The data integrity checking mechanism of the FSCP 3/1 V2-mode is totally independent from the mechanisms of the underlying communication system, which then is called a "black channel". Thus it can be used for backplane communication channels also.
According to IEC 62280-1 and IEC 62280-2, the "properness" of the used CRC polynomials has to be proven. This requires calculation of the residual error probability as a function of the bit error probability for a given polynomial, here for the 24-bit version (15D6DCBh), as well as for the 32-bit version (1F4ACFB13h).
Figure 80 is showing the diagrams of residual error probabilities for the 24-bit polynomial. The calculated diagrams are for data lengths including the CRC signature.
10-7 10-8 10-9 10-10 10-11 10-12 10-13 10-14 10-15 10-16 10-17
0,001 0,01 0,1 1
5,96 × 10-8
Bit error probability
Residual errorprobability
10-7 10-8 10-9 10-10 10-11 10-12 10-13 10-14 10-15 10-16 10-17
0,001 0,01 0,1 1
5,96 × 10-8
Bit error probability 10-7
10-8 10-9 10-10 10-11 10-12 10-13 10-14 10-15 10-16 10-17
0,001 0,01 0,1 1
5,96 × 10-8 10-7 10-8 10-9 10-10 10-11 10-12 10-13 10-14 10-15 10-16 10-17
0,001 0,01 0,1 1
5,96 × 10-8
Bit error probability
Residual errorprobability
Figure 80 – Residual error probabilities for the 24-bit polynomial
A polynomial will be assessed "proper" if there is no significant "humpback" curve with increasing bit error probability, i.e. if it rises monotonic.
Figure 81 and Figure 82 are showing the diagrams for the 32-bit polynomial.
10-12 10-15 10-18 10-21 10-24 10-27 10-9
10-5 10-4 10-3 10-2 10-1
g = 1F4ACFB13h n = 416
Bit error probability
Residual errorprobability
10-12 10-15 10-18 10-21 10-24 10-27 10-9
10-5 10-4 10-3 10-2 10-1
10-5 10-4 10-3 10-2 10-1
g = 1F4ACFB13h n = 416
Bit error probability
Residual errorprobability
Figure 81 – Properness of the 32-bit polynomial for 52 octets The terms used in Figure 81 and Figure 82 are specified below:
g = generator polynomial 1F4ACFB13h n = bit length of data including CRC signature
10-12 10-15 10-18 10-21 10-24 10-9
10-5 10-4 10-3 10-2 10-1
g = 1F4ACFB13h n = 1056
Bit error probability
Residual errorprobability
10-12 10-15 10-18 10-21 10-24 10-9
10-5 10-4 10-3 10-2 10-1
10-5 10-4 10-3 10-2 10-1
g = 1F4ACFB13h n = 1056
Bit error probability
Residual errorprobability
Figure 82 – Properness of the 32-bit polynomial for 132 octets
Summarizing reflections about any perturbing influences lead directly to Figure 83. The combination of the bus failure causes provides a (fictive) frequency of corrupted messages on the transmission system. The standard error detecting mechanisms of CP 3/RTE (1st Filter) are recognizing every fault up to a certain level, thus only special bit patterns are reaching the safety layer mechanism. For the number of undetected corrupted messages the worst-case value of 2−n shall not be taken (n = 24 or 32), since the overall frequency of corrupted safety PDUs on the bus is continuously monitored.
1. Filter
BusCode: PUB (typ)
fw
HD≥1
2. Filter
FSCP 3/1Code:
1-C
C (very little)
"Raw" channel, BusCode failed HW-
failures
EMI
Other
Frequency of corrupted messages
Special bit patterns
Statistical bit patterns PUS (typ)
"time period":
T h Recognized corrupted messages from every participant Safe
state
Within F-Host
PUS
Figure 83 – Monitoring of corrupted messages The terms used in Figure 83 are specified below:
fw = frequency of corrupted messages EMI = electromagnetic interference HD = hamming distance
c = frequency of occurrence
T = measurement period in hours (see 7.2.6).
If the safety mechanisms within the standard CP 3/1 and CP 3/RTE IO layers are failing (very little probability), then corrupted messages with statistical bit patterns are reaching the safety layer mechanism.
This FSCP 3/1 protocol allows simple monitoring of every corrupted safety PDU within the F- Host and via the Status Byte within the acknowledgment safety PDU of an F-Device.
9.5.2 Safety related constraints
The boundary conditions and constraints for safety assessments and calculations of residual error rates are listed here.
Generally:
• All devices provide electrical safety SELV/PELV and a CPF 3 conformance test report
• Safety devices are designed for normal industrial environment according to IEC 61000-6-2 or IEC 61131-2 and provide increased immunity according to IEC 61326-3-1 and IEC 61326-3-2
V1-mode:
• Assumed number of safety-related messages per second and per 1:1 FSCP 3/1 communication relationship
CP 3/1: 100
CP 3/2: 10
• Number of retries per channel type (see 9.3.5):
CP 3/1: 15 (IEC 61158-6-3: maximum of 8)
CP 3/2: 15 (IEC 61158-6-3: maximum of 8) Backplane bus: 8 (within hosts or modular field devices)
• Black Channel CRC polynomials:
Black Channel shall not use the safety layer CRC polynomials 14EABh and 1F4ACFB13h Black Channel polynomials shall not be divisible by C599h
• Active buffering network elements:
CP 3/1: 2 messages maximum with links and/or repeater
• Octet-wise splitting of safety PDU:
Not permitted V2-mode:
• Assumed number of safety-related messages per second and per 1:1 FSCP 3/1 communication relationship
< 10 000
• Number of retries per channel type (see 9.3.5):
No restrictions
• Numbers of safety-related message sinks per safety function:
No restrictions
• Black Channel CRC polynomials:
No restrictions
• Active buffering network elements:
No restrictions; any switch permitted (see 7.3.8 and 5.4.2)
• Safety islands:
Single port routers are not permitted as borders for a safety island (see 7.3.9)
• Octet-wise splitting of safety PDU:
No restrictions
9.5.3 Non safety related constraints (availability)
• Cyclic data exchange between hosts and field devices within a defined time period (sign of life)
• Guaranteed delivery of entire safety PDUs at the safety layer (data integrity) Generally:
⎯ CP 3/1: No spurs (branch lines)
⎯ CP 3/RTE: Only one F-Host per submodule
⎯ Ethernet-Switches shall be suitable for standard industrial environment as defined for example in IEC 61131-2