Light Path Safety Function

The concentrated focused beam of sunlight produced by a 4.0m mirror is around 16.9 kW. Enough energy to boil a liter of water in about 3 seconds. The concentrated focused beam can and has caused damage to telescope components at or near the prime focus and at other points along the optical path.

There is a similar function that can be confused for this Light Path Safety Function. The Top End Optical Assembly Safety Function serves to protect the components of the Heat Stop Assembly quickly by deploying the Heat Stop Safety Shutter then activating this Light Path Safety Function.

To achieve the required SIL rating, two redundant methods of blocking the light path are employed—the M1 Cover and the Aperture Cover. Each system is independent and have unrelated back-up power sources to minimize common cause failures.

Light Path Safety Function

Safety Function	Light Path
Hazard	Focused sunlight along optical path
Triggering Event	Any of the following: TEOA Safety Function activated: Heat Stop over temperature Heat Absorber over temperature Heat Stop low coolant flow Safety shutter not fully stowed Telescope Altitude permissive removed Telescope Azimuth permissive removed M1 Cover UPS failure Aperture cover drive ‘not ready’ Separation angle between Sun and optical path > 1.5R_☉ Heat Stop fuse wire not OK Instrument Field-of-view misconfigured
Priority	The Light Path shall take priority over all other control functions.
Modes	When light path is not blocked Sun above the horizon and Enclosure Aperture pointing within 25° of the Sun
Reaction	Block light path using sequence: Close M1 Cover then Close Aperture Cover
Safe State	Aperture Cover closed M1 Mirror Cover closed
Required Integrity	SIL2

The operation of the Light Path Safety Function is defined in the GIC_GLX code in the Light_Path routine, in the SafetyProgram, in the SafetyTask of the GIC_GLX controller.

Time		Reaction	Comment

Time		Reaction	Comment
0:00	15s	M1 Cover starts closing
0:15	135s	Aperture Cover starts closing	M1 Cover must be closed.
2:30			Aperture Cover must be closed.

The M1 is commanded to close when the trigger conditions are met.

After the M1 Cover is fully closed or 15 seconds later, whichever comes first, the Aperture cover is commanded to close. If the M1 cover fails to fully close within 15 seconds an M1 Cover Timeout Fault is generated and latched.

If the Aperture Cover fully closes within 2:15 after being commanded the safe state has been reached and the sequence is terminated. If the Aperture Cover fails to fully close within 2:15 of being commanded to close an Aperture Cover Timeout Fault will be generated and latched.