The Software for the CERN Detector Safety System G. Morpurgo, R. B. Flockhart and S. Lüders, CERN IT/CO.

Slides:



Advertisements
Similar presentations
André Augustinus 15 March 2003 DCS Workshop Safety Interlocks.
Advertisements

Model H Free Standing Static Transfer Switch. Why choose a model H static transfer switch? Increases power availability. True solid state. Rugged, reliable.
Model W Wall Mount Static Transfer Switch. Why choose a model W static transfer switch? Increases power availability. Integrated maintenance bypass. True.
André Augustinus 16 June 2003 DCS Workshop Safety.
HP Quality Center Overview.
June 2010 At A Glance The Room Alert Adapter software in conjunction with AVTECH Room Alert™ devices assists in monitoring computer room environments as.
Experiment Control Systems at the LHC An Overview of the System Architecture An Overview of the System Architecture JCOP Framework Overview JCOP Framework.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
OOAD Using the UML - Use-Case Analysis, v 4.2 Copyright  Rational Software, all rights reserved 1/18 Use Case Analysis – continued Control Classes.
T-FLEX DOCs PLM, Document and Workflow Management.
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
SafeLINC™ Fire Panel Internet Interface
Recall The Team Skills 1. Analyzing the Problem 2. Understanding User and Stakeholder Needs 3. Defining the System 4. Managing Scope 5. Refining the System.
The CMS Pixel PLC Code1 Christian Veelken UC Davis last updated 03/05/08.
UNICOS-like system for interlocks II Workshop on PLC-based interlocks systems ITER, Dec 2014 Jeronimo ORTOLA VIDAL CERN Engineering Department, Industrial.
C++ fundamentals.
NERC Lessons Learned Summary
SPD Cooling workshop: PLC item details. ups upgrade: 10-12' after trigger 24V - what to do in 10 minutes Present situation: In case of “normal power”
1 CS101 Introduction to Computing Lecture 19 Programming Languages.
The Detector Safety System for LHC Experiments Stefan Lüders ― CERN EP/SFT & IT/CO CHEP03 ― UC San Diego ― March 27 th, 2003.
Software Reliability: The “Physics” of “Failure” SJSU ISE 297 Donald Kerns 7/31/00.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
Chapter 3 – Agile Software Development 1Chapter 3 Agile software development.
W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.
Automatic Software Testing Tool for Computer Networks ADD Presentation Dudi Patimer Adi Shachar Yaniv Cohen
Chapter 3: Software Maintenance Process Omar Meqdadi SE 3860 Lecture 3 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
Chapter 6 : Software Metrics
SCADA Systems - What is the scope of this talk? What are SCADA systems? What are their structure and main features? How open are they? How are they evolving?
CS 474 Database Design and Application Terminology Jan 11, 2000.
Update on Database Issues Peter Chochula DCS Workshop, June 21, 2004 Colmar.
Tot 15 LTPDA Graphic User Interface summary and status N. Tateo 26/06/2007.
The DSS Back-end Giulio Morpurgo, IT/CO Design issues & User interface.
WXGE6103 Software Engineering Process and Practice Formal Specification.
Operational tools Laurette Ponce BE-OP 1. 2 Powering tests and Safety 23 July 2009  After the 19 th September, a re-enforcement of access control during.
André Augustinus 17 June 2002 Technology Overview What is out there to fulfil our requirements? (with thanks to Tarek)
Turbine Crane CRANES TURBINE NEA39. Turbine Crane PLANT STATUS! PV Daily Status Report.
1 File Management Chapter File Management n File management system consists of system utility programs that run as privileged applications n Concerned.
Managing Change 1. Why Do Requirements Change?  External Factors – those change agents over which the project team has little or no control.  Internal.
Overview of DAQ at CERN experiments E.Radicioni, INFN MICE Daq and Controls Workshop.
March 2004 At A Glance autoProducts is an automated flight dynamics product generation system. It provides a mission flight operations team with the capability.
Chapter 6 CASE Tools Software Engineering Chapter 6-- CASE TOOLS
Peter Chochula ALICE Offline Week, October 04,2005 External access to the ALICE DCS archives.
EPICS Release 3.15 Bob Dalesio May 19, Features for 3.15 Support for large arrays - done for rsrv in 3.14 Channel access priorities - planned to.
The DIAMON Project Monitoring and Diagnostics for the CERN Controls Infrastructure Pierre Charrue, Mark Buttner, Joel Lauener, Katarina Sigerud, Maciej.
Configuration Mapper Sonja Vrcic Socorro,
The DSS Back-end Giulio Morpurgo, IT/CO Outcome of the “hands-on” exercise.
“The LHC GCS Framework” Geraldine Thomas CERN, IT-CO A complete PLC and PVSS automatic code Generation.
May 14, 2003The Detector Safety System for LHC Experiments1 Agenda 1) Minutes of last meeting 2) DSS Back End software progress by Giulio Morpurgo 3) DSS.
ATLAS DCS ELMB PRR, CERN, March 2002Fernando Varela ELMB Networks CAN/CANopen Interoperability of the ELMB Usage of the ELMB in ATLAS ELMB Networks Full.
60kW Thermosiphon control system
1 The Software Development Process ► Systems analysis ► Systems design ► Implementation ► Testing ► Documentation ► Evaluation ► Maintenance.
13 Copyright © 2007, Oracle. All rights reserved. Using the Data Recovery Advisor.
What is a software? Computer Software, or just Software, is the collection of computer programs and related data that provide the instructions telling.
The Detector Safety System for LHC Experiments Stefan Lüders ― CERN EP/SFT & IT/CO RCS Review Meeting ― September 2 nd, 2003.
Team Members: ECE- Wes Williams, Will Steiden, Josh Howard, Alan Jimenez Sponsor: Brad Luyster Honeywell Network Traffic Generator.
Artificial Intelligence In Power System Author Doshi Pratik H.Darakh Bharat P.
Combining safety and conventional interfaces for interlock PLCs
High Availability Linux (HA Linux)
DSS Front End Software Review
SCADA for Remote Industrial Plant
Software Testing An Introduction.
How SCADA Systems Work?.
CS101 Introduction to Computing Lecture 19 Programming Languages
PLC / SCADA / HMI Controllers: Name : Muhammad Zunair Comsats University Date: 28-October-2018.
Knowing When to Stop: An Examination of Methods to Minimize the False Negative Risk of Automated Abort Triggers RAM XI Training Summit October 2018 Patrick.
Modern PC operating systems
Tools for the Automation of large distributed control systems
Self-Managed Systems: an Architectural Challenge
Presentation transcript:

The Software for the CERN Detector Safety System G. Morpurgo, R. B. Flockhart and S. Lüders, CERN IT/CO

Contents The Detector Safety System (DSS) Two main components: the Front-End and the Back-End The data-driven DSS software The Front-End Alarm-Action Matrix processing software Front-End   Back-End communication The Back-End software  Operator Display  Configuration Tool Conclusions

The Detector Safety System in a nutshell DSS “Detector” Alarm-Action Matrix DSS Sensor DSS Actuator (typically a power switch) Read the Sensors Evaluate the Alarm Conditions Set the Actuators ~1 Hz

Two questions Who configures the Alarm Action Matrix (Sensors, Alarm Conditions, Actuators) ? How to know what the DSS is doing ?

The Back-End and the Front-End Detector Evaluate the Alarm Conditions Read the Sensors Set the Actuators Configure Monitor OPC Operator Display Configuration Interface The Back-End runs on a PC and is based on the PVSS SCADA system The Front-End is based on a redundant Siemens PLC The Back-End deals with User Interaction The Front-End deals with Safety

Some requirements  At least 4 similar systems have to be built, modified and maintained over twenty years.  Sensors, Actuators or Alarm Conditions can be added or re- parameterized at any time by the User, without stopping the system. How does the “data-driven” approach work  The details of the Sensors, Alarms and Actuators will not be “hardcoded” in the software.  These details, which describe the peculiarities of each system protected by the DSS, will instead be confined into “data structures”.  The DSS software will interpret the data contained in the above mentioned structures. Benefits  The software will then be identical for every DSS. This reduces the overall development effort, and allows more exhaustive testing, hence more reliability.  This approach automatically eliminates the risk of introducing software bugs when the User adds new items. Software: the data-driven approach

The F-E Alarm-Action Matrix processing software(1) PLC software structured as a sequence of simple steps (like “read a sensor’s value”, or “set a status bit if a sensor’s value is higher than its threshold”). Every step processes the items contained into a PLC “memory datablock”. A datablock contains parameters and status for all items of a specific type.  These types are: the digital and analogue Sensors, the Alarm Conditions and sub-conditions, the links between Alarms and Actions, and the Actions (i.e. the Actuators) themselves. This sequence of steps is cyclically repeated by the PLC.

The F-E Alarm-Action Matrix processing software(2) A few additional remarks: Each datablock has space for a predefined number of entries (typically one or two thousands). Each entry (Sensor, Alarm, Actuator, etc.) occupies a well defined position in its datablock. Each entry can be addressed by the different processing steps via its Unique Channel Identifier (UCI), a number in the [1,32767] range. In fact, every processing step uses as input results produced by the previous steps.

Example: the data structure for an Alarm Condition UCI … UCI UCI “Compare” blocks UCI … UCI UCI Sub-conditions If “A”=TRUE or “B”=TRUE or “C”=TOO_HIGH or “D”=TOO_LOW then ALARM “E” UCI 3 … UCI 1 UCI 2 Digital sensors A = true B = true… … UCI 8193 UCI 8194 Analogue sensors UCI UCI C = high D = high C = low D = low delay = 2 … UCI UCI Alarm-Action links … UCI … UCI UCI Actuators (i.e. Actions) If ALARM “E” then ACTION “F” (after 2 secs.) UCI = 1 UCI = 3 UCI = 8193 UCI = UCI = 0 (empty) N = 1 (OR) … Alarm “E” value UCI = 0 (empty) Alarm conditions UCI 16421UCI … Step 1: read digital sensors Step 2: read analogue sensors and compare with thresholds Step 5: evaluate Alarm Conditions Step 6: look at Alarm-Action links Step 7: set Actuator values (execute Actions)

Communication between Front-End and Back-End memory datablocks PVSS “database” datapoint elements datapoint elements … Back-End Front-End OPC Parameters are mirrored from B-E to F-E Status are mirrored from F-E to B-E A datapoint element can have an “OPC address” pointing to a location in the Front-End memory datablocks

OPC and optimization Once configured, OPC makes the transmission of data changes transparent to the programmer. If a parameter changes on the B-E, it will be mirrored into a F-E datablock, and used next time the F-E software reads the datablock. If a status changes on the F-E, it will be mirrored into a B-E datapoint element. A PVSS script can be programmed to react to such a change. Optimization is needed: The amount of PLC datablock memory over which data to be monitored are spread has to be minimized. Try to put all the critical status information in contiguous memory.

PVSS DATABASE (DATAPOINTS) The Back-end Software Event driven “managers” GUI panels DSS EVENTS MANAGER ARCHIVE MANAGER MANAGER LOG MANAGERS ORACLE DATABASE SMS/ PVSS ARCHIVE PLC DATABLOCKS Front-End PLC MIRRORING OPC User Interaction part MONITOR PANELS CONFIGURE PANELS Parameter changes (from User)Status changes (Front-End “events”)

Many consistency checks are needed when defining an Alarm Condition Check that, depending on the sensor values, the condition can actually be TRUE or FALSE ex. (A too_high and A too_low) is bad ex. (B true or B false) is bad Check against the same sensors being reused in a redundant way ex. (B true or B true) : maybe the User has made a mistake DSS Configuration panels: an example

Conclusions(1) Five DSS systems, each running the same identical software, have been delivered to the Users and commissioned. A tight schedule was matched by the very small DSS development team (2 persons). Many other features were implemented in the software  ORACLE logging of all events and configuration modifications  Monitoring the status of the PLC system itself  Preventing configuration modifications if OPC is not working  … and many more Sophisticated PVSS-based User Interface

Conclusions(2) The data-driven approach has led to  Simplicity and stability in the Safety-Critical part (F-E)  Very well established interface between F-E and B-E (PLC memory datablocks   PVSS datapoint elements) …but, even more important…  Reduced software development and maintenance time (write it once, use it everywhere).  Independence from the data details. There is nothing “CERN- specific” in the DSS. The system can be effortlessly reused “as it is” in other environments, including in industry.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.