Following IEC 61784-3, this document detects all communication errors which can possibly occur in the underlying standard communication channel, including the OPC UA stack. If an error is detected, the erroneous data is discarded. Moreover, this document is designed in such a way that a safety function becomes practically unusable if the failure rate in the underlying, standard communication channel is higher than one error per safety error interval limit (6, 60, or 600 minutes), depending on the desired SIL of the safety function (see Table 26 and Table 39).

Thus, for operational safety functions a failure rate of 0,1 h-1, 1 h-1, or 10 h-1 can be assumed for communication errors occurring in the OPC UA stack. In order to obtain the communication’s contribution to the PFH-value of the safety function, this value has to be multiplied by the so-called conditional residual error probability Pre,cond. For the CRC-mechanism used in this document, it holds:

Pre,cond ≤ 4,0 x 10-10

This leads to the PFH and PFD values shown in Table 39.

The value 4,0 x 10-10 was justified by extensive numerical evaluation of the 32-bit CRC generator polynomial in use (0x F4ACFB13). The results of this evaluation - executed for all relevant data lengths and all relevant values for the bit error probability p up to p = 0.5 - is shown in Figure 23. As can be seen, Pre,cond never exceeds the value 4,0 x 10-10.

image030.png

Figure 23 – Conditional residual error probability of the CRC-check

An explanation that it is indeed necessary to calculate Pre,cond for all data lengths and all relevant values of p can be found in Figure 24. For the data lengths shown in this figure, Pre,cond exceeds the desired value by several orders of magnitudes. Note that the maximum value of Pre,cond is not obtained when p becomes maximal.

image031.png

Figure 24 – Counter example: data lengths not supported by OPC Safety