Start Up Sequences

Introduction

The M580 safety PAC can enter the start-up sequence in the following circumstances:

At initial power-up.
In response to a power interruption.

Depending on the type of task, and the context of the power interruption, the M580 safety PAC may perform either a cold start or a warm start when power is restored.

Initial Start-Up

At initial start-up, the M580 safety PAC performs a cold start. All tasks, including both the SAFE task and the non-safe (MAST, FAST, AUX0, AUX1) tasks, enter the STOP state unless Automatic start in RUN is enabled, in which case all tasks enter the RUN state.

Start-Up after a Power Interruption

The M580 safety power supply provides a power reserve that continues to supply all modules on the rack for up to 10 ms in case of a power interruption. When the power reserve is depleted, the M580 safety PAC performs a complete power cycle.

Before powering down the system, the safety CPU stores the following data that defines the operating context at power down:

Date and time of the power down (stored in %SW54...%SW58).
State of each task.
State of event timers.
Values of running counters.
Signature of the application.
Application data (current values of application variables)
Application check sum.

After power down, the start-up can be either automatic (if power was restored before completion of the shut-down) or manual (if not).

Next, the M580 safety PAC performs self-tests and checks the validity of the operating context data that was saved at power down, as follows:

The application check sum is verified.
The SD memory card is read to confirm that is contains a valid application.
If the application in the SD memory card is valid, the signatures are checked to confirm they are identical.
The saved application signature is verified by comparing it to the stored application signature.

If the operating context is valid, the non-safe tasks perform a warm start. If the operating context is not valid, the non-safe tasks perform a cold start. In either case, the SAFE task performs a cold start.

Cold Start

A cold start causes all tasks, including both the SAFE task and the non-safe (MAST, FAST, AUX0, AUX1) tasks, enter the STOP state, unless Automatic start in RUN is enabled, in which case all tasks enter the RUN state.

A cold start performs the following operations:

Application data (including internal bits, I/O data, internal words, and so forth) are assigned the initial values defined by the application.
Elementary functions are set to their default values.
Elementary function blocks and their variables are set to their default values.
System bits and words are set to their default values.
Initializes all forced variables by applying their default (initialized) values.

A cold start can be executed for data, variables and functions in the process namespace by selecting PLC > Init in Control Expert, or by setting the system bit %S0 (COLDSTART) to 1. The %S0 system bit has no effect on the data and functions belonging to the safe namespace.

NOTE: Following a cold start, the SAFE task cannot start until after the MAST task has started.

Warm Start

A warm start causes each process task – including the (MAST, FAST, AUX0, AUX1) tasks – to re-enter its operating state as of the time of the power interruption. By contrast, a warm start causes the SAFE task to enter the STOP state, unless Automatic start in RUN is selected.

NOTE: If a task was in the HALT state or in breakpoint at the time of power interruption, that task enters the STOP state after the warm start.

A warm start performs the following operations:

Restores the last held value to process namespace variables.
Initializes safe namespace variables by applying their default (initialized) values.
Initializes all forced variables by applying their default (initialized) values.
Restores the last held value to application variables.
Sets %S1 (WARMSTART) to 1.
Connections between the PAC and CPU are reset.
I/O modules are re-configured (if necessary) using their stored settings.
Events, the FAST task, and the AUX tasks are disabled.
The MAST task is re-started from the beginning of the cycle.
%S1 is set to 0 at the conclusion of the first execution of the MAST task.
Events, the FAST task, and the AUX tasks are enabled.

If a task was in the process of execution at the time of power interruption, after warm start the task resumes execution at the beginning of the task.

WARNING

UNEXPECTED EQUIPMENT OPERATION

You are responsible to confirm that selecting Automatic start in RUN is compliant with the correct behavior of your system. If it is not, de-activate this feature.

Failure to follow these instructions can result in death, serious injury, or equipment damage.