Interlock System

From HaicuWiki
Revision as of 19:21, 10 March 2026 by Lmartin (talk | contribs) (Work in Progress)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Hazards and degrees of malfunction

The HAICU trap contains several hazards to personnel and equipment safety. The main hazards to personnel are posed by the high power magnet power supplies, while the main hazards to equipment also include leaks/faults in the water cooling system leading to magnet overheating and local flooding.

For mitigation purposes it is useful to separate three different degrees of malfunction: noticeable, concerning, and catastrophic. While this latter term is a little dramatic, the real distinction is between gradual changes in behaviour (e.g. the cooling water flow gradually decreases over time, indicating material buildup in the lines), and drastic changes (e.g. water flow on one of the output lines drops to zero, indicating a burst tube, spraying water, or significant reduction one of the small lines, indicating a local clog).

Naturally these need to be handled differently:

Type A: Catastrophic changes are simple thresholds that can be handled entirely in hardware, and trigger and emergency shutdown (crowbar). They must NEVER go unnoticed.

Type B: Concerning changes are also simple thresholds, but typically have finer granularity and adjustability and can benefit from some simple logic, (e.g. "more than 3 flowmeters read low")

Type C: Noticeable changes require some level of analysis of observables over time, and are used to trigger gentle system ramp-downs to prevent more serious damage. These are a first line of defense and thus somewhat redundant. Should one get missed, overall safety (and most importantly personnel safety) is not compromised.

The interlock system only handles type A and B events, type C is handled in MIDAS.

Sensors

The main concern for hazardous events in this setup is a malfunction or inadequacy in the water cooling system, which could lead to flooding or overheating.

The system is monitored for malfunctions or abnormalities by a variety of sensing systems targeting different observables:

  1. Flowmeters: these small paddle-wheel flowmeters monitor the flow in all individual cooling water branches and provide a quantitative readout to a microcontroller and from there to MIDAS (B, C)
  2. Flow Switches: these bulkier flowmeters sit in main water lines and have in-built threshold detection that can directly connect to an interlock system (A)
  3. Thermistors: small thermistors are attached in key locations of the magnets and provide a quantitative readout to a microcontroller, much like the flowmeters (B, C)
  4. Thermal Switches: bi-metal switches that provide no quantitative information but can directly connect to an interlock system, they can be placed in strategic locations (A)
  5. Thermal Monitor Switch: thermistor- or thermocouple-reading box that provides a quantitative readout and and internal threshold, low granularity (optional, A, C)
  6. Level Switches: simple float switches that trigger if the water in the leak-catching enclosure rises too high (A)
  7. Leak Sensors: resistive wetness-sensing switches that can connect directly to an interlock system and can be placed on the floor in strategic locations (A)

Output/Switching

The main two things the interlock system needs to control are the magnet power supplies and the main water supply. Most interlock conditions that do not indicate a leak will simply turn off the magnet power supplies to prevent overheating, while leak detection additionally closes the main water valve to minimize flooding, and shuts down other sensitive electronics.

Technically this is typically achieved by opening or closing a switch connecting two control pins on the device in question.

Modular Interlock System

Requirements

One big requirement for an interlock system like this is, that it fails safe, i.e. a loss of power in the interlock system itself, or the cutting or disconnection of a wire, leads to the safe locked condition, rather than the all clear. Additionally the core interlock system should require no programming to minimize the possibility of bugs.

In the HAICU interlock system, the interlock logic is modeled by relays in series. In order for the all clear to be given, voltage must pass through a series of normally open relays that each actively get switched closed by one of the above sensors. Each input has a manual bypass switch do allow for the manual deactivation of individual inputs.

Finally the interlock system must latch. This means that, once triggered, the system does not go back into the all clear condition without human intervention. This is achieved by a separate output module.

Modules

Since the number of inputs and outputs to the system may change, it was decided to go with a modular approach instead of a single PCB. The following sections describe the individual modules.

Power

Top distribution

Switch Input

TTL Input

Bottom distribution

Individual Output

DSub Output

Retrieved from "https://daq00.triumf.ca/HaicuWiki/index.php?title=Interlock_System&oldid=66"