Beruflich Dokumente
Kultur Dokumente
Note: The source of the technical material in this volume is the Professional
Engineering Development Program (PEDP) of Engineering Services.
Warning: The material contained in this document was developed for Saudi
Aramco and is intended for the exclusive use of Saudi Aramcos employees.
Any material contained in this document which is not already in the public
domain may not be copied, reproduced, sold, given, or disclosed to third
parties, or otherwise used in whole, or in part, without the written permission
of the Vice President, Engineering Services, Saudi Aramco.
CONTENT PAGE
INTRODUCTION............................................................................................................3
GLOSSARY .................................................................................................................34
LIST OF FIGURES
INTRODUCTION
Input devices
Output devices
The hardware test should verify the correct physical and soft
(communications link) connections of all inputs and outputs
associated with the ESD system. This test includes the primary
sensors, I/O interface devices, the logic solver, and the final
shutdown devices.
Types of Tests
Site test
Proof test
Relationship of Tests
to Project Execution
Proof testing takes over once the start-up phase of the project
has been completed. This phase coincides with the operating
portion of the process system.
During the FAT test, the complete ESD system, including all
composite modules and interconnecting wiring, must be subject
to both hardware and software functional tests. These tests
must demonstrate the functionality of each individual component
module within the integrated ESD system, including individual
I/O point tests. The FAT should include testing of all hardware
components and software in the system. Saudi Aramco
performs complete loop testing through to the DCS and to the
operators console. The FAT may be accomplished by either the
vendor performing the testing, the user performing the testing,
or a combination of the two performing the testing. The latter
approach is the most desirable.
Design Document
Requirements for Factory
Acceptance Tests
The purchase order for the ESD system should list the
additional design documents that are required for the FAT. The
following are typical documents that are needed to effectively
accomplish a FAT:
An ESD system I/O list that shows all input and output
devices.
Vendor manuals.
The FAT should not only check the functionality of the system,
but should also check the accuracy of the documentation. At the
end of the FAT, all documentation should accurately describe
the system. Any exceptions should be included on a punch list.
Test Equipment
Requirements for Factory
Acceptance Tests
Device Purpose
Operator
Consoles
Connection
To Network
Connection
To Network Dedicated
Critical Alarm
Alarm Horn
Annunciator
BPCS Logic Solver
MODBUS
AS
S
FO
XSL XSH
M M
Analog Sensing
Devices
Automatic Block
Discrete Output Discrete Input (transmitters,
Valves
Devices Devices thermocouples,
(e.g., motors) (pushbuttons and RTDs)
and other
switches)
Software Error
Detection Duane Plots
Design Document
Requirements for
Site Acceptance Tests
An ESD system I/O list that shows all input and output
devices.
Vendor manuals.
Test Equipment
Requirements for
Site Acceptance Tests
Where the actual process cannot be used for the test, as in the
initial phase of the site acceptance test when no process
Procedure for
Conducting Site
Acceptance Tests
Specific Proof
Testing Requirements
Self-Diagnostics
Frequency of
ESD Testing
A = Uptime/Total Time
where A = availability.
A = MTBF/(MTBF + MDT)
where:
A = MTBF/(MTBF + MTTR)
Procedures for
Proof Testing
A simplified P&ID.
Bypassing of ESD
Inputs and Outputs
Typical Applications
Authorization Procedures
Documentation
Logging Procedures
GLOSSARY
annotated logic A graphical method for showing ESD inputs, outputs, and
diagram internal logic using AND/OR, timer, or counter logic elements
with basic logic statements embedded in the diagram.
basic process control The control equipment and system that is installed to regulate
system normal production functions.
binary logic diagram A method of representing the logic in binary interlock and
sequencing systems using abstract logic functions such as
AND, OR, and NOT.
cause-and-effect matrix A form of state table that is used for showing the relationship
between a process input and an output device in binary
interlock and sequencing systems.
factory acceptance test A test of an ESD system that takes place at the vendor's site
and that does not test the field devices of the ESD system.
mean downtime The mean time that the ESD system is not able to respond to
a demand once a fault occurs.
mean time between The mean time between successive failures of a component
failures or system.
mean time to detect the The mean time that it takes to determine the specific location
location of a fault of a fault.
mean time to diagnose The mean time that it takes to determine that a fault has
a fault occurred.
mean time to repair The mean time to repair a component of an ESD system.
This mean time is measured from the time that a failure
occurs to the time that the repair is completed and the ESD
system has been returned to service.
mean time to repair a The mean time that it takes to fix or replace a failed
fault component.
mean time to return to The mean time that it takes to return the ESD system to
operation operable condition after a fault has been repaired.
mitigation plan A plan that describes the actions that must be taken when a
failed interlock is detected in order to reduce the
consequences of the failure.
on-line testing Testing that is done while the process continues to operate.
output device Automatic block valves, motors, pilot lights, and similar
devices that accept output signals from the logic solver in an
ESD system.
proof test A test of all the components (i.e., hardware and software) of
an ESD system to ensure that the system is capable of
functioning when the demand arises.
punch list Documentation that logs any deviations from the design
specifications.
total time The total time during which the ESD interlock should be able
to respond to a demand.
triple modular A fault tolerant scheme that uses 2-out-of-3 (2oo3) voting to
redundant determine appropriate output action.
At the start of the FAT, the vendor must begin logging all errors
encountered within vendor-developed logic and application
programs in a software deficiency log, along with an error
description, classification (i.e., Type 1, 2 or 3), proposed
correction or corrective action, duration, and time encountered.
This error logging must continue throughout the entire functional
test period.
Actual FAT testing time must be used, (i.e., not calendar time or
even CPU time). Based on previous experience, test hours
should match the total number of man hours that the test team
expended. The number of teams and the number of testing
hours per day may vary during the ESD system test. However,
the test time used should reflect the stress put on the ESD
system during all tests as accurately as possible.
The vendor must use this data to plot separate and unique
"Duane Curves" for estimating the frequency of encountering
future Type 1, 2 or 3 application program errors. The vendor
must demonstrate from extrapolation of plot data that the
following minimum probabilistic intervals of discovering future
Type 1, 2 or 3 application program errors has been achieved:
E/T = KTX
Where:
If test data are plotted linearly (total errors versus total time) the
resultant plot approximates an exponential curve.
Example 1:
For example, one can use the first plotted point and the last
plotted point to calculate the slope:
Example 2:
E/T = KTX
is solved for K.
K = (E/T)/(TX)
E = KT(X+l)
T(X+l) = E/K
[T(X+l)][l/(X+l)] = (E/K)[l/(X+l)]
T= (E/K)[1/(X+l)]
Example 3:
E/T = KTX
E = KT(I+X)
Differentiating:
dE/dT = (1+X)KTX
Figures 4 and 5 show Duane Plots that resulted from the FAT
on two different ESD systems. In which system is progress
being made toward a reliable software system?