E. Barrera, M. Ruiz, A. Bustos, M. Afif, B. Radle, J. Fernández-Hernando, I. Prieto, R. Pedica, Miguel J. Barcala, J. Oller, R. Castro
{"title":"Implementation of ITER fast plant interlock system using FPGAs with cRIO","authors":"E. Barrera, M. Ruiz, A. Bustos, M. Afif, B. Radle, J. Fernández-Hernando, I. Prieto, R. Pedica, Miguel J. Barcala, J. Oller, R. Castro","doi":"10.1109/rtc.2016.7543095","DOIUrl":null,"url":null,"abstract":"Interlocks are the instrumented functions of ITER that protect the machine against failures of the plant system components or incorrect machine operation. Regarding I&C, the Interlock Control System (ICS) ensures that no failure of the conventional ITER controls can lead to a serious damage of the machine integrity or availability. The ICS is in charge of the supervision and control of all the ITER components involved in the instrumented protection of the Tokamak and its auxiliary systems. It is constituted by the Central Interlock System (CIS), the different Plant Interlock Systems (PIS) and its networks. The ICS does not include the sensors and actuators of the plant systems but it is in charge of their control. The ITER interlock system shall be designed, built and operated according to the highest quality standards. The international standard IEC-61508 has been chosen as the reference. In both CIS and PIS cases two main architectures are used: a slow architecture, for those functions with response time requirements slower than 100ms (300 ms for central interlock functions), based on PLC technologies, and a fast architecture, based on FPGA technologies, for the functions with faster requirement times. The proposed design for fast PIS is based on the use of RIO (Reconfigurable Input/Output) technology from National Instruments (compactRIO platform). In order to provide a high integrity solution, a FMEDA (Failure Modes Effects and Diagnostics Analysis) has been conducted to analyze the components behavior. According to the output of the FMEDA a set of diagnostics has been defined and additional redundancy was added to the architecture to improve the integrity figures. The defined configuration has been called the “double-decker solution”, with two chassis running in parallel, communicated between them using a synchronous high speed serial line, and using redundant modules to implement the input and output measurement/excitations and redundant analog and digital modules to implement the diagnostics of these input/output modules. The integrity figures for the “double decker” solution are obtained from the classification of the failure rates, obtaining for the different configurations a SFF (safe failure fraction) of 85% and a FPH (Probability of dangerous Failure per Hour) of less than 1E-07. The FPGA design includes all the hardware to support the data acquisition from the input modules, the implementation of the diagnostics functionalities for analog and digital modules, the voting schema and the activation/deactivation of digital outputs. The platform includes an external test platform, also based on compactRIO technology, to perform the validation of the system and to register the performance of the different interlock functions implemented. The response times obtained for the TTL input to TTL output interlock function ranges from 5μs to 20μs; for the analog input to TTL output the response time is in the range of 41 μs to 90 μs, and for interlock functions using 24V digital input to 24V digital output, the time can rise up to 643 μs.","PeriodicalId":383702,"journal":{"name":"2016 IEEE-NPSS Real Time Conference (RT)","volume":"1164 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE-NPSS Real Time Conference (RT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/rtc.2016.7543095","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Interlocks are the instrumented functions of ITER that protect the machine against failures of the plant system components or incorrect machine operation. Regarding I&C, the Interlock Control System (ICS) ensures that no failure of the conventional ITER controls can lead to a serious damage of the machine integrity or availability. The ICS is in charge of the supervision and control of all the ITER components involved in the instrumented protection of the Tokamak and its auxiliary systems. It is constituted by the Central Interlock System (CIS), the different Plant Interlock Systems (PIS) and its networks. The ICS does not include the sensors and actuators of the plant systems but it is in charge of their control. The ITER interlock system shall be designed, built and operated according to the highest quality standards. The international standard IEC-61508 has been chosen as the reference. In both CIS and PIS cases two main architectures are used: a slow architecture, for those functions with response time requirements slower than 100ms (300 ms for central interlock functions), based on PLC technologies, and a fast architecture, based on FPGA technologies, for the functions with faster requirement times. The proposed design for fast PIS is based on the use of RIO (Reconfigurable Input/Output) technology from National Instruments (compactRIO platform). In order to provide a high integrity solution, a FMEDA (Failure Modes Effects and Diagnostics Analysis) has been conducted to analyze the components behavior. According to the output of the FMEDA a set of diagnostics has been defined and additional redundancy was added to the architecture to improve the integrity figures. The defined configuration has been called the “double-decker solution”, with two chassis running in parallel, communicated between them using a synchronous high speed serial line, and using redundant modules to implement the input and output measurement/excitations and redundant analog and digital modules to implement the diagnostics of these input/output modules. The integrity figures for the “double decker” solution are obtained from the classification of the failure rates, obtaining for the different configurations a SFF (safe failure fraction) of 85% and a FPH (Probability of dangerous Failure per Hour) of less than 1E-07. The FPGA design includes all the hardware to support the data acquisition from the input modules, the implementation of the diagnostics functionalities for analog and digital modules, the voting schema and the activation/deactivation of digital outputs. The platform includes an external test platform, also based on compactRIO technology, to perform the validation of the system and to register the performance of the different interlock functions implemented. The response times obtained for the TTL input to TTL output interlock function ranges from 5μs to 20μs; for the analog input to TTL output the response time is in the range of 41 μs to 90 μs, and for interlock functions using 24V digital input to 24V digital output, the time can rise up to 643 μs.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
