Fail-Safe
Fail -safe or Fail-safe German (English for sure despite the error, . Composed of engl fail, fail ' and safe, safe ') refers to any property of a system that leads in the case of an error to the least possible damage. When a machine or system errors are systematically subordinated and then tried to make its impact as safe as possible. This principle is applied in all technical areas. In many cases, there is this industry-specific safety regulations. In the figurative sense, in addition to component or power failure and operator error are considered.
Sometimes the term fault tolerance is used in German in this context. But with this term is more about the topic of " user-friendliness ". In any case, the observation of a threat to health and the environment is often associated with this term.
Also, the term reliability is not related to an associated risk, but on the reliability of a system.
Error analysis
The standard questions are what happens when,
- The main or auxiliary power fails,
- A component failure ( destroyed )
- An operating error,
- A fire or an explosion occurs,
- A leak is present.
These questions are usually used in the FMEA - tested and evaluated ( Failure Mode and Effects Analysis " Failure Mode and Effects Analysis ").
Tougher questions are what happens when
- Interact more problems
- Be generated intentionally problems.
Complex system engineering problems are with the methods of reliability engineering, such as fault tree and event tree analysis was investigated.
In individual cases, additional questions may be useful or necessary. It is illegal to limit the error analysis on the control or electrics. Similarly, a consideration must not be suppressed by assessments such as " rare" or " unlikely". Also may be excluded by "oversizing " a constructive details the allegation of failure is not easy. For example, the pipeline break (even when double or triple wall thickness). The consequences of such a breakage need to be analyzed.
The operator is assumed wrongdoing. Then one can conversely not be regarded as a guarantee for the safe condition of the operator.
If you arrive at a satisfactory result, the planning of redundant components can be a way out. In relation to the issue of security, such components are then necessary and not superfluous.
Examples
Railway
Signals in railway operations generally indicate two terms: maintenance and driving. They have the task to let go only one train at a stretch. A signal is designed so that it does not show in the case of a fault ride, but stop. In addition, since effective train control systems are linked to the signals, which automatically leads to stop at a stop signal pointing to a rapid deceleration. In case of failure so no train enters the blocked route section.
Mechanical signals were designed so that the signal arm signals stop in a horizontal position, and a pointing obliquely upward leaf travel. Tear down cable, or if any other mechanical disturbances to the signal, the wing falls automatically into the maintenance position. This is the construction in the fail-safe method.
Even with the rail brake, this principle comes into play: During the trip they must be under pressure so as not to slow down. Tear a clutch and therefore the brake line, the brakes are vented to two train parts, it comes to an emergency maneuver.
Use in aircraft
The fail -safe method is used in many areas of the aircraft. It is believed that the components due to the constantly varying loads fail over time. To prevent failure of the system, puts this philosophy to the so-called fail-safe design. The construction is several times statically indeterminate, so that if a component fails another part can take over its task. At least the safe load (maximum operating load) must be received by the neighboring part. An example from the aerospace industry are crack stoppers that should prevent a greater Will of cracks or bolts which are used for mounting the engines. These are duplicated (bolts in bolt holes) and each adapted to the maximum load.
Regular inspection for timely detection of cracks is essential in this method. Therefore, the damage to regular routine examinations must be recognizable. The failed component needs to be replaced as soon as possible. A simple exchange is a prerequisite of the construction according to the fail-safe.
Model
A fail-safe module is a module that performs over unreliable signals of the receiver, caused by poor radio reception or insufficient battery power, a certain action in the model, for example, actuates the brake system. The action in the fail-safe case can be set for good modules.
This is to prevent that the model moves in an uncontrolled manner and, where appropriate, will be destroyed or caused the destruction.
This is most commonly used in car or airplane models.
Engineering
Fail-Safe is a construction method in order to detect the occurrence of errors in systems and to take a machine in a safe state.
In the static fail-safe components are mounted and connected to a controller that the component failure creates a secure state. For example, a sensor is attached to a monitor that it is operated in the normal state and wired so that he thereby applying tension to the evaluating device. Now, if the operation degraded or wire breakage occurs, the evaluating device detects the same state as in case of failure of the sensor and the machine stops. The static fail-safe is not tamper-proof, since it is possible by manipulation to influence the component so that the evaluating device a safe state is simulated (for example via a wire bridge, the sensor operable in other ways element). Static Failsafe is possible for both sensors and actuators for.
The dynamic fail-safe monitors status changes of a connected component. Thus, reactions are triggered on a sensor, not by the state of the sensor itself, but by a change of state. For sensors that (for example, in each machine cycle ) regularly perform a change of state, an additional plausibility check is performed. Depending on the machine position, the sensor must assume a certain state at a predetermined position. Dynamic Failsafe is only possible for sensors.
The amount of sensors and actuators with fail -safe logic in a machine is determined based on a risk analysis.