IEC61508功能安全标准在电厂安全系统设计中的研究与应用
摘要
安全一直以来是电力工业生产过程中的一个重大问题,长期受到关注,随着工业控制在电力工业生产中的作用愈发重要,安全也就成为工业控制中的关键。工业生产中传统的安全保护措施指的是保护在危险生产区域的工作人员免受伤害或死亡。然而今天,安全解决措施己经不仅仅是保证人身安全,生产厂商不断提升生产装置的运行性能,以便实现安全和效率的统一。为了实现“安全工业”理想,越来越多的安全相关系统(包括自动控制系统和自动保护系统)用在不同领域,保护人员免受伤害,保证了机械、整套装置甚至整个工厂自动正常、安全地运转。但安全相关系统的产业化应用,遇到了系统功能安全难以确定这个最大的阻力。而安全系统自身的功能安全以及在执行安全功能时的可靠性问题便成为各行业安全系统研究的主要方向。
本论文从探讨安全的定义和目标出发,引出了对安全系统的研究。系统地介绍了安全系统的主要作用和研究应用的现状与发展趋势,概括了安全系统目前国内外的研究情况;研究了基于E/E/PE(电子/电气/可编程电子)的安全系统的通用设计方法,包括风险分析、风险分配、安全等级确定的方法和系统结构配置、安全逻辑设计、控制回路设计的规则;针对安全系统设计过程中所面临的主要问题进行研究,建立了功能安全模型和MooN冗余可靠性分析模型,推导了安全完整性等级和冗余结构可靠度的计算公式;提出了电厂安全系统的设计方案;结合同济医院分布式功能站项目,设计开发了安全系统。根据控制系统安全完整性等级SIL,设计了高SIL级别的控制系统体系结构及控制策略,从而提高了机组安全性可靠性。最后,对以上一系列的研究工作进行了总结,并对未来的工作进行了展望。
本文主要完成了以下几方面的工作:
1.介绍了安全相关系统的特点以及目前安全系统的最新技术,结合功能安全基础标准IEC61508,引出了安全性与可靠性对安全系统的重要性,概括地介绍了安全系统目前国内外的研究情况。
2.介绍了安全功能标准IEC 61508的概念和内容,引出了安全系统可靠性和安全性的指标。针对提高可靠性和有效度的方法,描述了在安全系统中,大量应用的各种冗余结构,包括工作冗余、后备冗余、表决系统、后退冗余及多级操作冗余等,由此保证了系统的安全等级达到SIL3水平和有效性度到99.9%。最后通过对安全要求最高的部分FSSS系统应用的描述,完善了安全系统的安全性和可靠性的设计提高了安全性可靠性。
3.针对工程实际情况和安全系统本身各项性能的要求,设计了安全系统,并描述了为提高各功能的可靠性而使用的实现方法。
4.针对安全系统设计过程中所面临的主要问题进行研究,建立了MooN冗余可靠性分析模型,推导了通信安全完整性等级和冗余结构可靠度的计算公式,并针对实际设计的安全系统进行了计算。
Safety has always been one of the vital considerations in electric power industry, As industrial control plays an important role in electric power industry,‘safety’has definitely become the key of it. Conventional industrial safety measures focus on protecting the staff working in dangerous areas from getting injured or losing life. While today, in order to unify safety and efficiency, safety measures include not only life-protection but also equipment functional enhancement. For the realization of‘Safe Industry’, more and more safety-related systems (including Automatic Control System and Automatic Protection System) are used in different areas. They protect the staff from harm, ensure that the machinery, equipment set and even the entire plant operate automatically, normally and safely. While the industrialization of safety-related systems encounters a biggest obstacle, that is, the systems’own functional safety- uncertainness. Therefore, functional insurance and functional reliability of safety systems have become the main direction for safety system research in industries.
This paper begins from a discussion on definition of safety, and leads to the research on safety systems. It is a systematical introduction of the main function, application and trend of safety system. It summarizes current safety system researches, carries on a study of common design methods based on E/E/PE (electrical/electronic/programmable) safety-related system, including measures of risk analysis, risk allocation, safety grading and rules of system structural arrangement, safety logic design and control loop design. It studies the main problems of safety system design, develops models for functional safety communication and MooN redundant reliability analysis, deduces formula of safety communication integrity grading and redundant structure reliability, puts forward safety system design of power plant. In the conclusion of the paper, there is a summarization of the series researches mentioned above, and also anticipation for the future.
Work as following are completed:
1. Technical specification of safety system is introduced, as well as top fresh technology of it up to now. With the publish of standard IEC61508, importance of safety and reliability of safety system is pushed out. Requirements on safety system and research progress are introduced.
2. Concept and content of Safety Function Standard IEC 61508 is introduced, Regard with the methods of increasing Reliability and Availability, plenty of redundant structure are applied in safety system design, including Woring Redundancy, Backup Redundancy, Vote System, Retreat Redundancy and Multi-level Operating Redundant. These measures ensure the Safety Integrity Levels up to SIL3 and Availability up to 99.9% of the whole system. By description of application of FSSS system, design of Safety system is completed and perfect.
3. Consider the practical engineering requirements of project and safety system performance, safety system design is completed, the detail configuration is described, including the strategy to realize the functional reliability.
4. Deeply dig the problem met in the safety system design, modeling for redundancy reliability analysis, figure out the formula to calculate safety integrity level and redundancy structure reliability and finally complete the calculation for the practical safety system.
本论文从探讨安全的定义和目标出发,引出了对安全系统的研究。系统地介绍了安全系统的主要作用和研究应用的现状与发展趋势,概括了安全系统目前国内外的研究情况;研究了基于E/E/PE(电子/电气/可编程电子)的安全系统的通用设计方法,包括风险分析、风险分配、安全等级确定的方法和系统结构配置、安全逻辑设计、控制回路设计的规则;针对安全系统设计过程中所面临的主要问题进行研究,建立了功能安全模型和MooN冗余可靠性分析模型,推导了安全完整性等级和冗余结构可靠度的计算公式;提出了电厂安全系统的设计方案;结合同济医院分布式功能站项目,设计开发了安全系统。根据控制系统安全完整性等级SIL,设计了高SIL级别的控制系统体系结构及控制策略,从而提高了机组安全性可靠性。最后,对以上一系列的研究工作进行了总结,并对未来的工作进行了展望。
本文主要完成了以下几方面的工作:
1.介绍了安全相关系统的特点以及目前安全系统的最新技术,结合功能安全基础标准IEC61508,引出了安全性与可靠性对安全系统的重要性,概括地介绍了安全系统目前国内外的研究情况。
2.介绍了安全功能标准IEC 61508的概念和内容,引出了安全系统可靠性和安全性的指标。针对提高可靠性和有效度的方法,描述了在安全系统中,大量应用的各种冗余结构,包括工作冗余、后备冗余、表决系统、后退冗余及多级操作冗余等,由此保证了系统的安全等级达到SIL3水平和有效性度到99.9%。最后通过对安全要求最高的部分FSSS系统应用的描述,完善了安全系统的安全性和可靠性的设计提高了安全性可靠性。
3.针对工程实际情况和安全系统本身各项性能的要求,设计了安全系统,并描述了为提高各功能的可靠性而使用的实现方法。
4.针对安全系统设计过程中所面临的主要问题进行研究,建立了MooN冗余可靠性分析模型,推导了通信安全完整性等级和冗余结构可靠度的计算公式,并针对实际设计的安全系统进行了计算。
Safety has always been one of the vital considerations in electric power industry, As industrial control plays an important role in electric power industry,‘safety’has definitely become the key of it. Conventional industrial safety measures focus on protecting the staff working in dangerous areas from getting injured or losing life. While today, in order to unify safety and efficiency, safety measures include not only life-protection but also equipment functional enhancement. For the realization of‘Safe Industry’, more and more safety-related systems (including Automatic Control System and Automatic Protection System) are used in different areas. They protect the staff from harm, ensure that the machinery, equipment set and even the entire plant operate automatically, normally and safely. While the industrialization of safety-related systems encounters a biggest obstacle, that is, the systems’own functional safety- uncertainness. Therefore, functional insurance and functional reliability of safety systems have become the main direction for safety system research in industries.
This paper begins from a discussion on definition of safety, and leads to the research on safety systems. It is a systematical introduction of the main function, application and trend of safety system. It summarizes current safety system researches, carries on a study of common design methods based on E/E/PE (electrical/electronic/programmable) safety-related system, including measures of risk analysis, risk allocation, safety grading and rules of system structural arrangement, safety logic design and control loop design. It studies the main problems of safety system design, develops models for functional safety communication and MooN redundant reliability analysis, deduces formula of safety communication integrity grading and redundant structure reliability, puts forward safety system design of power plant. In the conclusion of the paper, there is a summarization of the series researches mentioned above, and also anticipation for the future.
Work as following are completed:
1. Technical specification of safety system is introduced, as well as top fresh technology of it up to now. With the publish of standard IEC61508, importance of safety and reliability of safety system is pushed out. Requirements on safety system and research progress are introduced.
2. Concept and content of Safety Function Standard IEC 61508 is introduced, Regard with the methods of increasing Reliability and Availability, plenty of redundant structure are applied in safety system design, including Woring Redundancy, Backup Redundancy, Vote System, Retreat Redundancy and Multi-level Operating Redundant. These measures ensure the Safety Integrity Levels up to SIL3 and Availability up to 99.9% of the whole system. By description of application of FSSS system, design of Safety system is completed and perfect.
3. Consider the practical engineering requirements of project and safety system performance, safety system design is completed, the detail configuration is described, including the strategy to realize the functional reliability.
4. Deeply dig the problem met in the safety system design, modeling for redundancy reliability analysis, figure out the formula to calculate safety integrity level and redundancy structure reliability and finally complete the calculation for the practical safety system.
引文
[1]史学玲.功能安全标准的历史过程与发展趋势.仪器仪表标准化与计量. 2006(2): 15-16
[2]冯晓升. IEC61508电器的/电子的/可编程电子安全一相关系统的功能安全简介.仪器仪表标准化与计量. 2000(5):3-4
[3]吴重光,张贝克,马昕.过程工业安全设计的防护层分析(LOPA).自动化仪表. 2007(4): 17
[4]李佳嘉.贯穿于全生命周期的功能安全.自动化仪表. 2006, 27(5): 24-25
[5]燕飞,唐涛. IEC61508及其在铁路安全相关系统研制开发中的应用研究.铁道学报. 2005, 27(3): 18-20
[6]李佳玉,员春欣. IEC61508功能安全国际标及安全性分析.中国铁路. 2001(1): 14
[7]赵大伟,田小芳,谭永东. EN50129及其在铁路安全相关系统中的应用研究.中国安全科学学报. 2007(10): 15
[8]胡再新,周裕宏.电厂热工保护系统的完善.中国电力. 2003, 19(2): 25
[9]金妮,徐皑冬,刘明哲. E/E/PE安全相关系统的软件安全浅析.仪器仪表学报. 2008(3): 8
[10]黄世强.风险控制与核电安全.中国电力. 2007, 38(5): 9-11
[11]程平东.核电厂设计分析的管理要求.核安全. 2005(1): 19-20
[12]郭海涛,阳宪惠.安全系统定量可靠性评估的Markov模型.清华大学学报. 2008, 48(1): 15-17
[13]刘建侯.仪表型安全系统功能安全评估的应用研究.自动化仪表. 2006,27(Z1): 15-17
[14]尚柏鑫.石油化工装置安全仪表系统设计探讨.仪器仪表标准化与计量. 2005, 25(2): 11-13
[15]薛吉力,王律明.燃机发电机组监控保护系统设计.燃气轮机技术. 2008, 21(1): 14-16
[16] Koichi Suyama, Koto-ku. Japan Safety integrity analysis framework for a controller according to IEC 61508. 2008:2-3
[17] P. Rubel Oak Ridge National Laboratory Oak Ridge, Tennessee. SAFETY SYSTEMS DESIGN AND CRITERIA EVOLVE TOGETHER: LESSONS FROM THE HFIR. 2008(2): 16-18
[18] W F Bates. Health And Safety Executive. SAFETY-RELATED SYSTEM DESIGN IN POWER SYSTEM CONTROL AND MANAGEMENT. 2008(5): 2-3
[19] Riccardo Mariani, Gabriele Boschi, Federico Colucci. Using aninnovative SoC-level FMEA methodology to design in compliance with IEC61508.2008(2):15-17
[20] Riccardo Mariani, Gabriele Boschi, Federico Colucci. Using an innovative SoC-level FMEA methodology to design in compliance with IEC61508. Design, Automation & Test in Europe Conference & Exhibition. 2007(3):1-6
[21] Sammarco, J. J, Programmable. Electronic and Hardwired Emergency Shutdown Systems: A Quantified Safety Analysis.Industry Applications. 2007(5):1061-1068
[22] Alberto Elia, Luca Ferrarini. Analysis of Ethernet-based safe automation networks according to IEC 61508. 2008(6):65-67
[23]冯晓升. IEC61508电器的/电子的/可编程电子安全一相关系统的功能安全简介.仪器仪表标准化与计量. 2000(7): 34
[24]孙玮,马维迁,陈国运.大型循环流化床锅炉机组控制的研究.化工自动化及仪表. 2005 32(4): 32-34
[25]汪冬.大中型客车的安全性设计现状及发展.商用汽车. 2005(10): 23-25
[26]王彤,罗俏,王笑丹.动力设备环境综合监控系统的设计与实现.信息技术. 2005,26(3): 20-22
[27]廖波.二滩水力发电厂计算机监控系统完善升级浅析.电厂监控与闸门控制. 2007(6): 16
[28] Josef B?rcs?k1. 21 Computer Architecture and System Programming. 2008(3): 62-65
[29] Koichi SUYAMA, Koto-ku. Japan Functional safety analysis of reliable control systems using decision by majority. 2008 (6): 27
[30]施泉生.灰色层次分析法在中小型电厂安全性评价中的应用.中国安全科学学报. 2005(4): 32-35
[31]张涛,薛鹏骞,蒋静坪.基于CAN总线的煤矿安全监测监控系统的设计.煤炭科学技术. 2007, 35(6): 25
[32]王春喜,欧阳劲松.系统功能安全测试技术研究.自动化仪表. 2006(3): 18
[33]郭海涛,阳宪惠.安全系统的安全完整性水平及其选择.化工自动化及仪表. 2006 33(2): 19-21
[34] S. Purewal Health & Safety Executive (HSE) , UK M.A. Waldron Energy Networks Association (ENA). UK FUNCTIONAL SAFETY IN APPLICATION OF PROGRAMMABLE DEVICES IN POWER SYSTEM PROTECTION AND AUTOMATION. 2008(10): 72-75
[35]张斌,阳宪惠.安全仪表系统中参数满足某分布区间时的SIL评估方法.化工自动化仪表. 2008, 35(5): 21-23
[36]张志刚,余齐杰,安全仪表系统的设计.炼油技术与工程. 2005,35(5): 10-13
[37]万健如,李增昌,陈秀丽.电厂锅炉主联锁控制系统设计与应用.机械与电子.2004(3):15-17
[38]杜学军,林融.安全仪表系统切断阀的在线测试.石油化工自动化, 2002(6): 92-95
[39] Wolfgang A. Halang Chair of Real Time Systems Faculty of Electrical and Computer Engineering FernUniversit¨at 58084 Hagen, Germany Automated Control Systems for the Safety Integrity Levels 3 and 4. 2008(3): 2
[40] P H Jesty, D D Wardt, R S Rivett and R J Evans. UKSAFETY ANALYSIS OF PROGRAMMABLE AUTOMOTIVE SYSTEMS. 2008(5): 2
[41] Thomas D. Barkand, Senior Member, IEEESafe Electrical Design of Mine Elevator Control Systems. 2008(6): 2
[42] Jan A.M. Wiegerinck Senior Consultant Instrumentation and Plant Automation Shell Global Solutions, The Hague, Netherlands Introduction to the Risk based design of Safety Instrumented Systems for the process industry. 2008(9): 2-5
[43] Hickling, E.M.; King, A.G.; Bell, R, Human factors in electrical. electronic and programmable electronic safety-related. 2006: 7
[44] 1 P H Jesty, D D Wardt, R S Rivett and R J Evans. safety analysis of programmable automotive systems. System Safety. 2006 (5):136 - 145
[45] Elia, A. Ferrarini, L.Veber, C, Analysis of Ethernet-based safe automation networks according to IEC 61508, Emerging Technologies and Factory Automation. 2006(11):333-340
[46] Koichi Suyama, Koto-ku, Japan Controller design using safety performance index according toIEC 61508. 2008: page 2
[47]陈树泉,唐涛等. 2乘2取2安全计算机关键算法的设计与实现.计算机安全. 2008(3):12-14
[48] T. Novak, Member, T. Tamandl. IEEE Architecture of a Safe Node for a Fieldbus System. 2008(3):2
[49]王猛,宁滨,马连川.基于COTS的安全计算机系统.铁道通信信号. 2007(3):32-33
[50]黄文君,于浩洋,敖春波.核电站数字化仪表控制系统的电磁兼容性验证与应用设计.核动力工程. 2008(3):23
[2]冯晓升. IEC61508电器的/电子的/可编程电子安全一相关系统的功能安全简介.仪器仪表标准化与计量. 2000(5):3-4
[3]吴重光,张贝克,马昕.过程工业安全设计的防护层分析(LOPA).自动化仪表. 2007(4): 17
[4]李佳嘉.贯穿于全生命周期的功能安全.自动化仪表. 2006, 27(5): 24-25
[5]燕飞,唐涛. IEC61508及其在铁路安全相关系统研制开发中的应用研究.铁道学报. 2005, 27(3): 18-20
[6]李佳玉,员春欣. IEC61508功能安全国际标及安全性分析.中国铁路. 2001(1): 14
[7]赵大伟,田小芳,谭永东. EN50129及其在铁路安全相关系统中的应用研究.中国安全科学学报. 2007(10): 15
[8]胡再新,周裕宏.电厂热工保护系统的完善.中国电力. 2003, 19(2): 25
[9]金妮,徐皑冬,刘明哲. E/E/PE安全相关系统的软件安全浅析.仪器仪表学报. 2008(3): 8
[10]黄世强.风险控制与核电安全.中国电力. 2007, 38(5): 9-11
[11]程平东.核电厂设计分析的管理要求.核安全. 2005(1): 19-20
[12]郭海涛,阳宪惠.安全系统定量可靠性评估的Markov模型.清华大学学报. 2008, 48(1): 15-17
[13]刘建侯.仪表型安全系统功能安全评估的应用研究.自动化仪表. 2006,27(Z1): 15-17
[14]尚柏鑫.石油化工装置安全仪表系统设计探讨.仪器仪表标准化与计量. 2005, 25(2): 11-13
[15]薛吉力,王律明.燃机发电机组监控保护系统设计.燃气轮机技术. 2008, 21(1): 14-16
[16] Koichi Suyama, Koto-ku. Japan Safety integrity analysis framework for a controller according to IEC 61508. 2008:2-3
[17] P. Rubel Oak Ridge National Laboratory Oak Ridge, Tennessee. SAFETY SYSTEMS DESIGN AND CRITERIA EVOLVE TOGETHER: LESSONS FROM THE HFIR. 2008(2): 16-18
[18] W F Bates. Health And Safety Executive. SAFETY-RELATED SYSTEM DESIGN IN POWER SYSTEM CONTROL AND MANAGEMENT. 2008(5): 2-3
[19] Riccardo Mariani, Gabriele Boschi, Federico Colucci. Using aninnovative SoC-level FMEA methodology to design in compliance with IEC61508.2008(2):15-17
[20] Riccardo Mariani, Gabriele Boschi, Federico Colucci. Using an innovative SoC-level FMEA methodology to design in compliance with IEC61508. Design, Automation & Test in Europe Conference & Exhibition. 2007(3):1-6
[21] Sammarco, J. J, Programmable. Electronic and Hardwired Emergency Shutdown Systems: A Quantified Safety Analysis.Industry Applications. 2007(5):1061-1068
[22] Alberto Elia, Luca Ferrarini. Analysis of Ethernet-based safe automation networks according to IEC 61508. 2008(6):65-67
[23]冯晓升. IEC61508电器的/电子的/可编程电子安全一相关系统的功能安全简介.仪器仪表标准化与计量. 2000(7): 34
[24]孙玮,马维迁,陈国运.大型循环流化床锅炉机组控制的研究.化工自动化及仪表. 2005 32(4): 32-34
[25]汪冬.大中型客车的安全性设计现状及发展.商用汽车. 2005(10): 23-25
[26]王彤,罗俏,王笑丹.动力设备环境综合监控系统的设计与实现.信息技术. 2005,26(3): 20-22
[27]廖波.二滩水力发电厂计算机监控系统完善升级浅析.电厂监控与闸门控制. 2007(6): 16
[28] Josef B?rcs?k1. 21 Computer Architecture and System Programming. 2008(3): 62-65
[29] Koichi SUYAMA, Koto-ku. Japan Functional safety analysis of reliable control systems using decision by majority. 2008 (6): 27
[30]施泉生.灰色层次分析法在中小型电厂安全性评价中的应用.中国安全科学学报. 2005(4): 32-35
[31]张涛,薛鹏骞,蒋静坪.基于CAN总线的煤矿安全监测监控系统的设计.煤炭科学技术. 2007, 35(6): 25
[32]王春喜,欧阳劲松.系统功能安全测试技术研究.自动化仪表. 2006(3): 18
[33]郭海涛,阳宪惠.安全系统的安全完整性水平及其选择.化工自动化及仪表. 2006 33(2): 19-21
[34] S. Purewal Health & Safety Executive (HSE) , UK M.A. Waldron Energy Networks Association (ENA). UK FUNCTIONAL SAFETY IN APPLICATION OF PROGRAMMABLE DEVICES IN POWER SYSTEM PROTECTION AND AUTOMATION. 2008(10): 72-75
[35]张斌,阳宪惠.安全仪表系统中参数满足某分布区间时的SIL评估方法.化工自动化仪表. 2008, 35(5): 21-23
[36]张志刚,余齐杰,安全仪表系统的设计.炼油技术与工程. 2005,35(5): 10-13
[37]万健如,李增昌,陈秀丽.电厂锅炉主联锁控制系统设计与应用.机械与电子.2004(3):15-17
[38]杜学军,林融.安全仪表系统切断阀的在线测试.石油化工自动化, 2002(6): 92-95
[39] Wolfgang A. Halang Chair of Real Time Systems Faculty of Electrical and Computer Engineering FernUniversit¨at 58084 Hagen, Germany Automated Control Systems for the Safety Integrity Levels 3 and 4. 2008(3): 2
[40] P H Jesty, D D Wardt, R S Rivett and R J Evans. UKSAFETY ANALYSIS OF PROGRAMMABLE AUTOMOTIVE SYSTEMS. 2008(5): 2
[41] Thomas D. Barkand, Senior Member, IEEESafe Electrical Design of Mine Elevator Control Systems. 2008(6): 2
[42] Jan A.M. Wiegerinck Senior Consultant Instrumentation and Plant Automation Shell Global Solutions, The Hague, Netherlands Introduction to the Risk based design of Safety Instrumented Systems for the process industry. 2008(9): 2-5
[43] Hickling, E.M.; King, A.G.; Bell, R, Human factors in electrical. electronic and programmable electronic safety-related. 2006: 7
[44] 1 P H Jesty, D D Wardt, R S Rivett and R J Evans. safety analysis of programmable automotive systems. System Safety. 2006 (5):136 - 145
[45] Elia, A. Ferrarini, L.Veber, C, Analysis of Ethernet-based safe automation networks according to IEC 61508, Emerging Technologies and Factory Automation. 2006(11):333-340
[46] Koichi Suyama, Koto-ku, Japan Controller design using safety performance index according toIEC 61508. 2008: page 2
[47]陈树泉,唐涛等. 2乘2取2安全计算机关键算法的设计与实现.计算机安全. 2008(3):12-14
[48] T. Novak, Member, T. Tamandl. IEEE Architecture of a Safe Node for a Fieldbus System. 2008(3):2
[49]王猛,宁滨,马连川.基于COTS的安全计算机系统.铁道通信信号. 2007(3):32-33
[50]黄文君,于浩洋,敖春波.核电站数字化仪表控制系统的电磁兼容性验证与应用设计.核动力工程. 2008(3):23