UK Astronomy Technology Centre	Chris Tierney
Royal Observatory, Edinburgh	31st March 2001

Safety features of the NAOMI EPICS software

It must be stated that under no circumstances must anyone attempt work on the NAOMI wavefront sensor, calibration unit, DM-positioning stages or, indeed, any other part of the NAOMI intrument without first disabling power to the motors and other mechanical/electronic components.

That said, there are safety features built into the EPICS software.

Instrument safety

Misuse of the EPICS software can result in damage to the instrument. Every attempt is made to ensure the each of the NAOMI assemblies does not drive any (device) stage into a dangerous position. Limit switches are installed at all locations at which a collision may occur, with currently one exception: A collision can occur between the wavefront sensor fore-optics stage and the wavefront sensor enclosure.

With the correct assembly lookup table parameters, as set at this time of writing and as far as testing can ascertain, control over the instrument from the assemblyControl screens cannot result in a collision liable to damage the isntrument.

AssemblyControl screens can be identified by the words "Assembly Control" in the screen title. It is safe to control the instrument from these screens.

Control over the instrument using the deviceControl screens (easily identifiable by the word "device" in the screen title), or using the deviceControl records by another means, could result in instrument damage if hardware protection is faulty (as is the case for the fore-optics collision mentioned above). If assembly lookup table entries are changed inappropriately, then the instrument safety features of the assemblyControl records may also be compromised. The author of the NAOMI EPICS software accepts no responsibility for any damage to the NAOMI instrument that results from such misuse.

Personal safety

The author of the NAOMI EPICS software cannot accept responsibility for the safety of individuals work on or near the NAOMI instrument.

There is currently no provision for switching off electrical power to any part of the instrument, or instrument electronics, using the EPICS control software. The exception to this is that motor power is enabled/disabled during the course of a move by the OMS motor control cards.

One safety feature has been implemented, however, to enable any motion of the wavefront sensor, calibration unit or DM positioning stages to be stopped from the EPICS DM screens.

All screens, except the high-level menu screens, have a red "emergency" button located in the top right-hand corner.

Clicking this activates an interlock system that should stop all motion of mechanisms controlled by the EPICS software (note that this does not include motion of the fast steering mirror or the DM mirror segments). The results of this action are that the OMS motor control cards are instructed to stop pulse generation to the steppermotors, and control signals to the DC motor (installed in the mask stage of the calibration unit) are reset to stop the motor. Electrical power to the instrument is unaffected but this process.

The software can be restored to a normal working mode by clicking one of the green "reset" buttons that accompany the emergency buttons.

For detail about the operation of this "interlock" system, see documentation for the interlock capfast schematic and individual assembly schematics, as well as the safety section relating to each assembly and device screen in the NAOMI screens documentation.

The interlock system is available for use by other software systems, via channel access.

The interlock system may not function in the event of a failure of either the software or the method of communication with the hardware on which the software is running.