ML091380436: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
=Text= | =Text= | ||
{{#Wiki_filter:TELeEPERM XS | {{#Wiki_filter:TELeEPERM XS Permissionsand OperatingModes 3/4-1 ii g 7XS Runtime Environment- April 15, 2009 | ||
%oEi--id e | |||
TXS Service Unit -Interaction With TXS CPUs Two diverse means of access control/I-TXS Runtime Environment-April | R u n tim e Ei,viron m e n t (R T,-'-7.) | ||
*I Call and data interface to all FD modules running on one CPU with one and the same cycle time | Operating-fo,.,ý;'.Iodes %oEi--id e rating de Tr- 3ý TXS Runtime Environment- April 15, 2009 | ||
. | |||
The | Runtime Environment (RTE) | ||
-Binary signal transfer V Use: Transferring the 7 binary signals BI1 to B17 whose meaning is predefined in the parameterization mask to the runtime environment, .7XS Runtime | Privilege and Permissions for Mode Transitions TXS Runtime Environment- April 15, 2009 3 | ||
f 7XS Runtime Environment-April 15, | Permissionsfor OperatingModes The position of a key switch is connected via a hard wire to a 2 | ||
-oois wintrw aeip F-T | binary input board channel, e.g. of a TELEPERM XS 8430 board The binary input signal of the I/0 board is cyclically read by the input boarddriver of the I/0 board. | ||
-ýEd Viee Dicument Took Wtnd&o& Hel[2 36 F~1O % Li | TXS Runtime Environment- April 15, 2009 4 | ||
(1)7X utm niomnt pi 5 092 7XS Runtime Environment-April 15, 2009 22 FB RTE-INPUT Function Block Source Code (2) | |||
ý FB RTE-OUTPUT T n=.o : R ,: L i'RTE-OUTPUT | Graphic Service Monitor GSM Overview of currentI&C state | ||
.4";GSM t-P Foreach CPU: B -N' Current operatingmode IM Granted permissions 5 | |||
FS RTE-OUTPUT K/i 15 wricov4 ýei x | TXS 7XS Runtime April 15, Environment- April Runtime Environment- 2009 15, 2009 5 | ||
The information is output as sixteen individual binary output signals (501 to BO16) whereby the respective output signal has the value 1 (= TRUE) if the assigned piece of information is output by the runtime environment, otherwise 0 (= FALSE)TXS Runtime Environment-April 15, 2009 28 Data Interface FB- <-4 RTE Data Structures (au.h) (1) | TXS Service Unit -Interaction with TXS CPUs Release of RTE operation modes TXS Runtime Environment- Anril 15. 20096 | ||
(1) | ...... .. ....... . . ri... . ., 2. . . | ||
(3) | |||
Program Structure of the Runtime Environment, V2.30, 2002-02-25 Kind of Test: Type test | TXS Service Unit - Interaction With TXS CPUs Two diverse means of access control | ||
Program Structure of the Runtime Environment, V2.30, 2002-02-25 Kind of assessment. | /I-7 TXS Runtime 7XS April 15, Environment- April Runtime Environment- 2009 15, 2009 7 | ||
Assessment of the documents and the execution of the | |||
Kind of assessment: | TXS Application Software Function Diagram (FD) Modules Function Diagram Group (FDG) Modules | ||
Technical report: | > Function Diagram (FD) module: | ||
" Code resulting from automatic code generation of function diagrams (FDs) being engineered on SPACE engineering tool | |||
" Implements the code for the engineered applicationspecific W&C functions | |||
" Code consists of calls to StandardFunction Block libraryfunctions being connected for the specific I&C function | |||
> Function Diagram Group (FDG) module: | |||
in Code resulting from automatic code generation | |||
.. | *I Call and data interface to all FD modules running on one CPU with one and the same cycle time IMMax. 2 FDG modules per CPU 8 | ||
TXS Runtime Environment-April 7XS Runtime 15, 2009 Environment- April 15, 2009 8 | |||
: | .SignalPropagationon a ProcessingModule Call Graph of fdg-compute Function 7XS Runtime Environment- April 15, 2009 9 | ||
Processing:units Which exchange signals but are otherwise mutually independent have only effect on each others time response within-the limits of the engineered communication functions. | |||
Run-time of Application Software Linear Structure of FDG Modules Function Diagram Group Module FD Module I Copy signals Copy Function Diagram Module I FD Module 2 Copy signals output siqnals -to destination Function IFD Module 3 Copy signals Diagram input signals. | |||
IFDModulen Copy signals I FDModulen+I Copy signals FD Module n+I I Copy signals 10 7XS Runtime 7)(S April 15, Environment- April Runtime Environment- 2009 15, 2009 10 | |||
Run-time of Application Software Extract from Function Diagram (FD) Module TXS Runtime Environment- April 15, 2009 11 | |||
Run-time of Application Software Computing Time of FDG Module Parts FDG FDG FDG FD 1 1 FD FD FD FD FD FD FD FD FD FD ED FD U Tcom Tcom FDG modules and FDG module parts:alwayscontain complete FD modules. | |||
FD modules are never split into multiple functions. | |||
The distributionof FD modules to FDG parts is based on the FB module computing times. | |||
7XS Runtime Environment- April 15, 2009 12 | |||
Run-time of Application Software Computing Time of Function Block Modules F FB ID 456 FB Name Init | |||
+ Param | |||
+ Comp Param | |||
+ Comp Comap COMP 457 458 459 460 461 501 502 507 520 1 1 1 1 F | |||
~c ~he | |||
_j 13 Runtime Environment-TXS Rwitirne TXS April 15, Environment- April 2009 15, 2009 13 | |||
FB RTE-INPUT Pictogram RTE-INPUT - Binary signal transfer V | |||
Use: | |||
Transferring the 7 binary signals BI1 to B17 whose meaning is predefined in the parameterization mask to the runtime environment, . | |||
14 7XS Runtime Apr11 15, Environment- April 7XS Runtime Environment- 2009 15, 2009 14 | |||
FB RTEoINPUT Design of PictogramLayout Eil Edit View Pocument Tools WLindow e ____________ _________________ | |||
--- 36- ~ ~ % | |||
7 Pictogramme: | |||
f 15 7XS Runtime Runtime Environment- April 15, Environment- April 2009 15, 2009 15 | |||
FB RTE-1-1"PuT Definition of Pictogramin Database jcumant Tut5 vools H~q x K 21 j 36jlO7> f T | |||
::Z 2 _Z* *i* ,: 2 __ C 9i :V 7XS Runtime Environment- April 15, 2009 16 | |||
FB RTE-INPUT 1/0 Ports 1 Variable 1.1 Ein -iAusgangssigna le: | |||
IJ 7XS Runtime Environment- April 15, 2009 17 | |||
FB RTEaINPUT Data Transfer Between FB and RTE SL1ocument - oois wintrw aeip 12636 F-T F110071 - ~ E 1.5 interne Variable: F I Name I rDatentyp IBed eutung | |||
-7j1 18 TXS Runtime Environment-7XS Runtime Environment- April 15, 2009 April 15, 2009 18 | |||
FB RTE..INPUT | |||
-Qfuctogram | |||
-ýEd Viee Dicument Took Wtnd&o&Hel | |||
[2 36 F~1O% Li _ | |||
Anlage 4 zu FANP NGLTS 2002 091 TXS-En1wicklungsdokLumem, Version 2,02: AU-INPUT 7XS209 Rntim Envronmnt- Aril 5, 1 7XS Runtime Environment- April 15, 2009 19 | |||
FB RTE-INPUT Function Block Interface Structure (HeaderFile) 7XS Runtime Environment- April 15, 2009 20 | |||
FB RTEeiNPUT Function Block ForwardDeclaration(HeaderFile) 21 TXS Runtime 7XS Environment- April Runtime Environment- April 15, 2009 15, 2009 21 | |||
FB RTE5INPUT Function Block Source Code (fbS01.c) (1) 7X utm niomnt pi 5 092 7XS Runtime Environment- April 15, 2009 22 | |||
FB RTE-INPUT Function Block Source Code (2) 7XS Runtime Environment- April 15, 2009 23 | |||
FB RTEoINPUT Function Block Source Code (3) | |||
TXS Runtime Environment- April 15, 2009 24 | |||
F-mf RTEoINPUT Function Block Source Code (4) | |||
TXS Runtime Environment- April 15, 2009 25 1) | |||
ýFB RTE-OUTPUT T n=.o ,* : R * ,: L i' RTE-OUTPUT Output of status and fault information Symbol: | |||
Menu: Function diagram: | |||
~2 Use: | |||
Output of status and fault information from the. runtime environment to a function diagram in the form of binary signals 26. | |||
7XS Runtime TXS April 15, Environment- April Runtime Environment- 2009 15, 2009 2&. | |||
FS RTE-OUTPUT K/i 15 wricov4 ýei x Input / output signals: | |||
L~JI Signal Direction Type Port Meaning Defaults II I ID I - value Fault status ITest status IJ TXS Runtime Environment- April 15, 2009 27 | |||
FB RTEINPUT I | |||
Function: | |||
FB RTE-OUTPUT-1 receives fault and status information from the runtime environment thus enabling further processing on function diagrams. | |||
The input signals of the function block are assigned to the pieces of information of the runtime environment in the course of linking the entire software for the processing module to the modules of the runtime environment. | |||
Ifthe runtime environment does not return OK, the function block stops executing. | |||
The information is output as sixteen individual binary output signals (501 to BO16) whereby the respective output signal has the value 1 (= TRUE) if the assigned piece of information is output by the runtime environment, otherwise 0 (= FALSE) | |||
TXS Runtime Environment- April 15, 2009 28 | |||
Data Interface FB- <-4 RTE Data Structures (au.h) (1) 7XS Runtime Environment- April 15, 2009 29 | |||
Data Interface FB <- RTE Data Structures (2) 7XS Runtime Environment- April 15, 2009 30 | |||
Data Interface FB e-4 RTE Module locale (static) variables 31 Runtime Environment-7XS Runtime April 15, Environment-April 2009 15, 2009 31 | |||
Data Interface FB <-4.RTE RTE functions (fdgifc.c) (1) 7XS Runtime Environment- April 15, 2009 32 | |||
Data Interface RTE functions FB f-4 RT | |||
-I TXS Runtime Environment- April 15,2009 33 | |||
Data Interface FB <-4 RTE RTE functions (fdgifc.c) (3) 7XS Runtime Environment- April 15, 2009 34 | |||
u-ti RTE Datainteoface FB Invocation of RTE functions (4) | |||
TXS Runtime Environment- April 15, 2009 35 | |||
Signal Propagation on a Processing Module Call Graph of FDGEOutputFunction | |||
( | |||
TXS Runtime Environment- April 15, 2009 36 | |||
Signal Propagationon a Processing Module Call Graph: Output Signals to I/O Board 7X utm niomnt pi 5 093 7XS Runtime Environment- April 15, 2009 37 | |||
Su"/ RTE Command Interface (Extract) fl'WRITE FDG (E) 7"XS Runtime Environment- April 15, 2009 38 | |||
SQ RTE Command Interface WRITEFDG (2) | |||
/J 39 7)(S Runtime TXS Environment- April Runtime Environment- 2009 15, 2009 AprU 15, 39 | |||
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (1) | |||
TXS Runtime Environment- April 15, 2009 40 | |||
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (3) 7X utm niomnt pi 5 094 TXS Runtime Environment- April 15, 2009 41 | |||
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (4) 7XS Runtime Environment- April 15, 2009 42 | |||
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (5) 7XS Runtime Environment- April 15, 2009 43- | |||
CycRic RTE Mode Evaluation RTE MODE Evaluation Function (6) 6f 44 TXS Environment- April Runtime Environment-TXS Runtime 15, 2009 April 15, 2009 44 | |||
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (7) 7X utm niomn-pi 5 094 7XS Runtime Environment- April 15, 2009 45 | |||
Results from the Generic Qualification RTE Qualification Certificate No.: TXS-AU-0902-06 SW Component: Program Structure of the Runtime Environment, V2.30, 2002-02-25 Kind of Test: Type test analogousto KTA 3503 and in compliance with IEC 880 including evaluation of the test runs performed in a test environment Test Report: "2ndsupplement to the technical test report on the type test of the program structure of the Runtime Environment of TELEPERM XS", | |||
V 2.00, ISTec GmbH, Garching,September 2002 Test result: The test has passed according to the 2nd supplement of the test report above. | |||
7XS Runtime Environment- April 15, 2009 46 | |||
Results from the Generic Qualification System Integration Test Certificate No.: TXS-AUST-1006-03 Subiect of test: TELEPERM XS integrationtest (AUST-Il) | |||
SW Component: Program Structure of the Runtime Environment, V2.30, 2002-02-25 Kind of assessment.Assessment of the documents and the execution of the integrationtest in a manner consistent with KTA 3506 and in compliance with IEC 60880 Technical report: ", V 1.00, IS Tec GmbH, Garching and TUV NORD SysTec GmbH & Co. KG, Hamburg, October 2006 47 7XS Environment- April Runt/me Environment-7XS Runtime 15, 2009 April 15, 2009 47 | |||
L£s2rec Certificate for the Digital Safety Instrumentation andl Control System TELEPERM XS Certificate number: TXS-AUST-1006-03 Subject of test: TELEPERM XS integration test (AUST-Il) | |||
(For list of documents see appendix 1) | |||
Test execution: AREVA NP GmbH Kind of assessment: Assessment of the documents and the execution of the integration test in a manner consistent with KTA 3506 and in compliance with lEO 60880 Technical report: "Ergtnzender Technischer Pr0fbericht zum Integrationstest der Hard-und Software:fur TELEPERMXS", V 1.00, ISTec GmbrIH,,Garching, and TOV NORD SysTec GmbH &.Co. KG, Ham'burg, Oktober 2006 Requirements: see technical report Orderer: AREVA NP GmbH Main contractor: Institut fOr SiCherheitstechnologie (ISTec) GmbH, Garching Project management: Institut fur Sicherheitstechnologie (ISTec) GmbH, Garching Assessment Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching organizations: TOV NORD SysTec GmbH & Co. KG, .Hamrburg Assessment period: April 2003 to September 2006 Assessment result: see appendix 3 Date: 31. October 2006 Assessors: see appendix 2. | |||
Project management: .. | |||
A. Lindner (ISTec) | |||
Page 1 of 6 | |||
Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 1: Documents: | |||
TXS-Testspezifikation, Version 1.00: V1.00 20.08.2004 Integrationstest FANP NGLTS/02/157 TXS-TeStbericht, Version 1.00: Integrationstest V1.00 06.04.2006 NGLTS/2003/de10008, Rev. B Appendix 2: Assessors: | |||
ISTec TOV NORD SysTec M. Baleanu U..Anders E. Hoffmann Dr. D. Haake Dr. A. Lindner G. Krage J. Mdrtz E.-U. Mainka H. Miedl Page 2 of 6 | |||
SrvNo, Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03, Appendix 3: Assessment result: | |||
The assessment was passed as stated in the technical report. The following system. characteristics are confirmed for: systems that follow the design criteria which were the basis of the system configuration referenced in the test report: | |||
: 1. The type-tested hardware and software components can be assembled to an operable system if the engineerihngsystem SPACE is used. | |||
: 2. Processing and communication cycle times are not influenced by external process states (measured signals, amount:0ofalarms and monitored information). | |||
: 3. Mutuallyindependent I&C functions are processed as specified according to their chronological order and their input- signals. | |||
: 4. Mutuallyindependent processing units (in accordance with report KWU NLL5f199611.10c) do not affect each other regarding their operating modes and their time behaviour. Processing:units Which exchange signals but are otherwise mutually independent have only effect on each others time response within-the limits of the engineered communication functions. | |||
: 5. Interference on cables with violation of the measuring range and input module failures are detected, marked as signal failures and indicated-. | : 5. Interference on cables with violation of the measuring range and input module failures are detected, marked as signal failures and indicated-. | ||
Signals detected as faulty are processed and indicated by the system components (runtime environment, iO drivers, function blocks) as defined in the specification. | Signals detected as faulty are processed and indicated by the system components (runtime environment, iO drivers, function blocks) as defined in the specification. | ||
Page 3 of 6 Certificate for the Digital. Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result (continued): | Page 3 of 6 | ||
Certificate for the Digital. Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result (continued): | |||
: 6. Transmission failures onTXS Ethernet (Hi) and TXS Profibus (L2) busses are detected, processed and indicated in accordance with the specification. | : 6. Transmission failures onTXS Ethernet (Hi) and TXS Profibus (L2) busses are detected, processed and indicated in accordance with the specification. | ||
Single message failures are tolerated by the system. Furthermore, on TXS Ethernet (H1) busses double message failures are tolerated. | Single message failures are tolerated by the system. Furthermore, on TXS Ethernet (H1) busses double message failures are tolerated. Interference caused by a receiving unit on the sending one is impossible. | ||
Interference caused by a receiving unit on the sending one is impossible. | : 7. Sending and receiving processing units execute their functions asynchro-nously-if no"expedited messages" are sent via serial bus links, with the exception of voter sub-units monitoring each otheer. Lost, messages are treated like transmission errors. Thus failuresoUf individual sending process-ing units are.always tolerated if signa i.information. is distributed via redundant trains and special fault propagation ibarrier function blocks are used on the receiving processing modules. | ||
: 7. Sending and receiving processing units execute their functions asynchro-nously-if no"expedited messages" are sent via serial bus links, with the exception of voter sub-units monitoring each otheer. Lost, messages are treated like transmission errors. Thus failuresoUf individual sending process-ing units are.always tolerated if signa i.information. | : 8. Single failures0ofactive and passive hardware modules are detected and indicated corresponding to the implemented monitoring rmechanisms (self-monitoring, monitoring of the communication, cabinet annunciation system). | ||
is distributed via redundant trains and special fault propagation ibarrier function blocks are used on the receiving processing modules.8. Single failures0ofactive and passive hardware modules are detected and indicated corresponding to the implemented monitoring rmechanisms (self-monitoring, monitoring of the communication, cabinet annunciation system).Multiple failures are detected and indicated if sufficient resources (for example communicating processing units and communication'processors) are provided. | Multiple failures are detected and indicated if sufficient resources (for example communicating processing units and communication'processors) are provided. The cabinet annunciation system is activated according to the specification. | ||
The cabinet annunciation system is activated according to the specification. | |||
: 9. Fault propagation barriers are effective provided that no plant-specific fault suppression measures are engineered (for example status correction). | : 9. Fault propagation barriers are effective provided that no plant-specific fault suppression measures are engineered (for example status correction). | ||
Signal status is changed by the runtime environment as specified, i.e., if required, status is changed to ERROR but never from ERROR or TEST to OK. Page 4 of 6 Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result-(continued): | Signal status is changed by the runtime environment as specified, i.e., if required, status is changed to ERROR but never from ERROR or TEST to OK. Page 4 of 6 | ||
: 10. The runtime environment behaves in the operating modes start-up., operation, parameterisation, functional test and diagnosis as specified. | |||
It changes between operating modes according to the specificAtion., Permissive signals for operating modes are designed individually according to project requirements and are not dealt with in the integration test.11. The runtime environment can be controlled by means of service commands.Disabling and enabling of service commands are effective as required for the respective operating mode.12. The user software can be loaded from a centralised unit using the network connections. | Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result-(continued): | ||
This function can be deactivated by a hardware switch on the processing modules.13. The system is consisting of several individual computers SVEI and SVE2.When one or more computers'are integrated or eliminated, the:system still behaves as specified. | : 10. The runtime environment behaves in the operating modes start-up., | ||
SVE1:and.SVE2 can be used together at one backplane. | operation, parameterisation, functional test and diagnosis as specified. It changes between operating modes according to the specificAtion., | ||
: 14. Fail-safe behaviour: | Permissive signals for operating modes are designed individually according to project requirements and are not dealt with in the integration test. | ||
Signals marked as faulty (ERROR and/or TEST status)are issued as 0 signals via outpUt modules. Exceptions cause output of 0 signals via output modules and cause shut down or restart. of the,.computers affected.Page 5 of 6 iSTec ThVNOiW Certificate | : 11. The runtime environment can be controlled by means of service commands. | ||
'for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result (continued): | Disabling and enabling of service commands are effective as required for the respective operating mode. | ||
: 15. Thesystem behaviour with respect to I&C functionality is entirely defined by the application software. | : 12. The user software can be loaded from a centralised unit using the network connections. This function can be deactivated by a hardware switch on the processing modules. | ||
The minimum response:times of the system are determined by the cycletimes of the processing modules involved if the processing time of the function diagram / function diagram group modules plus the processing time required for execution for: | : 13. The system is consisting of several individual computers SVEI and SVE2. | ||
Program Structure of the Runtime Environment, V2.30, dated 25.02.2002 (List of documents, module names and versions as well as CRC sums: see appendices 1 to 4)Manufacturer: | When one or more computers'are integrated or eliminated, the:system still behaves as specified. SVE1:and.SVE2 can be used together at one backplane. | ||
FRAMATOME ANP Kind of Test: Type test analogous to KTA 3503 and in compliance with IEC 880 inclu-ding evaluation of the test runs performed in a test environment. | : 14. Fail-safe behaviour: Signals marked as faulty (ERROR and/or TEST status) are issued as 0 signals via outpUt modules. Exceptions cause output of 0 signals via output modules and cause shut down or restart. of the,.computers affected. | ||
Test Report: ,2" supplement to the technical test report on the type test of the program structure of the Runtime Environment of TELEPERM XS", V 2.00, ISTec GmbH, Garching, September 2002 Requirments: | Page 5 of 6 | ||
See test report Orderer: Bayerisches Staatsministerium fOr Landesentwicklung und Umweltfragen Main Contractor: | |||
Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Project Management: | iSTec ThVNOiW Certificate | ||
Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Test Laboratory: | 'for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result (continued): | ||
Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Test Period: July to September 2002 Test Result: The test has been pased according to the 2"d supplement of the test report above.Date: 10. September 2002 Assessor:............... | : 15. Thesystem behaviour with respect to I&C functionality is entirely defined by the application software. The minimum response:times of the system are determined by the cycletimes of the processing modules involved if the processing time of the function diagram / function diagram group modules service commands do not plus the processing time required for execution for: | ||
i .. .......... | exceed the specified cycle time. | ||
...... .......................... | Page 6 of 6 | ||
E. Hoffmann M. Baleanu Project Leader: ......-. ' | |||
LSTec 1srec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate- | srec ID.No. 44.04 LSTec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate No.: TXS-AU-0902-06 SW Component: Program Structure of the Runtime Environment, V2.30, dated 25.02.2002 (List of documents, module names and versions as well as CRC sums: see appendices 1 to 4) | ||
Ablaufumgebung S ILT-Lastenheft: | Manufacturer: FRAMATOME ANP Kind of Test: Type test analogous to KTA 3503 and in compliance with IEC 880 inclu-ding evaluation of the test runs performed in a test environment. | ||
Ablaufumgebung in der Voter-Ebene | Test Report: ,2" supplement to the technical test report on the type test of the program structure of the Runtime Environment of TELEPERM XS", V 2.00, ISTec GmbH, Garching, September 2002 Requirments: See test report Orderer: Bayerisches Staatsministerium fOr Landesentwicklung und Umweltfragen Main Contractor: Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Project Management: Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Test Laboratory: Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Test Period: July to September 2002 Test Result: The test has been pased according to the 2"d supplement of the test report above. | ||
Ablaufumgebung im Meldeinterface SILT-Lastenheft: | Date: 10. September 2002 Assessor: | ||
Ablaufumgebung in den Erfassungsrechnern TXS-Pflichtenheft: | ............... i . .. ......... . ..... .......................... | ||
Programmstruktur der Ablaufumgebung TXS-Designunterlage: | E. Hoffmann M. Baleanu Project Leader: ......-. ' './. "... | ||
Programmstruktur der Ablaufumge-bung TXS-Implementierungsuntedrage: | M. Kersken (ISTec) | ||
Programmstruktur der Ab-laufumgebung TXS-Testspezifikation: | |||
Programmstruktur der Ablaufumge-bung TXS-Testbericht: | LSTec 1srec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate- TXS-AU-0902-06 No.: | ||
Programmstruktur der Ablaufumgebung TXS-Testspezifikation: | Appendix 1: Development documents SILT-Lastenheft: Ablaufumgebung V 1.04 27.06.2001 S ILT-Lastenheft: Ablaufumgebung in der Voter-Ebene V 1.03 27.06.2001 SILT-Lastenheft: Ablaufumgebung im Meldeinterface V 1.01 15.12.1995 SILT-Lastenheft: Ablaufumgebung in den Erfassungsrechnern V.1.01 27.06.2001 TXS-Pflichtenheft: Programmstruktur der Ablaufumgebung V 2.30 31.10.2001 TXS-Designunterlage: Programmstruktur der Ablaufumge- V 2.30 25.02.2002 bung TXS-Implementierungsuntedrage: Programmstruktur der Ab- V 2.30 03.04.2002 laufumgebung TXS-Testspezifikation: Programmstruktur der Ablaufumge- V 2.30 05.04.2002 bung TXS-Testbericht: Programmstruktur der Ablaufumgebung V 2.30 12.04.2002 TXS-Testspezifikation: Zielsystemtest Ablaufumgebung V 2.30 10.07.2002 TXS-Testbericht: Zielsystemtest Ablaufumgebung V 2.30 29.08.2002 Appendix 2: List of the C source files of the Runtime Environment with status (version no. and latest date in the file header) | ||
Zielsystemtest Ablaufumgebung TXS-Testbericht: | C-Dateien Version Datum cyc.c 2.30 07.01.2002 drvifc.c 2.30 19.12.2001 errormsg.c 2.30 14.02.2002 fdgifc.c 2.30 11.01.2002 init.c 2.30 14.12.2001 | ||
Zielsystemtest Ablaufumgebung | |||
srec srec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate-No.: TXS-AU-0902-06 C-file Version Date auparams.c 01.05 25.02.2002 input.c 2.30 12.02.2002 mode.c 2.30 25.02.2002 monit.c 2.30 25.02.2002 output.c 2.30 07.01.2002 sync.c 2.30 17.01.2002 system.c 2.30 25.02.2002 trace.c 2.30 15.02.2002 Appendix 3: List of the Include. and Assembler files of the Runtime Environment with status (version no. and latest date in the file header) | |||
h | Include file Version Date au.h 2.30 25.02.2002 augen.h 2.30 11.12.2001 auparams. h 1.07 11.12.2001 au-types.h 2.30 -11.12.2001 crcccitt. h 00.02 26.06.2001 cyc.h 2.30 17.12.2001 drvifc. h 2.30 19.12.2001 errormsg.h 2.30 18.12.2001 fdgifc.h 2.30 11.01.2002 init.h 2.30 13.12.2001 input.h 2.30 21.12.2001 mode.h 2.30 14.01.2002 monit.h 2.30 15.01.2002 | ||
srTec LSTec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate-No.: TXS-AU-0902-06 Include file Version Date mode.h 2.30 14.01.2002 monit.h 2.30 15.01.2002 output.h 2.30 26.06.2001 sync.h 2.30 11.12.2001 system. h 2.30 07.02.2002 trace.h 2.30 15.01.2002 Assembler file Version Date crcccitt.asm 0301 01.02.1995 Appendix 4: CRC sums and size in bytes File Version Date Size 16bit CRC- 32bit CRC-(bytes) sum sum au.h 02.30 25.02.2002 81601 C5A1 BB2C3AFD augen.h 02.30 11.12.2001 27672 5075 2CDE9130 autypes.h 02.30 11.12.2001 8147 C266 5C277C7E auparams.h 01.07 11.12.2001 9796 939B F39E175F errormsg.h 02.30 18.12.2001 8822 5376 5EA8F40A init.h 02.30 13.12.2001 3424 07C7 24C511B02 aupstruc.plk 02.30 25.02.2002 144277 6D25 CBAE7FA9 product.sql 02.30 25.02.2002 4715 9DB4 21F43AD7 | |||
: | VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE Engineering Directives Manual EDM 130 VENDOR/DUKE MANUAL CERTIFICATION FORM (To be placed inside front cover of manual) | ||
Page 1 of 1 | |||
: 1. Station: Oconee Nuclear Station Unit: 1 QA Condition: | |||
2. | |||
==Title:== | |||
Oconee Nuclear Station Unit 1 RPS/ESFAS Replacement Project Equipment Qualification Report | |||
: 3. Duke File Number: OM 201.N--0021.001 Revision No: 3 Distribution Code: OEM-19N | |||
: 4. Document Type (Check One): MV Vendor Manual Li Duke Manual Manual Type (Check One):-. Instruction Book (I/B) WJ Non-Instruction Book (Non-I/B) | |||
AREVA NP, Inc. For Vendor | |||
: 5. Vendor: | |||
Manuals Only Vendor Document No: 66-5065212-03 | |||
: 6. Document Transmittal No. 'Date: For DCRM Use Only El Record E Spare El Distribution Manual File Copy (Check One): | |||
File Copy Proofed By: Date: | |||
: 7. Sponsor Team/Sponsor Engineer: AREVA NP/Gary Wood (or Engineering Service Provider Name PO Number when document revision is prepared by an Engineering Service Provider) | |||
Prepared By: Date: | |||
Checked By: Date: | |||
Approved By: Date: | |||
Approved By Owner: 1. " Date: t1/.2 //2¢9o | |||
("N/A", except when document revision is prepared, checked, and approved above by an En'gineering Service Provider) | |||
: 8. Inspections: Status Codes = (A) Approved, (C) Approved Except as Noted, or (N) Not Approved Catawba Engineering McGuire Engineering Oconee Engineejing NGO Engineering/Other Inspected By Inspected By Inspected By Inspected By Group Status (Itiltip ate) Group Status (hliii Date) Group Status (Initial/Date) Group Status (Initial/Date) | |||
Elec: BI//r lee: * ,f* "Elec: \A/ Elec: | |||
Mech: Mcch: Mech: _,/ Mech: | |||
Civil: Civil Civil: V/ Civil: | |||
Otherr ner: Other: V,( Other: | |||
: 9. Revision | |||
== Description:== | == Description:== | ||
Vendor Issue of Rev. 3 in support of OD100066 and OD100067. | |||
10. | |||
VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE | |||
VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE EDM 130 Engineering Directives Manual VENDOR/DUKE MANUAL CERTIFICATION FORM (To be placed inside front cover of manual) | |||
I 2. Title: Teleperm XS Supplemental Equipment Qualification Summary Test Report 3. Duke File Number: OM 201.N--0021.017 Revision No: 3 Distribution Code: OEM-19N 4. Document Type (Check One): [ Vendor Manual Li Duke Manual.Manual Type (Check One): Li Instruction Book (I/B) [] Non-Instruction Book (Non-I/B)5. Vendor: AREVA, NP, Inc. For Vendor j- Manuals Only Vendor Document No: 66-50158/)3-03 | Page 1 of 1 | ||
: 6. Document Transmittal No. Date: For DCRM Use Only Manual File Copy (Check One): E Record I] Spare [ | : 1. Station: Oconee Nuclear Station Unit: 1,2, & 3 QA Condition: I 2. | ||
AREVA NP Inc. PO 93336 / Gary D. Grizard (or Engineering Service Provider Name PO Number when document revision is prepared by an Engineering Service Provider)Prepared By: N 1/A Date: Checked By: 'V 14 Date: Approved By: A Date: Approved By Owner: Date: ("N/A", except when document revision is prepared, checked, and approved above by an Engineering Service Provider)8. Inspections: | |||
Status Codes = (A) Approved, (C) Approved Except as Noted, or (N) Not Approved Catawba Engineering McGuire Enoineering Oconee Engineering NOO Engineering/Other s ected By Inspected By Inspected By Inspected By Group Status (Initial/Date) | ==Title:== | ||
Group Status (Initial/Date) | Teleperm XS Supplemental Equipment Qualification Summary Test Report | ||
Group Status (Initial/Date) | : 3. Duke File Number: OM 201.N--0021.017 Revision No: 3 Distribution Code: OEM-19N | ||
Group Status (Initial/Date)-_ Elec: Elec: Mech: __ Mech: Mech: Meeh: Civil: Civil: Civil: Civil: Other: Other: Other:_Other: | : 4. Document Type (Check One): [ Vendor Manual Li Duke Manual. | ||
Manual Type (Check One): Li Instruction Book (I/B) [] Non-Instruction Book (Non-I/B) | |||
: 5. Vendor: AREVA, NP, Inc. For Vendor j- Manuals Only Vendor Document No: 66-50158/)3-03 | |||
: 6. Document Transmittal No. Date: For DCRM Use Only Manual File Copy (Check One): E Record I] Spare [EDistribution File Copy Proofed By: Date: | |||
: 7. Sponsor Team/Sponsor Engineer: AREVA NP Inc. PO 93336 / Gary D. Grizard (or Engineering Service Provider Name PO Number when document revision is prepared by an Engineering Service Provider) | |||
Prepared By: N 1/A Date: | |||
Checked By: 'V 14 Date: | |||
Approved By: A Date: | |||
Approved By Owner: Date: | |||
("N/A", except when document revision is prepared, checked, and approved above by an Engineering Service Provider) | |||
: 8. Inspections: Status Codes = (A) Approved, (C) Approved Except as Noted, or (N) Not Approved Catawba Engineering McGuire Enoineering Oconee Engineering NOO Engineering/Other s ected By Inspected By Inspected By Inspected By Group Status (Initial/Date) Group Status (Initial/Date) Group Status (Initial/Date) Group Status (Initial/Date) ccJ.*: | |||
-_ Etc*L Elec: Elec: | |||
Mech: __ Mech: Mech: Meeh: | |||
Civil: Civil: Civil: Civil: | |||
Other: Other: Other:_Other: | |||
: 9. Revision | : 9. Revision | ||
== Description:== | == Description:== | ||
Vendor Revision Issue per per OD 100066 and OD100067. Revisions 0, 1 and 2 were not issued to ONS DCRM. | |||
Vendor Revision Issue per per OD 100066 and OD100067. | : 10. Material Removed from Manual Material Inserted (Be Specific) | ||
Revisions 0, 1 and 2 were not issued to ONS DCRM.10. Material Removed from Manual Material Inserted (Be Specific)(Include page numbers, locations, other identifying information) (Include page numbers, locations, other identifying information) | (Include page numbers, locations, other identifying information) (Include page numbers, locations, other identifying information) | ||
__a Complete issue of manual (including AREVA NP supplied certification page)VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE}} | __a Complete issue of manual (including AREVA NP supplied certification page) | ||
VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE}} | |||
Latest revision as of 12:30, 12 March 2020
| ML091380436 | |
| Person / Time | |
|---|---|
| Site: | Oconee, Indian Point  |
| Issue date: | 04/15/2009 |
| From: | AREVA NP |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| TSC 2007-09, Suppl 16 | |
| Download: ML091380436 (59) | |
Text
TELeEPERM XS Permissionsand OperatingModes 3/4-1 ii g 7XS Runtime Environment- April 15, 2009
R u n tim e Ei,viron m e n t (R T,-'-7.)
Operating-fo,.,ý;'.Iodes %oEi--id e rating de Tr- 3ý TXS Runtime Environment- April 15, 2009
Runtime Environment (RTE)
Privilege and Permissions for Mode Transitions TXS Runtime Environment- April 15, 2009 3
Permissionsfor OperatingModes The position of a key switch is connected via a hard wire to a 2
binary input board channel, e.g. of a TELEPERM XS 8430 board The binary input signal of the I/0 board is cyclically read by the input boarddriver of the I/0 board.
TXS Runtime Environment- April 15, 2009 4
Graphic Service Monitor GSM Overview of currentI&C state
.4";GSM t-P Foreach CPU: B -N' Current operatingmode IM Granted permissions 5
TXS 7XS Runtime April 15, Environment- April Runtime Environment- 2009 15, 2009 5
TXS Service Unit -Interaction with TXS CPUs Release of RTE operation modes TXS Runtime Environment- Anril 15. 20096
...... .. ....... . . ri... . ., 2. . .
TXS Service Unit - Interaction With TXS CPUs Two diverse means of access control
/I-7 TXS Runtime 7XS April 15, Environment- April Runtime Environment- 2009 15, 2009 7
TXS Application Software Function Diagram (FD) Modules Function Diagram Group (FDG) Modules
> Function Diagram (FD) module:
" Code resulting from automatic code generation of function diagrams (FDs) being engineered on SPACE engineering tool
" Implements the code for the engineered applicationspecific W&C functions
" Code consists of calls to StandardFunction Block libraryfunctions being connected for the specific I&C function
> Function Diagram Group (FDG) module:
in Code resulting from automatic code generation
- I Call and data interface to all FD modules running on one CPU with one and the same cycle time IMMax. 2 FDG modules per CPU 8
TXS Runtime Environment-April 7XS Runtime 15, 2009 Environment- April 15, 2009 8
.SignalPropagationon a ProcessingModule Call Graph of fdg-compute Function 7XS Runtime Environment- April 15, 2009 9
Run-time of Application Software Linear Structure of FDG Modules Function Diagram Group Module FD Module I Copy signals Copy Function Diagram Module I FD Module 2 Copy signals output siqnals -to destination Function IFD Module 3 Copy signals Diagram input signals.
IFDModulen Copy signals I FDModulen+I Copy signals FD Module n+I I Copy signals 10 7XS Runtime 7)(S April 15, Environment- April Runtime Environment- 2009 15, 2009 10
Run-time of Application Software Extract from Function Diagram (FD) Module TXS Runtime Environment- April 15, 2009 11
Run-time of Application Software Computing Time of FDG Module Parts FDG FDG FDG FD 1 1 FD FD FD FD FD FD FD FD FD FD ED FD U Tcom Tcom FDG modules and FDG module parts:alwayscontain complete FD modules.
FD modules are never split into multiple functions.
The distributionof FD modules to FDG parts is based on the FB module computing times.
7XS Runtime Environment- April 15, 2009 12
Run-time of Application Software Computing Time of Function Block Modules F FB ID 456 FB Name Init
+ Param
+ Comp Param
+ Comp Comap COMP 457 458 459 460 461 501 502 507 520 1 1 1 1 F
~c ~he
_j 13 Runtime Environment-TXS Rwitirne TXS April 15, Environment- April 2009 15, 2009 13
FB RTE-INPUT Pictogram RTE-INPUT - Binary signal transfer V
Use:
Transferring the 7 binary signals BI1 to B17 whose meaning is predefined in the parameterization mask to the runtime environment, .
14 7XS Runtime Apr11 15, Environment- April 7XS Runtime Environment- 2009 15, 2009 14
FB RTEoINPUT Design of PictogramLayout Eil Edit View Pocument Tools WLindow e ____________ _________________
--- 36- ~ ~ %
7 Pictogramme:
f 15 7XS Runtime Runtime Environment- April 15, Environment- April 2009 15, 2009 15
FB RTE-1-1"PuT Definition of Pictogramin Database jcumant Tut5 vools H~q x K 21 j 36jlO7> f T
- Z 2 _Z* *i* ,: 2 __ C 9i :V 7XS Runtime Environment- April 15, 2009 16
FB RTE-INPUT 1/0 Ports 1 Variable 1.1 Ein -iAusgangssigna le:
IJ 7XS Runtime Environment- April 15, 2009 17
FB RTEaINPUT Data Transfer Between FB and RTE SL1ocument - oois wintrw aeip 12636 F-T F110071 - ~ E 1.5 interne Variable: F I Name I rDatentyp IBed eutung
-7j1 18 TXS Runtime Environment-7XS Runtime Environment- April 15, 2009 April 15, 2009 18
FB RTE..INPUT
-Qfuctogram
-ýEd Viee Dicument Took Wtnd&o&Hel
[2 36 F~1O% Li _
Anlage 4 zu FANP NGLTS 2002 091 TXS-En1wicklungsdokLumem, Version 2,02: AU-INPUT 7XS209 Rntim Envronmnt- Aril 5, 1 7XS Runtime Environment- April 15, 2009 19
FB RTE-INPUT Function Block Interface Structure (HeaderFile) 7XS Runtime Environment- April 15, 2009 20
FB RTEeiNPUT Function Block ForwardDeclaration(HeaderFile) 21 TXS Runtime 7XS Environment- April Runtime Environment- April 15, 2009 15, 2009 21
FB RTE5INPUT Function Block Source Code (fbS01.c) (1) 7X utm niomnt pi 5 092 7XS Runtime Environment- April 15, 2009 22
FB RTE-INPUT Function Block Source Code (2) 7XS Runtime Environment- April 15, 2009 23
FB RTEoINPUT Function Block Source Code (3)
TXS Runtime Environment- April 15, 2009 24
F-mf RTEoINPUT Function Block Source Code (4)
TXS Runtime Environment- April 15, 2009 25 1)
ýFB RTE-OUTPUT T n=.o ,* : R * ,: L i' RTE-OUTPUT Output of status and fault information Symbol:
Menu: Function diagram:
~2 Use:
Output of status and fault information from the. runtime environment to a function diagram in the form of binary signals 26.
7XS Runtime TXS April 15, Environment- April Runtime Environment- 2009 15, 2009 2&.
FS RTE-OUTPUT K/i 15 wricov4 ýei x Input / output signals:
L~JI Signal Direction Type Port Meaning Defaults II I ID I - value Fault status ITest status IJ TXS Runtime Environment- April 15, 2009 27
FB RTEINPUT I
Function:
FB RTE-OUTPUT-1 receives fault and status information from the runtime environment thus enabling further processing on function diagrams.
The input signals of the function block are assigned to the pieces of information of the runtime environment in the course of linking the entire software for the processing module to the modules of the runtime environment.
Ifthe runtime environment does not return OK, the function block stops executing.
The information is output as sixteen individual binary output signals (501 to BO16) whereby the respective output signal has the value 1 (= TRUE) if the assigned piece of information is output by the runtime environment, otherwise 0 (= FALSE)
TXS Runtime Environment- April 15, 2009 28
Data Interface FB- <-4 RTE Data Structures (au.h) (1) 7XS Runtime Environment- April 15, 2009 29
Data Interface FB <- RTE Data Structures (2) 7XS Runtime Environment- April 15, 2009 30
Data Interface FB e-4 RTE Module locale (static) variables 31 Runtime Environment-7XS Runtime April 15, Environment-April 2009 15, 2009 31
Data Interface FB <-4.RTE RTE functions (fdgifc.c) (1) 7XS Runtime Environment- April 15, 2009 32
Data Interface RTE functions FB f-4 RT
-I TXS Runtime Environment- April 15,2009 33
Data Interface FB <-4 RTE RTE functions (fdgifc.c) (3) 7XS Runtime Environment- April 15, 2009 34
u-ti RTE Datainteoface FB Invocation of RTE functions (4)
TXS Runtime Environment- April 15, 2009 35
Signal Propagation on a Processing Module Call Graph of FDGEOutputFunction
(
TXS Runtime Environment- April 15, 2009 36
Signal Propagationon a Processing Module Call Graph: Output Signals to I/O Board 7X utm niomnt pi 5 093 7XS Runtime Environment- April 15, 2009 37
Su"/ RTE Command Interface (Extract) fl'WRITE FDG (E) 7"XS Runtime Environment- April 15, 2009 38
SQ RTE Command Interface WRITEFDG (2)
/J 39 7)(S Runtime TXS Environment- April Runtime Environment- 2009 15, 2009 AprU 15, 39
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (1)
TXS Runtime Environment- April 15, 2009 40
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (3) 7X utm niomnt pi 5 094 TXS Runtime Environment- April 15, 2009 41
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (4) 7XS Runtime Environment- April 15, 2009 42
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (5) 7XS Runtime Environment- April 15, 2009 43-
CycRic RTE Mode Evaluation RTE MODE Evaluation Function (6) 6f 44 TXS Environment- April Runtime Environment-TXS Runtime 15, 2009 April 15, 2009 44
Cyclic RTE Mode Evaluation RTE MODE Evaluation Function (7) 7X utm niomn-pi 5 094 7XS Runtime Environment- April 15, 2009 45
Results from the Generic Qualification RTE Qualification Certificate No.: TXS-AU-0902-06 SW Component: Program Structure of the Runtime Environment, V2.30, 2002-02-25 Kind of Test: Type test analogousto KTA 3503 and in compliance with IEC 880 including evaluation of the test runs performed in a test environment Test Report: "2ndsupplement to the technical test report on the type test of the program structure of the Runtime Environment of TELEPERM XS",
V 2.00, ISTec GmbH, Garching,September 2002 Test result: The test has passed according to the 2nd supplement of the test report above.
7XS Runtime Environment- April 15, 2009 46
Results from the Generic Qualification System Integration Test Certificate No.: TXS-AUST-1006-03 Subiect of test: TELEPERM XS integrationtest (AUST-Il)
SW Component: Program Structure of the Runtime Environment, V2.30, 2002-02-25 Kind of assessment.Assessment of the documents and the execution of the integrationtest in a manner consistent with KTA 3506 and in compliance with IEC 60880 Technical report: ", V 1.00, IS Tec GmbH, Garching and TUV NORD SysTec GmbH & Co. KG, Hamburg, October 2006 47 7XS Environment- April Runt/me Environment-7XS Runtime 15, 2009 April 15, 2009 47
L£s2rec Certificate for the Digital Safety Instrumentation andl Control System TELEPERM XS Certificate number: TXS-AUST-1006-03 Subject of test: TELEPERM XS integration test (AUST-Il)
(For list of documents see appendix 1)
Test execution: AREVA NP GmbH Kind of assessment: Assessment of the documents and the execution of the integration test in a manner consistent with KTA 3506 and in compliance with lEO 60880 Technical report: "Ergtnzender Technischer Pr0fbericht zum Integrationstest der Hard-und Software:fur TELEPERMXS", V 1.00, ISTec GmbrIH,,Garching, and TOV NORD SysTec GmbH &.Co. KG, Ham'burg, Oktober 2006 Requirements: see technical report Orderer: AREVA NP GmbH Main contractor: Institut fOr SiCherheitstechnologie (ISTec) GmbH, Garching Project management: Institut fur Sicherheitstechnologie (ISTec) GmbH, Garching Assessment Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching organizations: TOV NORD SysTec GmbH & Co. KG, .Hamrburg Assessment period: April 2003 to September 2006 Assessment result: see appendix 3 Date: 31. October 2006 Assessors: see appendix 2.
Project management: ..
A. Lindner (ISTec)
Page 1 of 6
Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 1: Documents:
TXS-Testspezifikation, Version 1.00: V1.00 20.08.2004 Integrationstest FANP NGLTS/02/157 TXS-TeStbericht, Version 1.00: Integrationstest V1.00 06.04.2006 NGLTS/2003/de10008, Rev. B Appendix 2: Assessors:
ISTec TOV NORD SysTec M. Baleanu U..Anders E. Hoffmann Dr. D. Haake Dr. A. Lindner G. Krage J. Mdrtz E.-U. Mainka H. Miedl Page 2 of 6
SrvNo, Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03, Appendix 3: Assessment result:
The assessment was passed as stated in the technical report. The following system. characteristics are confirmed for: systems that follow the design criteria which were the basis of the system configuration referenced in the test report:
- 1. The type-tested hardware and software components can be assembled to an operable system if the engineerihngsystem SPACE is used.
- 2. Processing and communication cycle times are not influenced by external process states (measured signals, amount:0ofalarms and monitored information).
- 3. Mutuallyindependent I&C functions are processed as specified according to their chronological order and their input- signals.
- 4. Mutuallyindependent processing units (in accordance with report KWU NLL5f199611.10c) do not affect each other regarding their operating modes and their time behaviour. Processing:units Which exchange signals but are otherwise mutually independent have only effect on each others time response within-the limits of the engineered communication functions.
- 5. Interference on cables with violation of the measuring range and input module failures are detected, marked as signal failures and indicated-.
Signals detected as faulty are processed and indicated by the system components (runtime environment, iO drivers, function blocks) as defined in the specification.
Page 3 of 6
Certificate for the Digital. Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result (continued):
- 6. Transmission failures onTXS Ethernet (Hi) and TXS Profibus (L2) busses are detected, processed and indicated in accordance with the specification.
Single message failures are tolerated by the system. Furthermore, on TXS Ethernet (H1) busses double message failures are tolerated. Interference caused by a receiving unit on the sending one is impossible.
- 7. Sending and receiving processing units execute their functions asynchro-nously-if no"expedited messages" are sent via serial bus links, with the exception of voter sub-units monitoring each otheer. Lost, messages are treated like transmission errors. Thus failuresoUf individual sending process-ing units are.always tolerated if signa i.information. is distributed via redundant trains and special fault propagation ibarrier function blocks are used on the receiving processing modules.
- 8. Single failures0ofactive and passive hardware modules are detected and indicated corresponding to the implemented monitoring rmechanisms (self-monitoring, monitoring of the communication, cabinet annunciation system).
Multiple failures are detected and indicated if sufficient resources (for example communicating processing units and communication'processors) are provided. The cabinet annunciation system is activated according to the specification.
- 9. Fault propagation barriers are effective provided that no plant-specific fault suppression measures are engineered (for example status correction).
Signal status is changed by the runtime environment as specified, i.e., if required, status is changed to ERROR but never from ERROR or TEST to OK. Page 4 of 6
Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result-(continued):
- 10. The runtime environment behaves in the operating modes start-up.,
operation, parameterisation, functional test and diagnosis as specified. It changes between operating modes according to the specificAtion.,
Permissive signals for operating modes are designed individually according to project requirements and are not dealt with in the integration test.
- 11. The runtime environment can be controlled by means of service commands.
Disabling and enabling of service commands are effective as required for the respective operating mode.
- 12. The user software can be loaded from a centralised unit using the network connections. This function can be deactivated by a hardware switch on the processing modules.
- 13. The system is consisting of several individual computers SVEI and SVE2.
When one or more computers'are integrated or eliminated, the:system still behaves as specified. SVE1:and.SVE2 can be used together at one backplane.
- 14. Fail-safe behaviour: Signals marked as faulty (ERROR and/or TEST status) are issued as 0 signals via outpUt modules. Exceptions cause output of 0 signals via output modules and cause shut down or restart. of the,.computers affected.
Page 5 of 6
iSTec ThVNOiW Certificate
'for the Digital Safety Instrumentation and Control System TELEPERM XS Certificate no.: TXS-AUST-1006-03 Appendix 3: Assessment result (continued):
- 15. Thesystem behaviour with respect to I&C functionality is entirely defined by the application software. The minimum response:times of the system are determined by the cycletimes of the processing modules involved if the processing time of the function diagram / function diagram group modules service commands do not plus the processing time required for execution for:
exceed the specified cycle time.
Page 6 of 6
srec ID.No. 44.04 LSTec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate No.: TXS-AU-0902-06 SW Component: Program Structure of the Runtime Environment, V2.30, dated 25.02.2002 (List of documents, module names and versions as well as CRC sums: see appendices 1 to 4)
Manufacturer: FRAMATOME ANP Kind of Test: Type test analogous to KTA 3503 and in compliance with IEC 880 inclu-ding evaluation of the test runs performed in a test environment.
Test Report: ,2" supplement to the technical test report on the type test of the program structure of the Runtime Environment of TELEPERM XS", V 2.00, ISTec GmbH, Garching, September 2002 Requirments: See test report Orderer: Bayerisches Staatsministerium fOr Landesentwicklung und Umweltfragen Main Contractor: Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Project Management: Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Test Laboratory: Institut fOr Sicherheitstechnologie (ISTec) GmbH, Garching Test Period: July to September 2002 Test Result: The test has been pased according to the 2"d supplement of the test report above.
Date: 10. September 2002 Assessor:
............... i . .. ......... . ..... ..........................
E. Hoffmann M. Baleanu Project Leader: ......-. ' './. "...
M. Kersken (ISTec)
LSTec 1srec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate- TXS-AU-0902-06 No.:
Appendix 1: Development documents SILT-Lastenheft: Ablaufumgebung V 1.04 27.06.2001 S ILT-Lastenheft: Ablaufumgebung in der Voter-Ebene V 1.03 27.06.2001 SILT-Lastenheft: Ablaufumgebung im Meldeinterface V 1.01 15.12.1995 SILT-Lastenheft: Ablaufumgebung in den Erfassungsrechnern V.1.01 27.06.2001 TXS-Pflichtenheft: Programmstruktur der Ablaufumgebung V 2.30 31.10.2001 TXS-Designunterlage: Programmstruktur der Ablaufumge- V 2.30 25.02.2002 bung TXS-Implementierungsuntedrage: Programmstruktur der Ab- V 2.30 03.04.2002 laufumgebung TXS-Testspezifikation: Programmstruktur der Ablaufumge- V 2.30 05.04.2002 bung TXS-Testbericht: Programmstruktur der Ablaufumgebung V 2.30 12.04.2002 TXS-Testspezifikation: Zielsystemtest Ablaufumgebung V 2.30 10.07.2002 TXS-Testbericht: Zielsystemtest Ablaufumgebung V 2.30 29.08.2002 Appendix 2: List of the C source files of the Runtime Environment with status (version no. and latest date in the file header)
C-Dateien Version Datum cyc.c 2.30 07.01.2002 drvifc.c 2.30 19.12.2001 errormsg.c 2.30 14.02.2002 fdgifc.c 2.30 11.01.2002 init.c 2.30 14.12.2001
srec srec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate-No.: TXS-AU-0902-06 C-file Version Date auparams.c 01.05 25.02.2002 input.c 2.30 12.02.2002 mode.c 2.30 25.02.2002 monit.c 2.30 25.02.2002 output.c 2.30 07.01.2002 sync.c 2.30 17.01.2002 system.c 2.30 25.02.2002 trace.c 2.30 15.02.2002 Appendix 3: List of the Include. and Assembler files of the Runtime Environment with status (version no. and latest date in the file header)
Include file Version Date au.h 2.30 25.02.2002 augen.h 2.30 11.12.2001 auparams. h 1.07 11.12.2001 au-types.h 2.30 -11.12.2001 crcccitt. h 00.02 26.06.2001 cyc.h 2.30 17.12.2001 drvifc. h 2.30 19.12.2001 errormsg.h 2.30 18.12.2001 fdgifc.h 2.30 11.01.2002 init.h 2.30 13.12.2001 input.h 2.30 21.12.2001 mode.h 2.30 14.01.2002 monit.h 2.30 15.01.2002
srTec LSTec Certificate for the Digital Safety Instrumentation and Control System TELEPERM XS Software Certificate-No.: TXS-AU-0902-06 Include file Version Date mode.h 2.30 14.01.2002 monit.h 2.30 15.01.2002 output.h 2.30 26.06.2001 sync.h 2.30 11.12.2001 system. h 2.30 07.02.2002 trace.h 2.30 15.01.2002 Assembler file Version Date crcccitt.asm 0301 01.02.1995 Appendix 4: CRC sums and size in bytes File Version Date Size 16bit CRC- 32bit CRC-(bytes) sum sum au.h 02.30 25.02.2002 81601 C5A1 BB2C3AFD augen.h 02.30 11.12.2001 27672 5075 2CDE9130 autypes.h 02.30 11.12.2001 8147 C266 5C277C7E auparams.h 01.07 11.12.2001 9796 939B F39E175F errormsg.h 02.30 18.12.2001 8822 5376 5EA8F40A init.h 02.30 13.12.2001 3424 07C7 24C511B02 aupstruc.plk 02.30 25.02.2002 144277 6D25 CBAE7FA9 product.sql 02.30 25.02.2002 4715 9DB4 21F43AD7
VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE Engineering Directives Manual EDM 130 VENDOR/DUKE MANUAL CERTIFICATION FORM (To be placed inside front cover of manual)
Page 1 of 1
- 1. Station: Oconee Nuclear Station Unit: 1 QA Condition:
2.
Title:
Oconee Nuclear Station Unit 1 RPS/ESFAS Replacement Project Equipment Qualification Report
- 3. Duke File Number: OM 201.N--0021.001 Revision No: 3 Distribution Code: OEM-19N
- 4. Document Type (Check One): MV Vendor Manual Li Duke Manual Manual Type (Check One):-. Instruction Book (I/B) WJ Non-Instruction Book (Non-I/B)
AREVA NP, Inc. For Vendor
- 5. Vendor:
Manuals Only Vendor Document No: 66-5065212-03
- 6. Document Transmittal No. 'Date: For DCRM Use Only El Record E Spare El Distribution Manual File Copy (Check One):
File Copy Proofed By: Date:
- 7. Sponsor Team/Sponsor Engineer: AREVA NP/Gary Wood (or Engineering Service Provider Name PO Number when document revision is prepared by an Engineering Service Provider)
Prepared By: Date:
Checked By: Date:
Approved By: Date:
Approved By Owner: 1. " Date: t1/.2 //2¢9o
("N/A", except when document revision is prepared, checked, and approved above by an En'gineering Service Provider)
- 8. Inspections: Status Codes = (A) Approved, (C) Approved Except as Noted, or (N) Not Approved Catawba Engineering McGuire Engineering Oconee Engineejing NGO Engineering/Other Inspected By Inspected By Inspected By Inspected By Group Status (Itiltip ate) Group Status (hliii Date) Group Status (Initial/Date) Group Status (Initial/Date)
Elec: BI//r lee: * ,f* "Elec: \A/ Elec:
Mech: Mcch: Mech: _,/ Mech:
Civil: Civil Civil: V/ Civil:
Otherr ner: Other: V,( Other:
- 9. Revision
Description:
Vendor Issue of Rev. 3 in support of OD100066 and OD100067.
10.
VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE
VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE EDM 130 Engineering Directives Manual VENDOR/DUKE MANUAL CERTIFICATION FORM (To be placed inside front cover of manual)
Page 1 of 1
- 1. Station: Oconee Nuclear Station Unit: 1,2, & 3 QA Condition: I 2.
Title:
Teleperm XS Supplemental Equipment Qualification Summary Test Report
- 3. Duke File Number: OM 201.N--0021.017 Revision No: 3 Distribution Code: OEM-19N
- 4. Document Type (Check One): [ Vendor Manual Li Duke Manual.
Manual Type (Check One): Li Instruction Book (I/B) [] Non-Instruction Book (Non-I/B)
- 5. Vendor: AREVA, NP, Inc. For Vendor j- Manuals Only Vendor Document No: 66-50158/)3-03
- 6. Document Transmittal No. Date: For DCRM Use Only Manual File Copy (Check One): E Record I] Spare [EDistribution File Copy Proofed By: Date:
- 7. Sponsor Team/Sponsor Engineer: AREVA NP Inc. PO 93336 / Gary D. Grizard (or Engineering Service Provider Name PO Number when document revision is prepared by an Engineering Service Provider)
Prepared By: N 1/A Date:
Checked By: 'V 14 Date:
Approved By: A Date:
Approved By Owner: Date:
("N/A", except when document revision is prepared, checked, and approved above by an Engineering Service Provider)
- 8. Inspections: Status Codes = (A) Approved, (C) Approved Except as Noted, or (N) Not Approved Catawba Engineering McGuire Enoineering Oconee Engineering NOO Engineering/Other s ected By Inspected By Inspected By Inspected By Group Status (Initial/Date) Group Status (Initial/Date) Group Status (Initial/Date) Group Status (Initial/Date) ccJ.*:
-_ Etc*L Elec: Elec:
Mech: __ Mech: Mech: Meeh:
Civil: Civil: Civil: Civil:
Other: Other: Other:_Other:
- 9. Revision
Description:
Vendor Revision Issue per per OD 100066 and OD100067. Revisions 0, 1 and 2 were not issued to ONS DCRM.
- 10. Material Removed from Manual Material Inserted (Be Specific)
(Include page numbers, locations, other identifying information) (Include page numbers, locations, other identifying information)
__a Complete issue of manual (including AREVA NP supplied certification page)
VERIFY HARD COPY AGAINST WEB SITE IMMEDIATELY PRIOR TO EACH USE