Upload
tatum
View
51
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Beam Loss Detection. Bernd Dehning CERN BE/BI. BLM System – Online Display. Extensively used for operation verification and machine tuning 1 Hz Logging (12 integration times, 40 us to 83 s) Integration times < 1s: maximum during the last second is logged - PowerPoint PPT Presentation
Citation preview
Beam Loss Detection
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 1
Bernd DehningCERN BE/BI
B.Dehning: 07.06.2012
Extensively used for operation verification and machine tuning 1 Hz Logging (12 integration times, 40 us to 83 s)
Integration times < 1s: maximum during the last second is logged short losses are recorded and loss duration can be reconstructed (20% accuracy)
Also used for Online Display
BLM System – Online Display
LHCbBeamDumps
Collimation
BLM System Knowledge Flow
BLM System Knowledge Flow
Beam Loss Measurement System Layouts
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 5
Ionisation chamber Function: observation and interlock 3700 installed Over 90 % connected to interlock/dump
system Secondary emission detector
Function: observation 300 installed
6
Reliability: Failure Rate and Checks
Systems parallel + survey + functional check:1. in case of system failure dump beam (failsafe)2. verification of functionality: simulate measurement and
comparison with expected result => as good as new
0.00000001
0.0000001
0.000001
0.00001
0.0001
0.001
0.01
0 50 100 150 200 250 300time [a.u.]
failu
re ra
te [a
. u.]
constant f. r.systems parallelsystems parallel + surv.systems parallel + surv. + check
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
Key implementation to obtain low failure rate
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
7
02_FAQ=0.0336 w=0.00275
False Alarm
Channel _FAQ=0.00513 w=0.000427
Channel FalseAlarm
DigFEE _FAQ=0.000125 w=1.04e-5
Digital FEEFalse Alarm
TunnnelPS_FAQ=0.0191 w=0.00158
False alarmgenerated bytunnel Power
Supply
BEE _FAQ=9.35e -5 w=7.79e-6
Back EndElectronic
False Alarm
Crate _FAQ=7.12e-6 w=5.99e-7
Crateselectronics
False Alarms
VMEunit _FAQ=0.00946 w=0.000784
VME unitFalse Alarms
OL_equiv _FA
642 redudantOptical link ,
w
r=5.30677 e-007 tau =12
Q=3.18e-6 w=5.31e -7
Memory .01
MechanicalFailure (325)
r =9. 2713e- 011 n=325 m =1
Q=3.62e-7 w=3.01e-8
Memory .02
ElectricalFailure (325)
r =3. 0858 e-011 n=325 m =1
Q=1.2e-7 w=1e-8
HTcon _FA_CQ=4.82e-5 w=4.02e-6
HT connectorsFalse Alarms,
Continuous check
Page 11
IC_FA_CQ=0.000368 w=3.07e-5
IonizationChamber False
Alarm,Continuous check
Page 12
Channel _FA_10pAQ=0.00472 w=0.000392
CFC FalseAlarm , 10pA
check
Page 13
PSarc_FA_CQ=2.5e-5 w=2.08e-6
Arc PowerSupplies False
Alarm,Continuous check
Page 16
PSSS_FA_CQ=0.0191 w=0.00158
Straight SectionPS False Alarm,
Continuous check
Page 17
PSVME_FA_CQ=9.75e-9 w=1.95e-8
PS VME FalseAlarm,
Continuous check
Page 20
VMEfans_FA_CQ=0.00946 w=0.000784
VME fantray FalseAlarm,
Continuous check
Page 21
BEE _FA_CQ=8.58e-5 w=7.15e-6
Back Endelectronic False
Alarm,Continuous check
Page 18
BEE _FA_LQ=7.71e-6 w=6.43e-7
Back Endelectronic False
Alarm, Loggingcheck
Crate _FA_CQ=5.47e-6 w=4.62e-7
Crates electronicsFalse Alarms,
Continuous check
Page 19
CombFPGA_FA_LQ=1.65e -6 w=1.37e-7
Combiner FPGAFalse Alarm,
Loggin check
Memory_FA_LQ=4.82e-7 w=4.02e-8
No thresholds(325)
FPGARXen _FA_LQ=7.14e-6 w=5.95e-7
No energyupdating from
combiner
TransceiverEn _FA_LQ=9.55e -8 w=7.96e-9
Wrong energysignal fromtransceiver
DigFEE _FA_CQ=0.000108 w=8.97e-6
Digital FEE FalseAlarm,
Continuous check
Page 14
DigFEE_FA_10pAQ=1.74e-5 w=1.45e-6
Digital FEEFalse Alarm ,10pA check
Page 15
FPGARX.0.3_1
Wrong energyfrom Combiner
(325)
r=1.83e-009 n=325 m=1Q=7.14e-6 w=5.95e-7
Transceiver .0.6_1
Data Bit Error(325)
r=2.448e-011 n=325 m=1Q=9.55e -8 w=7.96e-9
Combiner FPGA.02_1
Internal error
r=5.49e-009 n=25 m=1Q=1.65e -6 w=1.37e-7
CombBPin_FA_LQ=1.65e -6 w=1.37e-7
Wrongcombinerbackplane
OL_equiv_FA:r= r(OL_FA)* n
tau=missiontime
To run with lifetime= mission time (12
h)
02_FAQ=0.0336 w=0.00275
False Alarm
Channel _FAQ=0.00513 w=0.000427
Channel FalseAlarm
DigFEE _FAQ=0.000125 w=1.04e-5
Digital FEEFalse Alarm
TunnnelPS_FAQ=0.0191 w=0.00158
False alarmgenerated bytunnel Power
Supply
BEE _FAQ=9.35e -5 w=7.79e-6
Back EndElectronic
False Alarm
Crate _FAQ=7.12e-6 w=5.99e-7
Crateselectronics
False Alarms
VMEunit _FAQ=0.00946 w=0.000784
VME unitFalse Alarms
OL_equiv _FA
642 redudantOptical link ,
w
r=5.30677 e-007 tau =12
Q=3.18e-6 w=5.31e -7
Memory .01
MechanicalFailure (325)
r =9. 2713e- 011 n=325 m =1
Q=3.62e-7 w=3.01e-8
Memory .02
ElectricalFailure (325)
r =3. 0858 e-011 n=325 m =1
Q=1.2e-7 w=1e-8
HTcon _FA_CQ=4.82e-5 w=4.02e-6
HT connectorsFalse Alarms,
Continuous check
Page 11
IC_FA_CQ=0.000368 w=3.07e-5
IonizationChamber False
Alarm,Continuous check
Page 12
Channel _FA_10pAQ=0.00472 w=0.000392
CFC FalseAlarm , 10pA
check
Page 13
PSarc_FA_CQ=2.5e-5 w=2.08e-6
Arc PowerSupplies False
Alarm,Continuous check
Page 16
PSSS_FA_CQ=0.0191 w=0.00158
Straight SectionPS False Alarm,
Continuous check
Page 17
PSVME_FA_CQ=9.75e-9 w=1.95e-8
PS VME FalseAlarm,
Continuous check
Page 20
VMEfans_FA_CQ=0.00946 w=0.000784
VME fantray FalseAlarm,
Continuous check
Page 21
BEE _FA_CQ=8.58e-5 w=7.15e-6
Back Endelectronic False
Alarm,Continuous check
Page 18
BEE _FA_LQ=7.71e-6 w=6.43e-7
Back Endelectronic False
Alarm, Loggingcheck
Crate _FA_CQ=5.47e-6 w=4.62e-7
Crates electronicsFalse Alarms,
Continuous check
Page 19
CombFPGA_FA_LQ=1.65e -6 w=1.37e-7
Combiner FPGAFalse Alarm,
Loggin check
Memory_FA_LQ=4.82e-7 w=4.02e-8
No thresholds(325)
FPGARXen _FA_LQ=7.14e-6 w=5.95e-7
No energyupdating from
combiner
TransceiverEn _FA_LQ=9.55e -8 w=7.96e-9
Wrong energysignal fromtransceiver
DigFEE _FA_CQ=0.000108 w=8.97e-6
Digital FEE FalseAlarm,
Continuous check
Page 14
DigFEE_FA_10pAQ=1.74e-5 w=1.45e-6
Digital FEEFalse Alarm ,10pA check
Page 15
FPGARX.0.3_1
Wrong energyfrom Combiner
(325)
r=1.83e-009 n=325 m=1Q=7.14e-6 w=5.95e-7
Transceiver .0.6_1
Data Bit Error(325)
r=2.448e-011 n=325 m=1Q=9.55e -8 w=7.96e-9
Combiner FPGA.02_1
Internal error
r=5.49e-009 n=25 m=1Q=1.65e -6 w=1.37e-7
CombBPin_FA_LQ=1.65e -6 w=1.37e-7
Wrongcombinerbackplane
OL_equiv_FA:r= r(OL_FA)* n
tau=missiontime
To run with lifetime= mission time (12
h)
02_FAQ=0.0336 w=0.00275
False Alarm
Channel _FAQ=0.00513 w=0.000427
Channel FalseAlarm
DigFEE _FAQ=0.000125 w=1.04e-5
Digital FEEFalse Alarm
TunnnelPS_FAQ=0.0191 w=0.00158
False alarmgenerated bytunnel Power
Supply
BEE _FAQ=9.35e -5 w=7.79e-6
Back EndElectronic
False Alarm
Crate _FAQ=7.12e-6 w=5.99e-7
Crateselectronics
False Alarms
VMEunit _FAQ=0.00946 w=0.000784
VME unitFalse Alarms
OL_equiv _FA
642 redudantOptical link ,
02_FAQ=0.0336 w=0.00275
False Alarm
Channel _FAQ=0.00513 w=0.000427
Channel FalseAlarm
DigFEE _FAQ=0.000125 w=1.04e-5
Digital FEEFalse Alarm
TunnnelPS_FAQ=0.0191 w=0.00158
False alarmgenerated bytunnel Power
Supply
BEE _FAQ=9.35e -5 w=7.79e-6
Back EndElectronic
False Alarm
Crate _FAQ=7.12e-6 w=5.99e-7
Crateselectronics
False Alarms
VMEunit _FAQ=0.00946 w=0.000784
VME unitFalse Alarms
OL_equiv _FA
642 redudantOptical link ,
w
r=5.30677 e-007 tau =12
Q=3.18e-6 w=5.31e -7
Memory .01
MechanicalFailure (325)
r =9. 2713e- 011 n=325 m =1
Q=3.62e-7 w=3.01e-8
Memory .02
ElectricalFailure (325)
r =3. 0858 e-011 n=325 m =1
Q=1.2e-7 w=1e-8
HTcon _FA_CQ=4.82e-5 w=4.02e-6
HT connectorsFalse Alarms,
Continuous check
Page 11
IC_FA_CQ=0.000368 w=3.07e-5
IonizationChamber False
w
r=5.30677 e-007 tau =12
Q=3.18e-6 w=5.31e -7
Memory .01
MechanicalFailure (325)
r =9. 2713e- 011 n=325 m =1
Q=3.62e-7 w=3.01e-8
Memory .02
ElectricalFailure (325)
r =3. 0858 e-011 n=325 m =1
Q=1.2e-7 w=1e-8
HTcon _FA_CQ=4.82e-5 w=4.02e-6
HT connectorsFalse Alarms,
Continuous check
Page 11
IC_FA_CQ=0.000368 w=3.07e-5
IonizationChamber False
Alarm,Continuous check
Page 12
Channel _FA_10pAQ=0.00472 w=0.000392
CFC FalseAlarm , 10pA
check
Page 13
PSarc_FA_CQ=2.5e-5 w=2.08e-6
Arc PowerSupplies False
Alarm,Continuous check
Page 16
PSSS_FA_CQ=0.0191 w=0.00158
Straight SectionPS False Alarm,
Continuous check
Page 17
PSVME_FA_CQ=9.75e-9 w=1.95e-8
PS VME FalseAlarm,
Continuous check
Page 20
VMEfans_FA_CQ=0.00946 w=0.000784
VME fantray FalseAlarm,
Continuous check
Page 21
BEE _FA_CQ=8
Alarm,Continuous check
Page 12
Channel _FA_10pAQ=0.00472 w=0.000392
CFC FalseAlarm , 10pA
check
Page 13
PSarc_FA_CQ=2.5e-5 w=2.08e-6
Arc PowerSupplies False
Alarm,Continuous check
Page 16
PSSS_FA_CQ=0.0191 w=0.00158
Straight SectionPS False Alarm,
Continuous check
Page 17
PSVME_FA_CQ=9.75e-9 w=1.95e-8
PS VME FalseAlarm,
Continuous check
Page 20
VMEfans_FA_CQ=0.00946 w=0.000784
VME fantray FalseAlarm,
Continuous check
Page 21
BEE _FA_CQ=8.58e-5 w=7.15e-6
Back Endelectronic False
Alarm,Continuous check
Page 18
BEE _FA_LQ=7.71e-6 w=6.43e-7
Back Endelectronic False
Alarm, Loggingcheck
Crate _FA_CQ=5.47e-6 w=4.62e-7
Crates electronicsFalse Alarms,
Continuous check
Page 19
CombFPGA_FA_LQ=1.65e -6 w=1.37e-7
Combiner FPGAFalse Alarm,
Loggin check
Memory_FA_LQ=4.82e-7 w=4.02e-8
No thresholds(325)
FPGARXen _FA_LQ=7.14e-6 w=5.95e-7
No energy
.58e-5 w=7.15e-6
Back Endelectronic False
Alarm,Continuous check
Page 18
BEE _FA_LQ=7.71e-6 w=6.43e-7
Back Endelectronic False
Alarm, Loggingcheck
Crate _FA_CQ=5.47e-6 w=4.62e-7
Crates electronicsFalse Alarms,
Continuous check
Page 19
CombFPGA_FA_LQ=1.65e -6 w=1.37e-7
Combiner FPGAFalse Alarm,
Loggin check
Memory_FA_LQ=4.82e-7 w=4.02e-8
No thresholds(325)
FPGARXen _FA_LQ=7.14e-6 w=5.95e-7
No energyupdating from
combiner
TransceiverEn _FA_LQ=9.55e -8 w=7.96e-9
Wrong energysignal fromtransceiver
DigFEE _FA_CQ=0.000108 w=8.97e-6
Digital FEE FalseAlarm,
Continuous check
Page 14
DigFEE_FA_10pAQ=1.74e-5 w=1.45e-6
Digital FEEFalse Alarm ,10pA check
Page 15
FPGARX.0.3_1
Wrong energyfrom Combiner
(325)
r=1.83e-009 n=325 m=1Q=7.14e-6 w=5.95e-7
Transceiver .0.6_1
Data Bit Error(325)
r=2.448e-011 n=325 m
updating fromcombiner
TransceiverEn _FA_LQ=9.55e -8 w=7.96e-9
Wrong energysignal fromtransceiver
DigFEE _FA_CQ=0.000108 w=8.97e-6
Digital FEE FalseAlarm,
Continuous check
Page 14
DigFEE_FA_10pAQ=1.74e-5 w=1.45e-6
Digital FEEFalse Alarm ,10pA check
Page 15
FPGARX.0.3_1
Wrong energyfrom Combiner
(325)
r=1.83e-009 n=325 m=1Q=7.14e-6 w=5.95e-7
Transceiver .0.6_1
Data Bit Error(325)
r=2.448e-011 n=325 m=1Q=9.55e -8 w=7.96e-9
Combiner FPGA.02_1
Internal error
r=5.49e-009 n=25 m=1Q=1.65e -6 w=1.37e-7
CombBPin_FA_LQ=1.65e -6 w=1.37e-7
Wrongcombinerbackplane
OL_equiv_FA:r= r(OL_FA)* n
tau=missiontime
To run with lifetime= mission time (12
h)
B.Dehning: 07.06.2012
Reliability: Fault Tree Analysis
The probability to have an Failure Mode A, Pr{A}, is calculated per each Failure Modes of the FMECA, given the hazard rate, the repair rate and the inspection period .
OR Gate
EVENT1 EVENT2
OR Gate
EVENT1 EVENT2
DamageRisk
BlindFEE
BlindBEE
AND Gate
EVENT1 EVENT2
AND Gate
EVENT1 EVENT2
False Alarmby
transmission
Opticalline
1
Opticalline
2
Almost 160 Failure Modes have been defined for the BLMS using the FMD-97 standard.Three Ends Effects:1. Damage Risk: probability not to be ready in case of dangerous loss. 2. False Alarm: probability to generate a false alarm.3. Warning: probability to generate a maintenance request
following a failure of a redundant component.
Used program: Isograph, includes component catalogue
Steps taken for a Failsafe System: Error-free Communication
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 8
The steps taken to ensure a reliable communication link: Double (redundant) optical link
CRC-32 error check algorithm All single-bit errors. All double-bit errors. Any odd number of errors. Any burst error with a length less than the length of CRC. For longer bursts Pr = 1.16415*10-10 probability of undetected error.
224 bits of data plus 32 bits of CRC remainder = 256 bits
8b/10b encoding Clock data recovery (CDR) - guarantees transition density. DC-balanced serial stream - ones and zeros are equal/DC is zero. Error detection – four times more characters. Special characters used for control – sync, frame.
256 bits of data are encoded in 320 bits = 64 extra bits
Steps taken for a Failsafe System: Avoiding Human Errors
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 9
To avoid misplacement of electronic cards or threshold and masking tables
Tunnel Card ID Unique number embedded in the FPGA (16bit) Included in every transmitted frame Compared with the one stored in the LSA DB
Surface Card Serial number Unique number embedded in a IC (64bit) Compared with the one stored in the LSA DB
Steps taken for a Failsafe System: System Failures
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 10
To avoid loss of data Frame ID
Surface FPGA checks for missing frames Incrementing number included at every transmission
Optical link is always active 8b/10b encoding sends “commas” when no data Disconnection is detected in max 25ns
To ensure recognition of system failures and beam dump requests
FPGA Outputs (Beam Dump signals) as frequency At a dump request, reset, or failure the transmitted frequency will be altered
Beam Permit lines are daisy-chained between cards Custom VME backplane Dummy cards on empty slots to close circuit
Verification using Emulator Module
In situ test of the TC in VME crate by emulation of output signals of CFC
Arbitrary Tx data Comparison of different TC firmware versions Playback of LHC capture data for analysis
Tx errors CRC, CID, FID
Wrong configuration Errors in physical layer
Manual testing procedure Results read out in Expert application
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 11
Verification using custom programs
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 12
Exhaustive verification of the behavior of the Threshold Comparator block
Check all permutations and their ability to trigger a beam dump request
Flash modified threshold table targeting one table field at each iteration.
16 cards/crate 16 detectors/TC card 12 integration windows/detector 32 beam energy levels 98’304 test cases/crate
VME readout check The same test case repeated 500’000 times
Internal (VME crate) beam permit check
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 13
Check the beam permit lines (BPL) inside the crate
Check the BPL between the crates (on the same IP)
Check results are saved in the database
BLECSU
BLETCN°1
BLETCN°16
BLETCN°2
U
M M M
Last BLECS
CIBUS
U
All lines to ‘FALSE’
Energy link
last BLECS had received the last dump request and notify all the other BLECS
1
2
3
Send the card number which have to provoke the dump and U or M
The BLECS provoke the dump which is transmitted to the last BLECS before the CIBUS
Combiner card inside the LHC BLM system
Beam Loss Monitors (4000)
Interlock Interfaces (16) [CIBUS] TE-MPE-MI (B. Puccio, B. Todd)
Beam Energy Receivers (8) [CISV]Hardware:BE-CO-HT (P. Alvarez)Responsible:TE-MPE-MI (B. Puccio)Energy measurements:
Tunnel Cards (700)
Threshold Comparators (350) Combiner and Survey (25)
Operational applications (2) Expert applications (2) Diagnostics application,phase and amplitude
for the connectivity check
Settings applications (2)
Tunnel Card test benches (5) around the LHC ring
HV HV
BLM HV supplies
B.Dehning: 07.06.2012 14
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
Connectivity check
The high voltage is modulated with a 30V/60mHz signalA current is induced in the monitors and measured by the system
The phase and amplitude are calculated and compared to predefined thresholds in the BLECS card.
The raw and filtered data is kept into the SRAM and can be retrieve with the Diagnostic application
Internal thresholds settingsoverview in the diagnostic tool.(unique for each monitor)
Last full period in saved in the SRAM and processed
B.Dehning: 07.06.2012 15
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
1. Check of cabling2. Check of components,
R- C filter
3. Check of chamber capacity
4. Check of stablity of signal, pA to nA
5. Not checked: gas gain
of chamber
High Voltage Modulation Results
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 16
BLM System Knowledge Flow
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
18B.Dehning: 07.06.2012
Software Overview, Management of Settings
Safety given by: Comparison of settings at
DB and front-end Safe transmission of
settings
front - end
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
19B.Dehning: 07.06.2012
Software Overview, Management of Settings
Safety given by: Comparison of settings at
DB and front-end Safe transmission of
settings
front - end
1. Modular design of data base very useful (if changes are needed limited impact)
1. MTF: history of equipment e.g. ionisation chamber, electronic cards, …
2. Layout: description of links between equipment3. LSA: reference for all data needed in the front-end (some imported
from MTF and Layout) 2. Storage of data in frontend in FPGA memory (even here corruptions
observed)3. Master for comparison is the front-end (this allows immediate beam
inhibit)4. Design very early defined in PhD thesis on reliability (root was followed
during project)5. Issue of design: protection and measurement functionality are
implemented in same front-end (review remark). 1. Critical, because of upgrades are more often needed on
measurement functionality compared to protection functionality2. New design: locking of FPGA firmware, which has protection
functionality (partial solution)3. Occupation of FPGA by firmware too large, first estimate of
occupation will be about 30% for new BLM systems
BLM System Knowledge Flow
Noise and Fast Database Access
Important for availability (false dumps) and dynamic range
Main source of noise: long cables (up to 800 m in straight section)
Aim: factor 10 between noise and threshold
Thresholds decrease with increasing energy
noise reduction before 7 TeV operation Single pair shielded cables,
noise reduction: > factor 5 Development of kGy
radiation hard readout to avoid long cablesNoise estimate in design phase with test
installations at comparable locations
BLM System Knowledge Flow
Daily Checks
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 23
Temperature and failure rate
Survey of BLM thresholds
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 24
Detailed Analysis of Modulation Result – Preventive Action
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 25
BLM System Knowledge Flow
Now: C++ program and SVN storage Future: all values and functional dependence in ORACLE
BLM System Knowledge Flow
Now: C++ program and SVN storage Future: all values and functional dependence in ORACLE
Reserve Slides
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 28
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
29B.Dehning: 07.06.2012
Literature
http://cern.ch/blm LHC
Reliability issues, thesis, G. Guaglio Reliability issues, R. Filippini et al., PAC 05 Front end electronics, analog, thesis, W. Friesenbichler Front end electronics, analog-digital, E. Effinger et al. Digital signal treatment, thesis, C. Zamantzas Balancing Safety and Availability for an Electronic
Protection System, S. Wagner et al., to be published, ESREL 2008
30
Reliability: Safety System Design Approach
Damage(system integrity)
Quench(operationalEfficiency)
Scaling:
frequency of events
xconsequence
FailsafeRedundancy
SurveyFunctional Check
Meantime
between failures
Methods: Stop of next
injectionExtraction of
beam
Reduction of operational efficiency
Safety ProtectionRisk Availability
SILALARP
Systems:Beam loss MonitorsQuench
protectionsystem
Interlocksystem
¨Dump system
Design issues:Reliable
componentsRedundancy,
votingMonitoring of
drifts1 10-8 to1 10-7 1/h
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
31B.Dehning: 07.06.2012
Reliability: Settings and Checks from Database to Frontend
Setting storage in Oracle database
Settings: Threshold values Voltages, currents,
phase limits for automatic test
Serial numbers for ever equipment in the acquisition chain
Software version numbers
Comparison of frontend settings with database every 12 hours or after every update
If positive hardware base beam permit given
If negative after retry, manual intervention (no beam permit)
Corruption in frontend are more likely as in reference database, therefore =>
Request for comparison issued by front-end, most reliable (no software layers in between)
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
32
Resonance Crossing – SEM signal Issue
No signal from secondary emission monitors expected: due to ionisation in air at non insulated wire connection (patch boxes)
B.Dehning: 07.06.2012
Beam
ionisation chambers
secondary emission monitors
Optimized tools are very help full during commissioning (design during test phases)
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 33
The BLM Acquisition System
Real-Time Processing BEE FPGA Altera’s Stratix EP1S40 (medium size,
SRAM based) Mezzanine card for the optical links 3 x 2 MB SRAMs for temporary data
storage NV-RAM for system settings and threshold
table storage
Analog front-end FEE Current to Frequency Converters (CFCs) Analogue to Digital Converters (ADCs) Tunnel FPGAs:
Actel’s 54SX/A radiation tolerant. Communication links:
Gigabit Optical Links.
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
34B.Dehning: 07.06.2012
Post Mortem Data (some examples)
PM application: BLM data of 0.082 seconline available
Longer PM buffer: BLM data of 1.72 secoffine available
43000 values (40 us)
2000 values (40 us)
Loss in a bending magnet
Monitors
Time
Extensively used for operation verification and machine tuning 1 Hz Logging (12 integration times)
Integration times < 1s: maximum during the last second is logged short losses are recorded and loss duration can be reconstructed (20%
accuracy) Also used for Online Display
BLM Published Data – Logging Data – Online Display• Change of the thresholds:
• As function of loss duration• As function of beam energy
• Will also be implemented for warm magnet and equipment protection
Energy integration time
Extensively used for operation verification and machine tuning 1 Hz Logging (12 integration times)
Integration times < 1s: maximum during the last second is logged short losses are recorded and loss duration can be reconstructed (20%
accuracy) Also used for Online Display
BLM Published Data – Logging Data – Online Display
Fit to data in the plan signal versusintegration time => interception straight line parameterization => loss duration
Storage of several running sums allows reconstruction of duration of loss event (reduction of network traffic and data storage place)
BLM Published Data – Logging Data – Online DisplayPost Mortem Data: Event triggered read out of all acquisition buffers1. Online (after 10 s 2000 values with 40 us integration time 2. Off line 43000 values
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
38B.Dehning: 07.06.2012
Quench and Damage Levels
• High dynamic range dynamic• Arc: 108
• Collimation: 1013 second detector
• Change of the thresholds:• As function of loss
duration• As function of beam
energy
Energy integration time
246 GeV
7 TeV
1.E+06
1.E+07
1.E+08
1.E+09
1.E+10
1.E+11
1.E+12
1.E+13
1.E+14
1.E+15
1.E-02 1.E-01 1.E+00 1.E+01 1.E+02 1.E+03 1.E+04 1.E+05 1.E+06
duration of loss [ms]
quen
ch le
vels
[pro
ton/
s]
total quench levels at 450 GeVtotal quench levels at 7 TeV
He heat flow
He heat reserve
heat flow between cable and He
heat reserve of cable
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
39B.Dehning: 07.06.2012
Post Mortem Data (some examples), Zoom
Loss from primary event+
dump system loss
B.Dehning: 07.06.2012
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes 40
Eva Barbara HolzerTIPP 2011 June 10, 2011 42
Main purpose: prevent damage and quench
3600 Ionization chambers (IC) interlock (97%) and observation
300 Secondary emission monitors (SEM) for observation
Beam Loss Measurement System Layout
Eva Barbara HolzerTIPP 2011 June 10, 2011 43
Extensively used for operation verification and machine tuning 1 Hz Logging (nearly all 12 integration times)
Integration times < 1s: maximum during the last second is logged short losses are recorded and loss duration can be reconstructed
(20% accuracy) Also used for Online Display
BLM Published Data – Logging Data
Eva Barbara HolzerTIPP 2011 June 10, 2011 4444
Specifications Time resolution ½ turn, 40 us Average calculation loss:
12 values, 40 us to 83 s Max amplitude 23 Gy/s Min amplitude
1E-4 Gy/s @ 40 us 3E-7 Gy/s @ 1.3 s
Dynamic 2E5 @ 40 us ~ 1E8 @ 1.3 s
Damage level 2000 Gy/s @ 1 ms
All channels could be connected to the interlock system
Thresholds Loss duration dependent, 12
values Energy dependent, 32 values About 1.5 E6 thresholds
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
Quench and Damage Levels
450 GeV 3.5 TeV 5.0 TeV 7.0 TeVQuadrupole and bending magnet thresholds
B.Dehning: 07.06.2012
Eva Barbara HolzerTIPP 2011 June 10, 2011 45Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
System settings& data flow
Beam permit
signal flowB.Dehning: 07.06.2012
Eva Barbara HolzerTIPP 2011 June 10, 2011 46Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
46B.Dehning: 07.06.2012
Radioactive source test
Functional tests before installation
Barcode check
HV modulation test
Double optical line comparison
Offset to check connectivity (10 pA test)
System component identity check
Beam inhibit lines tests
Detector
Tunnel electronics
Surface electronic
sCombiner
Inspection frequency:
Reception Installation and yearly maintenance Before (each) fill Parallel with beam
Current source test
Threshold table data base comparison
Functional Tests Overview PhD thesis G. Guaglio
Workshop on Machine Protection, Focusing on Linear Accelerator Complexes
47B.Dehning: 07.06.2012
Ionisation Chamber and Secondary Emission Monitor
Stainless steal cylinder Parallel electrodes distance 0.5
cm Diameter 8.9 cm Voltage 1.5 kV Low pass filter at the HV input
IC: Al electrodes Length 60 cm Ion collection time 85 us N2 gas filling at 1.1 bar Sensitive volume 1.5 l
SEM: Ti electrodes Components UHV
compatible Steel vacuum fired Detector contains 170 cm2
of NEG St707 to keep the vacuum < 10-4 mbar during 20 years
Signal Ratio: IC/SEM = 60000
Eva Barbara HolzerTIPP 2011 June 10, 2011 48
Mostly, onset of system degradation detected by regular offline checks before malfunction
Number of failures regarded manageable (no availability issue)
Hardware Failures (since Feb. 2010)
12 IC with bad soldering
(out of 3600)
9 GOH with low power
1 damaged connector
out of 1500
7 CFC with ‘noisy’ components
2 cards with bad solderingout of 750
12 with ‘weak’ receivers
out of 1500
2 with failed SRAM
out of 350
3 failed CPU RIO3
out of 25
1 VME Power Supply, out of 25
12
19
14
4
Specification: Beam Loss Durations and Protection Systems
4 turns (356 s)
10 ms
10 s
100 s
LOSS DURATION
Ultra-fast loss
Fast losses
Intermediate losses
Slow losses
Steady state losses
PROTECTION SYSTEM
Passive Components
+ BLM (damage and quench prevention)
+ Quench Protection System, QPS (damage protection only)
+ Cryogenic System
Since not active protection possible for ultra-fast losses => passive system
Classification loss signals to be used for functional and technical specificationB.Dehning:
07.06.2012 49Workshop on Machine Protection, Focusing on Linear Accelerator
Complexes