Rockwell Automation T3835 User Manual

ICS Regent

®

PD-6045

Software Validation Package for

W

INTERPRET

Integrity Checking and Validation Software

for Application Programs and Guarded P

eer

Link Configuration

(T3835)

Issue 1,

The Software Validation Package for WINTERPRET
based software system designed to help assure the integrity of
Regent application programs by providing a high degree of
fault detection, covering:

March, 06

is a PC

-

-

·

errors in entering and editing application programs

·

transient or permanent faults in the PDS (PC) hardware
(including disk, RAM, CPU and communications) or
operating s

·

transient or permanent faults in the serial
communications between the PDS and the Regent
controller

·

potential faults or errors in the WINTERPRET
executable files.

By applying the tools in the Integrity Checker System the
application developer assures to a high degree of certainty
that:

·

the application program is an accurate implementation of
the specified application functions

·

the application program is securely downloaded into the
Regent triplicated memories

The Software Validation Package for WINTERPRET
for safety critical applications that require TÜV certification

to Safety Risk Class 5.

ystem software

program

is required

Industrial Control Services

1

Software Validation Package for

W

INTERPRET

(T3835)

Theory of Operation

The Integrity Checker comprises four different programs: the
Validator, the Checker, the GPL Checker and the GPL
Printer. The Validator and the Checker are used to validate
the compilation and
application programs, including those implemented with
Ladder Logic and Scaling function block types.

The GPL Checker and the GPL Printer are used to validate
the compilation and downloading of Guarded Peer Link data
templates to assure that the link variables are configured
correctly.

Checking application programs with the Validator and Checker:

Figure 1 is a data flow of the integrity check for the
W

INTERPRET

flow has two loops, one showing the check for the Editor, and
the other, the check for the Compiler and the download
process. Both loops use the application Source File, which is
CRC-protected on disk, as their reference.

Editor, Compilers, and download process. The

download process of safety-related

2

Industrial Control Services

Software Validation Package for Winterpret (T3835)

PD-6045

March, 06

Figure 1. Application Source Integrity Checker Operation.

W

INTERPRET

W

INTERPRET

hard copy representation of the

Editor Integrity Check

will provide a

Print

function that produces a

Source File

. After entering
a logic specification into the WINTERPRET Editor, a Regent
user can make a hard copy of the
produced and see that it reflects the original specification.

3

Source File

the editor

Software Validation Package for

W

INTERPRET

Application Compiler/Download Integrity Check

The method for checking the integrity of the Application
Compilers and download process has these steps:

W

INTERPRET

(T3835)

1. The compiler generates from the application

an application
instructions. The separate
a

Check F

Object File

of MC68000 machine

Validator

ile

derived from the same

program generates

Source File

Source File

. The
Check File is an assembly code representation of the
source program (as opposed to the machine-coded Object
File).

Having diverse representations of the application program
deriving from the same source ensures that there is little
likelihood of a common-cause corruption that would go
undetected. Independent generation of machine code and
assembly text provides a supplemental check of the
compiler's code generation.

2. The application

Object File

is downloaded

into triplicated
memories in the Regent. This is the actual executable
application code that is run in the Regent controller.

3. To provide integrity checking of the compile and download
process, the application
Regent and disassembled, creating an

Object File

is uploaded from the

Echo File.

4

The disassembler is a "third-party" product developed by
an agent not connected with Triplex. This gives it the
advantage of having been made in a different environment
than Triplex tools, thus providing a level o
check loop.

4. The

Echo File

Checker

program then compares the disassembled

with the application

Check File

f diversity in the

instruction
by-instruction to see that they match, closing the loop.
The

Checker

program will report any discrepancies
between instructions in the two files. Once the match is
verified, it can be assumed the compile/load process is
error-free.

Industrial Control Services

-

Software Validation Package for Winterpret (T3835)

Checking Guarded Peer-Link Compiler/Download Integrity

Figure 2 is a data flow of the integrity check for the Guarded
Peer-Link Compiler and download.

PD-6045

March, 06

Figure 2. Guarded Peer-Link Integrity Checker Operation.

The Integrity Checker functions described above provide
error detection for application programs implemented in
Ladder Logic and Scaling function block types. The other
safety-related application program type is the Guarded Peer

5