| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | Annex ZA(normative)Normative references to international publicationswith their corresponding European publications <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | English CONTENTS <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | Figures Figure 1 \u2013 Relationships of IEC 617843 with other standards (machinery) <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | Figure 2 \u2013 Relationships of IEC 617843 with other standards (process) <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 3 Terms, definitions, symbols, abbreviated terms and conventions 3.1 Terms and definitions 3.1.1 Common terms and definitions <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 3.1.2 CPF 3: Additional terms and definitions <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 3.2 Symbols and abbreviated terms 3.2.1 Common symbols and abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 3.2.2 CPF 3: Additional symbols and abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 3.3 Conventions 4 Overview of FSCP 3\/1 (PROFIsafe\u2122) <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | Figure 3 \u2013 Basic communication preconditions for FSCP 3\/1 Figure 4 \u2013 Structure of an FSCP 3\/1 safety PDU <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | Figure 5 \u2013 Safety communication on CPF 3 <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 5 General 5.1 External documents providing specifications for the profile 5.2 Safety functional requirements 5.3 Safety measures <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 5.4 Safety communication layer structure 5.4.1 Principle of FSCP 3\/1 safety communications Tables Table 1 \u2013 Deployed measures to master errors <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | Figure 6 \u2013 Standard CPF 3 transmission system <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 5.4.2 CPF 3 communication structures Figure 7 \u2013 Safety layer architecture Figure 8 \u2013 Basic communication layers <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | Figure 9 \u2013 Crossing network borders with routers <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 5.5 Relationships with FAL (and DLL, PhL) 5.5.1 Device model Figure 10 \u2013 Complete safety transmission paths <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 5.5.2 Application and communication relationships 5.5.3 Data types Figure 11 \u2013 IO Device model Table 2 \u2013 Data types for FSCP 3\/1 Table 3 \u2013 F_MessageTrailer for FSCP 3\/1 <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 6 Safety communication layer services 6.1 F-Host driver services Figure 12 \u2013 FSCP 3\/1 communication structure <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | Figure 13 \u2013 F application interface of F-Host driver instances <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | Figure 14 \u2013 Motivation for “Channel-related Passivation” <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 6.2 F-Device driver services Figure 15 \u2013 F-Device driver interfaces <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | 6.3 Diagnosis 6.3.1 Safety alarm generation 6.3.2 F-(Sub)Module safety layer diagnosis Table 4 \u2013 Safety layer diagnosis messages <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 7 Safety communication layer protocol 7.1 Safety PDU format 7.1.1 Safety PDU structure Table 5 \u2013 Buffer entry on CRC2 error <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 7.1.2 Safety IO data 7.1.3 Status and Control Byte Figure 16 \u2013 Safety PDU for CPF 3 Figure 17 \u2013 Status Byte <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | Figure 18 \u2013 Control Byte <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | 7.1.4 (Virtual) MonitoringNumber Figure 19 \u2013 The Toggle Bit function <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | 7.1.5 (Virtual) MNR mechanism (F_CRC_Seed=0) 7.1.6 (Virtual) MNR mechanism (F_CRC_Seed=1) Figure 20 \u2013 MonitoringNumber integration Table 6 \u2013 MonitoringNumber of an F-Host driver SPDU Table 7 \u2013 MonitoringNumber of an F-Device driver SPDU <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | Table 8 \u2013 MonitoringNumber of an F-Host driver SPDU Table 9 \u2013 MonitoringNumber of an F-Device driver SPDU <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 7.1.7 CRC2 Signature (F_CRC_Seed=0) Figure 21 \u2013 F-Host driver CRC2 signature generation (F_CRC_Seed=0) <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 7.1.8 CRC2 Signature (F_CRC_Seed=1) Figure 22 \u2013 Details of the CRC2 signature calculation (F_CRC_Seed=0) Figure 23 \u2013 CRC2 signature calculation (F_CRC_Seed=1) <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 7.1.9 Non-safety IO data 7.2 FSCP 3\/1 behavior 7.2.1 General Figure 24 \u2013 Details of the CRC2 signature calculation (F_CRC_Seed=1) Figure 25 \u2013 Safety layer communication relationship <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 7.2.2 F-Host driver state diagram Figure 26 \u2013 F-Host driver state diagram Table 10 \u2013 Definition of terms used in F-Host driver state diagram <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | Table 11 \u2013 F-Host driver states and transitions <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 7.2.3 F-Device driver state diagram <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | Figure 27 \u2013 F-Device driver state diagram Table 12 \u2013 Definition of terms used in Figure 27 <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | Table 13 \u2013 F-Device driver states and transitions <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | 7.2.4 F-Device driver restart 7.2.5 Sequence diagrams <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | Figure 28 \u2013 Interaction F-Host driver \/ F-Device driver during start-up <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | Figure 29 \u2013 Interaction F-Host driver \/ F-Device driver during F-Host power off > on <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | Figure 30 \u2013 Interaction F-Host driver \/ F-Device driver with delayed power on <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | Figure 31 \u2013 Interaction F-Host driver \/ F-Device driver during power off \u2192 on <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | Figure 32 \u2013 Interaction while F-Host driver recognizes CRC error <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | Figure 33 \u2013 Interaction while F-Device driver recognizes CRC error <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | 7.2.6 Timing diagram for a MonitoringNumber reset 7.2.7 Monitoring of safety times Figure 34 \u2013 Impact of the MNR reset signal <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | Figure 35 \u2013 Monitoring the message transit time F-Host \u2194 F-(Sub)Module <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | Table 14 \u2013 SIL monitor times <\/td>\n<\/tr>\n | ||||||
| 77<\/td>\n | 7.3 Reaction in the event of a malfunction 7.3.1 Corruption of safety data 7.3.2 Unintended repetition Figure 36 \u2013 Extended watchdog time on request <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | 7.3.3 Incorrect sequence 7.3.4 Loss 7.3.5 Unacceptable delay 7.3.6 Insertion 7.3.7 Masquerade 7.3.8 Addressing <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | 7.3.9 Out-of-sequence 7.3.10 Loop-back 7.3.11 Network boundaries and router <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | 7.4 F-Startup and parameter change at runtime 7.4.1 Standard startup procedure 8 Safety communication layer management 8.1 F-Parameter 8.1.1 Summary Table 15 \u2013 Safety network boundaries <\/td>\n<\/tr>\n | ||||||
| 81<\/td>\n | 8.1.2 F_Source\/Destination_Address (Codename) Table 16 \u2013 Codename octet order <\/td>\n<\/tr>\n | ||||||
| 82<\/td>\n | 8.1.3 F_WD_Time (F-Watchdog time) 8.1.4 F_WD_Time_2 (secondary F-Watchdog time) 8.1.5 F_Prm_Flag1 (Parameters for the safety layer management) Figure 37 \u2013 Effect of F_WD_Time_2 <\/td>\n<\/tr>\n | ||||||
| 83<\/td>\n | Figure 38 \u2013 F_Prm_Flag1 Figure 39 \u2013 F_Check_iPar Figure 40 \u2013 F_SIL <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | Figure 41 \u2013 F_CRC_Length Figure 42 \u2013 F_CRC_Seed Table 17 \u2013 Allowed combinations of F_CRC_Seed and F_Passivation <\/td>\n<\/tr>\n | ||||||
| 85<\/td>\n | 8.1.6 F_Prm_Flag2 (Parameters for the safety layer management) Figure 43 \u2013 F_Prm_Flag2 Figure 44 \u2013 F_Passivation Figure 45 \u2013 F_Block_ID <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | 8.1.7 F_iPar_CRC (value of iPar_CRC across iParameters) 8.1.8 F_Par_CRC calculation (across F-Parameters) Figure 46 \u2013 F_Par_Version <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | 8.1.9 Structure of the F-Parameter record data object 8.2 iParameter and iPar_CRC Figure 47 \u2013 F-Parameter <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | 8.3 Safety parameterization 8.3.1 Objectives Figure 48 \u2013 iParameter block <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | 8.3.2 GSDL and GSDML safety extensions Table 18 \u2013 GSDL keywords for F-Parameters and F-IO structures <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | Figure 49 \u2013 F-Parameter extension within the GSDML specification <\/td>\n<\/tr>\n | ||||||
| 91<\/td>\n | 8.3.3 Securing safety parameters and GSD data Figure 50 \u2013 F_Par_CRC signature including iPar_CRC <\/td>\n<\/tr>\n | ||||||
| 92<\/td>\n | Table 19 \u2013 Algorithm to build CRC0 <\/td>\n<\/tr>\n | ||||||
| 93<\/td>\n | Table 20 \u2013 GSD example in GSDL notation <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | Table 21 \u2013 GSD example in GSDML notation Table 22 \u2013 Serialized octet stream for the examples <\/td>\n<\/tr>\n | ||||||
| 95<\/td>\n | 8.4 Safety configuration 8.4.1 Order of IO data types 8.4.2 Securing the safety IO data description Table 23 \u2013 Order of IO data types <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | 8.4.3 DataItem data type section examples Table 24 \u2013 IO data structure items <\/td>\n<\/tr>\n | ||||||
| 97<\/td>\n | Table 25 \u2013 DataItem section for F_IN_OUT_1 Table 26 \u2013 DATA_STRUCTURE_CRC for F_IN_OUT_1 <\/td>\n<\/tr>\n | ||||||
| 98<\/td>\n | Table 27 \u2013 DataItem section for F_IN_OUT_2 Table 28 \u2013 DATA_STRUCTURE_CRC for F_IN_OUT_2 <\/td>\n<\/tr>\n | ||||||
| 99<\/td>\n | Table 29 \u2013 DataItem section for F_IN_OUT_5 Table 30 \u2013 DATA_STRUCTURE_CRC for F_IN_OUT_5 <\/td>\n<\/tr>\n | ||||||
| 100<\/td>\n | 8.5 Data type information usage 8.5.1 F-Host Channel driver Table 31 \u2013 DataItem section for F_IN_OUT_6 Table 32 \u2013 DATA_STRUCTURE_CRC for F_IN_OUT_6 <\/td>\n<\/tr>\n | ||||||
| 101<\/td>\n | 8.5.2 Rules for standard F-Host Channel drivers Figure 51 \u2013 F-Host Channel driver as “glue”between F-(Sub)Module and application program Table 33 \u2013 Sample F-Host Channel drivers <\/td>\n<\/tr>\n | ||||||
| 102<\/td>\n | 8.5.3 Recommendations for the use of F-Host Channel drivers Figure 52 \u2013 Layout example of an F-Host Channel driver <\/td>\n<\/tr>\n | ||||||
| 103<\/td>\n | 8.6 Safety parameter assignment mechanisms 8.6.1 F-Parameter assignment 8.6.2 General iParameter assignment 8.6.3 System integration requirements for iParameterization tools Figure 53 \u2013 F-Parameter assignment for F-(Sub)Modules <\/td>\n<\/tr>\n | ||||||
| 104<\/td>\n | Figure 54 \u2013 System integration of CPD-Tools Table 34 \u2013 Requirements for iParameterization <\/td>\n<\/tr>\n | ||||||
| 105<\/td>\n | 8.6.4 iPar-Server Figure 55 \u2013 iPar-Server mechanism (commissioning) <\/td>\n<\/tr>\n | ||||||
| 107<\/td>\n | Figure 56 \u2013 iPar-Server mechanism (for example F-(Sub)Module replacement) <\/td>\n<\/tr>\n | ||||||
| 108<\/td>\n | Figure 57 \u2013 iPar-Server request coding (“status model”) <\/td>\n<\/tr>\n | ||||||
| 109<\/td>\n | Figure 58 \u2013 Coding of SR_Type Table 35 \u2013 Specifier for the iPar-Server Request <\/td>\n<\/tr>\n | ||||||
| 110<\/td>\n | Figure 59 \u2013 iPar-Server request coding (“alarm model”) <\/td>\n<\/tr>\n | ||||||
| 111<\/td>\n | Table 36 \u2013 Structure of the Read_RES_PDU (“read record”) Table 37 \u2013 Structure of the Write_REQ_PDU (“write record”) Table 38 \u2013 Structure of the Pull_RES_PDU (“Pull”) <\/td>\n<\/tr>\n | ||||||
| 112<\/td>\n | Table 39 \u2013 Structure of the Push_REQ_PDU (“Push”) <\/td>\n<\/tr>\n | ||||||
| 113<\/td>\n | Figure 60 \u2013 iPar-Server state diagram <\/td>\n<\/tr>\n | ||||||
| 114<\/td>\n | Table 40 \u2013 iPar-Server states and transitions <\/td>\n<\/tr>\n | ||||||
| 115<\/td>\n | Table 41 \u2013 iPar-Server management measures <\/td>\n<\/tr>\n | ||||||
| 116<\/td>\n | 9 System requirements 9.1 Indicators and switches 9.2 Installation guidelines 9.3 Safety function response time 9.3.1 Model <\/td>\n<\/tr>\n | ||||||
| 117<\/td>\n | Figure 61 \u2013 Example safety function with a critical response time path Figure 62 \u2013 Simplified typical response time model <\/td>\n<\/tr>\n | ||||||
| 118<\/td>\n | 9.3.2 Calculation and optimization Figure 63 \u2013 Frequency distributions of typical response times of the model <\/td>\n<\/tr>\n | ||||||
| 119<\/td>\n | Figure 64 \u2013 Context of delay times and watchdog times <\/td>\n<\/tr>\n | ||||||
| 120<\/td>\n | 9.3.3 Adjustment of watchdog times for FSCP 3\/1 Figure 65 \u2013 Timing sections forming the FSCP 3\/1 F_WD_Time <\/td>\n<\/tr>\n | ||||||
| 121<\/td>\n | 9.3.4 Engineering tool support 9.3.5 Retries (repetition of messages) Figure 66 \u2013 Frequency distribution of response times with message retries <\/td>\n<\/tr>\n | ||||||
| 122<\/td>\n | 9.4 Duration of demands 9.5 Constraints for the calculation of system characteristics 9.5.1 Probabilistic considerations Figure 67 \u2013 Residual error probabilities for the 24-bit CRC polynomial <\/td>\n<\/tr>\n | ||||||
| 123<\/td>\n | Figure 68 \u2013 Residual error probabilities for the 32-bit CRC polynomial <\/td>\n<\/tr>\n | ||||||
| 124<\/td>\n | 9.5.2 Safety related assumptions Figure 69 \u2013 Monitoring of corrupted messages Table 42 \u2013 Definition of terms in Figure 69 <\/td>\n<\/tr>\n | ||||||
| 125<\/td>\n | 9.5.3 Non safety related constraints (availability) 9.6 Maintenance 9.6.1 F-(Sub)Module commissioning \/ replacement 9.6.2 Identification and maintenance functions <\/td>\n<\/tr>\n | ||||||
| 126<\/td>\n | 9.7 Safety manual Table 43 \u2013 Information to be included in the safety manual <\/td>\n<\/tr>\n | ||||||
| 127<\/td>\n | 9.8 Wireless transmission channels 9.8.1 Black channel approach 9.8.2 Availability 9.8.3 Security measures 9.8.4 Stationary and mobile applications <\/td>\n<\/tr>\n | ||||||
| 128<\/td>\n | 9.9 Relationship between functional safety and security 9.10 Conformance classes Table 44 \u2013 F-Host conformance class requirements <\/td>\n<\/tr>\n | ||||||
| 129<\/td>\n | Table 45 \u2013 Main characteristics of protocol versions Table 46 \u2013 F-Host driver \/ F-Device driver conformance matrix <\/td>\n<\/tr>\n | ||||||
| 130<\/td>\n | 10 Assessment 10.1 Safety policy 10.2 Obligations <\/td>\n<\/tr>\n | ||||||
| 131<\/td>\n | Annex A (informative) Additional informationfor functional safety communication profiles of CPF 3 Figure A.1 \u2013 Typical “C” procedure of a cyclic redundancy check <\/td>\n<\/tr>\n | ||||||
| 132<\/td>\n | Table A.1 \u2013 The table “Crctab24” for 24 bit CRC signature calculations <\/td>\n<\/tr>\n | ||||||
| 133<\/td>\n | Table A.2 \u2013 The table “Crctab32” for 32 bit CRC signature calculations <\/td>\n<\/tr>\n | ||||||
| 134<\/td>\n | Table A.3 \u2013 The table “Crctab16” for 16 bit CRC signature calculations <\/td>\n<\/tr>\n | ||||||
| 135<\/td>\n | Table A.4 \u2013 Values of CN_incrNR_64 and MNR for F-Host PDU <\/td>\n<\/tr>\n | ||||||
| 136<\/td>\n | Annex B (informative) Information for assessment of the functional safety communication profiles of CPF 3 <\/td>\n<\/tr>\n | ||||||
| 137<\/td>\n | Annex C (normative) Optional features Figure C.1 \u2013 F-Host driver application interface with feature Reaction on Device_Fault <\/td>\n<\/tr>\n | ||||||
| 138<\/td>\n | Table C.1 \u2013 Definition of additional terms used in driver transitions Table C.2 \u2013 F-Host driver transitions \u2013 added with reaction on Device_Fault <\/td>\n<\/tr>\n | ||||||
| 140<\/td>\n | Table C.3 \u2013 Prevent unintentional restart by application measures <\/td>\n<\/tr>\n | ||||||
| 141<\/td>\n | Figure C.2 \u2013 F-Host driver application interface with feature Disable F-(Sub)Module Figure C.3 \u2013 Timing diagram to use Disable F-(Sub)Module <\/td>\n<\/tr>\n | ||||||
| 142<\/td>\n | Table C.4 \u2013 F-Host driver transitions \u2013 with feature Disable F-(Sub)Module <\/td>\n<\/tr>\n | ||||||
| 144<\/td>\n | Table C.5 \u2013 F-Host driver transitions \u2013 added with “reaction on Device_Fault”and “Disable F-(Sub)Module” <\/td>\n<\/tr>\n | ||||||
| 148<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Industrial communication networks. Profiles – Functional safety fieldbuses. Additional specifications for CPF 3<\/b><\/p>\n |