Nonrecoverable controller faults, Recoverable faults in the safety application – Rockwell Automation 1756-SPESMNRMXT GuardLogix Controllers User Manual Manuel d'utilisation
Page 129
Rockwell Automation Publication 1756-UM020I-EN-P - August 2012
129
Monitor Status and Handle Faults
Chapter 9
Nonrecoverable Controller Faults
These occur when the controller’s internal diagnostics fail. If a nonrecoverable
controller fault occurs, safety task execution stops and CIP Safety I/O modules
are placed in the safe state. Recovery requires that you download the application
program again.
Nonrecoverable Safety Faults in the Safety Application
If a nonrecoverable safety fault occurs in the safety application, safety logic and
the safety protocol are terminated. Safety task watchdog and control partnership
faults fall into this category.
When the safety task encounters a nonrecoverable safety fault that is cleared
programmatically in the Controller Fault Handler, the standard application
continues to execute.
If a safety task signature exists, you only need to clear the fault to enable the safety
task to run. If no safety task signature exists, the safety task cannot run again until
the entire application is downloaded again.
Recoverable Faults in the Safety Application
If a recoverable fault occurs in the safety application, the system may or may not
halt the execution of the safety task, depending upon whether or not the fault is
handled by the Program Fault Handler in the safety application.
When a recoverable fault is cleared programmatically, the safety task is allowed to
continue without interruption.
When a recoverable fault in the safety application is not cleared
programmatically, a Type 14, Code 2 recoverable safety fault occurs. The safety
program execution is stopped, and safety protocol connections are closed and
reopened to re-initialize them. Safety outputs are placed in the safe state and the
producer of safety-consumed tags commands the consumers to place them in a
safe state, as well.
Recoverable faults let you edit the standard and safety application as required to
correct the cause of the fault. However, if a safety task signature exists or the
controller is safety-locked, you must first unlock the controller and delete the
safety task signature before you can edit the safety application.
ATTENTION: Overriding the safety fault does not clear it! If you override
the safety fault, it is your responsibility to prove that doing so maintains
safe operation.
You must provide proof to your certifying agency that allowing a portion of
the system to continue to operate maintains safe operation.