70 likes | 166 Views
Avionics Panel Go For Luna Landing!. Graham O’Neil United Space Alliance March 2008. Background. Software comparisons from Apollo to Cx Functionality, size, process characteristics Fault Tolerance, safety considerations Human Crew Integration and Training Human Error in design
E N D
Avionics PanelGo For Luna Landing! Graham O’Neil United Space Alliance March 2008
Background • Software comparisons from Apollo to Cx • Functionality, size, process characteristics • Fault Tolerance, safety considerations • Human Crew Integration and Training • Human Error in design • Human Error in operations • Automation Errors • Automation and Human handoffs • Avionics Lessons Learned • Multi-use, multi connect computers [Apollo 13] • Crew Awareness support [Apollo 11]
Apollo Error Sources • Switchology and mode management; Apollo 11 • Primary/backup mode switching; Apollo 10
Principles Learned • Separation of criticalities • Redundancy at appropriate levels • Robustness of resources and behavior at the margins • Simplicity • Re-inforced Situation Awareness • Training cycle based on credible sims, credible failures, diagnostic signatures, recovery strategies, and next failure identifications.
Op Mode Description Normal The system performs normal operations activities (polling, communications, etc.) Simulator A specified system suspends activities to allow a simulator scenario to be performed. Systems could be set to mimic another vehicle: Independent Each system could be run totally independent of the rest of the ship’s systems. Emergency Each system could have a minimal back up program that would enable it to take charge of the entire ship in case of emergency. Super Links vehicle computers together to solve high-powered computational tasks. This mode could also support sophisticated high-powered simulations. Operational Modes
Challenges • Generation of Safe Designs and their translation into Verifiable Code. • Safe management of modes and states. • Computer and Network architectures that can support fault tolerant data communications. • For life cycle considerations; • Maintain software at the model level • Design and integration tools support Composability, and multi-level criticality function distribution.