AU2017100153A4 - A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators. - Google Patents

A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators. Download PDF

Info

Publication number
AU2017100153A4
AU2017100153A4 AU2017100153A AU2017100153A AU2017100153A4 AU 2017100153 A4 AU2017100153 A4 AU 2017100153A4 AU 2017100153 A AU2017100153 A AU 2017100153A AU 2017100153 A AU2017100153 A AU 2017100153A AU 2017100153 A4 AU2017100153 A4 AU 2017100153A4
Authority
AU
Australia
Prior art keywords
control
software
managing
self
plc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
AU2017100153A
Inventor
Martijn Theodorus Bernardus Hilbers
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to AU2017100153A priority Critical patent/AU2017100153A4/en
Application granted granted Critical
Publication of AU2017100153A4 publication Critical patent/AU2017100153A4/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Programmable Controllers (AREA)

Abstract

The present invention provides a software algorithm and an architecture design that are primarily intended to be used in Programmable Logic Controllers (PLCs) or Programmable Automation Controllers (PACs) that support object oriented programming. The design can also be applied to Distributed Control System (DCS's).

Description

2017100153 22 Mar 2017 1
Title of invention:
An IS A-8 8 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable, and self-learning control algorithm and software architecture for PLC’s, PAC’s, DCS’ and smart actuators.
Technical Field: [0001] The invention pertains to a software algorithm and subsequent architecture for process control software executed in PLCs (Programmable Logic Controller) or PACs (Programmable Automation Controller) or DCS’ (Distributed Control System), and can also be applied to smart actuators such as Variable Speed Drives, Variable Voltage Variable Frequency drives, Direct On Line motor starters, robots and any device incorporating microchip technology that is used to control devices/machines in an ISA88 model for (industrial) process control applications. Hence forth, where the abbreviation PLC is used, PAC systems and DCS systems are also referred to.
[0002] The design submitted in this application simplifies PLC process control software, will reduce the development time by at least 30% and will improve reliability, maintainability and enhance fault finding capability. When applied in smart actuators, it would allow actuators to perform process control functionality by interconnection to other smart actuators (using this algorithm) without being directly controlled by a PLC. 2017100153 22 Mar 2017 2
Background: [0003] Control systems such as PLCs are industrial computers used to control processes for industrial, manufacturing etc. applications. The development effort for PLC software can be represented by a pyramid that is divided in three layers.
[0004] At the bottom layer is the device control software, this software controls and monitors the behaviour of physical devices such as valves, motors, analogue/digital inputs and outputs. The programming effort for this layer accounts for approximately 50% of the total programming effort. The implementation of this layer has a lower level of complexity and is very repetitive. Typical functionality of the device control logic is interlocking, starting, stopping and tripping (fault condition) of a device. This layer integrates the field instruments and actuators into the control system and is the interface between the field hardware and the operator (manual operation mode) and the higher software layers (automatic operation mode).
[0005] The middle layer contains the process control functionality such as sequencers, group control, duty-standby control etc. and accounts for approximately 30% of the total programming effort. This part of the software is responsible for the automatic control of the process by issuing start and stop requests to the device control logic of the first layer etc. It also manages the process integrity and safety shutdowns in the event of a device or process failure. This is the most complex part of a PLC program and requires a high level of experience to develop. Because every process is unique, the software in this layer is unique as it controls devices or device groups in process specific order and under process specified conditions. As it controls the device control logic of the first layer and manages the process integrity, this part of the program has a high level of complexity and is more susceptible to instable and unpredictable behaviour. The ANSI/ISA-88 (S88) standard describes how the software in this layer should behave and which provisions are to be made to manage unpredictable and instable behaviour of the software in this layer and of the bottom layer. 3 2017100153 22 Mar 2017 [0006] The top layer performs general functionalities such as communication handling, hardware configurations etc. and will account for approximately 20% of the total programming effort. The submitted algorithm does not apply to this part of the PLC program.
Summary: [0007] The algorithm and subsequent software architecture submitted in this patent application combines device control, group control, sequencing and redundancy management functionality. This combination results in an architecture where software modules for devices and grouped/sequenced devices can be arranged in a fashion that mimics the ISA-88 physical model. This architecture facilitates messages to be passed through software modules from the lowest level of the ISA-88 physical model to the highest level while the software modules build up the messages according to the ISA-88 model. The algorithm integrates unique process control functionality with standard device and group control functionality. The algorithm is incorporated in standard software control blocks for ISA-88 equipment modules (for specific devices such as valves, motors etc.), and in a single control block for ISA-88 equipment modules, units and process cells (Figure 2 programmer’s interface). Hence forth where the phrase “control block” is used, it refers to the combined process control and device/group control functionality for an object in the ISA-88 physical model.
[0008] Where current conventional PLC software architectures incorporate at least three software layers; sequence managing software, sequence step software and device control software, the submitted algorithm allows for an architecture with only a single layer of software (Figure 3: comparison of architectures). The control blocks can be interconnected (stacked) with one another to provide sequence, group control and/or duty-standby functionality without any additional software. Subsequently the architecture of interconnected/stacked blocks follows the ISA-88 physical model innately.
[0009] The control algorithm can be applied to continuous, batch, route and state machine processes and/or combinations of these types of processes. The algorithm provides infinite redundancy between control blocks at any level of the ISA-88 physical model in any of the before mentioned process types. 2017100153 22 Mar 2017 4 [0010] The control algorithm can also be applied to a physical device using microchip/computer technology such as a robot, variable speed drive, direct online motor starter etc. When applied to these devices, devices could be grouped and controlled by interconnection with one another without a PLC.
Technical Problem [0011] The behaviour of device control software for motors, valves etc. is, to a great extent, standard across processes and industries, a valve opens and closes, a motor runs and stops. The automatic control and sequencing of devices is not standard and depends on the desired process functionality. Therefore the automatic operation, duty-standby configuration and sequencing etc. of devices or grouped devices is unique for every process. Subsequently, the software providing the sequencing, duty-standby, group control and the fault handling functionality is unique. Unique software has proven to be more instable, more unpredictable, and more time consuming to create, test and change than standard software. The current conventional PLC software architectures incorporate multiple software layers for group control, duty-standby control for redundancy, sequence management, sequence step control and device control software. When a process situation occurs that is outside of the functional limits of the process control software, the software tends to malfunction or becomes instable (get “stuck” or “hung up”) partly due to the multiple layers and the uniqueness of the control software.
[0012] In current conventional control systems, process conditions generated in the PLC are passed to the visualization (SCADA) system, In the SCADA system a message is associated with the condition received from the PLC and these messages are prioritized and ordered/grouped. A significant part of the SCADA development/programming effort is the ordering and prioritizing of these messages. This is crucial as major accidents in the past have been attributed to the poorly ordering and structuring of alarm messages. 2017100153 22 Mar 2017 5
Solution to problems [0013] As described in the summary, the combination of unique and standard control functionality in a single control block, allows for control blocks to be uniquely sequenced, and/or to be in a duty standby arrangement and/or to be group controlled with one another (by interconnection) without any other software managing this. This makes the process control software universal while providing unique process control functionality for any process, in any industry.
[0014] As the algorithm is incorporated in the control blocks for every object of the ISA-88 model, it allows for a (nearly) identical standard graphical programmers interface for all objects in the ISA-88 physical model (identical for ISA-88 equipment modules, units and process cells, and only field inputs and outputs as unique features for the ISA-88 control modules) (Figure 2). Creating of control functionality becomes very simple and can be performed by people without a programmers skill set. This makes the graphic programmers interface a distinguishing feature of the submitted algorithm and subsequent architecture.
[0015] As the algorithm allows the control blocks to be arranged (stacked) according to the ISA-88 physical model, messages can be generated and prioritized (based on conditions available in the PLC) by any control block. As the control blocks are arranged according to the ISA-88 model, while being passed up through the control blocks to the SCADA system, the messages are built up by the stacked control blocks according to the ISA-88 physical model. The SCADA development effort is reduced significantly.
Advantageous effects of invention [0016] The submitted control algorithm and subsequent architecture, eliminates the sequence managing, step managing, group control and duty-standby software used in current conventional control software architectures that are applied in PLCs. This reduces the control software development by at least 30% and provides unlimited redundancy capability. 6 2017100153 22 Mar 2017 [0017] Software created according to the current conventional software architecture is unique. The unique aspect of this software is eliminated and replaced by the algorithm incorporated in standard control blocks for every object of the ISA-88 physical model. Subsequently, the quality of the software and process control functionality is consistent as it is not dependent anymore on the quality of the software but solely on how the software blocks are interconnected with one another. Therefore, some of the functionality described in the ISA-88 standard regarding the managing of unpredictable and instable behaviour of control software, does not apply to the submitted algorithm and subsequent software architecture.
[0018] As the algorithm allows for a nearly identical graphical programming interface (Figure 2) across the ISA-88 physical model, this makes the development of control software very simple and possible for people without programming experience/skills.
[0019] Because the algorithm combines device control, group control, sequencing and duty standby control in a single software block, the device status, group status, sequence status and duty standby status information is available from a single source to the operator visualisation. This has as a result that the visualisation can also be standardized as all the information is available and does not need to be combined in the visualisation/SCADA program (Figures 4, 5 and 6). Subsequently this reduces the SCADA development effort significantly.
Fundamental principles.
[0020] The fundamental principles that support the integration of the process control functionality (sequencing, group control and redundancy management) with the device and group control functionality are: 1. The interlocking design and functionality. 2. The latching of automatic start and stop commands.
This patent application claims the combination of five interlocks with the latching of automatic start and stop commands (Figure 1). 7 2017100153 22 Mar 2017
Interlocks: [0021] The algorithm utilizes five interlocks:
Protection interlock Start interlock Run/Open interlock Stop/Close interlock Duty-Standby interlock
Protection interlock: [0022] Protection interlock serves to protect human safety, to avoid a dangerous process/environmental situation or to prevent equipment from being damaged. When the interlock is not valid, the device will be stopped immediately and cannot be started.
Start interlock [0023] The start interlock must be asserted for the control block to energize the device. Once the device is energized (starting, running/opened or stopping/closing), the start permissive is disregarded and a change of the start permissive will not affect the device’s energized/operation state.
Run/open interlock: [0024] The run/open interlock must be asserted in order for the control block to energize the device and maintain energized state of the device. When the run interlock is de-asserted while the device is energized, then the device will be de-energized (stopped/closed) without delay.
Stop/close interlock: [0025] When the device is energized, the stop interlock must be asserted in order for the device to be de-energized, so a running device will not stop at a stop request if the stop interlock is de-asserted. 2017100153 22 Mar 2017 8
Duty/standby interlock: [0026] The duty/standby interlock must be de-asserted in order for the control block to energize the device and maintain the device in the energized state. When the duty/standby interlock is asserted, meaning that the redundant partner is in duty mode and this device is requested to be in standby mode, then the device will not energize or will be de-energized (stopped). Duty-standby control provides redundancy between control modules, equipment modules, units and process cells (devices, device groups and sequences). The purpose of redundancy is when the active (duty) device(s) faults or is/are unintentionally stopped, then the standby device(s) is/are started.
Difference between protection interlock and other interlocks: [0027] The difference between the protection interlock and the other interlocks is that a protection interlock will lock the device in a tripped state and will cause an, the other interlocks will not. When the protection interlock is de-asserted and the device is tripped, the operator will be required to resolve the cause of the interlock and “unlock” the device by issuing a reset command to make the device ready for operation. The other interlocks will either inhibit the device from changing operating state or will stop the device without issuing operator alarms and without any operator requirement to issue a reset command afterward.
Automatic start and stop command latching [0028] The second fundamental principle that supports the integration of the process control functionality with the device control functionality is the latching of the start and stop commands. Latching is the storing/retaining of the asserted (on) or de-asserted (off) state of a digital internal command variable.
[0029] The time of issuing automatic start/stop commands and the latching of commands for the algorithm submitted in this application is different from the current conventional programming practice and behaves as follows: 9 2017100153 22 Mar 2017 [0030] When an operator starts a sequence, an auto start command is issued simultaneously to all the sequenced devices. Unlike the current industry programming practice where the device receives a command when the sequence step becomes active, all devices receive the start command at the beginning of the sequence before any step is active. Similarly an auto stop command is issued simultaneously to all the sequenced devices. The auto start and stop commands are latched (stored) in the control block, when the start and run interlocks are/become asserted, the device is energized. When an automatic stop command is issued, the stop command is latched, when the stop interlock is/becomes asserted, the device is de-energized.
[0031] The latching of automatic commands in combination with the start, run/open and stop/close interlocks, provides sequence, group control and duty-standby functionality.
Self-Learning: [0031] The ISA-88 standard describes a process situation where the process control is paused in a sequence step and the operator is able to manually step through the sequence. In order to identify the preceding and succeeding step, the algorithm/standard logic block has a “learning” functionality. At the moment when a step in a sequence is about to become active, the algorithm in the block stores the current sequence step before updating the sequence step number with its’ own step number. In other words, the block remembers its’ preceding step. Similarly at the moment that a step is de-activated, the control blocks stores the newly activated step number. This “learning” functionality allows stepping up and down through the sequence when the sequence is paused. The self-learning functionality will also allow for dynamically creating the sequence display on the HMI graphic.
Messaging [0032] Because the algorithm integrates the process control with the device control logic, the device and process control status messages can be made standard and be generated inside the control block. By using multiplexing, messages from slave control blocks are passed up through the sub masters to the highest master control block. Every sub master adds its' label to the message so a browsing structure is generated in line with the IS A-8 8 model. 10 2017100153 22 Mar 2017 [0033] Example: A tank park consists of three tanks. Each tank has a filling pump and a draining pump, and each pump has an inlet and an outlet valve. There is a total of six pumps and 12 valves for the three tanks. If the outlet valve of the second tank’s filling pump fails, the outlet valve will generate a message. This message will start with the valve’s tag name followed by the status e.g. “Outlet Valve: Failed to open”
As the outlet valve is a “slave” of the filling pump, the message is passed up to the Filling Pump control bock. The Filling Pump control block adds its’ tag name to the message and now the message becomes: “Fill Pump: Outlet Valve: Failed to open”.
As the Filling Pump is a “slave” of equipment module Tank2, the message is passed up to the control block of Tank2. The Tank2 control block adds its’ tag name to the message and now the message becomes: “Tank2: Fill Pump: Outlet Valve: Failed to open”.
As Tank2 is part of the Tank Park unit, the message is passed up to the control block of Tank Park. The Tank Park control block adds its’ tag name to the message and now the message becomes: “Tank Park X: Tank2: Fill Pump: Outlet Valve: Failed to open”.
[0034] As multiplexing is a common industry practice, the design for multiplexing messages will not be submitted for a patent in this application. However this section is to support the patent claim for the described algorithm as this is what makes the architecture possible that allows for the automatic generation and structuring (as per ISA-88 physical model) of messages at a PLC level.
[0035] SCADA software packages are applied as user interface between the PFC and the operator. The current control system development practice is that messages are generated in the SCADA software based on conditions in the PFC. The SCADA engineer programs/configures the SCADA package to generate and structure messages. In the submitted design, messages are automatically generated and structured as per ISA-88, this means that this does not need to be programmed/configured in the SCADA software. This is a significant reduction of programming efforts during the development stage of the SCADA software.

Claims (2)

  1. Claim
  2. 1. An ISA-88 compliant process control algorithm that is group controlling, selfsequencing, redundancy managing, alarm-managing, stackable, and self-learning, whilst combining these functionalities in a single software entity (block) that is intended to be used in Programmable Logic Controllers (PLC), Process Automation Controllers (PAC), Distributed Control Systems (DCS) and smart actuators.
AU2017100153A 2017-02-09 2017-02-09 A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators. Active AU2017100153A4 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2017100153A AU2017100153A4 (en) 2017-02-09 2017-02-09 A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2017100153A AU2017100153A4 (en) 2017-02-09 2017-02-09 A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators.

Publications (1)

Publication Number Publication Date
AU2017100153A4 true AU2017100153A4 (en) 2017-04-20

Family

ID=58543458

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2017100153A Active AU2017100153A4 (en) 2017-02-09 2017-02-09 A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators.

Country Status (1)

Country Link
AU (1) AU2017100153A4 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109976723A (en) * 2019-03-12 2019-07-05 北京国电智深控制技术有限公司 A kind of algorithm development platform, algorithm development method and computer readable storage medium
CN110442337A (en) * 2019-08-13 2019-11-12 中国核动力研究设计院 A kind of mask method based on nuclear power plant DCS platform logic algorithm pattern cloud atlas
CN117093979A (en) * 2023-10-19 2023-11-21 西安热工研究院有限公司 Method, system and medium for trusted switching of DCS controller in non-network environment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109976723A (en) * 2019-03-12 2019-07-05 北京国电智深控制技术有限公司 A kind of algorithm development platform, algorithm development method and computer readable storage medium
CN110442337A (en) * 2019-08-13 2019-11-12 中国核动力研究设计院 A kind of mask method based on nuclear power plant DCS platform logic algorithm pattern cloud atlas
CN110442337B (en) * 2019-08-13 2022-03-22 中核控制系统工程有限公司 Labeling method based on cloud picture of nuclear power plant DCS platform logic algorithm diagram
CN117093979A (en) * 2023-10-19 2023-11-21 西安热工研究院有限公司 Method, system and medium for trusted switching of DCS controller in non-network environment
CN117093979B (en) * 2023-10-19 2024-01-16 西安热工研究院有限公司 Method, system and medium for trusted switching of DCS controller in non-network environment

Similar Documents

Publication Publication Date Title
EP1004061B1 (en) Architecture for a hybrid real-time control system and method of operation thereof
AU2017100153A4 (en) A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators.
JP6088001B2 (en) Method and apparatus for managing module execution sequence in process management environment
US9188964B2 (en) Safety controller for controlling an automated installation and method for generating a user program for a safety controller
US8803667B2 (en) Systems and methods for notifying multiple hosts from an industrial controller
US7684877B2 (en) State propagation for modules
US5450346A (en) Method for the automatic control of manufacturing processes
US20180164790A1 (en) Control environment change communication
US9098074B2 (en) Safety-related control unit and method for controlling an automated installation
EP2523056B1 (en) System and method for block instantiation
US10747211B2 (en) Method for engineering a method- or process-engineering plant, function module and stored program control
EP2037342B1 (en) Method of implementing production execution system
Bloch et al. Orchestration of services in modular process plants
US11586185B2 (en) Engineering system for orchestration of an industrial plant
Barbieri et al. A PackML-based design pattern for modular PLC code
US9459619B2 (en) Continuous equipment operation in an automated control environment
US8937555B2 (en) Systems and methods to overlay behaviors on foundation fieldbus alerts
Lepuschitz et al. Toward Batch Process Domain with IEC 61499
EP3029536A1 (en) Systems and methods to overlay behaviors on foundation fieldbus alerts
Strasser et al. Towards engineering methods for reconfiguration of distributed real-time control systems based on the reference model of IEC 61499
CN117501677A (en) Method, apparatus, computer program and computer readable medium for modular setting of technical devices using configurable logic
Itu Optimization of a milk processing application using a service oriented architecture
Alina Industrial Service Oriented Architecture: Application to a Milk Processing Plant
Antonzadis et al. A concept for the integrated process description, PLC programming and simulation using Petri nets: application in a production process
Moser et al. Modeling of a Hierarchical Supervisory Controlled Industrial Process for Fault Diagnosis

Legal Events

Date Code Title Description
FGI Letters patent sealed or granted (innovation patent)