No recent searches

  • to select
  • to navigate
  • to close

NEWS CENTER

Company News
Company Honor
Industry Technology
NEWS CENTER/Industry Technology/Design and reliability analysis of functional safe temperature transmitter

Design and reliability analysis of functional safe temperature transmitter

0 Introduction

With the continuous improvement of our economic level, industrial production field pays more and more attention to production safety. The importance of safe temperature transmission equipment has gradually come into people's vision, and it needs to be tested regularly to ensure its safe operation and high working efficiency.

Function analysis of functional safety temperature transmitter

In production practice, the specific meaning of functional safety is to diagnose whether it can effectively perform safety functions. This is often influenced by the accurate functioning of external risk mitigation facilities and security-related systems. Implement reasonable mitigation measures for external risks and security-related systems to reduce certain risks in the facility coverage area to a specified acceptable range. So as to effectively ensure the normal and safe operation of the temperature transmitter. The safety function of temperature transmitter mainly includes two aspects.

(1) The monitoring temperature is consistent with the actual output temperature of the communication module. The temperature measuring function of the transmitter is performed effectively and there is no failure phenomenon.

(2) If the failure phenomenon is diagnosed during the temperature measurement of the transmitter, the alarm will be generated and output immediately.

Self-diagnosis and failure mode, as the two most important factors, have an extremely important impact on the safety function of temperature transmitter. Temperature transmitter has self-diagnosis function, when it is in running state, can effectively diagnose its own working state. When the temperature transmitter failure, failure, it will issue a warning, timely reduce the risk, convenient for the staff to find and repair the fault. The temperature transmitter has the ability to automatically detect its own failure, which is defined as diagnostic coverage. When the diagnosis coverage rate is low, the safety integrity and safety function requirements cannot be met. They need to modify their software and hardware designs until their diagnostic coverage is up to scratch and their safety can be guaranteed. The failure mode of temperature transmitter mainly consists of three parts: safe failure, dangerous failure and no influence failure. When the temperature transmitter fails during operation, the staff need to conduct failure analysis on the transmitter, so as to determine whether the failure mode of a single component affects the operation status of the whole temperature transmitter.

2. Functional safety temperature transmitter design scheme

2.1 System Design

Temperature transmitter adopts 1-out-of-1 diagnosis system structure, referred to as 1oo1D system structure. Two relatively independent channels, the diagnostic channel and the data acquisition channel, are designed to avoid redundancy. Safety temperature transmitter mainly includes data information acquisition, as well as output and communication. During the operation of temperature transmitter, temperature data acquisition is mainly completed by data acquisition part. After the data collection is completed, it will be sorted out, calculated, and sent to the communication section through the serial port as the medium. The calculation, communication and analog output of temperature data are completed by the output communication part. The perfect cooperation between data collection part, output part and communication part can realize all functions of the safety transmitter and ensure its safe and efficient operation. The safe temperature transmitter consists of a lower module.

(1) A/D module. The main function is to collect analog quantity.

(2) D/A module. The main content is the analog output of the final current.

(3) Microcontroller. The main function is to handle the security function and data acquisition function of the data.

(4) Communication module, namely serial port communication (UART) module. The main function is to exchange A/D data acquisition part and D/A data output and communication part.

(5) Diagnostic circuit. The main function is to diagnose the safety and effectiveness of each component of the temperature transmitter.

After the temperature transmitter is powered on, its microcontroller should first be diagnosed to enable it to perform self-checking function. After self-check, diagnose other modules in sequence. The sequence from front to back is sensor module, A/D module, D/A module, and signal output module. In the process of self-diagnosis, the temperature transmitter diagnoses its own risk, and immediately generates alarm indication, and sends alarm signal, according to which the controller finds the failure situation. When the temperature transmitter has no error and runs safely and stably, the transmitter can begin to collect data effectively. In addition, combined with HARA bus analysis, this process can complete signal transmission through D/A transformation form.

2.2 Diagnosis Methods

The two microcontrollers of the safety temperature transmitter have communication function and data acquisition function respectively. According to this characteristic, the data comparison method, as a common method of redundant structure, is introduced into the temperature transmitter, which can effectively improve the security and reliability of data acquisition and transmission. At the same time, the other modules of the temperature transmitter also need to be diagnosed regularly, in order to provide a strong guarantee for the safety of the temperature transmitter. The main diagnosis contents are as follows

(1) Diagnosis of A/D module. In the process of A/D module diagnosis, the microcontroller will generate A system set value, which will be recovered by D/A module after discretization procedure. Compare the recovery value with the set value. If the two are the same, it is considered that the A/D module runs normally. If the two are different, it is judged that failure has occurred.

(2) Diagnosis of D/A module. As with the A/D diagnostic method, the set value and recovery value are also compared. If A failure is detected, D/A outputs an alarm current on the current loop. At the same time, D/A module also has other functions, such as communication timing function and monitoring loop current function. When the communication between the D/A module and the microcontroller module exceeds, or the loop current exceeds the specified range, an alarm will be generated.

(3) Diagnosis of microcontroller. The temperature transmitter is composed of two microcontrollers. While completing their respective functions, the two microcontrollers can also perform data comparison to indirectly diagnose whether the CPU and data acquisition channel as a whole have failure. The work of the temperature transmitter is to obtain the temperature signal from the temperature sensor, and then through A/D acquisition, the two microcontrollers of the transmitter will start to calculate the original temperature data, and then compare whether the calculation results are the same. If the calculation results are different, the alarm current will be output. If the calculation results are the same, the calculation results will be output through the communication module.

3 Reliability analysis of functional safety temperature transmitter

In the development process of safety temperature transmitter, safety integrity level (SIL) refers to the probability of correct execution of safety function under certain conditions. It is a part of the overall design and is used to measure whether the safety performance of the whole temperature transmitter meets the standard. Its value represents the order of magnitude of the risk reduction of the transmitter. In the process of development and design, some safety measures should be introduced into the safety transmitter, such as diagnostic methods, so as to reduce some potential risks and improve the diagnostic coverage rate. Ensure that the temperature safety transmitter parts and the whole can meet the requirements, to achieve a certain level of safety integrity. Safety integrity is an important index to evaluate safety function of safe temperature transmitter. At the same time, the reliability of the safe temperature transmitter can also be analyzed by some statistical indicators, such as aging efficiency (PFD) and mean barrier free time. In addition, the safety integrity level is also affected by the safety failure score (SFF). To sum up, the reliability evaluation of safety functions needs to be completed with the help of some data indexes.

First, there is the Markov model. This model evaluates the security of a system by analyzing its transitions in different states. This model can provide accurate diagnostic evaluation results for both simple and complex models when the system is in different security states. In this paper, the safe temperature transmitter adopts 1oo1D system structure, which can change the diagnosed dangerous failure into safe failure when performing the diagnostic function. In the Markov model, safety failure and dangerous failure modes are considered, and the repair rate of the transmitter can reach constant, and the transmitter can still run normally after restarting. The modeling assumptions are described in detail in IEC 61508-6. In the 1oo1D architecture adopted by the safe temperature transmitter, Markov transfer process contains three states.

(1) OK (0) indicates the normal condition under the initial condition.

(2) FS (1) state, indicating security failure.

(3) FDU (2) indicates that there is a dangerous failure condition that has not been detected. When the data acquisition channel fails, the state of the transmitter will be changed from 0 to 1, indicating that the dangerous failure is transformed into a safe failure. When the transmission restarts to operate normally, its state will change from 1 to 0. If failure is not detected, the status changes from 0 to 2.

Second, security integrity assessment. Failure mode and diagnostic analysis (FMEDA) of temperature transmitter has important influence on diagnostic coverage and failure rate. Failure mode impact and diagnostic analysis can be used to analyze the diagnostic capability of equipment and different failure modes. It needs two main pieces of information. On the one hand, the failure data of the parts of the transmitter are required, including the failure mode distribution and failure rate. On the other hand, diagnostics are needed to obtain internal failure capability information. When failure mode effects and diagnosis analysis are more detailed, relatively accurate analysis of failure mode and diagnosis coverage can be provided. Only by reporting these information, can the failure mode and failure efficiency of temperature transmitter be reasonably evaluated. By collating and analyzing these information data, safety assessment parameters, such as safety failure score and diagnosis coverage rate, can be accurately calculated based on it, and then safety evaluation can be carried out.

Through the failure mode and diagnostic analysis, it is understood whether the safe failure, dangerous failure and no impact failure mode of the temperature transmitter have different effects on the whole temperature transmitter, and then the proportion between the safe failure and the dangerous failure, as well as the failure efficiency value under different failure modes are derived. For some complex devices, IEC 61508-2 lists diagnostic coverage in a number of cases. Among them, it is emphasized that for some complex components, the failure mode must be taken into full consideration when calculating the diagnostic coverage rate.

The safety integrity of temperature transmitter is judged by the safety integrity grade table of operating mode under relatively low requirements. It is proved that the temperature converter of the diagnostic scheme described in this study is reliable. At the same time, through failure mode and diagnosis, the influence of each mode on the temperature converter is analyzed, which improves the effectiveness of Markov model and gives full play to its application advantages to meet the needs of society and related enterprises.

4 Conclusion

In this study, the safe temperature transmitter adopts 1oo1D system architecture, which is mainly composed of two micro-control terminals. It can effectively introduce the data comparative analysis mode into the variable speed equipment. At the same time, the analysis and diagnosis of each module is beneficial to ensure the reliability of the safe temperature transmitter.

Reference literature

[1] Wang Yuhan. Design and Reliability analysis of Functional Safety Temperature Transmitter [J]. Chemical Industry Management, 2017 (19) : 41. (in Chinese)

[2] Yu Wei, Xie Yalian. Design and Reliability Analysis of Functionally Safe Liquid Level Transmitter [J]. Electronics Science and Technology, 2017,30 (6) : 118-121.

[3] Xu Yuping, Xiao Jixue, Li Haijun, et al. Design of Test System for Power Cable Power Transmission Experiment Platform [J]. China Test & Measurement, 2016,42 (8) : 88-92.

[4] Zhou Ya, Xu Aidong, Bai Zhanyuan, et al. Design and Reliability Analysis of Functional Safety Temperature Transmitter [J]. Automatic Instrumentation, 2013,34 (6) : 70-73.

[5] Sun Wei, Jiang Guojin, Tian Yajie, et al. Analysis and Reliability Calculation of Containment Spray Signal Instrument Control Scheme Based on Probability Theory Technology [J]. Nuclear Science and Engineering, 2012,32 (S2) : 145-151.

  
Site Map / Disclaimer / Privacy Policy
Copyright @banning 2024. All rights reserved.