2014

A Simple Fault-Tolerant Method for Automatically Determining Manually Configured Flexible Hose Interconnections Among Port Manifolds for the Process Industries A method of automatic detection and verification of port interconnections among flexible hose stations is provided along with designs for both hardware and software components. The method may be suitable for both new and retrofit installations of real-time control systems.

A H B

F E

GOutput GInput GOutput GInput

FOutput FInput FOutput FInput

James Uthgenannt 3/14/2014

A Simple Fault-Tolerant Method for Automatically Determining Manually Configured Flexible Hose Interconnections Among Port Manifolds for the Process Industries James A. Uthgenannt Abstract A method of automatic detection and verification of port interconnections among flexible hose stations is provided along with designs for both hardware and software components. The method may be suitable for both new and retrofit installations of real-time control systems. Revision History Revision 1 Date 14-Mar-2014 Description First Issue March 14, 2014

Introduction: Process industries feature interconnected equipment used for the successive transformation of raw materials to finished products and, ideally, benign byproducts. Most often, such interconnections are accomplished by fixed, rigid piping manifolds. It is often beneficial to employ some means of configurability for certain interconnections through the use of temporary connections. Temporary connections may take the form of flexible hose stations with dry disconnect couplings or transfer panels with U-bend spool pieces. Such connections may offer these advantages over fixed piping manifold solutions: 1. 2. 3. 4. Reduced costs and complexity Reduced risk of product cross-contamination Increased operational flexibility Permit a more natural and simplified use of portable or mobile equipment

Some disadvantages of the use of flexible connections is the setup time required to effect a connection and the requirement to verify said connection was properly made. These points are evident in that such connections must often be made by an experienced field operator. Verification of proper connections may be made automatically by electronic field sensors, or in cases of their absence, preferably by a second experienced field operator, especially if the consequences of an improper connection pose serious safety, environmental, or product quality implications. Transfer panels may provide connection verification via the use of proximity switches mounted on the panels surface that automatically detect the presence of a spool piece that connects two ports on the panel. Typically, one switch is dedicated to each port pairing. These panels and spool pieces are precision fabricated to strict geometric tolerances to permit and verify only those intended process interconnections defined during the process design stage. These systems tend to be used where the number of connections and concurrent connections are few. Connection verification can also be inferred by the use of a pressure hold test initiated at the source and measured at the destination. Flexible hose stations offer an advantage over transfer panel technology in that they more easily allow a larger number of concurrent connections and permutations among source/destinations. A drawback of the
Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 2 of 13

flexible hose station is the lack of an ability to automatically verify those connections made. Pressure hold tests are one method but are time consuming and capital intensive. Some manufacturers offer keyed port connections to prevent wrongly connecting ports pairs and or proximity switches to ensure a hose/port connection is made. However, an automatic point-to-point (port-to-port) verification scheme is not available commercially (at least, to this authors knowledge). This paper outlines an approach for the automatic, point-to-point (port-to-port) verification of flexible hose connections. Preliminaries Some preliminaries are established that will help guide both the hardware circuit design as well as the logic design for resolving all port connections within a collection. First, well assume that port connections can only be one-to-one or one-to-none. Further, ports are assembled together in a collection where a collection represents those ports which may be interconnected. Two types of systems are considered: Type 1 systems - each port in a collection of ports belongs to one of two disjoint, complementary sets. Ports of the same set may not connect with each other; they may only connect with ports from the complementary set. Such a system may employ a relatively simple schema for connection verification with limited self-diagnostics and fault tolerance. Type 2 systems - each port in a collection belongs to the same set and may connect with any other port in the set. This type is more complex than type 1 but results in a fault tolerant connection verification schema with better self-diagnostics. The approach described for type 2 can be applied to type 1 physical systems, especially when faulttolerance and system self-diagnostics are required. Figure 1 illustrates a type 1 system. There are seven ports in the collection. Ports in set {A, B, C} may not connect to each other. Similarly, ports in the set {w, x, y, z} may not connect with each other. The sets {A, B, C} and {w, x, y, z} are complements of each other. Connections among them are represented as a mapping: {A | x} is interpreted as port A is connected to port x. {A | } is interpreted as port A is unconnected. {A | w, x} is interpreted as port A is connected to both ports w and x which is, in general, not allowed per the one-to-one stipulation above. Again, {A | B}, {w | x}, et cetera are not allowed for type 1 systems.

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 3 of 13

Figure 1 -Type 1 System The collection consists of sets {A, B, C} and {w, x, y, z}. The complete mapping is {A | x}, {C | y}, {B | }.

Figure 2 represents a type 2 system where each port in the collection of eight ports may connect to any other port in the collection.
A H B

F E

Figure 2 -Type 2 System Each port in the set {A, B, C, D, E, F, G, H} may connect to any other port in the set. The complete mapping is {A | }, {B | D}, {C | H}, {D | B}, {E | }, {F | G}, {G | F}, {H | C}.

For type 2 systems, connection mappings are symmetric, that is: {C | H} is equivalent to {H | C}.

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 4 of 13

Hardware Design It is assumed that standard commercially available industrial digital input/output modules and component terminal/device blocks will be used. The circuits depicted employ DC sinking input modules and DC sourcing output modules; the modules share DC common. An insulated, suitably rated, single-conductor cable is either integrated or affixed along the length of flexible (process) hose. The cable features a connector at each end. Each port is equipped with a receptacle that accepts the cable connector; when the cable is connected at both ends, an electrical circuit is completed. Recall for type 1 systems, there are 2 sets of ports to a collection. Each element of one set will feature an output circuit and each element of the complementary set will feature an input circuit. From a performance standpoint, the set with the fewest elements should feature the output circuits. Connections are resolved in software by individually and successively firing each output momentarily in turn and evaluating which inputs respond. Once all outputs have been fired, all connections amongst the collection may be resolved. Figure 3 illustrates a simple schematic for 2 ports in a type 1 system.

AOutput AOutput

xInput xInput

Figure 3 Type 1 The schematic shows disconnected and connected states for ports A and x as {A | } (above) and {A | x} below.

For type 2 systems, each port will feature both an input and an output circuit. A diode is incorporated in each ports circuit as illustrated in Figure 4.

GOutput GInput GOutput GInput

FOutput FInput FOutput FInput

Figure 4 Type 2 The schematic shows disconnected and connected states for ports G and F as {G | G, }, {F | F, } (above) and {G | G, F}, {F | F, G} (below).

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 5 of 13

In Figure 4, an exception to the mapping notation established earlier is indicated. The statements, {G | G, F} and {G | G, } are interpreted as G is always connected to itself or Gs input should register an echo of its output . Though seemingly awkward at first, this results in a simple circuit that provides redundant information (remember, {G | G, F} implies {F | F, G}). This notation is simplified hereafter as {G | 1, F} and {G | 1, } to indicate G is connected to itself. Failure modes include {G | 0, F} and {G | 0, } which indicate port Gs input does not respond to its output (echo failure). It will become apparent that a single point I/O failure in the circuit above can readily be annunciated and compensated for. Connections are resolved in software in a similar fashion as for type 1 systems. Outputs are momentarily energized one-at-a-time and those inputs which respond are evaluated. Once all outputs have been fired, all initial evaluations amongst the collection may be resolved. The cycle is repeated continuously to provide real-time status of all interconnections. Some overhead is required for sensibly interpreting information arising during various failure modes. This is provided in the next section. Software Design Some software specification elements are provided for the type 2 system only. The specification for type 1 systems is simpler and can be adapted easily from the type 2 example provided. Before providing pseudocode, some of the various expected and error conditions are enumerated. At this point it is worth stressing the importance of good diagnostics for this application. Whereas a single faulty limit switch or proximity sensor should be easy enough (or sometimes difficult) to troubleshoot, this application may rely on a large collection of I/O being evaluated with logic at high scan rates. To forego the use of good, available diagnostics for such an application would be an invitation for trouble down the road. The following design is meant to reliably resolve interconnections as well as flush out and pinpoint otherwise latent and byzantine failures that could occur during a systems lifecycle. The following summarizes possible single-port evaluations. Mapping Evaluation {G | 1, F} Indicates port G senses connection to port F and port G echo status is OK. (This is a normal condition). {G | 0, F} Indicates port G senses connection to port F and port G echo status is Alarm. (This is an abnormal condition conceivably caused by failure of Gs input circuit). {G | 1, } Indicates port G senses no connection with another port. Port G echo status is OK. (This is a normal condition). {G | 0, } Indicates port G does not sense a connection to another port and connection port G echo status is Alarm. (This is an abnormal condition conceivably caused by failure of Gs input circuit, output circuit, or both). Table 1 Single Port Connection Mapping Evaluation Information redundancy prevents the simple use of a single ports evaluation to resolve its status. Rather, each ports status must be evaluated and then resolved based on the evaluations of all other ports in the collection. Tables 2 and 3 below specify how redundant and inconsistent evaluations among ports are resolved. Abnormal behavior is not exhaustively enumerated here; such abnormal behavior could be attributed to I/O error (echo alarm expected), wiring errors, timing issues, or memory-overwrite issues.

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 6 of 13

Normal / Expected behavior Case G port map F port map N1 {G | 1, F} {F | 1, G} N2 {G | 1, } {F | 1, or HG} for all FG in the collection N3 {G | 1, } {F | 1, G}

Comment / (Resolution) Ports G and F are connected / (GF connection) G is disconnected / (Disconnected)

Ports G and F are connected (transient condition that may occur as the connection is made/undone during the evaluation cycle). The condition lasts for no more than 1 evaluation cycle. / (Degenerate GF connection) N4 When all outputs are off, all inputs are low / (Cease Fire Observed) Table 2 Connection Mapping Resolution (Normal Behavior) Abnormal behavior Case G port map A1 {G | 0, or HG} A2 A3 A4 A5 A6 A7 A8

Comment / (Resolution) G input does not respond to its output / (Echo alarm) {G | 0, F} {F | 1, } G input circuit failure / (Degenerate GF connection) {G | 0, } {F | 1, G} G output circuit failure / (Degenerate GF connection) {G | 1 or 0, F, H} Excessive input response / (Broadcast error) / (Byzantine alarm) {G | 1, } {F | 1, G} The condition lasts for more than 1 evaluation cycle (see N3) / (Degenerate GF connection) {G | 1, F} {F | 1, HG } Byzantine failure / (Byzantine alarm) {G | 1, H} {F | 1, H} 2 ports connected to same 3rd / (Byzantine alarm) When all outputs are off, one or more inputs are high / (Byzantine alarm) Table 3 Connection Mapping Resolution (Abnormal Behavior)

F port map

Pseudocode Overview: The pseudocode performs evaluations for each port per Table 1 above. A prescribed time period elapses between each evaluation to allow steady state I/O response. After each port has been evaluated, the collection is resolved per the specifications of Table 2 and Table 3. The case number from those tables is traced to the pseudocode in the comment column which appears in the pseudocode tables.

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 7 of 13

Assumptions: 1. Hardware inputs/outputs are each mapped to consecutive bits in a single integer word bit array (if the collection size exceeds the capacity of a single integer, a bit array array would need to be employed). 2. For Type 2 systems, each ports relative position in the input and output (I/O) words is the same. For example, if port Gs output appears in position 7 of the output word, port Gs input should appear in position 7 of the input word. (This is best achieved by carefully planning the I/O wiring at the outset). 3. Any inputs/outputs not related to the collection are not contained in the bit arrays (otherwise, they would need to be masked out). 4. The interrupt time period required for an evaluation cycle will depend on the target hardware platform and architecture utilized. It must be selected during commissioning to ensure that, once an output (OBA) is updated in the code, sufficient time elapses to ensure the resulting input mapping (IBA) is completely updated. (Therefore, the time required to resolve all connections is proportional to the number of outputs in the collection). 5. Alarms are not trapped. 6. Abnormal behavior that cannot be attributed to a simple I/O fail-off condition will considered a byzantine failure.

Description BroadcastError(I) Broadcast error code for port I (0 indicates normal) ByzAlm Byzantine alarm result after full cycle (0 indicates normal) ByzCode Byzantine alarm code generated during course of cycle CeaseFire Ceasefire error code (0 indicates normal) Connect(I) Port number connected to port I as initially evaluated Echo(I) Echo status of port I (0 alarm, 1 OK) IBA Input Bit Array. Unsigned integer (bit array) representing contiguous hardware input addresses for all ports in the collection InMap Workspace for IBA LightCounts(I) Total number of times port I is evaluated as connected to during a complete collection evaluation cycle. MaxOutputs The total number of ports in the collection (Type 2 system) OBA Output Bit Array. Unsigned integer (bit array) representing contiguous hardware output addresses for all ports in the collection OutMap Workspace for OBA Resolved(I) Port number connected to port I after all port evaluations are resolved Status(I) Connection status of port I Table 4 Pseudocode variables

Variable

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 8 of 13

Pseudocode Initialization OBA = 1 I=1 Subroutine DetectConnect If I <= MaxOutputs Then If (I = 1) Then ByzCode = 0 CeaseFire = 0 For J = 1 to MaxOutputs LightCounts(J) = 0 Next J EndIf Call Evaluate I=I+1 If (I <= MaxOutputs) Then OBA = 2 * OBA Else OBA = 0 EndIf Else InMap = IBA If (InMap > 0) Then CeaseFire = InMap ByzCode = OR(128, ByzCode) EndIf Call Resolve I=1 OBA = 1 ByzAlm = ByzCode EndIf EndSub

Comment Initialization (Execute once at first scan)

Performed at set interval (as timed interrupt or timer expiration). At start of collections evaluation, initialize byzantine failure variables.

Perform port evaluation for each port. After each port is evaluated, increment the port counter and turn on the next output. After the last port is evaluated, turn off all outputs and prepare for a cease fire evaluation. OBA is the hardware output word (unsigned integer). Observe / evaluate cease fire. IBA is the hardware input word (unsigned integer) CeaseFire > 0 evaluation is an alarm condition A8 (preserves the byzantine bit pattern) Store all ByzCodes in one word (Else) N4 Once all ports and the ceasefire have been evaluated, resolve all redundancies in the information, then reset counter and output array to start the process over again. Retain alarm condition.

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 9 of 13

Pseudocode Subroutine Evaluate InMap = IBA OutMap = OBA If And(InMap, OutMap) Then Echo(I) = 1 InMap = Xor(InMap, OutMap) Else Echo(I) = 0 EndIf If (InMap = 0) Then Connect(I) = 0 BroadcastError(I) = 0 ElseIf AND(InMap, InMap 1) Then BroadcastError(I) = InMap Connect(I) = 0 ByzCode = OR(8, ByzCode) Else Connect(I) = BitTest(InMap) LightCounts(Connect(I)) = LightCounts(Connect(I)) +1 BroadcastError(I) = 0 EndIf EndSub

Comment This routine evaluates all inputs after the single output in position I of the output word has been energized. (Called by DetectConnect) Write the (hardware) words to test integer for evaluation Evaluate Echo Status. If Echo True as expected, clear that bit from the InMap for further evaluation (see what else is lit up).

A1 Evaluate as unconnected (0 bits set)

Excess number of inputs respond (more than 1 bit set) A4 (preserves the byzantine bit pattern)

Single input responds, evaluate to see who connected to. Count the number of times this input lights up per cycle (less echo)

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 10 of 13

Pseudocode Subroutine Resolve WrkSpace (J) = 0 for all J For J = 1 To MaxOutputs If (Connect(J) > 0) Then If (Connect(Connect(J)) = J) Then WrkSpace(J) = Connect(J) Status(J) = Connected ElseIf (Connect(Connect(J)) = 0) Then WrkSpace(J) = Connect(J) WrkSpace(Connect(J)) = J If (Status(J) = Degen) OR (Status(J) = DegenAlm) Then Status(J) = DegenAlm Else Status(J) = Degen EndIf Else WrkSpace(J) = -1 Status(J)=Byzantine ByzCode = OR(32, ByzCode) EndIf EndIf If (Lightcounts(J) > 1) Then ByzCode = OR(64, ByzCode) EndIf Next J For J = 1 To MaxOutputs If (Connect(J) = 0) Then If (WrkSpace(J) = 0) Then Status(J) = Disconnected Else Status(J) = Degen EndIf EndIf If (ByzCode > 0) Then Resolved(J) = -1 Status(J)=Byzantine Else Resolved(J) = WrkSpace(J) EndIf Next J EndSub
Mar. 14, 2014

Comment This routine resolves redundancies in the information generated by all calls of the Evaluate routine. (Called by DetectConnect) Connected Normal connection N1 Degenerate connection A2 A3 A5 N3 J connected to a port thats connected to another other than J A6

A7

N2

On Byzantine failure, set resolved for entire collection to indicate problem (throw the baby out with the bathwater)

Automatic Detection of Flex Hose Interconnections

Page 11 of 13

Pseudocode Function BitTest(V) Mod37BitPosition = Array(32, 0, 1, 26, 2, 23, 27, 0, 3, 16, 24, 30, 28, 11, 0, 13, 4, 7, 17, 0, 25, 22, 31, 15, 29, 10, 12, 6, 0, 21, 14, 9, 5, 20, 8, 19, 18) r = (-V And V) Mod 37 BitTest = Mod37BitPosition(r) + 1 End Function

Comment From http://graphics.stanford.edu/~seander/bithacks.html#IntegerLogObvious Finds the position of the rightmost set bit in V (rightmost possible is 1, not 0). This routine is suitable for up to 32-bit integers Oh, and dont think a hand-trace of this will satisfy you. Its one of those things you just have to black-box test, accept on faith, and be grateful for.

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 12 of 13

An Implementation The basic ideas of this paper were used to retrofit a type 2 system containing 28 ports. This was done to satisfy safety and environmental concerns in an industrial chemical facility. The system allowed remote monitoring of port connection statuses, alarm annunciation, and established permissives used in the automatic sequencing of the interconnected equipment. The retrofit employed an existing Modicon Quantum Intel 486DX2/66 MHz CPU programmed with 984 ladder logic. 32-point 24VDC digital I/O cards, Phoenix Contact diode component plugs/terminal bases, and intrinsically safe barriers (ports were located in a Class 1 Division 2, Group D environment) were used; shrouded banana plugs were used as connectors. All 28 connections were resolved with a period of approximately 0.25 seconds. Acknowledgements Thanks to Stu for setting the goal, Paul for the free rein, and Bob for commissioning the implementation.

Mar. 14, 2014

Automatic Detection of Flex Hose Interconnections

Page 13 of 13