A flexible architecture for the rapid prototyping of ...

A flexiblearchitecture for therapid prototypingof control systems

in fusionexperiments

G. De Tommasi

Outline

Motivations

Rapid Prototypingof the CSS

ITER

Requirements

Setup

Examples

1

A flexible architecture for the rapid

prototyping of control systems in fusion

experiments

July 7, 2010 – ISIE 2010 – Bari – Italy

G. Ambrosino1 M. Banfi2 G. Carannante 1

G. De Tommasi1 A. Mandelli2 A. Pironti11CREATE – Universita di Napoli Federico II

2National Instrument Italy



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

2

Outline

Motivations

Rapid Prototyping of the ITER Central Safety SystemITER overviewSystem requirementsArchitecture overviewExamples



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

3

Development of control systems – V Cycle 1/2

The traditional development cycle of control systems followsthe three phases:

I design

I implementation

I testing



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

4

Development of control systems – V Cycle 2/2

I the design phase ends with the functional requirementspecification;

I the implementation phase starts with the softwarerequirements;

I the test and validation phase is mainly carried outon-site, except for standard single modules testing.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

5

Motivations – 1/2

The V-cicle has several drawbacks:

I Uncertainty of the control system performance:due to the absence of simulation tools;

I Incompleteness in the specification of FunctionalRequirements: plant situations neglected and/or notidentified;

I Mistranslation of the Functional Requirements in SWSpecifications;

I Errors in the Implementation Phase (SW coding andinstallation on dedicated HW) not detected beforeon-site tests;



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

6

Motivations – 2/2

Due to the additional efforts and costs, often thearchitectural design is carried out without anymodeling and simulation support.

However, if

I the system to be controlled is non-conventional or new;

I the required performances are very demanding;

I the plant is not yet available and/or the testing on-siteis very risky;

then the use of modeling and simulation tools duringthe design phase becomes highly recommended.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

7

Design phase with modeling and simulation tools

I A simulation model development cycle runs in parallel with acontrol system development cycle.

I A simplified mathematical model aides the requirementdefinition and the preliminary control design.

I The algorithm validation is carried out by means of detailedsimulations model.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

8

Rapid prototyping

The following step is the Rapid Prototyping:

I The prototypical model is tested against a plantsimulator whose detail level can be chosen by thedesigner.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

9

Prototype of the control system as formal description ofthe requirements

I The high-level description of the prototype representsan unambiguous description of the control systembehaviour.

I It can be used as formal specification of therequirements.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

10

Tools – 1/2

The proposed approach is based on the availability of

I several plant models (at different level of details);

I automatic tools for the rapid prototyping of bothcontrol system and plant simulator.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

11

Tools – 2/2

Once the real implementation of the control system will bedelivered by the contractors, it can be tested against thereal-time simulator before the installation on the plant.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

12

Tokamak

A tokamak is an electromagnetic machine containing a fullyionised gas (plasma) at about 100 million degrees within atorus shaped vacuum vessel. Poloidal and toroidal field coils,together with the plasma current, generate a spirallingmagnetic field that confines the plasma.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

13

ITER

ITER is a joint venture of 7 participant teams (EU plusSwitzerland, Japan, the People’s Republic of China, India,the Republis of Korea, Russia and USA). It has beendesigned to demonstrate the feasibility of fusion energy forpeaceful purposes.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

14

ITER Central Safety System - System Requirements

The functional requirements for the ITER CSS have beenspecified in terms of

I Mitigation Actions - are the actions that must becarried out by the CSS after the occurrence of a safetyrelevant fault. Hence the Mitigation Actions provide thespecification for the control system prototype(CSS-PROT).

I Fault Conditions - are the initiating events that followthe occurrence of relevant faults for nuclear safety. TheFault Conditions represent the specifications for theplant simulator (CSS-OPS).

Example: a safety relevant fault is a malfunction of thecooling system, while the related initiating event can bean overpressure in the pipeline.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

15

Setup 1/3

Two operational setups have been provided

I the offline setup to perform the design of the controlsystem;

I the real-time setup to perform test and validation withhardware-in-the-loop (HIL) simulations.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

16

Setup 2/3

In the offline setup:

I the prototype of the control system is written in a high levellanguage, such as Sequential Functional Charts (SFCs) orStateflow. This is an high level description of the controlsystem functional requirements;

I the whole control system is tested against the plantsimulator.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

17

Setup 3/3

By using automatic code generation (ACG) tools, the control

system prototype and the plant simulator are deployed on

real-time targets, in order to validate the real implementation of

the safety control system by means of HIL simulations.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

18

Experimental setup deployed at ITER for the rapidprototyping of the CSS

I The controller runs on the Siemens PLC.

I The plant simulator runs on the NI Real-Time Target.

I Several users can connect remotely to the HMI to monitoringand/or control (inject faults, switch on manual actions ...).



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

19

High concentration of tritium and/or contaminatedproducts in the Tokamak Gallery

Two Mitigation Actions have to be performedI Service Vacuum Vent Detritiation SystemI Relief to Normal Vent Detritiation System

The specifications for the CSSare described by two SFCs,which represent also a formaldescription of the CSS-PROTbehaviour.



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

20

Offline and HIL simulations

Two different values of the tritium inlet flow in the TokamakGallery are set, at t ∼= 99 s and t ∼= 200 s, respectively. Thefirst change causes the trespass of the guard limit, while thesecond causes the safety limit to be exceeded.

Offline (left) and HIL simulation (right).



G. De Tommasi

Outline

Motivations


ITER

Requirements

Setup

Examples

21

Conclusions

I Questions ?

Thank you!

A flexible architecture for the rapid prototyping of ...

Documents

Transcript of A flexible architecture for the rapid prototyping of ...