2 language selection – Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual

SAFETY MANUAL

D oc N umber T8094
I ssue 27 – June 2013

Page 41 of 103

3.11.2 Language Selection

The

IEC1131 TOOLSET offers many programming tools to develop algorithms to

meet the needs of virtually any real-time control application. The configuration and
programming languages approved for use in

SIL 3

safety related application is shown

in Table 8.

Safety

Related

Function Block (FB)

Instruction List (IL)

Structured Text (ST)

Ladder Diagrams (LD)

Non-Safety

Sequential Function Chart (SFC)

‘C’

Table 8 - Safety Related Programming Language

• Safety Related Languages. For those languages that have been classified as

‘safety related’. Commonly used functions have been exhaustively tested and may
be used freely. Those included within the certification testing are shown in para. 5.
Further functions may be used subject to completion of testing commensurate with
the level used for the commonly used functions.

• Non-Safety. The languages that have been classified for non-safety related

application only shall NOT be used within a safety-related system.

IL and ST include program flow control functions; these functions shall be used with
caution to ensure that infinite loop or omitted logic conditions do not result.

Where

these constructs are used, it is recommended that full branch and data coverage
tests be performed on these sections of program. It is recommended that only
Boolean conditions be used for these constructs to ensure that a feasible set of
tests can be applied.

Application programmer generated function blocks may be created either on a project
specific or library basis.

Where these functions are to be used for safety-related

applications, they shall be subject to exhaustive testing, commensurate with
that used for the commonly used functions (see para. 3.11.3). Once the function
block has been subject to this level of testing it may be used as for commonly used
functions.

There is provision for the TMR system

to support multiple programs within a project. A

complete project may be classified as safety or non-safety related. A safety-related
project may use the safety programming languages; non-safety programming
languages cannot be used. A project classified as non-safety may use any of the
programming languages and the full instruction set but shall not be used to implement
safety related functions. A checklist for the selection of programming languages is
given in para. 4.2.2.