The present invention relates generally to safety-related (or “failsafe”) systems comprising communication systems. More particularly, the present invention relates to methods and devices for detecting communication errors online and initiating failsafe reactions, designed to prevent workplace accidents, in response to intolerable levels of error.
In a failsafe system, the error-free operation of the underlying communication system contributes to the overall safety of the people and property using the system. This is, for example, important in manufacturing systems, where the malfunction of heavy equipment could cause severe personal injury or property damage. For instance, a manufacturing system may consist of a communications network with a CPU, a communication medium, a control device coupled with the communication medium, and a piece of manufacturing equipment controlled by the control device. The CPU in turn controls the control device. Because the output of the manufacturing equipment is affected by the instructions it receives from its controller and transitively from the communications medium, errors produced by the communications medium can affect the operation of the machinery and the overall safety of the system. A truly failsafe system, therefore, must incorporate some means to control errors generated by the communication medium. The need for failsafe communications can easily be seen in manufacturing, waste disposal, medicine, transportation, military and other applications.
In failsafe systems, having regard to a communication between failsafe (EN 61 508) peripheral units and failsafe CPU units, high demands must be made on these units. E.g., the “Berufsgenossenschaftliche Institut fü Arbeitssicherheit” [Institute for Safety at Work for Professional Associations] assumes that the bit error probability in communication media is adequately on average in the order of magnitude of 10−2 (see “Entwurf eines Grundsatzes für die Prüfung und Zertifizierung von Bussystemen für die Übertragung sicherheitsrelevanter Nachrichten [Design of a principle for checking and certifying bus systems for the transmission of safety-related messages] of 15.3.99), which necessitates very extensive safety measures. Realistic (bit) error probabilities are less than 10−5. Accordingly, the present invention reduces the required safety measures without loss of transmission reliability by monitoring the error probability online.
Further, the performance of failsafe systems is governed by various regulations and standards which are forthcoming or already in place. For example, the International Electrotechnical Commission has published IEC 61508 (hereby incorporated by reference), a standard aimed at software performance for safety-related or failsafe systems. IEC 61508 provides for different levels of safety referred to as Safety Integrity Levels 1-4 (SIL 1-4) (NOTE DIN 19250 uses AK levels 1-8 with similar meaning). The higher the SIL level the more critical the safety and therefore an increased need to reduce risk. IEC 61508 prescribes data corruption rates for safety-engineered systems of less than 10−6-10−5 errors per hour for SIL 1, less than 10−7-10−6 errors per hour for SIL 2, and less than 10−8-10−7 for SIL 3.
Thus, there is a need for failsafe communication systems in many industries. Further, there is a need for communication systems to maintain certain levels of data integrity to comply with standards and prevent accidents. Still further, there is a need for communication system to monitor their own data integrity and react to integrity losses to prevent accidents. Still further, there is a need to obviate the use of extensive anti-corruption measures that can be required of communications networks serving failsafe systems.