ATST Safety Review HighLevel Software 26 January 2011

  • Slides: 15
Download presentation
ATST Safety Review High-Level Software 26 January 2011

ATST Safety Review High-Level Software 26 January 2011

Work Package Overview Telescope Software Control Systems (MCS, M 1 CS, TEOACS, FOCS, ACS,

Work Package Overview Telescope Software Control Systems (MCS, M 1 CS, TEOACS, FOCS, ACS, WCCS, PACCS, ECS) Observatory Software Control Systems (OCS, DHS, TCS, ICS) Instrument Software Control Systems

Work Package Overview • WBS Area(s): 1. 0 Telescope, 2. 0 WFC, 3. 0

Work Package Overview • WBS Area(s): 1. 0 Telescope, 2. 0 WFC, 3. 0 Instruments, 4. 0 Software, 5. 0 Enclosure • Responsible Engineer: Berst (3. 6), Cowan (4. 3), Goodrich (1. 0, 4. 4), Hubbard (4. 1), Johanssen (3. 1 - 3. 5), Wampler (4. 2) • Group Manager: Bret Goodrich • Contractor(s): TCS (4. 4), Observatory Control Ltd, Cambridge, UK; MCS (1. 1), IMT/MT Mechatronics, Rockford, IL/Mainz, Germany; ECS (5. 6); AEC/Idom, Minneapolis, MN/Bilbao, Spain; M 1 CS (1. 2), TEOACS (1. 3): TBD • Partners(s): VBI (3. 2), WCCS (2. 3), PACCS (3. 1. 1), ATST, Sunspot; Vi. SP (3. 3), High Altitude Observatory, Boulder; NIRSP (3. 4), Institute for Astronomy, Manoa; VTF (3. 5), Kiepenheuer-Institut für Sonnenphysik, Freiburg, Germany

Work Package Overview • Telescope Software (Goodrich) – 1. 1: TMA, Mount Control System

Work Package Overview • Telescope Software (Goodrich) – 1. 1: TMA, Mount Control System • operation of the altitude, azimuth, rotator mechanical systems • slew and track across the entire ranges of motion – 1. 2: M 1 Assembly, M 1 Control System • operation of the 120 axial and 24 lateral mirror actuators • support and figure control of the M 1 mirror – 1. 3: Top-end Optical Assembly, TEOA Control System • operation of the hexapod, fast tip-tilt • position and correction of the M 2 mirror

Work Package Overview • Telescope Software (Goodrich) – 1. 5: Feed Optics, Feed Optics

Work Package Overview • Telescope Software (Goodrich) – 1. 5: Feed Optics, Feed Optics Control System • operation of the M 3 and M 6 tip-tilt – 1. 8: Acquisition Control System • operation of the acquisition camera – 2. 3: Wavefront Correction Control System (Sunspot) • operation of the high-order and low-order wavefront correction – 3. 1. 1: Polarization Analysis and Calibration (Sunspot) • operation of the calibration optics at the Gregorian Optical Station – 5. 6: Enclosure, Enclosure Control System • operation of the carousel, shutter, entrance aperture • slew and track across entire range of motion

Work Package Overview • Instrument Software – 3. 1. 4: Instrument Control System (Johanssen)

Work Package Overview • Instrument Software – 3. 1. 4: Instrument Control System (Johanssen) • operation and coordination of the instruments – 3. 6. 2: Camera Software System (Berst) • operation of instrument cameras – – 3. 2: Visible Broadband Imager 3. 3: Visible Infrared Spectropolarimeter 3. 4: Near-Infrared Spectropolarimeter 3. 5: Visible Tunable Filter • each operates the mechanisms of the instrument

Work Package Overview • Observatory Software – 4. 1: Common Services Framework (Hubbard) •

Work Package Overview • Observatory Software – 4. 1: Common Services Framework (Hubbard) • infrastructure for all software systems – 4. 2: Observatory Control System (Wampler) • execution of observing programs – 4. 3: Data Handling System (Cowan) • data transfer, processing, storage, and archiving – 4. 4: Telescope Control System (OSL) • coordination of telescope systems

Schedule Overview • Telescope Control System: – FDR Feb 2011; Beta Release Feb 2012;

Schedule Overview • Telescope Control System: – FDR Feb 2011; Beta Release Feb 2012; Delivered Feb 2013 • Observatory Control System: – Beta Release June 2012; Delivered June 2014 • Data Handling System: – Beta Release July 2012; Delivered Dec 2015 • Instrument Control System: – Beta Release August 2012; Delivered Nov 2015 • Camera Software System: – FDR Jun 2011; Beta Release 2014; Delivered Dec 2015

Reference Design Preliminary Hazard Analysis • Software is not a safety system – All

Reference Design Preliminary Hazard Analysis • Software is not a safety system – All safety mechanisms (GIS) are wired in parallel with the control systems • Software may detect, report, and correct errors – These errors may or may not affect safety – Safety mechanisms must detect the safety-related errors • Software has an independent interlock network – That takes GIS interlocks and broadcasts them to the relevant software systems

Reference Design Preliminary Hazard Analysis • Personnel Safety Hazards (unanticipated motion): – Movement on

Reference Design Preliminary Hazard Analysis • Personnel Safety Hazards (unanticipated motion): – Movement on boot-up or start-up • Control system energizes motors and begins indexing operation – Prevention: • Manual lock-out mechanism • All software systems use a lifecycle mechanism. – Init state does not allow connection of software to hardware • Requirement to have a default, unpowered state and use it – “The default state of any equipment shall be an inert, non-moving, non-powered condition. Equipment shall take this state on an interlock condition, initialization, shutdown, or when commanded through the software interface. ” – Tested on acceptance • ATST standard motion controller enforces behavior – Three-step process: power-up, index, move

Motion Control States startup Operational shutdown manual park Off Manual manual Halted Jogging jog

Motion Control States startup Operational shutdown manual park Off Manual manual Halted Jogging jog idle manual park Lost home [fail] manual Homing do/find index [done] home idle follow idle Idling move or offset idle park idle or [done] Moving do/motion Following

Reference Design Preliminary Hazard Analysis • Personnel Safety Hazards (unanticipated motion): – Movement after

Reference Design Preliminary Hazard Analysis • Personnel Safety Hazards (unanticipated motion): – Movement after interlock release • Control system was moving when interlock occurred • Control system now receives interlock release and resumes moving – Prevention: • • Manual lockout mechanism Interlocks force software systems to cancel all actions Interlocks force software systems into default, unpowered state Resumption now follows boot-up/start-up process

Software Interlocks Operator can monitor the current GIS status GIS sends regular status information

Software Interlocks Operator can monitor the current GIS status GIS sends regular status information GIS status register A controller registers for a specific interlock event The registered interlock event name The registered interlock signal Operator Display OCS interlock event Controller event=atst. gis attr=tma Controller event=atst. gis attr=ecs An interlock will cause an interlock event to be sent Controller event=atst. gis attr=m 1 Controller • raise. Interlock() • reject commands • cancel actions • do. Raise. Interlock() • local operations • lower. Interlock() • accept commands • do. Lower. Interlock() • local operations interlock: event(string) interlock: attribute(string[])

Software Interlocks Interlock of top-level software system on hand paddle enable GIS OCS Cancel

Software Interlocks Interlock of top-level software system on hand paddle enable GIS OCS Cancel all actions ecs. alt Enc hand paddle mcs ecs. az Mnt hand paddle EMCS mcs. alt mcs. az Mnt Alt az Enclosure alt Mount az

Software Interlocks Interlock of low-level software system on hardware fault GIS OCS GIS Cancel

Software Interlocks Interlock of low-level software system on hardware fault GIS OCS GIS Cancel all actions Power off motors ecs. alt az fault mcs. az Mnt Alt az Enclosure alt Cancel all actions Power off motors mcs ecs. az EMCS az fault OCS alt Mount az

ATST Software Conceptual Design ATST Conceptual Design ReviewATST Software Conceptual Design ATST Conceptual Design Review
ATST Virtual Instrument Concept ATST Conceptual Design ReviewATST Virtual Instrument Concept ATST Conceptual Design Review
ATST Coronal Site Requirements ATST Background Induced MeasurementATST Coronal Site Requirements ATST Background Induced Measurement
ATST Status ATST SWG Meeting September 9 11ATST Status ATST SWG Meeting September 9 11
ATST Overview Mark Warner ATST Global Interlock SystemsATST Overview Mark Warner ATST Global Interlock Systems
ATST Status ATST SWG Meeting May 13 15ATST Status ATST SWG Meeting May 13 15
ATST Safety Review Emergency Response and Status ChuckATST Safety Review Emergency Response and Status Chuck
ATST Safety Review Site Development Support Facilities ConstructionATST Safety Review Site Development Support Facilities Construction
ATST Safety Review Enclosure Heather Marshall Enclosure EngineerATST Safety Review Enclosure Heather Marshall Enclosure Engineer
ATST Safety Review Enclosure Heather Marshall Enclosure EngineerATST Safety Review Enclosure Heather Marshall Enclosure Engineer
ATST Safety Review Feed Optics Kerry Gonzales SrATST Safety Review Feed Optics Kerry Gonzales Sr
ATST Safety Review M 1 Assembly Kerry GonzalesATST Safety Review M 1 Assembly Kerry Gonzales
ATST Safety Review Global Interlock System Overview ScottATST Safety Review Global Interlock System Overview Scott
ATST Safety Review Cleaning Coating Facilities Kerry GonzalesATST Safety Review Cleaning Coating Facilities Kerry Gonzales