| Safety instrumented systems are widely used in key industrial control and safety fields.In the petrochemical industry,on the one hand,considering its high temperature,high pressure,and flammable and explosive production environment,enterprises have put forward high requirements for the safety of the control system,and generally reach the SIL3 safety integrity level.On the other hand,the process flow of the petrochemical industry has very high continuous control requirements for the control system,because every abnormal shutdown will cause very serious economic losses.As the most core component in the safety instrumented system,the control module plays a key control role.The safety and availability of the control module directly determines whether the field device can operate safely and efficiently.This paper is focused on the application requirements of functional safety technology and safety instrumented systems in the petrochemical process industry,by literature researching and IEC 61508 standard studying,the core control module of the safety instrumented system is designed and implemented.By studying the basic functions and performance of the control module,combining the analysis and comparison of the Markov model of multiple typical redundant architectures,a triple safety architecture with 3-2-0 degraded mode is designed,which solves the architecture issue that the control module can both ensure safety requirement and high-availability.Based on this architecture,it is determined that the key to improving safety and availability is to increase the hardware diagnostic coverage(DC)and mean time to failure(MTTF),by establishing an algorithm model for the safety and availability of the control module.Through the FMEA analysis of the control module prototype,it is determined that the focus of improving the hardware DC is the diagnosis of the power supply circuit and the microprocessor.Focusing on this point,diagnostic measures with high fault coverage for key power supply circuits and the core part of general-purpose microprocessors are designed and implemented,the technical problem of the control module hardware DC reaching 90%based on the general-purpose microprocessor platform has been solved,and the high-safety diagnosis requirements of the control module have been met.Through theoretical analysis of MTTF indicators,improving fault recovery capability is confirmed to be one of the important key to improving MTTF,under the premise of ensuring high diagnosis fault coverage.Focusing on this point,safety configuration and real-time data area failure recovery measures are designed and implemented,which meets the failure recovery requirement of the high availability of the control module.Through the research and analysis of the fieldbus communication fault model and diagnostic measures,the design and realization of the key technology of safe communication fault diagnosis and recovery in the control module has solved the technical problem of redundant communication safety reaching SIL3 under the triple architecture,and satisfies the overall safety requirements of the module.Finally,the prototype of the SCU9020 control module with a triple architecture was completed under the TCS-900 system safety architecture.The calculation of the key safety indicators PFDavg、PFH、SFF andλSC verified that the safety of the SCU9020 control module reached SIL3 requirements.Through the comparative analysis of the key reliability index MTTF,it is verified that the availability of the SCU9020 module has been effectively improved and the design expectations are met. |
PDF Full Text Request