Recoverable Safety Faults In The Safety Application - Allen-Bradley GuardLogix 5580 Original Instructions Manual

When the safety task encounters a nonrecoverable safety fault, a standard
major recoverable fault is also logged, and the controller proceeds to execute
the controller fault handler, if one exists. If the controller fault handler handles
this fault, then the standard tasks continue to run, even though the safety task
remains faulted.
.
ATTENTION: Overriding a safety fault does not clear the fault. If you
override a safety fault, it is your responsibility to prove that operation
of your system is still safe.
You must provide proof to your certifying agency that your system can
continue to operate safely after an override of a safety fault.
If a safety task signature exists, you can clear the fault to enable the safety task
to run. If no safety task signature exists, the safety task cannot run again until
the entire application is downloaded again.

Recoverable Safety Faults in the Safety Application

If a recoverable fault occurs in a safety program, the system can halt the
execution of the safety task, depending upon if the Program Fault Handler in
the safety program (if one exists) handles the fault.
When a recoverable fault is cleared programmatically, the safety task continues
without interruption.
When a recoverable fault in the safety application is not cleared
programmatically, a Type 14, Code 2 recoverable safety fault occurs. The safety
task execution is stopped, and safety protocol connections are closed and
reopened to reinitialize them. Safety outputs are placed in the safe state and the
producer of safety-consumed tags commands the consumers to place them in a
safe state, as well.
If the recoverable safety fault is not handled, a standard major recoverable fault
is also logged, and the controller proceeds to execute the controller fault
handler, if one exists. If the controller fault handler handles this fault, then the
standard tasks continue to run, even though the safety task remains faulted.
The occurrence of recoverable faults is an indication that the application code
is not protecting itself from invalid data values or conditions. Consider
modifying the application to eliminate these faults, rather than handling them
at runtime.
ATTENTION: Overriding a safety fault does not clear the fault. If you
override a safety fault, it is your responsibility to prove that operation
of your system is still safe.
You must provide proof to your certifying agency that your system can
continue to operate safely after an override of a safety fault.
Rockwell Automation Publication 1756-RM012B-EN-P - April 2018
Monitor Status and Handle Faults Chapter 7
67