Rockwell Automation T3835 User Manual

ICS Regent
®
PD-6045
Software Validation Package for
W
INTERPRET
Integrity Checking and Validation Software
for Application Programs and Guarded P
eer
Link Configuration
(T3835)
Issue 1,
The Software Validation Package for WINTERPRET based software system designed to help assure the integrity of Regent application programs by providing a high degree of fault detection, covering:
March, 06
is a PC
-
-
·
errors in entering and editing application programs
·
transient or permanent faults in the PDS (PC) hardware (including disk, RAM, CPU and communications) or operating s
·
transient or permanent faults in the serial communications between the PDS and the Regent controller
·
potential faults or errors in the WINTERPRET executable files.
By applying the tools in the Integrity Checker System the application developer assures to a high degree of certainty that:
·
the application program is an accurate implementation of the specified application functions
·
the application program is securely downloaded into the Regent triplicated memories
The Software Validation Package for WINTERPRET for safety critical applications that require TÜV certification
to Safety Risk Class 5.
ystem software
program
is required
1
Software Validation Package for
W
INTERPRET
(T3835)

Theory of Operation

The Integrity Checker comprises four different programs: the Validator, the Checker, the GPL Checker and the GPL Printer. The Validator and the Checker are used to validate the compilation and application programs, including those implemented with Ladder Logic and Scaling function block types.
The GPL Checker and the GPL Printer are used to validate the compilation and downloading of Guarded Peer Link data templates to assure that the link variables are configured correctly.

Checking application programs with the Validator and Checker:

Figure 1 is a data flow of the integrity check for the W
INTERPRET
flow has two loops, one showing the check for the Editor, and the other, the check for the Compiler and the download process. Both loops use the application Source File, which is CRC-protected on disk, as their reference.
Editor, Compilers, and download process. The
download process of safety-related
2
Industrial Control Services
Software Validation Package for Winterpret (T3835)
PD-6045
March, 06
Figure 1. Application Source Integrity Checker Operation.
W
INTERPRET
W
INTERPRET
hard copy representation of the
Editor Integrity Check
will provide a
Print
function that produces a
Source File
. After entering a logic specification into the WINTERPRET Editor, a Regent user can make a hard copy of the produced and see that it reflects the original specification.
3
Source File
the editor
Software Validation Package for
W
INTERPRET
Application Compiler/Download Integrity Check
The method for checking the integrity of the Application Compilers and download process has these steps:
W
INTERPRET
(T3835)
1. The compiler generates from the application
an application instructions. The separate a
Check F
Object File
of MC68000 machine
Validator
ile
derived from the same
program generates
Source File
Source File
. The Check File is an assembly code representation of the source program (as opposed to the machine-coded Object File).
Having diverse representations of the application program deriving from the same source ensures that there is little likelihood of a common-cause corruption that would go undetected. Independent generation of machine code and assembly text provides a supplemental check of the compiler's code generation.
2. The application
Object File
is downloaded
into triplicated memories in the Regent. This is the actual executable application code that is run in the Regent controller.
3. To provide integrity checking of the compile and download process, the application Regent and disassembled, creating an
Object File
is uploaded from the
Echo File.
4
The disassembler is a "third-party" product developed by an agent not connected with Triplex. This gives it the advantage of having been made in a different environment than Triplex tools, thus providing a level o check loop.
4. The
Echo File
Checker
program then compares the disassembled
with the application
Check File
f diversity in the
instruction by-instruction to see that they match, closing the loop. The
Checker
program will report any discrepancies between instructions in the two files. Once the match is verified, it can be assumed the compile/load process is error-free.
Industrial Control Services
-
Software Validation Package for Winterpret (T3835)

Checking Guarded Peer-Link Compiler/Download Integrity

Figure 2 is a data flow of the integrity check for the Guarded Peer-Link Compiler and download.
PD-6045
March, 06
Figure 2. Guarded Peer-Link Integrity Checker Operation.
The Integrity Checker functions described above provide error detection for application programs implemented in Ladder Logic and Scaling function block types. The other safety-related application program type is the Guarded Peer
5
Loading...
+ 9 hidden pages