communication.in.
eld
bus
.net
works
.(Fi
gure
.46.
1).
.Pro
safe
.com
prises
.the.fol
lowing
.pri
nciples
.[1]
:
•
. Inte
gration
.of.safe
ty-related
.appl
ications
.into.stan
dard
.solu
tions
.with
out
.any.impa
ct
.for.the.latt
er
.
ones
.
•
. Stan
dard
.and.safe
ty
.data.coex
ist
.in.the.same.netw
ork—Probus
.(see.Chap
ter
.32).or.Pro
net
.
(see.Chap
ter
.40)—
without
.modi
cation
.of.the.stan
dard
.prot
ocols.
•
. Safe
ty
. data. is. tran
smitted
. betw
een
. safe
ty
. equi
pment—controllers
. (F-H
ost)
. and. devi
ces
.
(F-D
evice)—using
.the.high
est
.inte
grity
.leve
l
.(SIL.3.or.PL.“e”).requ
ired
.by.curr
ent
.appl
ications
.in.
facto
ry
.and.pro
cess
.auto
mation.
•
. Conguration,. parameterization,. diagnosis,. and. maintenance. of. safety. devices. is. performed.
using.engi
neering
.tools.that.are.simil
ar
.to.thos
e
.empl
oyed
.in.stan
dard
.appl
ications,
.thus.faci
litat-
ing
.the.dev
elopment
.and.int
egration
.pro
cess.
46.1.1 Standardization Framework
e.development.of.safety-related.systems.for.factory.and.process.automation.is.a.complex.task,.which.
invo
lves
.the.empl
oyment
.of.mult
iple
.and.inte
rrelated
.stan
dards.
.Figu
re
.46.2.pres
ents
.a.sele
ction
.of.the.
most.rel
evant
.one
s.
e
.deve
lopment
.of.Pro
safe
.was.perf
ormed
.base
d
.on.two.stan
dards:
.IEC.6150
8
.[2].and.EN.50159
-1,
.
now.IEC.6228
0-1
.[3]..IEC.6150
8
.outl
ines
.the.requ
irements
.when.elec
trical/electronic/programmable
.
elec
tronic
.syst
ems
.are.used.to.perf
orm
.safe
ty
.func
tions
.(fur
ther
.deta
ils
.can.be.foun
d
.in.Chap
ter
.2),.
46
Prosafe
46.1. Introduction.....................................................................................46-1
Standardization.Framework. •. Black.Channel.Principle
46.2. Prosafe.Communication..............................................................46-3
Error-Detection.Requirements. •. Error.Types.and.Safeguards. •. .
Cyclic/Acyclic.Communication. •. Cyclic.Communication.
PDU. •. Virtual.Consecutive.Number. •. Time-Out.with.
Receipt. •. Code.Name.for.Sender/Receiver. •. Data.Consistency.
Check. •. Detected.Safety.Data.Failures
46.3. Deployment....................................................................................46-11
Power.Supplies.and.Electrical.Safety. •. IncreasedImmunity. •. .
Installation.Guidelines. •. Wireless.Transmission.
andSecurity. •. Response.Time
Acronyms...................................................................................................46-14
References
...................................................................................................46-14
Ron Mitchell
RC Systems
Max Felser
Bern University of
Appl
ied
Sci
ences
Paulo Portugal
University of Porto
© 2011 by Taylor and Francis Group, LLC
46-2 Industrial Communication Systems
Standard CPU
Pronet
F-gateway
Remote I/O
PA-link
Limit switch
(F-Device)
Standard
controller
Laser scanner
(F-Device)
Drives
Probus-PA
ASI-safe
Robot
DP-link
F-Modules in a
remote I/O device
Probus-DP
Coexistence of standard and safety communication
Safety CPU
(F-Host)
Combination
possible
FIGURE 46.1 e. Prosafe. approach.. (Adapted. from. PROFIsafe—Safety. technology. for. PROFIBUS. and.
PROFINET—System.description,.PROFIBUS.Nutzerorganisation.e.V..PNO,.2007.)
Product standards
IEC 61486
Safety
functions (e.g,
light curtains)
IEC 61784-4
Security
(profile-specific)
IEC 61784-5
Installation guide
(profile-specific)
IEC 61784-3-3
(Profisafe)
Functional safety
communication
profile 3
IEC 61158 series/
61784-1, -2
Fieldbus for use in
industrial controls
systems
IEC 61508
Functional safety
(basic standard)
IEC 61326-3-1
EMC and
functional
safety
Safety-related standards Fieldbus-related standards Profisafe
Factory Process
IEC 61918
Installation guide
(common part)
IEC 60204-1
Safety of electrical
equipment
US: NFPA 79
Valid also in process industries, whenever applicable
IEC 62061
Functional safety
for machinery
(SRECS)
Design objective
Applicable standards
IEC 62443
Security
(common part)
IEC 61131-6
Safety for PLC
IEC 61800-5-2
Safety functions
for drives
ISO 12100-1 and ISO 14121
Safety of machinery — Principles for design and risk
assessment
US: ISA-84.00.01
DE: VDI 2180
IEC 61511
Functional safety — safety instrumented systems
for the process industry
Non-electrical
Electrical
ISO 13849-1, -2
Safety-related parts
of machinery
(SRPCS)
SIL based
PL based
Design of safety-related electrical, electronic and
programmable electronic control systems
(SRECS) for machinery
FIGURE 46.2 Overview.of.safety.standards.for.factory.and.process.automation..(Adapted.from.PROFIsafe—Safety.
technology.for.PROFIBUS.and.PROFINET—System.description,.PROFIBUS.Nutzerorganisation.e.V..PNO,.2007.)
© 2011 by Taylor and Francis Group, LLC
Prosafe 46-3
while.EN.50159-1.denes.the.requirements.needed.to.support.safe.communication.between.safety-
related
.equipment..Many.of.the.solutions.employed.by.Prosafe.are.based.on.EN.50159-1.proposals,.
the.“black.channel”.principle.being.the.most.relevant.example..Nowadays,.Prosafe.is.part.of.a.series.
of.standards.related.to.eldbus.systems—IEC.61158.[4].and.its.companion.IEC.61784.[5]..Within.
this.series,.the.IEC.61784-3.[6].denes.a.set.of.proles.to.support.safe.communication.in.eldbus.
networks..Prosafe.is.standardized. as.IEC.61784-3-3.[7],. resulting. from.additional. specications.
proposed.within.IEC.61784-3.to.encompass.Probus.and.Pronet.networks..According.to.its.devel-
opers
.[1],.it.is.certied.for.use.in.safety-related.applications.up.to.SIL.3.(Safety.Integrity.Level,.IEC.
61508.or.IEC.62061).or.PL.“e”.(Performance.Level,.ISO.13849-1)..is.certication.is.also.extended.
to.wireless.networks.such.as.IEEE.802.11.and.Bluetooth,.but.with.additional.security.requirements.
(see.Section.46.3.4).
46.1.2 Black Channel Principle
e.“black.channel”.principle.is.based.on.the.following.requirement:.the.transmission.of.safety.data.
is.performed.independently.of.the.characteristics.of.the.transmission.system,.e.g.,.medium,.topology,.
communication.stack,.network.devices,.etc.,.and.without.trusting.the.internal.safety.mechanisms.
provided.by.it..In.order.to.achieve.this.goal,.its.implementation.is.undertaken.as.an.additional.layer—
the safety layer—on
.top.of.the.application.layer..e.safety.layer.considers.that.safety.data.are.subject.
to.various.threats.(i.e.,.errors),.and.for.each.one.denes.a.set.of.defense.measures.in.order.to.protect.
this.data.[3].(see.Section.46.2.2)..In.the.Prosafe.case,.the.safety.layer.is.implemented.as.a.safety.
prole.(Figure.46.3)..erefore,.safety.data.are.encapsulated.in.standard.Pronet.or.Probus.frames,.
jointly.with.standard.data,.and.transmitted.in.accordance.with.the.usual.rules.dened.by.the.com-
munication
.protocol.
46.2 Prosafe Communication
From.the.beginning,.the.Prosafe.solution.was.subject.to.certain.design.constraints:.compatibility.with.
existing.Probus/Pronet.physical.layers,.interoperability.with.existing.devices,.and.compatibility.
with.existing.modular.devices..Any.solution.must.attempt.to.guarantee.the.error-free.delivery.of.data,.
or.the.detection.of.data.with.errors,.between.communicating.devices,.such.as.a.PLC.(F-Host).and.an.I/O.
Safety
application
Safety
application
Standard
application
Standard
application
Profisafe
layer
Profisafe
layer
Black
channel
Standard protocol Standard protocol
Standard data
Safety data
Profinet, Profibus
FIGURE 46.3 Black. channel. approach.. (Adapted. from. PROFIsafe—Safety. technology. for. PROFIBUS. and.
PROFINET—System.description,.PROFIBUS.Nutzerorganisation.e.V..PNO,.2007.)
© 2011 by Taylor and Francis Group, LLC
46-4 Industrial Communication Systems
device.(F-Device)..Implementation.of.the.error-detection.mechanism.as.separate.rmware.layers.in.the.
communicating.devices.allowed.these.constraints.to.be.met.
46.2.1 Error-Detection requirements
e.requirement.for.being.able.to.designate.a.system.as.capable.of.operating.at.SIL.3.is.that.the.system.
must.exhibit.a.failure.rate.less.than.10
−7
/h..is.failure.rate.is.for.the.entire.system..However,.a.system.is.
made.up.of.several.components.and.it.must.be.determined.what.each.component.is.allowed.to.contrib-
ute
.to.the.overall.system.failure.rate..ere.were.no.precedents.for.safety.systems.involving.digital.com-
munication
.systems..e.IEC.61508.species.the.contributions.to.the.overall.system.failure.rate.as.35%.
for.sensors,.15%.for.logic.controllers,.and.50%.for.actuators..erefore,.the.Working.Group.developing.
the.Prosafe.specications.chose.a.maximum.of.a.1%.contribution.allowed.for.Prosafe..is.percent-
age
.contribution.was.deducted.from.the.contribution.of.the.logic.controller.and.is.now.specied.in.IEC.
61784-3..As.one.can.see.in.Figure.46.4,.this.results.in.a.required.failure.rate.for.the.Prosafe.contribution.
of.only.10
−9
/h.(10
−2
.×.10
−7
).
46.2.2 Error types and Safeguards
Various.errors.can.occur.when.messages.are.transmitted,.whether.due.to.hardware.failures,.extraor-
dinary
.electromagnetic.interference,.or.other.inuences..A.message.can.be.lost,.occur.repeatedly,.be.
inserted.from.somewhere.else,.appear.delayed.or.in.an.incorrect.sequence,.and/or.show.corrupted.data..
In.the.case.of.safety.communication,.there.may.also.be.incorrect.addressing—a.standard.message.erro-
neously
.appears.at.an.F-Device.and.pretends.to.be.a.safety.message..Dierent.transmission.rates.may.
additionally.cause.storage.eects.to.occur..Of.the.numerous.error.types.and.safeguards.known.from.
literature,.Prosafe.concentrates.on.those.shown.in.Figure.46.5.
Although
.it.can.be.detected.by.use.of.the.consecutive.number.technique,.an.additional.error.type.
was.identied.for.Pronet.communication—that.of.the.failure.of.revolving.memory.in.switches..Since.
there.is.little.control.of.what.Ethernet.switches.a.customer.actually.uses,.some.COTS.(commercial,.o-
the-shelf)
.switches.may.be.unreliable.and.lead.to.revolving.memory.failures.as.shown.in.Figure.46.6..
Accidental.“jumping”.of.the.send.pointer,.for.example,.can.cause.emptying/sending.of.the.entire.queue.
of.messages.
46.2.3 Cyclic/acyclic Communication
Cyclic.data.exchange.between.a.controller.and.its.eld.devices.utilizes.a.one-to-one.communication.
relationship.as.shown.in.Figure.46.7..is.gure.illustrates.that.a.controller.(F-Host).can.operate.any.
mix.of.standard.and.safety.devices.(F-Devices).connected.to.the.same.network..Safety.tasks.and.
Sensor
Logic operations
Actuator
Bin. O
50%
1%
14%
1%
Safety integrity level (SIL) 3: 10
–7
/h
(PROFIsafe-Portion: 1% = 10
–9
/h)
SIL3
35%
Bin. I
Anal. I
FIGURE 46.4 Prosafe.contribution.to.system.failure.rate..(Adapted.from.Specication.PROFIsafe—Prole.for.
safety.technology,.Version.1.30,.June.2004,.Order.No:.3.092,.PROFIBUS.International.)
© 2011 by Taylor and Francis Group, LLC