completed 09/2022
Manufacturers of machinery are increasingly implementing safety functions on machines by programming them on safety controllers. Their high level of reliability largely depends on programs that are developed and tested to a high standard. This is why, over the past few years, the SOFTEMA software tool was developed in the Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA) to support the application programming of safety controllers. A key function of SOFTEMA is that the logical connectives from safety devices to a machine and the parts of the controller (which shut off the hazard) are specified in a matrix. After programming, the safety functions can also be systematically tested based on this specification matrix. However, during this process, media disruption occurs between the specification and the program code, as the programmers then have to manually transfer these logical connectives from the matrix to the editor for the safety program. This step is prone to errors and time-consuming, and therefore does not motivate programmers to use SOFTEMA. With regard to the usual, repeated modifications of the safety programme, this can also lead to the specification and the test plan no longer being updated for time-saving reasons.
However, an algorithm can be used to create a program block in the common controller languages from this specification matrix of logical connectives and insert this into the program code. Therefore, the IFA will update SOFTEMA with this type of automatic code generator. Code generators like this have already been common in other industries (e.g. rail technology, process technology) for a long time. The generated code is then saved in files with an internationally standardised, manufacturer-independent format and can be imported into the program editors of the controllers. A change to the specification could then be transferred to the safety program without a great deal of effort and without potential human errors.
In a first step, the requirements of the code generator were discussed and agreed on with various user groups and documented. During this process, changes that should be made to SOFTEMA itself were also identified (e.g. in terms of its interfaces with the code generator). After this, the necessary software components were selected. In accordance with the requirements, the software of the code generator was coded and tested in reasonable stages. A test environment was developed at the same time. Due to the high level of reliability required, diversity and redundancy of the generator software were focused on during the development process. In addition to these technical measures, organisational measures to avoid errors were also taken. The prototypes were tested as part of internal and external pilot projects. Suggested improvements and additional helpful functions were implemented for a first release version, where possible. Application documentation for the code generator was also created at the same time.
The developed SOFTEMA code generator enables the generation of program code from the "CE-MATRIX" table in various representations, such as function block diagrams (FBD) or Structured Text (ST code). The SOFTEMA code generator is an independent program and does not access the program code of SOFTEMA in any way. The implementation of the SOFTEMA code generator is completely independent. In order to be able to use the SOFTEMA code generator, it is recommended that the project file is edited with SOFTEMA. This ensures that the formal language is retained.
The code generated from the matrix is saved in an internationally standardised, manufacturer-independent format (PLCopen) and can therefore be imported into various development environments for safety controllers. The direct import functionality increases acceptance of SOFTEMA, since the doubled-up work involved in manually transferring the code from the CE-Matrix is eliminated. As a result of this, errors that could otherwise occur during manual transfer of the code are ruled out. In addition, user documentation for the SOFTEMA code generator was created to make it easier for new users to get started with the program.
Further quality assurance measures will be taken to continually improve the program, and the validation of the method should also be carried out by an external institute. This is of fundamental importance, since, according to IEC 61508-3, the measures that the user must take to validate the application largely depend on the quality of the offline tools used.
-cross sectoral-
Type of hazard:mechanical hazards, electrical hazards, questions beyond hazard-related issues
Catchwords:machine safety, safety technology (engineering)
Description, key words:safety controls, software, programming, code generator