Error Reactions

Failure of a slave

If a slave does not respond or the response is faulty, the master repeats the telegram several times, according to the Max Retry Limit (see Bus parameters dialog). If a faulty telegram is received, the master repeats immediately, in the event of a timeout the master waits for a response from the slave until the Slot Time has elapsed (see Bus parameters dialog). At 12 Mbaud, a slot time of 1000 bit-periods and a max retry limit of 4 (the default values) then a Data_Exchange telegram will delay sending the following telegram by

TDelay = (4 x ((15 + number of outputs [size in bytes]) x 11 + 1000) - (15 + number of inputs [size in bytes]) x 11)/12 µs

The DpState of the slave is set to 0x02 (timeout) or 0x0B (faulty telegram). The effect on the DP connection can be set (see below).

Normal DP cycle (12 Mbaud, 5 slaves, an average of 20 bytes I, 20 bytes O for each slave)

Error Reactions 1: — Diagram showing a normal DP cycle

First occurrence of a faulty DP cycle (slave 3 does not answer)

Error Reactions 2: — Diagram showing the first occurrence of a faulty DP cycle

Subsequent DP cycles (slave 3 no longer in the polling list)

Error Reactions 3: — Diagram showing subsequent DP cycles

It can still happen that the slave answers incorrectly (e.g. because, as a result of a local event on the slave, the DP connection has been removed). In this case, the telegram is not repeated, but the system continues by sending the next telegram. The DpState is set to a value other than 0, the slave is removed from the polling list and is no longer addressed in the following DP cycle (which means that the time at which the following telegram is sent changes), until the DP connection can be established again.

Reactions in the master

The master's reactions can be set differently for each slave (see the tab for the slave's Features).

Effect on the DP connection (NoAnswer reaction) if the slave either does not answer or does not answer correctly

This specifies whether the DP connection to the slave should be removed immediately in the absence of a correct reception telegram, or only after the DP watchdog time has elapsed (see the slave's Profibus tab).

If the DP connection is to be removed immediately (Leave Data Exch, default setting) the slave is removed from the polling list and is no longer addressed in the following DP cycles until the DP connection is established once again. In order to re-establish the DP connection to the slave, at least 7 telegrams are sent, and the process generally requires at least 10-20 ms.
If the DP connection is only to be removed when the slave has not answered (or not answered correctly) within the DP watchdog time (Stay in Data-Exch (for WD-Time)), a further attempt is made in the next polling cycle to address the slave, but if the slave does not answer, a repeat is not sent.

The "Stay in Data-Exch (for WD-Time))" (2.) setting makes sense if the PROFIBUS cycle is to continue to operate at the most regular possible period even if a slave fails, and if the failure of a slave for one or more cycles can be tolerated (e.g. in the DP/MC (Equidistant) operation mode). In this case the DP watchdog time for the slave should be set according to the tolerable outage time of the slave, and the Max Retry Limit (DX) (see Bus parameters dialog) should be set to 0.

Normal DP cycle (12 Mbaud, 5 slaves, an average of 20 bytes I, 20 bytes O for each slave) in the "Stay in Data-Exch (for WD-Time)" mode

Error Reactions 4: — Diagram showing a normal DP cycle

First faulty and subsequent DP cycles in the "Stay in Data-Exch (for WD-Time)" mode (slave 3 does not respond)

Error Reactions 5: — Diagram: First faulty and subsequent DP cycles in the "Stay in Data-Exch (for WD-Time)" mode

Changes of the slave's input data if the slave does not respond correctly

This specifies whether the slave's input data is set to 0 when it fails ("Inputs will be set to 0", which is the default setting) or whether the existing values are retained ("No changes"). In either case the DpState of the slave is set to value other than 0, so that the task can always recognize whether or not the data is valid. If a slave gives a faulty answer, the input data is always set to 0, independently of the setting of Changes of the Input Data.

Setting the slave's restart behavior if the DP connection to the slave is removed

This specifies whether the DP connection to slave whose DP connection has been removed is automatically re-established, or whether this should be done manually as a result of a call to ADS-WriteControl (see ADS-Interface).

The reaction of the master if the DP connection to the slave is removed

This specifies whether removing the DP connection to a slave has no other effects (No Reaction, the default setting), or whether the master should enter the STOP state, thus removing the DP connections to all the slaves.

Effect on the state of the master (Clear mode), if the DP connection to the slave is removed

Clear mode (see Fault Settings dialog) can be used to specify that the master should switch to or remain in "Clear" state, as long as at least one MC slave (setting: "Only MC slaves") or any slave (setting: "All slaves") does not respond correctly (i.e. has a DpState not equal 0).

The Reaction of the Master setting (see the slave's Features tab), which was described in the previous section, has priority over the Auto-Clear mode, so that when an appropriately set slave fails, the Master enters the STOP state.

Failure of the master

Monitoring in the PLC/IO task

In the presence of a persistent bus fault, the DP cycle can be extended up to 100 ms, even at 12 Mbaud. In order to monitor the DP master, there is a status variable CycleCounter, and this can be linked in the PLC (see the Master Diagnosis section). This variable is incremented by the master after each DP cycle, so that failure of the master can be detected in by monitoring this variable in the PLC.

Monitoring in the slave

In order to monitor failure of the master and data transmission on the PROFIBUS, a watchdog (see the box's Profibus tab) can be activated (default setting: watchdog activated with 200 ms). The Watchdog must be set to at least twice the maximum Estimated Cycle Time and Cycle Time (see "FC310x or "EL6731" tab (for TwinCAT of the master)).

Failure of the PLC/IO task (FC310x) or EtherCAT interruption (EL6731)

A distinction is made between the cases PLC stop, reaching of a breakpoint and task stop [EL6731: EtherCAT interruption] (IO task, NC task is only stopped on system stop). In the case of a PLC stop, the output data is set to 0 by the PLC, whereas when a breakpoint is reached the data initially remains unchanged.

In the master, the task is monitored with a monitoring time (according to the Task Watchdog setting times the task cycle time, see Fault Settings dialog). If no new data transfer takes place within this monitoring time, the master switches to "Clear" state according to the setting Reaction on PLC Stop or Reaction on Task Stop (see Fault Settings dialog; outputs are set to 0 or safe state (Fail_Safe = 1 in the GSD file, default setting) or remains in "Operate" state (outputs retain the last value). The "Operate" setting is valuable when the outputs should not be cleared when a breakpoint is reached in the PLC. However, if the PLC stops, the outputs will still be set to 0 (by the PLC), even if the master remains in the "Operate" state. It should, however, be noted that the outputs will only be zeroed if the previous DP cycle is completed in time (see the Synchronization section). It should therefore only be set during the commissioning phase.

Host failure [only FC310x]

In order to monitor the host for crashes (e.g. Blue Screen in the case of a PC), a watchdog time can be set (see Fault Settings dialog). If this watchdog timer elapses, the master enters the OFFLINE state, so that the DP connections to all the slaves are removed, and the master logs off from the PROFIBUS, ceasing to carry out bus accesses.

Start-up behavior

The DP connections to all the slaves are established when the TwinCAT system starts up. Until the highest priority task that is involved has not been started, the master still does not send any Data_Exchange telegrams even after the DP connection has been established, and sends only diagnostic telegrams. As soon as the highest priority task has transferred data once, and the DP connection for the corresponding DP slave has been established, the master cyclically (with the highest priority assigned task) sends one Data_Exchange telegram to each of the corresponding slaves.

In addition, the Operate Delay and Clear Mode settings (see Fault Settings dialog) can be used to specify when the master switches from "Clear" state (outputs are set to 0 or safe state (Fail_Safe = 1 in the GSD file)) to "Operate" state (outputs correspond to the outputs transferred by the task). The Operate Delay specifies the minimum length of time for which the master should remain in the "Clear" state following the first transfer of data. As has been described above, the Clear mode specifies whether the master changes into or remains in the "Clear" state if a slave in general or an MC slave in particular fails.

Shut-down behavior

The reaction to the stopping of the TwinCAT system is exactly the same as has been described above in the "Failure of the Host" section; the DP connections to all slaves are removed, and the master logs itself off from the bus.