Speaker
Description
The migration from hardwired interlocks to packet-based networks in high-power accelerators (e.g., White Rabbit) raises a certification challenge: safety-class machine protection systems require provable end-to-end latency guarantees under worst-case contention, not average-delay evidence. This paper presents a two-layer assurance methodology for the CiADS Fast Protection System. First, we derive a deterministic end-to-end latency upper bound using Network Calculus. Input traffic is constrained by a source-side Zynq FPGA shaper implementing a token-bucket envelope, and non-preemptive strict-priority switching is modeled. To bound blocking, we cap best-effort frame length (Lmax≤256B) and include it in the bound. Second, we quantify safety margin and tail risk via Extreme Value Theory using a Peaks-Over-Threshold model with a Generalized Pareto fit to estimate extreme quantiles and violation probabilities with confidence bounds. Experiments show the NC bound (6.8 µs) envelopes measured worst-case latency, and EVT tail estimates stay below the 10 µs requirement.
| I have read and accept the Privacy Policy Statement | Yes |
|---|