High Performance Distributed Mixed Criticality Systems to SIL2

A proton beam can drill through its carrier tube in the space of 6us. In order to prevent this and further damage a Fast Beam Interlock System (FBIS) must be implemented to turn the source off, or deflect the beam into a dump, if guiding magnets and/or choppers fail. This FBIS consists of some 1200 sensors and actuators centralised over about 120 sensor interfaces and 20 processing units all distributed across 300 meters. As such it represents a fast, highly distributed monitoring system that can be found in any number of different industry applications, especially infrastructure systems like turbines for energy genreation. The signals that are handled are of high criticality and must be treated as such so an implementation standard/methodology of SIL2 / IEC61508 is followed. Due to the SIL requirement and the high reaction speed requirements hand coding of the switch-off logic is necessary. But there are many other tasks, including monitoring for insurance reasons where hand-coding is unnecessarily onerous. In this paper we discuss the design and implementation of this system including the use of non SIL2 certified Components Off The Shelf (COTS), third party software and RTL code generated from C-code. We include in our discussion the verification techniques used, including g the use of Hardware in the Loop techniques.