Dependability and Reliability of a Typical Industrial Programmable Logic Controller
Murat Can Simsek 145981
IAF0530 @ Tallinn University of Technology
Contents
- What is the PLC ?
- PLC failure rate
- Reliability consulting
- Which modules are more reliable?
- What the couses are ?
- Failure factors
- Structure of PLC
- Measures of PLC dependability
- PLC modelling techniques
- PLC analyse Stochastic Petri Nets model
- Results
What is the PLC?
- Brain of the machine
- small industrial strength computer used to control real world actions, based on its program and real world sensors.
- The program is typically in ladder logic
- Inputs to a PLC can be switches, sensors, bar codes, machine operator data, etc.
- Outputs from the PLC can be motors, air solenoids, indicator lights, etc.
PLC failure rate
- PLC controller more reliable than another form of control, etc. Basically the PLC controller has the life cycle of, and is as reliable as military spec electronics.
- PLC controller failure rate estimates like MTBF statistics ( Mean time between failure )
MT
- The average time of failure-free operation during the mission is known as the Mean Time Between Failure (MTBF).
- Failures are measured in FITs .1 FIT (failures in time), is the number of failures in 1 billion device-operation hours. A measurement of 1000 FITs corresponds to a MTTF (mean time to failure) of approximately 114 years.
PLC module types, mentioned are in order of most reliable (part with lowest failure rate listed first), with output modules being the most likely to fail.
Which modules are more reliable?
- PLC processor module
- PLC power supply
- PLC communication modules
- PLC input modules
- PLC output modules
PLC output modules are commonly electro-mechanical (relays) and/or higher current sinking PLC modules. ( motors, air solenoids, indicator lights, etc.)
Which modules are more reliable?
- Mechanical devices are more likely to fail than electrical,
- Electro-mechanical devices are more likely to fail then solid-state devices,
- High current devices are more likely to fail than low current devices.
Failure factors
- Factor: Environment : PLC controller in it gets exposed to extreme heat or cold, liquids, vibration, dust, etc.,
- Factor: Brand/Model : While a PLC in general has the lowest failure rate out of all automation control technologies, one brand may be more reliable than another brand.
- Factor: Electrical Design supporting PLC : End user of PLC controlled equipment commonly choose the lowest bidder, the equipment designers (OEM) tend to cut corners in design so they can be the lowest bidder.
- Factor: PLC Management: The best example of this PLC controller failure factor is not having any PLC management or policies in place at all.
Structure of PLC
- Three different channels
-
For each channel
- a digital input unit (DI)
- a processing unit (CPU)
- digital output unit (DO)
- Inter channel bus (IBUS) :for recieving a copy of the DI signal.
- Independent power supply units (PS 1 and PS 2)
The block diagram of the safety critical Programmable Logic Controller (PLC), at the first level,
Measures of PLC dependability
International Electrotechnical Commission (IEC) 61508 identifies two categories of systems: low demand mode of operation and continuous/high demand mode of operation and 4 Safety Integrity Levels.
| SAFETY INTEGRITY LEVEL | DEMAND MODE | CONTINUOUS MODE |
|---|---|---|
| 1 | >=10^-5 to <10^-4 | >=10^-9 to <10^-8 |
| 2 | >=10^-4 to <10^-3 | >=10^-8 to <10^-7 |
| 3 | >=10^-3 to <10^-2 | >=10^-7 to <10^-6 |
| 4 | >=10^-2 to <10^-1 | >=10^-6 to <10^-5 |
Target measures for the SIL levels of IEC 61508 standard
PLC dependability modelling techniques
When system activities are more complex, in terms of statistical dependence of its components and/or with time variable activities, probabilistic modeling techniques based on extended Petri Nets, can be used.
PLC dependability probabilistic modelling techniques and tools
- Fault tree analysis, by Sharpe and Item software
- Generalised Stochastic Petri Nets, by Surf-2
- Stochastic Activity Networks, by UltraSAN
PLC Generalised Stochastic Petri Nets model
GSPN model of the fault behaviour of a PLC single channel
Text
The failure of DI_A elementary block (firing of transition tDI_A ) or the failure of I/O_A bus (firing of the transition tI/O_A ) implies the Input_A failure
The possible failure of the input part of each channel is submitted to the software voter. The two out of three software voting is modelled by four transitions (t0, t1, t2, t3).
at least two out of three failures in the input part of the channels gives the failure of the single channel .
PLC Generalised Stochastic Petri Nets model
GSPN model of the fault behaviour of the whole PLC
Text
The Failure of the PLC is due to the failure of at least two out of three channels, or to the failure of both power supplies or to the voter failure.
The failure of a single channel is represented by the firing of any of the transitions tfail_A, tfail_B, tfail_C;
The two out of three majority logic
Results
From the single channel model, the failure rate of the single channel is λ=2.9131 e-6.
Whole PLC model, the PLC reliability in function of the time, computed by Surf-2
The Mean Time to Failure = 6.8729 e+05.
PLC reliability function versus time
- An experience of dependability assessment of a typical industrial safety critical Programmable Logic Controller -Silvano Chiaradonna, Andrea Bondavalli, Michele Minichino, Ester Ciancamerla -2009
- Dependability Assessment of an Industrial Programmable Logic Controller via
Parametric Fault-Tree and High Level Petri Net-Rossano Gaeta, Andrea Bobbio, Giuliana Franceschinis, Luigi Portinale - Programmable logic controller Online - https://en.wikipedia.org/wiki/Programmable_logic_controller
REFRENCES
THANK YOU
Questions ?