State Industries GFK-0827 manual Stop to RUN Mode Transition, Background Window Time

Specific fault actions are described in Section 2 of this Chapter. However, you can configure whether or not a stand-alone CPU (after failure of the other CPU) will stop if another fault occurs.

You can select the fault actions (either diagnostic or fatal) for when a given CPU is operating without a backup available. This will allow you to choose between fault tolerant operation and a safety system where a shutdown is preferred.

If you do choose to set these fault actions to be diagnostic when the system is running, but not synchronized, the unit may remain the active unit even after the backup unit has been placed in RUN mode. Also, a unit with the fault actions set to diagnostic may be placed in RUN mode and become the active unit even though it may have a diagnostic fault which would be logged as fatal in a synchronized system.

For example, if you were to configure ºLoss of or Missing Rackº failures as diagnostic, then the following conditions would apply:

HIf an expansion rack fails when the units are synchronized, the unit with the rack failure will transition to STOP/FAULT mode and the other unit will become a stand-alone unit.

HIf an expansion rack fails after a unit becomes a stand-alone unit, a diagnostic fault will be logged on that unit but the unit will stay in RUN mode and continue to control the process.

HIf after the above situation occurs, the other unit transitions to RUN, the unit with the failed expansion rack will stay in RUN mode and may, depending on the configuration, remain in control of the process. With this situation, you may want to include logic to shut down the faulted unit if this is an undesired operation.

HIf an expansion rack fails while in STOP mode or while transitioning to RUN mode, a diagnostic fault is logged; however, the unit will still transition to RUN and may, depending on configuration, become the active unit. You may want to include logic to shut down the faulted unit if this is an undesired operation.

STOP to RUN Mode Transition

A resynchronization will occur at all STOP to RUN mode transitions. The time to perform this resynchronization may be very large and will exceed the current transition. The STOP to RUN mode transition has two separate paths.

1.If the CPU performing the transition is doing so alone or both CPUs are transitioning at the same time, then a normal STOP to RUN mode transition is performed (clear non-retentive memory and initialize FST_SCN and FST_EXE).

2.If the other CPU is active when this CPU performs a STOP to RUN mode transition, then non-retentive references will be cleared followed by a resynchronization with the active CPU.

Background Window Time

In a redundancy system, this value may be set to zero. Unlike other CPU models which have a default of 0 ms, the default value for the CPU 780 is 5 ms.