What is the passivation and reintegration of a Siemens fault-tolerant module?
In fault-tolerant systems, alarms for "passivation" of the fault-tolerant module may sometimes occur. So, what exactly is passivation? Why does passivation occur in fault-tolerant modules? After passivation occurs, how can it be reintegrated to eliminate passivation? Today, in this article, we will delve into this topic.
Passivation refers to the phenomenon where, under certain conditions, a fault-tolerant module replaces normal input/output values with fault-safe values, typically 0. Passivation serves as a safety measure, and it occurs under specific circumstances.
First, let's introduce several boolean variables related to passivation in the background data block (Instance DB) of the fault-tolerant module:
PASS_ON: The enable bit for passivation, defaulting to 0, indicating that passivation is not enabled. The fault-tolerant program can read and write to it; to activate passivation, set PASS_ON to 1.
ACK_NEC: If this bit is 0, it indicates that no manual reset is required after fault elimination (automatic reintegration). If it is 1, a manual reset is needed even after the fault has been resolved.
ACK_REI: Used to reset and reintegrate the system after passivation occurs (precondition: ACK_REQ=1).
PASS_OUT: Output value, with a value of 1 when the module is passivated.
QBAD: When its value is 1, it indicates that the channel's value has been replaced by the fault-safe value.
ACK_REQ: Output value, with a value of 1 indicating the confirmation of fault reset.
With the introduction of these variables, let's examine the situations in which passivation occurs in a fault-tolerant module:
During the startup of the fault-tolerant system (F-system): When the F-system starts, PASS_ON and QBAD are both set to 1, and the channel's output value is replaced by the fault-safe value (0).
Communication failure between F-CPU and F-IO: When communication failure occurs due to network disconnection or configuration errors, causing F-IO to be unable to establish communication with F-CPU, passivation will occur in the F-IO module.
Channel failure in F-IO: When the fault-tolerant module (F-IO) detects a channel failure, such as the emergency stop button being pressed, the corresponding channel will be passivated.
Once passivation occurs, it is essential to reintegrate the system for normal operation. Below are the procedures for reintegration under the aforementioned three scenarios:
After the completion of F-system startup, passivated channels will undergo automatic reintegration, a process independent of the setting of the ACK_NEC variable. In other words, even if ACK_NEC=1, reintegration will occur automatically. However, if the time taken for F-CPU and F-IO to establish communication exceeds the system's configured monitoring time, automatic reintegration will not occur.
When communication failure is resolved, the F-system sets ACK_REQ to 1, indicating the readiness for reintegration. The rising edge signal of ACK_REI initiates system reintegration. Once the reintegration process is complete, F-system resets ACK_REQ to 0.
After the resolution of channel failure, the F-system sets ACK_REQ to 1. If ACK_NEC=0, the system will automatically reintegrate. If ACK_NEC=1, the rising edge signal of ACK_REI is required to initiate system reintegration. After the completion of system reintegration, F-system resets ACK_REQ to 0.
That concludes the introduction to channel passivation and reintegration in fault-tolerant modules. For further reference, please consult related articles:
"Understanding Fault-Tolerant (Fail-Safe) Systems in Five Minutes."