面向现场总线安全仪表系统的可靠性评估方法研究
文献类型:学位论文
| 作者 | 丁龙 |
| 学位类别 | 博士 |
| 答辩日期 | 2017-11-30 |
| 授予单位 | 中国科学院沈阳自动化研究所 |
| 授予地点 | 沈阳 |
| 导师 | 王宏 |
| 关键词 | 安全仪表系统,可靠性评估,一致性冗余,差异化冗余,功能安全现场总线 |
| 其他题名 | Research on Reliability Evaluation Methods for Fieldbus based Safety Instrumented System |
| 学位专业 | 控制理论与控制工程 |
| 中文摘要 | 基于现场总线的安全仪表系统在运行中主要有三个方面的失效:系统性失效、随机硬件失效和安全通信失效。为了避免失效不可控,在安全仪表系统的开发中会采用各种安全相关的措施避免或控制失效,并对安全仪表系统的可靠性进行评估预测以验证设计。本论文从随机硬件失效和安全通信失效两个方面着手,对硬件可靠性评估和现场总线通信可靠性评估进行研究,提出适用的可靠性评估方法。首先,研究了安全仪表系统一致性冗余硬件的可靠性评估方法。根据硬件可靠性评估的过程,利用系统降级的思想,创新性地结合RBD和系统降级引起的系统状态转移,提出了基于系统降级的可靠性评估方法。针对目前常用的安全仪表系统架构,进一步分析了不同架构的降级过程RBD和可靠性评估过程,并推导出直接可用的可靠性度量计算公式。基于系统降级的可靠性评估方法准确性验证结果证明该方法具有合理的准确度,并且应用复杂度很小。基于系统降级的可靠性评估方法可以方便地应用于安全仪表系统的硬件可靠性评估过程,简化工程实践应用。其次,研究了安全仪表系统差异化冗余硬件的可靠性评估方法。差异化冗余是一致性冗余的一般化,更具有普遍性和研究意义。把基于系统降级的可靠性评估方法进一步扩展到差异化冗余硬件,并提出评估任意MooN表决架构和MooND表决架构的可靠性的两组通用公式。因为差异化冗余是一致性冗余的一般化,所以这两组通用公式也适用于一致性冗余硬件。基于系统降级的可靠性评估方法准确性验证结果证明该方法具有合理的准确度,基于系统降级的评估方法和FRANTIC以及FTA计算结果差别很小,并且应用复杂度很小。可以方便地应用于安全仪表系统的硬件可靠性评估过程,简化工程实践应用。再次,研究了功能安全现场总线通信可靠性的评估方法。针对现有评估方法存在的缺陷以及以偏概全的问题,基于基本的安全通信报文结构,提出了扩展的基于报文结构的可靠性评估方法。在CRC校验结果正确的情况下,进一步研究了报文中各安全控制字段在比较/判断校验后的残余错误概率,以得到更全面、准确的可靠性评估方法。基于报文结构的可靠性评估方法准确性验证结果证明了CRC检错范围以外的残余错误,尤其是插入/伪装错误,可能对安全通信可靠性的量化有很大的影响,必需给予认真考虑。另外,也和现有评估方法做了对比,结果也表明,本文提出的基于报文结构的可靠性评估方法更全面、更合理,可以更准确地评估功能安全现场总线通信的可靠性。 最后,将基于系统降级的硬件可靠性评估方法和基于报文结构的安全通信可靠性评估方法应用在863课题《安全PLC关键技术研究与装置开发及应用》中,对安全PLC的硬件设计和总线通信设计可靠性进行评估验证,并根据评估结果指导、修改相关的设计,使安全PLC能够达到需求的安全完整性等级。 |
| 英文摘要 | In operation, fieldbus based SIS has three main types of failures: systematic failures, random hardware failures and safety communication failures. To avoid uncontrollable failures, various safety related measures are adopted in development of SIS to prevent or control failures, and evaluate reliability of SIS to verify design. This dissertation focuses on random hardware failures and safety communication failures to study reliability evaluation methods for hardware and fieldbus communication of SIS, and propose practicable reliability evaluation methods for SIS. Firstly, research on reliability evaluation method for hardware using identical redundancy of SIS. According to hardware reliability evaluation procedure, a system degradation based reliability evaluation method is proposed innovatively by combining RBD and system state transition due to system degradation. For commonly used architectures, usable equations for reliability quantification are derived based on system degradation. Results of accuracy verification turn out that this system degradation based reliability evaluation method has reasonable accuracy. Meanwhile, this system degradation based method can be applied easily to hardware reliability evaluation of safety instrumented system, and simplify reliability evaluation of engineering practice. Secondly, research on reliability evaluation method for hardware using diverse redundancy of SIS. Since diverse redundancy is generalization of identical redundancy, therefore, diverse redundancy is more universal and of research significance. The system degradation based method is extended to hardware using diverse redundancy further, and two sets of general equation are proposed to any MooN architecture and MooND architecture separately. Since diverse redundancy is generalization of identical redundancy, the two sets of general equation apply to identical redundancy also. Results of accuracy verification turn out that this system degradation based reliability evaluation method has reasonable accuracy. This system degradation based method can be applied easily to hardware reliability evaluation of safety instrumented system, and simplify reliability evaluation of engineering practice. Thirdly, research on reliability evaluation method for functional safety fieldbus communication of SIS. To solve the flaw of present reliability evaluation method and overgeneralization problem, an extended method based on message structure is proposed. Residual error probabilities of safety measures are studied to obtain a more comprehensive and reasonable reliability evaluation method, under the condition that CRC of safety message is right. Results of accuracy verification turn out that those residual error beyond CRC error detection coverage, especially insertion/masquerade errors may have a great influence on reliability evaluation of safety communications, and they should be treated seriously. Compared with present evaluation method, the structure based evaluation method is more comprehensive and reasonable, and it could evaluate reliability of functional safety fieldbus communication more accurately. Finally, system degradation based reliability evaluation methods for hardware and message structure based reliability evaluation method for safety fieldbus communication are applied to designs of safety PLC designed by 863 project, it playes a role of reliability verification, and modification guidance for detailed designs, with the aim to fulfill required safety integrity level. |
| 语种 | 中文 |
| 产权排序 | 1 |
| 页码 | 111页 |
| 源URL | [http://ir.sia.cn/handle/173321/21268]  |
| 专题 | 沈阳自动化研究所_其他 |
| 推荐引用方式 GB/T 7714 | 丁龙. 面向现场总线安全仪表系统的可靠性评估方法研究[D]. 沈阳. 中国科学院沈阳自动化研究所. 2017. |
入库方式: OAI收割
来源:沈阳自动化研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。