FS Work Package: blip handling

Functional Safety Work Package: blip handling FSWP0010
status: POSTPONED to post v2.0.0
tags: fswp
date: 2025-07-24

Background

When sending the status of a safety input via for example radio or CAN, if the input is deactivated for a time shorter than the communication timeout, AND there is a communication timeout exactly at the same time, the receiver will not receive the deactivation of the input, and will believe that the input was never deactivated.

This is a problem for safety inputs, as it is common that a deactivated input should require a reset before the safety function can be activated again. If the reset function is at the receiver side, the receiver will not see the deactivation of the input and will continue running normally.

To solve this, transmitters need to guarantee that any 1->0->1 pulse transmitted on a communication channel will always be received at the receiver side. This can be done at the compiler/logic level by ensuring that the pulse is always longer than the communication timeout via the use of a delay block after the input. It can also be done at the protocol level by feedback from every receiver of that signal that they have heard the 0 signal.

This is only required for signals where a 0 is required to be received at the receiver side, such as a reset function or a sync_inputs function.

As a first step, this will be implemented in the safety manual, and also a compiler warning/error in Simplifier Manager that tells the user about the issue and how to solve it.

Affected components

Source code

  • SRC002-021

  • SRC002-022

  • SRC002-017

  • SRC002-018

  • SRC200-001 (Simplifier Manager)

  • SRC002-104 (Logic Compiler)

Hardware designs

No hardware designs are affected by this change.

Mechanical designs

No mechanical designs are affected by this change.

Manuals/Documentation

The safety manual needs to be updated to include information about how this affects programming.

  • Limitations when sending data via safety communication.

Approvals

No changes to approvals.

Products

Safety simplifier, Simplifier Manager, logic compiler.

Impact analysis (non safety)

No non-safety impact is expected from this change.

Impact analysis (functional safety)

Compiler

Affected requirements

A new requirement that specifies the handling of pulses like this should be specified.