2 choosing application logic, 3 detecting and handling faults, 10 using the autotest management function blocks – Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual
Page 105: 1 function block library
SAFETY MANUAL
D oc N umber T8094
I ssue 27 – June 2013
Page 84 of 103
Make sure that you have application backups which are representative of the running
system. In particular, the system configuration files and application logic in the backups
must be identical to the files in use in the original system at the time of the upgrade.
9.9.2 Choosing Application Logic
The Trusted
TM
system supports Ladder Logic, and so it is possible to use Ladder Logic
for the new application. This will minimise the changes and training requirements for
existing users.
9.9.3 Detecting and Handling Faults
The T8110 TMR processor in the Trusted
TM
system provides comprehensive
diagnostic coverage for the detection of faults up to and including the T8162 CS300
bridge modules.
In the legacy system, the diagnostic coverage of the CS300 I/O modules and their
termination modules relied on the use of special configurations of modules, and the
execution of line tests which were built into the ICCBs. The tests tried to stimulate the
input and output paths while looking for faults, and used this method to find and isolate
faulted hardware modules. The migrated application must include suitable function
blocks which replicate these line tests. The function blocks are supplied by Rockwell
Automation. The migrated application can then mimic the behaviour of the original.
The system uses standard CS300 digital output channels to ‘pat’ (refresh) the
watchdog timer in the TM118-TWD watchdog module. Outputs which are used for
safety instrumented functions are programmed to go to a safe state when the
watchdog times out. This mechanism caters for those faults, such as the failure of two
bridge modules, which cause a loss of control of output modules.
9.10 USING THE AUTOTEST MANAGEMENT FUNCTION
BLOCKS
The original ICCBs had dedicated instructions to do the self-test of the CS300 I/O
modules and termination modules. In the migrated system, the behaviour of these
instructions must be recreated by the migrated application.
The Trusted Toolset
TM
includes a set of ready-made function blocks which you must
use to test all of the CS300 inputs and outputs used for safety instrumented functions.
These function blocks are collectively known as the Autotest Management Function
Blocks. ‘Auto’ means ‘self’, and so the ‘autotest’ describes a series of self-tests. The
function blocks run their tests at defined times, each day. The tests help to make sure
that, if a demand occurs, the system can respond to the demand.
This section explains how to use the function blocks in the migrated application.
You must include the autotest functions in the migrated application – they are not a
routine built into the controller.
9.10.1 Function Block Library
The function blocks are supplied as a library that accompanies the installation of the
T8162 CS300 bridge module. This is typically an install disc supplied with the Trusted
Toolset
TM
.
The migrated application must use the library for all safety-related I/O points, for the
following reasons:
•
The library gives a constant style of implementation of the autotest functions
across different systems. This is easier to validate than project-specific
implementations.
•
The library performs the autotests correctly.