CPU STOP Modes

The CPU has four modes of operation while it is in STOP Mode. The two most common are:

STOP-I/O Enabled Mode

I/O Scan Enabled - the Input and Output scans are performed each sweep.

STOP-I/O Disabled Mode

I/O Scan Disabled - the Input and Output scans are skipped.

When the CPU is in STOP Mode, it does not execute the application program. You can configure whether the I/O is scanned during STOP Mode. Communications with the programmer and intelligent option modules continue in STOP Mode. Also, bus receiver module polling and rack reconfiguration continue in STOP Mode.

In both STOP Modes, the Controller Communications and Backplane Communications windows run in Run-to-Completion mode and the Background window runs in Limited mode with a 10 ms limit.

The number of last scans can be configured in the hardware configuration. Last scans are completed after the CPU has received an indication that a transition from Run to Stop or Stop Faulted mode should occur. The default is 0.

SVCREQ13 can be used in the application program to stop the CPU after a specified number of scans.

All I/O will go to their configured default states, and a diagnostic message will be placed in the CPU Fault Table.

Figure 44: CPU Sweep in Stop-I/O Disabled and Stop-I/O Enabled Modes

Controller

STOP-Halt Mode

Recovering from STOP-Halt Mode (Firmware Versions 10.05 or Later)

PACSystems^TM RX3i and RSTi-EP CPU firmware version 10.05 introduces new functionality to

automatically recover from STOP-Halt mode for all CPU models. The secure remote STOP-Halt restart mechanism saves off pertinent debug, diagnostic, and fault information to retentive memory, and automatically resets the controller such that it restarts in STOP-Fault mode. Because the recovery process is automatic, there is no need to perform the model-specific STOP-Halt recovery procedures listed in the next section. The controller also logs the following fault in the Controller Fault Table identifying that an auto-recovery event occurred:

INFO_CPU_SOFTWR - CPU software event: Controller automatically recovered from a fatal error. Error Code: 672. Group: 140.

There are some caveats to this feature that the user should be aware of: If the controller is configured to power-up from RAM, an auto-recovery event will power-up the controller with cleared Logic, Hardware Configuration, and Data/Reference memory, regardless of the presence of a battery or Energy Pack. However, if the controller is configured to power-up from flash (always or conditionally), the RAM is still cleared such that Logic, Hardware Configuration, and Data/Reference memory are restored from flash as described in the Flash Memory Operation and the Logic/Configuration Source and CPU Operating Mode at Power-up sections below. Regardless of whether RAM is cleared or restored from flash, the controller powers up in STOP-Fault mode. For information regarding recovering the controller from STOP-Fault mode, see the STOP-Fault Mode section below.

Recovering from STOP-Halt Mode (Firmware Versions Earlier than 10.05, Only Supported on CPE400/CPL410)

The CPU will automatically go into STOP-Halt mode and suspend logic execution and I/O scanning for the following conditions:

• Software Watchdog timeout

• ECC Memory Check fault

• Illegal memory access from a C-Block

• Hardware Watchdog timeout. This condition resets the CPU and suspends backplane communications.

To recover from STOP-Halt mode, the CPU/CPE must be disconnected from its backup power source (battery or Energy Pack), powered off, then powered back on, after which the backup power source should be reconnected. The CPE400/CPL410 provides an alternative way to recover from STOP-Halt mode by means of the OLED display and without the need of removing the Energy Pack.

To enable backplane communications where they have been disabled in STOP-Halt mode, cycle power with its backup power source attached (battery or Energy Pack).

While the CPU is in STOP-Halt mode, the PacsAnalyzer Utility may be employed to examine the CPU’s fault tables. The PacsAnalyzer Utility software is a tool that is embedded in PME. It can also be

downloaded from Emerson’s support website. (See link located at the end of this document.) If backplane communications have been suspended, the PacsAnalyzer Utility must be directly connected to a serial or Ethernet port on the CPU. If backplane communications are operational, the PacsAnalyzer Utility may be connected via a communications or Ethernet module in the backplane, or to a CPU-embedded port.

CPE400/CPL4010 STOP-Halt Recovery Procedure

1. Collect a PacsAnalyzer trace prior to performing the rest of the steps. Once the recovery is applied, the CPU clears its Energy Pack memory. The User Flash memory is not automatically cleared.

2. Navigate to the Controller Status page in the OLED Display.

3. Select the Recovery PLC option.

4. Select the Clear StopHalt option.

5. Confirm the command by selecting OK.

o The message Please wait. Resetting in about 30 secs appears in the display.

o After about 30 seconds, the PLC restarts.

o After the restart, the PLC will be in STOP mode. The STOP-Halt mode is gone.

o The following faults are present in the Controller Fault table:

▪ User memory not preserved. Error Code: 7. Group: 130

▪ User Initiated Recovery Action: Controller commanded to power up in Stop Mode. Error Code: 670. Group: 140

6. Connect to the PLC and perform the necessary corrections. If the PLC is placed in RUN mode without fixing the offending code, the PLC will enter STOP-Halt and the procedure will have to be performed again.

Recovering from STOP-Halt mode RSTi-EP Controllers (Firmware Versions Earlier than 10.05)

To recover the controller from a Stop/Halt state, complete the following:

1. Connect a live Ethernet cable to LAN1.

2. Press and hold the membrane Run/Stop pushbutton and power down the controller.

3. Continue holding the Run/Stop push button until power has drained completely (30 seconds) and then release the pushbutton. The LEDs for the LAN1 port will turn off completely. Note:

Ethernet LEDs may blink slowly during shutdown.

4. Reconnect power and power on the controller. Note: If the configuration and logic was downloaded into flash and the Power-up Mode parameter is also set as flash then, the only way to recover from Stop/Halt state is to perform a factory reset.

STOP-Fault Mode

In STOP-Fault Mode, logic execution and I/O Scanning cease after the number of last scans (configured by the user) has been exhausted. Client communications also cease at that time. Server

communications are available, but with PLC data which has become static.

Within PME, the user can configure each fault action to be either diagnostic or fatal.

• A diagnostic fault does not stop the Controller from executing logic. It sets a diagnostic variable and is logged in a fault table.

• A fatal fault transitions the Controller to the STOP-Fault Mode. It also sets a diagnostic variable and is logged in a fault table.

Within PME, the user can also configure the number of last scans to be executed in the event of a fault (see PME Scans tab, Number of Last Scans parameter).

To recover from STOP-Fault Mode, resolve the underlying cause and clear the Controller Fault Table.

This allows the CPU to transition to STOP-I/O Disabled Mode.