Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual

SAFETY MANUAL

D oc N umber T8094
I ssue 27 – June 2013

Page 11 of 103

2.2.1.5 Application Programming

An overall Application Program software architecture is to be defined. This
architecture will identify the software blocks and their allotted functions.

The application architectural design shall be used to define the additional requirements
resulting from the system hardware design. Specifically, methods for addressing
system specific testing, diagnostics and fault reporting are to be included.

It is highly recommended that simulation testing be performed on each software block.
This simulation testing should be used to show that each block performs its intended
functions and does not perform unintended functions.

It is also highly recommended that software integration testing be performed within the
simulation environment before hardware-software integration. The software
integration testing will show that all software blocks interact correctly to perform their
intended functions and do not perform unintended functions.

The development of the application software shall follow a structured development
cycle; the minimum requirements of which are:

• Architectural definition. The application program shall be divided into

largely self-contained ‘blocks’ to simplify the implementation and testing.
Safety and non-safety functions should be separated as far as possible at
this stage.

• Detailed design and coding. This stage details the design, and implements

each of the blocks identified during the architectural definition.

• Testing. This stage verifies the operation of the application; it is

recommended that the application blocks first be tested individually and then
integrated and tested as a whole. This should be initially undertaken within
the simulation environment.

The resultant Application Programs shall be integrated with the system hardware and
integration testing performed.

2.2.1.6 System Production

The system production stage implements the detailed system design. The production
techniques, tools and equipment used within the production testing of the system shall
be commensurate with the required safety requirements class.

2.2.1.7 System Integration

This stage shall integrate the Application Programs with the target systems. Where
multiple systems are used to meet the overall requirement, it is suggested that each
system undergoes individual application program and target system integration before
overall system integration is performed. To meet the requirements of the intended
safety requirements class, the system integration shall ensure the compatibility of the
software and hardware.