[RQ8.10] Figure 16 shows a simplified representation of the state diagram of the SafetyProvider. The exact behavior is described in Table 21, Table 22, and Table 23. The SafetyProvider shall implement that behavior. It is not required to literally follow the entries given in the tables, if the behavior does not change.
Figure 16 – Simplified representation of the state diagram for the SafetyProvider
|
Graphical representation |
Type |
Description |
|
|
Activity State |
Within these interruptible "activity" states the SafetyProvider waits for new inputs. |
|
|
Action State |
Within these non-interruptible "action" states events like new request is deferred until the next "activity" state is reached, see [1]. |
The transitions are fired in case of an event, for example receiving a SPDU. In case of several possible transitions, so-called guard conditions (refer to […] in UML diagrams) define which transition to fire
The diagram consists of activity and action states. Activity states are surrounded by bold lines, action states are surrounded by thin lines. While activity states may be interruptible by new events, action states are not. External events occurring while the state machine is in an action state, are deferred until the next activity state is reached.
Table 20 – Symbols used for state machines.
Table 21 – SafetyProvider instance internal items
|
INTERNAL ITEMS |
TYPE |
DEFINITION |
|
RequestSPDU_i |
Variable |
Local Memory for RequestSPDU (required to react on changes). |
|
<Get RequestSPDU> |
Macro |
Instruction to take the whole RequestSPDU from the OPC UA Mapper. |
|
<Set ResponseSPDU> |
Macro |
Instruction to transfer the whole ResponseSPDU to the OPC UA Mapper |
|
<build ResponseSPDU> |
Macro |
Take the MNR and the SafetyConsumerID of the received RequestSPDU. Add the SPDU_ID_1, SPDU_ID_2, SPDU_ID_3, Flags, and SafetyData, as well as the calculated CRC. See Clause 8.1.3.1 |
Table 22 – States of SafetyProvider instance
|
STATE NAME |
STATE DESCRIPTION |
|
Initialization |
// Initial state SAPI.SafetyData:= 0SAPI.MonitoringNumber:= 0SAPI.SafetyConsumerID:= 0 RequestSPDU_i:= 0 |
|
S1_WaitForRequest |
// waiting on next RequestSPDU from SafetyConsumer <Get RequestSPDU> |
|
S2_PrepareSPDU |
ResponseSPDU.Flags.ActivateFSV := SAPI.ActivateFSVResponseSPDU.Flags.OperatorAckProvider := SAPI.OperatorAckProvider Response.Flags.TestModeActivated := SAPI.EnableTestMode <build ResponseSPDU> // see Clause 8.1.3.1 |
Table 23 – SafetyProvider driver transitions
|
TRAN-SITION |
SOURCE STATE |
TARGET STATE |
GUARD CONDITION |
ACTIVITY |
|
T1 |
Init |
1 |
- |
|
|
T2
|
1
|
2 |
// RequestSPDU received <Get RequestSPDU> When: [RequestSPDU_i<> RequestSPDU] |
// Process Request RequestSPDU_i:= RequestSPDU SAPI.MonitoringNumber:= RequestSPDU.MonitoringNumber SAPI.SafetyConsumerID := RequestSPDU.SafetyConsumerID |
|
T3 |
2 |
1 |
// SPDU is prepared - |
<Set ResponseSPDU> |