2006 User Conference

Safety System Simulation : Using the Virtual Process Link

& Technology Fair

gwith Prosafe RS

Winston Jenks / Cedric OudinotTechnical Dir / Marketing Mgrg g

November 28, 2006

Company Logo

• Privately owned software company

A word about Cape SoftwareYokogawa Technology Innovations Fair & User Conference

• Privately owned software company– HQ in Houston, TX

• Over 15 years of experience in the process simulation y p parena delivering high quality process models

• Three Products:VP Li k ( O t T i i )– VP Link ( Operator Training)

– Test Compiler ( Logic Validation)– XP TrendCorder ( Hi-speed process trending & archiving)

• End users from:– Oil and Gas

Chemicals– Chemicals– Pharmaceuticals– Integrators

Page 2

TitleNov/Dec 2006

• Provide tools to improve FAT execution

What are we trying to do?Yokogawa Technology Innovations Fair & User Conference

• Provide tools to improve FAT execution– 21st Century Software version of HW panel– Multi-user interface allows teams to work simultaneously– Can check logic/communication in multi-vendor systems

• Provide value for the customer during Safety Lifecycle• Provide value for the customer during Safety Lifecycle– Adhere to OSHA and IEC Testing Standards– Use a Structured Test Procedure– Test Procedure generates documentation and Test Scripts– Running the tests produces electronic test logs– Stored tests are run periodically to revalidate logicp y g– Enable integrated training with DCS

Page 3

TitleNov/Dec 2006

What is Process S(t)imulationYokogawa Technology Innovations Fair & User Conference

A dynamic representation of a complex process to an offline control systemp y

Read value of outputs VP Link Server

EngineeringWorkstation

CalculateProcessVariables

Write simulated inputs

Page 4

TitleNov/Dec 2006

VP Link / Prosafe RS InterfaceYokogawa Technology Innovations Fair & User Conference

• Extraction Utility builds VP Link database• Non-invasive

– Positively No change to safety application– Connects at the I/O level to allow for full

f i l ifunctional testing

• Connects to :“ l” t ll– “real” controller

– Emulated PC controller ( Simulation Mode)

• No limits on number of points or controllers• No limits on number of points or controllers

Page 5

Logic Validation with VP Link on Prosafe RSNov/Dec 2006

VP Link / Prosafe RS InterfaceYokogawa Technology Innovations Fair & User Conference

Test Types

Page 6

Logic Validation with VP Link on Prosafe RSNov/Dec 2006

VP Link / Prosafe RS InterfaceYokogawa Technology Innovations Fair & User Conference

VP Link Connection

Page 7

Logic Validation with VP Link on Prosafe RSNov/Dec 2006

VP Link / Prosafe RS InterfaceYokogawa Technology Innovations Fair & User Conference

Virtual Test mode• Security – None requiredy q• Locking

– Input locking not required, I/O is not connected– Internal variable locking is required

• Data Source– Inputs -- Logical values are written– Outputs -- Logical values are read

Page 8

Logic Validation with VP Link on Prosafe RSNov/Dec 2006

VP Link / Prosafe RS InterfaceYokogawa Technology Innovations Fair & User Conference

Target Test Mode• I/O values are forced• Normal security of Prosafe is enforced on SCS

Page 9

Logic Validation with VP Link on Prosafe RSNov/Dec 2006

V-Approach methodology:towards error-free safety logic on a new project

Yokogawa Technology Innovations Fair & User Conference

Safety Requirement

Pre Start-Up Safety

Narrative

Spec

Run manualTests

Review

Cause & Develop

Tests

Effect

Function Bl k

Black Box

Scenarios

BlockDesign

Functional

Testing

Deliverable

Page 10

Logic Validation with VP Link on Prosafe RSNov/Dec 2006

Functional LogicVerification

I have a functional SIS already!Yokogawa Technology Innovations Fair & User Conference

OSHA 29 CFR P t 1910OSHA 29 CFR Part 1910Emergency Shutdown systems :Document each inspection and test, including:

-Date of testN f h f d th t t [ ]

IEC-61511-116.3.1.1: Periodic proof test shall be conducted using a written

-Name of person who performed the test [..]-Description of test results

conducted using a written procedure to reveal undetected faultsOur Answer ?

IEC 61508

Test CompilerIEC-61508Part 1,7.18: Information on the verification activities shall be collected and documented as evidence that the phase being verified has, in all respects, been satisfactorily completed.Part 1,7.14 :Documentation for validation shall include:

A ti iti i h l i l d

Page 11Logic Validation with VP Link on Prosafe RSNov/Dec 2006

-Activities in chronological order-Discrepancies between expected and actual results

VP Link Test CompilerYokogawa Technology Innovations Fair & User Conference

• Generates Test Scripts, using an Excel front-end• Scripts Based on User Test Plan and Functional p

Specifications• A Script is a stand alone entity that AUTOMATICALLY :

F i t t ifi d St t– Forces inputs to a specified State– Compares the outputs to the expected state table ( Cause and

Effect Matrix)– Logs errors to HTML format

• Runs and documents entire test plan unattendedR lt S i tilit• Results Summarizer utility

• Scenario Template Generator

Page 12

TitleNov/Dec 2006

Test Compiler Input FormatYokogawa Technology Innovations Fair & User Conference

• Similar to a Cause and Effect Matrix• Similar to a Cause and Effect Matrix• Verify ALL output changes, not just one prescribed by test• High Level language and keywords for maximum flexibility

– Sequence– Interlocks / SD / Fire & Gas

Page 13

TitleNov/Dec 2006

Test Compiler output (1): DocumentationYokogawa Technology Innovations Fair & User Conference

HTML Test descriptionD:\tb40\Books\Refinery\BMS.xls[templates]

Source

Documentation created: Jun 19, 2003 at 13:08Source File: D:\tb40\Books\refinery[template] last modified Jun 19, 2003 at 13:03Purpose:This scenario will: Start Heater Purge and Verify Purge CompletionVP Database:This scenario is designed to run with the database in refinery 5.cfg. Click on these links for the list of input and

History

Database

This scenario is designed to run with the database in refinery_5.cfg. Click on these links for the list of input and output tags. If this scenario was built from a template, then the tags will be listed, but they will be marked as "not found".Defaults:The standard delay inserted before values are checked is 0 seconds for this scenario. The relative tolerance used in the test for equality is 0.002 %. Values in SET_HI and SET_LO commands are set 1 units above or below the alarm value specified in the Excel sheet.

Global Parameters

v ue spec ed e ce s ee .Scenario Actions:…… Turn i17HS0669B OFF, Field Trip for Heater

Line 4(Row 6): Set i17HS0669B to the OFF state. Set i17XSC1971 to the OFF state. Wait for seconds beyond the standard delay before continuing

Scenario Steps standard delay before continuing.

Line 5(Row 7): Set i17HS0669B to the ON state. Set i17XSC1971 to the ON state.… Get Heater Ready to Purge… Set Level i17LT1641 to 10Line 8(Row 10): Set i17LT1641 to 10.

ETC

p

Page 14TitleNov/Dec 2006

ETC….

Test Compiler output (2): Test Result LogYokogawa Technology Innovations Fair & User Conference

Scenario Log Sample0 Starting test 'D:\TB40\BOOKS\FLINT\PLC5\H1_BRNR.SCE'

at Wed May 28 18:23:48 20031181 # …1181 # … 17H-1 Start Main Burner Sequence1181 # … Satisfy and Reset Fuel Gas Trip1181 # … Turn i17HS1964, i17HS1964A ON to Satisfy FG Trip5397 # … Turn i17HS1964RST ON to Reset FG Trip9614 # T i17HS1923 ON t St t M i B

Time stamps9614 # … Turn i17HS1923 ON to Start Main Burner13830 # Test at line 10 of 'H1_BRNR.SCE' ON i17HS192313830 Verification <i17XY1904> = 1.000000 passed13830 **Verification <i17XY2419> = 1.000000 FAILED Value is 0.00000013830 Verification <i17YL1906> = 0.000000 passed13830 Verification <i17XY1907> = 0 000000 passed13830 Verification <i17XY1907> 0.000000 passed13830 Verification <i17YL1921> = 0.000000 passed13830 # …13830 Closing test log after 0 mins 13.8 secs at Wed May 28 18:24:02 2003

0 Starting test 'D:\TB40\BOOKS\FLINT\PLC5\H1_BRNR.SCE'

Assertion passed

at Wed May 28 18:26:34 2003851 # …851 # … 17H-1 Start Main Burner Sequence851 # … Satisfy and Reset Fuel Gas Trip

Assertion Failed

Page 15

TitleNov/Dec 2006

• BASF Site

Case StudyYokogawa Technology Innovations Fair & User Conference

– 7 SIS systems– Running for 5 years

Upcoming turnaround needs to revalidate all logic SIS up to specs– Upcoming turnaround, needs to revalidate all logic SIS up to specs

• User led Cost Analysis study between:– Option 1: Manual re-certification ( considering C&E/documentations

not up to date), including man-hours only (no resource constraint)– Option 2: Automating entire test plan using Test Compiler®

• Results:– Option 1: not feasible, 10% costlier than option 2 and one-shot

O i 2– Option 2:• Independent third party validation• Reusable change management tool for periodic testing• Fully Automated• Always Up to date Test Plan

Page 16

TitleNov/Dec 2006

• VP Link is a proven in use solution for logic

ConclusionYokogawa Technology Innovations Fair & User Conference

• VP Link is a proven in-use solution for logic validation– It is cross platform (DCS/PLC/SIS)

• Quadlog• Quadlog• CS3000• ProsafeRS

– It is easy to use, learn and maintain (graphic oriented)

• Test Compiler makes compliance with IEC 61508 & 61511 a PLANT REALITY

• Versatile, VP Link is also used for Operator Training– High-fidelity simulation blocks available– Trainee performance assessment module– Actual graphics/control applications used in native control

environmentLow Total Cost of Ownership– Low Total Cost of Ownership

Page 17

TitleNov/Dec 2006

BackupYokogawa Technology Innovations Fair & User Conference

BACK UP SLIDESBACK-UP SLIDES

Page 18

Logic Validation with VP Link on Prosafe RSNov/Dec 2006

Simulation Screen ShotsYokogawa Technology Innovations Fair & User Conference

Automated Tag sheet

Input/Output sheets per ESD

HMI for advanced testing t i ior training

Page 19

TitleNov/Dec 2006

VP Link for Yokogawa CS3000 / Prosafe RSYokogawa Technology Innovations Fair & User Conference

Trainer Station

VP Link/ CS3000 InterfaceExa OPC

Serverwith VP3 driver

Redundant

with VP3 driver

VP Link/RSInterfaceRedundant

Ethernet /V-NetInterface

ProSafe RS HIS

Page 20

TitleNov/Dec 2006

ProSafe RSController or emulated

Trainee Station

FCS Controllers (or emulated in Test Function)

VP Link for Yokogawa CS3000 / Prosafe RSYokogawa Technology Innovations Fair & User Conference

VP Li k D i ll h l ki VP Link Driver allows you to set the locking strategy depending on which target you useuse

Page 21

TitleNov/Dec 2006

VP Link for Yokogawa CS3000 / Prosafe RSYokogawa Technology Innovations Fair & User Conference

D ’ d f i bl h i Don’t need to force variables when running in Virtual Test mode

Page 22

TitleNov/Dec 2006

VP Link for Yokogawa CS3000 / Prosafe RSYokogawa Technology Innovations Fair & User Conference

VP Li k d / i h L i l V lVP Link reads/writes the Logical Value

Page 23

TitleNov/Dec 2006