CN113553687A - Memory, safety instrumentation system SIL verification method, system and apparatus - Google Patents

Memory, safety instrumentation system SIL verification method, system and apparatus Download PDF

Info

Publication number
CN113553687A
CN113553687A CN202010329087.2A CN202010329087A CN113553687A CN 113553687 A CN113553687 A CN 113553687A CN 202010329087 A CN202010329087 A CN 202010329087A CN 113553687 A CN113553687 A CN 113553687A
Authority
CN
China
Prior art keywords
failure
sif
loop
sil
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010329087.2A
Other languages
Chinese (zh)
Inventor
姜雪
胡川
赵振峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Petroleum and Chemical Corp
Sinopec Qingdao Safety Engineering Institute
Original Assignee
China Petroleum and Chemical Corp
Sinopec Qingdao Safety Engineering Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Petroleum and Chemical Corp, Sinopec Qingdao Safety Engineering Institute filed Critical China Petroleum and Chemical Corp
Priority to CN202010329087.2A priority Critical patent/CN113553687A/en
Publication of CN113553687A publication Critical patent/CN113553687A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/04Constraint-based CAD
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/02Reliability analysis or reliability optimisation; Failure analysis, e.g. worst case scenario performance, failure mode and effects analysis [FMEA]

Abstract

The invention discloses a memory, a safety instrument system SIL verification method, a system and a device, wherein the method comprises the following steps: the method comprises the steps that a safety instrument function SIF loop used for building a reliability block diagram is set to comprise a sensing unit, a logic controller unit and an execution unit; respectively calculating the safety failure fraction SFF and the maximum fault margin HFT of each unit according to the failure data of each element in the SIF loop, and obtaining the structural constraint grade of the SIF loop; when modeling calculation is carried out on the three units respectively, the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated from the periodic detection time intervals of the component and its corresponding test coverage PTC. When the common cause failure of the undetected dangerous failure part is calculated, compared with the prior art without considering the influence caused by the test period change, the method can effectively improve the accuracy of the result of calculating the average failure probability of the SIF loop.

Description

Memory, safety instrumentation system SIL verification method, system and apparatus
Technical Field
The present invention relates to the field of process industry safety, and more particularly to a memory, safety instrumented System (SIL) verification method, system, and apparatus.
Background
In the process industries such as petrochemical industry, a large amount of flammable, explosive, toxic or strongly corrosive dangerous chemicals are often involved in the production, storage and transportation processes, so that a lot of safety accident risks exist.
Safety Instrumentation System (SIS) is an automatic Safety protection System; the safety instrument system is used as an important protective layer in the process industry and is also the last preventive protective measure before safety accidents occur; therefore, the safety instrument system with the reliability meeting the requirement is designed to have important significance for preventing accidents in process industry and reducing the overall risk level of production devices.
The Safety instrumentation system SIL (Safety Integrity Level) verifies that the commonly used reliability modeling method comprises a reliability block diagram, fault tree analysis and a Markov model; the reliability block diagram method has the characteristics of simple modeling and clear structure, and has certain advantages in simple modeling of the safety instrument function loop.
The inventor finds that the reliability modeling method based on the reliability block diagram in the prior art has at least the following defects:
in the modeling calculation, the calculation result deviation is large for SIF (safety instrument function) loops of redundant structures such as 1oo2 and 2oo 3.
The information disclosed in this background section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
Disclosure of Invention
The invention aims to improve the accuracy of the calculation result of the SIF loop in the modeling calculation process when the safety instrument system SIL is verified.
The invention provides a safety instrument system SIL verification method, which comprises the following steps:
s11, setting the SIF loop for constructing the reliability block diagram to comprise a sensing unit, a logic controller unit and an execution unit;
s12, respectively calculating the SFF and the HFT of each unit according to the failure data of each element in the SIF loop, and obtaining the structural constraint grade of the SIF loop;
s13, when modeling calculation is carried out on the three units respectively, the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated based on the periodic detection time interval of the component and its corresponding inspection test coverage.
In the present invention, the modeling calculation for each of the three units further includes:
for a periodic detection of an undetectable critical failure, the common cause failure of the undetectable critical failure portion of the component is calculated based on the overhaul period or the offline detection period of the component and its corresponding inspection test coverage.
In the present invention, the modeling calculation for each of the three units includes:
calculating a common cause failure of the detectable catastrophic failure portions of the component, and a common cause failure of the undetectable catastrophic failure portions, according to equation (1);
βDλDDMTTR+βλDUPTC(T1/2+MRT)+βλDU(1-PTC)(T22+ MRT), formula (1);
wherein, PFDGIs the average probability of failure; t is1Is a periodic detection time interval of the component; t is2The device is an overhaul period or an offline detection period of the device; beta is a common cause failure factor; beta is aDA common cause failure factor for detectable dangerous failure; lambda [ alpha ]DDFor a detectable probability of dangerous failure, λDUIs an undetectable dangerous failure probability; MTTR is the mean repair time; MRT is the average repair time; PTC is fixedExamination of phase detection test coverage.
In the present invention, the sensing unit, the logic controller unit and the execution unit are connected in series.
In the invention, the structural constraint level of the SIF loop is the minimum structural constraint level in each unit.
In the present invention, the sensing unit includes all the elements on the SIF loop from the field sensing element to the input of the logic controller.
In the present invention, the logic controller unit includes an input card (AI/DI), an output card (AO/DO), a power module, and a CPU.
In the present invention, the execution unit includes all the elements on the SIF loop from the logic controller output to the field final actuator.
In the invention, when the final execution element is a pump, the elements of the execution unit comprise an intermediate element (output) and an electric control cabinet;
when the final actuator is a control valve, the elements of the actuator unit include an intermediate element (output), an output interface, an actuator interface, a pneumatic element, an actuator, and a valve body.
In the present invention, the method for acquiring failure data of each element in the SIF loop includes:
s21, determining the triggering mode, alarm setting, signal range checking and transient signal function of the signal of the sensing unit according to the field condition;
s22, determining whether the execution unit has the technical standard specification TSO requirement, partial stroke test, severe working condition and other factors according to the field condition;
and S23, determining failure data of the instrument element according to conditions such as the setting condition of the instrument, the requirement of actual working conditions and the like, preferentially adopting the failure data in an instrument SIL authentication certificate, and if the instrument has no SIL authentication, adopting the failure data of the universal instrument in a safety control equipment reliability database in a PHAMS (national petrochemical safety risk assessment and management platform).
In the present invention, the calculating SFF and HFT of each unit includes:
s31, respectively calculating the SFF of each unit according to the failure data of the instrument;
s32, obtaining the HFT of each unit according to the arrangement structure of each unit;
s33, determining the meter type of each unit according to the selected meter element;
and S34, confirming the structural constraint of the SIF loop of each unit according to the structural constraint table corresponding to the selected item according to the specification.
In the present invention, the modeling calculation for each of the three units includes:
the failure rate of the SIF loop is the sum of the failure rates of the sensing unit, the logic controller unit and the execution unit.
In another aspect of the present invention, there is also provided a safety instrumentation system SIL verification device, comprising:
the logic division module is used for dividing SIF loops for constructing the reliability block diagram into a sensing unit, a logic controller unit and an execution unit;
the constraint grade generation module is used for respectively calculating the SFF and the HFT of each unit according to the failure data of each element in the SIF loop and obtaining the structural constraint grade of the SIF loop;
the modeling calculation module is used for respectively carrying out modeling calculation on the three units; the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated based on the periodic detection time interval of the component and its corresponding inspection test coverage.
In the present invention, the modeling calculation module further includes:
for a periodic detection of an undetectable critical failure, the common cause failure of the undetectable critical failure portion of the component is calculated based on the overhaul period or the offline detection period of the component and its corresponding inspection test coverage.
In the present invention, the modeling calculation module includes:
calculating a common cause failure of the detectable catastrophic failure portions of the component, and a common cause failure of the undetectable catastrophic failure portions, according to equation (1);
βDλDDMTTR+βλDUPTC(T1/2+MRT)+βλDU(1-PTC)(T22+ MRT), formula (1);
wherein, PFDGIs the average probability of failure; t is1Is a periodic detection time interval of the component; t is2The device is an overhaul period or an offline detection period of the device; beta is a common cause failure factor; beta is aDA common cause failure factor for detectable dangerous failure; lambda [ alpha ]DDFor a detectable probability of dangerous failure, λDUIs an undetectable dangerous failure probability; MTTR is the mean repair time; MRT is the average repair time; PTC is a test coverage for periodic testing.
In another aspect of the invention, there is also provided a memory comprising a software program adapted to execute the steps of the above safety instrumented system SIL verification method by a processor.
In another aspect of the embodiments of the present invention, there is also provided a safety instrumentation system SIL verification device, which includes a computer program stored on a memory, the computer program including program instructions, which when executed by a computer, cause the computer to perform the methods described in the above aspects and achieve the same technical effects.
Compared with the prior art, the invention has the following beneficial effects:
the invention considers the influence caused by the overhaul period when calculating the common cause failure of the undetected dangerous failure part, and particularly comprises the following steps: the inventor finds that, for undetectable dangerous failures, when the failures occur, the failures can not be found by adopting an automatic detection technology, and the failures of the type can be found only during regular detection and overhaul of the device or when the instruments of the SIF loop are subjected to offline detection tests; to this end, the invention calculates the common cause loss of the undetectable dangerous failure part of the component according to the regular detection time interval of the component and the corresponding inspection test coverage rate when the three units are respectively subjected to modeling calculationEffect is achieved; the specific working mode is that when the SIF loop is regularly detected, the part of the undetected dangerous failure is related to the regularly detected test coverage rate (PTC), and the system failure probability of the part can be expressed by the formula beta lambdaDUPTC(T12+ MRT) was calculated. Where MRT is the mean recovery time of the SIF loop, T1The periodic detection period of the SIF loop is set; therefore, when the common cause failure of the undetected dangerous failure part is calculated, compared with the prior art which does not consider the influence caused by the change of the inspection test period, the method can effectively improve the accuracy of the result of calculating the average failure probability of the SIF loop.
Preferably, for the dangerous failure which cannot be found by periodic detection, the invention can further calculate the common cause failure of the undetected dangerous failure part of the element according to the overhaul period or the offline detection period of the element and the corresponding PTC, thereby further improving the accuracy of the result of calculating the average failure probability by the SIF loop; the common cause failure calculation of the part can be according to the formula beta lambdaDU(1-PTC)(T2/2+ MRT) to yield, wherein T2The repair period or the offline detection period of the device.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical means of the present invention more clearly understood and to make the technical means implementable in accordance with the contents of the description, and to make the above and other objects, technical features, and advantages of the present invention more comprehensible, one or more preferred embodiments are described below in detail with reference to the accompanying drawings.
Drawings
FIG. 1 is a diagram of the steps of a safety instrumented System SIL verification method described in the present invention;
FIG. 2 is a schematic diagram of a safety instrumented System SIL verification device according to the present invention;
fig. 3 is a schematic diagram of the structure of a safety instrumented system SIL verification device according to the present invention.
Detailed Description
The following detailed description of the present invention is provided in conjunction with the accompanying drawings, but it should be understood that the scope of the present invention is not limited to the specific embodiments.
Throughout the specification and claims, unless explicitly stated otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated element or component but not the exclusion of any other element or component.
In this document, the terms "first", "second", etc. are used to distinguish two different elements or portions, and are not used to define a particular position or relative relationship. In other words, the terms "first," "second," and the like may also be interchanged with one another in some embodiments.
Example one
In order to improve the accuracy of the calculation result of the SIF loop in the modeling calculation process during the safety instrument system SIL verification, as shown in fig. 1, an embodiment of the present invention provides a safety instrument system SIL verification method, including the steps of:
s11, setting the SIF loop for constructing the reliability block diagram to comprise a sensing unit, a logic controller unit and an execution unit;
in the embodiment of the invention, the SIF loop is divided into three units, namely a sensing unit, a logic controller unit and an execution unit; then, a corresponding reliability block diagram can be constructed according to each unit structure. In practical application, the three units can be connected in series; a SIF loop is considered to be able to function properly if there are one or more paths from one end (e.g., the left end) of the SIF loop to another end (e.g., the right end).
In the embodiment of the invention, each unit of the SIF loop can comprise a plurality of elements; the specific way of constructing the reliability block diagram according to each unit structure may include:
s101, modeling of a sensing unit: the sensing unit may specifically include all elements on the SIF loop from the field sensing element to the input of the logic controller, such as sensing elements, process connections, intermediate elements (inputs), etc.;
s102, modeling by a logic controller unit: the logic controller unit can specifically comprise any element which can cause SIF loop failure, such as an input card (AI/DI), an output card (AO/DO), a power supply module, a CPU and the like;
s103, modeling an execution unit: the execution unit may specifically include all elements on the SIF loop from the logic controller output to the field final actuator.
In practical application, when the final execution element is a pump, the elements to be considered by the execution unit include an intermediate element (output) and an electric control cabinet; when the final actuator is a control valve, the elements of the actuator unit that need to be considered may include intermediate elements (outputs), output interfaces, actuator interfaces, pneumatic elements, actuators, valve bodies, and the like.
And S104, constructing a reliability block diagram according to the structure of each unit in the SIF loop, wherein the sensing unit, the logic controller unit and the execution element unit are in a serial relation.
S12, respectively calculating the SFF and the HFT of each unit according to the failure data of each element in the SIF loop, and obtaining the structural constraint grade of the SIF loop;
in this step, the specific process of searching the failure data of each element in the SIF loop may include:
s201, determining a trigger mode of a sensing unit signal, alarm setting, signal range checking of a PLC and a transient signal function according to the field condition.
S202, determining whether the execution unit has TSO requirements, partial stroke testing, poor working conditions and other factors according to the field conditions.
S203, determining failure data of an instrument element according to conditions such as the setting condition of the instrument, the requirement of an actual working condition and the like, preferentially adopting the failure data in an instrument SIL authentication certificate, and adopting the failure data of a general instrument in a safety control equipment reliability database in a PHAMS platform if the instrument has no SIL authentication.
Next, in this step, the specific process of calculating the SFF and the HFT of each unit and obtaining the structural constraint level of the SIF loop may include:
s204, respectively calculating the safety failure Score (SFF) of each unit according to the failure data of the instrument;
the calculation formula for SFF may be:
Figure BDA0002464298390000081
wherein λ isSDIs a detectable probability of security failure; lambda [ alpha ]SUA security failure probability that is undetectable; lambda [ alpha ]DDIs a detectable dangerous failure probability; lambda [ alpha ]DUIs an undetectable dangerous failure probability;
s205, obtaining the maximum fault margin (HFT) of each unit according to the setting structure of each unit;
s206, determining the type (type A or type B) of the instrument of each unit according to the selected instrument element;
the class a subsystem should meet the following requirements:
failure modes for all component parts are well defined and the behavior of the subsystem in fault conditions can be fully determined and failure rates to meet declared detected and undetected critical failures can be shown by adequate and reliable data obtained through field experience.
The class B subsystem should meet the following requirements:
failure modes of at least one component are not well defined, or the behavior of the subsystem in a fault condition is not fully determined, or the reliable data obtained through field experience is insufficient to show failure rates that meet the declared dangerous failures, both detected and undetected.
S207, according to the structural constraint table (table 1, table 2 and table 3) corresponding to the selected item according to the specification (such as IEC 61508 or IEC61511), confirming the structural constraint of the SIF loop of each unit. In practical applications, the structural constraint level of the SIF loop may be the smallest structural constraint level among the units.
Table 1: hardware safety integrity: structural constraint of A-type safety related subsystem (Specification: IEC 61508)
Figure BDA0002464298390000091
Table 2: hardware safety integrity: structural constraint of B-type safety related subsystem (Specification: IEC 61508)
Figure BDA0002464298390000092
Table 3: minimum hardware fault margin (Specification: IEC61511)
SIL Demand patterns Minimum hardware Fault margin (HFT)
1 Low/high/continuous 0
2 Is low in 0
2 High/continuous 1
3 Low/high/continuous 1
4 Low/high/continuous 2
S13, when modeling calculation is carried out on the three units respectively, the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated based on the periodic detection time interval of the component and its corresponding inspection test coverage.
And respectively modeling and calculating the failure rates of three units (namely, a sensing unit, a logic controller unit and an execution unit) of the SIF loop, wherein the failure rate of the whole SIF loop is the sum of the failure rates of the three units.
Specifically, the method comprises the following steps:
s31, determining common cause failure factors according to the selected instrument elements of the SIF loop units respectively; in practical applications, the correspondence between the components and the common cause failure factors can be as shown in table 4:
Figure BDA0002464298390000101
Figure BDA0002464298390000111
in the SIL verification reliability block diagram method in the prior art, the common cause failure calculation is that respective common cause failure factors are respectively applied to detectable dangerous failure and undetectable dangerous failure to carry out common cause failure calculation;
in the prior art, the common cause failure part is calculated as follows:
the formula used by the 1oo2 model may be:
PFDG=2(1-β)λDU((1-β)λDU+(1-βDDDSD)t'CEt'GEDλDDMTTR+βλDU(T1/2+MTTR)
the formula used by the 1oo3 model may be:
PFDG=6((1-β)λDU+(1-βDDD)3tCEtGEtG2E+βλDDMTTR+βλDU(T1/2+MTTR)
the formula used by the 2oo3 model may be:
PFDG=6((1-β)λDU+(1-βDDD)2tCEtGE+βλDDMTTR+βλDU(T1/2+MTTR)
among the calculation formulas of the three models, the common cause failure sub-formulas for detecting the dangerous failure part are as follows: beta is aDλDDMTTR; the common cause failure sub-formulas for the undetectable catastrophic failure components are: beta lambdaDU(T1/2+MTTR);
It can be seen from the formula that in the prior art, when the common cause failure part is calculated, the influence caused by the change of the test period is not considered; the inventor finds that, in the routine maintenance work of the SIS system, according to the SIL evaluation result and the requirement of the safety requirement specification, for the SIF loop with high safety integrity requirement, the reliability and the usability of the SIF loop can be effectively improved by considering the method of shortening the overhaul period by the partial stroke test, so the inventor obtains that: it is necessary to consider the effects of the overhaul period in the modeling calculations.
Considering that the detection technology is adopted to detect the element at this time, the inspection test time and the maintenance time of the element need to be comprehensively considered, so that the average repair time MRT is adopted to replace the average maintenance time MTTR when the maintenance time is considered.
Based on the above knowledge, in the embodiment of the present invention, the idea of setting the common cause failure part of the loop is as follows:
for detectable dangerous failure, the detectable dangerous failure means that when failure occurs, failure of a loop can be timely found according to different detection methods, and the failure can be eliminated by adopting corresponding means, at the moment, a common cause failure sub-formula of a part which can detect dangerous failure can be as follows: beta is aDλDDMTTR;
By undetectable dangerous failure is meant that when a failure occurs, it cannot be detected using automated detection techniques, and it is only possible to detect this type of failure during periodic testing, overhaul of the device, or off-line testing of the instruments of the SIF loop.
When a component in an SIF loop is capable of periodic detection, the component's undetectable dangerous failure is related to the periodically detected test coverage (PTC), and the probability of system failure for this component can be determined by the sub-formula β λDUPTC(T12+ MRT) was calculated. Where MRT is the average recovery time of the SIF loop and T1 is the periodic detection period of the SIF loop.
For dangerous failures which cannot be found by periodic detection, the dangerous failures can be found only when the device is overhauled and the meter is detected off-line, so that part of the system failure probability is expressed by the sub-formula beta lambdaDU(1-PTC)(T22+ MRT), where T2Is the overhaul period of the device.
In practical application, the modeling calculation performed on each of the three units may specifically be: calculating a common cause failure of the detectable catastrophic failure portions of the component, and a common cause failure of the undetectable catastrophic failure portions, according to equation (1);
βDλDDMTTR+βλDUPTC(T1/2+MRT)+βλDU(1-PTC)(T22+ MRT), formula (1);
wherein, PFDGIs the average probability of failure; t is1Is a periodic detection time interval of the component; t is2The device is an overhaul period or an offline detection period of the device; beta is a common cause failure factor; beta is aDA common cause failure factor for detectable dangerous failure; lambda [ alpha ]DDFor a detectable probability of dangerous failure, λDUIs an undetectable dangerous failure probability; MTTR is the mean repair time; MRT is the average repair time; PTC is a test coverage for periodic testing.
Thus, the accuracy of the calculation result of the average failure probability of the SIF loop can be improved by replacing the formula of the common cause failure of the detectable dangerous failure part and the formula of the common cause failure of the undetectable dangerous failure part in the embodiment of the present invention with the formula of the common cause failure of the detectable dangerous failure part and the formula of the common cause failure of the undetectable dangerous failure part in the prior art.
It should be noted that, when performing modeling calculation, the embodiment of the present invention may further include:
respectively calculating the failure rate of each unit according to a formula (2);
PFDAVG=PFDAVG-C+PFDAVG-βequation (2);
wherein, PFDAVGIs the average failure rate of the unit; PFDAVG-CAverage failure rate for individual failure of the elements within a cell; PFDAVG-βAverage failure rate for intra-cell component common cause failures;
then, the total failure rate of the SIF loop is calculated according to formula (3):
PFDAVG-SIF=PFDAVG-S+PFDAVG-L+PFDAVG-F
wherein, PFDAVG-SIFAverage failure rate of SIF loop; PFDAVG-SIs the average failure rate of the sensing unit; PFDAVG-LIs the average failure rate of the logic controller unit; PFDAVG-FIs the average failure rate of the execution unit.
In summary, in the embodiments of the present invention, when calculating the common cause failure of the undetectable dangerous failure part, the influence caused by the overhaul period is considered, specifically: the inventor finds that, for undetectable dangerous failures, when the failures occur, the failures can not be found by adopting an automatic detection technology, and the failures of the type can be found only during regular detection and overhaul of the device or when the instruments of the SIF loop are subjected to offline detection tests; for this purpose, the invention calculates the common cause failure of the undetectable dangerous failure part of the element according to the regular detection time interval of the element and the corresponding inspection test coverage rate when the three units are respectively subjected to modeling calculation; the specific operation is that when the SIF loop is periodically tested, the part of the undetectable dangerous failure is related to the test coverage (PTC) of the periodic test, which is part of the periodic testThe system failure probability of the score can be represented by the formula beta lambdaDUPTC(T12+ MRT) was calculated. Where MRT is the mean recovery time of the SIF loop, T1The periodic detection period of the SIF loop is set; therefore, when the common cause failure of the undetected dangerous failure part is calculated, compared with the prior art which does not consider the influence caused by the change of the inspection test period, the method can effectively improve the accuracy of the result of calculating the average failure probability of the SIF loop.
Preferably, for the dangerous failure which cannot be found by periodic detection, the invention can further calculate the common cause failure of the undetected dangerous failure part of the element according to the overhaul period or the offline detection period of the element and the corresponding PTC, thereby further improving the accuracy of the result of calculating the average failure probability by the SIF loop; the common cause failure calculation of the part can be according to the formula beta lambdaDU(1-PTC)(T2/2+ MRT) to yield, wherein T2The repair period or the offline detection period of the device. The formula is more accurate for the result of calculating the average failure probability of the SIF loop with the test period inconsistent with the overhaul period of the device.
Example two
In another aspect of the embodiment of the present invention, a safety instrument system SIL verification apparatus is further provided, and fig. 2 shows a schematic structural diagram of the safety instrument system SIL verification apparatus provided in the embodiment of the present invention, where the safety instrument system SIL verification apparatus is an apparatus corresponding to the safety instrument system SIL verification method in the embodiment corresponding to fig. 1, that is, the safety instrument system SIL verification method in the embodiment corresponding to fig. 1 is implemented by using a virtual apparatus, and each virtual module constituting the safety instrument system SIL verification apparatus may be executed by an electronic device, such as a network device, a terminal device, or a server. Specifically, the safety instrumentation system SIL verification apparatus in an embodiment of the present invention includes:
the logic division module 01 divides an SIF loop for constructing a reliability block diagram into a sensing unit, a logic controller unit and an execution unit;
a constraint grade generation module 02, configured to calculate an SFF and an HFT of each unit according to failure data of each element in the SIF loop, and obtain a structural constraint grade of the SIF loop;
the modeling calculation module 03 is used for respectively performing modeling calculation on the three units; the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated based on the periodic detection time interval of the component and its corresponding inspection test coverage.
Since the working principle and the beneficial effects of the safety instrument system SIL verification apparatus in the embodiment of the present invention have been described and illustrated in the safety instrument system SIL verification method corresponding to fig. 1, they can be referred to each other and are not described herein again.
EXAMPLE III
On the basis of the second embodiment, the modeling calculation module 03 in the embodiment of the present invention further includes:
for a periodic detection of an undetectable critical failure, the common cause failure of the undetectable critical failure portion of the component is calculated based on the overhaul period or the offline detection period of the component and its corresponding inspection test coverage.
Similarly, the working principle and the beneficial effects of the safety instrument system SIL verification apparatus in the embodiment of the present invention are also described and illustrated in the safety instrument system SIL verification method corresponding to fig. 1, and therefore, they may be referred to each other, and are not described herein again.
Example four
In an embodiment of the present invention, there is further provided a memory, wherein the memory includes a software program adapted to be executed by the processor for performing the steps of the safety instrumented system SIL verification method according to fig. 1.
The embodiment of the present invention may be implemented by a software program, that is, by writing a software program (and an instruction set) for implementing each step in the safety instrumentation system SIL verification method corresponding to fig. 1, the software program is stored in a storage device provided in a computer device, so that the software program can be called by a processor of the computer device to implement the purpose of the embodiment of the present invention.
EXAMPLE five
In an embodiment of the present invention, a safety instrumentation system SIL verification device is further provided, where a memory included in the safety instrumentation system SIL verification device includes a corresponding computer program product, and program instructions included in the computer program product, when executed by a computer, can make the computer execute the safety instrumentation system SIL verification method described in the above aspects, and achieve the same technical effect.
Fig. 3 is a schematic diagram of a hardware configuration of a safety instrumentation system SIL verification device as an electronic device according to an embodiment of the present invention, which, as shown in fig. 3, includes one or more processors 610, a bus 630, and a memory 620. Taking one processor 610 as an example, the apparatus may further include: input device 640, output device 650.
The processor 610, the memory 620, the input device 640, and the output device 650 may be connected by a bus or other means, such as the bus connection in fig. 3.
The memory 620, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules. The processor 610 executes various functional applications and data processing of the electronic device, i.e., the processing method of the above-described method embodiment, by executing the non-transitory software programs, instructions and modules stored in the memory 620.
The memory 620 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data and the like. Further, the memory 620 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 620 optionally includes memory located remotely from the processor 610, which may be connected to the processing device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 640 may receive input numeric or character information and generate a signal input. The output device 650 may include a display device such as a display screen.
The one or more modules are stored in the memory 620 and, when executed by the one or more processors 610, perform:
s11, setting a safety instrument function SIF loop for constructing a reliability block diagram to comprise a sensing unit, a logic controller unit and an execution unit;
s12, respectively calculating the safety failure score SFF and the maximum fault margin HFT of each unit according to the failure data of each element in the SIF loop, and obtaining the structural constraint grade of the SIF loop;
s13, when modeling calculation is carried out on the three units respectively, the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated from the periodic detection time intervals of the component and its corresponding test coverage PTC.
Preferably, the modeling calculation for each of the three units further includes:
for periodic detection of undetectable catastrophic failures, the common cause failure of the undetectable catastrophic failure portion of the component is calculated based on the overhaul period or the offline detection period of the component and its corresponding PTC.
The product can execute the method provided by the embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. For technical details that are not described in detail in this embodiment, reference may be made to the method provided by the embodiment of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage device and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage device includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a ReRAM, an MRAM, a PCM, a NAND Flash, a NOR Flash, a Memory, a magnetic disk, an optical disk, or other various media that can store program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (17)

1. A safety instrumented system SIL verification method, comprising the steps of:
s11, setting a safety instrument function SIF loop for constructing a reliability block diagram to comprise a sensing unit, a logic controller unit and an execution unit;
s12, respectively calculating the safety failure score SFF and the maximum fault margin HFT of each unit according to the failure data of each element in the SIF loop, and obtaining the structural constraint grade of the SIF loop;
s13, when modeling calculation is carried out on the three units respectively, the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated from the periodic detection time intervals of the component and its corresponding test coverage PTC.
2. A safety instrumented system, SIL, verification method according to claim 1, wherein said performing modeling calculations on each of the three units, further comprises:
for periodic detection of undetectable catastrophic failures, the common cause failure of the undetectable catastrophic failure portion of the component is calculated based on the overhaul period or the offline detection period of the component and its corresponding PTC.
3. A safety instrumented system, SIL, verification method according to claim 2, wherein said performing modeling calculations on each of the three units comprises:
calculating a common cause failure of the detectable catastrophic failure portions of the component, and a common cause failure of the undetectable catastrophic failure portions, according to equation (1);
βDλDDMTTR+βλDUPTC(T1/2+MRT)+βλDU(1-PTC)(T22+ MRT), formula (1);
wherein, PFDGIs the average probability of failure; t is1Is a periodic detection time interval of the component; t is2The device is an overhaul period or an offline detection period of the device; beta is a common cause failure factor; beta is aDA common cause failure coefficient for a dangerous failure; lambda [ alpha ]DDFor a detectable probability of dangerous failure, λDUIs an undetectable dangerous failure probability; MTTR is the mean repair time; MRT is the average repair time; PTC is a test coverage for periodic testing.
4. A safety instrumented system SIL verification method according to any one of claims 1 to 3, wherein the sensing unit, the logic controller unit and the execution unit are connected in series relationship.
5. A safety instrumented system SIL verification method according to any one of claims 1 to 3, wherein the structural constraint level of the SIF loop is the smallest structural constraint level in each cell.
6. A safety instrumented system SIL verification method according to any one of claims 1 to 3, wherein the sensing unit comprises all elements on the SIF loop from the field sensing element to the logic controller input.
7. A safety instrumented system SIL verification method according to any one of claims 1 to 3, wherein said logic controller unit comprises an input card (AI/DI), an output card (AO/DO), a power supply module, and a CPU.
8. A safety instrumented system, SIL, verification method according to any one of claims 1 to 3, wherein the execution unit comprises all the elements on the SIF loop from the logic controller output to the field final actuator.
9. A safety instrumented System (SIL) verification method according to claim 8,
when the final execution element is a pump, the elements of the execution unit comprise an intermediate element (output) and an electric control cabinet;
when the final actuator is a control valve, the elements of the actuator unit include an intermediate element (output), an output interface, an actuator interface, a pneumatic element, an actuator, and a valve body.
10. A safety instrumented system, SIL, verification method according to claim 1, wherein the method of obtaining failure data for each element in the SIF loop comprises:
s21, determining the triggering mode, alarm setting, signal range checking and transient signal function of the signal of the sensing unit according to the field condition;
s22, determining whether the execution unit has the technical standard specification TSO requirement, partial stroke test, severe working condition and other factors according to the field condition;
and S23, determining failure data of the instrument element according to conditions such as the setting condition of the instrument, the requirement of actual working conditions and the like, preferentially adopting the failure data in an instrument SIL authentication certificate, and if the instrument has no SIL authentication, adopting the failure data of the universal instrument in a safety control equipment reliability database in a PHAMS (national petrochemical safety risk assessment and management platform).
11. A safety instrumented system, SIL, verification method according to claim 1, wherein said calculating SFF and HFT of each cell comprises:
s31, respectively calculating the SFF of each unit according to the failure data of the instrument;
s32, obtaining the HFT of each unit according to the arrangement structure of each unit;
s33, determining the meter type of each unit according to the selected meter element;
and S34, confirming the structural constraint of the SIF loop of each unit according to the structural constraint table corresponding to the selected item according to the specification.
12. A safety instrumented system, SIL, verification method according to claim 1, wherein said performing modeling calculations on each of the three units comprises:
the failure rate of the SIF loop is the sum of the failure rates of the sensing unit, the logic controller unit and the execution unit.
13. A safety instrumented system, SIL, verification device, comprising:
the logic division module is used for dividing SIF loops for constructing the reliability block diagram into a sensing unit, a logic controller unit and an execution unit;
the constraint grade generation module is used for respectively calculating the SFF and the HFT of each unit according to the failure data of each element in the SIF loop and obtaining the structural constraint grade of the SIF loop;
the modeling calculation module is used for respectively carrying out modeling calculation on the three units; the method comprises the following steps: the common cause failure of the undetectable dangerous failure portion of the component is calculated based on the periodic detection time interval of the component and its corresponding inspection test coverage.
14. A safety instrumented system, SIL, verification apparatus according to claim 13, wherein said modeling calculation module, further comprises:
for a periodic detection of an undetectable critical failure, the common cause failure of the undetectable critical failure portion of the component is calculated based on the overhaul period or the offline detection period of the component and its corresponding inspection test coverage.
15. A safety instrumented system, SIL, verification apparatus according to claim 14, wherein said modeling calculation module comprises:
calculating a common cause failure of the detectable catastrophic failure portions of the component, and a common cause failure of the undetectable catastrophic failure portions, according to equation (1);
βDλDDMTTR+βλDUPTC(T1/2+MRT)+βλDU(1-PTC)(T2/2+MRT),formula (1);
wherein, PFDGIs the average probability of failure; t is1Is a periodic detection time interval of the component; t is2The device is an overhaul period or an offline detection period of the device; beta is a common cause failure factor; beta is aDA common cause failure factor for detectable dangerous failure; lambda [ alpha ]DDFor a detectable probability of dangerous failure, λDUIs an undetectable dangerous failure probability; MTTR is the mean repair time; MRT is the average repair time; PTC is a test coverage for periodic testing.
16. A memory comprising a software program adapted to perform the steps of the safety instrumented system SIL verification method according to any one of claims 1 to 12 by a processor.
17. A safety instrumented system, SIL, verification device, comprising a bus, a processor, and a memory as claimed in claim 16;
the bus is used for connecting the memory and the processor;
the processor is configured to execute a set of instructions in the memory.
CN202010329087.2A 2020-04-23 2020-04-23 Memory, safety instrumentation system SIL verification method, system and apparatus Pending CN113553687A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010329087.2A CN113553687A (en) 2020-04-23 2020-04-23 Memory, safety instrumentation system SIL verification method, system and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010329087.2A CN113553687A (en) 2020-04-23 2020-04-23 Memory, safety instrumentation system SIL verification method, system and apparatus

Publications (1)

Publication Number Publication Date
CN113553687A true CN113553687A (en) 2021-10-26

Family

ID=78129568

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010329087.2A Pending CN113553687A (en) 2020-04-23 2020-04-23 Memory, safety instrumentation system SIL verification method, system and apparatus

Country Status (1)

Country Link
CN (1) CN113553687A (en)

Similar Documents

Publication Publication Date Title
KR20190025474A (en) Apparatus and Method for Predicting Plant Data
CN105912413B (en) Method and device for evaluating the availability of a system, in particular a safety-critical system
Catelani et al. Evaluation of the Safe Failure Fraction for an electromechanical complex system: remarks about the standard IEC61508
CN112014303A (en) Equipment part corrosion early warning method and device
Burr et al. Revisiting statistical aspects of nuclear material accounting
Hauge et al. Reliability prediction method for safety instrumented systems–pds method handbook, 2010 edition
CN109990803B (en) Method and device for detecting system abnormity and method and device for sensor processing
US20160195872A1 (en) System for Assisting Operation at the Time of Plant Accident and Method for Assisting Operation at the Time of Plant Accident
CN113553687A (en) Memory, safety instrumentation system SIL verification method, system and apparatus
CN114341814A (en) Efficient fault analysis by simulating faults in digital twinning
CN104460337B (en) A kind of control system analysis of common cause failure method based on the amendment β factors
Rouvroye et al. Minimizing costs while meeting safety requirements: Modeling deterministic (imperfect) staggered tests using standard Markov models for SIL calculations
RU2667119C2 (en) Products residual defectiveness monitoring method
Oberkampf et al. Design of and Comparison with Verification and Validation Benchmarks.
Fujiwara et al. A calculation method for software safety integrity level
Bitanov Reliability study of subsea control module with focus on statistical methods
CN112906237A (en) Engine component fault analysis method and system
Belland et al. Using fault trees to analyze safety-instrumented systems
Bagajewicz On a new definition of a stochastic-based accuracy concept of data reconciliation-based estimators
Agarwal Markovian software reliability model for two types of failures with imperfect debugging rate and generation of errors
Szkoda et al. Reliability and availability assessment of a transport system using Dynamic Fault Tree and Monte Carlo simulation
CN107679320A (en) Corrosion data reliability determination methods and system for aircaft configuration performance prediction
Prasad et al. Assessing software reliability using inter failures time data
Catelani et al. Functional safety assessment: An issue for technical diagnostics
CN115858403B (en) False alarm rate prediction method of electronic system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination