RICH Safety FSM

Principles of the safety operation

The principle of the RICH Safety FSM is to execute a Emergency_OFF command to the relevant hardware when a sensor shows values outside a predefined range. For the action to happen the FSM state of the sensor will be ERROR. The Emergency_OFF command will be executed in the DCS and HV FSM trees.

The hardware segmentation for the actions is one MaPMT column, for a high column temperature sensor or one RICH side (MaPMT box) for a sensor inside the MaPMT enclosure or low cooling pressure.

The safety FSM objects have the following states: NOT_READY, READY, ERROR, EMERGENCY_OFF. The meaning of these states is as follows:

READY

The Safety FSM is ready for action. The state of the DCS subsystems can be READY, OFF or even ERROR.

NOT_READY

The sensors for the Safety FSM are in the NOT_READY state or there is a mixture of states in the tree below, with some nodes potentially in EMERGENCY_OFF. Being in the NOT_READY state allows for an Emergency_OFF command to be executed.

ERROR

Something went wrong while executing the Emergency_OFF command, Ideally this should never happen. While in the ERROR state no actions will be taken.

EMERGENCY_OFF

All the tree below is in the EMERGENCY_OFF state.

Safety FSM installation

In order to create the RICH2 Safety FSM in the ECS project the follow steps should be followed:

• Install lbFsmDomains
• Make sure that the R2DCS1 and R2HV1 projects are running and the FSM started
• Unpack the file /group/rich/sw/RICH2_Safety.zip in the project directory
• From the FSM tab of the DEN import the following FSM types:
  • Lbrich_DCS_Column and LbrichSensorCollection and LbrichTemperatureCollection from the project R2DCS1
  • RICH_HV_COLUMN from R2HV1
  • LbrichBoxSafety and LbrichColumnSafety from files in the ECS project
• Create the top level RICH_SAFETY CU of type SAFETY_Domain
• Launch the panel RICH2_SafetyFSM and press the button

AntonisPapanestis - 2020-10-26