Upload
superton1
View
250
Download
5
Embed Size (px)
Citation preview
CAN
© CiA
Reiner Zitzmann(CAN in Automation)
www.can-cia.org
CANopen Safety
1 Chip 16-Bit MCU
CAN- Controller 1 CAN- Controller 2
CAN- Transceiver
CAN-Bus
CAN Tx 2 CAN Rx 2CAN Rx 1CAN Tx 1
CANopen Stack
Safety Applikation
redundant CANopen safety-relevant
monitoring, cross comparison.
sequence monitoring, time monitoring
object dictionary (OD)
(CANopen data
structures according to
DS301 and DS304)
event leading
to safety
critical
shutoff
watchdog
with independent
time base
higher level supply
voltage/voltage
monitoring
/NMI
alternating transmission
diagnostic
functions
(eg. RAM/ ROM/
Op- Code Test,
Register,
Periphery)
safety switching
device
control-
signal
dual channel
monitoring-
signal
dual channel
trigger-
signal
control-
signal
dual channel
testsignal
Sensor Actuator
object dictionary
(DS4xx)
safety shutoff
2nd shutoff path
monitoring the
2nd shutoff path
CAN
© CiA
Application fields• Generic control functions in machine building (SIL2 and SIL3)• Interfaces for extruder downstream devices (SIL2)• Embedded control system for medical devices (SIL2 and SIL3)• Control systems for industrial cranes (SIL3)• Electronic control units for forklifts (SIL3)• Elevator control systems (SIL2 and SIL3)• Garbage truck bodies and off-road vehicles (SIL2)• Control systems for rail vehicles and locomotives (SIL3)• Embedded control systems for building doors (SIL2)
CANopensafety easy to use
CAN
© CiA
Multiple device
Object dictionary
CANopen safety device
I/O lines(Process IF)
SRDO(Safety IF)
SDO(Configuration IF)
Emergency/SDO(Diagnostics IF)
Logicaldevice 1
to to
Virtualdevice 1
Virtualdevice n
Logicaldevice 8
to
Virtualdevice 1
Virtualdevice n
PDO/SDO(Control IF)
CAN
© CiA
Communication profile area
Index range Description
1000h to 1029h General communication objects
1200h to 12FFh SDO parameter objects
1300h to 13FFh CANopen safety objects
1400h to 1BFFh PDO parameter objects
1F00h to 1F11h SDO manager objects
1F20h to 1F27h Configuration manager objects
1F50h to 1F54h Program control objects
1F80h to 1F89h NMT master objects
CAN
© CiA
◆ Service Data Object (SDO) protocols ◆ Standard SDO protocols ◆ SDO block protocols◆ Safety-Related Data Object (SRDO) protocol◆ Process Data Object (PDO) protocol◆ Special object protocols: ◆ Synchronization (SYNC) protocol ◆ Time Stamp (TIME) protocol ◆ Emergency (EMCY) protocol◆ Network Management protocols: ◆ NMT Message protocol ◆ Boot-Up protocol ◆ Error Control protocols
- Heartbeat protocol- Node guarding protocol
Communication protocols
CAN
© CiA
CANopen network with safe nodes
PLC
S1 N1 S2 N2 N3 D1
MEmergency
Push Button
SLM
Drive
Controll
CAN Safety Power
Switch
S3
Sx Safety Node (S3: Saftey controller)Nx Normal Node
Dx Drive Controll
CAN
© CiA
indication(s)1 to 8 Byte
1 to 8 Byterequest
CAN Data Frame 1
Bit-wise inverted Data Field of CAN Data Frame 1
Safety-relevant Data Object
CAN
© CiA
time
SRDO1SRDO1
SRVT SRVT
time
SRDO1
SRDO1
SRDO1SRDO1
SCTSCT
SCT
SCT expired
refresh-time refresh-time
SRVT
SRVTexpired
SRDO Timing
CAN
© CiA
SRDO parameter record
Index Sub-Index Field in SRDO Communication Parameter Record Data Type
0h Number of entries UNSIGNED8
1h Information direction (TX or RX) UNSIGNED8
2h Refresh-time/SCT (in ms) UNSIGNED16
3h SRVT (in ms) UNSIGNED8
4h Transmission type UNSIGNED8
5h COB ID1 UNSIGNED32
13xxh
6h COB ID2 UNSIGNED32
CAN
© CiA
Optionally reserved IDs
Object CAN identifier
Global failsafe command 1h
Safety-relevant data objects (SRDO) 101h to 180h
Flying master 71h to 76h
Dynamic SDO request 6E0h
Node claiming procedure 6E1h to 6E3h
Node claiming procedure 6F0h to 6FFh
Layer setting services (LSS) 7E4h, 7E5h
CAN
© CiA
2000h 01h Object A
2003h 03h Object G2003h 02h Object F2003h 01h Object E2002h 00h Object D2001h 00h Object C2000h 02h Object B
Object Dictionary
Object GObject A Object ESRDO_1
Index Sub Object contents01h 2000h 01h 8h
02h 2003h 03h 10h
03h 2003h 01h 8h
1381h
1381h
1381h
SRDO mapping
CAN
© CiA
2000h 01h Object A
2003h 03h Object G2003h 02h Object F2003h 01h Object E2002h 00h Object D
2000h 02h Object B
Object Dictionary
Object A Object EObject GSRDO_1
Index Sub Object contents01h 2000h 01h 8h
02h 2003h 03h 10h
03h 2003h 01h 8h
1381h
1381h
1381h 2001h 00h
2001h 00h Object C
2003h 03h Object G
2001h 00h Object C
Object C
Variable SRDO mapping
CAN
© CiA
Object dictionary extension
Index Object Name Type Acc.1
M/O
1300h VAR GFC parameter UNSIGNED8 rw O
SRDO Communication Parameter
1301h RECORD 1st SRDO parameter SRDO Parameter (26h) rw M
1302h RECORD 2nd
SRDO parameter SRDO Parameter (26h) rw M/O*
::::: ::::: ::::: ::::: ::::: :::::
1340h RECORD 64th
SRDO parameter SRDO Parameter (26h) rw M/O*
1341h reserved
::::: :::::
1380h reserved
SRDO Mapping Parameter
1381h ARRAY 1st SRDO mapping UNSIGNED32 rw M
1382h ARRAY 2nd
SRDO mapping UNSIGNED32 rw M/O*
::::: ::::: ::::: ::::: ::::: :::::
13C0h ARRAY 64th
SRDO mapping UNSIGNED32 rw M/O*
13C1h reserved
::::: :::::
13FDh reserved
13FEh VAR Configuration valid UNSIGNED 8 rw M
13FFh ARRAY Safety Configuration Checksum UNSIGNED16 ro M
CAN
© CiA
BIA approval
CAN
© CiA
(1) Message repetition
(2) Message lost
(3) Message insertion
(4) Wrong message sequence
(5) Message corruption
(6) Message delay
(7) Coupling
Communication failures
CAN
© CiA
(1) Running number in safety-relevant messages
(2) Relative, absolute or double time-marks
(3) Time-out
(4) Confirmation of message
(5) Identifying of producer and consumer
(6) Application CRC
(7) Redundancy with cross-checking
Failure-avoiding methods
CAN
© CiA
Repetition
Lost
Insertion
Wrong sequence
Corruption
Delay
Coupling
Run
ning
num
ber
Tim
e m
ark
Tim
e-ou
t
Con
firm
atio
n
Iden
tific
atio
n
CR
C
Cro
ss-c
heck
Diff
eren
t dat
a
x
x
x
x
-
-
-
x
-
-
x
-
x
-
-
-
-
-
-
xx3
-
-
x
x1
-
x
-
x1
-
-
x2
-
-
-
x
- x -
- x -
- x -
-
x
-
-
x -
x4
-
-
-
- x
1) application-specific2) only for producer3) mandatory4) low error-rate shall betestable
Methods used byCANopen Safety
BIA recommendations
CAN
© CiA
CANopen safety chip
1 Chip 16-Bit MCU
CAN- Controller 1 CAN- Controller 2
CAN- Transceiver
CAN-Bus
CAN Tx 2 CAN Rx 2CAN Rx 1CAN Tx 1
CANopen Stack
Safety Applikation
redundant CANopen safety-relevant
monitoring, cross comparison.
sequence monitoring, time monitoring
object dictionary (OD)
(CANopen data
structures according to
DS301 and DS304)
event leading
to safety
critical
shutoff
watchdog
with independent
time base
higher level supply
voltage/voltage
monitoring
/NMI
alternating transmission
diagnostic
functions
(eg. RAM/ ROM/
Op- Code Test,
Register,
Periphery)
safety switching
device
control-
signal
dual channel
monitoring-
signal
dual channel
trigger-
signal
control-
signal
dual channel
testsignal
Sensor Actuator
object dictionary
(DS4xx)
safety shutoff
2nd shutoff path
monitoring the
2nd shutoff path
CAN
© CiA
Requirements (Consortium) CANopen Safety
• 2 independent CAN controllers• 2 TSRDO + 2 RSRDO• Minimal SRVT: 5 ms• Minimal refresh-time: 20 ms
CANopen• 2 TPDO + 2 RPDO• SRDO/PDO linking• SRDO/PDO static mapping• Heartbeat producer• Emergency producer