MultiTool code template shall stop SRDO protocol update if
G_StatusFlags_Safe.S_SafeOperationEnable = FALSE
If any error is active, the SRDO messages will stop and the receiving side will go into timeout.
See also Reviewing SRDO.
Supported platforms: CODESYS 3.5 SAFETY
This section describes how SRDO variables are used with MultiTool Creator code template.
CANopen protocols are all executed in non-safety code. CANopen non-safety OD variables are used to transmit SRDO variables to/from CAN.
SafeCANopenSRDO library is used for:
Transferring SRDO data between safety and non-safety context
SRDO data validation
A safety project's application has a safety task and non-safety task. Due to lower priority, the non-safety task may be interrupted at any time by the safety task.
If an interruption occurs while the application is handling diverse non-safety SRDO data, the validation will fail. To prevent this, interlock functionality is used.
The non-safety CANopenSRDO protocol handler keeps the global lock status TRUE while handling SRDO message's OD data.
The global lock status is used:
to skip CreateSRDO function calls
as an initialization parameter to S_ValidateSRDO function block
by validation function blocks to disable the safety cycle and SR validation timeout diagnostic while OD is updated
|
|
MultiTool code template shall stop SRDO protocol update if G_StatusFlags_Safe.S_SafeOperationEnable = FALSE
If any error is active, the SRDO messages will stop and the receiving side will go into timeout. See also Reviewing SRDO. |
|
|
The safety control unit's SRDO signatures are automatically calculated by MultiTool Creator. The signature is validated in the safety control unit's initialization by the code template. Signature validation affects the S_SafeOperationEnable status. See also, CalculateSRDOSignature (FUN) |
|
|
The SRDO message's refresh time (cyclic tx interval) shall be greater than 2x safety task's cycle time for SRDO to work properly with interlock functionality. |
|
|
CANopen library version 4.0.7.2 or later supports SRDO rx buffering. If multiple SRDO pairs are received on same program cycle, the latest complete pair is copied to OD variables. Multiple pairs may be received, for example, in use case when transmitting device supports event based SRDO sending. E.g. cyclic and event based SRDO is sent within program cycle. |
|
|
SRDO message configuration is done only during CANopen initialization. The message timeout values are configured with MultiTool Creator. |
The following architecture is used for SRDO message transmitting. the example image is for a single SRDO variable.
All of the POUs are automatically generated by MultiTool Creator to code template.
The following example shows how an application updates the transmit SRDO variable using the code template.
The transmit SRDO data is updated using a CAN specific safety program (e.g. S_CreateSRDOs_CAN1)
The variable Joystick_Y_Control is defined in MultiTool Creator as a SRDO variable
|
Safe PRG:
|
|
|
The following architecture is used for SRDO message receiving. The example image is for a single SRDO variable.
All of the POUs are automatically generated by MultiTool Creator to code template.
The following example shows how application reads a received SRDO variable using the code template.
The received SRDO data is validated in a CAN specific safety program (e.g. S_Validate_SRDOs_CAN1)
The variable Joystick_Y_Control is defined in MultiTool Creator as a SRDO variable
|
|
The application shall check that the received SRDO data is valid before using safety variables for control. Validity is indicated with, for example, S_Validated_SRDOs_CAN1.o_SRDO_Data_Valid. The status covers all variables mapped to received SRDOs (CAN bus specific).
|
|
|
The application has to enable SRDO validation before data is read and validated to safety variables. Validation enable conditions are application specific but it is recommended to check the transmitting unit's NMT state because SRDO messages are only sent in NMT operational state.
|
|
|
If an SRDO message error is activated (e.g. timeout), rising edge in validation i_Enable is required before SRDO data can be re-enabled.
|
|
|
The SRDO validation program's outputs also include all individual SRDO variable statuses, for example, S_Validate_SRDOs_CAN1.o_Status_Cabin_Joystick_Y_Control
|
|
Safe PRG:
|
|
|
CreateSRDO_<type> (FUN)
Source file topic100472.htm
Last updated 21-Feb-2025
