Post on 19-Apr-2018
transcript
What Will be Said
S Satellite ElementsS CharacteristicsS PurposeS OperationsS Logical ModelS ArchitectureS FunctionsS Ørsted onboard data handlingS RobustnessS Software DevelopmentS PitfallsS Résumé
PurposeLogisticsS Power distributionS CommandingS Time synchronisationS Status reporting
CommunicationS With groundS On satellite
AutonomyS Handle platform & payload without ground contact
Anomaly HandlingS Maintain mission objectivesS Prevent loss of satellite
Characteristics
Limited ResourcesS Processing powerS MemoryS Bandwidth on busses
Embedded Real-Time SoftwareS Hard real-time requirementsS Numerous events & actionsS Boot-strap software & application softwareS No operating system (bare platform)
Hostile EnvironmentS Fault preventionS Fault tolerance
Operations
Satellite
Ground Station
Spacelink
Control Centre
Network
Operators
OperationsProcedures
Command Time Line
MONSDPU
FMCHU
MONSCHU
STRCHU2
DEBUG
CDH
COMANT1
ANT2
RWA1
TEST
STRCHU1
RWA0
RWA3
RWA2
Red
unda
nt D
ata
Bus
PCDU
Subsystems
Rømer Data Handling Context
Exercise: The Black Box
Perceive a computer with a piece of embeddedsoftware.
It is a block box revealing only a limited amount ofstatus information.
What status information shall be available to assess theintegrity of:
1: Hardware
2: Software
OnboardTraffic
Management
ServiceProvider 1
ServiceProvider 2
ServiceProvider n
ServiceUser 1
ServiceUser 2
ServiceUser n
Serv ice Request
Serv ice Reports
Service Requests
Service Reports
...
...
Logical Model: Abstraction
ApplicationProcess N
Space Segment
Data Handling & Control System
OnboardTraffic
Management
ApplicationProcess 1
ApplicationProcess 2
ControlCentre 1
ControlCentre 2
ControlCentre N
Telecommand
Telemetry
Telecommand
Telemetry
...
...
Ground Segment
ProvidedServices
LocalSubsystem Provided
Services
ProvidedServices
RemoteSubsystem
Logical Model: Implementation
ESA Standards
Packet Telecommand StandardS Protocol for uplink: Ground segment ���� Space segmentS Stream of telecommand packets
Packet Telemetry StandardS Protocol for downlink: Space segment ���� Ground segmentS Stream of telemetry packets
Packet Utilisation StandardS Application layer: Ground segment vs. Space segmentS Logical model for satellite operation
Destination ID SequenceCounter Command Type Data Checksum
Head Tail
Telecommand
Originator ID SequenceCounter Telemetry Type Data Checksum
Head Tail
Time StampTelemetry
Telecommand/Telemetry Formats
Functions
S Telecommand verification
S Housekeeping data collection
S Event reporting
S Memory read/write
S Function activation/deactivation
S Time synchronisation
S Command time line
S Parameter monitoring
S Telemetry storage
TelecommandPacket ID
Packet SourceControl Code Parameters
TelecommandPacket ID
Packet SourceControl Code ParametersStep Number
Acceptance/Completion
Telemetry
Progress
Telecommand Verification
Telecommand Verification ServiceS Success/failure of telecommand executionS Error codeS Telecommand identification
SID ParametersHousekeeping Report
Telemetry
Housekeeping Data Collection
Housekeeping & Diagnostics Data ReportingS Periodic reading of parameter valuesS Reporting of temporally coherent valuesS Typical period: 60 seconds
RID ParametersEvent Report
Telemetry
Event Reporting
Event ReportingS Nominal eventsS Anomalies/errors
Memory ID N Start Address Data
Memory ID N Start Address Length
Memory ID N Start Address Length Checksum
Load
Dump
Checksum
Telecommand
Memory ID N Start Address Length
Memory ID N Start Address Data
Telemetry
Memory Read/Write
Memory ManagementS Reading/writing/verificationS Software updates (patching)S Debugging/diagnostics
Function ID Parameters
Function ID
Function ID ParametersActivity ID
Activate Funtion
Deactivate Funtion
Perform Activity
Telecommand
Function Activation/Deactivation
Function ManagementS Activation/deactivation of functions, modes etc.S Execution of activitiesS Functions identified by ASCII-string
Time Report
Telemetry
SatelliteTime
Time Synchronisation
Time ReportingS Generate time reports containing time stampS Report related to event on downlinkS Period based on required accuracy
Time Tag 1Range
N Abs/Rel TimeTag
TelecommandPacket
Time Tag 2
N Abs/Rel TimeTag
ApplicationProcess ID
SequenceCount
...Insert Telecommand
Delete Telecommands
Report Schedule
Telecommand Telemetry
Command Time Line
Onboard SchedulingS Time line of telecommandsS Executed when dueS Updated based on operational schedule/time line
N Parameter# ParameterValue Limit Crossed Transition TimeOut-of-Limit report
Telemetry
...
Parameter Monitoring
Onboard MonitoringS Periodic reading of parameter valuesS Comparison against nominal rangeS Report deviationsS Initiate error handling
Telemetry Storage
Onboard Storage & RetrievalS Storage of telemetryS Inserted in downlink during ground contactS Separate stores for different telemetry typesS Prioritised read-out
Exercise: Autonomy
Communication between satellite and control centre ispossible 2 times 10 minutes per day.
The remaining time it must survive on its own.
What anomalies/event/situations should your satellitebe able to handle autonomously?
PowerConditioning &
Distribution
Attitude ControlSystem
Onboard StorageAdministrator
PlatformManager
TelecommandScheduler
Ground Ground I/F PacketRouter Payload Payload
Actuators& Sensors
PCDUSubsystem
PowerConditioning &
Distribution
Attitude ControlSystem
Onboard StorageAdministrator
PlatformManager
TelecommandScheduler
Ground Ground I/F Payload Payload
Actuators& Sensors
PCDUSubsystem
PacketRouter
PowerConditioning &
Distribution
Attitude ControlSystem
Onboard StorageAdministrator
PlatformManager
TelecommandScheduler
Ground Ground I/F PacketRouter Payload Payload
Actuators& Sensors
PCDUSubsystem
Software Architecture
Ørsted onboard data handling
Hard Real-Time HOOD
Fomral RAISE specifications
Automatic code generation + manual programming
Ada 83
Scehdulability analysis: Deadline monotonic scheduling
In-Circuit emulator for software validation
Incremental development: Simulators ���� prototypes ����final product
Ariane 501
S Error in Inertial Reference SystemS 64-bit float ���� 16-bit integer = OverflowS Chain of errors:S Reuse from Ariane 4; No revalidationS No exception handlingS Post-mortem dump ���� Valid input for data handling software
Fault Prevention Fault Removal Fault Tolerance
Fault Analysis SupportingMethods & Tools
RestrictingMethods & Tools
Static FaultRemoval
Dynamic FaultRemoval
ErrorDetection
ErrorRecovery
Software Robustness Engineering
Fault Prevention Fault Removal Fault Tolerance
Fault Analysis SupportingMethods & Tools
RestrictingMethods & Tools
Static FaultRemoval
Dynamic FaultRemoval
ErrorDetection
ErrorRecovery
Software Robustness Engineering
Fault Prevention Fault Removal Fault Tolerance
Fault Analysis SupportingMethods & Tools
RestrictingMethods & Tools
Static FaultRemoval
Dynamic FaultRemoval
ErrorDetection
ErrorRecovery
Software Robustness Engineering
Fault Prevention Fault Removal Fault Tolerance
Fault Analysis SupportingMethods & Tools
RestrictingMethods & Tools
Static FaultRemoval
Dynamic FaultRemoval
ErrorDetection
ErrorRecovery
Software Robustness Engineering
Robustness
Pitfalls
Interfaces: Focus from day one
Bidets: Estimate and survey
Schedulability: Estimate and survey
Fault tolerance: Keep it simple, stupid! (KISS)
Verification & validation: Unit test, integration test,system test ...