Signal sequence: Competing write and delete accesses to the same data set

The following signal sequence diagram shows the behavior of the recipe FBs SF_RecipeWrite and SF_RecipeDeleteDataSet if they simultaneously access to the same recipe file and data set. Due to the competing operations, only one FB can complete its operation successfully.

Note
1) For reasons of clarity, the duration of one Safety PLC cycle is assumed in the signal sequence for each status transition of the FBs. In reality, several cycles may be necessary for this. The time required to completely write/read recipe data also varies and depends on the amount of data to be written/read.

0 After the startup of the Safety PLC, both FBs are deactivated. As a result, the Done output of both FBs is SAFEFALSE, both DiagCode outputs show 0000 (Idle state).

1 SF_RecipeWrite and SF_RecipeDeleteDataSet are activated by switching their Activate input to TRUE.
As a result, both FBs run through the states 8002 (Prepare), 8004 (Wait for Ready) to 8006 in which they wait for the trigger command at input CommandWrite or CommandDelete, respectively.

2 A rising edge at CommandWrite and CommandDelete starts the execution of the FBs.
For both function blocks, the same values are applied to the inputs IDRecipeFile and IDRecipeDataSet.
SF_RecipeWrite

8008: The FB sends a request to the Safety PLC for writing the addressed data set.

8005: After writing/updating the data set, the FB waits for the confirmation of the Safety PLC that the file has been written to the file system in the flash memory of the standard controller.

800C: The function block validates the written data. For that purpose, data is read from the RAM and the FB validates by means of a CRC comparison that the data set has not been overwritten or deleted meanwhile. Furthermore, the FB validates that the values applied to the PayloadWrite inputs have not been modified.

SF_RecipeDeleteDataSet

8008: The FB sends a request to the Safety PLC for deleting the data set. Deleting means overwriting its values with 0.

8005: The FB waits for the answer of the Safety PLC after requesting the deletion of the data set.

800C: The FB reads the deleted data set from the RAM of the Safety PLC and validates it: The CRC of the section must have the value 0. This way, the FB checks whether the data set has been overwritten in the same cycle by a SF_RecipeWrite instance meanwhile.

3 SF_RecipeDeleteDataSet has validated the data and completed its operations successfully. Output Done switches to SAFETRUE (DiagCode = 8000).
The validation of SF_RecipeWrite, however, is not successful as the written data set has been deleted meanwhile. Output Done remains SAFEFALSE and output DiagCode shows C070.

0	After the startup of the Safety PLC, both FBs are deactivated. As a result, the Done output of both FBs is SAFEFALSE, both DiagCode outputs show 0000 (Idle state).
1	SF_RecipeWrite and SF_RecipeDeleteDataSet are activated by switching their Activate input to TRUE. As a result, both FBs run through the states 8002 (Prepare), 8004 (Wait for Ready) to 8006 in which they wait for the trigger command at input CommandWrite or CommandDelete, respectively.
2	A rising edge at CommandWrite and CommandDelete starts the execution of the FBs. For both function blocks, the same values are applied to the inputs IDRecipeFile and IDRecipeDataSet. SF_RecipeWrite 8008: The FB sends a request to the Safety PLC for writing the addressed data set. 8005: After writing/updating the data set, the FB waits for the confirmation of the Safety PLC that the file has been written to the file system in the flash memory of the standard controller. 800C: The function block validates the written data. For that purpose, data is read from the RAM and the FB validates by means of a CRC comparison that the data set has not been overwritten or deleted meanwhile. Furthermore, the FB validates that the values applied to the PayloadWrite inputs have not been modified. SF_RecipeDeleteDataSet 8008: The FB sends a request to the Safety PLC for deleting the data set. Deleting means overwriting its values with 0. 8005: The FB waits for the answer of the Safety PLC after requesting the deletion of the data set. 800C: The FB reads the deleted data set from the RAM of the Safety PLC and validates it: The CRC of the section must have the value 0. This way, the FB checks whether the data set has been overwritten in the same cycle by a SF_RecipeWrite instance meanwhile.
3	SF_RecipeDeleteDataSet has validated the data and completed its operations successfully. Output Done switches to SAFETRUE (DiagCode = 8000). The validation of SF_RecipeWrite, however, is not successful as the written data set has been deleted meanwhile. Output Done remains SAFEFALSE and output DiagCode shows C070.