Subsystem Guidelines¶

To manage operation of NUSTAR DCS with a flexible set of sub-systems, and to keep the integration complexity at a manageable level, each NUSTAR DCS sub-system should follow the set of guidelines outlined here.

Sub-system State Machine¶

A finite state machine (FSM) should govern sub-system state transitions. This FSM should be implemented at least at the top level of each sub-system, and it may also be benefitial to implement a state machine at lower levels. The state machine consists of two sets. One set controls the desired sub-system state. The second set reflects the sub-system error state.

States¶

The main states for sub-systems defined in NUSTAR DCS are shown in the state diagram:

Off: The sub-system is powered off as much as possible. Some IOCs may be shut down as well, and will only be started in the ‘Standby’ state.
Standby: The sub-system is ready for switching on. Also, devices are configured as much as possible. The transition from ‘Off’ to ‘Standby’ may take a long time. Sub-systems should reach in ‘Standby’ state at least 24 hours before beam taking.
On: The sub-system is fully switched on and ready for beam. Transition of a sub-system from ‘Standby’ to ‘On’ should take less than 10 minutes for most sub-systems.
Safety: Some operations may require beam condidions that are harmful to parts of the sub-system. In this case, the sub-system should be operated in the ‘Safety’ state. Transition to and from the safety state should not take longer than a few minutes (better < 1 minute).
No error: Normal operation.
Error: In case of an unresolvable error condition in any of the ‘On’ states, a transition into the ‘Error’ state occurs. In this case operator intervention is necessary. The operator then decides which state should be used next.
Error recovery: For specific types of errors and error conditions, automatic recovery procedures may be implemented in the state machine. In this case, this recovery is attempted. If it fails, the sub-system goes into ‘Error’ state.