Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: http://uscgproceedings.epubxp.com/i/264352
www.uscg.mil/proceedings 60 Proceedings Winter 2013–2014 Common Mode Failure A common element that is without redundancy is the logic, including software. This commonality can prove to be an Achilles heel for the control system. If the master and slave processor are running the same software and a software defect disables the master processor, it simulta- neously disables the slave processor. Similar issues exist regarding the data communication networks. Hardware in the Loop Hardware in the loop or HIL testing is the result of 30 years' worth of technological evolution; it allows sim- ulations to connect to and interact with the real world. HIL testing consists of connecting equipment under test to a simulation of another collection of hardware and performing a series of tests that verify key functional- ities. Before this type of testing, simulation, consisting of models and logic developed from functional descrip- tions, were executed on the simulator hardware. Early simulations had limited facility to connect to and interact with the world outside and rarely occurred in real time. These early efforts were the precursors of what now is called software in the loop (SIL) testing, so with the introduction of HIL testing, the art has developed into two distinct branches: • power hardware in the loop, • control hardware in the loop. In its purest form, hardware in the loop testing uses the actual hardware deployed aboard the vessel or facility and the actual logic, some of which is implemented in software. Verifcation testing is then tied to the real-time char- acteristics of the actual hardware, frm- ware, software, and interfaces — which means that there is limited ability to accelerate the control system speed to shorten the testing process. The logic is loaded into and operates on the actual hardware. HIL testing provides the opportunity to identify logic defects as well as defects that are coupled to the control system hardware and frmware. In practice, it is nearly impossible to meet this criteria, which is the actual logic (including software) running on the actual hardware. Reasons for this include the challenge of bringing the actual hardware together; the inability to connect the actual hardware; and, for Modern control systems also include error-checking and annunciation capabilities, which typically allow for diagnostic and error identifcation at the rack and card level and can extend down to the I/O level, where indi- vidual loops can be checked for open, short, ground, and such. They can also be used to perform transducer and measuring instrument diagnosis and calibration. Control Systems Redundancy One aspect of modern control systems is the level of redundancy built into the system to facilitate continu- ous operation in the event of a single failure. Examples include dual communication networks, master/slave processor relationships, voting processor relationships, and multiple power supplies. In practical terms, this means that for systems using a single communication network, the network is duplicated, and the two net- works operate in parallel. Should one network fail, it is assumed that the other will continue to operate. Because it is diffcult to "separate" redundant parts dur- ing system verification, redundancy introduces chal- lenges and complexities, especially when verifcation testing is to be performed on the installed hardware of an operating control system. If redundant or parallel processors or automatic control systems are ftted, it is recommended that the redundant automatic control systems be independent, self-monitoring, and arranged such that, should one fail, control is automatically transferred to a non-failed automatic control system. Winter �2013_45.indd 60 2/10/14 9:32 AM