Glossary term

Sequence Counter

Engineering definition of a sequence counter covering message ordering, gap detection, wraparound, stale data and validation evidence.

Definition

metric

A sequence counter is a monotonically advancing value carried with messages, samples or records so a receiver can detect order, duplicates, drops, repeats and wraparound.

Sequence counters are used in embedded buses, packet telemetry, data acquisition, distributed services, medical devices and control systems to prove that new data have arrived in the expected order. They support freshness checks, stale-data detection, dropout diagnosis and fault handling, but they do not replace timestamps, checksums, authentication or physical signal validation.

A sequence counter is a value attached to a message, sample, frame or record so the receiver can tell whether the next item is new, repeated, missing, reordered or wrapped around. It is common in fieldbuses, telemetry packets, data acquisition, embedded diagnostics, medical-device streams, control messages and distributed logs.

The counter does not prove that the payload is correct. It proves something narrower but important: the receiver has evidence about message order and continuity. A value can pass a checksum and still be old, duplicated or out of order. A sequence counter helps expose that failure.

Counter Rule

For a counter with b bits, the number of states is:

N=2^b

The expected next counter value is:

C_{next}=(C_{prev}+1)\bmod N

If the received value equals C_next, the sequence is continuous. If it equals C_prev, the receiver may be seeing a repeated frame, frozen producer, retransmission or stale buffer. If it jumps forward, messages may have been lost.

Gap Detection

The modulo counter difference is:

\Delta C=(C_{rx}-C_{prev})\bmod N

For normal forward progress without ambiguity, the estimated number of missing messages is:

N_{miss}=\Delta C-1

This rule is valid only when Delta C is interpreted in the expected direction and the possible gap is small compared with the counter range. If long outages can exceed the counter range, a timestamp, timeout or wider counter is needed.

Wraparound Limit

A counter wraps after:

\displaystyle t_{wrap}=\frac{N}{f_{msg}}

where f_msg is the nominal message rate. A short wrap time can make fault diagnosis ambiguous. If an 8-bit counter runs at a high message rate, the same counter value appears frequently. The receiver must use timing and expected rate, not only equality.

A practical design rule is:

t_{fault,max}<t_{wrap}

where t_fault,max is the longest outage or freeze that must be diagnosed without ambiguity. Safety-related and medical systems often need a larger margin than this first screen.

Worked Example

A data acquisition node sends one frame every:

T_{msg}=20\ \text{ms}

The frame carries an 8-bit sequence counter:

N=2^8=256

The nominal message rate is:

\displaystyle f_{msg}=\frac{1}{0.020}=50\ \text{Hz}

The wrap time is:

\displaystyle t_{wrap}=\frac{256}{50}=5.12\ \text{s}

The receiver last accepted:

C_{prev}=143

and the next received frame has:

C_{rx}=147

Then:

\Delta C=(147-143)\bmod 256=4

The missing-message estimate is:

N_{miss}=4-1=3

The data-age jump implied by the skipped periods is:

t_{gap}=4T_{msg}=4(20)=80\ \text{ms}

If the stale-data timeout is:

t_{stale}=100\ \text{ms}

then the margin is:

M_{stale}=100-80=20\ \text{ms}

The receiver can keep operating if the application accepts this margin, but the missing frames should be logged. If the same counter value repeats for six periods, the implied stale interval is:

t_{repeat}=6(20)=120\ \text{ms}

That exceeds the stale-data timeout by:

120-100=20\ \text{ms}

The receiver should reject the value, degrade the function, alarm or enter a safe state according to the hazard analysis.

Boundary With Timestamps

A sequence counter and a timestamp answer different questions. The counter answers whether items arrived in the expected order. The timestamp answers when the represented event occurred. A stream can have perfect counter continuity while being delayed by buffering. It can also have accurate timestamps while missing samples.

Strong designs use both. The sequence counter detects loss, duplication and reordering. The timestamp and data-age rule decide whether a value is still usable for the current control, display, alarm or estimation decision.

Fault Handling

Fault handling should define responses for repeated counters, skipped counters, impossible backward jumps, rollover, long outages, reset-to-zero events, duplicated packets and startup resynchronization. The response can be different for monitoring and control. A display may show the last value with a stale flag. A control loop may hold output for one missed sample but trip or derate after a threshold.

The sequence counter should be part of the data contract. The sender must state counter width, increment rule, reset behavior, wrap rule, message rate, startup state and whether retransmission preserves or changes the counter.

Validation Evidence

Useful evidence includes bus captures, packet captures, receiver logs, producer reset tests, dropped-frame injection, duplicate-frame injection, counter rollover tests, startup resynchronization tests, load tests, gateway buffering tests, timeout tests and fault-injection evidence showing the final safe-state behavior.

Common mistakes include using a counter but never checking it, treating counter equality as proof of freshness, forgetting wraparound, accepting a reset counter as a valid new stream without a startup rule, logging only the payload value, and failing to test duplicate or reordered messages. A strong review states the counter contract, the stale-data threshold, the receiver decision table and the evidence that the implementation handles every boundary case.

REF

See also