BS EN 61784-3-3:2017
$215.11
Industrial communication networks. Profiles – Functional safety fieldbuses. Additional specifications for CPF 3
| Published By | Publication Date | Number of Pages |
| BSI | 2017 | 144 |
This part of the IEC 61784-3 series specifies a safety communication layer (services and protocol) based on CPF 3 of IEC 61784-1, IEC 61784-2 (CP 3/1, CP 3/2, CP 3/4, CP 3/5 and CP 3/6) and IEC 61158 Types 3 and 10. It identifies the principles for functional safety communications defined in IEC 61784-3 that are relevant for this safety communication layer. This safety communication layer is intended for implementation in safety devices only.
NOTE 1 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.
This part 1 defines mechanisms for the transmission of safety-relevant messages among participants within a distributed network using fieldbus technology in accordance with the requirements of IEC 61508 series2 for functional safety. These mechanisms may be used in various industrial applications such as process control, manufacturing automation and machinery.
This part provides guidelines for both developers and assessors of compliant devices and systems.
NOTE 2 The resulting SIL claim of a system depends on the implementation of the selected functional safety communication profile within this system ā implementation of a functional safety communication profile according to this part in a standard device is not sufficient to qualify it as a safety device.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | National foreword |
| 7 | English CONTENTS |
| 13 | FOREWORD |
| 15 | Figures FigureĀ 1 ā Relationships of IECĀ 617843 with other standards (machinery) |
| 16 | FigureĀ 2 ā Relationships of IECĀ 617843 with other standards (process) |
| 19 | 1 Scope 2 Normative references |
| 21 | 3 Terms, definitions, symbols, abbreviated terms and conventions 3.1 Terms and definitions 3.1.1 Common terms and definitions |
| 27 | 3.1.2 CPFĀ 3: Additional terms and definitions |
| 31 | 3.2 Symbols and abbreviated terms 3.2.1 Common symbols and abbreviated terms |
| 32 | 3.2.2 CPFĀ 3: Additional symbols and abbreviated terms |
| 33 | 3.3 Conventions 4 Overview of FSCPĀ 3/1 (PROFIsafeā¢) |
| 34 | FigureĀ 3 ā Basic communication preconditions for FSCPĀ 3/1 FigureĀ 4 ā Structure of an FSCPĀ 3/1 safety PDU |
| 35 | FigureĀ 5 ā Safety communication on CPF 3 |
| 36 | 5 General 5.1 External documents providing specifications for the profile 5.2 Safety functional requirements 5.3 Safety measures |
| 37 | 5.4 Safety communication layer structure 5.4.1 Principle of FSCPĀ 3/1 safety communications FigureĀ 6 ā Standard CPFĀ 3 transmission system Tables TableĀ 1 ā Deployed measures to master errors |
| 38 | 5.4.2 CPFĀ 3 communication structures FigureĀ 7 ā Safety layer architecture |
| 39 | FigureĀ 8 ā Basic communication layers FigureĀ 9 ā Multiport switch bus structure |
| 40 | FigureĀ 10 ā Linear bus structure FigureĀ 11 ā Crossing network borders with routers |
| 41 | 5.5 Relationships with FAL (and DLL, PhL) 5.5.1 Device model FigureĀ 12 ā Complete safety transmission paths |
| 42 | 5.5.2 Application and communication relationships 5.5.3 Data types FigureĀ 13 ā IO Device model TableĀ 2 ā Data types for FSCPĀ 3/1 |
| 43 | 6 Safety communication layer services 6.1 F-Host services FigureĀ 14 ā FSCPĀ 3/1 communication structure |
| 44 | FigureĀ 15 ā F user interface of F-Host driver instances |
| 45 | Figure 16 ā Motivation for "Channel-related Passivation" |
| 46 | 6.2 F-Device services |
| 47 | FigureĀ 17 ā F-Device driver interfaces |
| 48 | 6.3 Diagnosis 6.3.1 Safety alarm generation 6.3.2 F-Device safety layer diagnosis including the iPar-Server |
| 49 | 7 Safety communication layer protocol 7.1 Safety PDU format 7.1.1 Safety PDU structure TableĀ 3 ā Safety layer diagnosis messages |
| 50 | 7.1.2 Safety IO data 7.1.3 Status and Control Byte FigureĀ 18 ā Safety PDU for CPFĀ 3 FigureĀ 19 ā StatusĀ Byte |
| 51 | FigureĀ 20 ā ControlĀ Byte |
| 52 | 7.1.4 (Virtual) MonitoringNumber FigureĀ 21 ā The ToggleĀ Bit function |
| 53 | 7.1.5 (Virtual) MNR mechanism (F_CRC_Seed=0) 7.1.6 (Virtual) MNR mechanism (F_CRC_Seed=1) FigureĀ 22 ā F-Device MonitoringNumber Table 4 ā MonitoringNumber of an F-Host PDU Table 5 ā MonitoringNumber of an F-Device PDU |
| 54 | Table 6 ā MonitoringNumber of an F-Host PDU Table 7 ā MonitoringNumber of an F-Device PDU |
| 55 | 7.1.7 CRC2 Signature (F_CRC_Seed=0) FigureĀ 23 ā F-Host CRC2 signature generation (F_CRC_Seed=0) |
| 56 | 7.1.8 CRC2 Signature (F_CRC_Seed=1) FigureĀ 24 ā Details of the CRC2 signature calculation (F_CRC_Seed=0) FigureĀ 25 ā CRC2 signature calculation (F_CRC_Seed=1) |
| 57 | 7.1.9 Non-safety IO data 7.2 FSCPĀ 3/1 behavior 7.2.1 General FigureĀ 26 ā Details of the CRC2 signature calculation (F_CRC_Seed=1) FigureĀ 27 ā Safety layer communication relationship |
| 58 | 7.2.2 F-Host state diagram FigureĀ 28 ā F-Host state diagram |
| 59 | Table 8 ā Definition of terms used in F-Host state diagram TableĀ 9 ā F-Host states and transitions |
| 61 | 7.2.3 F-Device state diagram |
| 62 | FigureĀ 29 ā F-Device state diagram Table 10 ā Definition of terms used in FigureĀ 29 |
| 63 | TableĀ 11 ā F-Device states and transitions |
| 65 | 7.2.4 Sequence diagrams Figure 30 ā Interaction F-Host / F-Device during start-up |
| 66 | FigureĀ 31 ā Interaction F-Host / F-Device during F-Host power off ā on |
| 67 | FigureĀ 32 ā Interaction F-Host / F-Device with delayed power on |
| 68 | FigureĀ 33 ā Interaction F-Host / F-Device during power off ā on |
| 69 | FigureĀ 34 ā Interaction F-Host / F-Device while host recognizes CRC error |
| 70 | FigureĀ 35 ā Interaction F-Host / F-Device while device recognizes CRC error |
| 71 | 7.2.5 Timing diagram for a MonitoringNumber reset 7.2.6 Monitoring of safety times FigureĀ 36 ā Impact of the MNR reset signal |
| 72 | FigureĀ 37 ā Monitoring the message transit time F-Host ā F-Output FigureĀ 38 ā Monitoring the message transit time F-Input ā F-Host |
| 74 | 7.3 Reaction in the event of a malfunction 7.3.1 Unintended repetition FigureĀ 39 ā Extended watchdog time on request TableĀ 12 ā SIL monitor times |
| 75 | 7.3.2 Loss 7.3.3 Insertion 7.3.4 Incorrect sequence 7.3.5 Corruption of safety data 7.3.6 Unacceptable delay 7.3.7 Masquerade |
| 76 | 7.3.8 Addressing 7.3.9 Memory failures within switches TableĀ 13 ā Remedies for switch failures |
| 77 | 7.3.10 Loop-back 7.3.11 Network boundaries and router TableĀ 14 ā Safety network boundaries |
| 78 | 7.4 F-Startup and parameter change at runtime 7.4.1 Standard startup procedure 7.4.2 iParameter assignment deblocking 8 Safety communication layer management 8.1 F-Parameter 8.1.1 Summary FigureĀ 40 ā iParameter assignment deblocking by the F-Host |
| 79 | 8.1.2 F_Source/Destination_Address (Codename) 8.1.3 F_WD_Time (F-Watchdog time) Table 15 ā Codename octet order |
| 80 | 8.1.4 F_WD_Time_2 (secondary F-Watchdog time) 8.1.5 F_Prm_Flag1 (Parameters for the safety layer management) FigureĀ 41 ā Effect of F_WD_Time_2 FigureĀ 42 ā F_Prm_Flag1 |
| 81 | FigureĀ 43 ā F_Check_SeqNr FigureĀ 44 ā F_Check_iPar FigureĀ 45 ā F_SIL |
| 82 | 8.1.6 F_Prm_Flag2 (Parameters for the safety layer management) FigureĀ 46 ā F_CRC_Length FigureĀ 47 ā F_CRC_Seed FigureĀ 48 ā F_Prm_Flag2 |
| 83 | 8.1.7 F_iPar_CRC (value of iPar_CRC across iParameters) Figure 49 ā F_Passivation FigureĀ 50 ā F_Block_ID FigureĀ 51 ā F_Par_Version |
| 84 | 8.1.8 F_Par_CRC calculation (across F-Parameters) 8.1.9 Structure of the F-Parameter record data object 8.2 iParameter and iPar_CRC FigureĀ 52 ā F-Parameter |
| 85 | 8.3 Safety parameterization 8.3.1 Objectives FigureĀ 53 ā iParameter block |
| 86 | 8.3.2 GSDL and GSDML safety extensions Table 16 ā GSDL keywords for F-Parameters and F-IO structures |
| 87 | FigureĀ 54 ā F-Parameter extension within the GSDML specification |
| 88 | 8.3.3 Securing safety parameters and GSD data |
| 89 | FigureĀ 55 ā F_Par_CRC signature including iPar_CRC Figure 56 ā Algorithm to build CRC0 |
| 90 | Table 17 ā GSD example in GSDL notation |
| 91 | Figure 57 ā GSD example in GSDML notation Table 18 ā Serialized octet stream for the examples |
| 92 | 8.4 Safety configuration 8.4.1 Securing the safety IO data description (CRC7) TableĀ 19 ā IO data structure items |
| 93 | 8.4.2 DataItem data type section examples |
| 94 | FigureĀ 58 ā DataItem section for F_IN_OUT_1 |
| 95 | FigureĀ 59 ā DataItem section for F_IN_OUT_2 |
| 96 | FigureĀ 60 ā DataItem section for F_IN_OUT_5 |
| 97 | 8.5 Data type information usage 8.5.1 F-Channel driver FigureĀ 61 ā DataItem section for F_IN_OUT_6 |
| 98 | 8.5.2 Rules for standard F-Channel drivers FigureĀ 62 ā F-Channel driver as "glue" between F-Device and user program TableĀ 20 ā Sample F-Channel drivers |
| 99 | 8.5.3 Recommendations for F-Channel drivers FigureĀ 63 ā Layout example of an F-Channel driver |
| 100 | 8.6 Safety parameter assignment mechanisms 8.6.1 F-Parameter assignment 8.6.2 General iParameter assignment FigureĀ 64 ā F-Parameter assignment for simple F-Devices and F-Slaves |
| 101 | 8.6.3 System integration requirements for iParameterization tools FigureĀ 65 ā F and iParameter assignment for complex F-Devices TableĀ 21 ā Requirements for iParameterization |
| 102 | FigureĀ 66 ā System integration of CPD-Tools |
| 103 | 8.6.4 iPar-Server FigureĀ 67 ā iPar-Server mechanism (commissioning) |
| 104 | FigureĀ 68 ā iPar-Server mechanism (for example F-Device replacement) |
| 105 | FigureĀ 69 ā iPar-Server request coding ("status model") |
| 106 | FigureĀ 70 ā Coding of SR_Type TableĀ 22 ā Specifier for the iPar-Server Request |
| 107 | FigureĀ 71 ā iPar-Server request coding ("alarm model") TableĀ 23 ā Structure of the Read_RES_PDU ("read record") |
| 108 | TableĀ 24 ā Structure of the Write_REQ_PDU ("write record") TableĀ 25 ā Structure of the Pull_RES_PDU ("Pull") TableĀ 26 ā Structure of the Push_REQ_PDU ("Push") |
| 109 | FigureĀ 72 ā iPar-Server state diagram |
| 110 | TableĀ 27 ā iPar-Server states and transitions |
| 111 | TableĀ 28 ā iPar-Server management measures |
| 112 | 9 System requirements 9.1 Indicators and switches 9.2 Installation guidelines 9.3 Safety function response time 9.3.1 Model |
| 113 | FigureĀ 73 ā Example safety function with a critical response time path FigureĀ 74 ā Simplified typical response time model |
| 114 | 9.3.2 Calculation and optimization FigureĀ 75 ā Frequency distributions of typical response times of the model |
| 115 | FigureĀ 76 ā Context of delay times and watchdog times |
| 116 | 9.3.3 Adjustment of watchdog times for FSCPĀ 3/1 FigureĀ 77 ā Timing sections forming the FSCPĀ 3/1 F_WD_Time |
| 117 | 9.3.4 Engineering tool support 9.3.5 Retries (repetition of messages) FigureĀ 78 ā Frequency distribution of response times with message retries |
| 118 | 9.4 Duration of demands FigureĀ 79 ā Retries with CPĀ 3/1 FigureĀ 80 ā Retries with CPĀ 3/RTE |
| 119 | 9.5 Constraints for the calculation of system characteristics 9.5.1 Probabilistic considerations FigureĀ 81 ā Residual error probabilities for the 24-bit CRC polynomial |
| 120 | FigureĀ 82 ā Residual error probabilities for the 32-bit CRC polynomial |
| 121 | 9.5.2 Safety related assumptions FigureĀ 83 ā Monitoring of corrupted messages Table 29 ā Definition of terms in FigureĀ 83 |
| 122 | 9.5.3 Non safety related constraints (availability) 9.6 Maintenance 9.6.1 F-Module commissioning / replacement 9.6.2 Identification and maintenance functions 9.7 Safety manual |
| 123 | TableĀ 30 ā Information to be included in the safety manual |
| 124 | 9.8 Wireless transmission channels 9.8.1 Black channel approach 9.8.2 Availability 9.8.3 Security measures Figure 84 ā Considerations against systematic loop-back configuration errors |
| 125 | FigureĀ 85 ā Security for WLAN networks Table 31 ā Definition of terms in FigureĀ 85 TableĀ 32 ā Security measures for WLAN (IEEE 802.11) |
| 126 | FigureĀ 86 ā Security for Bluetooth networks Table 33 ā Definition of terms in FigureĀ 86 |
| 127 | 9.8.4 Stationary and mobile applications 9.9 Conformance classes TableĀ 34 ā Security measures for Bluetooth (IEEE 802.15.1) TableĀ 35 ā F-Host conformance class requirements |
| 129 | 10 Assessment 10.1 Safety policy 10.2 Obligations Table 36 ā Main characteristics of protocol versions Table 37 ā F-Host/F-Device conformance matrix |
| 131 | Annex A (informative) Additional information for functional safety communication profiles of CPF 3 A.1 Hash function calculation FigureĀ A.1 ā Typical "C" procedure of a cyclic redundancy check |
| 132 | TableĀ A.1 ā The table "Crctab24" for 24 bit CRC signature calculations |
| 133 | TableĀ A.2 ā The table "Crctab32" for 32 bit CRC signature calculations |
| 134 | A.2 Example values for MonitoringNumbers (MNR) TableĀ A.3 ā The table "Crctab16" for 16 bit CRC signature calculations |
| 135 | A.3 Response time measurements FigureĀ A.2 ā Comparison of the response time model and a real application TableĀ A.4 ā Values of CN_incrNR_64 and MNR for F-Host PDU |
| 136 | FigureĀ A.3 ā Frequency distribution of measured response times |
| 137 | FigureĀ A.4 ā F-Host with standard and safety-related application programs |
| 138 | Annex B (informative) Information for assessment of the functional safety communication profiles of CPF 3 |
| 139 | Bibliography |
