0% found this document useful (0 votes)
369 views18 pages

Cause-and-Effect Matrix Specifications For Interlock

Cause-and-Effect Matrix specifications for interlock

Uploaded by

Tyler Nielsen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
369 views18 pages

Cause-and-Effect Matrix Specifications For Interlock

Cause-and-Effect Matrix specifications for interlock

Uploaded by

Tyler Nielsen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Cause-and-Effect Matrix specifications for interlock

based systems

Borja Fernández Adiego (CERN)

Contains Joint work of


Enrique Blanco, Roberto Speroni (CERN)
H. Hamisch, M. Bonet, M. H. de Queiroz (Universidade Federal de Santa Catarina,
Florianópolis, Brazil)
Context

Specifications for
interlock logic in
Industrial controls and
Safety Systems

2
Industrial controls Safety Systems
Supervision

S7

How to specify
PLC
interlock
Control logic?

Profibus Profisafe

Field

3
Main problems with specifications

1. Ambiguous specification Functional


Process expert Safety
expert

2. Incomplete specification

Specification

3. Complex specification

Controls expert

4
Specification options for stateless logic (some
examples)
Logic diagram Boolean expression

5
Specification options for stateless logic (some
examples)
Cause and Effect Matrix

Description

N_EISa_Safe{1}[1]

N_EISa_Safe{1}[2]

N_EISa_Safe{1}[3]
StateOfElementsSC{1}

Tag
Description Tag 1 2 3
Assignment of element [n] to safety
SC-S{1}[1] 1 N,A1,A2,A3,A4
chain {i}
Installation of door contact [n] I_EISa_Pos[1] 2 A3,A4
Installation of emergency handle [n] I_EISa_PU[1] 3 A2,A4
Feedback of door contact [n] I_EISa_Pos_Stat[1] 4 A1,A2
Feedback of emergency handle [n] I_EISa_PU_Stat[1] 5 A1,A3
Bypass on element (both door contact
I_EISa_Bypass[1] 6 A2,A3,A4
and emergency handle) [n]
Assignment of element [n] to safety
SC-S{1}[2] 7 N,A1,A2,A3,A4
chain {i}
Installation of door contact [n] I_EISa_Pos[2] 8 A3,A4
Installation of emergency handle [n] I_EISa_PU[2] 9 A2,A4
Feedback of door contact [n] I_EISa_Pos_Stat[2] 10 A1,A2
Feedback of emergency handle [n] I_EISa_PU_Stat[2] 11 A1,A3
Bypass on element (both door contact
I_EISa_Bypass[2] 12 A2,A3,A4
and emergency handle) [n]
Assignment of element [n] to safety
SC-S{1}[3] 13 N,A1,A2,A3,A4
chain {i}
Installation of door contact [n] I_EISa_Pos[3] 14 A3,A4
Installation of emergency handle [n] I_EISa_PU[3] 15 A2,A4
Feedback of door contact [n] I_EISa_Pos_Stat[3] 16 A1,A2
Feedback of emergency handle [n] I_EISa_PU_Stat[3] 17 A3,A1
Bypass on element (both door contact
I_EISa_Bypass[3] 18 A2,A3,A4
and emergency handle) [n] 6
Outline

Case Study

Applicability of CEM

Conclusions

7
Case Study – CERN test bench facility

• Test benches for superconducting magnets (SM18, FAIR, B311)

• Risks to personnel and equipment


 Cryogenics
 Vacuum
 Power converters
 Cooling & ventilation

• Need for Safety Instrumented Systems


(IEC 61511 standard)

• Specification was divided in Operational requirements and Safety requirements


8
Case Study – CERN test bench facility

• 5 test benches and 4 different power converters


• 42 analogue input signals (e.g. temperature and voltage sensors)
• 130 digital input signals (e.g. flow switches, commutators feedbacks)
• 56 output signals (e.g. digital relays to operate the power converters)

9
Case Study – Operational specification
Test Types

SCADA
Commands

Process
Inputs

Process
Outputs

10
Case Study – Operational specification

• Simple and convenient formalism for the process engineer

• but ambiguous specification

11
Case Study – Safety specification
FMEA risk analysis

• Unambiguous specification
Safety • But no tool support:
Function • Test cases generation
Specification • Verification cases
generation
• Code generation

12
Cause and Effect Matrix (CEM)

• A compact and intuitive graphical representation of Boolean expressions

• Adequate to represent stateless logic, where a given output depends only on a


combination of the current input signals

• There are many variants of CEMs and the companies adopt the semantics that
best adapt to their processes and engineering practices

 SIMATIC Safety Matrix (Siemens Product)


 IEC 62881:2018. Cause and effect matrix

13
Cause and Effect Matrix (CEM)

14
Cause and Effect Matrix (CEM)

Variable discretization

15
Cause and Effect Matrix (CEM)

• Code generation (when possible)

• Test case generation

• Verification cases generation


16
SISpec: CEM Editor

17
Conclusions
CEM pros CEM cons Future directions

• Simple and graphical mechanism • Not appropriate for all • Extension of the CEM semantics
types of processes. Mainly to different activation logics
• Allows a better communication convenient for stateless (rising edges, pulses, etc.)
between control, process and safety interlock logic
experts

• Trivial generation of the PLC code • Certain Boolean logic may • PLC code generation and
be difficult to express in one integration in the development
• Allows automatic generation of test single CEM (auxiliary CEMs cycle of SISs and interlock-based
and verification cases may have to be Included) control systems

• Improved maintainability of the PLC


code and traceability of the whole
project

18

You might also like