BIW May 2004 LHCSILSystemsBLMSSoftwareResults Reliability of BLMS for the LHC. G.Guaglio, B Dehning,...
Transcript of BIW May 2004 LHCSILSystemsBLMSSoftwareResults Reliability of BLMS for the LHC. G.Guaglio, B Dehning,...
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
1/15BIW May 2004
LHC SIL Systems BLMS Software Results
Reliability of Beam Loss Monitors System for the Large Hadron Collider
Reliability of Beam Loss Monitors System for the Large Hadron Collider
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
2/15BIW May 2004
LHC SIL Systems BLMS Software Results
LHC Superconductive Magnets
In LHC there are:514 main quadrupoles
(MQ),1232 main dipoles (MD).Favorite loss location:
quadrupole and transitions.
We will monitor only the MQ (and some other critical locations). If losses exceed a threshold, a dump signal is generated.
RF
Cle
anin
g
sectio
n
Proton injection
Dump
Cle
anin
g
sect
ion
Proton injection
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
3/15BIW May 2004
LHC SIL Systems BLMS Software Results
SIL approachSafety Integrity Levels (IEC 61508): our
guideline for LHC protection systems.
Events definition Event
gravity
Event frequency Suggested system
failure rateExpected (LHC) system failure rate
Faced risk
Magnet Destruction
False Dump
Substitution downtime
Recovering downtime
Dangerous losses/y
False dump/y
Suggested/Tolerable failure rates
Unavailability of protection system
Failure rate frequency
Destruct magnets/y
False dumps/y
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
4/15BIW May 2004
LHC SIL Systems BLMS Software Results
Events Definition
Prevent superconductive magnet destruction (MaDe) due to an high loss (~30 downtime days for substitution).
Avoid false dumps (FaDu) ( ~3 downtime hours to recover previous beam status).
System fault events
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
5/15BIW May 2004
LHC SIL Systems BLMS Software Results
FrequencyTABLE 1). Frequency table used for LHC risk definition.
Category Description Indicative frequency level (per year)
Frequent Events which are very likely to occur
> 1
Probable Events that are likely to occur
10-1 - 1
Occasional Events which are possible and expected to
occur
10-2 – 10-1
Remote Events which are possible but not
expected to occur
10-3 – 10-2
Improbable Events which are unlikely to occur
10-4 – 10-3
Negligible / Not credible Events which are extremely unlikely to
occur
< 10-4
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
6/15BIW May 2004
LHC SIL Systems BLMS Software Results
GravityTABLE 1). Gravity table used for LHC risk definition.
Category Injury to personnel Damage to equipment
Criteria N. fatalities (indicative)
CHF Loss Downtime
Catastrophic
Events capable of resulting in
multiple fatalities
1 > 5*107 > 6 months
Major Events capable of resulting in a
fatality
0.1 (or 1 over 10 accidents)
106 – 5*107 20 days to 6 months
Severe Events which may lead to serious, but
not fatal, injury
0.01 (or 1 over 100 accidents)
105 – 106 3 to 20 days
Minor Events which may lead to minor
injuries
0.001 (or 1 over 1000 accidents)
0 – 105 < 3 days
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
7/15BIW May 2004
LHC SIL Systems BLMS Software Results
SIL levelsEvent Likelihood Consequence
Catas-trophic
Major Severe
Minor
Frequent SIL 4 SIL 3 SIL 3 SIL 2
Probable SIL 3 SIL 3 SIL 3 SIL 2
Occasional SIL 3 SIL 3 SIL 2 SIL 1
Remote SIL 3 SIL 2 SIL 2 SIL 1
Improbable SIL 3 SIL 2 SIL 1 SIL 1
Negligible / Not Credible
SIL 2 SIL 1 SIL 1 SIL 1
SIL Probability of a dangerous failure per hour
4 10-9 < Pr < 10-8
3 10-8 < Pr < 10-7
2 10-7 < Pr < 10-6
1 10-6 < Pr < 10-5
For high demand /continuousmode ofoperation systems
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
8/15BIW May 2004
LHC SIL Systems BLMS Software Results
LHC Systems
MaD
eLo
ss
Dura
tion
<10m
s>
10
sm
iddl
e
FaD
u
Resi
stiv
e
magnets
Life
tim
e
RF
Beam
posi
tion Acc
ess
Tim
ing
Experi
ments
Colli
mati
on
Vacu
um
Dum
p
Beam
Energ
y
Inte
rlock
s Cry
ogenic
s
Quench
pro
tect
ion
Beam
Loss
4 first line systems: average
2.5E-8/h
~20 dump generator systems: average 5E-8/h
Pow
er
convert
er
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
9/15BIW May 2004
LHC SIL Systems BLMS Software Results
BLMSCurrent tofrequencyconverter
Multi-plexerLASER
DiodeDemulti-plexer
Thresholdcomparator
BIC (Dump)Beam PermitBeam EnergyVME Bus
Analogue Electronics Digital Electronics
Below Quad. in ARC
Ionization chamber
At surface (SR, SX)
Switch
Iin(t)
Referencecurrent
Tresholdcomparator
One-shotT
Iref
Integrator
fout1.E+06
1.E+07
1.E+08
1.E+09
1.E+10
1.E+11
1.E+12
1.E+13
1.E+14
1.E+15
1.E-02 1.E-01 1.E+00 1.E+01 1.E+02 1.E+03 1.E+04 1.E+05 1.E+06
duration of loss [ms]
qu
en
ch
le
ve
ls [
pro
ton
/m/s
]
7 TeV
450 GeV
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
10/15BIW May 2004
LHC SIL Systems BLMS Software Results
Availability improvements
Test (continuously, 20 hours and yearly) of detector and analog electronic, to face integral dose degradation; voting for digital part, to avoid single event effects.
Actions against the weakest elements (lasers, CRC, decisions table,…):redundancy.
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
11/15BIW May 2004
LHC SIL Systems BLMS Software Results
Failure Rates
Element
Failure rate [10-8 1/h]Inspecti
on interval
[h]
NotesSingle Not
redundantRedund
ant
IC+cable+terminations
2.5
24
20 Experience SPS
Integrator 2.0
Contin
uous (4
0 s)
Dose
an
d fl
uence
te
sted
Switch 8.7
FPGA TX* 200
840 0.014
Laser 510
2 Optical connectors
20
Optical fibre 20
Photodiode 3.2
FPGA RX* 70
Reference:MIL-HDBK-217FIC calculated with 60% confidence level of no fails over 140 IC in 30 years in SPS
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
12/15BIW May 2004
LHC SIL Systems BLMS Software Results
Component failure rate predictions.
Assembly failure mode.
System dependability.
References:MIL-217 (electronic), Telcordia (telecommunication), IEC (electronic), NSWC (mechanical)
Failure Mode Effect and Criticality Analysis
Reliability Block DiagramFault Tree
Software possibilities
Front end electronic
MonitorSurface
electronicDump
electronicLaser line 1
Laser line 2
Dump line 1
Dump line 2
Dump line 3
2
System failure
FPGA TX
FPGA RX
Com-biner2oo3
ICBeam
interlockDUMP
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
13/15BIW May 2004
LHC SIL Systems BLMS Software Results
0.6
0.45
0.3
0.15
0
I C
JFE
T1
JFE
T2 OP
A1
OP
A2
LA
SER
1
LA
SER
2
Rel
ativ
e im
por
tan
ce
Software outputs
Time profiles
Importance diagram
Un
reli
abil
ity
40 s 80 s20 h 40 h
Unavailability, failure rate,…
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
14/15BIW May 2004
LHC SIL Systems BLMS Software Results
Results
FaDu (no Power Supply): 2.4 10-7/h * 4000 h/y * 3200 = 3/y
Foreseen event frequency:
“Focused” dangerous losses per years:
pessimistic!
Number of channels
Beam hours: 200 d*20 h/d
We are beyond the Functional limits, but tolerable for Malfunction approach: good confidence that in 20 year we will lose (less than) the 16 spares magnets and BLMS generate around 3 false dump per year.
SIL suggested rate: 2.5 10-8/h
SIL suggested rate: 5.0 10-8/h
5.0 10-7/h * 4000 h/y * 100 = 0.2/yMaDe (single channel):
Reliability of BLMS for the LHC.
G.Guaglio, B Dehning, C. Santoni
15/15BIW May 2004
LHC SIL Systems BLMS Software Results
Conclusions1. Probable multi-detection per loss
(further simulations on going): MaDe OK.
2. FaDu improving with better electronic components (and better power distribution).
3. The systematic reliability approach guide the BLMS design (redundancies, testing, sensitivity evaluations).