7 Safety communication layer services and management ToC Previous Next

7.4 SafetyConsumer interfaces ToC Previous Next

7.4.3 SPI of the SafetyConsumer ToC Previous Next

[RQ7.5] Each SafetyConsumer shall implement the parameters shown in Table 27 which can be set via the SPI. The mechanisms for setting these parameters are vendor-specific. The attempt of setting a parameter to a value outside its range shall not become effective, and a diagnostic message should be shown when appropriate. The SPI of the SafetyConsumer represents the parameters of the safety communication layer management of the SafetyConsumer.

Table 27 – SPI of the SafetyConsumer

Identifier Type Valid range    Initial Value(before configuration) Access Note
SafetyProviderIDConfigured UInt32 0x0 - 0xFFFFFFFF 0x0 R/W    The SafetyProviderID of the SafetyProvider this SafetyConsumer normally connects to, see Figure 11 and Clause 3.2.For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyProviderID of the safety Consumer’s SAPI. This runtime value can be queried using the SafetyProviderIDActive parameter. See note on configured and active values at Table 14.
SafetyBaseIDConfigured GUID any value which can be represented with sixteen bytes. All sixteen bytes are 0x00 R/W    The default SafetyBaseID of the SafetyProvider this SafetyConsumer uses to make a connection, see Clause 3.2.    For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyBaseID of the SafetyConsumer’ s SAPI. This runtime value can be queried using the SafetyBaseIDActive parameter. See note on configured and active values at Table 14.   See Clause 11.1.1 for more information on GUID.
SafetyConsumerIDConfigured UInt32 0x0 - 0xFFFFFFFF 0x0 R/W    ID of the SafetyConsumer, see Clause 11.1.2.    For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyConsumerID of the SafetyConsumer’s SAPI. This runtime value can be queried using the SafetyConsumerIDActive parameter. See note on configured and active values at Table 14.
   SafetyProviderLevel Byte 0x01 - 0x04 0x04 R/W SafetyConsumer’s expectation on the SIL the SafetyProvider implementation (hardware & software) is capable of. See Clause 3.2, Clause 8.1.3.3, and Figure 12.
SafetyStructureSignature UInt32 0x0 – 0xFFFFFFFF 0x0 R/W Signature over the SafetyData structure, see Clause 8.1.3.4
SafetyStructureSignatureVersion UInt16 0x1 0x1 R/W    Version used to calculate SafetyStructureSignature, see Clause 8.1.3.4   For the SafetyConsumer, this parameter is optional.
SafetyStructureIdentifier String   “” R/W    Identifier describing the data type of the safety data, see Clause 8.1.3.4.   For the SafetyConsumer, this parameter is optional.
SafetyConsumerTimeOut UInt32 0x0 – 0xFFFFFFFF 0x0 R/W    Watchdog-time in microseconds (µs).   Whenever the SafetyConsumer sends a request to a SafetyProvider, its watchdog timer is set to this value. The expiration of this timer prior to receiving an error-free reply by the SafetyProvider indicates an unacceptable delay.See Clause 10.1
SafetyOperatorAckNecessary Boolean 0x0 / 0x1 0x1 R/W    This parameter controls whether an operator acknowledgment (OA) is necessary in case of errors of type “unacceptable delay” or “loss”, or when the SafetyProvider has activated FSV (ActivateFSV). 1: FSV are provided at the output SafetyData of the SAPI until OA. 0: PV are provided at SafetyData of the SAPI as soon as the communication is free of errors. In case of ActivateFSV the values change from FSV to PV as soon as ActivateFSV returns to “0”.   NOTE: This parameter does not have an influence on the behavior of the SafetyConsumer following the detection of other types of communication errors, such as data corruption or an error detected by the SPDU_ID. For these types of errors, OA is mandatory, see Clause 7.4.2.
   SafetyErrorIntervalLimit UInt16 6, 60, 600 600 R/W    Value in minutes.   The parameter SafetyErrorIntervalLimit determines the minimal time interval between two consecutive communication errors so that they do not trigger a switch to FSV in the SafetyConsumer, see Clause 7.4.2.   It affects the availability and the PFH/PFDavg of this OPC UA Safety communication link, see Clause 11.4.
SafetyClientImplemented Boolean 0x0 / 0x1 n.a. R    This read-only parameter indicates whether the SafetyConsumer has implemented the client part of OPC UA Client/Server communication (see Clause 4.3):   1: Client for OPC UA Client/Server communication is implemented.0: Client for OPC UA Client/Server communication is not implemented.
SafetyPubSubImplemented Boolean 0x0 / 0x1 n.a. R    This read-only parameter indicates whether the SafetyConsumer has implemented the necessary publishers and subscribers for OPC UA PubSub communication (see Clause 4.3):   1: OPC UA PubSub communication is implemented.0: OPC UA PubSub communication is not implemented.

Previous Next