Hallan W. Veiga, Max H. de Queiroz, Jean-Marie Farines ...
Transcript of Hallan W. Veiga, Max H. de Queiroz, Jean-Marie Farines ...
Hallan W. Veiga, Max H. de Queiroz, Jean-Marie Farines Departamento de Automação e Sistemas,
Universidade Federal de Santa Catarina, Florianópolis, BrazilMarcelo L. de Lima
Research & Development Center (CENPES), Petrobras, Brazil
Torino, 18 September 2017 1
FMICS-AVoCS 20172/18
Automation systems in Offshore Oil Platforms:◦ faults can be catastrophic: Safety,
Health and Environmental consequences.
Safety Instrumented Systems◦ Sensors to detect hazardous situations
◦ Actuators to lead the process to a safe state
◦ Programmable Logic Controller (PLC)
errors in PLC programs of SIS:◦ Dangerous failure (DF)
cause and not effect
observed only in critical situations
◦ Safe failures (SF)
Effect and not cause
Bypasses may cause DF
FMICS-AVoCS 2017 3/18
Techniques to develop a valid PLC program:◦ Design methodology based on standards
IEC 61511
O&GI Standards
◦ Formal methods Exponential growth of state-space
Correct mathematical model
◦ Conformance testing Black-box approach
Non-exhaustive
Automation of Test◦ reduce costs, time and human-errors ◦ enhance test coverage
FMICS-AVoCS 2017 4/18
1. Introduction
2. Validation of SIS in the O&GI
3. A Method for Testing SIS
4. Automation of Test
5. Application
6. Conclusion
FMICS-AVoCS 2017 5/18
Cause and Effect Matrix(CEM)◦ Petrobras Standard I-ET-3000.00-1200-800-PGT-006_0
FMICS-AVoCS 2017 6/18
ESD-101 = HSS-101100 or YST-101200
FD-101 = YST-101200 or [HSS-101100 and (UST-101001 or UST-101002 or UST-101003)]
FC-102 = YST-101200(for 10s) or Vote2oo3(UST-10100, UST-101002, UST-101003)
FactoryAcceptance
Test
TestSpecification
Testing
Piping & Instrumentation Diagram
Cause & EffectMatrix
DescriptiveMemorial
PLC Code
PLC
PLC + Instrumentation
FunctionalSpecification
SafetySpecification
PLC LogicSpecification
Programing
Instalation
Compilation
LogicDiagram
ModelCheckin
g
C.Ex.
ModelCheckin
g
C.Ex.
AutomatedTesting
FMICS-AVoCS 2017 8/18
Generation of OraclesGeneration of Test Cases
Cause & Effect Matrix
Verdict
Test Result EvaluationExecution of Test Cases
I.1
I.0
Test Cases
Time Petri Nets
Q.1
Q.0
I.1I.0
Q.1Q.0
PLC
FMICS-AVoCS 2017 9/18
Exhaustive testing is infeasible
◦ grows exponentially with number of causes
◦ more than 1.000 sensors for SIS in offshore platforms
CEG-BOR (Paradkar, Tai and Vouk; 1997)
◦ Cause and Effect Graph for Boolean Operator
◦ only combinations of causes that effectively sensitize an effect
◦ It avoids redundancies and ambiguities for fault detection.
◦ Number of test cases is linear with the number of CEM entries
◦ Effective only for singular expressions
CEG-BOR-MI
◦ Meaning Impact (MI) for nonsingularities
◦ Vote2oo3(A, B, C) = AB + BC + AC
FMICS-AVoCS 2017 10/18
FMICS-AVoCS 2017 11/18
Limited Entry Decision Table:12 test cases from 32 combinations
FMICS-AVoCS 2017 12/18
PASS OK+
DANGEROUS FAILURE
SAFE FAILURE
CAUSE EFFECT
PASS OK-
t1 t2 t3 t4
NOT CAUSE
[T,T] [T,T] [T,T] [T,T]
FMICS-AVoCS 2017 13/18
PASS OK+
DANGEROUS FAILURE
SAFE FAILURE
CAUSE EFFECT
PASS OK-
t1 t2 t3 t4
NOT CAUSE
[T,T] [T,T] [T,T] [T,T]
FMICS-AVoCS 2017 14/18
Diagnostic Module
Timed Module
Logic Module
PASS OK-
DANGEROUS FAILURE
SAFE FAILURE
CAUSE
EFFECT
PASS OK+
t1 t2 t3 t4
t5 t8t6 t7
START
YST-101200
UST-101001*UST-101002 + UST-101002*UST-101003 + UST-101001*UST-101003
FALSEYST-101200
[TEMP]
WAIT
FC-102
n(FC-102)
t22
t21
t17
t18
t19
t20
t13
t14 t15
t16
TESTING
t11 t12
t9
t10
RESET
not(YST-101200)
not(UST-101001*UST-101002 + UST-101002*UST-101003 + UST-101001*UST-101003)
[10,10]
Control Module
Reading & Voting Module
FMICS-AVoCS 2017 15/18
Cause & Effect Matrix Editor
OPC server
PLC simulator or jig test
PLC Programming
Software
Automatic Tester
PLC code
Verdict
Tester
Process engineerProgrammer
XML
FMICS-AVoCS 2017 16/18
FMICS-AVoCS 2017 17/18
FMICS-AVoCS 2017 18/18
Safety PLC for several subsystems: ◦ electrical, shutdown, fire and gas (F&G), control,
turret and vessel
130 Cause and Effect Matrices (50 x 50)
FMICS-AVoCS 2017 19/18
Method for automating testing of safety PLC◦ CEM organizes a large set of safety specifications
◦ CEG-BOR-MI assures efficient coverage of test cases avoiding the combinatorial complexity
◦ Use of Time Petri Nets facilitates the automation of oracle generation and improves the reliability of verdict
Automated test was successfully applied to a real offshore platform.
The experimental tool is being improved for use in oil and gas industry.
Model-checking the CEM in large PLC code is under research.
FMICS-AVoCS 2017 20/18