Supported platforms: CODESYS 3.5 SP19 SAFETY
How to send and receive variable over Safety J1939
This section describes how safe J1939 variables are used with MultiTool Creator code template.
The J1939 CAN messages are handled in non-safety code. The J1939 library FB transmits safety relevant short messages between CAN and a separate message buffer.
The SafeJ1939 library FB S_J1939 is used for:
-
Transferring safety related J1939 data between safety and non-safety context
-
Safety related J1939 data validation
A safety project's application has a safety task and non-safety task. Due to lower priority, the non-safety task may be interrupted at any time by the safety task. To prevent data errors due interruptions, only one SDG is handled at a time per direction. Although this is mandatory only for SDGs that have shared SHMs, the library handles all SDGs this way.
 |
The S_J1939 FB operation is disabled if an initialization error has occurred.
|
|
It is up to the application on how to react to an error of individual SDG.
|
|
|
Required:
|
|
|
The safety J1939 code template is supported by MTC 8.2 or newer. |
|
|
The code template is only for CODESYS 3.5 SP19 or newer. |
|
|
The non-safe J1939 PGNs of the code template are as in CODESYS 3.5 S Series.
|
|
|
SAE 1939-76 Safety Data Group (SDG) consists of two separate CAN messages: Safety Header Message (SHM), and Safety Data message (SDM). The SHM is used for validating the data in SDM. |
|
|
The SDM is always per SDG. The SHM is per SA/DA pair, so it is shared with SDGs that have the same source and destination address. |
|
|
Only one SDG is transmitted at a time. This sets restrictions to SDG timing parameters. |
|
|
Sending of safety relevant messages is handled both in safe task and non-safe task. Both tasks' set cycle times, execution times and interruption policy also sets restrictions to SDG timing parameters. |
|
|
The SDG message configuration including the message timeout values are configured with MultiTool Creator. |
Enabling safety J1939 operation
The code template sets the global S_SafeOperationEnable flag:
|
Safe PRG:
|
|
|
Safety J1939 operation must be separately enabled in user code, for example,
by using the global S_SafeOperationEnable flag:
|
Safe PRG:
|
|
|
Sending safe J1939 message pairs
The S_J1939 FB's internal method Send:
-
copies safe SPN data to SDM message buffer
-
creates and copies SHM data to message buffer
-
triggers sending of messages
All of the POUs are automatically generated by MultiTool Creator to code template.
|
|
The validity and all errors of transmit SDG can be checked from S_G_J1939_CAN1_TSDG.SDGs[<n>].Status structure. The status values cover all SPN variables mapped to the SDG. |
The following example shows how an application updates the transmit safe J1939 variable using the code template.
The variable TC1_TransmissionRequestedGear is defined in MultiTool Creator as a J1939 variable if TransmissionControl1 PGN is selected to be transmitted.
The location of the variable is S_G_J1939.CAN1.Out.Default.TC1_TransmissionRequestedGear, if the PGN is set "Safety".
Otherwise the variable is non-safety, and its location is G_J1939.CAN1.Out.Default.TC1_TransmissionRequestedGear.
|
Safe PRG:
|
|
|
Receiving safe J1939 message pairs
The S_J1939 FB's internal method Receive:
-
reads messages from message buffers
-
validates SDM by SHM
-
copies validated data to safe SPNs
All of the POUs are automatically generated by MultiTool Creator to code template.
|
|
The validity and all errors of receive SDG can be checked from S_G_J1939_CAN1_RSDG.SDGs[<n>].Status structure. The status values cover all SPN variables mapped to the SDG. |
|
|
The application shall check that the received safe SPN data is valid before using safety variables for control. |
|
Safe PRG:
|
|
|
See also