A field bus is a known industrial communication system, used for data transfer systems, which connects numerous linked field devices, such as sensors, control elements, and/or actuators to a control device, wherein the devices which provide the actual connection to the bus are referred to as “bus users.”
For a number of applications, the deterministics, i.e., the predetermination and immutability in the transfer of process data, are more important than the actual transfer speed itself. For example, field buses having users connected thereto are known, in which process data are cyclically transferred via a shared transmission channel for transferring process data between individual users, and thus for transmitting and receiving process data, in particular process input data, process output data, and control data. For this purpose, during predetermined data cycles it is common for a user which functions as a master to read protocol-specific data from field devices which are connected to slave users, and during each subsequent data cycle to write to field devices which are connected to slave users.
In many system applications, the data to be transferred are also safety-relevant data, at least in part, so that data transfer errors must be recognized as soon as possible, and upon recognition of an error a timely response must be made; for example, a field device, user, or (sub)system must be converted to a safe state. For transfer of safety-relevant data via a bus, essentially six error classes must be considered: repetition, loss, insertion, incorrect sequence, deletion, and delay of safety-relevant data. The transfer of these data must therefore be secure.
To ensure secure transfer of data, in particular safety-relevant process data, at least in such a way that the listed error classes may also be recognized when they are present, it is basically common practice to supplement the transferred data with additional control data, for example time stamps, user information, and/or check information such as cycle redundancy checks (CRCs). However, a major disadvantage is that the overhead to be transferred greatly increases compared to the user data to be transferred, thus reducing the protocol efficiency. This weakness is particularly serious when the number or frequency of safety-relevant user data items per user which must be transferred is low. Another disadvantage of previously known monitoring systems for safety-related data is that, in order to implement user-specific processes having safety-oriented outputs, at least two microcontrollers or complex hardware circuits are always necessary for processing complex protocol tasks.