3 testing of new or previously untested functions – Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual
Page 63
SAFETY MANUAL
D oc N umber T8094
I ssue 27 – June 2013
Page 42 of 103
3.11.3 Testing of New or Previously Untested Functions
The TMR system Tool set comprises a number of function blocks that can be
combined together to form a project application.
The use of these function blocks
in safety certified systems is only permitted once they have been tested for
correct operation. A list of the functions tested prior to the initial certification the TMR
system is provided in section 5 of this Manual.
The new or previously untested function may be:
•
a generic function block, which forms part of the Toolset, but has not previously
been subject to the level of testing defined herein, or
•
project specific function block, which is written to meet the needs of a particular
feature within an application program, and may comprise a number of generic
function blocks or other program functions
If a previously untested function block is needed, the function block must be tested in
accordance with 3.11.3.1 to 3.11.3.7.
3.11.3.1 Test Method
Each function to be tested shall be placed within an application test harness using the
TMR system Toolset that exercises its capabilities. The implementation of this
harness shall be such that the function block is exercised automatically, so that the
test is repeatable.
As a minimum each test harness shall comprise of all of the following:
•
Function Block under test
•
Alternative implementation of the function block
•
Function generator
•
Main and alternative comparison Pass/Fail Flag
•
Test results register
Where practical, and with the exception of time, results of the test shall be
automatically recorded and should not require a human to count or record dynamic
data.
3.11.3.2 Alternative Implementation of the Function Block
The test harness shall include an alternative implementation of the function being
tested. This implementation shall be performed using features of the tool set that are
as diverse as possible from the actual function block.
For example an “Or Gate” can be simulated by counting the number of inputs set to a
logical “1” and determining that the count is greater than or equal to 1.
3.11.3.3 Function Generator
The operation of the test harness shall be automatic; a function generator shall be
provided to generate the stimuli for the function under test. This function generator
shall be as simple as possible and shall not contain the function under test.
3.11.3.4 Main and Alternative Comparison Pass/Fail Flag
The results of the alternative implementation shall be compared with the results of the
function under test; discrepancies shall cause a “main and alternative comparison fail
flag” to be set.