Speaker
Mariano Ruiz
(Universidad Politecnica de Madrid)
Description
Interlocks are the instrumented functions of ITER that protect the machine against failures of the plant system components or incorrect machine operation. Regarding I&C, the Interlock Control System (ICS) ensures that no failure of the conventional ITER controls can lead to a serious damage of the machine integrity or availability. The ICS is in charge of the supervision and control of all the ITER components involved in the instrumented protection of the Tokamak and its auxiliary systems. It is constituted by the Central Interlock System (CIS), the different Plant Interlock Systems (PIS) and its networks. The ICS does not include the sensors and actuators of the plant systems but it is in charge of their control. The ITER interlock system shall be designed, built and operated according to the highest quality standards. The international standard IEC-61508 has been chosen as the reference. In both CIS and PIS cases two main architectures are used: a slow architecture, for those functions with response time requirements slower than 100ms (300 ms for central interlock functions), based on PLC technologies, and a fast architecture, based on FPGA technologies, for the functions with faster requirement times. The proposed design for fast PIS is based on the use of RIO (Reconfigurable Input/Output) technology from National Instruments (compactRIO platform). In order to provide a high integrity solution, a FMEDA (Failure Modes Effects and Diagnostics Analysis) has been conducted to analyse the components behaviour. According to the output of the FMEDA a set of diagnostics has been defined and additional redundancy was added to the architecture to improve the integrity figures. The defined configuration has been called the “double-decker solution”, with two chassis running in parallel, communicated between them using a synchronous high speed serial line, and using redundant modules to implement the input and output measurement/excitations and redundant analog and digital modules to implement the diagnostics of these input/output modules. The integrity figures for the “double decker” solution are obtained from the classification of the failure rates, obtaining for the different configurations a SFF (safe failure fraction) of 85% and a FPH (Probability of dangerous Failure per Hour) of less than 1E-07. The FPGA design includes all the hardware to support the data acquisition from the input modules, the implementation of the diagnostics functionalities for analog and digital modules, the voting schema and the activation/deactivation of digital outputs. The platform includes an external test platform, also based on compactRIO technology, to perform the validation of the system and to register the performance of the different interlock functions implemented. The response times obtained for the TTL input to TTL output interlock function ranges from 5µs to 20µs; for the analog input to TTL output the response time is in the range of 41 µs to 90 µs, and for interlock functions using 24V digital input to 24V digital output, the time can rise up to 643 µs.
Primary author
Prof.
Eduardo Barrera
(Universidad Politecnica de Madrid)
Co-authors
Mr
Alvaro Bustos
(Universidad Politecnica de Madrid)
Mr
Byron Radle
(National Instruments)
Mr
Ignacio Prieto
(Iberdrola Ingeniería y Construcción)
Mr
Jose Miguel Barcala
(Asociación Euratom/CIEMAT para la Fusión)
Mr
Juan Carlos Oller
(Asociación Euratom/CIEMAT para la Fusión)
Mr
Juan Luis Fernandez-Hernando
(ITER International Organization)
Mariano Ruiz
(Universidad Politecnica de Madrid)
Mr
Mehdi Afif
(National Instruments)
Mr
Pedica Riccardo
(Vitrociset, SPA)
Dr
Rodrigo Castro
(Asociación Euratom/CIEMAT para la Fusión)
