BEAM LOSS MONITORS DEPENDABILITY SIL Approach Electronic Our Situation Radiations Tests Dump Levels BEAM LOSS MONITORS DEPENDABILITY Dependability is the sum of Reliability, Testing and Maintenance. I will introduce he basic concepts, fast view on the electronic and presentation of current situation Internal review BLM Dependability. G.Guaglio

Basic Concepts System fault events SIL Approach Electronic Our Situation Radiations Tests Dump Levels Basic Concepts System fault events BLM are designed to prevent the Magnet Destruction (MaDe) due to an high loss (~ 30 downtime days). Preferably the quenches too (~ 5-10 downtime hour). BLM should avoid False Dumps (FaDu) (~ 3-5 downtime hours). Use of Safety Integrity Level (SIL), IEC 61508. The event are the failure that we want to avoid. 2 big families: events when the system doesn’t work at all, failure when system doesn’t work properly. To evaluate or system, we will follow the directive of the IEC. They required 2 data: event likelihood and consequences costs. BLM Dependability. G.Guaglio

Sil Approach 1/4 Event likelihood (both) 100 destructive losses/year Electronic Our Situation Radiations Tests Dump Levels Sil Approach 1/4 Event likelihood (both) First of all, event frequency. Our estimation for dangerous loss. Realistic values or false dump 100 destructive losses/year BLM Dependability. G.Guaglio

N. fatalities (indicative) SIL Approach Electronic Our Situation Radiations Tests Dump Levels Sil Approach 2/4 Consequences Minor Category Injury to personnel Damage to equipment Criteria N. fatalities (indicative) CHF Loss Downtime Catastrophic Events capable of resulting in one or more fatalities 1 > 5*107 > 6 months Major Events capable of resulting in very serious injuries 0.1 (or 1 over 10 accidents) 106 – 5*107 20 days to 6 months Severe Events which may lead to serious injuries 0.01 (or 1 over 100 accidents) 105 – 106 3 to 20 days Events which may lead to minor injuries 0.001 (or 1 over 1000 accidents) 0 – 105 < 3 days MaDe Consequence estimation. FaDu BLM Dependability. G.Guaglio

Sil Approach 3/4 SILs MaDe FaDu SIL Approach Electronic Our Situation Radiations Tests Dump Levels Sil Approach 3/4 SILs MaDe FaDu Identification of the SIL BLM Dependability. G.Guaglio

Sil Approach 4/4 Failure probability MaDe FaDu SIL Approach Electronic Our Situation Radiations Tests Dump Levels Sil Approach 4/4 Failure probability Low demand mode of Operation ( <1 year) High demand / continuous operation Requested Failure rates. We will se now our situation. MaDe FaDu BLM Dependability. G.Guaglio

Front-end Electronic SIL Approach Electronic Our Situation Radiations Tests Dump Levels Front-end Electronic 6 IC connected to the same HV. Tunnel board with 8 input. Current (from 1 pA to 1 mA) converted into frequency and then counted. Enter in the FPGA in which it is doubled, serialized and send trough laser to the surface. The status collector collect the status of the HV, counter, FPGA itselfs, optical components. BLM Dependability. G.Guaglio

Back-end Electronic SIL Approach Electronic Our Situation Radiations Tests Dump Levels Back-end Electronic At the surface we will have 16 channel per board. This is an old drawing , just to introduce you to the basic concepts. In the actual design there are also a not volatile RAM for the loggin process, FPGA status, Beam permit line. We will see that electronics into detail in the following days. For the moment, we say that the signal is processed, checked, compared with the Energy and integrated time. If over the limits (or there is a problem) we send a signal to the dump system. BLM Dependability. G.Guaglio

Our Layout SIL Approach Electronic Our Situation Radiations Tests Dump Levels Our Layout Transmitter Optical link Receiver DUMP UPS Detector Energy input Transmitter Optical link Receiver Signal ELEMENT l [1/h] inspection [h] Ionization Chamber + 400m cable 2.58E-08 20 Amplifier (CFC) 2.78E-08 20 Continuous with bias current Photodiode 3.18E-08 continuous From an higher abstraction, the system looks like this. JFET (CFC) 8.60E-08 20 Continuous with bias current 2 Optical connectors 2.00E-07 continuous Optical fiber 2.00E-07 continuous FPGA RX 6.99E-07 continuous UPS 1.00E-06 continuous FPGA TX 2.02E-06 continuous Laser 8.46E-06 continuous BLM Dependability. G.Guaglio

MaDe PMaDi ~ PS + QBLM + Pen- + QDUMP < 10-7 /h 4.96 10-7/h ? ? SIL Approach Electronic Our Situation Radiations Tests Dump Levels MaDe Transmitter Optical link Receiver DUMP UPS Detector Energy input Transmitter Optical link Receiver If it fails, our procedure dumps! (FaDu) Signal PMaDi ~ PS + QBLM + Pen- + QDUMP Probability to have a Magnet Disruption Probability not to detect the dangerous loss Unavailability of the BLM system Probability to underestimate the beam energy Unavailability of the DUMP system < 10-7 /h 4.96 10-7/h ? ? Threshold levels (FaDu) BLM Dependability. G.Guaglio

FaDu wFaDu ~ ( wTHR + wBLM + wen+ ) * 3200 < 10-6/h < 3*10-10 /h SIL Approach Electronic Our Situation Radiations Tests Dump Levels FaDu Transmitter Optical link Receiver DUMP UPS Detector Energy input Transmitter Optical link Receiver wFaDu ~ ( wTHR + wBLM + wen+ ) * 3200 Frequency of False Dump Frequency of false dump signal Frequency of failure of BLM system+UPS Frequency of overestimation of the beam energy Number of channels < 10-6/h < 3*10-10 /h ? 1.24 10-6/h ? BLM Dependability. G.Guaglio

Risk Matrix 1/2 Foreseen failure rate: SIL Approach Electronic Our Situation Radiations Tests Dump Levels Risk Matrix 1/2 Foreseen failure rate: MaDi: 4.96 10-7/h * 4000 h/y * 100 = 0.2/y Probable Dangerous losses per years Beam hours: 200 d*20 h/d FaDu: 1.24 10-6/h * 4000 h/y * 3200= 16/y Frequent Number of channels How much is the risk that we run with current situation? BLM Dependability. G.Guaglio

We are beyond the border !! SIL Approach Electronic Our Situation Radiations Tests Dump Levels Risk Matrix 2/2 Frequency Consequence Catastrophic Major Severe Minor Frequent I II Probable III Occasional Remote IV Improbable Negligible / Not Credible MaDe FaDu We are beyond the border !! Again with the IEC 61508. But we have some more consideration to do. Intolerable. Tolerable if risk reduction is impracticable or if costs are disproportionate. Tolerable if risk reduction cost exceeds improvement. Acceptable. BLM Dependability. G.Guaglio

Event occurrence 1/2 Not acceptable!! No continuous signal SIL Approach Electronic Our Situation Radiations Tests Dump Levels Event occurrence 1/2 No continuous signal FaDu frequency: 1.24E-6/h*4000h/y*3200= 16 FaDu/y MaDe risk: 2.6E-6/h*4000h/y*100danger/y ~ 1 Magnet/y Making a step back. No continuous signal. Not acceptable!! BLM Dependability. G.Guaglio

Event occurrence 2/2 Better... Continuous signal FaDu frequency: SIL Approach Electronic Our Situation Radiations Tests Dump Levels Event occurrence 2/2 Continuous signal FaDu frequency: 1.24E-6/h*4000h/y*3200= 16 FaDu/y MaDe risk: 4.96E-7/h*4000h/y*100danger/y ~0.2 Magnet/y UPS probably better than estimated. If we test continuously also the IC we reach the 2.38E-7 unavailability of the MaDe situation. Better... BLM Dependability. G.Guaglio

Simulations Possibilities: Multiple losses: great reduction of MaDe. SIL Approach Electronic Our Situation Radiations Tests Dump Levels Simulations Possibilities: Multiple losses: great reduction of MaDe. Losses fingerprint: better definition of the position. What’s more: possible coincidence of event: channels not independents. Also important for the position of the monitor. Aperture limitation? BLM Dependability. G.Guaglio

Partial conclusions We are on the border but: SIL Approach Electronic Our Situation Radiations Tests Dump Levels Partial conclusions We are on the border but: Probable multi-detection per loss (further simulations). Possible improving with continuous IC detection. Improving with better electronic components. BLM Dependability. G.Guaglio