Study on Application of Safety Technologies to Adjustable Speed Electrical Power Drive Systems (可変速電力ドライブシステムへの安全技術の適用に関する研究)
氏名 SANSAK DEEON
学位の種類 博士(工学)
学位記番号 博甲第639号
学位授与の日付 平成24年12月31日
学位論文題目 Study on Application of Safety Technologies to Adjustable Speed Electrical Power Drive Systems (可変速電力ドライブシステムへの安全技術の適用に関する研究)
論文審査委員
主査 教授 平尾裕司
副査 教授 大石 潔
副査 教授 門脇 敏
副査 教授 福田隆文
副査 准教授 木村哲也
[平成24(2012)年度博士論文題名一覧] [博士論文題名一覧]に戻る.
CONTENTS
Abstract p.1
Chapter 1 Introduction p.1
1.1 Background of the study p.1
1.2 Structure of the thesis p.2
Chapter 2 Adjustable speed electrical power drive systems and safety technologies p.4
2.1 Safety standard for adjustable speed electrical power drive systems p.4
2.1.1 Safety functions p.5
2.1.2 Technical requirements to realize safety functions p.7
2.2 Safety technologies and functional safety p.10
2.2.1 Deterministic and probabilistic approaches p.10
2.2.2 Inherent safety p.11
2.2.3 Computedr-based safety systems p.13
2.3 Inherent safety for adjustable speed electrical power drive systems p.14
Chapter 3 A fail-safe counter and its application to low-speed detection p.15
3.1 Introduction p.15
3.2 The fail-safe counter and its design concepts p.16
3.2.1 Safety technologies and the significance of the fail-safe counter p.16
3.2.2 Design concept of a fail-safe counter p.16
3.2.3 The digital counter circuit p.18
3.2.4 The band-pass filter with the pump-up circuit p.20
3.3 The safety analysis of the fail-safe counter p.23
3.3.1 FEMEA analyses of digital counter circuit and the band-pass filter with pump-up circuit p.23
3.3.2 Countermeasures against dangerous fault situations revealed by FMEA analyses p.28
3.4 Conclusions p.30
Chapter 4 A relay drive circuit for a safe operation order and its fail-safe measures p.31
4.1 Introduction p.31
4.2 A relay drive circuit for a safe operation order and its design concept v32
4.2.1 Safety relays p.32
4.2.2 Basic safety principles for relay drive circuits urged by the international safety standard, ISO 13849-2 p.33
4.2.3 A proposed fail-safe relay drive circuit for motor current cut-off control and its design concepts p.35
4.3 Fail-safe measures for the relay drive circuit p.39
4.3.1 Counttermeasures against the CMOS self-oscillation by input open-fault p.39
4.3.2 High-powered relay drive with stability p.45
4.3.3 Measures for the on-delay T1 and off-delay T2 p.46
4.4 The safety analysis of the relay drive circuit p.48
4.5 Conclusions p.52
Chapter 5 Formulation of safety principles and technologies for adjustable speed electrical power drive systems p.53
5.1 Safety principles and technologies for adjustable speed electrical power drive systems p.53
5.1.1 A digital counter checked by a high-frequency signal and band-pass filter characteristics p.54
5.1.2 A window comparator for checking digital counter output voltage levels p.55
5.1.3 CMOS inverters with a four-terminal capacitor and a metal shield as countermeasures against self-oscillation p.58
5.1.4 Fail-safe on-delay and off-delay circuits with linear regulators and capacitors p.59
5.1.5 Special transformers for high-powered output with stability and band-pass filter characteristics p.60
5.2 Safety principles and technologies for adjustable speed electrical power drive systems and their extension to other applications p.62
Chapter 6: Conclusions p.65
Bibliography p.69
Publications and Research Activities p.71
Acknowledgment p.72
Annex p.74
Annex A: Failure analysis of the fail-safe counter by simulation and experiment (Detailed analysis) p.75
Annex B: FMEA analysis of the fail-safe counter p.96
Annex C: FMEA analysis of the fail-safe relay drive p.122
Corresponding to the extension of motor drive applications to a variety of safety-related controls, it has become more vital to maintain a high level of safety even in the case of malfunction. Although the technical requirements to realize the safety functions should be comprehensive and effective, only a functional safety approach, which emphasizes probabilistic/quantitative analyses, is adopted even in the most fundamental international standard, IEC 61800-5-2. This overemphasis on probabilistic/quantitative analyses is not appropriate. In most applications, a safe state can be defined, and in those cases deterministic/qualitative safety measures, which are based on hardware structure and inherent fail-safety, are effective, and such measures should be adopted prior to probabilistic/quantitative measures as preconditions of functional safety, especially since this allows such parts to be embedded, with simpler hardware structure and less cost, into the drive systems.
With the background mentioned above, this doctoral thesis focuses on inherent fail-safety, with neither CPUs nor software, for adjustable speed electrical power drive systems, and aims at building up safety principles and technologies for those systems.
Firstly, a low-speed detection method by a fail-safe counter is proposed and discussed. Specific features of this proposed method are, (a) the adoption of digital counter circuits for detection of low-speed, and (b) the diagnosis of the digital counter circuit and its result output as dynamic signals to a band-pass filter and a charge pump circuit, as well as an additional diagnosis of a fail-safe window comparator which checks the DC signal level from the charge pump circuit. Only when the motor speed gets lower than the predetermined speed and no parts of the digital counter circuit malfunction, dynamic signals with the band-pass frequency are provided to the filter and a DC signal is eventually output as the low-speed detection result in a fail-safe manner. Safety analyses of this fail-safe counter have been carried out, and a fail-safe window comparator which checks the DC signal level from the fail-safe counter has been added to the charge pump circuit as a countermeasure against two specific critical failure modes. Through thorough safety analyses by FMEA (Failure Mode and Effects Analysis), software simulation and prototype hardware circuits, the effectiveness of the adopted frequency-based diagnostic methods for the fail-safe counter is confirmed. The safe speed monitoring (SSM) is one of a number of designated safety functions which the standard requires of electrical power drive systems, and these functions are realized by the fail-safe counter in an inherently safe manner.
Secondly, a relay drive circuit for a safe operation order, which outputs to two relays with some time difference to avoid the common mode failure of the welding of contacts, is proposed and discussed from the viewpoint of adopting CMOS inverters to safety-related applications and providing time delay functions. Countermeasures against avoiding self-oscillation of CMOS inverters in the case of input open-faults are additional capacitance and a metal shield to the input as well as simultaneous supply of the electrical source and input with the same timing. The time delays are guaranteed by providing simultaneous electrical source and the input to by linear regulators and capacitors with the same timing. The high-powered relay drive with stability is realized by transformers with band-pass filter characteristics, and booting the ground voltage level of ICs by the similar transformers increases tolerance to line-cross at lines to relays or noise by EMC coupling within the circuit. The effectiveness of these safety measures is also confirmed by FMEA, software simulation and prototype hardware circuits. Motor control circuits are required to cut off current to the motor when any abnormal condition happens, and the proposed relay drive circuit is categorized as the safe torque off (STO).
The safety principles and technologies which are proposed in the above-mentioned safety applications can be regarded as fundamental safety measures to adjustable speed electrical power drive systems because of their specific features that energy is provided only under no-malfunction situations. These are also applicable, as embedded safety elements, to even more sophisticated systems, which need computer-based safety technologies.
本論文は、「Study on Application of Safety Technologies to Adjustable Speed Electrical Power Drive Systems (可変速電力ドライブシステムへの安全技術の適用に関する研究)」と題し、6章より構成されている。
第1章「Introduction」では、研究の背景、先行研究について説明するとともに、研究目的と本論文の構成について述べている。
第2章「Adjustable speed electrical power drive systems and safety technologies」では、可変速電力ドライブシステムの応用が拡大しているなか、それらに適用される安全技術が定量的安全解析を中心とする機能安全のみで構成されていることが適切ではないことを示し、ハードウェアによって構造として安全を確保するフェールセーフ設計を適用することの重要性と利点を 述べている。
第3章「A fail-safe counter and its application to low-speed detection」では、フェールセーフ設計の具体的提案として、構成要素が故障した場合には危険となる低速度検出機能に対して汎用のディジタル回路と アナログ回路から成るフェールセーフカウンタを提案し、その原理と回路構成、試作回路の安全解析結果について述べている。
第4章「A relay drive circuit for a safe operation order and its fail-safe measures」では、可変速電力ドライブシステムからモータへの出力を異常時に確実に遮断するために、構成要素に故障が生じても電力供給回路を遮断できるフェールセーフ設計によるリレードライブ回路を提案している。このリレードライブ回路には、入力信号オープン故障時の自己発振を抑止したCMOSインバータ、リニアICを用いた遅延回路、帯域フィルタ特性を有するトランス回路を安全技術として新たに提案し、適用している。これらの安全性についても、 FMEAによって確認している。
第5章「Formulation of safety principles and technologies for adjustable speed electrical power drive systems」では、第3章および第4章で提案した構成要素がすべて正常であるときのみに出力する可変速電力ドライブシステムのためのフェールセーフ安全技術について体系化し、コンピュータ制御による高機能なシステムにも適用可能であることを示している。
第6章「Conclusions」では、本論文の成果と意義について総括している。
以上のように、本研究は、ハードウェアによって構造として安全を確保するフェールセーフ設計を可変速電力ドライブシステムに適用して低速度検知および電力供給回路遮断の機能を実現するための安全技術を提案し、その有効性を明らかにするとともに高機能システムへの拡張が可能であることを示した。よって、本論文は工学上および工業上貢献するところが大きく、博士(工学)の学位論文として十分な価値を有するものと認める。