CN115935575A - Method and system for evaluating performance of two-safety fusion instrument - Google Patents

Method and system for evaluating performance of two-safety fusion instrument Download PDF

Info

Publication number
CN115935575A
CN115935575A CN202110955349.0A CN202110955349A CN115935575A CN 115935575 A CN115935575 A CN 115935575A CN 202110955349 A CN202110955349 A CN 202110955349A CN 115935575 A CN115935575 A CN 115935575A
Authority
CN
China
Prior art keywords
safety
fusion instrument
loop
loops
fusion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110955349.0A
Other languages
Chinese (zh)
Inventor
姜巍巍
曹德舜
李荣强
郭怡安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Petroleum and Chemical Corp
Sinopec Safety Engineering Research Institute Co Ltd
Original Assignee
China Petroleum and Chemical Corp
Sinopec Safety Engineering Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Petroleum and Chemical Corp, Sinopec Safety Engineering Research Institute Co Ltd filed Critical China Petroleum and Chemical Corp
Priority to CN202110955349.0A priority Critical patent/CN115935575A/en
Publication of CN115935575A publication Critical patent/CN115935575A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin
    • Y02E30/10Nuclear fusion reactors

Landscapes

  • Testing And Monitoring For Control Systems (AREA)

Abstract

The embodiment of the invention provides a method and a system for evaluating performance of an integrated two-safety instrument, and belongs to the field of petrochemical engineering safety. The two-safety fusion instrument comprises a plurality of two-safety fusion instrument loops and a protective layer, and the method comprises the following steps: for each two-ampere fusion instrument loop: judging whether the state monitoring information of the two safety fusion instrument loops meets the failure event condition or not, and if so, determining the loop structure constraint safety integrity level of the two safety fusion instrument loops; determining the safety integrity level which can be reached by the two safety fusion instrument loops according to the average failure probability of the two safety fusion instrument loops; and comparing the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be achieved by the two safety fusion instrument loops with the safety integrity level required by the two safety fusion instrument loops respectively, and outputting corresponding feedback information according to the comparison result. The invention can evaluate the loop performance of the two-safety fusion instrument in real time.

Description

Method and system for evaluating performance of two-safety fusion instrument
Technical Field
The invention relates to the field of petrochemical engineering safety, in particular to a performance evaluation method and a performance evaluation system for an integrated two-safety instrument.
Background
In the petrochemical industry, safety instrument systems are important protective layers and have the important function of lifting. Safety instrumented systems, unlike basic process control systems, are used to monitor the status of a process, determine hazardous conditions, and act appropriately when a hazardous condition occurs to prevent a hazardous event. Such as safety interlock systems for petrochemical plants, emergency shutdown systems (ESD), fire/gas protection systems, etc. Normally, safety Instrumented Systems (SIS) are static, passive, requiring no human intervention, and must be able to change from static to dynamic when a dangerous condition occurs, to perform its safety function correctly. Therefore, whether the two safety fusion instruments used for the safety instrument system can complete the action task of the safety fusion instruments when a dangerous event occurs plays an important role in preventing accidents of the safety fusion instruments.
In order to avoid the danger caused by the failure of a safety instrument system to the maximum extent, the European and American standards and the engineering practice are combined, the international standards IEC61508 and IEC61511 are proposed, and the corresponding domestic standards are GB/T20438-2006 and GB/T21109-2007. The safety management system aims at the functional safety standard GB/T20438 of an electric/electronic/programmable electronic safety related system and the functional safety standard GB/T21109 of the process industry, and provides basic theoretical basis and technical method for the design, development and safety management based on functional safety ideas of a safety instrument system.
The indicators for whether the safety instrument system is reasonable are safety function and reliability. Whether or not to have the correct safety function can be identified and defined by risk and risk analysis. The reliability index is a safety integrity level, which represents an order of magnitude of process risk reduction, and mainly includes safety integrity level determination and safety integrity level verification. The purpose of safety integrity level determination is to identify and define the required safety integrity level required by the required safety instrumented function based on process hazards and risks. The safety integrity level determination method comprises a main risk graph method, a risk matrix method and a protective layer analysis method (LOPA analysis method), and the petrochemical industry generally adopts the LOPA analysis method. The LOPA analysis determines the risk reduction that the safety instrumented function needs to provide by determining whether the initial event frequency and the independent protective layer failure frequency to prevent or mitigate the risk satisfy the total amount of risk reduction to determine the target safety integrity level. The safety integrity level verification is to calculate whether the structural constraint and the failure probability when required meet the requirement of the target safety integrity level by utilizing the function loop structure of the existing safety instrument and the failure data of the selected instrument equipment. Currently common safety integrity level verification methods include reliability block diagrams, markov models, and fault tree methods.
However, the existing safety integrity level evaluation methods are based on the condition that the two safety fusion instruments do not fail to work, and real-time adjustment cannot be performed according to the actual conditions of the two safety fusion instruments.
Disclosure of Invention
The embodiment of the invention aims to provide a method for evaluating the performance of an integrated two-safety instrument, a system for evaluating the performance of the integrated two-safety instrument and a machine-readable storage medium, and solves the problem that the performance of a loop of the integrated two-safety instrument cannot be evaluated in real time by the conventional method.
In order to achieve the above object, an embodiment of the present invention provides a method for evaluating performance of an two-safety fusion instrument, where the two-safety fusion instrument includes a plurality of two-safety fusion instrument loops and protection layers corresponding to the two-safety fusion instrument loops; the evaluation method comprises the following steps:
for each two-ampere fusion instrument loop:
acquiring state monitoring information of the two-safety fusion instrument loop;
judging whether the state monitoring information of the two safety fusion instrument loops meets the failure event condition, if so, determining the loop structure constraint safety integrity level of the two safety fusion instrument loops, and determining the safety integrity level which can be reached by the two safety fusion instrument loops according to the average failure probability of the two safety fusion instrument loops;
and comparing the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be reached by the two safety fusion instrument loops with the safety integrity level required by the two safety fusion instrument loops respectively, and outputting corresponding feedback information according to the comparison result.
Optionally, each two-ampere fusion meter loop includes: the system comprises a sensing unit, a logic control unit and an execution unit;
the step of determining the safety integrity level which can be achieved by the two-safety fusion instrument loop according to the average failure probability of the two-safety fusion instrument loop comprises the following steps:
calculating the average failure probability of the sensing units of the two-safety fusion instrument loop, the average failure probability of the logic control unit and the average failure probability of the execution unit;
and summing the average failure probability of the sensing unit, the average failure probability of the logic control unit and the average failure probability of the execution unit to obtain the average failure probability of the two-safety fusion instrument loop.
And determining the safety integrity level which can be achieved by the two safety fusion instrument loops by using the average failure probability and safety integrity level corresponding table of the two safety fusion instrument loops.
Optionally, the sensing unit includes a plurality of sensing actuators;
the calculating of the average failure probability of the sensing unit comprises the following steps:
obtaining a first parameter set of the sensing unit, the first parameter set comprising the following parameters: dangerous failure rates of all sensing executive components, voting modes of the sensing units, detection test periods of the sensing units, mean failure recovery time of all sensing executive components, common factors and detection test coverage rates of the sensing units;
and calculating all the parameters of the first parameter set by using an average failure probability calculation formula to obtain the average failure probability of the sensing unit.
Optionally, the logic control unit includes a plurality of logic control execution elements, and the calculating an average failure probability of the logic control unit includes:
obtaining a second parameter set of the logic control unit, the second parameter set comprising the following parameters: dangerous failure rates of all logic control execution elements, voting modes of the logic control units, detection test periods of the logic control units, average fault recovery time of all the logic control execution elements, common factor and detection test coverage rate of the logic control units;
and calculating all the parameters of the second parameter set by using an average failure probability calculation formula to obtain the average failure probability of the logic control unit.
Optionally, the execution unit includes a plurality of execution elements, and the calculating the average failure probability of the execution unit includes:
obtaining a third parameter set for the execution unit, the third parameter set comprising the following parameters: dangerous failure rates of all execution elements, voting modes of the execution units, detection test periods of the execution units, mean recovery time of faults of all execution elements, common factor and detection test coverage rate of the execution units;
and calculating all the parameters of the third parameter set by using an average failure probability calculation formula to obtain the average failure probability of the execution unit.
Optionally, the determining the loop structure constraint safety integrity level of the two-safety fusion instrument loop includes:
and determining the loop structure constraint safety integrity level of the two safety fusion instrument loops through the instrument types of the two safety fusion instrument loops, the safety failure scores of the two safety fusion instrument loops and the hardware fault margins of the two safety fusion instrument loops.
Optionally, the safety failure score of the two-safety fusion instrument loop is calculated by using the following formula:
SFF=(λ SDD )/(λ SD );
wherein: lambda [ alpha ] S Is a safety failure parameter of the two-safety fusion instrument loop; lambda [ alpha ] D Is a dangerous failure parameter of the two-safety fusion instrument loop; lambda [ alpha ] DD The parameters are detectable dangerous failure parameters of the two-safety fusion instrument loop; SFF is the safety failure score of a two-ampere fusion meter loop.
Optionally, the hardware fault margin of the two-safety fusion instrument loop is calculated by using the following formula:
HTF=N-M;
wherein the HTF is the hardware fault margin of the two-safety fusion instrument loop; n is the number of hardware redundancies of the two-ampere fusion instrument loop; m is the number of hardware votes for the two-ampere fusion meter loop.
Optionally, the determining the safety integrity level required by the two-safety fusion instrument loop includes:
analyzing relevant parameters of two safety fusion instrument loops where state monitoring information meeting failure event conditions is located by using a protective layer analysis method to obtain the average failure probability of the two safety fusion instrument loops when the two safety fusion instrument loops are required;
the relevant parameters include: the method comprises the steps of two devices fusing the cause of the instrument loop action, the severity level of the consequences of the occurrence possibility of the cause, the initial risk, the target risk, the enabling condition and the failure probability of the existing independent protective layer.
Optionally, the safety integrity level required by the two safety fusion instrument loops is determined according to the average failure probability of the two safety fusion instrument loops when required.
Optionally, the determining according to the average failure probability of the two-safety fusion instrument loop when in demand includes:
and determining the safety integrity level of the two safety fusion instrument loop requirements by using the average failure probability and the safety integrity level corresponding table when the two safety fusion instrument loops are required.
The invention also provides a performance evaluation system of the two-safety fusion instrument, wherein the two-safety fusion instrument comprises a plurality of two-safety fusion instrument loops and protection layers corresponding to the two-safety fusion instrument loops; the evaluation system includes:
the acquisition module is used for acquiring the state monitoring information of each two-ampere fusion instrument loop;
an evaluation module for, for each two-ampere fusion meter loop: judging whether the state monitoring information of the two safety fusion instrument loops meets the failure event condition, if so, determining the loop structure constraint safety integrity level of the two safety fusion instrument loops, and determining the safety integrity level which can be reached by the two safety fusion instrument loops according to the average failure probability of the two safety fusion instrument loops;
and the verification output module is used for comparing the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be reached by the two safety fusion instrument loops with the safety integrity level required by the two safety fusion instrument loops respectively, and outputting corresponding feedback information according to the comparison result.
The invention also provides a machine-readable storage medium having stored thereon instructions for causing a machine to perform the above-described two-safety fusion meter performance evaluation method.
By the technical scheme, the state of the two-safety fusion instrument loop is monitored in real time, the state monitoring information is confirmed to meet failure event conditions, the safety integrity level can be automatically evaluated, whether the safety integrity level meets requirements or not is judged, potential safety hazards caused by failure of the two-safety fusion instrument system are reduced, and the problem that the performance of the two-safety fusion instrument loop cannot be evaluated in real time in the conventional method is solved.
Additional features and advantages of embodiments of the present invention will be described in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
fig. 1 is a flowchart of steps of a method for evaluating performance of a two-safety fusion instrument according to an embodiment of the present application.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
The invention provides a method for evaluating the performance of a two-safety fusion instrument, wherein the two-safety fusion instrument comprises a plurality of two-safety fusion instrument loops and protection layers corresponding to the two-safety fusion instrument loops, as shown in figure 1, the method comprises the following steps:
for each two-ampere fusion instrument loop: acquiring state monitoring information of the two-safety fusion instrument loop; judging whether the state monitoring information of the two safety fusion instrument loops meets the failure event condition, if so, determining the loop structure constraint safety integrity level of the two safety fusion instrument loops, calculating the average failure probability of the two safety fusion instrument loops and determining the safety integrity level which can be reached by the two safety fusion instrument loops; and comparing the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be reached by the two safety fusion instrument loops with the safety integrity level required by the two safety fusion instrument loops respectively, and outputting corresponding feedback information according to the comparison result. The feedback information comprises a loop performance evaluation result of the two-safety fusion instrument.
According to the technical scheme of the invention, when the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be achieved by the two safety fusion instrument loops are both greater than the safety integrity level required by the two safety fusion instrument loops, the performance evaluation result of the two safety fusion instrument loops meeting the requirement of the target safety integrity level is output; when either of the loop structure constraint safety integrity level corresponding to the two safety fusion instrument loops and the safety integrity level which can be reached by the two safety fusion instrument loops is smaller than the safety integrity level of the protective layer corresponding to the two safety fusion instrument loops, the performance evaluation result of the two safety fusion instrument loops which does not meet the requirement of the target safety integrity level is output, and alarm information can be output.
Specifically, the state monitoring information of the two-safety fusion instrument loop comprises: the control system running state and alarm information, the instrument loop state information, the on-site two-safety fusion instrument equipment state information and the process quantity information. The real-time state monitoring information for monitoring the loop state of the two-safety fusion instrument adopts 4G or 5G to realize the remote transmission function; the collected state monitoring information is transmitted in a single direction, and data is forbidden to be transmitted to the control layer; the access format of the data can be selected to be the same as that of information systems such as ERP and equipment integrity system platforms, and seamless connection is carried out.
The control system running state comprises running parameters such as the load of a safety instrument system controller, the network communication load and the like; the alarm information comprises system alarm events such as controller alarm, card and channel state alarm, communication alarm, grounding alarm, power module alarm, system fan alarm, system state alarm of a safety instrument system and the like in self-diagnosis data; the system state of the safety instrument system is used for alarming, and the safety instrument system is firstly communicated to the DCS through the MODBUS RTU protocol and then is collected through OPC.
The instrument loop state information comprises an interlocking loop state of a safety instrument system, is communicated to the DCS through an MODBUS RTU protocol and is collected through an OPC data interface DA.
The status information of the on-site two-safety fusion instrument equipment comprises the operation status of the on-site two-safety fusion instrument, such as alarm information of the temperature of a diaphragm box of the transmitter, the operation status of a valve, the 'failure' and 'maintenance' of the two-safety fusion instrument and the like. The status information of the on-site two-security fusion instrument device firstly passes through a HART collector and then is converted into Ethernet communication to AMS through MODBUS RTU protocol, wherein the whole process of the AMS is ActivityManagerservice which is an important service in android.
The engineering quantity information mainly comes from the monitoring of a redundant interlocking instrument and the monitoring of the action time of a control valve, and the process quantity information in the monitoring of the redundant interlocking instrument comprises deviation alarm, open circuit and short circuit alarm information of the redundant interlocking instrument. The process quantity information in the control valve actuation time monitoring includes control valve actuation time. The engineering quantity data in the safety instrument system is communicated to the DCS through an MODBUS RTU protocol and then collected through an OPC data interface DA.
When any one of the state monitoring information exceeds a set range or generates a set action signal, determining that the state monitoring information meets the failure event condition.
Optionally, each two-ampere fusion meter loop includes: the system comprises a sensing unit, a logic control unit and an execution unit;
the calculating of the average failure probability of the two-safety fusion instrument loop comprises the following steps:
calculating the average failure probability of the sensing unit, the average failure probability of the logic control unit and the average failure probability of the execution unit of the two-safety fusion instrument loop; and summing the average failure probability of the sensing unit, the average failure probability of the logic control unit and the average failure probability of the execution unit to obtain the average failure probability of the two-safety fusion instrument loop.
The formula for the average failure probability is: PFD SYS =PFD S +PFD L +PFDP E (ii) a Wherein: PFD SYS The failure probability of the functional circuit of the two safety fusion instruments is averaged; PFD S The average failure probability of a sensing unit of a functional loop of the two safety fusion instruments is appointed; PFD L The average failure probability of a logic control unit of a functional circuit of the two safety fusion instruments is appointed; PFDP E Is the average failure probability of the final execution unit of the function loop of the specified two-safety fusion instrument.
The sensing unit comprises a plurality of sensing execution elements, and the calculating of the average failure probability of the sensing unit comprises the following steps:
obtaining a first parameter set of the sensing unit, the first parameter set comprising the following parameters: dangerous failure rates of all sensing execution elements, voting modes of sensing units, detection test periods of the sensing units, average fault recovery time of all elements, common factor and detection test coverage rate of the sensing units;
and calculating all the parameters of the first parameter set by using an average failure probability calculation formula to obtain the average failure probability of the sensing unit.
The logic control unit comprises a plurality of logic control execution elements, and the calculating the average failure probability of the logic control unit comprises the following steps:
obtaining a second parameter set of the logic control unit, the second parameter set comprising the following parameters: dangerous failure rates of all logic control execution elements, voting modes of the logic control units, detection test periods of the logic control units, average fault recovery time of all elements, common factor and detection test coverage rate of the logic control units;
and calculating all the parameters of the second parameter set by using an average failure probability calculation formula to obtain the average failure probability of the logic control unit.
The execution unit comprises a plurality of execution elements, and the calculating the average failure probability of the execution unit comprises:
obtaining a third parameter set for the execution unit, the third parameter set comprising the following parameters: dangerous failure rates of all execution elements, voting modes of execution units, detection test periods of the execution units, mean recovery time of faults of all the elements, common factor and detection test coverage rate of the execution units;
and calculating all the parameters of the third parameter set by using an average failure probability calculation formula to obtain the average failure probability of the execution unit.
And determining the safety integrity level which can be reached by the two safety fusion instrument loops according to the average failure probability of the two safety fusion instrument loops, and specifically determining by using a corresponding table of the average failure probability and the safety integrity level.
And determining the loop structure constraint safety integrity level of the two safety fusion instrument loops corresponding to the state monitoring information, specifically determining the loop structure constraint safety integrity level according to the instrument types of the two safety fusion instrument loops, the safety failure scores of the two safety fusion instrument loops and the hardware fault margins of the two safety fusion instrument loops.
Specifically, the safety failure score of the two-safety fusion instrument loop is calculated by using the following formula:
SFF=(λ SDD )/(λ SD );
wherein λ is S Is a safety failure parameter of the two-safety fusion instrument loop; lambda [ alpha ] D Is a dangerous failure parameter of the two-safety fusion instrument loop; lambda [ alpha ] DD The parameters are detectable dangerous failure parameters of the two-safety fusion instrument loop; SFF is the safety failure score of a two-ampere fusion meter loop.
The hardware fault margin of the two-safety fusion instrument loop is calculated by using the following formula:
HTF=N-M;
wherein, the HTF is the hardware fault margin of the two-safety fusion instrument loop; n is the number of hardware redundancies of the two-ampere fusion instrument loop; m is the number of hardware votes for the two-ampere fusion meter loop.
And performing table lookup by using a loop structure constraint safety integrity level mapping table to determine the loop structure constraint safety integrity level according to the safety failure scores of the two safety fusion instrument loops and the hardware fault margin of the two safety fusion instrument loops. Specifically, the loop structure constraint safety integrity level of the two safety fusion instrument loops is determined according to the instrument types of the two safety fusion instrument loops, the safety failure scores of the two safety fusion instrument loops and the hardware fault margins of the two safety fusion instrument loops. The method comprises the steps of firstly determining the type of a loop structure constraint safety integrity level mapping table through the instrument types of each unit of a two-safety fusion instrument loop sensing unit, a logic control unit and an execution unit, then querying the corresponding mapping table through the safety failure scores of each unit of the two-safety fusion instrument loop and the hardware fault margins of each unit of the two-safety fusion instrument loop, determining the structure constraint safety integrity level of each unit, comparing the structure constraint safety integrity levels determined by the three units, and taking the lowest structure constraint safety integrity level as the loop structure constraint safety integrity level.
The safety integrity level required by the two safety fusion instrument loops corresponding to the state monitoring information is determined, and a protection layer analysis method is specifically used for analyzing the safety integrity level of the loop where the state monitoring information meeting the failure event condition is located; the relevant parameters include: the method comprises the steps of two-safety fusion instrument loop action initiation reason, initiation reason occurrence possibility, consequence severity level, initial risk, target risk, enabling condition and failure probability of the existing independent protective layer. .
Specifically, determining the cause and the cause occurrence possibility of the action of the two-safety fusion instrument loop; the consequence severity level comprises the severity levels of health and safety, environmental impact, social impact and property loss; based on the existing risk matrix and the determined outcome severity level, an initial risk and a target risk may be determined; the enabling condition and the action failure Probability (PFD) of each independent protective layer can be determined through the caused consequence; calculating the difference between the residual risk and the target risk, dividing the difference by the occurrence possibility of the triggering reason, the probability of the enabling condition and the action failure Probability (PFD) of each independent protection layer to obtain the failure probability of the two safety fusion instrument loops when the requirements are needed, and obtaining the required safety integrity level through the average failure probability and a safety integrity level table.
The invention provides a method for evaluating the loop state performance of a two-safety fusion instrument, which is characterized in that the loop state of the two-safety fusion instrument is monitored in real time, once the two-safety fusion instrument fails, the safety integrity level can be automatically evaluated, whether the safety integrity level meets the requirement or not is judged, the potential safety hazard caused by the failure of a two-safety fusion instrument system is reduced, and the problem that the loop performance of the two-safety fusion instrument cannot be evaluated in real time by the conventional method is solved.
Corresponding to the performance evaluation method of the two-safety fusion instrument, the embodiment further provides a performance evaluation system of the two-safety fusion instrument, where the performance evaluation system includes:
the acquisition module is used for acquiring state monitoring information of each two-ampere fusion instrument loop;
an evaluation module for, for each two-ampere fusion meter loop: judging whether the state monitoring information of the two safety fusion instrument loops meets the failure event condition, if so, determining the loop structure constraint safety integrity level of the two safety fusion instrument loops, calculating the average failure probability of the two safety fusion instrument loops and determining the safety integrity level which can be reached by the two safety fusion instrument loops;
and the verification output module is used for comparing the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be reached by the two safety fusion instrument loops with the safety integrity level required by the two safety fusion instrument loops respectively, and outputting corresponding feedback information according to the comparison result.
The invention also provides a machine-readable storage medium having stored thereon instructions for causing a machine to perform the above-described two-safety fusion meter performance evaluation method.
Those skilled in the art will appreciate that all or part of the steps in the method for implementing the above embodiments may be implemented by a program, which is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solution of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications are within the scope of the embodiments of the present invention. It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention will not be described separately for the various possible combinations.
In addition, any combination of the various embodiments of the present invention is also possible, and the same should be considered as disclosed in the embodiments of the present invention as long as it does not depart from the spirit of the embodiments of the present invention.

Claims (13)

1. A performance evaluation method for a two-safety fusion instrument comprises a plurality of two-safety fusion instrument loops and protection layers corresponding to the two-safety fusion instrument loops; characterized in that the evaluation method comprises:
for each two-ampere fusion instrument loop:
acquiring state monitoring information of the two-safety fusion instrument loop;
judging whether the state monitoring information of the two safety fusion instrument loops meets the failure event condition or not, and if so, determining the loop structure constraint safety integrity level of the two safety fusion instrument loops; determining the safety integrity level which can be reached by the two safety fusion instrument loops according to the average failure probability of the two safety fusion instrument loops;
and comparing the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be reached by the two safety fusion instrument loops with the safety integrity level required by the two safety fusion instrument loops respectively, and outputting corresponding feedback information according to the comparison result.
2. The evaluation method of claim 1, wherein each two-ampere fusion meter loop comprises: the system comprises a sensing unit, a logic control unit and an execution unit;
the step of determining the safety integrity level which can be achieved by the two-safety fusion instrument loop according to the average failure probability of the two-safety fusion instrument loop comprises the following steps:
calculating the average failure probability of the sensing unit, the average failure probability of the logic control unit and the average failure probability of the execution unit of the two-safety fusion instrument loop;
summing the average failure probability of the sensing unit, the average failure probability of the logic control unit and the average failure probability of the execution unit to obtain the average failure probability of the two-safety fusion instrument loop;
and determining the safety integrity level which can be achieved by the two safety fusion instrument loops by using the average failure probability and safety integrity level corresponding table of the two safety fusion instrument loops.
3. The evaluation method according to claim 2, wherein the sensing unit comprises a plurality of sensing actuators;
the calculating the average failure probability of the sensing unit comprises the following steps:
obtaining a first parameter set of the sensing unit, the first parameter set comprising the following parameters: the method comprises the following steps of (1) dangerous failure rates of all sensing executive components, voting modes of sensing units, detection test periods of the sensing units, average fault recovery time of all sensing executive components, common factor and detection test coverage rate of the sensing units;
and calculating all the parameters of the first parameter set by using an average failure probability calculation formula to obtain the average failure probability of the sensing unit.
4. The evaluation method of claim 2, wherein the logic control unit comprises a plurality of logic control execution elements, and wherein the calculating the average failure probability of the logic control unit comprises:
obtaining a second parameter set of the logic control unit, the second parameter set comprising the following parameters: dangerous failure rates of all logic control execution elements, voting modes of the logic control units, detection test periods of the logic control units, average fault recovery time of all the logic control execution elements, common factor and detection test coverage rate of the logic control units;
and calculating all the parameters of the second parameter set by using an average failure probability calculation formula to obtain the average failure probability of the logic control unit.
5. The evaluation method of claim 2, wherein the execution unit comprises a plurality of execution elements, and wherein calculating the average failure probability of the execution unit comprises:
obtaining a third parameter set for the execution unit, the third parameter set comprising the following parameters: the method comprises the following steps of dangerous failure rates of all execution elements, voting modes of execution units, detection test periods of the execution units, average fault recovery time of all the execution elements, common factor and detection test coverage rate of the execution units;
and calculating all the parameters of the third parameter set by using an average failure probability calculation formula to obtain the average failure probability of the execution unit.
6. The assessment method of claim 1, wherein said determining a loop structure constrained safety integrity level for a two-ampere meter loop comprises:
and determining the loop structure constraint safety integrity level of the two safety fusion instrument loops through the instrument types of the two safety fusion instrument loops, the safety failure scores of the two safety fusion instrument loops and the hardware fault margins of the two safety fusion instrument loops.
7. The evaluation method according to claim 6, wherein the safety failure score of the two-ampere fusion meter loop is calculated by using the following formula:
SFF=(λ SDD )/(λ SD );
wherein: lambda S Is a safety failure parameter of the two-safety fusion instrument loop; lambda [ alpha ] D Is a dangerous failure parameter of the two-safety fusion instrument loop; lambda [ alpha ] DD The parameters are detectable dangerous failure parameters of the two-safety fusion instrument loop; SFF is the safety failure score of a two-ampere fusion meter loop.
8. The evaluation method according to claim 6, wherein the hardware fault margin of the two-ampere fusion meter loop is calculated by using the following formula:
HTF=N-M;
wherein the HTF is the hardware fault margin of the two-safety fusion instrument loop; n is the number of hardware redundancies of the two-ampere fusion instrument loop; m is the number of hardware votes for the two-ampere fusion meter loop.
9. The evaluation method of claim 1, wherein determining the average probability of failure for the two-safety fusion meter loop demand comprises:
analyzing relevant parameters of a protective layer corresponding to two safety fusion instrument loops where state monitoring information meeting failure event conditions is located by using a protective layer analysis method to obtain the average failure probability of the two safety fusion instrument loops when required;
the relevant parameters include: the method comprises the steps of two safety fusion instrument loop action initiation reasons, initiation reason occurrence possibility consequence severity levels, initial risks, target risks, enabling conditions and failure probability of an existing independent protection layer.
10. The method of claim 1, wherein the safety integrity level of the two-safety fusion meter loop requirement is determined according to an average failure probability of the two-safety fusion meter loop requirement.
11. The method of claim 10, wherein the determining based on the average probability of failure for the two-safety fusion meter loop as required comprises:
and determining the safety integrity level of the two safety fusion instrument loop requirements by using the average failure probability and the safety integrity level corresponding table when the two safety fusion instrument loops are required.
12. A performance evaluation system for a two-safety fusion instrument comprises a plurality of two-safety fusion instrument loops and protection layers corresponding to the two-safety fusion instrument loops; characterized in that the evaluation system comprises:
the acquisition module is used for acquiring the state monitoring information of each two-ampere fusion instrument loop;
an evaluation module for, for each two-ampere fusion meter loop: judging whether the state monitoring information of the two safety fusion instrument loops meets the failure event condition, if so, determining the loop structure constraint safety integrity level of the two safety fusion instrument loops, and determining the safety integrity level which can be reached by the two safety fusion instrument loops according to the average failure probability of the two safety fusion instrument loops;
and the verification output module is used for comparing the loop structure constraint safety integrity level of the two safety fusion instrument loops and the safety integrity level which can be achieved by the two safety fusion instrument loops with the safety integrity level required by the two safety fusion instrument loops respectively, and outputting corresponding feedback information according to the comparison result.
13. A machine-readable storage medium having stored thereon instructions for causing a machine to perform the two-safety fusion meter performance assessment method of any one of claims 1-11.
CN202110955349.0A 2021-08-19 2021-08-19 Method and system for evaluating performance of two-safety fusion instrument Pending CN115935575A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110955349.0A CN115935575A (en) 2021-08-19 2021-08-19 Method and system for evaluating performance of two-safety fusion instrument

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110955349.0A CN115935575A (en) 2021-08-19 2021-08-19 Method and system for evaluating performance of two-safety fusion instrument

Publications (1)

Publication Number Publication Date
CN115935575A true CN115935575A (en) 2023-04-07

Family

ID=86696392

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110955349.0A Pending CN115935575A (en) 2021-08-19 2021-08-19 Method and system for evaluating performance of two-safety fusion instrument

Country Status (1)

Country Link
CN (1) CN115935575A (en)

Similar Documents

Publication Publication Date Title
US8099672B2 (en) System and method for continuous online safety and reliability monitoring
US8019570B2 (en) System and method for continuous online safety and reliability monitoring
KR100931136B1 (en) Digital reactor protection system and its driving method with tripled wp and cpu and initiation circuit structure of 2/3 logic
Alizadeh et al. Impact of common cause failure on reliability performance of redundant safety related systems subject to process demand
Catelani et al. Safety analysis in oil & gas industry in compliance with standards IEC61508 and IEC61511: Methods and applications
Lundteigen et al. Spurious activation of safety instrumented systems in the oil and gas industry: Basic concepts and formulas
Alizadeh et al. Reliability modelling of redundant safety systems without automatic diagnostics incorporating common cause failures and process demand
US9280516B2 (en) Method and system to validate wired sensors
CN108711459B (en) Diversified protection device for fast reactor
Julius et al. A procedure for the analysis of errors of commission in a probabilistic safety assessment of a nuclear power plant at full power
KR101469179B1 (en) System for diagnosing communication error of nuclear power plant simmulator
CN110210722A (en) A kind of development approach of nuclear power plant system supervision scheme
Park et al. A systematic framework to investigate the coverage of abnormal operating procedures in nuclear power plants
CN115935575A (en) Method and system for evaluating performance of two-safety fusion instrument
Stauffer Making the most of alarms as a layer of protection
KR101693081B1 (en) System and method for tracking plant trip cause using data link between plant gateway system and single point vulnerability monitor in CANDU Type NPPs
Guohua et al. Research on Fault Diagnosis Based on Hierarchical Signed Directed Graph for Nuclear Power Plants
Kosmowski Problems in designing and operating functional safety solutions of higher integrity levels
KR102594239B1 (en) Apparatus for judging common errors and the method for judging common errors
Vásquez-Capacho et al. An additional layer of protection through superalarms with diagnosis capability
CN117933714A (en) Risk evaluation method and system based on SIS safety integrated parameter on-line analysis
CN116307719A (en) Detection method and device of safety instrument system
Larsson et al. New solutions for alarm problems
Lupton et al. Improving CANDU annunciation-Current R and D and future directions
CN115714359A (en) Relay protection state informing method based on self-checking factor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination