1 / 7

Avionics Panel Go For Luna Landing!

Avionics Panel Go For Luna Landing!. Graham O’Neil United Space Alliance March 2008. Background. Software comparisons from Apollo to Cx Functionality, size, process characteristics Fault Tolerance, safety considerations Human Crew Integration and Training Human Error in design

Download Presentation

Avionics Panel Go For Luna Landing!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Avionics PanelGo For Luna Landing! Graham O’Neil United Space Alliance March 2008

  2. Background • Software comparisons from Apollo to Cx • Functionality, size, process characteristics • Fault Tolerance, safety considerations • Human Crew Integration and Training • Human Error in design • Human Error in operations • Automation Errors • Automation and Human handoffs • Avionics Lessons Learned • Multi-use, multi connect computers [Apollo 13] • Crew Awareness support [Apollo 11]

  3. Apollo Error Sources • Switchology and mode management; Apollo 11 • Primary/backup mode switching; Apollo 10

  4. Principles Learned • Separation of criticalities • Redundancy at appropriate levels • Robustness of resources and behavior at the margins • Simplicity • Re-inforced Situation Awareness • Training cycle based on credible sims, credible failures, diagnostic signatures, recovery strategies, and next failure identifications.

  5. Op Mode Description Normal The system performs normal operations activities (polling, communications, etc.) Simulator A specified system suspends activities to allow a simulator scenario to be performed. Systems could be set to mimic another vehicle: Independent Each system could be run totally independent of the rest of the ship’s systems. Emergency Each system could have a minimal back up program that would enable it to take charge of the entire ship in case of emergency. Super Links vehicle computers together to solve high-powered computational tasks. This mode could also support sophisticated high-powered simulations. Operational Modes

  6. Challenges • Generation of Safe Designs and their translation into Verifiable Code. • Safe management of modes and states. • Computer and Network architectures that can support fault tolerant data communications. • For life cycle considerations; • Maintain software at the model level • Design and integration tools support Composability, and multi-level criticality function distribution.

More Related