Jump to content
PaulZ

What happens when the PLC "crashes" / How to detect?

Recommended Posts

I am trying to find a way to detect that the PLC OS (application) is not running anymore. If I program micro controllers I just use a watchdog timer system, either internally or externally. But I have no idea how to do this in the PLC world.

So my questions are:

- What happens to the outputs of the PLC in case the PLC "stops" for whatever reason? Do they remain in the same state as just before the crash, or will they all go to inactive?

- What is the normal / standard way to detect this in the PLC world? 🙂 

- Does a watchdog reset happen, resetting the PLC, or does that require additional circuitry?

 

Of course power failure is easy to detect by using one output which is always active when running... 

There is also a chance that I am worrying too much about it all, and it is "not really" needed...

 

Thanks in advance for your time...!

 

Paul

Share this post


Link to post
Share on other sites

PLC crashes are extremely rare, but they are essentially a "stop". I believe digital outputs will turn off, so your detection of a power failure will work for a crash. If you want an auto-reset, I think you'll need your detection to drive a power relay to power cycle the PLC.

I'm interested to see if there is a better way though.

Share this post


Link to post
Share on other sites

Thanks Flex...

At the moment I have a timer relay which is being triggered every 30 seconds, but that means that the relay is energized 2880 times a day... So the lifetime is not that long 😞 (A transistor output would have been fine of course) If the trigger is missing, the power to the PLC is interrupted for about a minute...  It works, but it is not what I prefer. 

If the chance that the PLC crashes is extremely rare, I will just remove that part, and stick to power failure detection only..

Share this post


Link to post
Share on other sites

I've only done this in a critical run situation on another brand years ago, and it is obviously not the only way. 

I had the plc doing a regular pulse output that was operating a reset function on a simple double function digital timer.  It had the ability to turn on it's output if the reset signal did not arrive within the set time, thus breaking it's NC contact, and holding that on for a user set time.  The beauty was the system would implement a reset very quickly in the unlikely event that the plc entered stop mode.  It is just a case of hunting up a suitable timer. Visions enter stop mode as Flex says.  As far as I know, the watchdog on all Vision based units is 1500ms, so you can effectively get a reset going within 2 seconds, say.

Another method that I haven't used but have contemplated, is that some of the modbus gear I use can be programmed to do whatever you want with it's relays within a set time from loss of comms.  So you could power the plc using the NC contacts on a simple timer set at a few seconds, that is powered by a NO contact on the bus device being closed on comms failure.  The plc powers off  for the timer set duration, timer times up and the plc powers back up, comms resume with the NC on the timer remaining in that state as it the timer gets powered off.

cheers, Aus

Share this post


Link to post
Share on other sites
12 hours ago, PaulZ said:

What is the normal / standard way to detect this in the PLC world? 🙂

In critical application is used two or more duplicated PLC and it programs check each others.
I has worked with old simatic S5 in this configuration.


Another solution provided by Pilz is safety PLC with special double processor operation.

It is used in cutting machine to validate of installed main PLC operation.

In CNC - PLC watchdog  led OFF is the main indicator of normal PLC operation. But no automatic reset possible in this case.

Sometime user whant to install separate "Ethernet Reset Button" (Power OFF/ON) for reset system from remote position if PLC need to restart.

In other case timer + pulsed reset output from PLC is used as is mentioned above.

But the main problem is to do correct restart sequence for guarantee safe operation and no damage of system components.
In case of people safety - maybe restart must be validated by staff.

Share this post


Link to post
Share on other sites
9 hours ago, Ausman said:

I had the plc doing a regular pulse output that was operating a reset function on a simple double function digital timer.  It had the ability to turn on it's output if the reset signal did not arrive within the set time, thus breaking it's NC contact, and holding that on for a user set time.  The beauty was the system would implement a reset very quickly in the unlikely event that the plc entered stop mode.  It is just a case of hunting up a suitable timer. Visions enter stop mode as Flex says.  As far as I know, the watchdog on all Vision based units is 1500ms, so you can effectively get a reset going within 2 seconds, say.

This is effectively what I have done too for now. I picked the 30 seconds to bring down the pulsing of the relay (extend lifetime?) and to allow the PLC to startup good before it gets another reset pulse..

9 hours ago, Ausman said:

As far as I know, the watchdog on all Vision based units is 1500ms, so you can effectively get a reset going within 2 seconds, say.

That's the only thing I found in the documentation. 1500ms watchdog, and then the PLC goes to stop mode until the cause of the time out is resolved. (Infinite loop breaking etc)  

But it is not clear yet what will happen in stop mode with the outputs. When I get my PLC(s) back I will try to force the PLC watchdog timeout to see what happens..

 

Thanks again.

 

Share this post


Link to post
Share on other sites
3 hours ago, kratmel said:

In critical application is used two or more duplicated PLC and it programs check each others.
I has worked with old simatic S5 in this configuration.

Our main automation system is setup like this. But for my current application, which needs to be independent from that system, I don't want to go that far 🙂 .

3 hours ago, kratmel said:

In case of people safety - maybe restart must be validated by staff.

Luckily this is not applicable. It is just making sure our air compressors remain running. The alarms connected to the air pressure might be missed, in case of blackouts or other emergency situations... So that's why I want to make sure the compressors are running / under control 🙂 .

Share this post


Link to post
Share on other sites
On 2/10/2019 at 12:19 AM, PaulZ said:

This is effectively what I have done too for now.

Yes...but not really.  You are activating a physical relay and worried about durability.  My way is solid state and the only time the relay works is when the timer activates, thus opening the NC for the length of time required for a full reset.

If you are really worried about indications in bad situations, run a visual alarm from batteries.  My situations are mostly HVAC and a failure is fairly quickly noticed...but not always.  For failures of parts of the system, I have different indicators prominently placed.  ie solid green ok, flashing green minor issue, red on getting bad, red flash you'd better call me right now.  But in amongst all of these I also have a small red super-bright flashing led that runs from a lithium 9 v battery if the power to/from the main 24V supply ever goes out.  Covers all the bases....idiots turning off wrong CB etc, is very durable, works fine and definitely catches your eye if you use the right type of led.....it is not a normal 22mm indicator type of thing.

cheers, Aus

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...