Simulation-based testing of failsafe industrial peripheral modules

Abstract

Nowadays, programmable logic controllers (PLCs) are a common technology used for automating industry processes and plants. Their scope of application ranges from simple emergency stop systems to more advanced systems, such as those used in hydro power plants for monitoring turbine rotation. Some of these PLCs and their corresponding peripheral I/O devices are used in the so-called "critical" environments, where in case of failures such systems may pose harm to humans or cause damage to the equipment. Thus, these so-called safety-critical systems must be developed rigorously with a high degree of quality assurance. If such system detects a failure in hardware or software it automatically goes into safe state, usually by de-energizing the outputs of the peripheral I/O modules. To ensure functional safety, the modules are developed in accordance with the IEC 61508 standard. For the software part, the use of the V-model is highly recommended by the IEC 61508. One of the common issues in terms of verification is a large gap between module/unit tests, which are normally performed in software for each software module separately, and hardware/software integration tests, which are performed when the system is integrated and functional. In order to bridge this gap, intermediate levels of integration are required between these two test phases. Simulation-based hardware-software testing is therefore presented in this thesis. Except for a host machine, this approach does not require any hardware. Instead, simulation-based testing is conducted using simulated hardware and an instruction set simulator. The simulation-based components are integrated into the legacy test environment. The tests are compiled and run redundantly on two different tool-chains, resulting in a test report and a coverage report. The new method is applied in a specific use-case: a traditional hardware-software integration test case is implemented in the simulation. The results show that it is possible to execute traditional integration tests without the hardware prototype and obtain a test coverage overview in addition. Consequently, the new method proves that it can be used as a supplement to traditional integration tests.