1 / 15

MPSC Procedures An update

MPSC Procedures An update. Alick Macpherson Rutgers University/ETH Zurich. MPSC Procedures: Observations. Purpose: Procedures are required for systems that can by their malfunctioning cause significant damage to LHC equipment Procedures are required for 3 types of system:

hafwen
Download Presentation

MPSC Procedures An update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MPSC ProceduresAn update Alick Macpherson Rutgers University/ETH Zurich

  2. MPSC Procedures: Observations • Purpose: Procedures are required for systems that can by their malfunctioning cause significant damage to LHC equipment • Procedures are required for 3 types of system: • Central system: This is the BIS. • Standard System: A system that interfaces only to the BIS • Complex System: • A system supplies inputs to systems in addition to the BIS. • A system that reacts to signal from the BIS (ie BEAM_INFO, SAFE_Machine parameters) • Examples • Central: BIS • Standard: PIC, WIC, FMCM • Complex: Vacuum, BLM, LBDS • Systems not (yet) included in the MPSC procedures • Electron stoppers (RF), Access, Movable objects + … A. Macpherson: MPSCWG - Procedures

  3. MPSC Procedures: Status A. Macpherson: MPSCWG - Procedures

  4. Timetable for Completion of Procedures • All out-standing procedures submitted to Jan by 1st October*. • Procedures returned to groups after review/cross check by Jan/Alick • Expect ~ 1 week per procedure for review and feedback and 2 weeks for corrections. • Target: Review 1 procedure per week. • Review process started with BIS procedure • From 1st October, start EDMS checking procedures • Tareget: 1 per week. • Start with BIS procedure • As EDMS approval finishes, transfer to MTF. • Allow 1 week for transfer to MTF • Look to have all procedures in MTF by mid December * Collimator procedure linked to presentation at MPSCWG on 3rd Oct A. Macpherson: MPSCWG - Procedures

  5. Procedures: More Observations • Most procedures have had a first revision • Still awaiting some procedures • Question: is data/state logging considered part of MPS commissioning? • MPSC Commissioning should (where possible) be modular • Use hardware commissioning to set entry conditions for front end systems. • HWC Procedures + results (MTF) to be confirmed by MPSC procedure • Test the interface with the BIS => complementary to BIS Commissioning • Set exit conditions that allow the system to proceed to validations during cold machine cold checkout or validation with beam. • MPSC validation must insure that there is no possibility of machine protection risks due to operator controls • => procedures to confirm that operators can’t change critical settings? • Dependency on info from BIS and other systems must be made clear A. Macpherson: MPSCWG - Procedures

  6. Procedures: Flag concerns BEAM_INFO Flag • BEAM_INFO is a mirror of the BEAM_PERMIT that is returned to the systems inputting to the BIC • Questions: • Does the system initiate protective actions based on feedback from the BIS • Does the system use the BEAM_INFO flag for critical actions • If BEAM_INFO= FALSE is used, what are the timescales of the actions? • Can systems ensure that the initiation of any protective action is > 3 orbits • Assumption: need a max of 3 orbits to trigger and dump beams Safe Machine Parameters: Understand if/how they are used • Questions: • Is toggling of USER_PERMIT conditional on the state of the SAFE BEAM flag • If this happens, is the logic integrated into the CIBU/BIC or the user system • Does any subsystem use SAFE_INJECTION flag as part of MPSC • Does any subsystem use Movable_devices_allowed flag as part of MPSC A. Macpherson: MPSCWG - Procedures

  7. Observations: Vacuum System Vacuum system: good example of movable objects • Interlock Chain: includes sector valves, electron stoppers, Access Safety Block • Need to confirm commissioning of redundant interlocking mechanisms • ie vacuum + access, vacuum +RF? • Need to commission joint system configuration • RF commissioning mode: ie sector valves open, electron stoppers closed • Need to confirm protection from equipment failure of movable devices • Access Safety Block • Vacuum system provides signals directly to others: RF, MKI, MKB, Access • Concerns: are dump requests compatible with MPSC • Initiation of RF dump requests on loss of good vacuum on P1 cavity. • RF Dump request mechanism depends on intensity threshold + single/multiple cavity loss. • MKI: Vacuum signals used to assert injection inhibit. Can initiate valve closure. • MKB: Kicker interlock based on vacuum system can generate a dump request • Access system: Ensure that the control logic and configuration for the electron stoppers and Access Safety Block are such that there is redundancy in the interlocking • Uses BEAM_INFO =FALSE as a necessary condition for closing sector valves • In failure mode, what are the sufficient conditions (eg leak detection) A. Macpherson: MPSCWG - Procedures

  8. Observations: PICs and WICs • Entry Conditions: • Front end commissioned in HWC • Need to re-confirm procedures and MTF results from HWC • Focus on PIC–BIS and WIC–BIS validation • PIC and WIC treats both beams simultaneously • Dump request applies to both beams simultaneously • PIC specific features • PIC does not use USER_PERMIT_A and USER_PERMIT_B • Uses unmaskable and maskable USER_PERMIT instead • Timescale Concern: • Is system reaction to fault detection (BEAM_INFO=FALSE) too fast for completion of beam dump. Essential Circuit fault detection: ~ few s • SAFE BEAM Flag and Auxiliary circuits • Need to confirm location of interlock truth table for Auxiliary circuit faults + SAFE_BEAM • WIC specific features • Timescale concern: • Is system reaction to fault detection (BEAM_INFO=FALSE) too fast for completion of beam dump. Fault detection for Fast Boolean Processor of WIC: ~ 1 s A. Macpherson: MPSCWG - Procedures

  9. Observations: BIS • Procedure almost ready for checking via EDMS. • Validation of subsystem interface with BIS requires: • Valid USER_PERMITs (or reasonable USER PERMIT simulator?) • Clear statement of subsystem functionality wrt BIS • BIS logic • Clarification that all logic for setting BEAM_PERMIT to FALSE is within the BIS system • Confirm there is no safe machine parameter dependence attached to the USER_PERMIT. • USER_PERMIT as received by the BIS: Clarify difference between “A AND B FALSE” and “A OR B FALSE” when setting the BEAM_PERMIT (during commissioning) • Timing issues: • Validation of worst case time from user system toggling the USER PERMIT to completion of a beam dump= > confirm fastest reaction timescale A. Macpherson: MPSCWG - Procedures

  10. Observations: FMCM • Entry conditions established by HWC • Commissioning in situ and with pilot beam • Beam time at 450 GeV and 7TeV beam is needed to set trigger thresholds and trigger time-window • FMCM inputs only into the BIS • Inputs are maskable • Special commissioning mode • FMCM test mode: can set USER_PERMIT FALSE on request • Need to confirm this mode cannot be invoked during running • Data logging essential • used to set trigger threshold for USER_PERMIT • Included in MPSC procedure A. Macpherson: MPSCWG - Procedures

  11. Observations: LBDS • For MPSC, LBDS is a complex system: • Beam dump related Inputs • BEAM PERMIT loop trigger from BIS • Direct TCDQ BLM trigger (independent of BIS) • Direct Access system trigger (independent of BIS) • Interlock related Outputs • LBDS USER_PERMIT • Can LBDS set its USER_PERMIT to FALSE with beam in the machine? • Injection Inhibits sent to injection kickers and re-phased RF revolution frequency sent to abort gap watchdog • Commissioning needs to be cleanly divided into • Individual User system tests, Hardware Commissioning, and MPSC tests. • MPSC entry conditions must confirm previous test sets • Use MPSC tests to validate chain of control prior to the LBDS Reliability Run • detailed 1st draft but …needs more focus on MPSC for a non-ideal situation. • Address issues and modes of (partial) failure of component user systems • Implications of lost abort gap synchronisation from the RF • Partial loss of communication with injection system • Define acceptance criteria/functionality for tests so to permit clear validation. • How does the procedure adapt when the criteria are not quite met. • Clarify implications of LBDS internal dump requests A. Macpherson: MPSCWG - Procedures

  12. Summary • Procedures • 1st drafts of available procedures have been reviewed. • Will circulate back to subsystems for corrections and cross checks. • Need to get all out-standing 1st drafts • Submit revised procedures for EDMS approval then to MTF • Start process now and finish by mid December. • Global picture • Assess interdependencies between systems in relation to MPSC • Clarify if any automated actions are based on feedback from the BIS • If so, ensure timescales are compatible with integrated system response • Require procedures confirm no operations influence on critical settings • Address MPSC risks for partial failure modes, especially in complex systems like the LBDS • Understand/review implications to protection given different states of the safe machine parameters ( SAFE_BEAM, SAFE_INJECTION etc) • Ensure that any safe machine parameter dependent interlock logic is in BIS A. Macpherson: MPSCWG - Procedures

  13. Spare Stuff A. Macpherson: MPSCWG - Procedures

  14. A. Macpherson: MPSCWG - Procedures

  15. Access Safety Block • Covered by both Access and Vacuum system interlocks • Time scale for closure is slow (~ 3sec) => much slower than beam dump. A. Macpherson: MPSCWG - Procedures

More Related