繼續學習

6.2 Task behavior in the event of an error

錯誤事件中的任務行為

上圖中單詞簡單，就不翻譯了

6.2.1Resource behavior in the event of an unrecoverable task error

在不可恢復錯誤中的資源行為

With the task behavior in the event of an error described above, priority is placed onstation availability as only the error-producing task changes over to the notexecutable status in the case of unrecoverable errors (or with recoverable errors anddeactivated error handling). The output values of the programs processed by thistask maintain the last value. All other tasks that are not affected by the errorcontinue program processing and update the outputs assigned to them.

對於上面描述的錯誤事件中的任務行為，優先順序置於站點可用性之上，因為在不可恢復錯誤的情況下，只有產生錯誤的任務更改為不可執行狀態(或使用可恢復錯誤和未啟用的錯誤處理)。由該任務處理的程式的輸出值保持最後的值。其他不受此錯誤影響的任務繼續執行，並更新分配給他們的輸出。

If additional error handling is necessary to ensure proper functioning of the plantand the use of the error task will not be sufficient for this purpose, the behavior ofthe complete station can be configured for this type of error. See the EngineeringManual, System configuration, Project tree, Configuration of the projectelements, Process station.

如果為確保裝置的正常運轉而增加額外的錯誤處理，使用錯誤任務將不足以達到此目的，則可以為這種型別的錯誤配置整個工作站的行為。參閱工程手冊，系統配置，專案樹，專案單元配置，過程站。

With strong interdependencies between the programs of the individual tasks, forexample, continuous processing of non-affected tasks could lead to the calculationof inconsistent values that are transmitted via the remaining station output channelsto the process.

各任務之間的程式有很強的相關性。舉個例子，對未受影響的任務繼續處理，可能導致計算出不一致的數值，這些數值通過剩餘站的輸出通道輸出到工藝流程中去。

In these cases, the complete station can be set to “Safety state” instead of handlingonly the error-producing task as an isolated problem.

這種情況下，可以將整個站設定為安全狀態，而不是將產生錯誤的任務作為鼓勵的問題來處理。

Stop of the station in safety state

停止站的安全狀態

In “Safety state”, the controller stops program processing and the outputs of the I/Omodules assume the configured safety values (this applies to all I/O and fieldbusmodules). A “Fatal Error on Task...” entry in the controller logfile indicates such anerror.

在安全狀態下，控制器停止程式處理，IO模板輸出假定的安全值（這適用於所有I/O和現場匯流排模組）。控制器日誌上的“任務致命錯誤”顯示此錯誤。

Depending on the process requirements, the safety values can be configured to“Hold the last value” or to a particular value/status. The output channels of fielddevices feature manufacturer-specific safety values.

根據流程需求，可以將安全值配置為“保留最後的數值”或者特定的數值/狀態。現場裝置輸出通道具備製造商特定的安全值。

If the change to safety state is configured, it can be defined whether the stationremains in this status or is automatically rebooted after having been reset. (Duringprocess station configuration, select Stop in safety state or Reset resource in theproject tree.)

如果配置了轉換為安全狀態，則可以定義站是否保持在此狀態或者在復位後後自動重啟。(配置過程站時，在專案樹中選擇“安全狀態下停止”或“重置資源”。)

It may be necessary to maintain the safety state in order to perform additionalmeasures aimed at ensuring the proper functioning of the plant or for error analysis.In this case, the station must be reset manually.

可能需要維持安全狀態，以便執行旨在確保裝置正常執行或進行錯誤分析的附加措施。在此情況下，站必須手動復位。

If rebooting is configured, the station starts after 10 seconds and performs a coldstart or an initialization.

如果配置了重啟，如果配置了重新啟動，則工作站將在10秒後啟動，並執行冷啟動或初始化。

Booting in safety state

安全狀態下重啟

Depending on the type of error, the station is rebooted by a cold start or initialized.With a station stopped in safety state, the different rebooting processes areperformed in both modes, i.e. automatic booting and manual station reset.

依據錯誤型別，站冷啟動或者初始化重啟。當站停止在安全狀態時，在兩種模式下執行不同的重啟過程。也即自動重啟和手動站復位。

Error types resulting in cold start rebooting:

導致冷啟動的錯誤型別：

• Arithmetic error with automatic error handling being disabled
• 禁用錯誤自動處理的算術錯誤。
• Program execution error (the valid field index range of an ST program is violated)
• 程式執行錯誤（違反ST程式有效欄位的索引範圍）
• Operator intervention, such as
• 操作員干預，比如：

　　　　–a task is at the debugger break point, a stop command is sent to the station and the warning dialog is omitted.

　　　　-當任務處於偵錯程式斷點時，將向工作站傳送停止命令，並省略警告對話方塊。

　　　　–a tasks program requires an extremely long computing time (or is in an “endless loop“), a stop command is sent to the station and the warning dialog is omitted.

　　　　- 一個任務程式需要一個超長計算時間（或者處於“無休止的迴圈”），將向工作站傳送停止命令，並省略警告對話方塊。

These error conditions will not occur after a cold start; this is why the station isstarted with a cold start.

這些錯誤條件在冷啟動後不會出現。這就是為什麼冷啟動。

Error types resulting in rebooting with initialization:

導致初始化重啟的錯誤型別

• Operator interventions that lead to an undefined loading sequence, e.g. isolated loading of individual object
• 導致未定義序列載入的操作員干預，比如單個物件的獨立載入。
• Program structure error
• 程式結構錯誤

Errors that affect the structure of the user program are not eliminated by a cold startand will occur again: this is why the station and thus the user program areinitialized. The initialization involves complete canceling of the user program. Inthis case, the user must reload the configuration.

影響使用者程式結構的錯誤不能通過冷啟動消除，且還會再次發生。這就是站點和使用者程式初始化的原因。初始化包括完全取消使用者程式，在此情況下，使用者必須完全載入配置。

A station in safety state is no longer connected by the system bus and cannot be accessed in Freelance Engineering. 站處於安全狀態時不再與系統匯流排連線，且不能通過freelance工程師站連線。 The reboot procedure (cold start or initialization) is displayed at the station by the Error and Run/Stop status LEDs. 重啟程式（冷啟動或者初始化）通過錯誤和執行/停止狀態等在站顯示。 If not automatic reboot from safety state is configured, the station can only be reset manually. 如果不是配置從安全狀態重啟，站只能手動重置。

Manual process station rebooting from safety state 過程站從安全狀態手動重啟 To start the controller from safety state, proceed as follows: 按照以下步驟從安全狀態啟動控制器： AC 800F Stop the controller using the Run/Stop switch. Press the Reset button or brieflyswitch off the supply voltage. The controller will perform a warm start before itadopts the Stop status. Load the revised user task and start the controller using theRun/Stop switch. 使用執行/停止開關，按下重啟按鍵或者暫時關閉電源。控制器在採取停止狀態前將執行熱啟動。載入修改後的使用者程式，使用執行/停止開關啟動控制器。 AC 700F/AC 900F Switch off the controller. Actuate the Run switch and simultaneously switch on thesupply voltage. The controller will perform a warm start before it adopts the Stopstatus. Load the revised user task and start the controller using the Run switch. 關閉控制器。啟動執行開關，同時接通電源。控制器在採取停止狀態前將執行熱啟動。載入修改後的使用者程式，使用執行開關啟動控制器。 Tasks without user program 無使用者程式的任務

Tasks without lower-level user programs can be loaded. However, these tasks are unable to initiate execution of a program. If such a task is started despite this fact, it changes to the running status. 可以載入沒有下一級使用者程式的任務。這些任務不能啟動程式執行。如果在此狀態啟動任務， 變成執行狀態。 The task will not assume the not executable status, which implies that tasks without user program cannot cause the safety state. 任務不會假定不可執行狀態，這意味著沒有使用者程式的任務不能導致安全狀態。

6.2.2Status diagram of the task - safety state not configured 任務狀態圖 - 沒有配置安全狀態 Status diagram of the task

Unrecoverable errors are errors in configuration, for example division by zero. Inthis case the task, and in particular the program, should be checked. 不可恢復錯誤是配置中的錯誤，比如，除以0。在此情況下，應該檢查任務，特別是程式。

上圖單詞簡單，就不翻譯了 6.2.3Status diagram of the task - safety state configured 任務狀態圖 - 配置了安全狀態 6.2.4Resource status diagram - safety state configured 資源狀態圖 - 已經配置安全狀態 Redundancy behavior in the event of an unrecoverable task error 在發生不可恢復任務錯誤時的冗餘行為 The redundancy mechanisms also adjust the task status changes on the Secondary.In the event of an unrecoverable task error (such as a non corrected arithmetic erroror an array index error), the closely synchronized operation of the controllers willproduce the same error on the Secondary controller. In the case of a structure errorin a synchronized station (e.g. missing object due to undefined loading order), thiserror also affects the Secondary as the downloads are performed in synchronizedmode. 冗餘機制同時調整備控制器任務狀態變化。在不可恢復任務錯誤（諸如未糾正的算術錯誤或陣列索引錯誤）情況下，控制器的緊密同步操作將在被控制器上產生同樣的錯誤。在同步站結構錯誤（比如因未定義載入順序而丟失物件）的情況下，此錯誤也影響備控制器，因下載是在同步模式下進行的。 This is why the safety state is initiated on the Secondary as well when unrecoverabletasks errors occur in redundant stations. 這就是為什麼冗餘站發生不可恢復錯誤時，安全狀態也會也會在備用控制器上啟動。 Resource behavior on fatal errors 致命錯誤時的安全行為 If an internal error is detected in the sequence of the resource during user programprocessing (fatal error), the controller stops processing. With non-redundantsystems, the outputs adopt the configured safety values and the error LED on thecontroller flashes. 如果在處理使用者程式期間，在資源序列中檢測到內部錯誤，控制器停止處理。在非冗餘系統，輸出採取配置的安全值，控制器的錯誤等閃爍。 Upon a fatal error, the station is no longer connected by the system bus and cannotbe accessed in Freelance Engineering. 在致命錯誤時，站不再與系統中線連線，不能被Freelance工程師站訪問。 Using the Reset on fatal error entry in the resource configuration of the processstation, it can be defined that the CPU quits such an error status after 10 seconds viaa cold start. 在過程站資源配置致命錯誤輸入項上使用重置，它可以被定義為CPU通過冷啟動在10秒鐘後退出此錯誤狀態。 Resource status diagram (fatal error) 資源狀態圖（芝麻錯誤） The restart process from safety state (cold start or initialization) or a fatal error isindicated by the status display and/or the Error LED and the Run/Stop LED on thestation. 從安全狀態或者致命錯誤重啟的過程通過站上的狀態顯示和/或錯誤LED燈和執行/停止燈來進行提示。 Error information after restart 重啟後的錯誤資訊 The error information shown in the header of the task and in the specific systemvariables defined for error handling upon an unrecoverable error is no longerdisplayed after the resource has been restarted. 在任務要點資訊和特定系統為不可恢復錯誤處理定義的系統變數中顯示的錯誤資訊， 不再在資源重啟後顯示。 This information is stored in the resource object of the station in a cold-startresistant manner. Upon a restart, the corresponding information is shown in thecommissioning dialog. 此資訊儲存於站重啟的資源物件中。重啟時，相應資訊顯示在除錯對話方塊中。