CANopenDeviceSIL2 (FB)

FUNCTION_BLOCK CANopenDeviceSIL2 EXTENDS CSB.CANopenSafetyBase

This function block implements a CANopen Safety Slave SIL2 I/O driver which is realized through a black channel approach. It sits on top of an unsafe CANopen Slave Stack. Communication between both stacks is realized over shared memory.

The function block can be enabled/disabled by S_xEnable. When S_xEnable gets TRUE the function block checks all conditions for safe communication each bus cycle:

• Unsafe stack is in OPERATIONAL state

• Configuration valid object (16#13FE) is set to 16#A5

• Safety configuration signatures are correct

• Consistency of SRDO configuration data

If a configuration error is detected (e.g. CRC mismatch) S_eError changes from NO_ERROR to the corresponding error code. If every condition is fulfilled the function block tries starting safe communication. Output S_xActive gets TRUE if all SRDOs are sent/received at least one time without any error. When communication error occurs (e.g. SCT/SRVT timeout, data mismatch, …), all SRDO communication is stopped: S_xActive = FALSE, S_eError <> NO_ERROR. Errors can be acknowledged by a rising edge of S_xErrorAck. Safe communication will be continued.

Note

Do not instantiate this function block. It will be instantiated implicitly.

InOut:

Scope	Name	Type	Initial	Comment
Input	S_xEnable	BOOL	TRUE	TRUE: SRDO communication enabled; FALSE: SRDO communication stopped
	S_xErrorAck	BOOL	FALSE	Pending error (S_eError <> NO_ERROR) can be acknowledged with rising edge.
Output	S_xActive	BOOL	FALSE	TRUE: safe communication active; FALSE: safe communication inactive (in case of error or S_xEnable = FALSE)
	S_eError	CST.ERROR	CST.ERROR.NO_ERROR	Error code of pending error or NO_ERROR.

Structure:

• Cyclic-Methods-state-independent
• State-Machine
  • State Transitions
  • States
    • CheckConfiguration
    • CheckConfiguration and Stopped
    • Operational