Preliminary exception handling analysis for the ITER plasma control system

Abstract Control of a Tokamak requires operating many sophisticated control loops in a dynamic sequence of activities. To take appropriate actions in case technical or physics conditions occur unexpectedly, the continuous control must be backed up by Exception Handling (EH) logic. To mature the Conceptual Design of the ITER Plasma Control System (PCS) with such logic for the Preliminary Design, we studied, in a formal process, how the plasma will be controlled during the 1 st plasma and early operation phases of ITER and analysed the required control and EH functions and dependencies: Three classes of Exception Handling were identified which cover all use cases: modification of the control behaviour of a single control function, modification of the control structure of connected controllers, and change of the control goal which modifies the overall control system. The three classes form a EH hierarchy from low to high impact responses that can be implemented as local EH in the Pulse Continuous Control layer and as central EH in the Pulse Supervision layer of the PCS.