ICS Regent
+Plus
®
PD-7045
Software Validation Package for
W
INTERPRET
Integrity Checking and Validation Software
for Application Programs and Guarded Peer
Link Configuration
(T7835)
Issue 1,
The Software Validation Package for WINTERPRET
ba
sed software system designed to help assure the integrity of
Regent application programs by providing a high degree of
fault detection, covering:
March, 06
is a PC
-
-
·
errors in entering and editing application programs
·
transient or permanent faults in the PDS (PC) hardware
(including disk, RAM, CPU and communications) or
operating system software
·
transient or permanent faults in the serial
communications between the PDS and the Regent
controller
·
potential faults or errors in the WINTERPRET
executable files.
By applying the tools in the Integrity Checker System the
application developer assures to a high degree of certainty
that:
·
the application program is an accurate implementation of
the specified application functions
·
the application program is securely downloaded into the
Regent triplicated memories
The Software Validation Package for WINTERPRET
for safety critical applications that require TÜV certification
to Safety Risk Class 5.
program
is required
Industrial Control Services
1
Software Validation Package for
W
INTERPRET
(T7835)
Theory of Operation
The Integrity Checker comprises four different programs: the
Validator, the Checker, the GPL Checker and the GPL
Printer. The Validator and the Checker are used to validate
the compilation and download process of safety-related
application programs, including those implemented with
Ladder Logic and Scaling function block types.
Th
e GPL Checker and the GPL Printer are used to validate
the compilation and downloading of Guarded Peer Link data
templates to assure that the link variables are configured
correctly.
Checking application programs with the Validator and Checker:
Figure 1 is a data flow of the integrity check for the
W
INTERPRET Editor, Compilers, and download process. The
flow has two loops, one showing the check for the Editor, and
the other, the check for the Compiler and the download
proc
CRC-protected on disk, as their reference.
ess. Both loops use the application Source File, which is
2
Industrial Control Services
Software Validation Package for Winterpret (T3835)
PD
- 7
045
March, 06
Figure 1. Application Source Integrity Checker Operation.
W
INTERPRET
W
INTERPRET
hard copy representation of the
Editor Integrity Check
will provide a
Print
function that produces a
Source File
. After entering
a logic specification into the WINTERPRET Editor, a Regent
user can make a hard copy of the
produced and see that it reflects the original specification.
3
Source File
the editor
Software Validation Package for
W
INTERPRET
Application Compiler/Download Integrity Check
The method for checking the integrity of the Application
Compilers and download process has these steps:
W
INTERPRET
(T7835)
1. The compiler generates from the application
an application
instructions. The separate
a
Check File
Object File
of MC68000 machine
Validator
derived from the same
program generates
Source File
Source File
. The
Check File is an assembly code representation of the
source program (as opposed to the machine-coded Object
File).
Having diverse representations of the application program
deriving from the same source ensures that there is little
likelihood of a common-cause corruption that would go
undetected. Independent generation of machine code and
assembly text provides a supplemental check of the
compiler's code generation.
2. The application
Object File
is downloaded into triplicated
memories in the Regent. This is the actual executable
application code that is run in the Regent controller.
3. To provide integrity checking of the compile and download
process, the application
Regent and disassembled, creating an
Object File
is uploaded from the
Echo File.
4
The disassembler is a "third-party" product developed by
an agent not connected with Triplex. This gives it the
advantage of having been made in a different environment
than Triplex tools, thus providing a level of diversity in the
check loop.
4. The
Echo File
Checker
program then compares the disassembled
with the application
Check File
instruction
by-instruction to see that they match, closing the loop.
The
Checker
program will report any discrepancies
between instructions in the two files. Once the match is
verified, it can be assumed the compile/load process is
error-free.
Industrial Control Services
-
Software Validation Package for Winterpret (T3835)
Checking Guarded Peer-Link Compiler/Download Integrity
Figure 2 is a data flow of the integrity check for the Guarded
Peer-Link Compiler and download.
PD
- 7
045
March, 06
Figure 2. Guarded Peer-Link Integrity Checker Operation.
Th
e Integrity Checker functions described above provide
error detection for application programs implemented in
Ladder Logic and Scaling function block types. The other
safety-related application program type is the Guarded Peer
5
Software Validation Package for
Link. To validate the download of Guarded Peer Link
templates, the GPL Checker and GPL Printer are used.
The GPL Checker uploads the Guarded Peer Link template
files from the Regent controller and re-converts the template
data into readable form in the GPL Echo File. The re
convert
Printer and compared by the application programmer to the
original template specification, thus providing a complete,
closed-loop validation of the template compilation and
download process.
GPL Checker also automatically checks the power up value
and time out action for each GPL variable.
ed GPL Echo Files are then printed using the GPL
W
INTERPRET
(T7835)
-
Failure Modes and Effects Analysis
By using the Integrity Checker tools, the application
programmer can assure with a high degree of certainty that
faults in the creation,
programs will be caught. Table 1 provides a brief Failure
Modes and Effects Analysis of this data path.
compilation and download of application
6
Industrial Control Services
Software Validation Package for Winterpret (T3835)
Failure Mode (due
to random or
systematic faults)
Method of Detection for
Application Programs
Method of Detection
for GPL Templates
Editing / entry error
Mis-compare of readable
Source to original
specification
Mis-compare of Echo
File
to original template
specification
Source File corrupted
CRC error upon attempt at
source file retrieval, &/or
mis-compare of readable
Source to original
specification
CRC error upon attempt
at source file retrieval,
&/or mis-compare of
Echo File to original
template specification
Compiler error
Mis-compare of Check
File and Echo File
Mis-compare of Echo
File to original template
specification
Download corruption
Mis-compare of Check
File and Echo File
Mis-compare of Echo
File to original template
speci
fication
Application alteration
due to Regent
memory error
Caught by triplicated
voting / processing of data
Caught by triplicated
voting / processing of
data
Important!
Table 1.
Failure Modes and Effects Analysis of Application Program
Creation and Download Path.
Software Installation
The Software Validation Package is installed on the PC
running the WINTERPRET
W
INTERPRET base package provides the necessary installation
software to install this add-in validation package. The
validation package should be installed at the same time or
after you have installed the WINTERPRET
Installation Procedure
The files on the validation package diskette are in compressed
form. You cannot simply copy the files to your hard drive —
they must be decompressed before they will run. You must
have the WINTERPRET base package distribution disk in order
to run the setup procedure to install the validation package.
To install the Software Validation Package, use the following
sequence:
application software. The
base pa
ckage.
PD
- 7
045
March, 06
7
Software Validation Package for
1. Insert the WINTERPRET base package distribution disk into
drive A: or B:
W
INTERPRET
(T7835)
2. Start Windows (i
3. Choose Run from the Program Manager’s File menu.
4. Type a:\
W
INTERPRET base package disk in drive B: type
b:\setup.exe
5. In the WINTERPRET Setup dialog box enter the name of the
directory in which you have installed the WINTERPRET
base package (This assumes that you have already
installed WINTERPRET). Choose Continue.
6. In the WINTERPRET Installation dialog box check the
Validation Package box and the Create Validation Icon
box..
7. Choose OK to have the setup program install the Software
Validation Package.
When the installation is completed, you can run the Validator
application (from Windows) and Check, Gplcheck and Gplprint
(from DOS). The operating instructions for each of these
applications is described below.
setup.exe
f it isn’t already running).
in the text box. (if you inserted the
.) Choose OK or press ENTER.
Application Source Integrity Checker
8
Operation Description
The application source integrity checker has two programs,
Validator and Checker. Validator produces the assembly code
listi
ng files for program function blocks. Checker retrieves a
program from the Regent, disassembles the binary to an
assembly code listing, and compares the disassembled code to
the assembly code listing. Both programs are stored in the
W
INTERPRET system directory. Validator is a Windows
program that has its own DLLs and shares non-critical DLLs
with
W
INTERPRET. Validator duplicates the functionality
provided by
block compiler output. Checker is a DOS program.
programs are installed as part of the validation package.
Application program validation requires two steps; first use
W
INTERPRET, and differs only in the function
Industrial Control Services
These
Software Validation Package for Winterpret (T3835)
Validator and create the assembly code listings for each
program function block, then run Checker to retrieve and
compare the Regent’s version of the program to WINTERPRET
version.
’s
Operation Instructions for Validator
Start Validator by selecting the program icon for the
application or run the program from the Windows Program
Manager. Log on using a
passwo
rd. Recompile the program for validation by selecting
W
INTERPRET
user name and
the project and opening the program for validation. Create
the assembly code listings for the function blocks by compiling
all program function blocks.
Operation Instructions for CHECKER
Start check.exe from DOS in the
W
INTERPRET
system
directory and provide the names of the project and program
for validation. These names appear in the
W
INTERPRET
project selection and program editor menus. Also provide the
PC serial communication port as COM1 or COM2
. The
following are prompts displayed from check.exe. Check.exe
text is shown in bold letters and user responses are in italics.
PD
- 7
045
March, 06
9
Software Validation Package for
W
INTERPRET
(T7835)
check <project name> <program name> <communication port>
program path: <program path>
Attempting to get the function block list...
OK
Uploading: <function block name>
OK
Comparing...
Compiled file: <compiled assembly listing file name>
Uploaded file: <uploaded disassembled file name>
Function Block 1 <function block name>
<function block type> : All instructions match.
OK
U
ploading: <function block name>
.
.
.
Version 3 Integrity Checker
Project: <project name>
Program: <program name>
Number of function blocks: <function block count>
Integrity Check: PASSED on <date and time>
Figure 3. Messages displayed by CHECKER.
Guarded Peer Link Integrity Checker
The Guarded Peer Link integrity checker is a collection of
programs; gplcheck.exe for uploading and disassembling, and
gplprint.exe for printing a
configuration. Both DOS programs reside in the
system directory. The programs are part of the
validation package and are installed by the
installation program.
Operation Description for GPLCHECK
Gplcheck.exe is a DOS program that requires the name of the
W
INTERPRET project for validation, the PC serial port to use
for communication with the Regent, a file name to receive the
disassembled import templates, and a file name to receive the
disassembled export template. The
W
INTERPRET
network
W
W
INTERPRET
W
INTERPRET
W
INTERPRET
INTERPRET
project
10
Industrial Control Services
Software Validation Package for Winterpret (T3835)
provides tag names for the imported and exported variables.
The project also provides the variable types, and values for
comparison to the template values. The export file is an
ASCII text file containing the name and timestamp of the
W
INTERPRET network binary image, the GPL node number of
the export template uploaded from the Regent, the export
template ID or template CRC, and a list of exported variables
by tag name and variable type in the order that they are
exported. The import file is also an ASCII text file and it lists
each
of the import templates retrieved from the Regent. The
import listings include the exporting template ID and a
variable list. Each import variable has a tag name, variable
type, value assigned to the variable when the network is
started, the value assigned to the variable when the network
has an error, and whether the variable is assigned the time
out value or maintains its last commanded value when a
network error occurs.
Operation Instructions for GPLCHECK
Start gplcheck.exe from DOS in the
W
INTERPRET
s
ystem
directory. Following are the prompts displayed by gplcheck.
Gplcheck messages are in bold text and user inputs are
displayed in italics.
PD
- 7
045
March, 06
11
Software Validation Package for
gplcheck <comm port> <project name> <import file name>
<export file name>
Loading project dictionary.
OK
Reading import templates.
OK
Creating import file.
OK
Processing import templates.
OK
Reading export template.
OK
Processing export template.
Computing template CRC.
OK
OK
Template checking completed.
Successful.
W
INTERPRET
(T7835)
Figure 4. M
essages Displayed by GPLCHECK.
Export template definitions for REGENTA Tue Mar 15 15:24:31 1994
Binary image: C:\WINTERP\REGENTA\2NETWORK\2NWIMAGE.BIN Mon Mar 14 10:24:31 1994
Export node 3
Template CRC = 0x9f41
Name Type
CR10 SHCR
WORD8 SHW
FP9 SHFP
Summary: All addresses found.
Figure 5. Sample Listings for GPLCHECK Export File.
12
Industrial Control Services
Software Validation Package for Winterpret (T3835)
Import template definitions for REGENTA Tue Mar 15 15:24:31 1994
Binary image: C:\WINTERP\REGENTA\2NETWO
Provider node 2
Provider template CRC = 0x9f41
Name Type Power Up Val Timeout Val Timeout Action
No imports from this node.
Provider Node 5
Provider template CRC = 0xe8b5
Name Type Power Up Val Timeout Val Timeout Action
CR1 SHCR 0
CR10 SHCR 0
CR2 SHCR 0 1 USE TIMEOUT DEFAULT
FP9 SHFP 2.0032 -2.0032 USE TIMEOUT DEFAULT
Summary: All addresses found.
RK\
2NWIMAGE.BIN Mon Mar 14 10:24:31 1994
---
HOLD LAST VALUE
---
HOLD LAST VALUE
Figure 6. Sample Listings for GPLCHECK Import File.
Operation Description for GPLPRINT
Gplprint.exe creates an ASCII text file listing the
W
INTERPRET network configuration. The name of the
configuration file and its timestamp are listed in the file,
followed by a list of projects participating in the network, and
finally a list of variables provided by each of the participating
projects. The program needs the name of the output file
receiving the configuration listing.
Operation Instructions for GPLPRINT
Start gplprint.exe from DOS in the
directory and provide the listing file name. Following are
program prompts; gplprint messages are shown in bold text
and user inputs are show in italics.
W
INTERPRET
system
PD
- 7
045
March, 06
13
Software Validation Package for
W
INTERPRET
(T7835)
gplprint <listing file name>
Network listing file successfully written.
Figure 7. Messages Displayed by GPLPRINT.
Network configuration for:
C:\
WINTERP\2NET_DIR\2NETWORK.DAT Tue Mar 15 11:35:22 1994
Participating projects:
REGENTA
REGENTB
Variables provided by REGENTA:
CR1
CR10
CR2
FP9
Variables provided by REGENTB:
No variables provided by this project.
Figure 8. Sample Listings for GPLPRINT.
14
Industrial Control Services
Loading...