Partial Stroke Test With S7-400FH and PCS 7: Function Description

Partial Stroke Test with S7-400FH and PCS 7
Function Description
Partial Stroke Test with S7-400FH and PCS 7 Function Description V1.10
Warranty, Liability and Support

Note
The application examples are not binding and do not claim to be complete regarding the circuits shown, equipping and any eventuality. The application examples do not represent customer-specific solutions. They are only intended to pro-vide support for typical applications. You are responsible in ensuring that the de-scribed products are correctly used. These application examples do not relieve you of the responsibility in safely and professionally using, installing, operating and servicing equipment. When using these application examples, you recognize that Siemens cannot be made liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these application examples at any time without prior notice. If there are any deviations between the recommendations provided in these application examples and other Siemens publications - e.g. Catalogs - then the contents of the other documents have priority.
Copyright Siemens AG 2008 All rights reserved PST_e_V11.doc
Warranty, Liability and Support

We do not accept any liability for the information contained in this document. Any claims against us - based on whatever legal reason - resulting from the use of the examples, information, programs, engineering and performance data etc., described in this application example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (Produkthaftungsgesetz), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract (wesentliche Vertragspflichten). However, claims arising from a breach of a condition which goes to the root of the contract shall be limited to the foreseeable damage which is intrinsic to the contract, unless caused by intent or gross negligence or based on mandatory liability for injury of life, body or health The above provisions does not imply a change in the burden of proof to your detriment. Copyright 2008 Siemens A&D. It is not permissible to transfer or copy these application examples or excerpts of them without first having prior authorization from Siemens A&D in writing. If you have any technical questions, please get in touch with your Siemens representative or agent responsible. You will find your contact person at: http://www.siemens.com/automation/partner
V 1.1
09.04.2008
2/93
Table of Contents
1 1.1 1.2 2 2.1 2.2 3 3.1 3.2 3.3 4 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 5 5.1 5.2 5.3 5.4 6 6.1 6.2 7 7.1 7.2 8 8.1 8.2 8.3 8.4 Introduction .............................................................................................. 5 What is Partial Stroke Testing?................................................................... 5 The SIMATIC Partial Stroke Test Application ............................................. 9 Guidelines for Use.................................................................................. 19 Basic Guidelines....................................................................................... 19 Safety Guidelines ..................................................................................... 19 Getting Started........................................................................................ 21 Hardware Requirements........................................................................... 21 Software Requirements ............................................................................ 21 Installation ................................................................................................ 22 Engineering Template Configuration .................................................... 23 Partial Stroke Test Logic Overview ........................................................... 23 Optional Solenoid Test Logic .................................................................... 26 Adding the Partial Stroke Test Template to a STEP7 Project.................... 29 Configuring the F_PST Block.................................................................... 34 Configuring the F_PST_S Block ............................................................... 39 Configuring the PST Block........................................................................ 41 Configuring the PST_CALC Block ............................................................ 52 Configuring the OR_QC Block .................................................................. 59 Compiling and Downloading the Partial Stroke Test Logic........................ 60 Engineering Template Operation........................................................... 62 Viewing Partial Stroke Test Data .............................................................. 62 Changing the Value of the Partial Stroke Test Parameters ....................... 63 Changing the Value of the Solenoid Test Parameters............................... 64 Manually Starting or Aborting a Partial Stroke Test................................... 64 Operator Interface Configuration .......................................................... 65 PCS 7 OS Configuration Prerequisites ..................................................... 65 Configuring the Partial Stroke Test Operator Interface.............................. 67 Operator Interface Operation................................................................. 70 Accessing the Partial Stroke Test Interface in PCS 7 OS Runtime ........... 70 Partial Stroke Test OS Security Considerations........................................ 73 Generation of Reports............................................................................ 74 Internal Tags ............................................................................................ 75 Process Tags ........................................................................................... 75 Creating a Print Job.................................................................................. 78 Activating the Print Job ............................................................................. 79
V 1.1
09.04.2008
3/93
9 9.1 9.2 9.3 9.4 9.5 10 11
Appendix ................................................................................................. 81 Block parameters of F_PST...................................................................... 82 Block parameters of F_PST_S ................................................................. 84 Block parameters of PST.......................................................................... 85 Block parameters of PST_CALC .............................................................. 88 Configuring the PST_TIME Block ............................................................. 88 Abbreviations.......................................................................................... 90 Glossary .................................................................................................. 91
V 1.1
09.04.2008
4/93
1
1.1
Introduction
What is Partial Stroke Testing? A Safety Instrumented Function (SIF) can be characterized as a function that is designed to provide a specific Safety Integrity Level (SIL) for a certain process hazard. Typically, a SIF is composed of sensors, a logic solver and final elements. The SIF components work in tandem to first detect a hazard and then bring the process to a safe state. To ensure that it will actually function as intended when needed, the SIF equipment must be periodically tested.
Figure 1-1: A Safety Instrumented Function
The achieved SIL level is derived from the average Probability of Failure on Demand (PFD) for a SIF. A device fails on demand if it fails to perform when needed; the probability of this happening is called the PFD. PFD calculations for a given device are based on the failure rate () for the device and the proof test interval (TI). If the useful life span of a given device is analyzed, can be considered constant. Therefore, since is a constant value for a given valve, the relationship between PFD and TI is directly proportional (e.g., the larger the TI value, the larger the PFD). Therefore, more frequent testing will keep PFD values low and ensure that a SIF continues to meet its defined SIL. The final elements in a SIF are generally the largest contributors to the overall PFD. During normal plant operation, emergency shutdown valves typically remain in one position: fully-opened or fully-closed. It is only in an emergency that these safety valves are required to move. Lack of movement combined with harsh plant conditions can cause safety valves to stick. Periodic testing is required to ensure that a valve is functioning correctly and will not stick in an emergency situation. To fully test all the failure modes of an emergency shutdown valve, one must ensure that the valve can be moved to its failsafe state. This type of test is referred to as a Full Stroke Test (FST). A Full Stroke Test should test the actuator, valve seat and solenoid (if one is present). If an emergency shutdown valve has requirements for
V 1.1
09.04.2008
5/93
such things as tight shutoff and fast reaction time, these conditions should also be tested during a Full Stroke Test. It is possible to test some emergency shutdown valves online with physically bypassing the valves. However, for other valves, a Full Stroke Test requires a disruption to the process resulting in a nuisance trip. In this case, it is only possible to conduct a Full Stroke Test during a shutdown or a planned maintenance period (when the valve can be fully exercised). Otherwise, more expensive options are required such as using parallel valves and testing them independently. A Partial Stroke Test (PST) provides a way to verify that a valve is not stuck in its normal position while avoiding process upsets or spurious trips. The valve is typically stroked between 10 and 20% of full scale. The actual amount that the valve is stroked is determined by factors such as the valve type/size, manufacturers recommendations and the operating conditions. Once the test position is verified, the valve is returned to its normal state. The Partial Stroke Test cannot verify all of the failure modes of a safety valve; it can only test failure modes related to the valve actuator. The most frequent error pattern in actuator systems are listed in the following table 1-11.
Table 1-1:The most frequent error patterns in actuator systems
The diagnostic coverage of a proof test (CPT) is a percentage that corresponds to the effectiveness of a Partial Stroke Test. For
NAMUR-Recommendation NE106 First Edition: 01.03.2006 Test Intervals of Safety Instrumented Systems Table 3: The most frequent error patterns in actuator systems
1
V 1.1
09.04.2008
6/93
example, if the CPT for an emergency shutdown valve is 70%, a Partial Stroke Test can detect 70% of the possible failure modes of the valve. While a Partial Stroke Test cannot verify all of the failure modes of a safety valve, it can verify that the valve is not stuck and it can reduce the overall PFD, which helps maintain the SIL. Figure 1-2 illustrates how Partial Stroke Testing can be used to help a SIF attain a higher SIL level by lowering the PFD for the emergency shutdown valve. With only yearly Full Stroke (Proof) Testing, Figure 1-2 illustrates that the safety valve can only achieve SIL 1 (based on the average PFD and the guidelines in IEC 61511). However, by adding a Partial Stroke Test every 3 months, the safety valve can achieve SIL 2.
Figure 1-2: Using Partial Stroke Testing to Achieve a Higher SIL
Figure 1-3 shows how Partial Stroke Testing can be used to lengthen the required Full Stroke (Proof) Test Interval while maintaining the same required SIL. With yearly Full Stroke Testing, Figure 1-3 illustrates that the safety valve can achieve SIL 2. If a Partial Stroke Test is run every 3 months, the Full Stroke Test Interval can be lengthened to 2 years while still achieving SIL 2.
V 1.1
09.04.2008
7/93

Figure 1-3: Using Partial Stroke Testing to Lengthen the Full Stroke Test Interval
Note
Since a Partial Stroke Test cannot fully test a valve, it is still necessary to perform a Full Stroke Test at a set proof test interval.
V 1.1
09.04.2008
8/93
1.2
The SIMATIC Partial Stroke Test Application The SIMATIC Partial Stroke Test Application helps to ensure the safe and reliable operation of emergency shutdown valves. The application uses the SIMATIC Safety System, namely the S7-400 F/FH, in conjunction with a smart valve positioner, to test a pneumatically-operated shutdown valve. The SIMATIC Partial Stroke Test solution uses the positioner to partially close the valve, proving the valve moved to the commanded position and resetting the valve to the open position. The test is safeguarded by a failsafe discrete output which serves as an independent method of driving the valve to its failsafe position. The analog output to the positioner, in combination with the discrete output, provides two separate emergency shutdown signals to the actuator, resulting in a 1oo2 failsafe voting arrangement. Per a report published by an independent third-party consultant, the Partial Stroke Test hardware layout is SIL3-capable.2 The Partial Stroke Test method employed by the SIMATIC Partial Stroke Test Application is referred to as position control. Position control can be applied to both rotary and rising stem valves and requires a smart valve positioner to be installed with the block valve. In addition to controlling the block valve during a Partial Stroke Test, test results can be collected and stored with PCS 7 OS for test documentation and predictive maintenance. Each type of smart valve positioner can be used with the Partial Stroke Test Application, while the safety part of the application sets the valve position setpoint and compares the position feedback during the test time. The SIMATIC Partial Stroke Test application includes three components (see also Figure 1-4):
SIMATIC Partial Stroke Test Engineering Template: Consists of a STEP7 engineering template (i.e. preconfigured logic) to setup, run and monitor a Partial Stroke Test and optionally a Solenoid Test. This engineering template is comprised of a chart-in-chart that contains CFC blocks designed to run the Partial Stroke Test at configured intervals. This
2
The hardware report was produced by Exida and is available upon request from Siemens. Relevant document information is listed below: Safety Integrity Level Verification Project: Final Element Configurations, Report No.: SIE 04/08-20 R001 Version V1, Revision 1.0, October 2004 William Goble Rachel Amkreutz
V 1.1
09.04.2008
9/93
logic also includes PFD calculations to predict the time remaining until the next required Full Stroke Test. An interface to the PCS 7 OS is provided. SIMATIC Partial Stroke Test Operator Interface: Consists of a PCS 7 OS block symbol and faceplate to visualize the operation and status of a Partial Stroke Test and provides integrated PCS 7 OS alarming and event logging. SIMATIC Partial Stroke Test Report: Consists of a pre-configured report layout for PCS 7 OS to provide automatic documentation of the PST as printout.
The SIMATIC Partial Stroke Test application provides the following benefits:

Tests an emergency shutdown valve for various failure modes Provides feedback that can be used to predict potential future valve failures Provides more flexible testing and longer proof intervals Decreases PFD for an emergency shutdown valve Alarms when a Partial Stroke Test has failed or has been inhibited and when a full stroke test is required to maintain the specified SIL Printout of the test results Allows manual or automatic tests to be run
Figure 1-4: Overview Partial Stroke Test with S7-400FH and PCS 7
V 1.1
09.04.2008
10/93
1.2.1
Hardware Overview
The Partial Stroke Test application uses an S7-400 F/FH CPU in conjunction with a smart valve positioner that can provide analog feedback on the valve position. The application is designed to be used with valves that are actuated via stored energy. These are normally-open valves (i.e. valves that close under emergency shutdown conditions).
V 1.1
09.04.2008
11/93
Figure 1-5 and Figure 1-6 show two proposed physical system layouts3 using a hardwired valve positioner.
A standard Analog Output (or standard Analog Output with HART) signal that transmits the desired valve position setpoint to the valve positioner A failsafe Analog Input signal that monitors the actual position of the valve A failsafe Discrete Output signal that drives a signal to shut the valve under emergency shutdown conditions. The two possible configurations are shown in the figures below:
Safety Relay: Removes power to the valve positioner, causing it to close off the air supply to the valve Solenoid: Removes air from the valve, allowing the spring to close the valve
The hardware report was produced by Exida and is available upon request from Siemens. Relevant document information is listed below: Safety Integrity Level Verification Project: Final Element Configurations, Report No.: SIE 04/08-20 R001 Version V1, Revision 1.0, October 2004 William Goble Rachel Amkreutz
V 1.1
09.04.2008
12/93
Figure 1-7 and Figure 1-8 show two proposed physical system layouts, using valve positioner with fieldbus.
The fieldbus transmits the desired valve position setpoint to the valve positioner and reads the actual position of the valve A failsafe Discrete Output signal that drives a signal to shut the valve under emergency shutdown conditions. The two possible configurations are shown in the figures below: Safety Shutdown Input: De-energized signal to the valve positioner, causing it to close off the air supply to the valve Solenoid: Removes air from the valve, allowing the spring to close the valve
V 1.1
09.04.2008
13/93
Figure 1-5: Partial Stroke Test with SIPART PS2 Hart for Shutdown
Figure 1-6: Partial Stroke Test with HART-Positioner only for diagnosis
V 1.1
09.04.2008
14/93

Figure 1-7: Partial Stroke Test with Fieldbus-Positioner for shutdown
Figure 1-8: Partial Stroke Test with Fieldbus-Positioner only for diagnosis
V 1.1
09.04.2008
15/93
The installation of a valve positioner does not automatically remove the requirement for a solenoid valve in a SIF. Many emergency shutdown valve applications require a solenoid valve because the valve positioner vent is too small to allow for rapid valve closure. If a solenoid valve is used, it should be installed between the valve positioner and the actuator. For cases in which a solenoid valve and valve positioner are used, the Partial Stroke Test itself does not test the solenoid. However, the Partial Stroke Test application includes optional Solenoid Test logic. It is up to the user to determine if a Solenoid Test is required to validate the solenoid operation at the time of a Partial Stroke Test. Many times, the failure modes of the solenoid are not a significant contribution to the overall PFD of the valve assembly. If the solenoid is not a significant factor, it can be tested during normal proof testing when the Full Stroke Test is executed.
1.2.2
SIMATIC Partial Stroke Test Engineering Template Overview
The Partial Stroke Test Engineering Template component consists of pre-configured STEP7 CFC logic. The logic is encapsulated in an engineering template (a CFC chart-in-chart) that can be added to a CFC chart. The template contains usage notes to help the user understand and complete the Partial Stroke Test configuration.
Figure 1-9: Partial Stroke Test Engineering Template (Encapsulated Logic)
V 1.1
09.04.2008
16/93

Figure 1-10: Partial Stroke Test Engineering Template (Detailed Logic)
To execute the Partial Stroke Test logic, five new function blocks have been created:
PST: Contains the standard Partial Stroke Test logic; compiled SCL code F_PST: Contains the failsafe Partial Stroke Test logic; compiled CFC containing only TV-certified F-Systems function blocks F_PST_S: Contains the optional failsafe Solenoid Test logic; compiled CFC containing only TV-certified F-Systems function blocks PST_CALC: Contains PFD calculations to determine when the next Full Stroke Test is required; compiled SCL code OR_QC: Contains logic that evaluates the quality of up to four channel driver blocks to determine if any of the signals has bad quality; compiled SCL code SIMATIC Partial Stroke Test Operator Interface Overview
1.2.3
The Partial Stroke Test Operator Interface component consists of a PCS 7 OS block symbol and faceplate. Both the block symbol and faceplate allow an operator to visualize the Partial Stroke Test operation from a PCS 7 OS console by monitoring the status and alarms for a Partial Stroke Test instance. Also, with the appropriate security rights (see Section 7.2 Partial Stroke Test OS Security Considerations), an operator can tune configuration parameters and manually initiate tests from the faceplate itself.
V 1.1
09.04.2008
17/93
For configuration ease, when the Operator Interface component is used in conjunction with the Engineering Template component, the block symbol and faceplate are automatically created and configured during a PCS 7 OS compilation.
Figure 1-11: Partial Stroke Test Block Symbol
Figure 1-12: Partial Stroke Test Faceplate
V 1.1
09.04.2008
18/93
2
2.1
2.1.1
Guidelines for Use

Basic Guidelines
Purpose of the Manual
This manual provides a complete overview of the Partial Stroke Test application. This manual is intended for qualified personnel involved in programming of Partial Stroke Test programs and for those responsible for configuring, commissioning and servicing automation systems.
2.1.2 Required Basic Knowledge
A general knowledge of field automation engineering is required to be able to understand this manual. The user should also be trained in the SIMATIC technologies employed in the application: STEP7, CFC, S7 F/FH Systems and PCS 7 OS. Additionally, the user should know how to use computers or devices with similar functions (e.g. programming devices) under Windows operating systems.
2.1.3 Where is this Manual Valid?
This manual is valid for the Partial Stroke Test Application V1.1.
2.1.4 Qualified Personnel
This device/system may only be set up and operated by qualified personnel. Qualified personnel are defined as persons who are authorized to commission, to ground, and to tag circuits, equipment, and systems in accordance with established safety practices and standards. 2.2
2.2.1
Safety Guidelines
Certificates and Approvals
The TV Report4 confirms, that the Partial Stroke Test application is non-interfering with the safety function in the proposed physical system layouts. While the safety part of the application sets the valve position setpoint and compares the position feedback during the test time, the test runs more safely than when internal to a positioner. Following the guidelines laid out in this manual should allow the user to configure the Partial Stroke Test application to operate their safety valves. It is the users responsibility to validate the settings of Partial
4
The report was produced by TV Sd and is available upon request from Siemens.
V 1.1
09.04.2008
19/93
Stroke Test logic for the used safety valves and to calculate the required test intervals, to reach the target SIL and/or extended Proof Test Interval.
2.2.2 Compliance with SIMATIC S7 F/FH Systems
The Partial Stroke Test Engineering Template component is an engineering template utilizing SIMATIC S7 F/FH Systems. The user should read, understand and comply with all Safety Notes in the SIMATIC Programmable Controllers S7 F/FH Systems Manual.
2.2.3 Note for using smart valve positioner for on/off valves
If the valve is set to a fixed value, e.g. 100%, and the valve gets blocked, e.g. encrustation, the pressure in the actuator can possibly be reduced by small leakages. If the pressure is reduced enough to break off the encrustation, there is a risk of overshooting the critical travel value of the valve. With the following methods it is possible to detect or eliminate this risk: The blocked valve can be detected by Partial Stroke Test. The test intervals must be short enough. If the air supply is direct forwarded to the actuator (setting in the smart valve positioner), the pressure can not be reduced by small leakages. Using a pressure sensor to detect a critical pressure level.
V 1.1
09.04.2008
20/93
3
3.1
Getting Started
Hardware Requirements The basic PCS 7-related hardware requirements for running the Partial Stroke Test application software include:
A PC with a CD-ROM drive SIMATIC S7 F/FH System hardware components S7 F/FH System CPUs (e.g. the CPU417-4H) with an F-Systems License Fail-safe Signal Modules (F-SM)
The Partial Stroke Test application has been designed to work with any de-energize to trip valve (i.e. a normally-open valve). To run the Partial Stroke Test application as intended, the following field instrumentation is also required:
A valve positioner with analog feedback A safety relay or solenoid valve
Note
If using a relay instead of a solenoid valve, a safety relay may be necessary. This is dependent on the required SIL for the Safety Instrumented Function. In this release, the Partial Stroke Test application supports only normallyopen valves (i.e. valves whose failsafe state is closed).
Note
3.2
Software Requirements The following software, as detailed in the next sections, is required to operate the Partial Stroke Test Engineering Template and Operator Interface software at full capacity. Common Requirements
Internet Explorer V6.0, SP1 or greater Operating System: Windows 2000 Professional SP4 or greater (for PCS 7 6.1) Windows XP Professional SP1 or greater (for PCS 7 6.1)
V 1.1
09.04.2008
21/93
3.2.1 3.2.2
Partial Stroke Test Engineering Template S7 F Systems V6.0 or greater S7 F Library V1.3 PCS 7 V6.1 SP1 or greater Partial Stroke Test Operator Interface PCS 7 OS V6.1 SP1 or greater
3.3
Installation The SIMATIC Partial Stroke Test components are installed from the Partial Stroke Test setup zip file.
1. Copy the Partial Stroke Test setup zip file to the hard drive of your PC. Unzip the contents of the setup zip file to a temporary folder.
2. Run setup.exe from within the temporary folder. 3. Follow the setup program instructions to select the desired Partial Stroke Test application components. The temporary folder can be deleted once the installation is complete.
Note
To use the components of the Partial Stroke Test application you must have a runtime license (individual license) for each CPU. The license allows you to use the library on a single CPU only. When working on several CPUs, make sure that you order the corresponding number of runtime licenses.
V 1.1
09.04.2008
22/93
4
4.1
Engineering Template Configuration

Partial Stroke Test Logic Overview The Partial Stroke Test Engineering Template component consists of pre-configured CFC logic. For ease of configuration, the logic has been encapsulated in an engineering template (a CFC chart-in-chart) that the user can drag-and-drop onto a CFC. The user then only needs to connect the I/O channels to be used (i.e. the valve feedback, etc.) and to specify the configuration parameters. Main basic features of the Partial Stroke Test engineering template are listed below:
Allows Partial Stroke Tests to be run automatically (on a user-specified test interval) or manually. The necessity of running a test can be announced. Manual tests can be initiated from the CFC logic itself or from the corresponding PCS 7 OS faceplate Detects if a Partial Stroke Test or Full Stroke Test has been run from outside of the Partial Stroke Test application logic (i.e. if a test is run locally at the valve positioner, etc.) Allows the user to configure the valve setpoint for the test and a hysteresis to evaluate the pass/fail status for a Partial Stroke Test Allows the user to specify the maximum time allowed for each Partial Stroke Test and Solenoid Test to run successfully Allows the user to specify the time delay between a successful Partial Stroke Test and a Solenoid Test Includes a set of alarms that can be displayed within the PCS 7 OS. Also includes an alarm disable option if no HMI is being used with the Partial Stroke Test application logic Allows users to track performance of the valve by recording the following information for each Partial Stroke Test: Time/date when test was started Pass/fail test status Elapsed time to get to the desired position Actual valve position at the end of the test
Applies interlock and permissive logic to prevent stroke testing when not desired (if signals are bypassed or bad quality is detected, if TRIP condition is active, if user-configured permissive logic inhibit the test) Can vary test setpoints over a user-defined range to ensure no build-up in the valve body Includes in the starting phase of the Partial Stroke Test the monitoring of the valve feedback, to detect early a failure
V 1.1
09.04.2008
23/93
Includes PFD calculations to predict when the next Full Stroke Test is required.
Figure 4-1 and Figure 4-2 illustrate the basic operation of the Partial Stroke Test logic. Before a test is run, the user specifies the valve test setpoint (TEST_SP), a test hysteresis (TEST_HYS) and the maximum text execution time (TT). When a new test is started, the valve positioner setpoint is set to TEST_SP, a timer is started and the actual valve positioner feedback (FB_IN) is tracked. A test is considered to be a success when FB_IN is below a certain success threshold: TEST_SP + TEST_HYS. If FB_IN never crosses the success threshold before the timer reaches the maximum time, the test is considered a failure. When a test ends (whether a success or a failure), the valve returns to the full-open position. When a successful Partial Stroke Test is detected, the time it took for the valve to cross the TEST_SP + TEST_HYS threshold is recorded as the response time (RESPTIME). The test stops when the valve feedback is either less than TEST_SP (as illustrated Figure 4-1) or when TT has elapsed (as illustrated in Figure 4-2) whichever occurs first. At this point, FB_IN is recorded and stored as the actual valve position at the end of the test (FINALVAL). RESPTIME and FINALVAL are stored to provide predictive maintenance information.
V 1.1
09.04.2008
24/93

Figure 4-1: Partial Stroke Test Operation (Feedback Reaches TEST_SP)
V 1.1
09.04.2008
25/93

Figure 4-2: Partial Stroke Test Operation (Feedback Reaches TEST_SP + TEST_HYS)
4.2
Optional Solenoid Test Logic When using pneumatic valves, the Partial Stroke Test application includes optional logic for a Solenoid Test. The Solenoid Test is only relevant for hardware configurations containing a solenoid valve. Figure 4-3 illustrates the basic operation of the Solenoid Test logic. If enabled in the configuration, a Solenoid Test is run automatically after a successful Partial Stroke Test is completed. There is a userconfigurable delay between the end of the Partial Stroke Test and the start of the Solenoid Test; this delay allows the process to settle out before the Solenoid Test begins. The Solenoid Test logic pulses the failsafe discrete output signal to the solenoid (setting it from TRUE to FALSE and back to TRUE again) and subsequently monitors the feedback signal from the valve positioner for movement. For the Solenoid Test to be considered a success, a preconfigured amount of valve movement must be detected in a preconfigured amount of time. The amount of valve movement does not need to be significant since a Partial Stroke Test has just completed and verified the valve is not stuck. It simply needs to ensure the solenoid is functioning to cut off the air supply.
V 1.1
09.04.2008
26/93
As part of the test setup, the user specifies the following parameters:
DT_S: The delay time between the end of a successful Partial Stroke Test and the start of a Solenoid Test TT_S: The test time representing the number of cycles that the failsafe output to the solenoid valve is pulsed off MON_T_S: The amount of time in which the logic checks for valve movement MON_V_S: The amount of movement that must be detected by the valve positioner in order for the Solenoid Test to be successful
The Solenoid Test logic is only applicable in certain situations. Obviously, the Solenoid Test logic pertains only to hardware setups that contain a solenoid valve. A solenoid test depends on the cycle time of the application and the reaction time of the valve. Especially with fast reaction valves a process upset can be caused by the test pulse. The user is responsible for determining if the solenoid in question reacts too quickly to be used with the test logic. The user should verify the PFD values for the solenoid valve before implementing the Solenoid Test logic. If the PFD contribution of the solenoid valve to the overall valve assembly is not significant, it may not be necessary to use the Solenoid Test logic to periodically check the valve.
Note
If the user determines that the Solenoid Test logic is not needed for a particular application, the blocks relating to the Solenoid Test should be deleted from the Engineering Template to save memory and execution time. The following can be deleted if the Solenoid Test logic is not needed: F_PST_S
Note
The user should be careful to select a test execution time (TT_S) that does not allow the solenoid test to cause the valve to close too far, causing spurious trips. TT_S should be significantly smaller than the reaction time of the solenoid valve. Do not use the Solenoid Test logic with fast-reacting valves. If the valve reacts too quickly, this could cause spurious trips.
V 1.1
09.04.2008
27/93

Figure 4-3: Solenoid Test Operation
V 1.1
09.04.2008
28/93
4.3
4.3.1
Adding the Partial Stroke Test Template to a STEP7 Project

Copying the Template to a CFC
After the installation of the PST application the PST library is available. There are two possibilities to copy the template to a user project. 1. Copying the template in the SIMATIC Manager: Open the PST library in the SIMATIC Manager Copy the CFC PST_Template to the chart folder of your project. Open a CFC in you project and select the Library Catalog. There you will find the PST library. Select the PST library and open the folder S7-Program\Charts. Drag the CFC PST to the open chart.
2. Copying the template in the CFC:

In both cases all blocks that are required for the PST application to run in the PLC are copied to your project automatically.
Note
All of the blocks in the PST template must execute in the the preconfigured order. This ensures that the PST application logic will function as intended (in regard to timing and sequencing).
V 1.1
09.04.2008
29/93
4.3.2
Adjusting the the Run Sequence
When copying the template to the CFC all blocks are copied to the same Runtime Group. As the failsafe program has to run in a separate Runtime Group, there are three Runtime Groups. Open the Runtime Editor in the CFC and arrange the blocks as shown in Figure 4-4.
Figure 4-4: Run Sequence of the blocks in the Partial Stroke Test Template
4.3.3
Adjusting the Connections to the I/O Channel Drivers
The Partial Stroke Test engineering template includes three channel driver blocks:
An F_CH_AI channel driver block for the valve positioner feedback A CH_AO block for the valve positioner setpoint The template comprises of an F_CH_DO channel driver block, which is used for the solenoid valve control. If the safety function and the corresponding channel driver block already exist, the F_CH_DO block is not required.
The instance name of the F_CH_AI block within the template is PST_F_AI. The PST_F_AI.VALUE channel driver block input must be interconnected to the symbolic address of the valve positioner feedback channel (refer to Figure 4-5). Note that this analog input channel must first be created from within HW Config.
V 1.1
09.04.2008
30/93

Figure 4-5: The F_CH_AI Channel Driver Block in the Partial Stroke Test Template
The Partial Stroke Test application is designed to be used with a failsafe analog input signal for the valve positioner feedback. The feedback input, the associated test evaluation logic and the test interval timers are created with failsafe logic to guarantee that valve movement occurs within the configured PST interval. Failsafe logic will ensure that an undetected failure (e.g. a transient RAM fault or a communication fault) does not falsely record a successful Partial Stroke Test. If this level of confidence is not required for a particular application, a standard analog input signal can be used in place of the failsafe analog input signal. If a standard analog input signal or a PROFIBUS PA analog input signal is to be used, the F_CH_AI channel driver block must be deleted and replaced with a CH_AI (for standard analog input) or PA_AI (for PA analog input) channel driver block. The user must do the following:
Delete the F_CH_AI block from the CFC Add a CH_AI / PA_AI driver block to the CFC and name it PST_AI (to be consistent with the existing naming structure) Connect the PST_AI.QUALITY output to the PST_QUALITY.IN1 input Add an F_R_FR convert block to the CFC and name it F_PST_CONV Connect the PST_AI.V output to the F_PST_CONV.IN input Connect the F_PST_CONV.OUT output to the F_PST.FB_IN input Verify and, if necessary, modify the runtime group assignment
The instance name of the CH_AO block within the template is PST_AO. The PST_AO.VALUE channel driver block output must be
V 1.1
09.04.2008
31/93
interconnected to the symbolic address of the valve positioner setpoint channel (refer to Figure 4-6). Note that this analog output channel must first be created from within HW Config. This signal does not need to be failsafe, as the feedback signal accurately reflects whether the test ran within the test interval. If a PROFIBUS PA analog output is to be used, the CH_AO channel driver block must be deledeted and replaced with a PA_AO channel driver block. The user must do the following:

Delete the CH_AO block from the CFC Add a PA_AO driver block to the CFC and name it PST_AO (to be consistent with the existing naming structure) Connect the PST_AO.QUALITY output to the PST_QUALITY.IN2 input Connect the PST_RAMP.V output to the PST_AO.U input Verify and, if necessary, modify the runtime group assignment
Figure 4-6: The CH_AO Channel Driver Block in the Partial Stroke Test Template
V 1.1
09.04.2008
32/93

Figure 4-7: The F_CH_DO Channel Driver Block in the Partial Stroke Test Template
4.3.4
Using Ramp Control for the Valve Positioner Setpoint
The Partial Stroke Test engineering template includes a RAMP_P block to control the rate at which the valve positioner setpoint is changed. The instance name of the RAMP_P block within the template is PST_RAMP (see Figure 4-8). By default, the ramp functionality is effectively disabled, since PST_RAMP.URLM input and PST_RAMP.DRLM input are both set to 0. If ramp functionality is desired to slow the rate at which the PST strokes the valve, the value of PST_RAMP.DRLM must be set to a value greater than 0. Note that PST_RAMP.RATE_OFF input is connected to the PST.QRUN output. This allows rate limiting only when a PST is running. If the valve is commanded from logic external to the PST logic (e.g. if a trip occurs and the valve must close), rate limiting is disabled. If using ramping, the TT and MON_TIME parameters should be adjusted to allow the PST to run correctly. If the ramp functionality is not desired or realized in the positioner, the user can just delete the block from the template and connect the PST.SP output directly to the PST_AO.U input.
V 1.1
09.04.2008
33/93

Figure 4-8: The RAMP_P Block in the Partial Stroke Test Template
4.4
Configuring the F_PST Block The F_PST block contains the failsafe logic for the Partial Stroke Test application (see Figure 4-9). The F_PST logic is responsible for the following:
Controlling the timing between automatic tests (i.e. running tests or annunciating the necessity of running a test on a user-specified test interval) Allowing a Partial Stroke Test to start when a test request is made (either automatically or manually). A Partial Stroke Test will not be allowed to start unless all of the necessary conditions are met Controlling the timing of an actual Partial Stroke Test and ending the test when the test time has elapsed Evaluating the pass/fail status of a Partial Stroke Test Detecting Partial Stroke Tests that are run outside of the application logic (i.e. a test run locally at the valve positioner, a test run inadvertently by process conditions, etc.) Detecting Full Stroke Tests that are run outside of the application logic (i.e. a test run during a maintenance period, a test run inadvertently as a result of a process shutdown that closes the valve completely, etc.)
V 1.1
09.04.2008
34/93

Figure 4-9: The F_PST Block in the Partial Stroke Test Template
The F_PST blocks inputs and outputs are described in Table 4-1.
Table 4-1: F_PST Block Inputs and Outputs
Input/ Output Input
Name FB_IN
Description Feedback Signal from Valve Positioner
Notes Data type: F-REAL Default value: 0.0 Typical source: PST_F_AI.V channel driver output
Input
TRIP
Commanded Valve Status (1=Open, 0=Close)
Data type: F-BOOL Default value: 0 (Close) Typical source: Connected to an output from the user-configured emergency shutdown logic In order to start and run a Partial Stroke Test (automatically or manually), the valve must not be open and not tripped (i.e. TRIP = 1).
V 1.1
09.04.2008
35/93
Input/ Output Input
Name ILOCK
Description Test Permissive (1=Permit Test, 0=Inhibit Test)
Notes Data type: F-BOOL Default value: 0 (Inhibit Test) Typical source: Connected to user-configured permissive logic (to prevent a test from running if process conditions are not ideal) In order to start and run a Partial Stroke Test (automatically or manually), the test permissives must be met (i.e. ILOCK = 1). If no permissive logic is to be connected to this input, set the input to 1.
Input
CSF
Quality Signal (1=Bad, 0=Good)
Data type: BOOL Default value: 1 (Bad) Typical source: PST_QUALITY.RET_VAL output In order to start and run a Partial Stroke Test (automatically or manually), the quality of all the PST-related signals must be good.
Input
AUTO_EN
Enable automatic Test (1=Enabled)
Data type: BOOL Default value: 1 (Enabled) A Partial Stroke Test is conducted after the test interval has elapsed, if AUTO_EN = 1 and the conditions are met. If AUTO_EN = 0 the test is not conducted automatically. The operator is notified, that a Partial Stroke Test is required. The operator can initiate the test manually.
Output
QPST_REQ
Partial Stroke Test Required (1=Test Required)
Data type: F-BOOL When the test interval has elapsed and the Automatic Partial Stroke Test is disabled, QPST_REQ indicates that a Partial Stroke Test is required.
V 1.1
09.04.2008
36/93
Input/ Output Output
Name QFAIL
Description Last Test Failed (1=Test Failed)
Notes Data type: F-BOOL The Partial Stroke Test logic will not close the valve in the event of a failed test. If desired, QFAIL can be connected to failsafe logic (for a controlled shutdown or to indicate maintenance required).
Output
QPASS
Last Test Passed (1=Test Passed) New Successful Full Stroke Test (1=Test Passed) Feedback Error (1= Error)
Data type: F-BOOL
Output
QFSTPASS
Data type: F-BOOL
Output
QFB_ERR
Data type: F-BOOL After a Partial Stroke Test is run successfully, the valve should return to the value specified by PST.OP_POS. If the valve fails to return to the open position in the time specified by PST.TT, QFB_ERR is set to 1.
Output
QINHIBIT
Last Test Inhibited (1=Test Inhibited) Run Status (1=Running) Elapsed Test Time (Seconds)
Data type: F-BOOL
Output Output
QRUN E_TT
Data type: F-BOOL Data type: F-TIME
Note
The F_PST block has additional inputs and outputs that are not documented in Table 4-1. These inputs and outputs are utilized by Partial Stroke Test logic for things like data passing between blocks and are typically hidden. The user should only set parameters explained in the table.
V 1.1
09.04.2008
37/93
Note
There are hidden connections between the F_PST, F_PST_S, PST and PST_CALC blocks. If the F_PST block is deleted from the CFC and subsequently replaced, all of the connections have to be restored manually. See Engineering Template in the PST library.
V 1.1
09.04.2008
38/93
4.5
Configuring the F_PST_S Block The F_PST_S block contains the failsafe logic for the optional Solenoid Test (see Figure 4-10). The F_PST_S logic is responsible for the following:
Controlling the timing between a successful Partial Stroke Test and Solenoid Test (i.e. running a Solenoid Test after a specified delay time following a successful Partial Stroke Test) Allowing a Solenoid Test to start when a test request is made. A Solenoid Test will not be allowed to start unless all of the necessary conditions are met Controlling the timing of an actual Solenoid Test Evaluating the pass/fail status of a Solenoid Test The Solenoid Test functionality is optional (refer back to Section 4.2). If the Solenoid Test logic is not needed, delete the F_PST_S block from the Partial Stroke Test Engineering Template (to save memory and execution time).

Note
Figure 4-10: The F_PST_S Block in the Partial Stroke Test Template
The F_PST_S blocks inputs and outputs are described in Table 4-2.
V 1.1
09.04.2008
39/93

Table 4-2: F_PST_S Block Inputs and Outputs
Input/ Output Input
Name FB_IN_AI
Description Feedback Signal from Valve Positioner
Notes Data type: F-REAL Default value: 0.0 Typical source: PST_F_AI.V channel driver output
Output
QFAIL
Last Test Failed (1=Test Failed)
Data type: F-BOOL The Solenoid Test logic will not close the valve in the event of a failed test. If desired, QFAIL can be connected to failsafe logic (for a controlled shutdown or to indicate maintenance required).
Output
QPASS
Last Test Passed (1=Test Passed) Last Test Inhibited (1=Test Inhibited) Run Status (1=Running) Control Output for Solenoid Valve
Data type: F-BOOL
Output
QINHIBIT
Data type: F-BOOL
Output Output
QRUN F_DO
Data type: F-BOOL Data type: F-BOOL When the Solenoid Test is running, the F_DO is set to 0 for a number of cycles specified by PST.TT_S. After the number of cycles has elapsed, F_DO is set back to 1. Typical destination: PST_F_DO.I channel driver input
Note
The F_PST_S block has additional inputs and outputs that are not documented in Table 4-2. These inputs and outputs are utilized by Partial Stroke Test logic for things like data passing between blocks and are typically hidden. The user should only set parameters explained in the table.
V 1.1
09.04.2008
40/93
Note
There are hidden connections between the F_PST, F_PST_S, PST and PST_CALC blocks. If the F_PST_S block is deleted from the CFC and subsequently replaced, all of the connections have to be restored manually. See Engineering Template in the PST library.
4.6
Configuring the PST Block The PST block contains the standard logic for the Partial Stroke Test application (see Figure 4-11). The PST logic is responsible for the following:
Acting as the interface to the Partial Stroke Test / Solenoid Test block symbol (for passing data to and from the PCS 7 OS) Capturing the time it takes for the valve to reach the desired stroke setpoint during a Partial Stroke Test Capturing the valve positioner feedback at the end of a Partial Stroke Test Controlling the valve positioner setpoint Setting Partial Stroke Test / Solenoid Test alarms (to be used in conjunction with a PCS 7 OS)
V 1.1
09.04.2008
41/93

Figure 4-11: The PST Block in the Partial Stroke Test Template
V 1.1
09.04.2008
42/93
The PST blocks inputs and outputs are described in Table 4-3.
Table 4-3: PST Block Inputs and Outputs
Input/ Output Input
Name TT
Description Length of Test; Maximum Valve Reaction Time (Seconds)
Notes Data type: REAL Default value: 0.0 TT is the length of time that the valve position setpoint will be set to TEST_SP during a Partial Stroke Test. When trying to determine the TT value, the user may wish to do an initial manual stroke test to determine what the valves response time is (i.e. how fast the valve typically reaches TEST_SP). If TT = 0, no test is possible.
Input
TI
Test Interval (Hours)
Data type: INT Default value: 0 (No Automatic Testing) When TI > 0, automatic testing is enabled. If TI is changed while the timer is running, the timer is completely reset (i.e. the timer is completely reset and no test will be run until TI has completely elapsed). If TI is changed while the timer is running, it is recommended that the user manually run a Partial Stroke Test to account for the time interval that elapsed before TI was changed. If a Partial Stroke Test fails to run because it was inhibited (as a particular start condition is not met), the automatic test timer will restart and will have to completely elapse before another automatic test is attempted.
V 1.1
09.04.2008
43/93
Input/ Output Input
Name MON_TIME
Description Monitoring time for Starting Partial Stroke Test (Seconds)
Notes Data type: REAL Default value:1.0 MON_TIME is the length of time within which the valve feedback has to change for a defined value (MON_VAL). If the valve feedback does not change, the Partial Stroke Test is stopped and registered as a failure. Data type: REAL Default value: 1.0 MON_VAL is the amount the valve feedback must change within a defined length of time (MON_TIME). If the valve feedback does not change, the Partial Stroke Test is stopped and registered as a failure. Data type: REAL Default value: 100.0 TEST_SP is the valve position setpoint that will be used during a Partial Stroke Test. TEST_SP should be configured to match the valve manufacturers recommendation for a successful Partial Stroke Test. TEST_SP should be a value that falls somewhere between the fullopen position (OP_POS) and the full-close position (CL_POS). The Partial Stroke Test logic does not include any position limiting (to prevent the valve from closing too far). The user must take this into consideration when setting the value of TEST_SP.
Input
MON_VAL
Feedback Change Required for Starting a Partial Stroke Test
Input
TEST_SP
Valve Stroke Position
V 1.1
09.04.2008
44/93
Input/ Output Input
Name TEST_HYS
Description Hysteresis for Test Pass/Fail Evaluation
Notes Data type: REAL Default value: 0.0 TEST_HYS is used to determine the pass/fail status of a Partial Stroke Test. In order to pass, the valve positioner feedback must be less than or equal to (TEST_SP + TEST_HYS).
Input
TESTSP_R
Range for test setpoint
Data type: REAL Default value: 1.0 TESTSP_R is the range within which the test setpoint TEST_SP varies.
The setpoint range TESTSP_R has to be smaller than (OP_POS CL_POS) / 2.0. Input OP_POS Valve Position for Full-Open Data type: REAL Default value: 100.0 The valve positioner setpoint (SP) is set to OP_POS when: The valve trip status is not active (i.e. F_PST.TRIP = 1) and no Partial Stroke Test is being run The interlock is lost (i.e. F_PST.ILOCK = 0) while a Partial Stroke Test is being run Input CL_POS Valve Position for Full-Close Data type: REAL Default value: 0.0 The valve positioner setpoint (SP) is set to CL_POS when: The valve trip status is active (i.e. F_PST.TRIP = 0).
V 1.1
09.04.2008
45/93
Input/ Output Input
Name DT_S
Description Delay Time for Solenoid Test
Notes Data type: REAL Default value: 40.0 When DT_S > 0.0, automatic testing is enabled. After a successful Partial Stroke Test is registered, the delay time starts. When the delay time has elapsed, the Solenoid Test begins.
Input
TT_S
Length of Solenoid Test (Cycles)
Data type: INT Default value: 0 TT_S is the length of time, in cycles, that the solenoid valve is pulsed closed during a Solenoid Test. In order for the Solenoid Test to run, TT_S must be > 0.
Input
MON_T_S
Monitoring time for Solenoid Test (Seconds)
Data type: REAL Default value:1.0 MON_T_S is the length of time in which a feedback change has to be detected for the Solenoid Test. If the feedback changes by the value specified by MON_V_S within the time specified by MON_T_S, the Solenoid Test passes.
Input
MON_V_S
Feedback Change Required for Solenoid Test
Data type: REAL Default value: 1.0 MON_V_S is the amount the valve feedback must change for the Solenoid Test. If the feedback changes by the value specified by MON_V_S within the time specified by MON_T_S, the Solenoid Test passes.
V 1.1
09.04.2008
46/93
Input/ Output Input
Name L_START
Description Linkable Input for Manual Test Request (1=Start Test)
Notes Data type: BOOL Default value: 0 L_START can be connected to user-configured logic to drive Partial Stroke Testing. If all test conditions are met, setting L_START to 1 will initiate a Partial Stroke Test. Note that a new test is initiated when L_START transitions from 0 to 1 (so L_START must be reset between tests). Data type: BOOL Default value: 0 L_ABORT can be connected to user-configured logic to abort a running Partial Stroke Test. If a test is running (i.e. F_PST.QRUN = 1), setting L_ABORT to 1 will abort the test. Note that a test is aborted when L_ABORT transitions from 0 to 1 (so L_ABORT must be reset between tests).
Input
L_ABORT
Abort Test (1=Abort)
Input
MSG_LOCK
Lock Alarms (1=Locked)
Data type: BOOL Default value: 0 The PST block contains test alarms intended to be used in conjunction with a PCS 7 OS. Setting MSG_LOCK to 1 enables the alarming; setting MSG_LOCK to 0 suppresses alarm generation.
Output Output Output Output
SP TEST_TS E_TIME RESPTIME
Valve Positioner Setpoint Timestamp for Last Test Elapsed Test Time Response Time to Reach Test Setpoint
Data type: REAL Data type: STRING[16] Data type: REAL Data type: REAL
V 1.1
09.04.2008
47/93
Name FINALVAL
Description Actual Valve Position at End of Test Timestamp for Next Partial Stroke Test
Notes Data type: REAL
Output
NEXT_PST
Data type: STRING[16] NEXT_PST is for display purposes only. The F_PST block executes the logic to determine when the next automatic Partial Stroke Test is required. Data type: BOOL A Partial Stroke Test cannot be started if any of the test parameters (times, values and ranges) are invalid. The following validity checks are conducted for a Partial Stroke Test: OP_POS > CL_POS TT > 0 MON_VAL >= 0 and MON_VAL < (OP_POS TEST_SP) MON_TIME >= 0 and MON_TIME < TT TEST_HYS >= 0 (TEST_SP + TESTSP_R + TEST_HYS) < OP_POS and (TEST_SP TESTSP_R TEST_HYS) > CL_POS A Solenoid Test cannot be started if any of the test parameters (times, values and ranges) are invalid. The following validity checks are conducted for a Solenoid Test: DT_S >= 0 and DT_S < (TI TT_S MON_T_S) TT_S > 0 and TT_S < (TI MON_T_S) MON_V_S >= 0 and MON_V_S < OP_POS MON_T_S >= 0 and MON_T_S < T If an invalid parameter value is detected, QERR is set to 1.
Output
QERR
Indication of Invalid Parameters (1=Invalid Parameters)
V 1.1
09.04.2008
48/93
Note
The PST block has additional inputs and outputs that are not documented in Table 4-3. These inputs and outputs are utilized by Partial Stroke Test logic for things like data passing between blocks and are typically hidden. The user should only set parameters explained in the table.
Note
There are hidden connections between the F_PST, F_PST_S, PST and PST_CALC blocks. If the PST block is deleted from the CFC and subsequently replaced, all of the connections have to be restored manually. See Engineering Template in the PST library. PST Block Alarm Settings
4.6.1
The PST block contains the logic and settings for alarms that can be displayed within the PCS 7 OS. To allow alarm generation, PST.MSG_LOCK (the message lock) must be set to 1. Table 4-4 lists the default Partial Stroke Test alarm settings.
Table 4-4: Default PST Block Alarm Settings
Event Partial Stroke Test: Started Partial Stroke Test Ended: Response Time = <xx.x> sec Partial Stroke Test Ended: Test Setpoint = <xx.x> Final Value = <xx.x> Partial Stroke Test: Passed Partial Stroke Test: Failed Partial Stroke Test: Failed Because Valve Stuck Partial Stroke Test: Aborted Partial Stroke Test: Feedback Error Partial Stroke Test NOT Run: Trip State Not Met
Message Class
Single Ack? No No No No Yes Yes No Yes Yes
With Ack? No No No No Yes Yes No Yes Yes
Status Message Status Message Status Message Status Message PLC Process Control Message PLC Process Control Message Status Message PLC Process Control Message PLC Process Control Message
V 1.1
09.04.2008
49/93
Event Partial Stroke Test NOT Run: Permissive Not Met Partial Stroke Test NOT Run: Feedback Bad Quality Partial Stroke Test NOT Run: Feedback Below Tol. Partial Stroke Test NOT Run: Solenoid Test is Running Partial Stroke Test NOT Run: Invalid Parameter Full Stroke Test: Passed
Message Class PLC Process Control Message PLC Process Control Message PLC Process Control Message PLC Process Control Message PLC Process Control Message Status Message PLC Process Control Message PLC Process Control Message PLC Process Control Message PLC Process Control Message Status Message Status Message Status Message PLC Process Control Message PLC Process Control Message
Single Ack? Yes Yes Yes Yes Yes No Yes Yes Yes Yes No No No Yes Yes
With Ack? Yes Yes Yes Yes Yes No Yes Yes Yes Yes No No No Yes Yes
Full Stroke Test: Required Partial Stroke Test: Required Parameterization error calculation Parameter change calculation Solenoid Test: Started Solenoid Test Ended Solenoid Test: Passed Solenoid Test: Failed Solenoid Valve NOT Run
V 1.1
09.04.2008
50/93
Note
The table above lists the default alarm settings. The settings can be changed by the user, as necessary. Within the associated SIMATIC Manager project: 1. Locate the PST block (FB 595) in the Blocks folder. 2. Right-click the block and select Special Object Properties>Message to open the PCS 7 Message Configuration dialog. 3. Edit the alarm settings as desired and close the dialog. 4. Update the any configured PST block instances in the projects CFCs using the Options<Block Types menu option in the CFC Editor.
V 1.1
09.04.2008
51/93
4.7
Configuring the PST_CALC Block The PST_CALC block contains logic that helps predict when the next full proof test is required on the valve assembly (see Figure 4-12). This is indicated as the need for a Full Stroke Test, but the user will need to determine all the necessary proof testing required to validate the entire valve assembly. The block calculates the time interval by using failure rate data, the average Probability of Failure on Demand (PFDAVG) to maintain the desire SIL rating and the impact of the Partial Stroke Testing. The PST_CALC logic is responsible for the following:
Calculating the running PFDAVG for the valve Providing an alarm to the user when the next Full Stroke Test is required Providing the date and time at which the next Full Stroke Test is required
Figure 4-12: The PST_CALC Block in the Partial Stroke Test Template
An emergency shutdown valve does not fully close as part of a Partial Stroke Test; thus, not all of the valve's failure modes can be verified with this online testing. As previously mentioned, the diagnostic coverage of an online proof test (CPT) is a percentage that corresponds to the effectiveness of a Partial Stroke Test. For example, if the CPT for an emergency shutdown valve is 70%, a Partial Stroke Test can detect 70% of the possible failure modes of the valve. That directly implies that 30% of the possible failure modes of the valve cannot be tested. Because of the potentially undiagnosed failures, the probability that the valve will fail, PFDAVG, will accumulate over time. The PFDAVG can only be completely reset to zero when full proof testing (Full Stroke Test and any associated tests) is done, as this provides 100% diagnostic coverage. This concept is illustrated in Figure 4-13.
V 1.1
09.04.2008
52/93

Figure 4-13: Accumulating Average PFD with Partial Stroke Testing
When automatic testing is first enabled, the PST_CALC block runs a series of calculations to determine when the next full proof test (Full Stroke Test) is required. Based on the user-entered criteria, the PST_CALC block projects the PFDAVG curve. Subsequently, the PFDAVG curve for the valve is then updated each time a new Partial Stroke Test or Full Stroke Test is run. This includes if any of these tests are run manually, as the logic monitors the feedback signal to determine the position of the valve. There are 4 key values that the PST_CALC block requires in order to complete the calculation successfully:
TI: The time interval between automatic Partial Stroke Tests (this value is an input to the PST block that is passed to the PST_CALC block) CPT: The diagnostic coverage factor for the Partial Stroke Test F_RATE: The dangerous undetected failure rate (DU) of the valve PFD_LIM: The PFD threshold required to maintain the desired SIL rating; once the calculated PFD reaches this value, a full proof test (Full Stroke Test) is required for the valve. This value can be determined by looking up the desired SIL rating in the SIL charts in the IEC 61511 standard
Figure 4-14 illustrates the relationship between the PST_CALC parameters.
V 1.1
09.04.2008
53/93

Figure 4-14: PST_CALC Operation Overview
V 1.1
09.04.2008
54/93
The PST_CALC blocks inputs and outputs are described in Table 4-5.
Table 4-5: PST_CALC Block Inputs and Outputs
Input/ Output Input
Name CPT
Description Percent Effectiveness of Online Proof Test (0% 100%)
Notes Data type: REAL Default value: 0.0 CPT should be set to the percentage of failure modes for the valve that are covered with a Partial Stroke Test executed to the test setpoint (TEST_SP). Data type: REAL Default value: 100.0 F_RATE is the dangerous undetected failure rate (DU) for the valve assembly.
Input
F_RATE
Valve Failure Rate (FITS)
Input
PFD_LIM
PFD Limit Based on SIL
Data type: REAL Default value: 100.0 PFD_LIM is the PFDAVG threshold that the valve assembly is required to stay below to achieve the desired SIL for the SIF. To see the PFDAVG values required for various SIL levels, refer to the IEC 61511 standard.
V 1.1
09.04.2008
55/93
Input/ Output Input
Name EN_FSTFB
Description Enable for Full Stroke Test Feedback Evaluation (1 = Enabled)
Notes Data type: BOOL Default value: 1 (Enabled) EN_FSTFB is an enable to determine if a Full Stroke Test is registered based on valve positioner feedback alone. If enabled (EN_FSTFB=1), then a Full Stroke Test is registered by the logic whenever the feedback indicates the valve is fully closed (F_PST.FB_IN < (PST.CL_POS + PST.TEST_HYS)). If disabled (EN_FSTFB= 0), no Full Stroke Test is registered under the same conditions. The user must then use the SET_FST input to indicate a Full Stroke Test has occurred. Data type: BOOL Default value: 0 When SET_FST transitions from 0 to 1, a new Full Stroke Test is registered. This resets the PFDAVG calculations. SET_FST can be connected to user-configured logic. Since a new Full Stroke Test is only recorded when SET_FST transitions from 0 to 1, the input must be reset in between Full Stroke Tests.
Input
SET_FST
Manual Notification of a Full Stroke Test (1=New Full Stroke Test)
Output
FST_REQ
Full Test Required (1 = Warning Active)
Data type: BOOL FST_REQ indicates when a Full Stroke Test is required to maintain the desired SIL for the SIF. This is set to 1 if the current date/time has passed the date/time indicated by NEXT_FST.
V 1.1
09.04.2008
56/93
Name NEXT_FST
Description Timestamp for Next Full Stroke Test
Notes Data type: STRING[16] NEXT_FST provides a text string that indicates when the next Full Stroke Test js required. In order to maintain the desired SIL for the SIF, the Full Stroke Test must be executed by the date indicated. Data type: BOOL The following validity checks are conducted for the PST_CALC block: CPT >= 0 and CPT < 100 F_RATE > 0 If an invalid parameter value is detected, QERR is set to 1. The PST_CALC calculations are only run when automatic testing is first enabled (i.e. PST.TI > 0) and when a Full Stroke Test occurs. To reset QERR and force the calculations to update, a Full Stroke Test must be run or automatic testing must be disabled and then re-enabled.
Output
QERR
Indication of Invalid Parameters (1=Invalid Parameters)
V 1.1
09.04.2008
57/93
Name QCHANGE
Description Indication of a Parameter Change (1=Parameters changed)
Notes Data type: BOOL If any of the following parameter values change between Full Stroke Tests (when automatic testing is enabled), the block calculations are invalid and QCHANGE is set to 1: PST.TI CPT F_RATE PFD_LIM The PST_CALC calculations are only run when automatic testing is first enabled (i.e. PST.TI > 0) and when a Full Stroke Test occurs. To reset QCHANGE and force the calculations to update, a Full Stroke Test must be run or automatic testing must be disabled and then re-enabled.
Note
The PST_CALC block has additional inputs and outputs that are not documented in Table 4-5. These inputs and outputs are utilized by Partial Stroke Test logic for things like data passing between blocks and are typically hidden. The user should only set parameters explained in the table.
Note
There are hidden connections between the F_PST, F_PST_S, PST and PST_CALC blocks. If the PST block is deleted from the CFC and subsequently replaced, all of the connections have to be restored manually. See Engineering Template in the PST library.
Note
If the user determines that the PST_CALC logic is not needed for a particular application, the PST_CALC block should be deleted from the Engineering Template to save memory and execution time.
V 1.1
09.04.2008
58/93
4.8
Configuring the OR_QC Block The OR_QC block contains logic that evaluates the quality codes of up to four driver blocks to see if any of the signals has a bad quality. A single output value is returned by the block. The block can be used to evaluate the quality codes of the driver blocks used within the Partial Stroke Test engineering template; the result can then be connected to the CSF input of the F_PST block.
Figure 4-15: The OR_QC Block in the Partial Stroke Test Template
The OR_QC blocks inputs and outputs are described in Table 4-6.
Table 4-6: OR_QC Block Inputs and Outputs
Input/ Output Input
Name INx
Description Input x (x=1..4)
Notes Data type: BYTE Default value: 16#80 (Good Quality) If IN1, IN2, IN3 and IN4 are equal to 16#80, the quality of the signal is evaluated as good. If any INx is not equal to 16#80, the quality of the signal is evaluated as bad.
Output
RET_VAL
Return Value of the Function
Data type: BOOL If all input signals indicate a good quality code, RET_VAL is FALSE. If one or more inputs indicate a bad quality code, RET_VAL is TRUE.
V 1.1
09.04.2008
59/93
4.9
Compiling and Downloading the Partial Stroke Test Logic After the Partial Stroke Test template has been added to a CFC and configured (i.e. the necessary I/O connections are made and the F_PST, F_PST_S, PST and PST_CALC test parameters are set), the logic can be compiled. Once the logic has been compiled, it can be downloaded to the controller. Two notes about compiling the logic:
The Partial Stroke Test engineering template utilizes standard STEP7 Functions (FCs) in a low-number range (i.e. FC1, AD_DT_TM, FC2 CONCAT, FC16 I_STRNG, FC32 RIGHT, etc.). The numbers of the FCs cannot be modified. In order for the logic to be successfully compiled, the user must allow FCs starting with number 1 to be included in the compile. To enable this capability from the CFC Editor, select Options>Customize>Compile/Download to open the Settings for Compilation/Download dialog. In the FC numbers from: field, enter 1 for the starting range and hit the OK button to exit the dialog (refer to Figure 4-16). Then, proceed with the logic compilation as usual.
Figure 4-16: The Compile/Download Customize Options Dialog
V 1.1
09.04.2008
60/93
The Partial Stroke Test engineering template includes I/O channel driver blocks. In order for the application to function as designed, certain I/O diagnostic blocks need to be automatically created and connected during the compilation. To be able to created the I/O diagnostic blocks, select Chart>Compile>Chart As Program from within the CFC Editor. This opens the Compile program dialog. Select the option to Generate module drivers and proceed with the logic compilation.
Figure 4-17: The Compile Program Dialog
V 1.1
09.04.2008
61/93
Engineering Template Operation

The engineering template can be monitored and operated in runtime mode. From within CFC Editor, open the Partial Stroke Test template to view the logic details (individual blocks like F_PST and Partial Stroke Test should be visible). The CFC Editor Debug menu options Test Mode, Watch On and Inputs/Outputs>Add to Watch List can be used to view real-time data.
Note
For more information on using the CFC Editor Debug menu options, reference either the CFC Editor online help or the SIMATIC CFC for S7 manual.
5.1
Viewing Partial Stroke Test Data Once the Partial Stroke Test logic is in runtime mode, real-time data can be monitored. Figure 5-1 demonstrates the Partial Stroke Test logic running in monitor mode, with real-time Partial Stroke Test data visible. In this case:
F_PST.QPASS = 1, indicating that the last Partial Stroke Test was successful PST.TEST_TS = 2006-06-16-15:49, indicating that the last Partial Stroke Test was run on June 16, 2006 at 15:49 PST.RESPTIME = 4.092, indicating that it took just over 4 seconds for the valve position to cross the (TEST_SP + TEST_HYS) threshold during the last Partial Stroke Test PST.FINALVAL = 75.0, indicating that when the last Partial Stroke Test ended, the valve position was 75.0 PST.NEXT_PST = 2006-06-18-15:48, indicating that the next Partial Stroke Test is scheduled to run on June 18, 2006 at 15:48 PST_CALC.NEXT_FST = 2007-02-11-09:50, indicating that the next Full Stroke Test is required on February 11, 2007 at 9:50 to meet the specified PFD requirements
V 1.1
09.04.2008
62/93

Figure 5-1: Partial Stroke Test Logic in Runtime Mode
5.2
Changing the Value of the Partial Stroke Test Parameters With the Partial Stroke Test logic in runtime mode, any test parameters can be changed. However, only the following Partial Stroke Test parameters would typically need to be adjusted:

Note
TI, the automatic test interval TEST_SP, the Partial Stroke Test setpoint TEST_HYS, the valve position hysteresis for pass/fail evaluation TT, the length of the Partial Stroke Test MON_TIME, monitoring time for starting the Partial Stroke Test MON_VAL, feedback change required within MON_TIME If the value of TI is changed while the timer is running, the timer is completely reset (i.e. no test will run until the new TI time value has completely elapsed). In this case, it is recommended that the user manually run a Partial Stroke Test to account for the time interval that elapsed before TI was modified.
V 1.1
09.04.2008
63/93
Note
If the valve closes beyond the threshold of (CL_POS + TEST_HYS) for any reason (i.e. an emergency shutdown, planned maintenance, etc), this is considered to be a Full Stroke Test only when PST_CALC.EN_FSTFB = 1. All timers shall be reset and the PST_CALC block will reset the time to the next Full Stroke Test. Alternatively, if PST_CALC.SET_FST = 1, a Full Stroke Test is registered. Again, all timers shall be reset and the PST_CALC block will reset the time to the next Full Stroke Test.
5.3
Changing the Value of the Solenoid Test Parameters The following Solenoid Test parameters typically need to be adjusted:
DT_S, delay time for Solenoid Test after the Partial Stroke Test has passed TT_S, the length of the Solenoid Test MON_T_S, monitoring time for the Solenoid Test MON_V_S, feedback change required within MON_T_S
5.4
Manually Starting or Aborting a Partial Stroke Test With the Partial Stroke Test logic in runtime mode, a Partial Stroke Test can be initiated or a running test can be aborted.
To initiate a test, pulse the L_START input of the PST block from 0 to 1. As a test request is only initiated when L_START transitions from 0 to 1, L_START must be reset to 0 before another manual test request can be initiated. It is also possible to start the Partial Stroke Test from the faceplate. The in/out parameter START is set by the faceplate and reset by the PST block after it has been evaluated. To abort a running test, pulse the L_ABORT input of the PST block from 0 to 1. As a test abort request is only initiated when L_ABORT transitions from 0 to 1, L_ABORT must be reset to 0 before another manual test request can be initiated. It is also possible to abort the Partial Stroke Test in the faceplate. The in/out parameter ABORT is set by the faceplate and reset by the PST block after it has been evaluated.
V 1.1
09.04.2008
64/93
6
6.1
6.1.1
Operator Interface Configuration

PCS 7 OS Configuration Prerequisites
Assumptions The Partial Stroke Test Engineering Template component has been configured within a SIMATIC Manager project. The associated SIMATIC Manager project already contains a WinCC project, with an established hierarchy of plant areas. The Partial Stroke Test help file and users guide assumes that the user has an understanding of PCS 7 OS/WinCC configuration concepts. For more details, refer to the following manuals: The WinCC Information System The PCS 7 Operator Station Configuration Manual
6.1.2
Preparing WinCC to Create Partial Stroke Test Block symbols
Configuring the Partial Stroke Test Operator Interface component from SIMATIC Manager involves the automatic creation of Partial Stroke Test block symbols on WinCC pictures. To ensure the accuracy of this functionality, the following steps must be performed:
1. Launch WinCC Explorer for the OS included in the associated SIMATIC Manager project. Locate and open the following in the Graphics Designer: @@PartialStrokeTestTypicals.PDL @PCS7Typicals.PDL @Template.PDL
Note
If the @PCS7Typicals.PDL file does not yet exist, create it by copying and renaming the @@PCS7Typicals.PDL in the same target directory.
V 1.1
09.04.2008
65/93

Figure 6-1: WinCC Explorer
2. For use of the function Create/Update picture symbols copy the designated symbol of the @@PartialStrokeTestTypicals.PDL to an empty space on the @PCS7Typicals.PDL. For manually creating block symbols in process pictures copy the designated symbol of the @@PartialStrokeTestTypicals.PDL to an empty space on the @Template.PDL. Note that only these block symbols are to be used, when block symbols are created manually.
V 1.1
09.04.2008
66/93

Figure 6-2: Graphics Designer
3. Save and close the @PCS7Typicals.PDL / @Template.PDL. Open the @PCS7Typicals.PDL / @Template.PDL in the \SIEMENS\WINCC\options\pdl\FaceplateDesigner_V6 directory. Repeat Steps 1, 2 and 3 to create an instance of the Partial Stroke Test block symbol on this PDL instance. If this is done correctly, the @PCS7Typcials.PDL / @Template.PDL files will include the Partial Stroke Test block symbol when future OS projects are created.
6.2
Configuring the Partial Stroke Test Operator Interface The Partial Stroke Test Operator Interface exists as a WinCC faceplate in the PCS 7 OS environment. In runtime, the faceplate provides an operator with the ability to read and display data values from running Partial Stroke Test Engineering Template component. With appropriate security rights, an operator can execute some basic test functions like modifying Partial Stroke Test parameters and executing a test manually from the faceplate.
V 1.1
09.04.2008
67/93
6.2.1
Configuring the Partial Stroke Test Operator Interface 1. Open the project in SIMATIC Manager. 2. Navigate to the Partial Stroke Tests associated CFC in the Charts folder of the Component View. 3. Cut the Partial Stroke Tests associated CFC from the Component View and paste it into a hierarchy folder in the Plant View. Note that after pasting the CFC into the Plant View, it will appear in both the Component View and the Plant View. Note that the hierarchy folder has to be assigned to the correct CPU chart folder.
Figure 6-3: SIMATIC Manager
4. Create a picture in the hierarchy folder that contains the Partial Stroke Tests associated CFC. In the Plant View, right-click the appropriate hierarchy folder and select Insert New Object>Picture. Assign a logical name to the picture. Note that the hierarchy folder has to be assigned to the correct OS. 5. Right-click the picture to open its Object Properties dialog box. On the Block symbols tab, check the following option: Derive the block symbols from the technological hierarchy. Close the dialog box.
V 1.1
09.04.2008
68/93
Figure 6-4: Derive Block Symbols Dialog
6. Run the OS Compile operation in SIMATIC Manager by selecting Options>OS>Compile. Enable at least the following compile options: Tags and messages Picture Tree Create/update block symbols
V 1.1
09.04.2008
69/93
Operator Interface Operation

At runtime, the operator can access the Partial Stroke Test Operator Interface component from within the PCS 7 OS. The Partial Stroke Test block symbol and faceplate provide a visual representation of the Partial Stroke Test as configured and monitored from within SIMATIC Manager. The Partial Stroke Test Operator Interface allows for the simultaneous display and updating of multiple Partial Stroke Test Engineering Template instances. In addition, the Partial Stroke Test Operator Interface supports the simultaneous monitoring of the same Partial Stroke Test Engineering Template instance on different client stations.
7.1
Accessing the Partial Stroke Test Interface in PCS 7 OS Runtime Launch WinCC Explorer for the OS included in the associated SIMATIC Manager project
Click the Activate button on the WinCC Explorer toolbar to start the OS in runtime mode. In WinCC Runtime, open the picture that contains the Partial Stroke Test block symbol.
Figure 7-1: Partial Stroke Test Block Symbol
The Partial Stroke Test block symbol includes the following data: The Partial Stroke Test tag name The status of the Partial Stroke Test Indication of Partial Stroke Test alarms Click the Partial Stroke Test block symbol to launch its faceplate. Once the faceplate is open, a user with the appropriate WinCC security rights can do the following: View Partial Stroke Test and Solenoid Test data Change the value of the following Partial Stroke Test parameters: Automatic Test Interval
V 1.1
09.04.2008
70/93
Stroke Test Setpoint Position Hysteresis Max Test Time
Manually Start a Partial Stroke Test Manually Abort a Running Partial Stroke Test Change the value of the following Solenoid Test parameters: Delay Time Monitoring Value
Figure 7-2: Partial Stroke Test Faceplate
V 1.1
09.04.2008
71/93

Table 7-1: Tags Used in the Partial Stroke Test Faceplate
Display / Field General Trip State Permissive State Feedback Bad Quality Position Setpoint Position Feedback Parameter Status Partial Stroke Test Automatic Test Interval Stroke Test Setpoint Position Tolerance Max Test Time
Tag QTRIP QILOCK QBAD SP, SP#unit FB_OUT, FB_OUT#unit QERR TI TEST_SP, TEST_SP#unit TEST_HYS, TEST_HYS#unit TT QRUN, QPASS, QFAIL, QINHIBIT, QFB_ERR, QABORTED QPST_REQ E_TIME RESPTIME FINALVAL START ABORT NEXT_PST NEXT_PST Full Stroke Test FST_REQ NEXT_FST NEXT_PST Solenoid Test QEN_S DT_S MON_V_S, MON_V_S#unit QRUN_S, QPASS_S, QFAIL_S, QINH_S
Test Status Partial Stroke Test Required Elapsed Time Response Time Final Position Manual Test Abort Test Automatic Testing Next Scheduled Test Full Test Required Next Required Test Next Scheduled Test Display of Solenoid Test Delay Time Monitoring Value Test Status
V 1.1
09.04.2008
72/93
7.2
Partial Stroke Test OS Security Considerations The Partial Stroke Test Operator Interface component uses PCS 7 OS security to determine what Partial Stroke Test operations are permitted for each OS user. The security rights for the Partial Stroke Test are listed in Table 7-2.
Table 7-2: Partial Stroke Test Operator Security
Partial Stroke Test Operations View Partial Stroke Test Data Change the Value of the following Partial Stroke Test Parameters: - Automatic Test Interval - Stroke Test Setpoint - Position Tolerance - Max Test Time Change the Value of the following Solenoid Test Parameters: - Delay Time - Monitoring Value - Max Test Time Manually Start a Partial Stroke Test Manually Abort a Running Partial Stroke Test
No Level 5/6 Security Rights
Level 5 Security Rights
Level 6 Security Rights
X X X
V 1.1
09.04.2008
73/93
Generation of Reports
The user has the ability to generator reports after a Partial Stroke Test has been conducted. For this purpose the following files are provided:
Report Layouts, which can be found in the WinCC Explorer below Report Designer\Layouts: PST.rpl (German version) PST_eng.rpl (English version)
Action PST.pas for starting the print job. After unpacking the Partial Stroke Test setup zip file it can be found in the WinCC installation folder in the folder \WinCC\PST.
Figure 8-1: Partial Stroke Test Report Layout
The following chapters describe the procedure to configure and activate a report for Partial Stroke Test.
V 1.1
09.04.2008
74/93
8.1
Internal Tags Internal tags are required to pass the tag names and names of the archive process tags to the report layout.
1. Add a new tag group PST to the Internal tags 2. Insert three tags within the tag group PST, names and data type see below
Figure 8-2: Partial Stroke Test Internal Tags
8.2
Process Tags The report layout displays a trend curve of feedback and setpoint of the conducted Partial Stroke Test. The trend collects the data from a process value archive. The following steps
1. Open the Tag Logging 2. Add a new process value archive. The process value archive has to be named Prozesswertarchiv! 3. Add the variables FB_OUT and SP of the PST block to the process value archive. The tag names of these process tags must not be changed!
V 1.1
09.04.2008
75/93

Figure 8-3: Partial Stroke Test Process Tags in Process Value Archive
4. The properties of the process tags can be changed by right-clicking on the process tag. In the strap Archive type set the Acquisition type to cyclic-selective.
Figure 8-4: Partial Stroke Test Properties Archive Tag of Process Tags in Process Value Archive
V 1.1
09.04.2008
76/93
In the strap Events, select the tag .QACTIVE of the corresponding PST block as start tag.
Figure 8-5: Partial Stroke Test Properties Events of Process Tags in Process Value Archive
V 1.1
09.04.2008
77/93
8.3
Creating a Print Job Go to Report Designer Print jobs and add a new print job for each language that is required in the project. The print jobs have to be configured as described below:
German version: Name Print_Job_PST Layout PST.rpl English version: Name Print_Job_PST_eng Layout PST_eng.rpl
For other language versions, the names of the print job and report layout can be configured freely.
Figure 8-6: Partial Stroke Test General Properties of Print Job
V 1.1
09.04.2008
78/93
8.4
Activating the Print Job The print job shall be started, when a Partial Stroke Test and, if applicable, the Solenoid Test have been conducted and terminated. The Global Script action PST.pas, which is included in the WinCC installation folder \WinCC\PST serves as a sample to trigger the print job. The action PST.pas has to be copied to the folder \projectname\wincproj\OS project name\computer name\PAS and adapted for each PST block. Adaptations of action PST.pas: 1. Set trigger variables: Click on this symbol or select Edit Info. Replace the existing tags in the property window with the tags of the designated PST block. The standard cycle for variable .PASS has to be at least equal or smaller than the executing cycle in the CPU.
Figure 8-7: Partial Stroke Test Trigger Properties of Global Script Action
V 1.1
09.04.2008
79/93
2. Change allocation of the PST tagname in the source code (encircled string). 3. Adjust function call for print function:
Call RPTJobPreview for starting the print preview, which subsequently can be printed Call RPTJobPrint for directly printing the print job
4. Optional enhance script with further / other language by copying the ELSE IF query and replacing the language id and used print job. The WinCC help comprises an table with the supported language ids.
Figure 8-8: Partial Stroke Test Global Script Action PST.pas
V 1.1
09.04.2008
80/93
Appendix
The appendix contains the following topics:
Complete listing of block parameters of the blocks F_PST, F_PST_S, PST and PST_CALC Description of internally used function PST_TIME
V 1.1
09.04.2008
81/93
9.1
Block parameters of F_PST

Element FB_IN TRIP LOCK ERR CSF TT TI MON_TIME MON_VAL Data Type F_REAL F_BOOL F_BOOL BOOL BOOL TIME INT TIME REAL REAL REAL REAL REAL BOOL BOOL BOOL BOOL F_BOOL F_BOOL F_BOOL F_REAL F_REAL F_BOOL F_BOOL F_BOOL F_BOOL F_BOOL F_BOOL F_BOOL F_BOOL Type I I I I I I I I I I I I I I I I I I I I I O O O O O O O O O Description Feedback Signal from Valve Positioner Commanded Valve Status (1=Open, 0=Close) Test Permissives (1=Permit Test, 0=Inhibit Test) 1=Error Feedback Quality (1=Bad, 0=Good) Length of Test; Maximum Valve Reaction Time [s] Test Interval [h] (0=No Automatic Testing) Monitoring time for starting PST [s] Feedback change required within monitoring time Valve Stroke Position Valve Position Hysteresis for Test Pass/Fail Evaluation Valve Position for Full-Open Valve Position for Full-Close 1=Enable Automatic Test 1=Enable FST based on feedback Manual Test Request (1=Start Test) Abort Test (1=Abort) Run Status Solenoid Test (1=Running, 0=Not Running) Output Q of TT Timer Output Q of TI Timer Feedback stored when PST started Feedback Signal from Valve Positioner Feedback Quality (1=Bad, 0=Good) Commanded Valve Status (1=Open, 0=Close) Test Permissives (1=Permit Test, 0=Inhibit Test) 1=PST required 1=Last Test Failed 1=Last Test Passed 1=New Successful Full Stroke Test 1=Feedback error OCM
TEST_SP TEST_HYS OP_POS CL_POS AUTO_EN EN_FSTFB START ABORT RUN_S TT_Q_IN TI_Q_IN FB_S_IN FB_OUT QBAD QTRIP QILOCK QPST_REQ QFAIL QPASS QFSTPASS QFB_ERR
V 1.1
09.04.2008
82/93
Element QINHIBIT QRUN QSP_OK E_TT E_TI_HRS E_TI QINH_SOL TT_Q TI_Q FB_S_OUT
Data Type F_BOOL F_BOOL F_BOOL F_TIME F_INT F_TIME F_BOOL F_BOOL F_BOOL F_REAL
Type O O O O O O O O O O
Description 1=Start was inhibited Run Status (1=Running, 0=Not Running) 1=Setpoint reached Elapsed Test Time [ms] Elapsed Interval Time [h] Elapsed Interval Time [ms] 1=Inhibit Solenoid Valve Test Output Q of Test Timer Output Q of Interval Timer Feedback stored when PST started
OCM
V 1.1
09.04.2008
83/93
9.2
Block parameters of F_PST_S

Element FB_IN_AI PASS INHIBIT RUN ABORT DELAY_T TT MON_TIME MON_VAL TT_V_IN MON_TIME_Q _IN FB_S_IN QENABLE QFAIL QPASS QINHIBIT QRUN F_DO TT_V_OUT MON_TIME_Q _OUT FB_S_OUT_ AO Data Type F_REAL F_BOOL F_BOOL F_BOOL BOOL TIME INT TIME REAL F_REAL F_BOOL F_REAL F_BOOL F_BOOL F_BOOL F_BOOL F_BOOL F_BOOL F_REAL F_BOOL F_BOOL Type I I I I I I I I I I I I O O O O O O O O O Description Feedback Signal from Valve Positioner 1=Last PST Passed 1=Start was Inhibited Run Status (1=Running, 0=Not Running) Abort Test (1=Abort) Delay Time for Start [ms] Length of Test; Maximum Valve Reaction Time [cycles] Monitoring time [ms] Value for monitoring test Accumulated Test Time [cycles] Output Q of MON_TIME Timer Feedback stored when test started 1=Solenoid Test Enabled 1=Last Test Failed 1=Last Test Passed 1=Start was Inhibited Run Status (1=Running, 0=Not Running) Digital output solenoid valve Accumulated Test Time [cycles] Output Q of MON_TIME Timer Feedback stored when test started OCM
V 1.1
09.04.2008
84/93
9.3
Block parameters of PST

Element SAMPLE_T RUNUPCYC TT TI MON_TIME MON_VAL TEST_SP TEST_HYS TESTSP_R Data Type REAL INT REAL INT REAL REAL REAL REAL REAL REAL REAL REAL INT REAL REAL BOOL BOOL BOOL BOOL BOOL BOOL UDT_F_R UDT_F_B UDT_F_B UDT_F_B UDT_F_B UDT_F_B UDT_F_B UDT_F_B UDT_F_B UDT_F_B UDT_F_B Type I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I Description Sample Time [s] Lag: Number of Run Up Cycles Length of Test; Maximum Valve Reaction Time [s] Test interval [h] (0=No Automatic Testing) Monitoring time for starting PST [s] Feedback change required within monitoring time Valve Stroke Position Valve Position Hysteresis for Test Pass/Fail Evaluation Range for Valve Stroke Position Valve Position for Full-Open Valve Position for Full-Closed Delay Time for Solenoid Test [s] Length of Solenoid Test [cycles] Monitoring time for solenoid test [s] Feedback change required for Solenoid Test 1=Error PST_CALC 1=Parameter Change PST_CALC 1=New Successful Full Stroke Test Linkable input to start PST Linkable input to abort PST 1=Message lock Feedback Signal from Valve Positioner Feedback Quality (1=Bad,0=Good) Commanded Valve Status (1=Open, 0=Closed) Test Permissives (1=Permit, 0=Inhibit Test) 1=Test Required 1=Last Test Failed 1=Last Test Passed 1=Feedback error 1=Start was Inhibited Run Status (1=Running,0=Not Running) 1=Setpoint reached + + + + + + + + OCM
OP_POS CL_POS DT_S TT_S MON_T_S MON_V_S ERR_CALC CHG_CALC FST_PASS L_START L_ABORT MSG_LOCK FB_IN CSF TRIP ILOCK PST_REQ FAIL PASS FB_ERR INHIBIT RUN SP_OK
V 1.1
09.04.2008
85/93
Element E_TT E_TI_HRS E_TI EN_S FAIL_S PASS_S INH_S RUN_S FST_REQ NEXT_FST MSG_EVID1 MSG_EVID2
Data Type UDT_F_T UDT_F_I UDT_F_T UDT_F_B UDT_F_B UDT_F_B UDT_F_B UDT_F_B BOOL STRING[16] DWORD DWORD DWORD REAL REAL STRING[16] REAL REAL REAL STRING[16] TIME INT INT TIME REAL REAL REAL REAL REAL TIME INT TIME REAL
Type I I I I I I I I I I I I I O O O O O O O O O O O O O O O O O O O O
Description Elapsed Test Time [ms] Elapsed Interval Time [h] Elapsed Interval Time [ms] 1=Solenoid Test Enabled 1=Last Solenoid Test Failed 1=Last solenoid Test Passed 1=Solenoid test inhibited Run Status Solenoid Test (1=Running,0=Not Running) 1=Full Stroke Test Required Time for next FST Message ID 1 message block Message ID 2 message block Message ID 3 message block Feedback signal from valve positioner Valve Positioner Setpoint Time Stamp for last Test Elapsed Test Time [s] Response Time to Reach Test Setpoint [s] Actual Valve Position at End of Test Time for next PST Length of Test; Maximum Valve Reaction Time [ms] Test interval [h] (0=No Automatic Testing) Test interval for PST_CALC[h] (0=No Automatic Testing) Monitoring time for starting PST [ms] Feedback change required within monitoring time Valve Stroke Position Valve Position Hysteresis for Test Pass/Fail Evaluation Valve Position for Full-Open Valve Position for Full-Closed Delay Time for Solenoid Test [ms] Length of Solenoid Test [cycles] Monitoring time for solenoid test [ms] Feedback change required for solenoid test
OCM
+ +
MSG_EVID3 FB_OUT SP TEST_TS E_TIME RESPTIME FINALVAL NEXT_PST QTT QTI QTI_CALC QMONTIME QMON_VAL QTEST_SP QTESTHYS QOP_POS QCL_POS QDT_S QTT_S QMON_T_S QMON_V_S
+ + + + + + +
+ + + + +
V 1.1
09.04.2008
86/93
Element VSTATUS QERR QACTIVE QSTART QABORT QBAD QTRIP QILOCK QPST_REQ QFAIL QPASS
Data Type DWORD BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL BOOL WORD WORD WORD WORD WORD WORD BOOL BOOL
Type O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O IO IO
Description Alarm status 1=Error 1=Test active Manual Test Request (1=Start Test) Abort Test (1=Abort) Feedack quality (1=Bad,0=Good) Commanded Valve Status (1=Open, 0=Closed) Test Permissives (1=Permit, 0=Inhibit Test) 1=Partial Stroke Test Required 1=Last Test Failed 1=Last Test Passed 1=New Successful Full Stroke Test 1=Feedback error 1=Start was Inhibited 1=Test was aborted Run Status (1=Running,0=Not Running) 1=Last Solenoid Test Failed 1=Last solenoid Test Passed 1=Solenoid test inhibited Run Status Solenoid Test (1=Running,0=Not Running) Status: 1=PST Enabled 1=Solenoid Test Enabled 1=Message Error 1=Message Suppression Active Message block 1: STATUS Output Message block 2: STATUS Output Message block 3: STATUS Output Message block 1: ACK_STATE Output Message block 2: ACK_STATE Output Message block 3: ACK_STATE Output Operator input: 1=Start PST Operator input: 1=Abort PST
OCM + +
+ + + + + + + + + + + + + + + + + +
QFSTPASS QFB_ERR QINHIBIT QABORTED QRUN QFAIL_S QPASS_S QINH_S QRUN_S QSTART_EN QEN_S QMSG_ERR QMSG_SUP MSG_STAT1 MSG_STAT2 MSG_STAT3 MSG_ACK1 MSG_ACK2 MSG_ACK3 START ABORT
+ +
V 1.1
09.04.2008
87/93
9.4
Block parameters of PST_CALC

Element CPT F_RATE PFD_LIM EN_FSTFB SET_FST TI PASS FST_PASS FST_REQ Data Type REAL REAL REAL BOOL BOOL INT UDT_F_B UDT_F_B BOOL STRING[16] BOOL BOOL BOOL BOOL Type I I I I I I I I O O O O O O Description Partial Stroke Test Coverage Factor [%] Valve Failure Rate [FITS] PFD Limit Based on Required SIL Evaluate Full Stroke Test Based on Feedback New Successful Full Stroke Test (Manual Input) Test Interval [Hrs] New Successful Partial Stroke Test New Successful Full Stroke Test [Feedback) Full Test Required (1=Warning Active) Time for Next Full Stroke Test Evaluation of FST_PASS and SET_FST Inputs Evaluate Full Stroke Test Based on Feedback Internal Block Error 1=Parameter has been changed OCM
NEXT_FST QFSTPASS QENFSTFB QERR QCHANGE
9.5
Configuring the PST_TIME Block The PST_TIME block contains logic that adds a time constant to a timestamp (of a passed test) and returns the value as a string for display purposes. The PST_TIME blocks inputs and outputs are described in Table 9-1: PST_TIME Block Inputs and Outputs.
V 1.1
09.04.2008
88/93

Table 9-1: PST_TIME Block Inputs and Outputs
Input/ Output Input
Name ACT_TIME
Description Actual Time
Notes Data type: DATE_AND_TIME Default value: DT#90-1-1-0:0:0.000 ACT_TIME is the original timestamp.
Input
OFFSET_H
Offset (Hours)
Data type: REAL Default value: 0.0 OFFSET_H is the offset, in hours, that is added to ACT_TIME.
Input
OFFSETMS
Offset (Milliseconds)
Data type: TIME Default value: T#0s OFFSETMS is the offset, in milliseconds, that is added to ACT_TIME.
Output
RET_VAL
Return Value of the Function
Data type: STRING RET_VAL is the sum of ACT_TIME, OFFSET_H and OFFSETMS converted to a string format.
Note
The PST_TIME block is called by the PST block (within the PST block's SCL code). The block is not visible to the user in the Partial Stroke Test Engineering Template but is part of the Partial Stroke Test Block Library.
V 1.1
09.04.2008
89/93
10
Abbreviations
Term DU CFC CPT ES FC FITS FST OS PFD PFDAVG PST SIMATIC S7 F System SIMATIC S7 FH System SCL SIF SIL TI Description Failure Rate Dangerous Undetected Failure Rate Continuous Function Chart Diagnostic Coverage of a Proof Test Engineering Station Function Failures per 109 hours Full Stroke Test Operator Station Probability of Failure on Demand Average Probability of Failure on Demand Partial Stroke Test SIMATIC S7 Failsafe System SIMATIC S7 Failsafe, Fault-Tolerant System Structured Control Language Safety Instrumented Function Safety Integrity Level Proof Test Interval
V 1.1
09.04.2008
90/93
11
Glossary
Term Continuous Function Chart, CFC Definition A STEP7 programming language used to describe continuous processes more clearly by graphically interconnection complex functions According to IEC 61511: Failure which has the potential to put the safety instrumented system in a hazardous or fail-to-function state According to IEC 61511: Capability of a technical system to remain in or revert to a safe state immediately after certain failure occur According to IEC 61511: Termination of the ability of a functional unit to perform a required function Rate at which failures occur for a particular device or system; Can be calculated by dividing the total number of failures by the total unit hours of operation for a particular device or system A logic block in STEP7 programming that does not reference an instance data block (i.e. it does not have a memory) A proof test that fully tests all of the failure modes of a valve; Can disrupt a running process and must typically be done during a shutdown or a planned maintenance period (when the valve can be physically bypassed) An IEC International Standard entitled Functional safety of electrical/electronic/programmable electronic safety-related systems; Sets out a generic approach for all safety lifecycle activities for systems comprised of electrical and/or electronic and/or programmable electronic components (E/E/PESs) that are used to perform safety functions
Dangerous Failure
Failsafe
Failure
Failure rate,
Function, FC
Full Stroke Test, FST
IEC 61508
V 1.1
09.04.2008
91/93
Term
Definition An IEC International Standard entitled Safety instrumented systems for the process industry sector; Gives requirements for the specification, design, installation, operation and maintenance of a safety instrumented system, so that it can be confidently entrusted to place and/or maintain the process in a safe state; Developed as a process sector implementation of IEC 61508. User Association for Automation in Process Industries (Mainly German) According to IEC 61511: A safety function with a specified safety integrity level which is necessary to achieve functional safety and which can be either a safety instrumented protection function or a safety instrumented control function According to IEC 61511: Discrete level (one out of four) for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented systems; Safety Integrity Level 4 has the highest level of safety integrity; Safety Integrity Level 1 has the lowest A proof test that tests some of the failure modes of a valve; Can be run while the system is operational According to IEC 61511: Test performed to reveal undetected faults in a safety instrumented system so that, if necessary, the system can be restored to its designed functionality The time interval between proof tests A device fails on demand if it fails to perform when needed; the probability of this happening is called the Probability of Failure on Demand; PFD calculations for a given device are based on the failure rate () for the device and the testing interval (TI).
IEC 61511
NAMUR
Safety Instrumented Function, SIF

Safety Integrity Level, SIL
Partial Stroke Test, PST
Proof Test
Proof Test Interval, TI
Probability of Failure on Demand, PFD
V 1.1
09.04.2008
92/93
Term
Definition A failsafe automation system consisting of at least the following: An F-capable CPU module, such as CPU 417-4 H, that can run a fail-safe (F) user program One or more fail-safe inputs/outputs (FI/Os) in a distributed I/O device (redundancy optional) A failsafe, fault-tolerant automation system consisting of at least the following: A fault-tolerant S7 400H system (master and standby) running a fail-safe (F) user program One or more fail-safe inputs/outputs (FI/Os) in a distributed I/O device (redundancy optional) A high-level STEP7 programming language similar to Pascal that is in accordance with the IEC 1131-3 standard According to IEC 61511: In relation to hardware and software faults not found by the diagnostic tests or during normal operation
SIMATIC S7 F System
SIMATIC S7 FH System
Structured Control Language, SCL
Undetected
V 1.1
09.04.2008
93/93

Partial Stroke Test With S7-400FH and PCS 7: Function Description

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Partial Stroke Test With S7-400FH and PCS 7: Function Description

Caricato da

Copyright:

Formati disponibili

Partial Stroke Test with S7-400FH and PCS 7

Warranty, Liability and Support

Copyright Siemens AG 2008 All rights reserved PST_e_V11.doc

Warranty, Liability and Support