Chapter 10: safemode controller, 1 introduction, 1 write protection – Sensoray 826 User Manual
Page 71: Safemode controller, Introduction, Write protection
Chapter 10: Safemode Controller
10.1
Introduction
The 826 board features a fail-safe controller that forces analog and digital outputs to predetermined levels in response to
hardware triggers. The controller works in concert with the watchdog timer and external devices such as emergency
shutdown contacts to switch the board's outputs to fail-safe levels without software intervention.
Figure 9: Safemode Controller
The controller consists of configuration (XSF) and write protection control (SWE) registers, triggering logic, and a state
register. When safemode is active (SAF = '1'), the board's analog and digital outputs are automatically switched to their fail-
safe states. SAF can be set by the program and in response to hardware triggers, but only the program can reset SAF to turn
off safemode. Upon power-up or board reset, SAF is reset.
If the watchdog is allowed to activate safemode (see S826_WatchdogConfigWrite), it will assert the Safemode Trigger
signal upon Timer0 event, thus setting SAF. Once asserted, the trigger will remain asserted until the watchdog is disabled.
Consequently, the program cannot reset SAF until the watchdog is disabled.
When XSF = '1', safemode can be triggered by an active-low signal applied to the DIO channel 47 connector pin (DIO47).
When this happens, the program cannot reset SAF until DIO47 is negated or XSF is cleared.
Additional information about safemode can be found in Section 6.1.1 (analog outputs) and Section 8.1.2 (DIO outputs).
10.1.1 Write Protection
The SWE register controls write protection for registers associated with the watchdog and safemode controller. All affected
registers are write-protected when SWE = '0'; this is the default state of SWE at power-up and upon system reset. The SWE
register state does not change when the board is opened or closed.
Before writing to protected registers, the program must set SWE (by calling S826_SafeWrenWrite) to allow writes to the
registers. During initialization, the program will typically disable write protection, write all fail-safe states as required by
the application, and then re-enable write protection to prevent modification of the registers due to subsequent wayward
software execution.
Several of the API functions write to SWE protected registers. These functions can fail without notification if called while
SWE = '0' (they will return S826_ERR_OK if no other errors are detected, but the protected register will not be written). If
it is necessary to detect a failed write to a write-protected register, the program should read the register after writing to it
and compare the read and written values; a failed write is indicated when the read and written values are not equal. Each of
the write functions has a corresponding read function that can be used to read back the programmed register state; these are
not affected by the state of the SWE register.
826 Instruction Manual
66
Safemode Controller
Safemode Disable
Safemode Enable
Hardware
Triggers
Software
Commands
Internal
Data Bus
Safemode
State Reg
DIN47
Safemode Trigger
(from watchdog)
SAF
SWE
S
WE
Q
R
SWE
Reg
XSF
Reg
XSF