Error Reactions

Failure of a slave

If a slave does not answer, or answers incorrectly, the master repeats the telegram a number of times up to the Max Retry Limit (TwinCAT 2.8: see the master's PROFIBUS tab, TwinCAT 2.9: see master's Bus-Parameter dialog). The master repeats the telegram immediately on receipt of a faulty telegram, whereas in the timeout case the master has waited for an answer from the slave for the Slot Time (TwinCAT 2.8: see the master's PROFIBUS tab, TwinCAT 2.9: see master's Bus-Parameter dialog). At 12 Mbaud, a slot time of 1000 bit-periods and a max retry limit of 4 (the default values) then a Data_Exchange telegram will delay sending the following telegram by

TDelay = (4 x ((15 + number of outputs) x 11 + 1000) - (15 + number of inputs) x 11)/12 µs

The DpState of the slave is set to 0x02 (timeout) or 0x0B (faulty telegram). The effect on the DP connection can be set (see below).

Normal DP cycle (12 Mbaud, 5 slaves, an average of 20 bytes I, 20 bytes O for each slave)

first occurrence of a faulty DP cycle (slave 3 does not answer)

subsequent DP cycles (slave 3 no longer in the polling list)

It can still happen that the slave answers incorrectly (e.g. because, as a result of a local event on the slave, the DP connection has been removed). In this case, the telegram is not repeated, but the system continues by sending the next telegram. The DpState is set to a value other than 0, the slave is removed from the polling list and is no longer addressed in the following DP cycle (which means that the time at which the following telegram is sent changes), until the DP connection can be established again.

Reactions in the master

The master's reactions can be set differently for each slave (see the tab for the slave's Features).

Effect on the DP connection (NoAnswer reaction) if the slave either does not answer or does not answer correctly

This specifies whether the DP connection to the slave should be removed immediately in the absence of a correct reception telegram, or only after the DP watchdog time has elapsed (see the slave's PROFIBUS tab).

1. If the DP connection is to be removed immediately (Leave Data Exch, default setting) the slave is removed from the polling list and is no longer addressed in the following DP cycles until the DP connection is established once again. In order to re-establish the DP connection to the slave, at least 7 telegrams are sent, and the process generally requires at least 10-20 ms.

2. If the DP connection is only to be removed when the slave has not answered (or not answered correctly) within the DP watchdog time (Stay in Data-Exch (for WD-Time)), a further attempt is made in the next polling cycle to address the slave, but if the slave does not answer, a repeat is not sent.

The "Stay in Data-Exch (for WD-Time))" (2.) setting makes sense if the PROFIBUS cycle is to continue to operate at the most regular possible period even if a slave fails, and if the failure of a slave for one or more cycles can be tolerated (e.g. in the DP/MC (Equidistant) operating mode). In that case the DP watchdog time for the slave should be set to correspond to the slave's tolerable failure time, and the Max Retry Limit (DX) (TwinCAT 2.8: see the master's PROFIBUS tab, TwinCAT 2.9: see master's Bus-Parameter dialog) should be set to 0.

Normal DP cycle (12 Mbaud, 5 slaves, an average of 20 bytes I, 20 bytes O for each slave) in the "Stay in Data-Exch (for WD-Time)" mode

first faulty and subsequent DP cycles in the "Stay in Data-Exch (for WD-Time)" mode (slave 3 does not respond)

Changes of the slave's input data if the slave does not respond correctly

This specifies whether the slave's input data is set to 0 when it fails ("Inputs will be set to 0", which is the default setting) or whether the existing values are retained ("No changes"). In either case the DpState of the slave is set to value other than 0, so that the task can always recognize whether or not the data is valid. If a slave gives a faulty answer, the input data is always set to 0, independently of the setting of Changes of the Input Data.

Setting the slave's restart behavior if the DP connection to the slave is removed

This specifies whether the DP connection to slave whose DP connection has been removed is automatically re-established, or whether this should be done manually as a result of a call to ADS-WriteControl (see ADS-Interface).

The reaction of the master if the DP connection to the slave is removed

This specifies whether removing the DP connection to a slave has no other effects (No Reaction, the default setting), or whether the master should enter the STOP state, thus removing the DP connections to all the slaves.

Effect on the state of the master (Clear Mode), if the DP connection to the slave is removed

The Clear Mode (TwinCAT 2.8: see the master's PROFIBUS tab, TwinCAT 2.9: see master's Fault-Settings dialog) can be used to specify whether the master enters (or stays in) the "Clear" state as long as either at least one MC slave (the "Only MC-Slaves" setting) or any slave (the "All Slaves" setting) does not respond correctly (has a DpState other than 0).

The Reaction of the Master setting (see the slave's Features tab), which was described in the previous section, has priority over the Clear Mode, so that when an appropriately set slave fails, the Master enters the STOP state.

Failure of the master

Monitoring in the PLC/IO task

In the presence of a persistent bus fault, the DP cycle can be extended up to 100 ms, even at 12 Mbaud. In order to monitor the DP master, there is a status variable CycleCounter, and this can be linked in the PLC (see the Master Diagnosis section). This variable is incremented by the master after each DP cycle, so that failure of the master can be detected in by monitoring this variable in the PLC.

Monitoring in the slave

In order to monitor failure of the master and data transmission on the PROFIBUS, a watchdog (see the box's PROFIBUS tab) can be activated (default setting: watchdog activated with 200 ms). The watchdog time must be set to a length at least twice as great as the greater of Estimated Cycle Time and Cycle Time (see the device's "FC310x" tab (for TwinCAT 2.8 and TwinCAT 2.9)).

Failure of the PLC/IO task

A distinction is made between a PLC stop, reaching a break point and a task stop (the I/O task and NC task are only stopped when the entire system stops). In the case of a PLC stop, the output data is set to 0 by the PLC, whereas when a breakpoint is reached the data initially remains unchanged.

The task is monitored in the master using a monitoring time (TwinCAT 2.8: corresponding to the setting of Clear Delay x task cycle time on the master's PROFIBUS tab, TwinCAT 2.9: corresponding to the setting of Task-Watchdog x task cycle time on the master's Fault-Settings dialog). If no new data is transferred within this monitoring period, then, according to the setting of Reaction on PLC-Stop or Reaction on Task-Stop (TwinCAT 2.8: see the master's PROFIBUS tab, TwinCAT 2.9: see master's Fault-Settings dialog), the Master will enter the "Clear" state, in which outputs are set to 0 or to the safe state (if Fail_Safe = 1 in the GSD file), which is the default setting, or remains in the "Operate" state (outputs retain their most recent value). The "Operate" setting is valuable when the outputs should not be cleared when a breakpoint is reached in the PLC. However, if the PLC stops, the outputs will still be set to 0 (by the PLC), even if the master remains in the "Operate" state. It should, however, be noted that the outputs will only be zeroed if the previous DP cycle is completed in time (see the Synchronization section). It should therefore only be set during the commissioning phase.

Failure of the host

In order to monitor for failure of the host (e.g. if a PC goes into the blue screen state) it is possible for a watchdog time to be set (see the master's "FC310x" tab (for TwinCAT 2.8 and TwinCAT 2.9)). If this watchdog timer elapses, the master enters the OFFLINE state, so that the DP connections to all the slaves are removed, and the master logs off from the PROFIBUS, ceasing to carry out bus accesses.

Start-up behavior

The DP connections to all the slaves are established when the TwinCAT system starts up. Until the highest priority task that is involved has not been started, the master still does not send any Data_Exchange telegrams even after the DP connection has been established, and sends only diagnostic telegrams. As soon as the highest priority task has transferred data once, and the DP connection for the corresponding DP slave has been established, the master cyclically (with the highest priority assigned task) sends one Data_Exchange telegram to each of the corresponding slaves.

It is also possible to specify by means of the Operate Delay and Clear Mode settings (TwinCAT 2.8: see the master's PROFIBUS tab, TwinCAT 2.9: see master's Fault-Settings dialog) when the master will change from the "Clear" state (in which the outputs are set either to 0 or to the safe state (Fail_Safe = 1 in the GSD file)) into the "Operate" state (in which the outputs correspond to the outputs supplied by the task). The Operate Delay specifies the minimum length of time for which the master should remain in the "Clear" state following the first transfer of data. As has been described above, the Clear Mode specifies whether the master changes into or remains in the "Clear" state if a slave in general or an MC slave in particular fails.

Shut-down behavior

The reaction to the stopping of the TwinCAT system is exactly the same as has been described above in the "Failure of the Host" section; the DP connections to all slaves are removed, and the master logs itself off from the bus.