Action on processor shutdown, Normal shutdown action, Processor led states – Rockwell Automation T80020 Application Note Diagnostic Procedures User Manual

Trusted

TM

AN-T80020 Diagnostics Procedure

Issue 12 Feb 11

AN-T80020

36

Action on Processor Shutdown

The 8000 series system is designed to be fault tolerant, with triplicated circuits allowing simple 2-out-
of-3 voting at very high speed. It is therefore able to identify and isolate faults which cause one slice to
be different. However, there are always common cause failure modes in any safety system. The 8000
series system is designed to shut itself down if it cannot guarantee its integrity. This may be caused by
faults in the operating system programming or hardware/circuit design or other circumstances. The fail-
safe action is designed to eliminate situations where the system would fail to perform an intended
shutdown, and the calculated mathematical system integrity is in the SIL4 band as a result (although
IEC61511 limits TMR designs to SIL3 duties).

In the event of an unexpected shutdown, you will understandably want to know what went wrong.
There are several different ways to get diagnostic data from the system, and it is easy to lose this data
in the effort to get the system running again. This procedure describes how to get this data before it is
lost.

Normal Shutdown Action

If the Processor ‘Run’ LED is still flashing, the application is still running. Check if the system has
performed a proper shutdown. The procedures below only apply when the application has stopped.

These procedures do not cover shutdowns due to the loss of function block states during intelligent
online updates. If the shutdown occurred directly after an online update, and the application is still
running, refer to AN-80009. The file that will be of most use to diagnostics is appli.msx in the
application folder; this will record ‘deleted’ and ‘new’ function blocks. Note that Toolset build 111 has
much better matching of function blocks than earlier builds.

Processor LED States

Please note the state of ALL Processor LEDs (on both processors if fitted): Healthy x 3, Active,
Standby, Educated, Run, Inhibit, System Healthy.

Toolset Debugger Messages

The application environment may have recorded some error messages which will be collected by the
Toolset debugger when it is next connected. These are only collected once, and then they are deleted
and cannot be collected again. Restarting the processor will delete these messages.

Attempt to connect using the Toolset using a serial cable to the processor front panel port. The
keyswitch must be in the ‘Maintain’ position.

Open the debugger.

If any messages appear (e.g. “application stopped”), expand the window vertically to show the
messages and take a screen capture (Alt – Print Screen). An example is shown below. There will be
up to 16 messages available.

Paste this into the Windows Paint program and save the file.

Start the application if it reports “No Application” (this may restart the system). If it reports
‘Disconnected’, the Toolset was not able to connect.

Close the debugger. The procedure continues on the next page.