1 / 57

Design of a dependable Interlock System for linear colliders

Patrice NOUVEL. Design of a dependable Interlock System for linear colliders. TE-MPE Technical Meeting. Summary. Introduction Context Problematic State of the art Requirements establishment Operational context F unctional requirements Performance requirements

rianna
Download Presentation

Design of a dependable Interlock System for linear colliders

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patrice NOUVEL Design of a dependableInterlock Systemfor linearcolliders TE-MPE Technical Meeting

  2. Summary • Introduction • Context • Problematic • State of the art • Requirements establishment • Operational context • Functional requirements • Performance requirements • Interfaces and constraints • Design proposal • Functional analysis • Implementation proposal • Design verification • Feasibility study • Hardware demonstrator • Conclusion and future works

  3. Context - CLIC • CLIC (Compact Linear Collider): • 3 TeV Collisions • Two beams acceleration scheme • 2012: Conceptual Design Report (CDR) • Cooperation with ILC (International Linear Collider) • Future: • ILC : industrialization • CLIC : continue R&D based on CDR CLIC CDR Vol1 CLIC CDR Vol1

  4. Context - CLIC • Power and energy: • Beams : • Main Beam : 280 GJ, 40 nm2 (x 10 000 pilot beam) • Drive Beam : 1.4 MJ, 1 mm2 (x 100 pilot beam) • Equipment : 580 MW site • Beam operation • 50 Hz (100 Hz) • Charge density ramp Need to protect the machine M. Jonker et al. MACHINE PROTECTION ISSUES AND SOLUTIONS FOR LINEAR ACCELERATOR COMPLEXES. LINAC12 Pilot beam (Cu) : Energydeposit < 60 J/g

  5. CLIC and machine protection • Machine Protection [1] : • Risk reduction => impact and occurrence of unwanted event • Impact : protect => e.g. collimators • Occurrence : prevent => e.g. interlock systems • CLIC failures classifications and strategy : • Fast failures (< 1 µs) : e.g. deflected beam in RF cavity • Passive protection • Inter-cycle failures (2 ms – 20 ms) : e.g. power converter • Interlock system • Safe by design principle • Slow failures (>20 ms) : e.g. beam orbit drift • Interlock system [1] B.Todd et al. Machine protection of the Large Hadron Collider. 6th IET Conf, on System Safety - 2011

  6. Interlock system • Principle : • Stop the beam operation and/or extract the beam based on the machine state • Initial requirements for the CLIC Interlock System: • Beam permit: VETO, PASS(binary information, unique and global) • Beam permit loop implementation • Post-pulse analysis: last pulse stability to estimate the next pulse stability • Hardware demonstrator

  7. Thesisproblematic Design of a dependable interlock system for linear collider • Work Positioning: • How to answer the problematic: • Design: concepts -> pre-prototype • Integration dependability • Study post-pulse analysis and linear collider • Starting points: • CLIC project • Initial requirements • State of the art on Interlock Systems B. TODD, PhD thesis 2006. A Beam Interlock System for CERN High Energy Accelerator. P.NOUVEL, PhD thesis 2013 Design of a dependable interlock system for linear collider System Life cycle - IEEE 1220

  8. State of the art • Protect the machine: permit • Reliability and availability • Modular architecture • Typical interfaces : • Data acquisition • Actuators • Control system • Timing system • Post mortem Cosylab: machine protection workshop 2012

  9. Selected protection systems • LHC Interlock system • FPGA • Response time max: 100 µs • SIL 3 (100 y < MTBF < 1000 y) • 17 nodes, 140 interfaces • LHC Safe Machine Parameters • Threshold comparison • LCLS Interlock system • FPGA, gigabits link • Threshold comparison [1] [2] [3] [1] R. Schmidt et al. Protection of the CERN Large Hadron Collider – New Journal of Physics. 2006 [2] B.Todd. The Safe Machine Parameter – 2011 [3] S. Norum et al. The machine protection system for the LinacCoherentLigthSource. PAC. 2009

  10. Methodology choice • Needs: • Establish a balanced specifications • Basic, transferable to non-experts • Iteration • Set up the project basis (from specifications to prototype). Deal with project uncertainties • Special focus on the dependability • Proposal: • IEEE 1220 : Standard for application and management of the system engineering process • Tailored version of IEC 61508 : Functional Safety of Electrical/Electronic/ Programmable Electronic Safety-related Systems

  11. IEEE 1220 Methodology • Requirements establishment • Design proposal • Design proposal Adapted to the problematic System Engineering Process – Extract from IEEE 1220

  12. Requirements establishment • Methodology: • Operational scenarios • System interfaces identification • Functional requirements • Performance requirements • Critical interfaces study • Comments: • Only main requirements specified System Engineering Process – Extractfrom IEEE 1220

  13. Requirements establishment - synthesis • Main functional requirements (intent declaration) : • Critical: interlock the machine, post-pulse analysis • Non-critical : control, monitoring, test • Main performance requirements: • Response time: 2 ms to interlock the machine, 6 msto perform the post-pulse analysis • Dependability: • Critical interfaces: • Technology, local interfaces, architecture Requirements for one node regarding the redundancy • For more information: • MPE-TM (22.03.2012) • Dependability requirements and Design compliance for Interlock Systems. 2013 SYSTOL conference

  14. Design proposal • Functional analysis: • System behavior • Functional decomposition • Functional architecture • Implementation proposal • Sub-functions • System • Modules System Engineering Process – Extractfrom IEEE 1220

  15. Functional analysis: decomposition • Sub-functions definition • Individual data analysis • Global analysis • Beam permit system • Control function • Operational scenarios • Time, data and control flow • Requirements assignments • Failure modes and effects • Safety and monitoring function • Functional risk reduction

  16. Functional analysis: architecture

  17. Implementation : sub-functions • Beam permit system => Beam permit loop • Individual Data Analysis => Threshold comparison • Global analysis => Summarizers

  18. Implementation: system • Implementation : • Beam permit loop for each linac • Front end used as slave node (beam permit loop) • Concentrators modules dedicated to post-pulse analysis • Master module delivering the final beam permit to actuators • 3 types of modules

  19. Implementation: modules Common part (control, monitoring, test)

  20. Design verification • Concepts feasibility study: • Beam permit system, beam permit loop • Post-pulse analysis • Hardware demonstrator: • Ability of the design to reach the requirements • Basis for prototype System Engineering Process – Extractfrom IEEE 1220

  21. Feasibility: context • CLIC Test Facility: CTF3 • Feasibility study: • Drive Beam generation • 2-beams acceleration • Protection system existing: • Interlock • Valve monitoring (software) • Vacuum monitoring (software) • Repetitive beam losses in CLEX (software) • Beam mostly harmless (~ 700 J, ~ 1 mm²) 140 m

  22. Feasibility: experiment • Objectives: • Apply post-pulse analysis • Enhance beam operation • Statement: • Recurrent vacuum leak (1.5% unavailability) • Hypothesis: • Repetitive beam losses • Automatic beam operation • Proposal: • Automatic process to restart the beam with safety considerations

  23. Feasibility: JAVA application • Technical description: • Machine interlocked • Checking klystrons • Sending probe beams • Post-pulse analysis : BPM, radiation monitors • Based on threshold comparison • Logging: application and post-pulse analysis

  24. Feasibility: results and discussion • Threshold management: • Initial definition (location, operating condition) • Dynamic (operating condition) • Need of machine parameters: • Suggestion: integrate safe machine parameters • Post-pulse analysis: • Based on fast equipment (120 s) • Computation (integration, averaging, extremum)

  25. Hardware demonstrator • Technology choice [1] : • VHDL Blocks: • Current ideal implementation:  FPGA • VHDL blocks for sub-functions (transferable) • VHDL blocks for test bench (GTP, control, monitoring) • Design to reach the requirements: • Response time: minimize the critical path • Dependability: functional specifications, simulation (unit testing, system integration, code coverage), hardware test [1] B. TODD, PhDthesis 2006. A Beam Interlock System for CERN High Energy Accelerator.

  26. Demonstrator: modules Layout Blocks VHDL – Master Module

  27. Demonstrator: hardware used • « SPEC » board: • SFP gigabit connector • Open hardware intiative • PCIe connector • FMC connector • Serial port • FPGA : Xilinx Spartan 6 • Gigabits link (IP) • Enough slices available • FMC (FPGA Mezzanine Carrier) : • Connectivity (Xilinx) • Debug (Xilinx) • Control software: LabVIEW

  28. Demonstrator: test bench CLIC Interlock system pre-prototype Emulating the CLIC acquisition infrastructure

  29. Measurement procedure • Response time: • Definition of the chain of event (CLIC) • Measures (intern, extern), extrapolations, estimations • Dependability : • Accelerated test: demand (acc factor x4000) and temperature (acc factor x8) • Limit : emulation 109 h > 3 years

  30. Results and discussion • Response time – Interlock the machine: • 320 µs vs. 2 ms • 1.58 ms left for the acquisition infrastructure (and transmission) • Response time – post-pulse analysis : • 125 µs vs. 6 ms • Left time available for more advanced computation • Dependability: Measurement results Requirements node

  31. Verification - Synthesis • Suggestions: • Integration Safe Machine Parameters • Implementation of mechanism to manage dynamically thresholds • Requirements produced: • Acquisition : 1.58 ms • Advanced computation : requirement at ~5 ms • Improvements: • Gigabits link • Dedicated thermic test (board limit) • Radiation (SEU) test to consider • Next step: • Prototype in a operational environment

  32. General conclusion • Design of an Interlock System [1] • Requirements establishment • Design proposal • Design verification • Dependability • Requirements definition • Verification • Application to linear colliders • Increased knowledge of the post-pulse analysis • Deliverables • Design proposal and its implementation • Pre-prototype [1] P. Nouvel, B. Puccio, H. Tap, M. Jonker. Design process of the interlock system for the Compact Linear Collider. Poster presented at International Particle Accelerator Conference, 2013

  33. Future works proposed • Short term: • Rigorous specification • JAVA application at CTF3 • Thermic test • Long term : • Conception methodology (model simulation, model based design) • Prototype integration : PCIe, remote monitoring/control. • Design translation to other accelerators (ILC, ESS) – capitalization • SMP integration study • Complementary research trails: • Definition of stability criteria for the post-pulse analysis • Interaction between the Interlock system and the beam operation sequencer • Extension to CLIC injectors (damping ring)

  34. Thanks for your attention Questions ?

  35. Slides annexes

  36. Annexe - Implémentation FPGA: maitre • FPGA : Spartan 6 • Horloge : 125 MHz • Utilisation : • Registers: 2200 ~ 4% • LUTs: 27 300 ~ 8 % (1% mémoire, 7% logique) • Slices: 942 ~ 13 % • MUXCY (carry path and carry multiplexer): 692 ~ 5% • LUT flip-flop pairs (fullyused): 1284 • IOB: 15 ~ 5% • Dual Port RAM 8kB: 1 ~ 1% • Dual Clock buffer: 2 ~ 6% • Global clock buffer: 5 ~ 31 % • DSP slices: 1 ~ 1% • GTP: 2 = 100 % • PLL : 2 = 50 %

  37. Annexe - IEEE 1220 SEP

  38. Annexe - definition • IEEE 1233: • prototype: An experimental model, either functional or nonfunctional, of the system or part of the system. A prototype is used to get feedback from users for improving and specifying a complex human interface, for feasibility studies, or for identifying requirements.

  39. Annexe – le cycle en V From« Functional Virtual Prototyping” Design Flow and VHDL-AMS . Y.HERVE, P.DESGREYS

  40. Annexe – Model Based Design • Identification/modélisation du système • Analyse du contrôleur et synthèse • Simulation • Software in the loop • Hardware in the loop • Déploiement

  41. Annexe – Post Mortem data LHC 2011

  42. Annexe - complément interfaces critiques

  43. Annexe – Analyse post-faisceau CTF3

  44. Annexe - Machine protection [1] B.Todd et All. Machine protection of the Large Hadron collider. 6th IET Conf, on System Safety - 2011

  45. Annexe – Faisceaux au CTF3

  46. Annexe – application JAVA

  47. Interface identification • Critical: • Acquisition and control infrastructure • Target systems (actuators) • Non-critical: • Technical Network • Human-system interface • Timing system • Data management system (configuration, logging data)

  48. Functional requirements Requirements Use Exemples - Interlock the machine - Critical equipment failure - Low beam stability - Post-pulse analysis - Next pulse instability - Control function - Ability to trigger manually an interlock - Monitoring function - Knowledge of the component state of the system (maintainability) - Provide evidence of the interlocking signal - Test function - Trigger an interlock on given channel

  49. Performance requirements • Response times: • Interlock the machine : less than 2 ms(requirements) • Post-pulse analysis : 6 ms

  50. Performance requirements • Dependability: use of a tailored version of the IEC 61508 M. Kwiatkowski – PhD thesis 2013 : Methods for the Application of Programmable Logic Devices in Electronic Protection Systems for High Energy Particle Accelerators From M. Kwiatkowski – PhDthesis

More Related