CN113608494B - Interlocking control method and device and safety instrument system - Google Patents

Interlocking control method and device and safety instrument system Download PDF

Info

Publication number
CN113608494B
CN113608494B CN202110902530.5A CN202110902530A CN113608494B CN 113608494 B CN113608494 B CN 113608494B CN 202110902530 A CN202110902530 A CN 202110902530A CN 113608494 B CN113608494 B CN 113608494B
Authority
CN
China
Prior art keywords
signal
fault
safety
safety instrument
condition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110902530.5A
Other languages
Chinese (zh)
Other versions
CN113608494A (en
Inventor
靳亚铭
李磊
杨刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sinopec Engineering Inc
Original Assignee
Sinopec Engineering Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sinopec Engineering Inc filed Critical Sinopec Engineering Inc
Priority to CN202110902530.5A priority Critical patent/CN113608494B/en
Publication of CN113608494A publication Critical patent/CN113608494A/en
Application granted granted Critical
Publication of CN113608494B publication Critical patent/CN113608494B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • G05B19/054Input/output
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/10Plc systems
    • G05B2219/11Plc I-O input output
    • G05B2219/1103Special, intelligent I-O processor, also plc can only access via processor
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)

Abstract

The embodiment of the disclosure provides an interlocking control method and device and a safety instrument system, and relates to the technical field of process control. The interlocking control method comprises the following steps: under the condition of receiving the fault signal, maintaining the current state and starting a timing function; determining a fault type corresponding to the fault signal according to a preset corresponding relation between the fault type and the fault signal, and generating a reminding signal aiming at the fault type; and generating a reset signal to reset under the condition that the fault is eliminated within the preset time, and otherwise, sending a trigger signal to the safety instrument system to trigger an interlocking action corresponding to the fault signal. According to the technical scheme, the time interval of misoperation or misoperation parking can be prolonged or avoided, the frequency and probability of misoperation or misoperation parking are reduced, economic loss caused by misoperation or misoperation parking is reduced, and potential threat to human bodies and environments is reduced.

Description

Interlocking control method and device and safety instrument system
Technical Field
The present disclosure relates to the field of process control technologies for petroleum, natural gas, chemical industry, pharmaceutical industry, etc., and in particular, to an interlocking control method and apparatus, and a safety instrument system.
Background
In the field of process control of petroleum, chemical industry, natural gas, etc., safety Instrumented Systems (SIS) play an increasingly important role as an important protective layer. The safety instrumented system includes a plurality of Safety Instrumented Function (SIF) circuits, and thus, the design of each safety instrumented function circuit is directly related to the safety performance of the entire petrochemical plant. Once the safety function fails, significant personal and economic, and even environmental, losses can result. However, if a safety instrument functional loop is not reasonably designed or is not optimal, a false stop or false action can often occur, so that an unintended stop is caused, and a huge economic loss can be caused for enterprises, and potential threats are brought to human bodies and the environment.
One-out interlock is one of the more common functional loop configurations of safety instruments, and although the safety and usability thereof are not the best choice, one-out interlock is also largely applied to SIL 0 or SIL 1 in the design process. The one-out interlock structure (hft=0) is fully applicable to SIL 0 or SIL 1, and even to some SIL 2 applications, according to IEC 61511 requirements.
Particularly, for petrochemical devices which are already built or put into operation for more than ten years, because of low attention to SIL in the early stage, a plurality of one-to-one interlocking structures are adopted, and even an interlocking circuit for stopping the whole device adopts one-to-one interlocking structure. For the safety instrument functional loop adopting the one-to-one interlocking structure, the input signal cannot be effectively identified due to the defects in the prior art, false signals often occur to cause false stopping or false actions, and huge economic loss is brought to enterprises.
How to reduce the frequency or probability of occurrence of false stopping or false actions on the premise of guaranteeing the safety of a functional loop of a safety instrument becomes an increasingly focused problem in the industry.
Disclosure of Invention
The disclosure provides an interlocking control method and device and a safety instrument system.
According to an aspect of the present disclosure, there is provided an interlock control method applied to a safety instrumented system, the method including:
under the condition of receiving the fault signal, maintaining the current state and starting a timing function;
determining a fault type corresponding to the fault signal according to a preset corresponding relation between the fault type and the fault signal, and generating a reminding signal aiming at the fault type;
and generating a reset signal to reset under the condition that the fault is eliminated within the preset time, and otherwise, sending a trigger signal to the safety instrument system to trigger an interlocking action corresponding to the fault signal.
In some possible implementations, generating the alert signal for the type of fault includes:
and generating an alarm signal and displaying the fault type and a safety instrument function loop corresponding to the fault signal.
In some possible implementations, the method further includes:
and sending a safety protection signal to the safety instrument system under the condition of receiving the fault signal so as to switch the safety instrument functional circuit corresponding to the fault signal into a safety protection state.
In some possible implementations, before receiving the fault signal, the method further includes:
receiving detection signals of all safety instruments in a safety instrument system;
and under the condition that the detection signal is different from the corresponding preset signal, determining that the detection signal is a fault signal.
In some possible implementations, the detection signal includes at least one of: flow signal, pressure signal, liquid level signal, temperature signal, product composition signal, vibration signal, displacement signal, rotational speed signal.
In some possible implementations, the fault type includes at least one of: pipeline blockage, short circuit, open circuit, overscan, signal interference, operational fluctuations, and illegal operation.
In some possible implementations, the preset time is less than or equal to a process safety time corresponding to the fault type.
According to a second aspect of the present disclosure, there is provided an interlock control apparatus for use in a safety instrumented system, the apparatus comprising:
the fault processing module is used for keeping the current state and starting a timing function under the condition of receiving the fault signal;
the fault determining and reminding module is used for determining the fault type corresponding to the fault signal according to the corresponding relation between the preset fault type and the fault signal and generating a reminding signal aiming at the fault type;
and the reset and trigger interlocking module is used for generating a reset signal to reset under the condition that the fault is eliminated within the preset time, and otherwise, sending a trigger signal to the safety instrument system to trigger the interlocking action corresponding to the fault signal.
In some possible implementations, the fault determination and reminder module includes:
the alarm sub-module is used for generating an alarm signal;
and the display sub-module is used for displaying the fault type and the safety instrument functional loop corresponding to the fault signal.
In some possible implementations, the fault handling module is further to:
and sending a safety protection signal to the safety instrument system under the condition of receiving the fault signal so as to switch the safety instrument functional circuit corresponding to the fault signal into a safety protection state.
In some possible implementations, the apparatus further includes:
the signal receiving module is used for receiving detection signals of all safety instruments in the safety instrument system;
the fault diagnosis module is used for determining the detection signal as a fault signal under the condition that the detection signal is different from the corresponding preset signal.
In some possible implementations, the preset time is less than or equal to a process safety time corresponding to the fault type.
According to a third aspect of the present disclosure, there is provided a safety instrumented system comprising an interlock control device in any embodiment of the present disclosure.
According to the technical scheme, under the condition that the fault signal is received, the interlocking action is not directly triggered, but the timing function is started, if the fault is eliminated within the preset time, the interlocking action corresponding to the fault signal is not triggered any more, and if the fault is not eliminated within the preset time, the interlocking action corresponding to the fault signal is triggered. Compared with the condition that the interlocking action is triggered after the fault signal is received, the interlocking control method of the embodiment of the disclosure sets the preset time, so that maintenance personnel can repair faults which can cause misoperation or incorrect parking in the preset time, thereby prolonging or avoiding time intervals of misoperation or incorrect parking, reducing the times and probability of misoperation or incorrect parking, reducing economic loss caused by misoperation or incorrect parking, and reducing potential threats to personnel and environment.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a schematic diagram of an interlock control method according to an embodiment of the present disclosure;
FIG. 2 is a schematic workflow diagram of an interlock control method according to an embodiment of the present disclosure;
FIG. 3 is a block diagram illustrating an interlock control apparatus in accordance with one embodiment of the present disclosure;
FIG. 4 is a block diagram illustrating an interlock control apparatus in accordance with another embodiment of the present disclosure;
FIG. 5 is a block diagram illustrating an interlock control apparatus in accordance with another embodiment of the present disclosure;
FIG. 6 is a functional block diagram of an interlock control apparatus in an embodiment of the present disclosure;
FIG. 7 is a block diagram of a safety instrumented system in an embodiment of the present disclosure;
FIG. 8 is a Markov model of a prior art one-piece construction;
fig. 9 is a Markov model of an alternative configuration employing an interlock control method according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The safety instrumented system includes a plurality of safety instrumented functional loops and further includes a Programmable Logic Controller (PLC). The safety instrument functional loop is a loop where the safety instrument is located, for example, the safety instrument functional loop corresponding to the flow instrument is a loop where the flow instrument is located. Each safety instrument (such as a flow instrument, a temperature instrument, a pressure detection instrument and the like) in each safety instrument functional loop is connected with an input I/O interface of the PLC, an output I/O interface of the PLC is connected with an executing component (such as a pump, a valve and the like) in each safety instrument functional loop, and the PLC is used for monitoring the operation of each safety instrument functional loop. When the safety instrument in the safety instrument functional loop fails, the PLC triggers an interlocking action corresponding to the safety instrument functional loop through the output I/O interface, so that the safety instrument functional loop stops running, and the safety of a safety instrument system is ensured. However, in actual operation, misoperation or incorrect parking often occurs, so that unplanned parking of the system is caused, huge economic loss is also caused for enterprises, and potential threats are brought to personnel and environment.
In order to extend the time interval of malfunction or misparking or reduce the number and probability of occurrence of misparking, embodiments of the present disclosure provide an interlock control method.
Fig. 1 is a schematic diagram of an interlock control method according to an embodiment of the disclosure, as shown in fig. 1, where the interlock control method is applied to a safety instrument system, the method may include:
s110: under the condition of receiving the fault signal, maintaining the current state and starting a timing function;
s120: determining a fault type corresponding to the fault signal according to a preset corresponding relation between the fault type and the fault signal, and generating a reminding signal aiming at the fault type;
s130: and under the condition that the fault is eliminated within the preset time, generating a reset signal to reset, otherwise, sending a trigger signal to the safety instrument system to trigger an interlocking action corresponding to the fault signal.
For example, the interlock control method may be performed by the interlock control apparatus. And under the condition that a fault signal is received, the interlocking control device keeps the current state and starts a timing function, and waits for the fault to be eliminated.
For example, a table of correspondence between the fault type and the fault signal may be preset, and in the case of receiving the fault signal, the fault type corresponding to the fault signal may be determined according to the preset correspondence between the fault type and the fault signal.
For example, after the fault is cleared within a preset time, a reset signal is generated to cause the interlock control device to reset so that the interlock control device continues to monitor. If the fault is not eliminated within the preset time, a trigger signal is sent to a PLC in the safety instrument system, and the PLC triggers an interlocking action corresponding to the fault signal through an output I/O based on the trigger signal so as to stop the operation of the corresponding safety instrument functional loop.
According to the interlocking control method of the embodiment of the disclosure, under the condition that the fault signal is received, the interlocking action is not directly triggered, but a timing function is started, if the fault is eliminated within the preset time, the interlocking action corresponding to the fault signal is not triggered any more, and if the fault is not eliminated within the preset time, the interlocking action corresponding to the fault signal is triggered. Compared with the condition that the interlocking action is triggered after the fault signal is received, the interlocking control method of the embodiment of the disclosure sets the preset time, so that maintenance personnel can repair faults which can cause misoperation or incorrect parking in the preset time, thereby prolonging or avoiding time intervals of misoperation or incorrect parking, reducing the times and probability of misoperation or incorrect parking, reducing economic loss caused by misoperation or incorrect parking, and reducing potential threats to personnel and environment. The interlocking control method of the embodiment of the disclosure can meet the requirement of a target SIL and can be suitable for occasions of SIL 0 and SIL 1.
In one embodiment, before receiving the fault signal, the interlock control method may further include: receiving detection signals of all safety instruments in a safety instrument system; and under the condition that the detection signal is different from the corresponding preset signal, determining the detection signal as a fault signal.
The safety instrument function circuit may be a one-piece interlock circuit, for example.
For example, an input preset signal corresponding to each safety instrument may be received, and the preset signal may be a safety operation parameter of each safety instrument in a safety operation state of the safety instrument function circuit. And when the detection signal is in the range of the preset signal (namely, the safety operation parameter), the safety instrument functional circuit is in the safety operation state.
For example, the interlock control apparatus may include an input module through which an operator may input preset signals of the respective safety instruments and store the preset signals so that whether the detection signal is a fault signal may be determined using the stored preset signals. In the field of process control, the preset signal of each safety instrument may be a span range including an upper limit value and a lower limit value.
For example, each safety instrument functional circuit may be monitored in real time, and detection signals of each safety instrument may be received in real time. When the detection signal is different from the corresponding preset signal, namely the detection signal is located outside the range of the preset signal, the detection signal is determined to be a fault signal, and the safety instrument functional loop is not in a safe running state any more. At this time, the detection signal is determined as a fault signal so as to confirm or repair the fault.
For example, in the field of process control of petroleum, chemical, natural gas, etc., process operating parameters such as flow, pressure, liquid level, temperature, etc., need to be monitored. In the embodiment of the disclosure, the type of the detection signal may include at least one of a flow signal, a pressure signal, a liquid level signal, a temperature signal, a product composition signal, a vibration signal, a displacement signal, a rotation speed signal, and the like. It will be appreciated that the flow, pressure, level, temperature, etc. meters may convert the sensed flow, pressure, level, temperature, etc. into corresponding electrical signals (e.g., current, voltage, resistance, pulses, etc.) for input to the interlock control device. Correspondingly, the type of fault signal may include at least one of a flow signal, a pressure signal, a liquid level signal, a temperature signal, a product composition signal, a vibration signal, a displacement signal, a rotational speed signal, and the like. For example, the detection signal is a pressure signal, the preset pressure signal ranges from P1 to P2, and when the detection signal is not within the range from P1 to P2, the detection signal is determined as a fault signal.
In the embodiment of the disclosure, the detection signal is not limited to 0/1 logic, so that the input types of the detection signal are enriched, and false signals and real signals can be effectively distinguished.
In one embodiment, generating a reminder signal for the type of fault may include: and generating an alarm signal and displaying the fault type and a safety instrument function loop corresponding to the fault signal.
For example, after determining the type of fault corresponding to the fault signal, an alarm signal needs to be generated to prompt the operator to fail. In order to further display the fault type to the operator and assist the operator, the fault type and the safety instrument function loop corresponding to the fault signal can be displayed, so that the operator can more pertinently overhaul the corresponding safety instrument function loop after learning the fault safety instrument function loop and the fault type, and overhaul accuracy and efficiency are improved. For example, after the maintenance personnel hear the alarm, the maintenance personnel know that the fault type is flow fault and the corresponding safety instrument functional loop through the display device, so that the flow of the safety instrument functional loop can be subjected to targeted maintenance or replacement, the efficiency of knowing the fault source is greatly improved, and the maintenance speed is improved.
Illustratively, each meter in each safety meter functional circuit is connected to an input I/O interface of the PLC, and the safety meter functional circuit that has failed can be known from the address of the I/O interface that has failed.
Illustratively, each safety instrument functional circuit is associated with a unique identification code. The safety instrument function circuit corresponding to the fault signal may be displayed, and the identification code corresponding to the fault signal may be displayed, so that an operator can confirm the safety instrument function circuit having the fault through the identification code.
It will be appreciated that each safety instrumented function circuit in a safety instrumented system includes a number of components, which can increase the difficulty of the display if the structure of the safety instrumented function circuit is displayed directly. The unique identification codes can be set for the functional loops of the safety instruments, and after a maintainer views the displayed identification codes, the corresponding functional loops of the safety instruments can be determined through the identification codes.
The identification code may be a code corresponding to the safety instrument function circuit or may be a name of the safety instrument function circuit, etc. the specific form of the identification code may be set as required, so long as the safety instrument function circuits may be distinguished.
In one embodiment, the interlock control method may further include:
and under the condition that the fault signal is determined, sending a safety protection signal to the safety instrument system so as to switch the safety instrument functional circuit corresponding to the fault signal into a safety protection state.
For example, if a safety instrument function circuit fails, it may cause a hazard if it continues to be used normally. In the embodiment of the disclosure, under the condition that the fault signal is determined, the safety protection signal is sent to the safety instrument system, so that the safety instrument system can carry out safety protection on the safety instrument function loop corresponding to the fault signal, and danger is avoided.
For example, the safety protection state may be a current operating state, and the safety instrument function circuit corresponding to the fault signal is switched to the safety protection state, that is, the safety instrument function circuit corresponding to the fault signal is maintained in the current operating state. For example, when the fault signal is a pressure signal, the safety instrument function circuit is shifted to a safety protection state, that is, the safety instrument function circuit is kept in a current operation state, for example, the flow rate of the pump is kept in a current state, and the opening degree of the valve is kept in a current state, so as to prevent the pressure from further deteriorating to cause a hazard.
The safety protection state may also be, for example, another form of safety operation state in the art, for example, controlling the flow rate of the pump into a relatively safe state, controlling the valve opening into a relatively safe state, as long as the safety instrument function circuit is in this state without further causing danger.
In one embodiment, the fault type may include at least one of a line blockage, a short circuit, a circuit break, an overscan, a signal disturbance, an operational surge, an illegal operation, etc.
In one embodiment, the preset time may be less than or equal to the process safety time, for example, the process safety time is 60 minutes, and the preset time may be less than or equal to 60 minutes. For example, the process safety times corresponding to the various fault types may be different, and the preset time may be less than or equal to the process safety time corresponding to the fault type. For example, in the case where the fault type is a first type of fault, the preset time may be less than or equal to the first process safety time, e.g., the first process safety time is 30 minutes; in the case that the fault type is a second type of fault, the preset time may be less than or equal to the second process safety time, for example, the second process safety time is 60 minutes.
In the case that the fault is eliminated within the preset time, a reset signal may be generated to cause the interlock control apparatus to reset so that the interlock control apparatus may continue the interlock control. In step S110, when a fault signal is received, the interlock control apparatus maintains the current state, and cannot continue with the next fault signal detection. After the fault is eliminated in the preset time, the interlocking control device resets under the action of the reset signal, so that the fault signal detection can be continued.
For example, a fault clearing switch may be provided, and if the fault is cleared within a preset time, a serviceman may press the fault clearing switch, and the interlock control device receives a fault clearing instruction, it indicates that the fault is cleared within the preset time, and thus, the interlock control device generates a reset signal to reset.
For example, after the fault is eliminated, the interlock control device no longer receives the fault signal, and thus, the interlock control device may automatically generate a reset signal to reset according to no longer receiving the fault signal.
If the fault is not eliminated within the preset time, a trigger signal is sent to the safety instrument system to trigger an interlocking action corresponding to the fault signal, so that the safety instrument function loop corresponding to the fault stops running.
Illustratively, sending the trigger signal to the safety instrumented system may include: automatically sending a trigger signal to a safety instrument system under the condition that the preset time is over; or, in a preset time, based on the trigger instruction, sending a trigger signal to the safety instrument system.
For example, if the maintenance personnel find that the fault type is a fault which cannot be eliminated within a preset time or an emergency fault which must be shut down and tripped, the maintenance personnel can send a trigger instruction by touching the trigger switch, and the interlocking control device sends a trigger signal to the safety instrument system after receiving the trigger instruction.
If the fault is not eliminated within the preset time, the corresponding safety instrument functional circuit can cause danger if the operation is continued, so that in the case, the interlocking action corresponding to the fault signal is triggered, the corresponding safety instrument functional circuit stops operating, and further shutdown tripping is realized, and danger is avoided.
Fig. 2 is a schematic workflow diagram of an interlock control method according to an embodiment of the present disclosure. As shown in fig. 2, the interlock control device receives the detection signal and diagnoses the detection signal; under the condition that the detection signal is a fault signal, starting timing and generating a reminding signal, and sending a safety protection signal to a safety instrument system to protect a corresponding safety instrument functional loop; judging whether the fault is eliminated within the preset time, if so, generating a reset signal to reset the interlocking control device, and if not, sending a trigger signal to the safety instrument system to trigger the interlocking action. After receiving the trigger signal, the PLC of the safety instrument system triggers the interlocking action corresponding to the fault signal, so that the corresponding safety instrument functional loop stops running.
In one implementation, the interlock control method in the embodiments of the present disclosure may be implemented by a programmable logic controller. The interlock control method may also be implemented using a computer, for example.
Fig. 3 is a block diagram of an interlock control apparatus according to an embodiment of the present disclosure. The embodiment of the disclosure also provides an interlocking control device (AMO) which can be applied to a safety instrument system. As shown in fig. 3, the interlock control apparatus may include:
the fault processing module 31 is configured to maintain a current state and start a timing function when a fault signal is received;
the fault determining and reminding module 32 is configured to determine a fault type corresponding to the fault signal according to a preset corresponding relationship between the fault type and the fault signal, and generate a reminding signal for the fault type;
the reset and trigger interlocking module 33 is configured to generate a reset signal to perform resetting when the fault is eliminated within a preset time, and otherwise, send a trigger signal to the safety instrument system to trigger an interlocking action corresponding to the fault signal.
Fig. 4 is a block diagram illustrating an interlock control apparatus according to another embodiment of the present disclosure. In one embodiment, as shown in FIG. 4, the fault determination and reminder module 32 can include:
an alarm sub-module 321 for generating an alarm signal;
a display sub-module 322 for displaying the fault type and the safety instrument function loop corresponding to the fault signal.
In one embodiment, the fault handling module 31 is further configured to: and sending a safety protection signal to the safety instrument system under the condition of receiving the fault signal so as to switch the safety instrument functional circuit corresponding to the fault signal into a safety protection state.
Fig. 5 is a block diagram illustrating an interlock control apparatus according to another embodiment of the present disclosure. In one embodiment, as shown in fig. 5, the interlock control apparatus may further include:
a signal receiving module 34 for receiving detection signals of respective safety instruments in the safety instrument system;
the fault diagnosis module 35 is configured to determine that the detection signal is a fault signal when the detection signal is different from the corresponding preset signal.
In one embodiment, the detection signal comprises at least one of: flow signal, pressure signal, current signal, voltage signal, speed signal.
In one embodiment, the fault type includes at least one of: pipeline blockage, short circuit, open circuit, overscan, signal interference, operational fluctuations, and illegal operation.
In one embodiment, the preset time is less than or equal to a process safety time corresponding to the type of fault.
Fig. 6 is a functional block diagram of an interlock control apparatus in an embodiment of the present disclosure. The specific operation of the interlock control apparatus will be described below in connection with the type of failure.
As shown in fig. 6, the field instrument (which may also be called a safety instrument) is connected to the PLC through an input I/O interface, and the PLC is connected to an execution part in the safety instrument function loop through an output I/O interface.
After the fault diagnosis module determines a fault signal, the fault processing module responds to the fault signal, the interlocking control device executes action 3 (namely, keeps the current state) and starts a timing function; the fault determining and reminding module displays the fault type and generates an alarm.
Case 1: the maintenance personnel verifies the working state of the field instrument under the reminding of the alarm signal, if a fault which cannot be maintained within the preset time occurs, the maintenance personnel can operate the trigger switch to send a trigger instruction, and the interlocking control device executes action 2 (namely shutdown tripping) to stop the operation of a safety instrument functional loop corresponding to the fault.
Case 2: and a maintenance person verifies the working state of the field instrument under the reminding of the alarm signal, and if the fault type is pipeline blockage, the maintenance person immediately solves the fault and closes the corresponding valve to dredge. If the fault is eliminated within the preset time, generating a reset signal, and executing action 1 (namely resetting to return to an initial state) by the interlocking control device; if the line blockage fault is not eliminated within the preset time, the interlocking control device executes action 2 (i.e. stop tripping) to stop the operation of the safety instrument function circuit corresponding to the line blockage fault.
Case 3: and a maintenance person verifies the working state of the field instrument under the reminding of the alarm signal, and if the fault type is short circuit, the maintenance person immediately solves the short circuit problem. If the short circuit fault is eliminated within the preset time, the interlocking control device executes action 1 (namely, resets and returns to the initial state); if the short-circuit fault is not eliminated within the preset time, the interlocking control device executes action 2 (namely, shutdown tripping) to stop the operation of the safety instrument function loop corresponding to the short-circuit fault.
Case 4: and a maintenance person verifies the working state of the field instrument under the reminding of the alarm signal, and if the fault type is open circuit, the maintenance person immediately solves the open circuit problem. If the open circuit fault is eliminated within the preset time, the interlocking control device executes action 1 (namely, resets and returns to the initial state); if the open-circuit fault is not eliminated within the preset time, the interlocking control device executes action 2 (namely, shutdown tripping) to stop the operation of the safety instrument function circuit corresponding to the open-circuit fault.
Case 5: a maintenance person verifies the working state of the field instrument under the reminding of an alarm signal, and if the fault type is signal interference, the interlocking control device executes action 1 (namely, resets and returns to an initial state) after the signal interference is automatically eliminated; if the signal disturbance is not eliminated within the preset time, the interlocking control device executes action 2 (namely, shutdown tripping) to stop the operation of the safety instrument function loop corresponding to the open-circuit fault.
The embodiment of the disclosure also provides a safety instrument system. Fig. 7 is a block diagram of a safety instrumented system in an embodiment of the present disclosure. As shown in fig. 7, the safety instrumented system includes an interlock control device and a plurality of safety instrumented functional circuits in the above embodiments of the present disclosure. Each safety instrument (also called field instrument) in the plurality of safety instrument functional circuits is connected with an interlocking control device through an input I/O interface, the interlocking control device is connected with a PLC, the PLC is connected with an execution part in the safety instrument functional circuit through an output I/O interface, and specifically, the PLC is connected with each execution part in the safety instrument functional circuit through an output I/O interface.
For the technical scheme of the embodiment of the disclosure, a Markov (Markov) model and a transfer matrix method can be adopted to calculate and obtain the values of the PFD and the MTTF so as to verify the operability of prolonging the time interval of the wrong parking time or reducing the probability of the wrong parking.
The interlock control method of the disclosed embodiments may be applied to the safety integrity test verification of a particular safety instrumented system. Assuming that the average maintenance time for online maintenance of the transmitter is one shift of 8 hours, tr=8, the repair rate μ for online maintenance 0 =1/tr=1/8. After one fault-free stop, the safety instrument system is restarted for 24 hours, namely TSD=8, system repair rate mu SD =1/tsd=1/24; the functional test period is 8760 hours a year, assuming an ideal state, i.e., diagnostic coverage c=100%; it is also assumed that the system reaches a limit state within one test period.
Table 1 shows failure data of the transmitters, and the failure data of the transmitters are shown in Table 1.
Table 1 failure data for transmitters
Sequence number Failure type Failure rate (hr) -1 )
1 Detectable failure rate lambda SD 0
2 Undetected failure rate lambda SU 8.4×10 -8
3 Detectable failure rate lambda of danger DD 2.58×10 -7
4 Undetected dangerous failure rate lambda DU 3.2×10 -8
5 Failure rate lambda of diagnosis P 2.95×10 -8
Fig. 8 shows a Markov model of a prior art one-piece structure.
Expression (1) is a first transfer matrix, which is a transfer matrix of a Markov model in the prior art. From fig. 8 and the first state transition matrix, a first state transition matrix as expressed by expression (2) can be obtained:
the element of the ith row and jth column in the first state transition matrix is the probability that the device will transition from state i to state j after one hour. The state corresponding to the matrix of a structure is sequentially as follows:
0: a normal state;
1: a safe failure state;
2: a detected dangerous failure condition;
3: undetected dangerous failure conditions.
The time increment was taken to be 1 hour using the Markov model.
Initial state matrix S 0 =[1 0 0 0]The method comprises the steps of carrying out a first treatment on the surface of the Dangerous failure matrix V D =[0 0 1 1] T
According to 8760 iterative calculations, the probability of dangerous failure when required
PFD avg =S 0 P 8760 V D =1.4133×10 -4
Truncating rows and columns of failed states in the first state transition demonstration into a first Q matrix as follows:
then subtracting the first Q matrix from the identity matrix to obtain a first N matrix, and finally inverting the first N matrix to obtain a first N1 matrix. Finally, the numbers of state 0 of the first N1 matrix are added to obtain the first mttf=3448279+7+7= 3448292 hours, about 394 years.
Fig. 9 is a Markov model of an alternative configuration employing an interlock control method according to an embodiment of the present disclosure.
Where Σ represents the sum of the other elements of the row. The expression (2) is a second transfer matrix, and the second transfer matrix is a transfer matrix of the Markov model after the interlocking control method of the embodiment of the disclosure is adopted.
From fig. 9 and the second transfer matrix, a second state transfer matrix as expression (4) can be obtained:
the element of the ith row and jth column in the second state transition matrix is the probability that the device transitions from state i to state j after one hour. The state corresponding to the matrix of a structure is sequentially as follows:
0: a normal state;
1: diagnosing the status;
2: a safe failure state;
3: a detected dangerous failure condition;
4: undetected dangerous failure conditions.
The time increment was taken to be 1 hour using the markov model.
Initial state matrix S 0 =[1 0 0 0]The method comprises the steps of carrying out a first treatment on the surface of the Dangerous failure matrix V D =[0 0 1 1] T
According to 8760 iterative calculations, the probability of dangerous failure PFD when required avg =S 0 P 8760 V D =1.4118×10 -4
Truncating rows and columns of failure states in the second state transition matrix to a second Q matrix as follows:
and subtracting the second Q matrix from the identity matrix to obtain a second N matrix, and finally inverting the second N matrix to obtain a second N1 matrix. Finally, the numbers of state 0 of the second N1 matrix are added to obtain a second mttf=31249971+7+63+64= 31250056 hours, about 3567 years.
Comparing the second MTTF with the first MTTF:
[31250056 hours (3567 years) is much longer than 3448292 hours (394 years).
Conclusion: the second MTTF value of the safety instrument system model adopting the interlocking control method of the embodiment of the disclosure is far greater than the first MTTF value of the safety instrument system model in the prior art, and is opposite to the PFD avg The effect of the value is negligible. Therefore, the average malfunction or erroneous parking time interval of the safety instrumented system employing the interlock control method of the embodiments of the present disclosure is greatly improved over the prior art.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the technical solutions of the present disclosure are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.

Claims (7)

1. An interlocking control method is characterized in that,
applied to a safety instrumented system, the method comprising:
under the condition of receiving the fault signal, maintaining the current state and starting a timing function;
determining a fault type corresponding to a fault signal according to a preset corresponding relation between the fault type and the fault signal, and generating a reminding signal aiming at the fault type;
generating a reset signal to reset under the condition that the fault is eliminated within a preset time, otherwise, sending a trigger signal to the safety instrument system to trigger an interlocking action corresponding to the fault signal;
under the condition of receiving a fault signal, the interlocking control device keeps the current state and starts a timing function, and waits for the fault to be eliminated;
generating a reminder signal for the fault type, comprising:
generating an alarm signal and displaying the fault type and a safety instrument function loop corresponding to the fault signal;
under the condition of receiving a fault signal, sending a safety protection signal to the safety instrument system so as to switch a safety instrument functional loop corresponding to the fault signal into a safety protection state;
the preset time is smaller than or equal to the process safety time corresponding to the fault type.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
before receiving the fault signal, the method further comprises:
receiving detection signals of all safety instruments in the safety instrument system;
and under the condition that the detection signal is different from the corresponding preset signal, determining the detection signal as a fault signal.
3. The method of claim 2, wherein the step of determining the position of the substrate comprises,
the detection signal includes at least one of: flow signal, pressure signal, liquid level signal, temperature signal, product composition signal, vibration signal, displacement signal, rotational speed signal.
4. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the fault type includes at least one of: pipeline blockage, short circuit, open circuit, overscan, signal interference, operational fluctuations, and illegal operation.
5. An interlocking control device is characterized in that,
applied to a safety instrumented system, the apparatus comprising:
the fault processing module is used for keeping the current state and starting a timing function under the condition of receiving the fault signal;
the fault determining and reminding module is used for determining the fault type corresponding to the fault signal according to the corresponding relation between the preset fault type and the fault signal and generating a reminding signal aiming at the fault type;
the reset and trigger interlocking module is used for generating a reset signal to reset under the condition that the fault is eliminated within the preset time, and otherwise, sending a trigger signal to the safety instrument system to trigger an interlocking action corresponding to the fault signal;
under the condition of receiving a fault signal, the interlocking control device keeps the current state and starts a timing function, and waits for the fault to be eliminated;
the fault determination and reminding module comprises:
the alarm sub-module is used for generating an alarm signal;
the display sub-module is used for displaying the fault type and a safety instrument function loop corresponding to the fault signal;
the fault handling module is further configured to:
under the condition of receiving a fault signal, sending a safety protection signal to the safety instrument system so as to switch a safety instrument functional loop corresponding to the fault signal into a safety protection state;
the preset time is smaller than or equal to the process safety time corresponding to the fault type.
6. The apparatus of claim 5, wherein the device comprises a plurality of sensors,
the apparatus further comprises:
the signal receiving module is used for receiving detection signals of all safety instruments in the safety instrument system;
the fault diagnosis module is used for determining the detection signal as a fault signal under the condition that the detection signal is different from the corresponding preset signal.
7. A safety instrument system is characterized in that,
comprising an interlock control device according to claim 5 or 6.
CN202110902530.5A 2021-08-06 2021-08-06 Interlocking control method and device and safety instrument system Active CN113608494B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110902530.5A CN113608494B (en) 2021-08-06 2021-08-06 Interlocking control method and device and safety instrument system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110902530.5A CN113608494B (en) 2021-08-06 2021-08-06 Interlocking control method and device and safety instrument system

Publications (2)

Publication Number Publication Date
CN113608494A CN113608494A (en) 2021-11-05
CN113608494B true CN113608494B (en) 2023-07-18

Family

ID=78339710

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110902530.5A Active CN113608494B (en) 2021-08-06 2021-08-06 Interlocking control method and device and safety instrument system

Country Status (1)

Country Link
CN (1) CN113608494B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105093968B (en) * 2014-05-07 2018-01-26 新特能源股份有限公司 A kind of control method and system that prevent interlocking from malfunctioning
CN108288847B (en) * 2017-01-09 2019-04-23 宝山钢铁股份有限公司 A kind of air compressor motor jumps vehicle protection system and its control method
CN108873832B (en) * 2018-06-07 2021-05-04 大唐韩城第二发电有限责任公司 Logic system and device of generator fault interlocking tripping stator cooling water pump
CN111123161B (en) * 2019-12-30 2022-04-29 潍柴动力股份有限公司 Wire harness electrical fault detection method and device and controller
CN112067985B (en) * 2020-09-04 2023-05-02 全球能源互联网研究院有限公司 Movable mould test device and transient fault simulation method for high-voltage direct-current circuit breaker

Also Published As

Publication number Publication date
CN113608494A (en) 2021-11-05

Similar Documents

Publication Publication Date Title
CN100388217C (en) Dynamic threshold scaling method and system in communication system
US7355828B2 (en) Turbo machinery speed monitor
JP4785747B2 (en) Process apparatus, method, and software with monitoring overlayer
US20050274417A1 (en) Process equipment validation
US7509189B2 (en) Turbo machinery speed monitor
US10901406B2 (en) Method of monitoring and controlling an industrial process, and a process control system
KR20160003549A (en) Communication abnormality detecting apparatus, communication abnormality detecting method and program
CN113608494B (en) Interlocking control method and device and safety instrument system
KR102063873B1 (en) Method and System for Real-Time Common Cause Failure Diagnosis and Monitoring
US6788213B2 (en) Energize to actuate engineered safety features actuation system and testing method therefor
US7453675B2 (en) Turbo machinery speed monitor
US11656594B2 (en) Technologies for configuring voting blocks associated with a process control system
EP0088539A1 (en) Trip system
Signoret et al. Failure mode, effects (and criticality) analysis, FME (C) A
Chaves Increasing Cyber Resiliency of Industrial Control Systems
McGuire et al. Selecting sensors for safety instrumented systems
Sikora et al. Emergency shutdown system
KR101558073B1 (en) Method and apparatus for testing current ouput loop in distributed control system
JP2006003929A (en) Process controller and diagnosis method of control data of the same
Solutions Safety controls, alarms, and interlocks as IPLs
Bodsberg et al. Alarm and shutdown frequencies in offshore production
CN115602347A (en) Fault self-diagnosis alarm device for nuclear power plant
JPH02224001A (en) Abnormality cause decision device
JPH0520576A (en) Abnormality monitor
Brennan Avoiding spills.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220311

Address after: 100101 building 21, Anyuan, Anhui Beili, Chaoyang District, Beijing

Applicant after: SINOPEC ENGINEERING Inc.

Address before: 100101, Beijing, Chaoyang District, Ann Hui North Lane Ann Park, No. 21

Applicant before: Jin Yaming

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant