- Email: [email protected]
"A Chemical Plant Contractor's Approach to Computer Control"
"A CHEMICAL PLANT CONTRACTOR'S APPROACH TO COMPUTER CONTROL"
A. Thompson Chief Instrument Engineer Sim-Chem Limited Stockport England
ABSTRACT
I~TRODUCTION
The Daper describes how one chemical plant contractor made himself able to install a computer as part of the instrumentation and control system for new plants. First there is an appreciation of what a contractor can and can not be expected to do . Th~n follows a discussion of the design criteria used to produce a universal system for chemical plants.
1-111y ComDuter Control? There is no denying that a demand exists for . computer control on Chemical Plants. The benefits to an operating comoany lie along the following lines.
The design employs DDC and provides backup with a digital presentation. The operators' panels were designed by the contractor and all the system programs were written by him in a low level language. It was realised that a very heavy client training load would be imposed on the contractor and solutions to the problems have been chosen which result in ease of explanation rather than technical brilliance. By the same token the computer used was chosen for the reliability of its hardware and its ease of programming rather than for economy in first cost. Absolute priority has been given to the aim of leaving the client with a system he understands and can exploit by adding extra plant supervisory programs. He is expected to start by writing relatively short programs which are best written in machine code. Consequently no use has been made of a backing store and a high level language is not expected to be necessary, although there is adequate provision for the use of any high level language for which a compiler has been written . It was considered more important that when he has written his program, be it long or short, he should be able to get it into the machine, check it, and put it on line, all without stopping the computer or disturbing the plant. The time shared operating system "Simcos" and the commissioning aids programs "Simcom" and "Simcheck" make this possible. The second part of the paper describes what happened when these ideas were put into practice for the first time.
1.
More accurate information about the operation of the Plant can be obtained if data from measurements can be Dresented in a form which can be handled mechanically for statistical analysis.
2.
Computation can provide instructions to control valves of a higher order of intelligence than can manual adjustment of simple control loops. A particular case is that of Plant units which are started up and shut down regularly.
3.
Greater profit can be obtai.ned from the Plant either by increasing output or by more economical operation.
It is rarely possible to forecast what the benefits are going to be worth in money, but most people who have put in a computer agree that the benefits do exist. To eXDress these benefits as a return on capital expenditure it is necessary to know the amount of caDital spent, and this depends on how the job was done and where it started from. If one starts with an existing Plant already fully controlled with analogue instruments one can Dut in a computer either to tell the operator what to do or to move the set points of the controlling instruments for him. This procedure is very expensive and looks even more so when starting with a new plant. An alternative arrangement which, properly carried out, can save a considerable amount of capital is to use direct digital control (DDC); in this method of operation the computer replaces the analogue controlling instruments instead of just assisting them. Direct Digital Control The use of DDC can provide several advantages
386
over the combination of a computer and analogue controllers. Firstly, all the information is available to the operator on one small panel instead of being spread around a large control room. Secondly, the operator is not confused by being expected to read some of his measurements digitally and some in analogue form. Thirdly, the means of changing from manual to automatic control is in digital form inside the computer and therefore start-u~ and shut-down routines can be readily accomodated. At the same time ready access to the integral action of the three term control algorithm, together with full control of the set point allows the programming of very steady transition routines. Fourthly, all the equipment for supervisory computer control is already installed.
design office with the insertion of data into the standard DDC programs. It may involve the construction of steady state and dynamic mathematical models of the plant followed by studies of the effects of disturbances. If the contractor does not himself own the process, this work may be done in close co-operation with the licenser. The work transfers to site during and after commissioning when the contractor will be working closely with the Plant operating staff. This is a major tra~n~ng exercise in which the operating company learns from the contractor exactly how to use the computer system and to extend it by writing supervisory programs . Alternative interconnections of ratio and cascade loops can be tried at this time, as well as the further development of sequencing programs.
The big disadvantage of DDC is that if the computer stops working then all the Plant control system fails at once, and this could mean shutting down the Plant. This can happen for two reasons. The first is a computer hardware failure, but with a modern machine properly installed this should not happen more than once per year. Whether this is important or not depends on the particular circumstances under which the given plant is operating and the action to be taken is a matter for individual decision. The second reason for stopping is to change programs. This has been in the past a much bigger draw-back than a computer failure but modern time sharing methods of writing programs permit new supervisory programs to be inserted without stopping the machine or the Plant.
Stage three is the ultimate reason for having installed a computer, but differs from the two previous stages in that it is very dependent on site condi tions. The work is e:ctreme ly local and requires access to information which the operating company almost certainly regards as confidential. There is little that the contractor can do to help, but if he has done his job nroperly in Stages I & 11, the operating company ought to be in a position to do this work for i tse If. DESIGN AIMS To define more clearly what is necessary in order that stage 1 above should be carried out successfully the following objectives were set out.
The Installation of A Computer
1.
It seems reasonable to assert that the most successful computer installation will be one that is designed into the Plant from the beginning and in fact it has been found that when a com~uter has been available for the start-up of a new Plant then the commissioning period has been much shorter than would otherwise have been expected. It follows from this that the Plant contractor should take full responsibility for the installation and operation of the computer.
This implies that DDC should be used and that the measuring and valve output drive systems should be as simple as possible. Special programs should be written where necessary if this leads to the use of cheaper hardware.
2.
Provide the equipment and put it to work.
2.
Optimise the control system.
3.
Optimise the plant profit.
Ease of Oneration and Explanation The system must be put together so that people of different abilities can use those parts of the system that they can understand and not have to learn everything about it at once.
The general problem of putting a computer successfully on any chemical plant has three distinct stages: 1.
Minimum Capital Cost
3.
Insertion of Supervisory Programs \fuen new supervisory programs have been written it must be possible to put them into the comouter, check their operation safely, and then put them to work all without stopping the computer and without interfering with plant operation.
Stage one is perfectly straight forward and should be provided by the contractor at a fixed price exactly like the rest of the Plant. It consists of the Plant instrumentation, the computer, the DDC operating system, and the initial supervisory programs which would include some logging and alarms. Except for the latter it is a perfectly standard package.
4.
Standby Once it is possible to change without stopping the computer stoppages will only be caused failures. Even so, some form will be required but it would
Stage two requires a detailed knowledge of the process being operated. ~he work starts in the
387
programs then computer by hardware of standby be unreasonable
4.
to provide standbv control of the sa~e Quality. The most important requirement is that standby control should look to the operator like computer control so that confusion is not added to his panic when the computer fails. This implies that all the plant measurements should be presented to him in digital form, properly scaled in engineering units. Two versions of standby control have been considered; one is entirely manual and the other uses a small computer. 5.
The first two are combined on the desk which is installed in the control room (see fig 1). The control room also houses two typewriters and a n noint recorder, together with what is left of the old style control panel - i.e. any standby controllers, electrical stop/start switches, alarm lights, and some form of graphic panel to represent the plant flow sheet. Features of the are large, easy and large, easy an appreciation frequently wear goggles.
Safety in Flammable Atmospheres Since so many chemical plants operate from petroleum based feed stocks, no computer instrumentation system can be considered standard unless it can be operated on a hazardous plant from the safe area of a control room. The Simcos system has this facility.
General The above concepts naturally interacted in the final design which is an attempt to provide the most reliable hardware configuration and to write programs for it in the most flexible way and still to strive for an acceptable overall price. There are two distinct software problems control engineering, and supervisory programs. Control engineering is provided as a complete package which only nees the addition of data to make it work. This part of the system is dealt with first. The writing of supervisory programs requires a knowledge of programming and is explained subsequently.
The two rooms are next to each other and the dividing wall between them houses the main junction box for all the plant connections. 2.
The DDC algorithm used is very similar to a three term analogue controller in which the derivative action is inoperative on set point changes. A ten bit full value valve position is calculated by the algorithm and transferred to a separate program driving separate hardware.
When the computer is working, the manual panel provides an additional method of reading measurements and valve positions which can be used by the operator as a second display. When the computer is not working the manual panel is the only method of running the plant.
The design centres round the operating panels of which there are four, one provided by the computer manufacturer, Ferranti, and three by Sim-Chem. The four panels are 3. The manual panel.
2.
The process operator's panel.
3.
The control engineer's panel .
Manual Panel In some ways the manual panel (Fig. 1, right) dictated the size of the system because if more than three switches are used to make direct connection to the measurements the wiring becomes disproportionately complicated. As the computer inputs are numbered octally (i.e. in units of eight) to provide easy transition to binary it is desirable to number the manual switch positions similarly. Thus three switches provide addresses for 512 measurements. There are two alternatives for Simcos. In the first the 512 includes feed back signals from all the valve positions, when it is expected that a maximum of 192 valves will be used. In the second arrangement, the valve signals are in addition to the 512 measurements and any number up to 512 can be addressed, but it is not likely in practice that more than 256 will be used.
The computer used is the Ferranti Argus 500, a modern integrated circuit machine chosen for its reliability and ease of programming. Storage is expandable on site up to 64k by plug in units. Disc storage is available from Ferranti, but is not used in Simcos.
1.
panels used by the operator to read flat faced displays, to handle, rotary switches, of the fact that operators protective gloves and safety
The other two panels, shown in fig. 2, are also combined together on one desk and mounted in the computer room with the computer, another typewriter, the high speed paper tape reader, and a high speed punch.
DETAILS OF THE DESIGN 1.
The computer monitor panel.
The Process Operator's Panel The panel (Fig. 1, left) provides all the facilities which the operator needs in the day to day running of the plant, but makes no provisions for plant development work. This latter is reserved to the
388
control engineer's panel, thus keeping control engineers and programmers out of the operator's way.
there is no "bump" on transfer because the integral action has been following the manual valve position.
Listed briefly the functions the operator can perform are
If the new set point is not equal to the measurement then the program first inserts a set point which is equal to the measurement and then ramps it to the new value at a rate proportional to the integral action gain. This procedure is followed on all set point changes as there is no point in trying to discriminate between the different reasons for changing set points. Further to prevent unnecessary valve movement, the derivative action works only on measurement changes and not on set point changes.
1.
Read any measurement or control valve position.
2.
Read any set point and change its value.
3.
Turn any control loop to manual and open and close cascade connections.
4.
Read and alter the bias values in cascade loops and the ratios in ratio loops.
5.
Determine immediately which control valve is connected to which measurement via a control loop and whether the loop is on "automatic" or "manual". He can also determine the extent of cascade and ratio configurations and whether they are operating or not.
6.
Route any measurement or the contents of selected core store locations to the tracks of a multi point recorder.
7.
Cause to run or to stop running, selected supervisory programs such as those for plant start-ups or logging.
The mechanism for cascade and ratio operation is very similar. The insertion by hand of a set point for the slave loop of a cascade automatically breaks the cascade; a new value for the bias, which may be zero, restores it. Bias values are inserted on function switch position 2 and as before an available but not used cascade shows a display all commas and "no cascade" shows all negatives. These simple arrangements have been found to work well in practice. Clarity for the operator is enhanced by the use of five numerical display windows in which non significant zeros are suppressed and in which the decimal point always has a window to itself. If, in spite of all this, the operator still makes a wrong insertion, he can move the "insert" switch over to the "cancel" position and his previous value will be restored. The limitations on this are that "cancel" must be the immediate next operation and must be done within thirty seconds.
This last item is provided by a row of 24 single bit switches which are mounted at the bottom of the manual panel. Twenty four supervisory programs can be handled this way, with a separately labelled switch for each. The other items of the list above correspond to the first five positions of the "Function Switch", which is at the left of the row of "address switches".
4. When the address is pointing to a measurement, the value of the measurement and its set point can be compared simply by turning the function switch from 0 to 1. The actual valve position and the "required valve position", which is the output of the three term control calculation, can be similarly compared. If the ~easurement is not part of a control loop and no set point is possible, then function switch position I shows this by displaying a row of five minus signs. If a control loop exists, but is turned to manual, then the display shows five commas but still indicates the units of measurement. To turn a control loop to manual it is merely necessary to insert a value for the required valve position, when the valve will move to this position and stay there. To return to automatic control one inserts a new set point. If the set point is equal to the measu~ement
The Control Engineer's Panel Although the process operator's panel has been described first, the control engineer's panel (Fig. 2) was constructed first and the process operator's panel is a simplification of it; but the program was written round two panels from the beginning. The control engineer's panel was designed with both control engineering and programming in mind and makes full use of the 24 bit word of the Ferranti computer. The panel for this reason has eight octal switches which are enough to address not only all the measurements, but also all locations of the maximum available core store (64K with Argus 500) and still have enough switch positions left over to say what is to be done with them. By the same token, a 24 bit output word can be used as six
389
Figure 1.
.: ,
, ' :::~ ~,:
• • !
lit
'. '-~. B
rlI
lit
!.-...! Figure 2.
Process Operator's Panel.
, •
Control Engineer's Panel.
INn."U" fNTOED EWRY D MILLISECONDS
"EAD OR WRITf SINGLE CHAf!:ACTfRS TO EACH '(I:I'HERAL IF OfytC£ IS It£ADY
RUD AND WRITE SOME ANALOGUE Ne> DIGITAL NVTS AND OUTPUTS
RETURN TO PfIOC,AAHHE
INTERRUPTED
CHANGE CHANNEl
VIA ORGANISER
Figure 3.
FIO\oO Diagram of the Interrupt Structure.
390
BeD outputs and this is why the panels have six display windows, five numerical and one for units. The type of display chosen has twelve lamps shining through a photographic film on to a ground glass screen. A minor problem arose here because it was not possible in the U.K. to buy a decoder to give twelve outputs from a single BCD input; we therefore had to design our own and in doing so opened lines of communication for the manufacture of special purpose equipment which have subsequently proved very useful. Although we should have preferred to use nothing but large rotary switches, their use for all purposes on the control engineer's panel would have made a large and clumsy panel. As the illustration shows, thumbwheel switches were used for the "SET VALUE" switches. It was appreciated that these would not be as easy, quick, or convenient to use as the rotary ones but the arguments influencing their choice were that they would only be operated by the control engineer, relatively infrequently, working in clean conditions, and rarely in a hurry. They are acknowledged as second best and we should not recommend their use throughout. By comparison the address switches on the same panel are operated much more often by the control engineer and on a plant could also be used by a process foreman or plant manager seeking information and not wishing to disturb the process operator on his panel. In use the thumbwheel switches, which include BCD encoding, have been adequate for the duty and perfectly reliable. The control engineer's panel provides all the facilities of the process operator's panel and makes use of the greater number of address switches in several ways. The first is that it is possible to set up two input addresses and compare the measurements at the flick of a switch which we have called the "Select switch". This complements in the computer room the feature in the control room whereby different addresses can be set up side by side on the manual panel and on the process operator's panel. In addition it is possible to use the control engineer's panel to 1.
Change control constants in the three term control algorithm for any control loop over a wide range of values.
2.
Set up new or replacement control loops; i.e. cause a control valve to be operated from a different measurement. This is done simply by addressing a control valve on the address switches and inserting a measurement address on the set value switches. For safety the control does not operate until new values have been inserted for all the control constants.
391
3.
Set up new cascade or ratio control loops in any configuration.
Using these facilities in combination with the bias and ratio constants means that a great deal of control sophistication can be achieved without any recourse to programming. But it is felt that the control engineer will soon want to extend his activities to programming, eventually becoming the only programmer working on the system. This is why the control engineer's panel is mounted beside the computer monitor panel and also why the control engineer's panel has provision for examining every core store location in the computer and displaying the contents in a variety of formats, of which at least one will be appropriate. The simplest format considers the 24 bits as 8 octal digits and since there are only five display windows available shows them as two sets of four, chosen by the "Select Switch". If the contents of the store location represent a machine instruction then a different format is more suitable. This has been provided so that instructions can be traced through the store in the format in which they were written, and the control engineer has every opportunity to familiarise himself with them. The last two formats are for use when the store location contains a decimal number. The display can indicate a signee decimal fraction starting from the most significant end of the word, or a positive integer starting from the least significant end. Obviously only one of these two formats will make sense for a given location. PROGRAMMING The above facilities have been provided in the way described so that a process operating company can use the system to operate a plant with very little practice. Other people have provided similar ·'black box" control systems and though we think ours is easier to use than most, it is certainly not unique. But it is not our intention to leave our clients in this ~osition; we expect to train them to write and insert their own supervisory programs even if they have never written a computer program before. It is first necessary to wipe away the aura of mystique with which programmers surround their art and prove to the uninitiated that understanding what a computer does is not so very difficult. We firmly believe that initially it is more important for more people on the plant to be able to write and insert short simple programs than that
one person should be able to make long complicated programs work quickly. Optimising routines will certainly be required later and it may be highly desirable to write them in a high level language, but for the first twelve months of an operating company's first installation such things are irrelevant and a very low level approach to programming is much more appropriate. The objective is to get co-operation from everyone on the plant and this is much more likely if as many people as possible have some idea of what is going on. To do this one must get down to rock bottom and examine the operating instructions actually in the computer, which is what one has to do anyway to find and rectify faults in programs. From the point of view of anyone wr1t1ng supervisory programs for an installation running on a chemical plant, the computer is being asked to:-
1.
Take the prescribed data which exists in the machine.
2.
Add to it the data now being given to it.
3.
Do what it is being told to do with the combined data.
4.
Print out what the result is.
5.
Act on the plant in the way indicated.
6.
Print out if anything unexpected happens.
of the supervisory program but nevertheless the alarms program module is itself a supervisory program outside the DDC. Because of this it is possible for the writer of a supervisory program to insert data into the alarms program to cause it to examine any location in the store and print on the teleprinter if those contents go outside his desired limits. The printing program is probably the most useful example of this technique. It has been written in general terms to cover the three teleprinters and the high speed punch supplied (it can in fact cover seven output devices which are referred to by number by the user). When he wants something to be punched or printed all he has to do in addition to stating the device number is to say how much storage he thinks will be needed to hold temporarily what he wants printed, and to state the format in which he wants it printed. The printing output program does the rest. With a little practice this is as easy to use as the "print" statement in Fortran. Formats for the printer are alpha - numeric or a nine digit floating point number. The printing output program covers item 4 above. Item 2 is covered in a number of ways. If the new data can be expressed in octal or decimal numbers it can be inserted directly into any point of the store by the program servicing the control engineer's panel or into selected parts of the store through the process operator's panel. Alternatively it can be entered directly from the keyboard of the programmer's typewriter.
These steps are the same whether the program is long or short and whether it is written in a high level language or in machine code. The principal part of the new supervisory program is, of course, item 3 above. All the other items are already needed to make DDC work and provided they have been written with this object in mind they can also be used by the supervisory programs. This is real 1:' what Simcos is all about; the program is written in a modular form and the output of one module becomes one of the possible inputs to another.
This keyboard is a useful feature of the system and several programs have been written for it which we consider important enough to warrant a separate name - "Simcom", indicating aids to commissioning. The method of operation is the same in each case. A single command letter is typed to say what sort of information is required, followed by a core address to say where it should come from and a final number A very simple example is the control valve output to say how much. The simplest commands program which accepts a binary fraction representing print out the contents of core store locations, the required valve position and moves the valve up to 64 at a time, for study at leisure. accordingly. (There is the additional advantage Command letter D causes a dump on the high that only a small section of program has to be rewritten to suit different valve drive systems). speed tape punch of the contents of up to 512 core locations in an economical The output module does not know where its input bi-octal format which includes parity and signal comes from; it could be the output of a check sum. Command letter V reads this a control loop, an insertion from the process tape in again and vertifies it against operator's panel, or the output of a supervisory the contents of the store, any discrepancies program performing a start-up routine. Such being printed on the typewriter. (These an arrangement would cause chaos were it not same programs can be run off line to dump for a control module to organise a system of priorities in conjunction with the process operator's and verify the contents of the whole store, which gives a quick method of replacing panel. Similarly if the output of a supervisory a completely wrecked program). program is required to move the set point of a control loop (item 5 above) it acts through Command letter G addressed to a measurement the "cascade" program which again is under the prints a graph of the four important parameters control of the process operator. Item 6 above of a control loop - measurement, set point, is probably covered by the available programs valve position and the integral contribution without any action on the part of the writer
392
concepts of Simcos. A program called "Organiser for Supervisory Programs" looks at a table 32 words long which contains the starting addresses of all the supervisory programs. If the word has been set negative then the program will be run, if not then it will not. Thus all that the writer of a new program has to do is to take anyone of these 32 locations which is not in use (contents zero) and put into it his own program's Command letter Q is a conversational method of starting address, which he can do through over-writing program instructions. From a given the control engineer's panel. To run his starting address the program types the contents program he sets the word negative by adding of the next eight words in machine instruction an octal 4, again through the panel. If format. It then prints the address of the first somewhere in the program he removes this ~nst:uction and stops. The programmer then types negative then the program will only run 1n h1s replacement instruction and the computer types the next address. After the eighth instruction once. (The single bit switches on the process operator's panel used to control programs the computer prints out the whole eight as a which are stopped and started at frequent visual check that they have in fact been entered. intervals work in this way by negating the It then proceeds to the next block of eight and starting address). All programs must end continues until the programmer stops it by typing with a jump instruction to 11,000 an address T. This is a very quick method of over-writing chosen to be easily remembered which is mistakes in programs and because of the very the start of the "Organiser". simple instruction format and order code of the Ferranti machine it is also a convenient method If the 32 programs were merely run one after of inserting short new programs . The program the other, the resulting plant operation will have been written in the assembler language would not be very acceptable because one "April" and it is a matter of personnel preference long program would delay the running of whether one compiles it mechanically or by hand. all the others (some iterative optimising The typing effort is the same either way. programs can be very long). Consequently But a list of instructions in store is not necessarily some form of time sharing is necessary and since the whole idea of DDC depends on accurate a workable program; nor can it be guaranteed timing, the time sharing of supervisory not to run away and damage other working programs programs is particularly easy to provide. and thereby upset the plant - we are still on line, remember. At this stage we call in "Simcheck" When any program is interrupted it is necessary a program which examines the new program instruction' to store the contents of all the machine by instruction to see what would happen if it registers and the address of the next instruction were running. It is brought into operation by in the interrupted program so that work means of the row of 24 switches mounted beneath on that program can be continued after the the monitor panel alongside the control engineer's interrupt has been serviced. For the Argus panel, and makes use of the binary indicators 500 the storage necessary is a maximum of on the monitor panel to show the contents of 16 words. The 32 supervisory programs are the various registers and stores used as the divided into four blocks of eight which program runs . The program can be run continuously we have called channels and each channel or one instruction at a time, or told to stop has its own area in which to store registers at a specified address. This latter feature when it is interrupted. gives a convenient way of jumping over a repetitive loop. An area of store is allocated to the new The organiser keeps track of which program program and if the program tries to transfer is running and since the programs are numbered control (jump) to any address outside that area octa1ly 00-37, the first digit of the program the jump is not made, instead the address is ' number indicates the channel and ensures recorded in a data area which is part of Simcheck. that the registers are stored in the right If the program attempts to write anything to place. Any program can be interrupted and an address outside its allocated storage then normally after an interrupt the machine again the instruction is not carried out. Instead would return to the program it came from. both the data and the address are recorded by But timed interrupts at 100 milliseconds Simcheck. Note that this could be a legitimate intervals are made to cause a channel change instruction, for example altering a controller so that instead the machine returns to the set point. The contents of this special area channel with the next higher number and can be printed on demand, or examined via the picks up the program which was running some control engineer's panel. Simcheck can be left time previously in that channel or if it running if desired for several days, until the had completed all work in that channel, programmer is satisfied that all possible then it goes to the start of the channel combinations of circumstances have been covered. and again services in sequence all other He is then at liberty to switch his new program programs which are switched on. This time on and let it act on the plant. sharing program is called "Channel Change" to the valve pos1t10n, which is the longer term mean valve position. Sixty four readings are stored and then displayed across the width of the typewriter page; the interval in seconds between readings is chosen at the time of command and the display is automatically centralised about the starting values. The facility is useful for commissioning control loops, especially if the 6 point recorder in the control room is being used by the process operator on other points.
and can also be entered from the "Organiser" which happens when all the programs in a
To do this he uses another of the basic
393
channel have been completed before the 100 ms channel change interrupt is due. Thus no time is wasted on unnecessarily repeating a lightly loaded channel if another channel is heavily loaded.
The digital inputs and outputs are dealt with one word at a time at 10 m.sec. intervals. INPUT SYSTEMS The analogue inputs which are all read every second come through eight 64 way mercury wetted reed relay multiplexers, the relays being closed at 10 m.sec. intervals by digital outputs from the computer. At each 10 m.sec. interrupt, one input is read from each Multiplexer through a Ferranti semi-conductor switch, • so that all the 512 inputs are read in 640 m.secs.
These principles could be applied to any number of channels but the storage requirements for registers increase in proportion. Four has been chosen as a reasonable compromise. The panel programs, the cascade transfers and all the other short term functions are in channel O. Channel 1 contains Simcom and Simcheck and could also house a compiler for any desired high level language. Channels 2 and 3 are available for any other programs which need not necessarily be connected with plant operation. Any long program required to run frequently should have a channel to itself but otherwise there are no rules to follow when allocating programs to particular channels as the machine is fast enough for this simple system, which has very low overheads, to allot sufficient running time to all programs.
The 64 way input Multiplexer was developed by Sim-Chem in preference to using the available Ferranti inputs for the following reasons:-
Although the Ferranti computer can accept a large number of hardware interrupts, we have chosen to run Simcos from a single time interrupt derived from one half cycle of the 50 Hertz electricity supply. A simplified flow diagram of the interrupt structure appears on figure 3. The most important function of the 10 ms. interrupt is to count up to 100 m.secs. for channel changing and then up to 1 sec. at which time a new valve position is calculated for each control loop using the normal 3 term algorithm. In Simcos this program is the only one which is accurately timed - it has to be since it contains an integration - and it is the only one which cannot be turned off. All other programs including those which carry out cascade and alarm functions are classed as "Supervisory" and run under the organiser. The other programs in the 10 m.sec interrupt are all concerned with basic input and output functions. They cannot be changed without stopping the computer but they are so closely connected with the hardware that it is unlikely that any program changes will be needed except to accommodate hardware changes, when the computer will have to be stopped anyway.
i)
The address switching is very easy to explain as an 8 x 8 Matrix for fault finding purposes.
ii)
The 512 addresses (8 x 8 x 8) can easily be set up on the manual standby panel using the same Multiplexers.
iii) Relays are easier to use under hazardous conditions and the Multiplexer has been designed on intrinsically safe principles so that (two) barriers are only needed between the Multiplexer and the computer inputs. A British certificate of intrinsic safety has been applied for. iv)
A 64 way temperature measuring circuit has been designed using resistance thermometers and only one gower supply. Accuracies claimed are 0.1 C over the range -100 to +200 0 C and 0.2 0C from -100 to +5000C. This circuit uses the same amplifier as is used for the milliamp signals from pressure and flow transmi. t':crs and again the complete unit is protected by only two barriers. By using an additional amplifier the circuit can be arranged to read thermocouple inputs.
All the above adds up to a comprehensive input system at a very low cost. VALVE DRIVE SYSTEMS
There is firstly a program to read or write a single character to each of the six peripherals of the full system. These are the paper tape reader, the punch, 3 typewriters and the keyboard of one of the typewriters. All are run on 'busy' signals, looked at once only so that the computer never waits for the device. The reader and the punch are therefore limited, on line, to 100 characters per second although when running freely off line they can do considerably more. The typewriters are rated at 10 characters/second and normally do this but occasionally they slip out of synchronisation and miss a 10 m.sec. period. This is a very small price to pay for avoiding the risk of a faulty device holding up the whole program.
Numerous methods of converting the digital signal produced by a computer into an air pressure to operate the control valve have been described in the literature, but only three are currently considered seriously. These are:-
394
1.
A time shared digital to analogue converter followed by individual set/hold amplifiers and current to pressure converters for each valve.
2.
Time shared or individual pulse generators followed by individual integrating amplifiers and current to pressure converters.
3.
Individual pulse generators followed by motor driven air pressure regulators.
All these three methods can work with the full value output 3 term algorithm used in Simcos, but only method 1 will work satisfactorily without a measured feedback representing valve position. Method 1 is also far cheaper in hardware and in the version which we have patented, using a pneumatic set and hold amplifier, it is very cheap indeed. It has, however, two disadvantages. One is that it is possible for a faulty computer to send non-sensical outputs to a large number of valves, and the other is that the output will not "hold" indefinitely wi thout drifting on computer shut-down. Both these difficulties are overcome by suitable programming and by a suitable choice of standby system, which is discussed later. The other two methods both require a feedback of valve position as an analogue input to the computer. After digitising, this is compared with the required valve position generated by the algorithm and the increment is sent to the output sys tem. The integrating amplifier mates most happily with modern electronic analogue controllers and is economical for back-up on a small number of control loops. The motor driven regulator is most suitable for use with manual back-up as its output will hold indefinitely if the electric drive power is removed. In both these methods the maximum movement of the valves which the computer can cause at one time can be limited, usually to about 10% of full travel. Such a movement on all valves at once due to a faulty computer would cause chaos on the plant, but not catastrophe. STANDBY SYSTEMS The essential requirements of standby control were briefly referred to in the section headed "Design Aims". As an absolute minimum it must be possible to read every measurement in and to operate every control valve from the Control Room and we think it important that at least the measurements should be read digitally and in the same engineering units as displayed by the computer. We are not quite so concerned about valve position readings as these are always expressed as "percentage open" and an analogue reading, if more convenient, would not be confusing. This point is mentioned because some users may prefer to operate control valves, when running manually, directly from an Air pressure reducing valve and gauge. These criteria rule out any serious consideration of analogue controllers as a back-up system for DDC. In our opinion it would be too confusing to use an analogue presentation only on computer failure and it would be more sensible to use the analogue controllers all the time and to use the computer merely for supervisory control functions. Leaving aside this analogue system, which is
395
really a vote of no confidence in DDC, we have three possible digital standby systems to suit the importance to plant economics of the loss of efficiency during computer down time. These are, in order of cost, 1.
Manual
2.
Computer assisted manual
3.
Computer duplication
The economics of standby systems depends on a judgement of how much common equipment can be allowed to fail. Obviously a separate analogue to digital converter is necessary for the standby system, but to avoid the expense of duplicating the whole input system we have accepted that the failure of a complete 64-way multiplexer can be tolerated if certain key measurements are given inputs on more than one multiplexer. The key measurements themselves are used by program to indicate which multiplexer has failed and the faulty drive circuits can then easily be identified and replaced. The unusual feature of this multiplexer lies, in fact, in these drive circuits which are arranged so that they can be operated from either of two sources. If we had decided to use the standard Ferranti semi-conductor multiplexer it would have been necessary to duplicate all the input switching to provide a signal to the standby analogue to digital converter. As now arranged, the address switches on the standby panel are gated with the computer scanning address signals so that when the computer is reading the measurement whose address is set on the manual switches the incoming signal is also fed to a set and hold amplifier which feeds the analogue to digital converter of the manual panel. When the computer is not working the manual switches operate the multiplexer directly. Also operated by the manual address switches are scaling and linearising networks to modify the input to the analogue to digital converter so that after digitising the numbers displayed express the measurement in engineering units. Any measurement can use any network by means of plug-in connecting links. Provision is made for up to forty such networks which is expected to be ample for the 512 measurements since all control valves only use one network and all the resistance thermometers also only use one. The manual method of valve operation naturally depends on the valve drive system used by the computer. If motor driven air pressure regulators are being used, then whenever a valve is addressed for its position to be read power is automatically available through an "open-close" switch to move the valve.
The double drive input multiplexer makes the use of a duplicate computer for standby quite simple, but such an arrangement is still very expensive. For some large plants with a clearly defined optimising program to occupy the second machine when both are available, the expenditure would be justified, but for the type of- plant considered in this paper the prospect is unlikely.
there cannot be more than a momentary upset before the other computer regains control. The use of this output system saves money in two ways. Firstly amplifiers of this sort are intrinsically cheaper than the drift free integrating type and secondly there is no need for a monitored feedback of valve position because the valve is always being directed to a definite position.
There is, however, an intermediate stage which PLANT EXPERIENCE makes use of the newest computer in the Argus range, the "600". This is a cheap 8 bi t machine In order to develop Simcos, a Ferranti but not surprisingly it interfaces well with the Argus 500 and can use most of the same peripherals computer was installed in the Sim-Chem offices and connected to a small pilot and input/output modules. It is estimated that plant mixing hot and cold water . . To do by using this computer an effective standby system this we had to use what input and output can be provided for less than £10,000 and half components were available; we chose Ferranti of this expenditure would be on items which would semiconductor input switches and Kent "Electrostep alternatively be regarded as spares for the 500, output drives. (The electrostep is a form being kept in working order instead of sitting of motor driven air pressure regulator.) on a shelf. The next stage of our development In August 1970 the equipment was transferred work is to prove this system, which will inevitably to a plant belonging to Dynamit Nobel A.G. be called Simcam. in l.Jitten, West Germany and as our new input and output systems were not fully developed, The ideas are as follows:the Ferranti and Kent equipments were taken with it. On this plant twenty control valves When the 500 is working normally the 600 is limited are being operated from thirty two temperature to servicing the second display through the manually measurements and twenty four other measurements. operated address switches. In other words the All the valve positions are fed back into 600 takes over the conversion of measured inputs the machine. into engineering units from the analogue networks previously described. It is also receiving signals The objectives were:from the 500 and storing a smoothed 8 bit value for every measurement and the effect of the integral 1. To confirm that the Simcos program would action for every control loop. (This is the run a real plant. mean valve position when the loop is on "auto" and is the actual valve position if the loop 2. To test the reaction of plant operators is on "manual"). to a digital system and in particular to the control panel of fig. 2. When the 500 fails, control of the input multiplexers and the valve output drives passes to the 600, 3. To demonstrate that additional on-line but this small machine is not big enough to take programs can be put into the machine over the automatic control calculations. Set without disturbing the plant. value switches are provided so that the operator can reposition valves by hand to an 8 bit accuracy 4. To prove that we could teach people (1%), but the trouble with manual operation is with no previous experience how to write that the operator cannot watch every measurement programs and how to insert them through at once and therefore does not know which valves Simcos. are requiring attention. Now that the 600 has control of the scanner it can read measurements 5. To do the above over a language barrier at the rate of 64 points per second and compare English/German. This was desirable them with the last values stored before the 500 because a large part of Sim-Chem's business failed. A very simple deviation alarms program is done outside the United Kingdom. can then do two things; for small deviations of controlled measurements it can cause the control valve to integrate slowly in the corrective direction, 6. To co-operate with Dynamit Nobel in devising methods of improving plant and for large deviations on all measurements performance and in particular in the it can alert the operator through the typewriter. writing of start-up and shut-down routines Thus we have a form of stabilising control which for those parts of the plant which are is operative on all control loops. If the operator, batch operated. using the set value switches, over-writes one of the previously stored measurements then the Objective 6 is still continuing, but all new value becomes a new set point for the deviation ther others were achieved with very little alarms and control. difficulty. There was the usual odd, awkward flow control loop where control as good The idea is made even more attractive by the as that from analogue methods was difficult improvements in plant safety and the cost savings to obtain, but the temperature measuring which are possible. As the set and hold amplifiers circuit worked perfectly on the existing, are updated by a computer every second amplifier unscreened, plant wiring and the German drift is not troublesome and on computer failure
396
plant operators took to numerical operation just as readily as British ones have done on earlier installations. CONCLUSIONS In conclusion we make the following modest claims for Simcos. 1.
It is a standard system suitable for any chemical plant.
2.
It is economical and safe on practically any chemical plant.
3.
It can be commissioned by any Control Engineer with or without computer experience .
4.
The use of the system can be developed by the user as he developes his own capability to use it .
5.
Any supervisory program can be developed, commissioned or altered whilst the plant is still under control .
6.
Sequencing programs can be developed as supervisory programs without the need of any special language.
A.Thompson Sim-Chem Limited .
397
Discussion en Paper XI:2 by A. Thanpson
w.
Brand, Belgiun: I feel very encouraged with your article en ecenany, fran a centractor. Total system price has long been the bottleneck on use of DDC systems. Assll1l1ng a chemical plant orders your system, can you indicate a breakdown of total system price in cases of different degrees of inl>lementatien? A. Thanpson: Cost depends on the characteristics of the installation. '!he best guide we can give is to say that i f you are preparing to spend 100,000 pOl.l'lds en instrunentation. then the carputer alternative will be carpetitive. G. Colletti, Italy: In your paper you say that the plant centractor should take full respcnsibil1ty for the installation and q:,eratien of the canputer. My questien is this: How do you measure the q:,eratien of the process canputer? In other words, are you in the position to guarantee a definite improvement in the plant yields of productien rates or finally in plant profit? A. Thanpson: No. Our io1 tial vide a working canputer system price as analogue instruments. leave the q:,erating canpany to own inl>rovements.
aim has been to proat about the same At this marent, we make and prove its
B. W. Balls, Great Bri taln : Mr. Tharpson has g1 ven an excellent paper particularly in view of his associatien with process plant centracting. I wish to ccmnent as follows : He says, "it would be UI'lreasenable to provide stand-by centrol of the same quality. "--A large number of users of process canputer systems would disagree. 'lh1s is an irrportant issue since it influences total cost of the installed system. The Foxboro Canpany have supplied many digi tal systems using 100% dig1 tal back-up, 100% analogue back-up, and various canbinat1ons, after careful consultation with the users cencemed. '!here is no general answer to the problem. Regarding auto/manual, many manual q:,eraticns made remotely by operators arise fran process faults, and not !'ran centrol equipment faults. As A. J. Young has said-the equipment is generally as reliable. or even more re liable, than the process. A. Thanpson: If our clients do not agree with us that it is unreasenable to provide stand-by centrol of the same quality, they can have a second caTl'uter as big as the first merely by saying so. Our system will accomnodate this just as easily as the caTl'uter assisted manual which we think 1s sufficient. The main point we want to make is that stand-by should be digital, not analogue. I will take the opportunity to stress again that although we do not think it necessary. there 1s at\111e provisien in the Simcos system for use of any high level language. To answer Mr. Balls' last point, 398
any control valve can be operated manually through the cOl1lluter using the process q:,erator's panel.
A. Thompson Chief Instrument Engineer Sim-Chem Limited Stockport England
ABSTRACT
I~TRODUCTION
The Daper describes how one chemical plant contractor made himself able to install a computer as part of the instrumentation and control system for new plants. First there is an appreciation of what a contractor can and can not be expected to do . Th~n follows a discussion of the design criteria used to produce a universal system for chemical plants.
1-111y ComDuter Control? There is no denying that a demand exists for . computer control on Chemical Plants. The benefits to an operating comoany lie along the following lines.
The design employs DDC and provides backup with a digital presentation. The operators' panels were designed by the contractor and all the system programs were written by him in a low level language. It was realised that a very heavy client training load would be imposed on the contractor and solutions to the problems have been chosen which result in ease of explanation rather than technical brilliance. By the same token the computer used was chosen for the reliability of its hardware and its ease of programming rather than for economy in first cost. Absolute priority has been given to the aim of leaving the client with a system he understands and can exploit by adding extra plant supervisory programs. He is expected to start by writing relatively short programs which are best written in machine code. Consequently no use has been made of a backing store and a high level language is not expected to be necessary, although there is adequate provision for the use of any high level language for which a compiler has been written . It was considered more important that when he has written his program, be it long or short, he should be able to get it into the machine, check it, and put it on line, all without stopping the computer or disturbing the plant. The time shared operating system "Simcos" and the commissioning aids programs "Simcom" and "Simcheck" make this possible. The second part of the paper describes what happened when these ideas were put into practice for the first time.
1.
More accurate information about the operation of the Plant can be obtained if data from measurements can be Dresented in a form which can be handled mechanically for statistical analysis.
2.
Computation can provide instructions to control valves of a higher order of intelligence than can manual adjustment of simple control loops. A particular case is that of Plant units which are started up and shut down regularly.
3.
Greater profit can be obtai.ned from the Plant either by increasing output or by more economical operation.
It is rarely possible to forecast what the benefits are going to be worth in money, but most people who have put in a computer agree that the benefits do exist. To eXDress these benefits as a return on capital expenditure it is necessary to know the amount of caDital spent, and this depends on how the job was done and where it started from. If one starts with an existing Plant already fully controlled with analogue instruments one can Dut in a computer either to tell the operator what to do or to move the set points of the controlling instruments for him. This procedure is very expensive and looks even more so when starting with a new plant. An alternative arrangement which, properly carried out, can save a considerable amount of capital is to use direct digital control (DDC); in this method of operation the computer replaces the analogue controlling instruments instead of just assisting them. Direct Digital Control The use of DDC can provide several advantages
386
over the combination of a computer and analogue controllers. Firstly, all the information is available to the operator on one small panel instead of being spread around a large control room. Secondly, the operator is not confused by being expected to read some of his measurements digitally and some in analogue form. Thirdly, the means of changing from manual to automatic control is in digital form inside the computer and therefore start-u~ and shut-down routines can be readily accomodated. At the same time ready access to the integral action of the three term control algorithm, together with full control of the set point allows the programming of very steady transition routines. Fourthly, all the equipment for supervisory computer control is already installed.
design office with the insertion of data into the standard DDC programs. It may involve the construction of steady state and dynamic mathematical models of the plant followed by studies of the effects of disturbances. If the contractor does not himself own the process, this work may be done in close co-operation with the licenser. The work transfers to site during and after commissioning when the contractor will be working closely with the Plant operating staff. This is a major tra~n~ng exercise in which the operating company learns from the contractor exactly how to use the computer system and to extend it by writing supervisory programs . Alternative interconnections of ratio and cascade loops can be tried at this time, as well as the further development of sequencing programs.
The big disadvantage of DDC is that if the computer stops working then all the Plant control system fails at once, and this could mean shutting down the Plant. This can happen for two reasons. The first is a computer hardware failure, but with a modern machine properly installed this should not happen more than once per year. Whether this is important or not depends on the particular circumstances under which the given plant is operating and the action to be taken is a matter for individual decision. The second reason for stopping is to change programs. This has been in the past a much bigger draw-back than a computer failure but modern time sharing methods of writing programs permit new supervisory programs to be inserted without stopping the machine or the Plant.
Stage three is the ultimate reason for having installed a computer, but differs from the two previous stages in that it is very dependent on site condi tions. The work is e:ctreme ly local and requires access to information which the operating company almost certainly regards as confidential. There is little that the contractor can do to help, but if he has done his job nroperly in Stages I & 11, the operating company ought to be in a position to do this work for i tse If. DESIGN AIMS To define more clearly what is necessary in order that stage 1 above should be carried out successfully the following objectives were set out.
The Installation of A Computer
1.
It seems reasonable to assert that the most successful computer installation will be one that is designed into the Plant from the beginning and in fact it has been found that when a com~uter has been available for the start-up of a new Plant then the commissioning period has been much shorter than would otherwise have been expected. It follows from this that the Plant contractor should take full responsibility for the installation and operation of the computer.
This implies that DDC should be used and that the measuring and valve output drive systems should be as simple as possible. Special programs should be written where necessary if this leads to the use of cheaper hardware.
2.
Provide the equipment and put it to work.
2.
Optimise the control system.
3.
Optimise the plant profit.
Ease of Oneration and Explanation The system must be put together so that people of different abilities can use those parts of the system that they can understand and not have to learn everything about it at once.
The general problem of putting a computer successfully on any chemical plant has three distinct stages: 1.
Minimum Capital Cost
3.
Insertion of Supervisory Programs \fuen new supervisory programs have been written it must be possible to put them into the comouter, check their operation safely, and then put them to work all without stopping the computer and without interfering with plant operation.
Stage one is perfectly straight forward and should be provided by the contractor at a fixed price exactly like the rest of the Plant. It consists of the Plant instrumentation, the computer, the DDC operating system, and the initial supervisory programs which would include some logging and alarms. Except for the latter it is a perfectly standard package.
4.
Standby Once it is possible to change without stopping the computer stoppages will only be caused failures. Even so, some form will be required but it would
Stage two requires a detailed knowledge of the process being operated. ~he work starts in the
387
programs then computer by hardware of standby be unreasonable
4.
to provide standbv control of the sa~e Quality. The most important requirement is that standby control should look to the operator like computer control so that confusion is not added to his panic when the computer fails. This implies that all the plant measurements should be presented to him in digital form, properly scaled in engineering units. Two versions of standby control have been considered; one is entirely manual and the other uses a small computer. 5.
The first two are combined on the desk which is installed in the control room (see fig 1). The control room also houses two typewriters and a n noint recorder, together with what is left of the old style control panel - i.e. any standby controllers, electrical stop/start switches, alarm lights, and some form of graphic panel to represent the plant flow sheet. Features of the are large, easy and large, easy an appreciation frequently wear goggles.
Safety in Flammable Atmospheres Since so many chemical plants operate from petroleum based feed stocks, no computer instrumentation system can be considered standard unless it can be operated on a hazardous plant from the safe area of a control room. The Simcos system has this facility.
General The above concepts naturally interacted in the final design which is an attempt to provide the most reliable hardware configuration and to write programs for it in the most flexible way and still to strive for an acceptable overall price. There are two distinct software problems control engineering, and supervisory programs. Control engineering is provided as a complete package which only nees the addition of data to make it work. This part of the system is dealt with first. The writing of supervisory programs requires a knowledge of programming and is explained subsequently.
The two rooms are next to each other and the dividing wall between them houses the main junction box for all the plant connections. 2.
The DDC algorithm used is very similar to a three term analogue controller in which the derivative action is inoperative on set point changes. A ten bit full value valve position is calculated by the algorithm and transferred to a separate program driving separate hardware.
When the computer is working, the manual panel provides an additional method of reading measurements and valve positions which can be used by the operator as a second display. When the computer is not working the manual panel is the only method of running the plant.
The design centres round the operating panels of which there are four, one provided by the computer manufacturer, Ferranti, and three by Sim-Chem. The four panels are 3. The manual panel.
2.
The process operator's panel.
3.
The control engineer's panel .
Manual Panel In some ways the manual panel (Fig. 1, right) dictated the size of the system because if more than three switches are used to make direct connection to the measurements the wiring becomes disproportionately complicated. As the computer inputs are numbered octally (i.e. in units of eight) to provide easy transition to binary it is desirable to number the manual switch positions similarly. Thus three switches provide addresses for 512 measurements. There are two alternatives for Simcos. In the first the 512 includes feed back signals from all the valve positions, when it is expected that a maximum of 192 valves will be used. In the second arrangement, the valve signals are in addition to the 512 measurements and any number up to 512 can be addressed, but it is not likely in practice that more than 256 will be used.
The computer used is the Ferranti Argus 500, a modern integrated circuit machine chosen for its reliability and ease of programming. Storage is expandable on site up to 64k by plug in units. Disc storage is available from Ferranti, but is not used in Simcos.
1.
panels used by the operator to read flat faced displays, to handle, rotary switches, of the fact that operators protective gloves and safety
The other two panels, shown in fig. 2, are also combined together on one desk and mounted in the computer room with the computer, another typewriter, the high speed paper tape reader, and a high speed punch.
DETAILS OF THE DESIGN 1.
The computer monitor panel.
The Process Operator's Panel The panel (Fig. 1, left) provides all the facilities which the operator needs in the day to day running of the plant, but makes no provisions for plant development work. This latter is reserved to the
388
control engineer's panel, thus keeping control engineers and programmers out of the operator's way.
there is no "bump" on transfer because the integral action has been following the manual valve position.
Listed briefly the functions the operator can perform are
If the new set point is not equal to the measurement then the program first inserts a set point which is equal to the measurement and then ramps it to the new value at a rate proportional to the integral action gain. This procedure is followed on all set point changes as there is no point in trying to discriminate between the different reasons for changing set points. Further to prevent unnecessary valve movement, the derivative action works only on measurement changes and not on set point changes.
1.
Read any measurement or control valve position.
2.
Read any set point and change its value.
3.
Turn any control loop to manual and open and close cascade connections.
4.
Read and alter the bias values in cascade loops and the ratios in ratio loops.
5.
Determine immediately which control valve is connected to which measurement via a control loop and whether the loop is on "automatic" or "manual". He can also determine the extent of cascade and ratio configurations and whether they are operating or not.
6.
Route any measurement or the contents of selected core store locations to the tracks of a multi point recorder.
7.
Cause to run or to stop running, selected supervisory programs such as those for plant start-ups or logging.
The mechanism for cascade and ratio operation is very similar. The insertion by hand of a set point for the slave loop of a cascade automatically breaks the cascade; a new value for the bias, which may be zero, restores it. Bias values are inserted on function switch position 2 and as before an available but not used cascade shows a display all commas and "no cascade" shows all negatives. These simple arrangements have been found to work well in practice. Clarity for the operator is enhanced by the use of five numerical display windows in which non significant zeros are suppressed and in which the decimal point always has a window to itself. If, in spite of all this, the operator still makes a wrong insertion, he can move the "insert" switch over to the "cancel" position and his previous value will be restored. The limitations on this are that "cancel" must be the immediate next operation and must be done within thirty seconds.
This last item is provided by a row of 24 single bit switches which are mounted at the bottom of the manual panel. Twenty four supervisory programs can be handled this way, with a separately labelled switch for each. The other items of the list above correspond to the first five positions of the "Function Switch", which is at the left of the row of "address switches".
4. When the address is pointing to a measurement, the value of the measurement and its set point can be compared simply by turning the function switch from 0 to 1. The actual valve position and the "required valve position", which is the output of the three term control calculation, can be similarly compared. If the ~easurement is not part of a control loop and no set point is possible, then function switch position I shows this by displaying a row of five minus signs. If a control loop exists, but is turned to manual, then the display shows five commas but still indicates the units of measurement. To turn a control loop to manual it is merely necessary to insert a value for the required valve position, when the valve will move to this position and stay there. To return to automatic control one inserts a new set point. If the set point is equal to the measu~ement
The Control Engineer's Panel Although the process operator's panel has been described first, the control engineer's panel (Fig. 2) was constructed first and the process operator's panel is a simplification of it; but the program was written round two panels from the beginning. The control engineer's panel was designed with both control engineering and programming in mind and makes full use of the 24 bit word of the Ferranti computer. The panel for this reason has eight octal switches which are enough to address not only all the measurements, but also all locations of the maximum available core store (64K with Argus 500) and still have enough switch positions left over to say what is to be done with them. By the same token, a 24 bit output word can be used as six
389
Figure 1.
.: ,
, ' :::~ ~,:
• • !
lit
'. '-~. B
rlI
lit
!.-...! Figure 2.
Process Operator's Panel.
, •
Control Engineer's Panel.
INn."U" fNTOED EWRY D MILLISECONDS
"EAD OR WRITf SINGLE CHAf!:ACTfRS TO EACH '(I:I'HERAL IF OfytC£ IS It£ADY
RUD AND WRITE SOME ANALOGUE Ne> DIGITAL NVTS AND OUTPUTS
RETURN TO PfIOC,AAHHE
INTERRUPTED
CHANGE CHANNEl
VIA ORGANISER
Figure 3.
FIO\oO Diagram of the Interrupt Structure.
390
BeD outputs and this is why the panels have six display windows, five numerical and one for units. The type of display chosen has twelve lamps shining through a photographic film on to a ground glass screen. A minor problem arose here because it was not possible in the U.K. to buy a decoder to give twelve outputs from a single BCD input; we therefore had to design our own and in doing so opened lines of communication for the manufacture of special purpose equipment which have subsequently proved very useful. Although we should have preferred to use nothing but large rotary switches, their use for all purposes on the control engineer's panel would have made a large and clumsy panel. As the illustration shows, thumbwheel switches were used for the "SET VALUE" switches. It was appreciated that these would not be as easy, quick, or convenient to use as the rotary ones but the arguments influencing their choice were that they would only be operated by the control engineer, relatively infrequently, working in clean conditions, and rarely in a hurry. They are acknowledged as second best and we should not recommend their use throughout. By comparison the address switches on the same panel are operated much more often by the control engineer and on a plant could also be used by a process foreman or plant manager seeking information and not wishing to disturb the process operator on his panel. In use the thumbwheel switches, which include BCD encoding, have been adequate for the duty and perfectly reliable. The control engineer's panel provides all the facilities of the process operator's panel and makes use of the greater number of address switches in several ways. The first is that it is possible to set up two input addresses and compare the measurements at the flick of a switch which we have called the "Select switch". This complements in the computer room the feature in the control room whereby different addresses can be set up side by side on the manual panel and on the process operator's panel. In addition it is possible to use the control engineer's panel to 1.
Change control constants in the three term control algorithm for any control loop over a wide range of values.
2.
Set up new or replacement control loops; i.e. cause a control valve to be operated from a different measurement. This is done simply by addressing a control valve on the address switches and inserting a measurement address on the set value switches. For safety the control does not operate until new values have been inserted for all the control constants.
391
3.
Set up new cascade or ratio control loops in any configuration.
Using these facilities in combination with the bias and ratio constants means that a great deal of control sophistication can be achieved without any recourse to programming. But it is felt that the control engineer will soon want to extend his activities to programming, eventually becoming the only programmer working on the system. This is why the control engineer's panel is mounted beside the computer monitor panel and also why the control engineer's panel has provision for examining every core store location in the computer and displaying the contents in a variety of formats, of which at least one will be appropriate. The simplest format considers the 24 bits as 8 octal digits and since there are only five display windows available shows them as two sets of four, chosen by the "Select Switch". If the contents of the store location represent a machine instruction then a different format is more suitable. This has been provided so that instructions can be traced through the store in the format in which they were written, and the control engineer has every opportunity to familiarise himself with them. The last two formats are for use when the store location contains a decimal number. The display can indicate a signee decimal fraction starting from the most significant end of the word, or a positive integer starting from the least significant end. Obviously only one of these two formats will make sense for a given location. PROGRAMMING The above facilities have been provided in the way described so that a process operating company can use the system to operate a plant with very little practice. Other people have provided similar ·'black box" control systems and though we think ours is easier to use than most, it is certainly not unique. But it is not our intention to leave our clients in this ~osition; we expect to train them to write and insert their own supervisory programs even if they have never written a computer program before. It is first necessary to wipe away the aura of mystique with which programmers surround their art and prove to the uninitiated that understanding what a computer does is not so very difficult. We firmly believe that initially it is more important for more people on the plant to be able to write and insert short simple programs than that
one person should be able to make long complicated programs work quickly. Optimising routines will certainly be required later and it may be highly desirable to write them in a high level language, but for the first twelve months of an operating company's first installation such things are irrelevant and a very low level approach to programming is much more appropriate. The objective is to get co-operation from everyone on the plant and this is much more likely if as many people as possible have some idea of what is going on. To do this one must get down to rock bottom and examine the operating instructions actually in the computer, which is what one has to do anyway to find and rectify faults in programs. From the point of view of anyone wr1t1ng supervisory programs for an installation running on a chemical plant, the computer is being asked to:-
1.
Take the prescribed data which exists in the machine.
2.
Add to it the data now being given to it.
3.
Do what it is being told to do with the combined data.
4.
Print out what the result is.
5.
Act on the plant in the way indicated.
6.
Print out if anything unexpected happens.
of the supervisory program but nevertheless the alarms program module is itself a supervisory program outside the DDC. Because of this it is possible for the writer of a supervisory program to insert data into the alarms program to cause it to examine any location in the store and print on the teleprinter if those contents go outside his desired limits. The printing program is probably the most useful example of this technique. It has been written in general terms to cover the three teleprinters and the high speed punch supplied (it can in fact cover seven output devices which are referred to by number by the user). When he wants something to be punched or printed all he has to do in addition to stating the device number is to say how much storage he thinks will be needed to hold temporarily what he wants printed, and to state the format in which he wants it printed. The printing output program does the rest. With a little practice this is as easy to use as the "print" statement in Fortran. Formats for the printer are alpha - numeric or a nine digit floating point number. The printing output program covers item 4 above. Item 2 is covered in a number of ways. If the new data can be expressed in octal or decimal numbers it can be inserted directly into any point of the store by the program servicing the control engineer's panel or into selected parts of the store through the process operator's panel. Alternatively it can be entered directly from the keyboard of the programmer's typewriter.
These steps are the same whether the program is long or short and whether it is written in a high level language or in machine code. The principal part of the new supervisory program is, of course, item 3 above. All the other items are already needed to make DDC work and provided they have been written with this object in mind they can also be used by the supervisory programs. This is real 1:' what Simcos is all about; the program is written in a modular form and the output of one module becomes one of the possible inputs to another.
This keyboard is a useful feature of the system and several programs have been written for it which we consider important enough to warrant a separate name - "Simcom", indicating aids to commissioning. The method of operation is the same in each case. A single command letter is typed to say what sort of information is required, followed by a core address to say where it should come from and a final number A very simple example is the control valve output to say how much. The simplest commands program which accepts a binary fraction representing print out the contents of core store locations, the required valve position and moves the valve up to 64 at a time, for study at leisure. accordingly. (There is the additional advantage Command letter D causes a dump on the high that only a small section of program has to be rewritten to suit different valve drive systems). speed tape punch of the contents of up to 512 core locations in an economical The output module does not know where its input bi-octal format which includes parity and signal comes from; it could be the output of a check sum. Command letter V reads this a control loop, an insertion from the process tape in again and vertifies it against operator's panel, or the output of a supervisory the contents of the store, any discrepancies program performing a start-up routine. Such being printed on the typewriter. (These an arrangement would cause chaos were it not same programs can be run off line to dump for a control module to organise a system of priorities in conjunction with the process operator's and verify the contents of the whole store, which gives a quick method of replacing panel. Similarly if the output of a supervisory a completely wrecked program). program is required to move the set point of a control loop (item 5 above) it acts through Command letter G addressed to a measurement the "cascade" program which again is under the prints a graph of the four important parameters control of the process operator. Item 6 above of a control loop - measurement, set point, is probably covered by the available programs valve position and the integral contribution without any action on the part of the writer
392
concepts of Simcos. A program called "Organiser for Supervisory Programs" looks at a table 32 words long which contains the starting addresses of all the supervisory programs. If the word has been set negative then the program will be run, if not then it will not. Thus all that the writer of a new program has to do is to take anyone of these 32 locations which is not in use (contents zero) and put into it his own program's Command letter Q is a conversational method of starting address, which he can do through over-writing program instructions. From a given the control engineer's panel. To run his starting address the program types the contents program he sets the word negative by adding of the next eight words in machine instruction an octal 4, again through the panel. If format. It then prints the address of the first somewhere in the program he removes this ~nst:uction and stops. The programmer then types negative then the program will only run 1n h1s replacement instruction and the computer types the next address. After the eighth instruction once. (The single bit switches on the process operator's panel used to control programs the computer prints out the whole eight as a which are stopped and started at frequent visual check that they have in fact been entered. intervals work in this way by negating the It then proceeds to the next block of eight and starting address). All programs must end continues until the programmer stops it by typing with a jump instruction to 11,000 an address T. This is a very quick method of over-writing chosen to be easily remembered which is mistakes in programs and because of the very the start of the "Organiser". simple instruction format and order code of the Ferranti machine it is also a convenient method If the 32 programs were merely run one after of inserting short new programs . The program the other, the resulting plant operation will have been written in the assembler language would not be very acceptable because one "April" and it is a matter of personnel preference long program would delay the running of whether one compiles it mechanically or by hand. all the others (some iterative optimising The typing effort is the same either way. programs can be very long). Consequently But a list of instructions in store is not necessarily some form of time sharing is necessary and since the whole idea of DDC depends on accurate a workable program; nor can it be guaranteed timing, the time sharing of supervisory not to run away and damage other working programs programs is particularly easy to provide. and thereby upset the plant - we are still on line, remember. At this stage we call in "Simcheck" When any program is interrupted it is necessary a program which examines the new program instruction' to store the contents of all the machine by instruction to see what would happen if it registers and the address of the next instruction were running. It is brought into operation by in the interrupted program so that work means of the row of 24 switches mounted beneath on that program can be continued after the the monitor panel alongside the control engineer's interrupt has been serviced. For the Argus panel, and makes use of the binary indicators 500 the storage necessary is a maximum of on the monitor panel to show the contents of 16 words. The 32 supervisory programs are the various registers and stores used as the divided into four blocks of eight which program runs . The program can be run continuously we have called channels and each channel or one instruction at a time, or told to stop has its own area in which to store registers at a specified address. This latter feature when it is interrupted. gives a convenient way of jumping over a repetitive loop. An area of store is allocated to the new The organiser keeps track of which program program and if the program tries to transfer is running and since the programs are numbered control (jump) to any address outside that area octa1ly 00-37, the first digit of the program the jump is not made, instead the address is ' number indicates the channel and ensures recorded in a data area which is part of Simcheck. that the registers are stored in the right If the program attempts to write anything to place. Any program can be interrupted and an address outside its allocated storage then normally after an interrupt the machine again the instruction is not carried out. Instead would return to the program it came from. both the data and the address are recorded by But timed interrupts at 100 milliseconds Simcheck. Note that this could be a legitimate intervals are made to cause a channel change instruction, for example altering a controller so that instead the machine returns to the set point. The contents of this special area channel with the next higher number and can be printed on demand, or examined via the picks up the program which was running some control engineer's panel. Simcheck can be left time previously in that channel or if it running if desired for several days, until the had completed all work in that channel, programmer is satisfied that all possible then it goes to the start of the channel combinations of circumstances have been covered. and again services in sequence all other He is then at liberty to switch his new program programs which are switched on. This time on and let it act on the plant. sharing program is called "Channel Change" to the valve pos1t10n, which is the longer term mean valve position. Sixty four readings are stored and then displayed across the width of the typewriter page; the interval in seconds between readings is chosen at the time of command and the display is automatically centralised about the starting values. The facility is useful for commissioning control loops, especially if the 6 point recorder in the control room is being used by the process operator on other points.
and can also be entered from the "Organiser" which happens when all the programs in a
To do this he uses another of the basic
393
channel have been completed before the 100 ms channel change interrupt is due. Thus no time is wasted on unnecessarily repeating a lightly loaded channel if another channel is heavily loaded.
The digital inputs and outputs are dealt with one word at a time at 10 m.sec. intervals. INPUT SYSTEMS The analogue inputs which are all read every second come through eight 64 way mercury wetted reed relay multiplexers, the relays being closed at 10 m.sec. intervals by digital outputs from the computer. At each 10 m.sec. interrupt, one input is read from each Multiplexer through a Ferranti semi-conductor switch, • so that all the 512 inputs are read in 640 m.secs.
These principles could be applied to any number of channels but the storage requirements for registers increase in proportion. Four has been chosen as a reasonable compromise. The panel programs, the cascade transfers and all the other short term functions are in channel O. Channel 1 contains Simcom and Simcheck and could also house a compiler for any desired high level language. Channels 2 and 3 are available for any other programs which need not necessarily be connected with plant operation. Any long program required to run frequently should have a channel to itself but otherwise there are no rules to follow when allocating programs to particular channels as the machine is fast enough for this simple system, which has very low overheads, to allot sufficient running time to all programs.
The 64 way input Multiplexer was developed by Sim-Chem in preference to using the available Ferranti inputs for the following reasons:-
Although the Ferranti computer can accept a large number of hardware interrupts, we have chosen to run Simcos from a single time interrupt derived from one half cycle of the 50 Hertz electricity supply. A simplified flow diagram of the interrupt structure appears on figure 3. The most important function of the 10 ms. interrupt is to count up to 100 m.secs. for channel changing and then up to 1 sec. at which time a new valve position is calculated for each control loop using the normal 3 term algorithm. In Simcos this program is the only one which is accurately timed - it has to be since it contains an integration - and it is the only one which cannot be turned off. All other programs including those which carry out cascade and alarm functions are classed as "Supervisory" and run under the organiser. The other programs in the 10 m.sec interrupt are all concerned with basic input and output functions. They cannot be changed without stopping the computer but they are so closely connected with the hardware that it is unlikely that any program changes will be needed except to accommodate hardware changes, when the computer will have to be stopped anyway.
i)
The address switching is very easy to explain as an 8 x 8 Matrix for fault finding purposes.
ii)
The 512 addresses (8 x 8 x 8) can easily be set up on the manual standby panel using the same Multiplexers.
iii) Relays are easier to use under hazardous conditions and the Multiplexer has been designed on intrinsically safe principles so that (two) barriers are only needed between the Multiplexer and the computer inputs. A British certificate of intrinsic safety has been applied for. iv)
A 64 way temperature measuring circuit has been designed using resistance thermometers and only one gower supply. Accuracies claimed are 0.1 C over the range -100 to +200 0 C and 0.2 0C from -100 to +5000C. This circuit uses the same amplifier as is used for the milliamp signals from pressure and flow transmi. t':crs and again the complete unit is protected by only two barriers. By using an additional amplifier the circuit can be arranged to read thermocouple inputs.
All the above adds up to a comprehensive input system at a very low cost. VALVE DRIVE SYSTEMS
There is firstly a program to read or write a single character to each of the six peripherals of the full system. These are the paper tape reader, the punch, 3 typewriters and the keyboard of one of the typewriters. All are run on 'busy' signals, looked at once only so that the computer never waits for the device. The reader and the punch are therefore limited, on line, to 100 characters per second although when running freely off line they can do considerably more. The typewriters are rated at 10 characters/second and normally do this but occasionally they slip out of synchronisation and miss a 10 m.sec. period. This is a very small price to pay for avoiding the risk of a faulty device holding up the whole program.
Numerous methods of converting the digital signal produced by a computer into an air pressure to operate the control valve have been described in the literature, but only three are currently considered seriously. These are:-
394
1.
A time shared digital to analogue converter followed by individual set/hold amplifiers and current to pressure converters for each valve.
2.
Time shared or individual pulse generators followed by individual integrating amplifiers and current to pressure converters.
3.
Individual pulse generators followed by motor driven air pressure regulators.
All these three methods can work with the full value output 3 term algorithm used in Simcos, but only method 1 will work satisfactorily without a measured feedback representing valve position. Method 1 is also far cheaper in hardware and in the version which we have patented, using a pneumatic set and hold amplifier, it is very cheap indeed. It has, however, two disadvantages. One is that it is possible for a faulty computer to send non-sensical outputs to a large number of valves, and the other is that the output will not "hold" indefinitely wi thout drifting on computer shut-down. Both these difficulties are overcome by suitable programming and by a suitable choice of standby system, which is discussed later. The other two methods both require a feedback of valve position as an analogue input to the computer. After digitising, this is compared with the required valve position generated by the algorithm and the increment is sent to the output sys tem. The integrating amplifier mates most happily with modern electronic analogue controllers and is economical for back-up on a small number of control loops. The motor driven regulator is most suitable for use with manual back-up as its output will hold indefinitely if the electric drive power is removed. In both these methods the maximum movement of the valves which the computer can cause at one time can be limited, usually to about 10% of full travel. Such a movement on all valves at once due to a faulty computer would cause chaos on the plant, but not catastrophe. STANDBY SYSTEMS The essential requirements of standby control were briefly referred to in the section headed "Design Aims". As an absolute minimum it must be possible to read every measurement in and to operate every control valve from the Control Room and we think it important that at least the measurements should be read digitally and in the same engineering units as displayed by the computer. We are not quite so concerned about valve position readings as these are always expressed as "percentage open" and an analogue reading, if more convenient, would not be confusing. This point is mentioned because some users may prefer to operate control valves, when running manually, directly from an Air pressure reducing valve and gauge. These criteria rule out any serious consideration of analogue controllers as a back-up system for DDC. In our opinion it would be too confusing to use an analogue presentation only on computer failure and it would be more sensible to use the analogue controllers all the time and to use the computer merely for supervisory control functions. Leaving aside this analogue system, which is
395
really a vote of no confidence in DDC, we have three possible digital standby systems to suit the importance to plant economics of the loss of efficiency during computer down time. These are, in order of cost, 1.
Manual
2.
Computer assisted manual
3.
Computer duplication
The economics of standby systems depends on a judgement of how much common equipment can be allowed to fail. Obviously a separate analogue to digital converter is necessary for the standby system, but to avoid the expense of duplicating the whole input system we have accepted that the failure of a complete 64-way multiplexer can be tolerated if certain key measurements are given inputs on more than one multiplexer. The key measurements themselves are used by program to indicate which multiplexer has failed and the faulty drive circuits can then easily be identified and replaced. The unusual feature of this multiplexer lies, in fact, in these drive circuits which are arranged so that they can be operated from either of two sources. If we had decided to use the standard Ferranti semi-conductor multiplexer it would have been necessary to duplicate all the input switching to provide a signal to the standby analogue to digital converter. As now arranged, the address switches on the standby panel are gated with the computer scanning address signals so that when the computer is reading the measurement whose address is set on the manual switches the incoming signal is also fed to a set and hold amplifier which feeds the analogue to digital converter of the manual panel. When the computer is not working the manual switches operate the multiplexer directly. Also operated by the manual address switches are scaling and linearising networks to modify the input to the analogue to digital converter so that after digitising the numbers displayed express the measurement in engineering units. Any measurement can use any network by means of plug-in connecting links. Provision is made for up to forty such networks which is expected to be ample for the 512 measurements since all control valves only use one network and all the resistance thermometers also only use one. The manual method of valve operation naturally depends on the valve drive system used by the computer. If motor driven air pressure regulators are being used, then whenever a valve is addressed for its position to be read power is automatically available through an "open-close" switch to move the valve.
The double drive input multiplexer makes the use of a duplicate computer for standby quite simple, but such an arrangement is still very expensive. For some large plants with a clearly defined optimising program to occupy the second machine when both are available, the expenditure would be justified, but for the type of- plant considered in this paper the prospect is unlikely.
there cannot be more than a momentary upset before the other computer regains control. The use of this output system saves money in two ways. Firstly amplifiers of this sort are intrinsically cheaper than the drift free integrating type and secondly there is no need for a monitored feedback of valve position because the valve is always being directed to a definite position.
There is, however, an intermediate stage which PLANT EXPERIENCE makes use of the newest computer in the Argus range, the "600". This is a cheap 8 bi t machine In order to develop Simcos, a Ferranti but not surprisingly it interfaces well with the Argus 500 and can use most of the same peripherals computer was installed in the Sim-Chem offices and connected to a small pilot and input/output modules. It is estimated that plant mixing hot and cold water . . To do by using this computer an effective standby system this we had to use what input and output can be provided for less than £10,000 and half components were available; we chose Ferranti of this expenditure would be on items which would semiconductor input switches and Kent "Electrostep alternatively be regarded as spares for the 500, output drives. (The electrostep is a form being kept in working order instead of sitting of motor driven air pressure regulator.) on a shelf. The next stage of our development In August 1970 the equipment was transferred work is to prove this system, which will inevitably to a plant belonging to Dynamit Nobel A.G. be called Simcam. in l.Jitten, West Germany and as our new input and output systems were not fully developed, The ideas are as follows:the Ferranti and Kent equipments were taken with it. On this plant twenty control valves When the 500 is working normally the 600 is limited are being operated from thirty two temperature to servicing the second display through the manually measurements and twenty four other measurements. operated address switches. In other words the All the valve positions are fed back into 600 takes over the conversion of measured inputs the machine. into engineering units from the analogue networks previously described. It is also receiving signals The objectives were:from the 500 and storing a smoothed 8 bit value for every measurement and the effect of the integral 1. To confirm that the Simcos program would action for every control loop. (This is the run a real plant. mean valve position when the loop is on "auto" and is the actual valve position if the loop 2. To test the reaction of plant operators is on "manual"). to a digital system and in particular to the control panel of fig. 2. When the 500 fails, control of the input multiplexers and the valve output drives passes to the 600, 3. To demonstrate that additional on-line but this small machine is not big enough to take programs can be put into the machine over the automatic control calculations. Set without disturbing the plant. value switches are provided so that the operator can reposition valves by hand to an 8 bit accuracy 4. To prove that we could teach people (1%), but the trouble with manual operation is with no previous experience how to write that the operator cannot watch every measurement programs and how to insert them through at once and therefore does not know which valves Simcos. are requiring attention. Now that the 600 has control of the scanner it can read measurements 5. To do the above over a language barrier at the rate of 64 points per second and compare English/German. This was desirable them with the last values stored before the 500 because a large part of Sim-Chem's business failed. A very simple deviation alarms program is done outside the United Kingdom. can then do two things; for small deviations of controlled measurements it can cause the control valve to integrate slowly in the corrective direction, 6. To co-operate with Dynamit Nobel in devising methods of improving plant and for large deviations on all measurements performance and in particular in the it can alert the operator through the typewriter. writing of start-up and shut-down routines Thus we have a form of stabilising control which for those parts of the plant which are is operative on all control loops. If the operator, batch operated. using the set value switches, over-writes one of the previously stored measurements then the Objective 6 is still continuing, but all new value becomes a new set point for the deviation ther others were achieved with very little alarms and control. difficulty. There was the usual odd, awkward flow control loop where control as good The idea is made even more attractive by the as that from analogue methods was difficult improvements in plant safety and the cost savings to obtain, but the temperature measuring which are possible. As the set and hold amplifiers circuit worked perfectly on the existing, are updated by a computer every second amplifier unscreened, plant wiring and the German drift is not troublesome and on computer failure
396
plant operators took to numerical operation just as readily as British ones have done on earlier installations. CONCLUSIONS In conclusion we make the following modest claims for Simcos. 1.
It is a standard system suitable for any chemical plant.
2.
It is economical and safe on practically any chemical plant.
3.
It can be commissioned by any Control Engineer with or without computer experience .
4.
The use of the system can be developed by the user as he developes his own capability to use it .
5.
Any supervisory program can be developed, commissioned or altered whilst the plant is still under control .
6.
Sequencing programs can be developed as supervisory programs without the need of any special language.
A.Thompson Sim-Chem Limited .
397
Discussion en Paper XI:2 by A. Thanpson
w.
Brand, Belgiun: I feel very encouraged with your article en ecenany, fran a centractor. Total system price has long been the bottleneck on use of DDC systems. Assll1l1ng a chemical plant orders your system, can you indicate a breakdown of total system price in cases of different degrees of inl>lementatien? A. Thanpson: Cost depends on the characteristics of the installation. '!he best guide we can give is to say that i f you are preparing to spend 100,000 pOl.l'lds en instrunentation. then the carputer alternative will be carpetitive. G. Colletti, Italy: In your paper you say that the plant centractor should take full respcnsibil1ty for the installation and q:,eratien of the canputer. My questien is this: How do you measure the q:,eratien of the process canputer? In other words, are you in the position to guarantee a definite improvement in the plant yields of productien rates or finally in plant profit? A. Thanpson: No. Our io1 tial vide a working canputer system price as analogue instruments. leave the q:,erating canpany to own inl>rovements.
aim has been to proat about the same At this marent, we make and prove its
B. W. Balls, Great Bri taln : Mr. Tharpson has g1 ven an excellent paper particularly in view of his associatien with process plant centracting. I wish to ccmnent as follows : He says, "it would be UI'lreasenable to provide stand-by centrol of the same quality. "--A large number of users of process canputer systems would disagree. 'lh1s is an irrportant issue since it influences total cost of the installed system. The Foxboro Canpany have supplied many digi tal systems using 100% dig1 tal back-up, 100% analogue back-up, and various canbinat1ons, after careful consultation with the users cencemed. '!here is no general answer to the problem. Regarding auto/manual, many manual q:,eraticns made remotely by operators arise fran process faults, and not !'ran centrol equipment faults. As A. J. Young has said-the equipment is generally as reliable. or even more re liable, than the process. A. Thanpson: If our clients do not agree with us that it is unreasenable to provide stand-by centrol of the same quality, they can have a second caTl'uter as big as the first merely by saying so. Our system will accomnodate this just as easily as the caTl'uter assisted manual which we think 1s sufficient. The main point we want to make is that stand-by should be digital, not analogue. I will take the opportunity to stress again that although we do not think it necessary. there 1s at\111e provisien in the Simcos system for use of any high level language. To answer Mr. Balls' last point, 398
any control valve can be operated manually through the cOl1lluter using the process q:,erator's panel.