Time synchronization and validation

Một phần của tài liệu Bsi bs en 61784 3 13 2010 (Trang 128 - 137)

7.7 State and sequence diagrams

7.7.2 Time synchronization and validation

To verify the performance of the non safety communication layer, FSCP 13/1 shall use a combined time synchronization and validation sequence. This shall be done cyclically.

NOTE Cyclically because of tolerances of the hardware clocks within the safety nodes.

Figure 48 specifies the basic sequences for the time synchronization and validation.

Figure 48 – Time synchronization and validation

Time Validation Time Synchronization Producer Consumer

T RefProducer T RefConsumer

T SPDOConsumer

T SPDOConsumer

T SPDOConsumer

T SPDOConsumer

T SPDOProducer

T SPDOProducer

T SPDOProducer

T SPDOProducer

7.7.2.2 Time synchronization

The consumer shall start the sequence by sending a set of Time Requests (TReq) to the producer. This shall be done by using a TxSPDO. When receiving the first TReq, the producer shall create a “new data event” (see 7.7.1.1) to reply to the request as soon as possible with the corresponding set of Time Responses (TRes). Then the first received TRes within the consumer shall be checked against the minimum and maximum allowed TSync propagation delay. If the delay is shorter than the minimum allowed delay, the consumer shall enter the safe state, because in this case the best case TRes delay parameter is incorrect. If the delay is longer than the maximum allowed delay, the time response shall be ignored. If delay is within the given limits, time synchronization shall be considered successful and the consumer shall memorize the internal T RefProducer and T RefConsumer values.

Figure 49 specifies the synchronization sequence.

Key

See Table 177.

Figure 49 – Time synchronization detail Table 177 specifies items used in Figure 49.

Table 177 – Time synchronization item description

Item Description Min value

Max value

SOD T RefProducer Value of CT field within the TRes service

supplied by the producer 0 65 535 - best case

TRes delay

User defined value to define the best case minimum time needed to transfer the time request from the consumer to the producer and to set up the time response within the producer. This value is used to calculate the SPDO propagation delay. If the user assumes a larger value than the real value, the time validation would not recognize impermissible delays in the SPDO propagation

0 65 535 Object index 1400h -- 17FEh sub index 0Ah (see 7.5.4.14)

Time Validation Producer Consumer

Best case TRes delay

T RefProducer T RefConsumer Minimum allowed TSync prop. delay Maximum allowed TSync prop. delay Time Synchronization

Item Description Min value Max

value SOD T RefConsumer Time Request start time [CT] + best case

TRes delay [CT]. This value is calculated within the consumer and gives a time reference within the consumers CT to T RefProducer

> best case TRes delay

65 535 -

Minimum allowed TSync propagation delay

Minimum allowed propagation delay for time synchronization [CT]

1 65 535 Object index 1400h -- 17FEh sub index 06h (see 7.5.4.14) Maximum

allowed TSync propagation delay

Maximum allowed propagation delay for time synchronization [CT]

1 65 535 Object index 1400h -- 17FEh sub index 07h (see 7.5.4.14)

7.7.2.3 Time validation

After successful time synchronization, the consumer shall receive SPDOs and calculate the propagation delay as specified by Equations (2), (3) and (4).

SPDO propagation delay = T_SPDO_to_RefConsumer – T_SPDO_to_RefProducer (2) T_SPDO_to_RefConsumer = T SPDOConsumer – T RefConsumer (3) T_SPDO_to_RefProducer = T SPDOProducer – T RefProducer) (4)

where

T SPDOProducer is the value of CT field within the SPDO supplied by the producer;

T SPDOConsumer is the CT value within the consumer when receiving the SPDO;

T RefProducer is the value of CT field within the TRes service supplied by the producer;

T RefConsumer is the time reference within the consumers CT to T RefProducer see Table 177

The result of Equation (2) shall be checked against the minimum and maximum allowed SPDO propagation delay. If the delay is shorter then the minimum allowed delay, the consumer shall enter the safe state, because in this case the best case TRes delay parameter was set wrong. If the delay is longer than the maximum allowed delay, the SPDO shall be ignored. If delay is within the given limits, the SPDO shall be processed.

Figure 50 shows how SPDO propagation delay is calculated.

Key

See Table 178.

Figure 50 – Calculation of propagation delay Figure 51 specifies the time validation sequences.

Key

See Table 178.

Figure 51 – Time validation, propagation delay explanation limits Table 178 specifies items used in Figure 50 and Figure 51.

Time Validation Time Synchronization Producer Consumer

T RefProducer T RefConsumer

T SPDOConsumer

T SPDOConsumer

T SPDOConsumer

T SPDOConsumer

T SPDOProducer

T SPDOProducer

T SPDOProducer

T SPDOProducer

T_SPDO_to_RefProdu T_SPDO_to_RefConsumer

Time Validation delay to short, enter FAIL Safe Sate Producer Consumer

T RefConsumer

delay to large, SPDO is ignored

Maximum allowed SPDO propagation delay Minimum allowed SPDO propagation delay

Time synchronization

Table 178 – Time validation item description

Item Description Min value

Max value

SOD T SPDOProducer Value of CT field within the SPDO

supplied by the producer

0 65 535 -

T SPDOConsumer CT value within the consumer when receiving the SPDO

0 65 535 -

SPDO propagation delay

Calculated propagation delay using the time references of the previous time synchronization, see Equation (2)

0 65 535 -

Minimum allowed SPDO propagation delay

Minimum allowed propagation delay for SPDO [CT]

1 65 535 Object index 1400h -- 17FEh sub index 8h (see 7.5.4.14)

Maximum allowed SPDO propagation delay

Maximum allowed propagation delay for SPDO [CT]

1 65 535 Object index 1400h -- 17FEh sub index 9h (see 7.5.4.14)

7.7.2.4 Time synchronization operation

To increase the immunity of FSCP 13/1 against data loss within the non safe communication layer, the TReq and TRes services shall be sent as bundle of single services.

The consumer shall send m time requests (TxSPDO) to the producer containing the TR (Time Request Distinctive Number). This number shall be incremented with each time request. The producer shall receive the time request from a specific node and shall start answering the time request. The response to a time request shall be to fill the TADR (SADR of the requesting node) and the TR field in the cyclic TxSPDO telegram from the producer.

The producer shall repeat the response for a received time request n times although new time requests were already received. This ensures that the consumer which initiates the time request receives the correct answer. During processing the Time Response, the producer shall ignore all other time requests corresponding to this TxSPDO.

If the consumer does not receive the time response within time td (see Table 179), the next set of time requests shall be sent. The number of time responses per time request, the number of requests per consecutive request set, td and the timer ts (see Table 179) which re- initiates a time request shall be adjusted within the SOD. If the propagation delay is too long the TRes shall be ignored, if it is too short, the safe state shall be entered (see 7.7.2.1). If a valid TRes was not received within the Time request cycle, a time synchronization failure shall occur.

The time synchronization for each producer shall start when the consumer is Operational and receives the first RxSPDO from the corresponding producer.

Within a Consumer / Producer relationship, equal CT values shall be mandatory.

Figure 52 specifies time request and response. The consumer shall send a time request to one of its producers. This request is repeated m times. The producer shall answer the first time request, and it receives and repeats the answer n times. If a producer receives a time request during the time it is already answering another time request on the corresponding TxSPDO, the new time request shall be ignored. Figure 52 also shows that the nonsafe communication layer may also drop or delay messages due to different network cycle times or other effects.

Key

See Table 179.

Figure 52 – Time synchronization on a nonsafe network

Time synchronization is specified by Figure 53. The consumer shall send a set of m time requests (TReq) and then wait for the response. If the response time is shorter than the minimum allowed propagation delay, the safe state shall be entered. If the response (TRes) is within the maximum and minimum allowed propagation delay, it shall be valid. If no response is received within the maximum allowed propagation delay, the consumer shall wait until td has elapsed and shall send the next set of m TReq.

Key

See Table 179.

Figure 53 – Explanation of time synchronization

Produce

r Nonsafe

communication layer

Consumer Nonsafe

network

TReq (TR=0)

TReq (TR=1)

TReq (TR=2) m

TRes (TR=2)

n

TRes #1, TR=2

TRes #2, TR=2 Ignore TReq TR=3 TRes #3, TR=2

TRes #4, TR=2

TReq (TR=3) Nonsafe

communication layer

Propagation delay of time

synchronization Δt of the

producer

Δt of the consumer TReq received,

new_data

Producer Consumer

m TReq

Maximum allowed TSync propagation delay

td

Propagation delay shall be smaller than maxpd

m TReq sent

Maximum allowed TSync propagation

Delayed TRes is ignored

Figure 54 specifies a time synchronization failure. The consumer sends time requests to the producer. If a valid time response is not received within the entire time synchronization cycle time, a synchronization failure shall occur. This also ensures that the related outputs will enter the safe state.

Key

See Table 179.

Figure 54 – Time synchronization failure Table 179 specifies items used in Figure 52, Figure 53 and Figure 54.

Table 179 – Extended time synchronization item description

Item Description Min value

Max value SOD

n Number of TRes from Producer 1 255 Object index 1C00h -- 1FFEh sub index 03h (see 7.5.4.16)

TR Time Request Distinctive Number Consumer: To be incremented each TReq

0 63 -

m Number of consecutive TReq from consumer

1 63 Object index 1400h -- 17FEh sub index 03h (see 7.5.4.14)

td Time delay between two TReq blocks [CT]

0 UNSIGNED32 Object index 1400h -- 17FEh sub index 04h (see 7.5.4.14)

ts Time delay for new synchronization [CT]. The delay between

successful time synchronization and the next TReq

1 UNSIGNED32 Object index 1400h -- 17FEh sub index 05h (see 7.5.4.14)

tc Time request cycle [CT] 1 UNSIGNED32 Object index 1400h -- 17FEh sub index 0Bh (see 7.5.4.14)

maxpd Maximum allowed TSync propagation delay

1 65535 Object index 1400h -- 17FEh sub index 07h (see 7.5.4.14)

7.7.2.5 Time synchronization frequency

The frequency of the time synchronization is calculated by Equation (5).

Producer Consumer maxpd = 60 [CT]

td = 100 [CT]

tc = 800 [CT]

tc elapsed without successful TRes -> time synchronization failure occurs

Time between two sets of TReq = Maximum allowed propagation delay + td = 160 [CT]

tc

] 1 [

[CT]

- ] [CT]

CT

[ TimeAccuracy

Delay gation SPDO Propa ed

Max. allow Cycle SCT

Request

Time = (5)

where

Element Min value

Max value SOD

Time request cycle [CT] 1 UNSIGNED32 Object index 1400h -- 17FEh sub index Bh (see 7.5.4.14)

SCT – Safety control time [CT] 1 UNSIGNED32 Object 1400h -- 17FEh sub index 2h (see 7.5.4.14)

Max. allowed SPDO propagation delay [CT] 1 65 535 Object index 1400h -- 17FEh sub index 9h (see 7.5.4.14)

TimeAccuracy: Overall Time Accuracy of Consumer and Producer, this term is mainly determined by the system, the quartz crystal, etc.

- - -

7.7.2.6 Time synchronization producer

The time synchronization producer state diagram is specified by Figure 55.

IDLE

Process Time Request

time request received n time responses sent

IDLE

Process Time Request

time request received n time responses sent

Key

See Table 180 and Table 181.

Figure 55 – State diagram time synchronization producer Table 180 specifies items used in Figure 55.

Table 180 – Time synchronization producer item description

Item Description Min value

Max value

SOD

n Number of TRes from producer 1 255 Object index 1C00h -- 1FFEh sub index 03h (see 7.5.4.16)

Table 181 specifies the time synchronization producer states.

Table 181 – Time synchronization producer state description

State Description IDLE The producer waits for a time request from any consumer

Process Time Request After a time request from a consumer, the producer starts answering this request

NOTE The response to a Time Request is not a separate telegram. It is just part of the normal TxSPDO.

7.7.2.7 Time synchronization consumer

The time synchronization consumer state diagram is specified by Figure 56.

IDLE Send Time Request

m TReq sent and maximum propagation delay expired

TRes received and propagation delay

Ok Δt or new data [not m Treq sent] / increase TR

TReq sent

Wait td

Sync Ok

/reset m, reset time request cycle time

td expired

Time request cycle time expired

Time request cycle time expired or number of not answered TR expired or (TRes received and Propagation delay is shorter then minimum allowed propagation delay)

Wait ts ts expired

Time synchronization failure occurred

IDLE Send Time Request

m TReq sent and maximum propagation delay expired

TRes received and propagation delay

Ok Δt or new data [not m Treq sent] / increase TR

TReq sent

Wait td

Sync Ok

/reset m, reset time request cycle time

td expired

Time request cycle time expired

Time request cycle time expired or number of not answered TR expired or (TRes received and Propagation delay is shorter then minimum allowed propagation delay)

Wait ts ts expired

Time synchronization failure occurred

Key

See Table 182 and Table 183.

Figure 56 – State diagram time synchronization consumer Table 182 specifies items used in Figure 56.

Table 182 – Time synchronization consumer item description

Item Description Min value

Max value SOD TReq Time synchronization

request

- - -

m Number of consecutive TReq from consumer

1 63 Object index 1400h -- 17FEh sub index 03h (see 7.5.4.14)

TR Time Request Distinctive Number Field

0 63 -

Δt TxSPDO refresh prescale

[CT] 1 32 767 Object index 1400h -- 17FEh sub index 02h (see 7.5.4.14)

td Time delay between two TReq blocks [CT]

0 UNSIGNED32 Object index 1400h -- 17FEh sub index 04h (see 7.5.4.14)

Item Description Min

value Max value SOD ts Time delay for new

synchronization [CT]. The delay between successful time synchronization and the next TReq

1 UNSIGNED32 Object index 1400h -- 17FEh sub index 05h (see 7.5.4.14)

minpd Minimum allowed propagation delay for time synchronization [CT]

1 65 535 Object index 1400h -- 17FEh sub index 06h (see 7.5.4.14)

maxpd Maximum allowed propagation delay for time synchronization [CT]

1 65 535 Object index 1400h -- 17FEh sub index 07h (see 7.5.4.14)

tc Time request cycle [CT] 1 UNSIGNED32 Object index 1400h -- 17FEh sub index 0Bh (see 7.5.4.14)

Table 183 specifies the time synchronization consumer states.

Table 183 – Time synchronization consumer state description

State Description Send Time Request Sending the time request to the corresponding producer

IDLE Waiting for TRes

Wait td Waiting until td expired. All received TRes are ignored Wait ts Waiting until ts expired. All received TRes are ignored

Sync Ok Synchronization Ok. Reset m: reset time request cycle time. Reset number of not answered TR

Một phần của tài liệu Bsi bs en 61784 3 13 2010 (Trang 128 - 137)

Tải bản đầy đủ (PDF)

(180 trang)