Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interlock Systems for Machine Protection Manuel Zaera-Sanz Interlocks Engineer – ICS / Protection Systems AD and ICS Retreat mtg 2014 11 December 2014.

Published byLambert Cole Modified over 8 years ago

Similar presentations

Presentation on theme: "Interlock Systems for Machine Protection Manuel Zaera-Sanz Interlocks Engineer – ICS / Protection Systems AD and ICS Retreat mtg 2014 11 December 2014."— Presentation transcript:

1 Interlock Systems for Machine Protection Manuel Zaera-Sanz Interlocks Engineer – ICS / Protection Systems AD and ICS Retreat mtg 2014 11 December 2014

2 Murphy’s laws on critical systems... -“Sooner or later, the worst possible combination of circumstances will happen” -“If a system stops working, it will do it at the worst possible time” -“Any SW bug will tend to maximize the damage” -“The worst SW bug will be discovered six months after the field test” -“Damage to an object is proportional to its value” -“If something can go wrong, it will go wrong” 211 DEC 2014AD and ICS Retreat mtg 2014

3 Some real-world examples... -An error in a data type conversion for horizontal speed computation provoked the explosion of the Ariane V first flight (Jun 1996) -A design fault of the upper stage of the Soyuz rocket (freezing the fuel of the thrusters), sent Galileo satellites into wrong orbits (August 2014) -Philae robotic lander (Rosetta mission) landed in a shadow area of the comet due to a failure in the harpoons propulsion system (Nov 2014) -The RADAR of the NORAD defense system misunderstood the moon by an enemy missile (1979) -A 767 plane (United Airlines) was frozen due to the system for fuel saving was “too much” efficient (Aug 1983) -An error in a soviet missile implied that the target was Hamburg instead of the Artic ocean (Dec 1984) 311 DEC 2014AD and ICS Retreat mtg 2014

4 Barriers to prevent failures: Fault Avoidance (FA) & Fault Tolerance (FT) 411 DEC 2014AD and ICS Retreat mtg 2014 DESIGN & SPECIFICATION IMPLEMENT. & VALIDATION INTERNAL PHYSICAL CAUSES EXTERNAL PHYSICAL CAUSES INTERACTION & OPERATION ORIGIN FAULTS SOFTWARE FAULTS HARDWARE FAULTS CONSEQUENCES FAULTS Barrier I FA Barrier II FT ERRORSERRORS Barrier III FT FAILURESFAILURES

5 Those barriers are not enough... Interlocks for machine protection: Protection of equipment, taking the proper actions to avoid any damage with a high confidence (highly dependable) defined in a previous risk analysis Interlocks for machine protection at ESS: Devices used to protect the investment, i.e., our linear accelerator (its equipment) and the target, by taking the proper actions to stop/allow beam operation and abort/allow powering 511 DEC 2014AD and ICS Retreat mtg 2014

6 Our mission statement 11 DEC 2014AD and ICS Retreat mtg 20146 Objectives: – Protect the Investment (1800 MEURO) A LINAC without interlocks is “like a car without brakes” – Protect the beam: No beam => No neutrons – Provide the evidence How ? Using programmable electronics and hardwired links => Slow and Fast machine protection systems

7 Slow machine protection systems 11 DEC 2014AD and ICS Retreat mtg 20147 Equipment to be protected: – Magnets (Magnet Powering Interlocks) – Vacuum system – Insertable devices (Faraday cups, wire scanners) – Target system How ? – Using PLCs (Programmable Logic Controllers) – Following standard IEC 61508 (no need of certification)

8 Fast machine protection systems 11 DEC 2014AD and ICS Retreat mtg 20148 Equipment to be protected: – Ion source status – Choppers – Steerers – RFQ (Radio Frequency Quadruple) – Raster Magnets – Beam diagnostics (Beam Loss Monitors, Beam current monitors) – RF system How ? – Using FPGAs (Field Programmable Gate Arrays) – Following standard IEC 61508 (no need of certification)

9 Conclusions 11 DEC 2014AD and ICS Retreat mtg 20149 Interlocks for machine protection is protecting an investment of 1800 MEURO LINAC => Critical system Unique and complex machine with many non-linear components and interactions High power pulses of up to 5 MWatt @ 14Hz High availability required (95 %) Failures may occur even if fault avoidance and fault tolerance techniques are used, therefore a high dependable interlocks system is required

Download ppt "Interlock Systems for Machine Protection Manuel Zaera-Sanz Interlocks Engineer – ICS / Protection Systems AD and ICS Retreat mtg 2014 11 December 2014."

Similar presentations

Beam Diagnostics for ADS Dirk Vandeplassche SCK  CEN EUCARD-2 — MAX Accelerators for ADS CERN, 20-21 March 2014.

Beam Diagnostics for ADS Dirk Vandeplassche SCK  CEN EUCARD-2 — MAX Accelerators for ADS CERN, March 2014.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.
ESS Timing System Plans and Requirements Timo Korhonen Chief Engineer, Integrated Control System Division www.europeanspallationsource.se May 19, 2014.

ESS Timing System Plans and Requirements Timo Korhonen Chief Engineer, Integrated Control System Division May 19, 2014.
Can We Trust the Computer?

Can We Trust the Computer?
Syllabus Case Histories WW III Almost Medical Killing Machine

Syllabus Case Histories WW III Almost Medical Killing Machine
An Advanced Linear Accelerator Facility for Microelectronic Dose Rate Studies P.E. Sokol and S.Y.Lee Indiana University.

An Advanced Linear Accelerator Facility for Microelectronic Dose Rate Studies P.E. Sokol and S.Y.Lee Indiana University.
TUPD02 BEAM DIAGNOSTICS FOR THE ESS BLM BPM Trans Profile Bunch Shape BCM Preliminary System Count A. Jansson, L. Tchelidze, ESS AB, Lund, Sweden Hybrid.

TUPD02 BEAM DIAGNOSTICS FOR THE ESS BLM BPM Trans Profile Bunch Shape BCM Preliminary System Count A. Jansson, L. Tchelidze, ESS AB, Lund, Sweden Hybrid.
©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.

©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
SE 450 Software Processes & Product Metrics Reliability: An Introduction.

SE 450 Software Processes & Product Metrics Reliability: An Introduction.
ISIS Beam Protection System and MICE operation. Dean Adams 29 Nov 07 Presented by Chris Rogers.

ISIS Beam Protection System and MICE operation. Dean Adams 29 Nov 07 Presented by Chris Rogers.
T. Bajd, M. Mihelj, J. Lenarčič, A. Stanovnik, M. Munih, Robotics, Springer, 2010 SAFETY IN INDUSTRIAL ROBOTICS R. Kamnik, T. Bajd and M. Mihelj.

T. Bajd, M. Mihelj, J. Lenarčič, A. Stanovnik, M. Munih, Robotics, Springer, 2010 SAFETY IN INDUSTRIAL ROBOTICS R. Kamnik, T. Bajd and M. Mihelj.
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.

Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.

©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 The word rocket can mean different things. Most people think of a tall, thin, round vehicle. They think of a rocket that launches into space. Rocket

 The word "rocket" can mean different things. Most people think of a tall, thin, round vehicle. They think of a rocket that launches into space. "Rocket"
The Ariane 5 Launcher Failure

The Ariane 5 Launcher Failure
Status of the FETS Laserwire Scanner David Lee UKNFIC Meeting 07.11.08

Status of the FETS Laserwire Scanner David Lee UKNFIC Meeting
Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article) http://sunnyday.mit.edu/papers/therac.pdf.

Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article)
The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight.

The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight.
SNS Integrated Control System SNS Timing Master LA-UR-03-3377 Eric Bjorklund.

SNS Integrated Control System SNS Timing Master LA-UR Eric Bjorklund.

Similar presentations

Ads by Google