UNICOS-CPC PLC Baseline improvement proposals - PowerPoint Presentation

Slide1

UNICOS-CPCPLC Baselineimprovement proposals

Benjamin Bradu BE/ICS/PCS

1

Motivations2 main motivations

Homogenise the code through platforms and objectsCorrect the undesired behavioursIdentified issuesDiscrepancies between Schneider/SiemensDiscrepancies for the same features between objectsNot optimal code time to timeFormal verification issues to be solved, even if considered events are rareConcerned objectsOnly field objects + PCO for the moment2UNICOS PLC BASELINE END 2016

Reminder: baseline structureINPUT MANAGER

Bit extractionRising edge computationINTERLOCK AND ACKNOWLEDGE MANAGERCompute all interlock and ack signalsMODE MANAGERCompute the operation mode of the Object (Au/M/Fo/SoftLD/HLD)LIMIT MANAGERCompute the on/off status of the object based on feedbacksREQUEST MANAGERCompute the auto/manual requestsOUTPUT MANAGERCompute the outputs based on the requests and on the active mode of the objectChange the outputs according to interlocksSURVEILLANCECompute all warnings of the objects (IOError, Pos warning, AlB warning, etc.)OUTPUT REGISTERInvert the output order values according to fail safe positionSTATUS REGISTERPut statuses in Stsreg01/023UNICOS PLC BASELINE END 2016

1. Discrepancies Schneider/SiemensBi-stable behaviours

Schneider: use of RS flip-flopSiemens: use of IF/THEN/ELSESuggestion: IF/THEN/ELSE to have similar codesOnOff: change of 3 RSAnalog/AnaDig/AnaDO/PCO: change of 1 RS4UNICOS PLC BASELINE END 2016

1. Old/New Schneider code5

UNICOS PLC BASELINE END 2016Meeting 21/09/2016: OK but put a fake ELSE at the end.

2. Discrepancies between objects3 different Interlock /

Ack management in Schneider and SiemensAnalog/Anadig OnOff / AnaDOPCOSuggestion for Schneider & Siemens:Create a new (*INTERLOCK AND ACKNOWLEDGE MANAGER*) Compute all interlock related signals at the BEGINNING of the code FullNotAcknowledged, EnRstartSt, AlUnAck, InterlockR, RdyStartStGive priority to FS if an Ack is done at the same time.The interlock consequences are done at the end of the “output manager” section.

6UNICOS PLC BASELINE END 2016

2. Old / New interlock manager

7UNICOS PLC BASELINE END 2016Meeting 21/09/2016: OK to group everything in a single place. Seems OK but need more verificationsNo deployment before LS2

3. Not optimal codeMode management is not optimal regarding the coding recommendations.

Suggestions:Remove all “*_aux” variablesPriority of modes: HLD->Fo->SoftLD->M->AuPut an “ELSIF” structure instead of 5 independent “IF”8UNICOS PLC BASELINE END 2016

3. Old/New mode manager9

UNICOS PLC BASELINE END 2016Meeting 21/09/2016: Cannot work. Need to store mode in aux variables to restore the good mode when back from local mode

4. OnOff bugs found with formal verifications

General behaviour issuesProblem if AuAuMoR is always true  remove the rising edgeProblem if AuAlAck is always true  remove the rising edgeMode managementLocal Drive Request should be computed only in Local mode  Add the LDSt conditionInterlock managementDon't allow restart until interlock disappear and ack done  new interlock managementAfter a FuStop, MOnRSt is in fail-safe position unless MOnR  new interlock managementReset

Auto On Request after Full Stop in OnOff  new interlock managementImpossible to start with interlock  new interlock management

10

UNICOS PLC BASELINE END 2016

Meeting 21/09/2016: Keep rising edge.

AuIhMMo

used if need to maintain auto

AuAlAck

is normally never maintained

Meeting 21/09/2016: OK

Meeting 21/09/2016: see slide 7 for new interlock management

Question 1Anticipate manual restart after full stop ? (UCPC-1257)

Full Stop Occurs  MOnRSt = 0Ack of the full stop is done by operatorOperator do a MOnR. 3 cases:If no allow restart  MOnRSt = 1If allow restart always allowed MOnRSt = 1If allow restart only after FS MOnRSt = 0

Full Stop Disappears and Allow Restart done. 3 cases:If no allow restart  object restarts

If allow restart always

allowed

object restarts

If

allow restart only after

FS

object

does not restart: OK ?

11

UNICOS PLC BASELINE END 2016

Meeting 21/09/2016: OK

Question 2Hardware Local Mode management

There is HLD + (HOnR + HOffR) OR (Haout)The output is moved according to HonR/HOffR (pulse) OR HAOutThe interlocks are still effective There is only HLD (common case in CRYO+CV)The output is reset to 0 (except bug with AO of ANADO, UCPC-2360)The interlocks are still effective

Suggestions: The output follows feedbacks to avoid discordance and glitch when go back to auto mode.12

UNICOS PLC BASELINE END 2016

Meeting 21/09/2016: OK but this case never happen in reality

Meeting 21/09/2016: NOK, don’t follow feedback. But if

AuOnR

is active, we should not have a glitch when go back to auto mode

SummaryTracking of all these bugs/improvements in JIRA for the future baseline version

BUGSANADO: HLD does not reset the AO : UCPC-2360Field+PCO: FS + Ack in the same cycle: UCPC-2215 Field+PCO: After a FuStop MOnRSt is in fail-safe unless MOnR: UCPC-1257ONOFF: Reset Auto On Request after Full Stop: UCPC-1603Field+PCO: Problem if AuAuMoR is always true: UCPC-2361ONOFF: Impossible to start with Interlock: UCPC-2362IMPROVEMENTS: UCPC-2367Field+PCO: Remove RS flip-flop in Schneider baselineField+PCO: New acknowledge managementField+PCO: New mode management Field+PCO

: New Hardware Local Mode management13UNICOS PLC BASELINE END 2016

Baseline validation scheme

14UNICOS PLC BASELINE END 2016Object modificationin 1 platform(Based on a JIRA issue)Execute all formal tests using PLC VerifExecute all unit testsusing the Win CCOA automatic script (test catalog)OK

NOK

Peer review

With experts in the PCS section

OK

Redo the same

with other platform(s)

RELEASE

OK

OK

NOK

NOK

Today, we are here

Meeting 21/09/2016: We need to extend the test catalogue for a better testing confidence