No products in the cart.
Safety
14.Safety
The Safety service monitors the Estop from Safety Client. It raises EMERGENCY
to the subsystem when the Estop is set. On the other hand, the safety service
also checks the health summary of the subsystem. It raises EMERGENCY when the
health summary is in Error or Fatal.
To raise EMERGENCY, the Safety service obtains control from Subsystem State
and set the Subsystem State to EMERGENCY. When the emergency is cleared, the
Safety service sets the Subsystem State to OPERATIONAL and releases control of
the Subsystem State service.
Require: Access Control service
Inherit from: none
14.1 Service Behavior
14.1.1 State Diagram
Figure 13 Safety State Diagram
14.1.2 State Actions
| State | Actions |
|---|---|
| PAIRING | Waiting for Set Estop message from the Safety Client service. Raise EMERGENCY. |
| OPERATIONAL | Check the received Set Estop messages and monitoring health summary of the subsystem. Transition to EMERGENCY when Set Estop is set or the health summary reports error. |
| EMERGENCY | Obtain control from Subsystem State and set the Subsystem State to Emergency |
| FAULT | Hardware fault. Raise EMERGENCY |
14.1.3 Internal Events
| Event | Parameters | Purpose |
|---|---|---|
| ieReceiveMessage |
14.1.4 Transitions
| Transition | Trigger | Condition | Action |
|---|---|---|---|
| A | Received Set Estop from Safety Client | Set the subsystem state to operational and release control from the Subsystem State service | |
| B | Set Estop timeout | Obtain control from the Subsystem State service and set the subsystem state to emergency. | |
| C | Set Estop emergency set or Health Summary is error or fatal. | Obtain control from the Subsystem State service and set the subsystem state to emergency. | |
| D | Set Estop emergency not set and Health Summary is not error or fatal | Set the subsystem state to operational and release control from the Subsystem State service. | |
| E | Hardware fatal error detected | Obtain control from the Subsystem State service and set the subsystem state to emergency |
14.2 Protocol
14.2.1 Incoming Message Set
| # | ID | Message |
|---|---|---|
| 1 |
H:0x00000001 L:0x0000013C |
Set Estop |
| 2 |
H:0x00000001 L:0x0000013E |
Report Health Summary |
| 3 |
H:0x00000001 L:0x0000012D |
Confirm Control |
| 4 |
H:0x00000001 L: 0x0000012F |
Report Control |
| 5 |
H:0x00000001 L: 0x0000013B |
Report Subsystem State |
14.2.2 Outgoing Message Set
| # | ID | Message |
|---|---|---|
| 1 |
H:0x00000001 L:0x0000013D |
Query Health Summary |
| 2 |
H:0x00000001 L: 0x0000012A |
Request Control |
| 3 |
H:0x00000001 L: 0x0000012C |
Query Control |
| 4 |
H:0x00000001 L: 0x00000139 |
Set Subsystem State |
14.3 Parameters
- CYCLEINTERVAL double, time interval in seconds of each cycle, default=0.05.
- ESTOPTIMEOUT double, timeout in seconds not receiving Set Estop messages, default=0.1.
- REPORTDATATIMEOUT double, timeout in seconds for not receiving updates of the control of the subsystem state and health summary, default=2.0.
- MESSAGEINTERVAL double, time interval in seconds for sending messages, default=0.5.
- CHECKINTERVAL double, time interval in seconds to check the states of all the management services, default=1.0.
- AUTHORITYCODE uint8, authority code to use for gaining control of the subsystem state, default=225.