12 on-line modification, 1 application program – Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual

SAFETY MANUAL

D oc N umber T8094
I ssue 27 – June 2013

Page 47 of 103

After an application has been tested, and before any changes are made, a reference
copy of the compiled application should be made. After the application has been
modified, the new application is compared to the original application by using the
TicDiff utility. The utility will identify those programs that have changed since the
original application and are subject to re-test.

The TicVer utility is used to ensure that the reference copy of the original application is
the same as the application currently loaded into the TMR system.

3.12 ON-LINE MODIFICATION

As with any safety related system it is highly recommended that on-line changes not be
performed. Where changes have to be performed on-line, it is recommended that they
be performed when alternative safety measures are provided or when the affected
hazards cannot arise.

Certain modifications can be performed without directly affecting the system’s safety
function, for example the installation of additional modules. Although these
modifications will not affect the system’s operation until the system configuration and
application program have been modified, caution shall be exercised to ensure that the
modifications do not affect other safety functions.

The product allows for the on-line addition of modules, although these require
application program modification, which dictates the stop and reload of the application.
The addition of modules may be performed on-line to minimise the period of plant
downtime. Modifications to field and power wiring to accommodate new modules shall
be considered carefully.

Changes that affect the system’s ability to respond

safely, or may cause other plant disruption shall not be performed on-line
unless alternate protection measures can be implemented for the duration of
such modifications.

3.12.1 Application Program

The Trusted system supports two types of on-line updates: Normal Updates and
Intelligent Updates. Specifically, an on-line update consists of changing the currently
running application, loading those changes into the system, then having the system
“switch” to the updated application without interruption to the process that the
application is controlling. Normal updates are available in all released versions of the
Trusted system.

With Normal Updates, the TMR system allows limited changes to be made to the
application program on-line. These pre-defined limits restrict changes to logical
operation. Modifications that exceed these predefined limits automatically preclude on-
line modification and dictate that the application program be stopped before updating.

In addition to Normal Updates, Intelligent Updates are supported in release 3.4 and
above. Both on-line update features enable the user to modify the application while
the process is running. While both types of on-line updates perform essentially the
same function, Intelligent Updates allow the application to be modified in a number of
ways that Normal Updates would not allow.

If Intelligent Updates are too used they must be explicitly enabled for each project, and
the Intelligent Update Manager must have knowledge of the specific version of the
application that is currently running in the controller. Each time an application is
compiled, the Intelligent Update Manager uses it’s knowledge of the application
running in the controller to create an Intelligent Update recipe. This recipe contains a
signature of the application running in the target, and information on how to perform
specific mapping for variables and function block instance data. It is the recipe that
allows the value of variables and function block instance data to be preserved across
an on-line update.

The Intelligent Update Enhancement section of 8082B Product

Description (PD) must be read and understood before Intelligent Update is used.