Safety Considerations Guide for Trident v2 Systems - TUV ...

More documents

Recommendations

Info

86 Appendix C Safety-Critical Function Blocks * Application * The APP parameter for a module selects the effect of a fault * on the vote mode outputs of the shutdown function blocks. * APP:=RELAY with RELAY_OK:=true * A sinlge fault (even a voter fault) degrades the mode to DUAL. * The relay provides a third channel for shutdown, * so if an output voter fails, there are still * two independent channels that can de-energize the output, * i.e., the relay and the other output voter channel. * APP:=RELAY with RELAY_OK:=false, or * APP:=DE_ENERGIZED * A voter fault degrades the mode to SINGLE. * A non-voter fault degrades the mode to DUAL. * * Runtime Errors * EBADPARAM Bad parameter * CO=FALSE indicates a programming error. * See ERROR number parameter for details. *=F=============================================================================== *) IF RESET THEN CO := TRUE ; TMR := TRUE ; GE_DUAL := TRUE ; GE_SINGLE := TRUE ; NO_VOTER_FLTS := TRUE ; ELSIF PREVIOUS_RESET THEN ; (* No operation. *) ELSIF CI AND CO THEN IO( CI := CI, IOP := IOP, SLOT := SLOT ); IF NOT IO.CO THEN ERROR := IO.ERROR_NUM ; U := ReportBadParam(0) ; CO := FALSE ; END_IF ; IF CO THEN TMR := TMR AND IO.TMR ; GE_DUAL := GE_DUAL AND IO.GE_DUAL ; GE_SINGLE := GE_SINGLE AND IO.GE_SINGLE ; NO_VOTER_FLTS := NO_VOTER_FLTS AND IO.NO_VOTER_FLTS ; IF APP = RELAY AND RELAY_OK THEN TMR := TMR AND IO.NO_VOTER_FLTS ; ELSIF APP = DE_ENERGIZED OR APP = RELAY AND NOT RELAY_OK THEN TMR := TMR AND IO.NO_VOTER_FLTS ; GE_DUAL := GE_DUAL AND IO.NO_VOTER_FLTS ; ELSE ERROR := -5 ; (* Application number is invalid *) U := ReportBadParam(0) ; CO := FALSE ; END_IF ; END_IF ; END_IF ; IF ERROR = 0 AND NOT CO THEN ERROR := -6 ; (* Not initialized *) U := ReportBadParam(0) ; END_IF ; IF NOT CO THEN TMR := FALSE ; GE_DUAL := FALSE ; GE_SINGLE := FALSE ; NO_VOTER_FLTS := FALSE ; Safety Considerations Guide for Trident v2 Systems
END_IF ; PREVIOUS_RESET := RESET ; END_FUNCTION_BLOCK SYS_CRITICAL_IO 87 Safety Considerations Guide for Trident v2 Systems
Page 1 and 2:
Trident v2 Systems Safety Considera
Page 3 and 4:
Contents Preface vii Summary of Sec
Page 5 and 6:
Contents v Partitioned Processes. .
Page 7 and 8:
Preface This guide provides informa
Page 9 and 10:
• All other requests are handled
Page 11 and 12:
1 Safety Concepts Overview 2 Hazard
Page 13 and 14:
Protection Layers Methods that prov
Page 15 and 16:
Hazard and Risk Analysis Hazard and
Page 17 and 18:
Sample SIL Calculation Hazard and R
Page 19 and 20:
Safety Life Cycle Model Hazard and
Page 21 and 22:
Hazard and Risk Analysis 11 • Eac
Page 23 and 24:
CAN/CSA-C22.2 No. 61010-1-04 Safety
Page 25 and 26:
2 Application Guidelines Overview 1
Page 27 and 28:
General Guidelines This section des
Page 29 and 30:
General Guidelines 19 Safety Measur
Page 31 and 32:
Emergency Shutdown Systems The safe
Page 33 and 34:
Safety-Shutdown Guidelines for Tric
Page 35 and 36:
Guidelines for Triconex Controllers
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
3 Fault Management Overview 34 Syst
Page 45 and 46: System Diagnostics System Diagnosti
Page 47 and 48: Operating Modes Each input or outpu
Page 49 and 50: Analog Output (AO) Modules Module D
Page 51 and 52: Calculation for Diagnostic Fault Re
Page 53 and 54: External Communication Module Diagn
Page 55 and 56: 4 Application Development Developme
Page 57 and 58: Array Index Errors Infinite Loops D
Page 59 and 60: Setting Scan Time 49 application. T
Page 61 and 62: Sample Safety-Shutdown Programs Sam
Page 63 and 64: Sample Safety-Shutdown Programs 53
Page 65 and 66: When Some I/O Modules Are Safety-Cr
Page 67 and 68: Sample Safety-Shutdown Programs 57
Page 69 and 70: Partitioned Processes Sample Safety
Page 71 and 72: Alarm Usage Alarm Usage 61 To imple
Page 73 and 74: A Triconex Peer-to-Peer Communicati
Page 75 and 76: Data Transfer Time Data Transfer Ti
Page 77 and 78: Data Transfer Time 67 A typical dat
Page 79 and 80: Examples of Peer-to-Peer Applicatio
Page 81 and 82: B HART Communication Overview 72 HA
Page 83 and 84: 2008-04-01 Automation, Software and
Page 85 and 86: 2008-04-01 HART Position Paper from
Page 87 and 88: 2008-04-01 A possible impact to the
Page 89 and 90: 2008-04-01 HART Position Paper from
Page 91 and 92: C Safety-Critical Function Blocks O
Page 93 and 94: SYS_CRITICAL_IO Accumulates the sta
Page 95: Library Trident and Tri-GP (TRDLIB)
Page 99 and 100: Output Parameters (continued) Name
Page 101 and 102: SYS_SHUTDOWN 91 * the safety system
Page 103 and 104: ALARM_DISABLED_POINTS := MPX.POINTS
Page 105 and 106: Example For shutdown examples, see
Page 107 and 108: A abbreviations, list of viii actua
Page 109 and 110: message errors, external communicat
Page 112: Invensys Operations Management 5601
show all

Safety Considerations Guide for Trident v2 Systems - TUV ...

Create successful ePaper yourself

Delete template?

Save as template?