5.3 Safety measures
[RQ5.2] For an implementation of this document, the following safety measures shall be implemented: MonitoringNumber; timeout with receipt in the SafetyConsumer; set of IDs for the SafetyProvider; Data Integrity check.
Together, these safety measures address all possible transmission errors as listed in IEC 61784‑3:2021, 5.5, see Table 2.
[RQ5.3] The safety measures shall be processed and monitored within the SCL.
| Communication error | Safety measures | |||
|---|---|---|---|---|
| MonitoringNumber a | Timeout with receipt b | Set of IDs for SafetyProvider c | Data integrity check d | |
| Corruption | – | – | – | X |
| Unintended repetition | X | X | – | – |
| Incorrect sequence | X | – | – | – |
| Loss | X | X | – | – |
| Unacceptable delay | – | X | – | – |
| Insertion | X | – | – | – |
| Masquerade | X | – | X | X |
| Addressing | – | – | X | – |
a Instance of “sequence number” of IEC 61784‑3. b Instance of “time expectation” (timeout) and “feedback message” (receipt) of IEC 61784‑3. c Instance of “connection authentication” of IEC 61784‑3. d Instance of “data integrity assurance” of IEC 61784‑3, based on CRC signature. | ||||
The SafetyConsumer is specified in such a way that for any communication error according to Table 2, a defined fault reaction will occur.
In all cases, the faulty SPDU will be discarded, and not forwarded to the safety application.
Moreover, if the error rate is too high, the SafetyConsumer is defined in such a way that it will cease to deliver actual process values to the safety application but will deliver fail-safe substitute values instead. In addition, an indication at the Safety Application Program Interface is set which can be queried by the safety application.
In case the error rate is still considered acceptable, the state machine repeats the request, see 9.4.