Real-Time Measurement and Control

cancel
Showing results for 
Search instead for 
Did you mean: 

cRIO in safety application

I'm looking into precedence of FPGA use in safety applications and wonder if cRIO with FPGA as a PAC can be used in safety-credited systems requiring fast (decades of us) response. To be specific, I'm looking for the following:

- Are there examples of cRIO use in systems with SIL 2 and higher?

- If yes, how is the proper level of functional safety achieved? How redundancy/diversity can be introduced into hardware or logic?

- What would be the verification/validation process?

 

Thanks!

0 Kudos
Message 1 of 9
(1,967 Views)

Hi rkadyrov,

 

What are you trying to do with it? (end application)

 

Also, what inputs are you using to determine required overall response time? E.g. sensor read time + wire traversal to module + read time + application processing time + output to pin + wire traversal + actuator

 

10's of us is very fast for SIL. 100's of us is still pretty fast for SIL applications. Is this being specified to you (e.g. as a system requirement)? 

Andrew T.
"His job is to shed light, and not to master" - Robert Hunter
0 Kudos
Message 2 of 9
(1,956 Views)

Thanks Andrew for the prompt response.

 

There are voltage signals from detectors that have to be digitized at 25kHz or more, 16 bit.

The reading should be accumulated over a running integration window.

A buffer can be used for this with new sample added, the oldest removed, so that if the sum of the buffer exceeds certain level, action should be taken.

Overall budget from event to action is 200 us, some time should be reserved for signal propagation (hundreds of meters) and mitigation devices to act on system trip.

This leaves 100us or less for processing electronics.

0 Kudos
Message 3 of 9
(1,944 Views)

We used a cRIO on an application with a high degree of safety criticality - a moving motion compensation gangway for personnel transfer (see this case study - http://sine.ni.com/cs/app/doc/p/id/cs-14813). We didn't develop the safety case or the detailed safety functionality (we just implemented it, our skills is more in the control), but the safety methodology was reviewed, approved and certified (once built and tested) by a marine certification body. I am sure some SIL rating could have been developed for the system, but I wasn't aware that.

 

In this case the safety functionality was handled by a combination of:

  • cRIO FPGA - a simple watchdog to monitor the LV RT application and interface between the LV RT application and the external safety system (e-stops and hydraulic valves)
  • the LV RT application which could instigate shut downs (through FPGA) depending on faults detected (there were different classes of shut down designed to maximise protection of any personnel on the gangway depending on the fault and the operating condition). Most of fault detection and fault handling functionality resided here.

This was all verified as part of a very detailed acceptance test, approved and witnessed by the certification body.

 

This was all very specific to this system, and probably not easily transferable to other applications. These white papers may be helpful for some basic insight, but I expect you are beyond that:

Hope this helps

Consultant Control Engineer
www-isc-ltd.com
0 Kudos
Message 4 of 9
(1,936 Views)

Thanks for the post, Andy.

 

OP, do you need to pursue & receive an ACTUAL SIL certification for your end system?

Occasionally questions about SIL come up, but they end with the realization that MTBF numbers are sufficient. I don't know of any customers who have actually certified a cRIO to a SIL.

Andrew T.
"His job is to shed light, and not to master" - Robert Hunter
Message 5 of 9
(1,893 Views)

Understood, thank you all for the replies

 

The MTBF in our application should be the same as in other SIL2 systems, no other requirements specified.

My main argument for the cRIO use so far is that it is "proven in use". Also fail-safe operation can be explicitly programmed.

The downside is that there is no diversity in signal processing.

0 Kudos
Message 6 of 9
(1,887 Views)

Hi rkadyrov,

 

We have MTBF numbers for many of our cRIOs. If this is what you need, start a conversation with your local support (Applications Engineering) office (can email support@ni.com). Please let them know which hardware model you're working with and reference this thread when creating your support request.

Andrew T.
"His job is to shed light, and not to master" - Robert Hunter
0 Kudos
Message 7 of 9
(1,874 Views)

Just in case this is helpful - I was talking to one of NI sales engineers and they said NI will be launching a couple of SIL 3 rated C-Series modules (Digital IO and some limited analogue IO) that can be used for safety systems. These are configurable to provide logic solver functionality, but note they are not at all integrated into LabVIEW or the cRIO FPGA - they use the cRIO chassis simply to house them.

Consultant Control Engineer
www-isc-ltd.com
0 Kudos
Message 8 of 9
(1,840 Views)

Having a COTS SIL 3 IO modules would be nice, but if they are not going to talk to FPGA and/or LabVIEW, they will act as a safety PLCs (probably with faster signal processing).

After talking to local FPGA sales engineers, I'm inclining to make a redundant FPGA design on two chips from scratch.

Thanks everybody for the help!

0 Kudos
Message 9 of 9
(1,821 Views)