In order to certify an automation system (e.g., a safety-related automation system) as easily and cost-effectively as possible, as many pre-certified components as possible are used when creating such a system. These pre-certified components can be, for example: (i) hardware components such as a programmable logic controller, input/output modules, bus systems, sensors, and actuators; (ii) firmware on intelligent components such as the programmable logic controller; (iii) software components such as a development system for programs for automation systems; (iv) processes for developing a safety-related automation system; and (v) entities which carry out such a process.
The program in the programmable logic controller (e.g., the safety-related programmable logic controller) is the only component of a safety-related automation system which is dependent on the planned use and therefore cannot be prefabricated and/or pre-certified.
The practice of certifying the program in the safety-related programmable logic controller is facilitated if the structure and contents of the program are designed in such a manner that the certifying body can understand the method of operation of the program with as little effort as possible. This can be achieved by virtue of the fact that the possibilities provided by the programming language used for programmable logic controllers are restricted when used for a safety-related automation system.
Such restrictions can be represented in the form of guidelines which then need to be heeded when creating the program for the safety-related programmable logic controller. However, the test for compliance with such guidelines for designing programs for safety-related programmable logic controllers is a time-consuming activity and is susceptible to errors, for the development personnel or the body certifying the safety-related automation system.
The possibility of carrying out an automatic program test has existed for decades for different programming languages in the field of software development. In this case, a distinction is made between different types of tests, for example: (i) a test for compliance with particular rules, such as a test of syntax or type compatibility; (ii) a test for correctness, such as a test against field index overflow, pointer overflow, memory overflow, endless loops, memory which has not been allocated or has not been released, and variables which have not been initialized or unsafe type conversions; and (iii) a test of run time properties, such as performance or stress tests.
It is known to implement program testing means in a development system for safety-related programs in safety-related programmable logic controllers. This procedure leads to time-consuming software development and is associated with high costs since the development system for use in safety-related automation systems is pre-certified and the integration of the program testing means in the development system constitutes a change to the development system, which makes it necessary to certify the latter again.