This article is an excerpt from PROFINETuniversity.com
PROFIsafe is a safety communication technology for discrete manufacturing and process automation systems. It was developed by PROFIBUS / PROFINET International (PI) to meet Functional Safety requirements for PI communication technologies (PROFINET, PROFIBUS, and PROFIBUS PA). The PROFIsafe role in the safety universe is to minimize the chance of incorrect functioning of the control system. Incorrect functioning for a PROFsafe communication would be an undetected error. If a failure were to be undetected, then no safety action could be taken and an unsafe condition could be the result. PROFIsafe reduces the probability of undetected errors. The PROFIsafe Application Profile contains the details about how PROFIsafe meets the communication requirements for Functional Safety in a PROFINET context.
The “Black Channel”
PROFIsafe is designed to be independent of the base transmission channel; whether that channel is copper wire, fiber optics, wireless, or a back-plane. The transmission rate and any built-in error detection mechanisms of the transmission protocol are considered “Black Channels” (like a black box where we don’t know what’s inside), they play no role in safety considerations. This approach frees PROFIsafe users from having to worry about the safety assessment of the individual system communication paths. PROFIsafe ensures the security of the communication from the safety signal origination to the signal destination(and vice versa). The PROFIsafe layer (or PROFIsafe driver) is an encoding/decoding package that ensures the integrity of the safety portion of the communication.
PROFIsafe GSD files: F-GSDs
GSD files contain information that enables PROFINET controllers to set up communications with PROFINET devices. PROFIsafe devices require the same sort of communication setup with safety controllers. PROFIsafe GSD files must be secured to protect the communication integrity, so they are compiled with a special tool that calculates a safety CRC that is then incorporated into the GSD. PROFIsafe components may also be called F-components (Failsafe), so a PROFIsafe GSD could be called an F-GSD.
PROFIsafe Parameters: F-Parameters
When the safety controller sends parameters to the devices, the setup information is transmitted and received using the PROFIsafe drivers. The parameter setup ensures the same level of data protection as for safety data for I/Os.
Example PROFIsafe System
PROFIsafe Elements in an F-system:
- F-GSD file contains all the information to allow an F-controller to set up and communicate with the device. The F-GSD file is protected with a CRC to ensure its’ safety conformance.
- The f-config tool is the programming environment. It uses F-GSDs to create and download the system configuration and F-Program to the F-controller. The F-program and configuration are subject to the PROFIsafe safety checks to ensure correct functioning.
- F-controller executes the safety program. Safety controllers use the concept of duplication, either with HW or FW, and F-programming to operate a safety system.
- F-Devices (F-I/O, F-light curtains, F-valves, etc. ) use hardware safety techniques to ensure their safe operation.
How safe is PROFIsafe?
PROFIsafe can support up to Safety Integrity Level 3 ( SIL 3) IEC 61508, or Category 4, EN 954-1. To meet SIL 3 requirements, the probability of an undetected error must be < 1 error for every 10^(7) hours of operation. The allowable PROFIsafe communication portion of the error probability is < 1 undetected error for every 10^(9) hours (one undetected error every 114,155 years).
A product is not automatically suitable for safety applications just by using PROFIBUS/PROFINET and PROFIsafe technology. Safe communication alone does not guarantee a product meets all safety requirements.
Read More…
This article is an excerpt from PROFINETuniversity.com