An out-of-the-box solution for a fast Machine Interlock System for Big Physics
A fast, flexible and reliable machine interlock system (MIS) is a safety feature that every machine needs to prevent it from harming its users or damaging itself, primarily when it operates at high energies. Even most machines in everyday use have an MIS, such as cars, clothes-washers, lifts and microwave ovens, but so do Big Physics machines, which often operate at quite high energy levels.
What is an interlock?
An interlock in engineering terms is a system feature that makes the states of machine mechanisms or functions mutually dependent in such a way to prevent damage to the machine and harm to its users. A simple interlock, for example, is the electromechanical module in a clothes-washing machine that during the high-speed water-extraction prevents user-access to the spinning drum and stops the drum’s rotation if the door is somehow forced open. In this way, a Machine Interlock System (MIS) blocks an element from changing to a critical state if a problem is detected in another element.
Why did we choose our specific design?
As modern particle accelerator systems are, by their very nature, highly complex, it is quite a challenge for control system architects to determine the best balance between machine availability and the safety of equipment and personnel. Both Cosylab and the Shanghai Institute of Applied Physics (SINAP) were quite aware of this challenge and joined forces in creating a reliable software and hardware product that is an out-of-the-box solution for the Machine Protection System (MPS) engineer.
The Design Solution
The fast MIS that we have developed has a proven hardware platform and utilises powerful and radiation-tolerant FPGAs based on non-volatile flash technology. It also enables redundancies for the power supply, hardware components and logic, and is fully configurable from the industry standard and open-source software infrastructure EPICS.
Our design also meets other requirements for a modern MIS, such as fast response times, signal path determinism, IO capability, scalability, and excellent integration with the control system and the timing system. Other functionality includes post-mortem logging and configuration verification.
There was one user requirement that was of particular concern to us: guaranteeing a response time (RT) ≤ 5 µs for failures in the crucial parts of the accelerator. We achieved a short and deterministic interlock local RT of less than 400 ns.
Risks of failure and complexity of risk analysis often increase nonlinearly with rising system complexity. In our core unit of the MIS, we isolated the safety-critical part, which handles interlock responses, from the safety non-critical part, which operates the configuration, management and monitoring elements of the system.
Benefits of Our Fast MIS
Currently, our MIS is slated for use in the patient-treatment interlock system of APTRON, the Advanced Proton Therapy Facility in Shanghai, China. To be useful in all of these scenarios, the fast MIS platform designed by Cosylab and manufactured by SINAP is an autonomous and significantly scalable and adaptable system.
Our solution presents an industrial-grade high-tech solution which covers all standard MIS functionality with the speed, flexibility, reliability, availability, determinism and consistent response which modern Big Physics facilities need for a robust Machine Protection System.
Anže Jakoš, Uroš Legat, Cosylab
