Download
1 / 92
920 likes | 1.08k Views
MAVEN Particles and Fields Flight Software Critical Design Review Design Section Peter R. Harvey. RevA: Corrected Slides pages 9,16,60. Design Agenda. I. Management Section Introduction Project Overview Management Overview Development Process and Plans Software status
E N D
MAVEN • Particles and Fields • Flight Software • Critical Design Review • Design Section • Peter R. Harvey RevA: Corrected Slides pages 9,16,60
Design Agenda • I. Management Section • Introduction • Project Overview • Management Overview • Development Process and Plans • Software status • II. Requirements & Operational Concept • III. Design Section • Software Overview • Module Descriptions • Issues, etc. • IV. Software Testing • Test Plans, Documents, Databases • Delivery, Installation, and Maintenance • V. Abbreviations and Acronyms • Content defined by MAVEN Software Management Plan, rev B format for SwCDR
Hardware Context • PF System Block Diagram • Redundant Identical CPUs • Cold Spare System (software and hardware) architecture, external interfaces and end-to-end data flow
Hardware Context CPU Block Diagram (DCB)
Architecture • FSW Modules - Boot Software context diagram showing each subsystem or major component
Architecture • FSW Modules - Operational Software context diagram showing each subsystem or major component
Module Overview • FSW Modules Boot Operational
Module Overview • Generic Module Requirements • “Module_Init”: Initialize Variables and Hardware to Allow all Module Calls to Work • “Module_Cmd”: Handle Commands within one half interrupt period • “Module_Hsk”: Provide Module Housekeeping for Telemetry • Generic Examples // ============================================================ // Loader Initialization // On StartUp, we want to Dump Table[0] (EEPROM directory) // ============================================================ void LD_Init() { DumpAdr = LoadAdr = (long) TableStart[0]; DumpSize = 80; // ~ # Bytes in Table[0] DumpCtr = 255; // # of Dump packets to make } // ============================================================ // Loader Commands // ============================================================ void LD_Cmd(unsigned long cmd) {unsigned int op,dta,tbl,ofs; unsigned char *p; unsigned long dest; op = (int)(cmd>>24)&0x0F; // Op is the Command Option tbl= (int)(cmd>>20)&0x1F; // Table bits for some cmds ofs= (int)(cmd>>8 )&0x0FFF; dta= (int) cmd&0xFF; // Right Byte is Dta switch(op) { case 0: LoadAdr = (cmd>>8)&0xFFFF; // Load Byte p = (unsigned char *) LoadAdr; *p= (unsigned char) dta; break; case 1: DumpAdr = (cmd>>8)&0xFFFF; // Dump Byte(s) DumpSize = dta; DumpCtr = 255; break; // ============================================================ // EXEC Module Housekeeping // This routine formats a string of data storing them using // the input pointer and returns the string length in bytes. // ============================================================ int Read_Exec_Hsk( char *ptr ) {int n; n=0; ptr[n++] = (char) Version ; ptr[n++] = (char) Fgnd1pps ; ptr[n++] = (char) *Mode_Ptr ; ptr[n++] = (char) *Reset_Ptr; ptr[n++] = (char) (*Enable_Ptr>>8); ptr[n++] = (char) *Enable_Ptr ; ptr[n++] = (char) ErrorCode ; ptr[n++] = (char) (ErrorData>>8); ptr[n++] = (char) ErrorData ; ptr[n++] = (char) ErrorCtr ; return( n ); }
Executive • EXEC Module (function MAIN()) • Requirements (General) • Initialize All Modules • Mask Enable Bits by Mode (SAFE, NORMAL, ENGIN) • Measure CPU Availability • Provide Service Loop for Foreground • Store Events, Generate Event Packets • Begin Accepting Commands in 2 seconds • Implement Software Reset Command • Requirements (Boot Only) • Increment Reset Counter • Monitor Internal Resets and Safe if it reaches a persistence. • Initiate Boot Command Sequence (see next page) • Requirements (Op Only) • Do Not Increment Reset Counter • Stop Boot Command Sequence within 1 second • Provide Safe, Normal and Engineering Modes • Telemeter FSW Version Number • Changes since SwPDR Corrected Slide
EXEC Boot/Initialization • Hardware Reset • Power-On • WDRST -- Watchdog Reset (8-seconds) • SCRST – Spacecraft Reset (Commandable) • Reset Sequence (all types) • FPGA Copies PROM into RAM • FSW Initializes Local Data RAM to zero • EXEC Initializes Each Module (*_Init) • If Power-On Reset, Starts in Safe Mode • Begins Engineering Telemetry (1-sec) • Checksums EEPROM programs (2-4 of them) • Selects first-program with Good Checksum • Waits 4 seconds elapsed time • Runs Selected Operational Program • Continues to run Safing Sequence
EXEC Boot/Safing Seq • FSW Safing Sequence • Delays 1 second to allow Operational program to stop this sequence; Turns Off all HVs (STATIC, SWIA, SWEA); Delays 60 seconds to allow HV to dissipate; Turns Off all Instruments; Delays 200 seconds to allow Actuator Guardband lockout to timeout; Closes EUV, SEP1 and SEP2 doors; Issues “Safe Me Request” to Spacecraft invoking HDW sequence • HDW Safing Sequence Spacecraft Will Power Off PF Automatic Power-Off Door Closures Will Actuate
EXEC Op/Initialization • Start Up Sequence (called from Boot) • Boot Copies EEPROM into RAM • If Power-On Reset, • EXEC Initializes Local Data RAM to zero • EXEC Initializes Each Module (*_Init) • If Warm Reset • EXEC Leaves Local Data RAM Alone • EXEC Leaves Module (*_Init) Alone • Replaces Interrupt Vector (from Boot to Op) • Begins Engineering Telemetry with no phase shift * • Reads Power On Status of Instruments • For Each Instrument that is ON, run a start up RTS (#17-22) • * : Telemetry phase is determined by DCB Clock
EXEC Modes & Enables • FSW Modes • Safe – Minimal Activities Allowed • Normal - FLASH Memory Allowed, HV, Attenuators • Engineering – EEPROM Writing • Implementation • All Enables are Masked by ModeMask for Safe/Norm/Eng • Mode Transitions Have Associated Mode Initialization Script
EXEC Errors/Events APID 24
Background • BKG Module • Requirements (General) • Initialize Interrupts to 256 Hz • Maintain the Internal Clock to <10 msec accuracy • Uses Time Update Messages, 1 pps ticks • Free Runs Clock otherwise • Distributes Interrupts to other modules • Receives Zone Alerts • Requirements (Op Only) • Constrain sampling intervals to 2**N seconds • Changes since SwPDR Corrected Slide
BKG Processing • BKG Interrupts • 256 Hz Interrupt Process • Distributes CPU Time per Table • Basic ¼ second table repeats 4Hz • CMD, PWR, HSK get 32 Hz • Instruments get 8-16 Hz, etc. • Easily reconfigurable (spares) • FSW measures time in each ISR • FSW measures total CPU% • Design for < 50% usage
BKG Clock Mgmt Spacecraft Clock (UTC)
Commands • CMD Module • Requirements (General) • Input Spacecraft Messages per ICD • Time Updates • Zone Alerts • Instrument Command Strings • Instrument Memory Loads • Ignore Pad Bytes • Reject Errant Command messages • Verify Command Format & Route commands • Handle Maximum Command Rate (56 kbaud) • Detect FIFO Overflow • Execute Command Sequence w/Enable/Disable • Command Verification in Housekeeping • Requirements (Op Only) • Implement 64 RTS Sequences (4 cmds/sec each) • Manage Calibration Sequences • Changes since SwPDR
CMD Interface • Command/Timing Information • Commands Use 56 Kbaud Async messaging • S/C Inter-command gap of 30 msec • DMA channel input to 2 x 1024 byte buffers • DMA Automatically switches buffers at 2 ms gap • FSW verifies FPGA transfer status, verifies format prior to use • Time Update (TU) Messages at 1Hz • PF FSW must tolerate time update gaps • PF FSW must initiate Safe Mode if 3 TU’s missed in a row • Zone Alerts Messages at 1Hz • PF FSW must safe the instrument and report “Alive” • If FSW cannot implement safing, it reports “SafeMe”
CMD Interface Time Update
CMD Interface Zone Alert
CMD Interface Serial Command
CMD Interface PF Commands ApID 10 “Cmd Strings” ApID 11 “Mem Load”
CMD Relative Time Sequences RTS Database has up to 64 RTS Sequences. All RTS can run simultaneously. Commands executed at 4 Hz. RTS are variable length. Each can be enabled/disabled. RTS can start other RTS sequences and/or loop. Boot Oper
Telemetry • TM Module • Requirements (General) • Output Spacecraft Messages per ICD • Regulate Telemetry to Commanded Rate post Compression • Time Stamp Packets w/ SC Time • Trigger SAFE RTS on 3 missed consec Time-Updates • Generate Alive messages with incrementing counter • Issue SafeMe if the Foreground Stops for 1 second • Limit Transmission to 8192 bytes • Requirements (Boot Only) • Routes Engineering Telemetry • Requirements (Op Only) • Multiplexes Engineering, Survey and Archive Telemetry • Uses Different APIDs for Survey and Archive • Controls Instrument Power if there is a fault • Changes since SwPDR
TM Interface • Telemetry Information • Telemetry Uses 56 Kbaud Async messaging • Telemetry will use CCSDS packet headers inside Transaction • Telemetry will use 2x5120 byte DMA buffers • Telemetry must send Aliveness message every second • Commandable Rate: 4.77 Kbps average to 37.10 kbps (4636 Bytes/sec) • Compressing Data Allows Archive Playback Allotment • FSW monitors/adjusts RealTime & Archive mix Transaction Format IP = Internet Protocol UDP= User Datagram Protocol CIP= Common Inst Protocol IDP=Inst Dependent Protocol
TM Aps Commands and HSK TM DPU Telemetry Allocation = 30 bps, so this is over allocation.
TM APs CDR Set of Science APIDs
Housekeeping • HSK Module • Requirements (General) • A/D Convert a List of Engineering quantities in 16-bit • Changes since SwPDR
Housekeeping APID 23
Housekeeping APID 25
Loader • LD Module • Requirements (General) • At Reset, Dumps EEPROM directory • Read/Write EEPROM Memory at least 2 Programs • Check EEPROM images, handle failures • Select EEPROM image to execute • Provide RAM or EEPROM load/dump/execute • Provide Telemetry showing EEPROM directory • Requirements (Boot Only) • Requirements (Op Only) • Verify EEPROM validity (2x week) • Telemeter EEPROM directory • Provide Loading/Dumping Param Tables in EEPROM • Version numbers • Used to refresh instrument control • Provide Version #’s for all RTS Sequences. • Changes since SwPDR
Loader EEPROM Directory, Format
Loader Table References (32 Allocated)
Loader APID 22
Utilities • UTIL Module • Requirements • General support routines to LD, TM, CMD, EXEC, etc • Copy() • ExecFn() • LoadRun() • CheckSum() • IntSum() • Arm() • DisArm() • Delay() • Detailed Design • Reentrant Implementation • Copy has Copy(), CopyW(), and CopyQ() • ReUse of routine definitions from previous flight projects.
Input/Output • IO Module • Requirements • General logical/physical separation to the FPGA • Set Interrupt Rate • Control EEPROM Write Enable • Control Power Supply system • Control A/D multiplexor and conversion • Read Internal Clock • Read FPGA Housekeeping including Power Switches • Receive Spacecraft Messages • Send Messages to Spacecraft • Detailed Design • Reentrant Implementation • ReUse of routine definitions from previous flight projects. • Includes Flash Control • Includes Diagnostic Output Port • FPGA Registers are QuadWord Addressable only
Power • POWER • Requirements (BOOT) • Can Turn Instruments Off, but Not On • Can Close SEP1, SEP2, EUV Doors but Cannot Open Them • Requirements (OPER) • At initialization, if instruments are ON, a default RTS is run to initialize them • Ramp HV to instruments • Prohibit HV to instruments with cover off • Control EUV Aperture • Control SEP Doors • Monitor PF Housekeeping Values • Detailed Design • State Machine Called at 32 Hz • Split 4 ways : HV, Actuators, HSK1, HSK2 • Monitor Uses Raw Values, not Converted • Arbitrates Calls for Attenuator Movement from Instrument Managers
Power Green indicate actuations prohibited in Boot Mode.
Power • LIMIT Monitoring • Limit Database: • Arbitrary Length • Each Element Described as 6-byte record:
SSR Overview • SOLID STATE RECORDER Management • Requirements • Manage the Non-Volatile Memory (Flash) • Format the Flash into addressable blocks • Implement a Circular Recorder/playback system to store 30 kbps • Keep the power off when possible • Provide packets to TM module • Detailed Design • Handles Variable-size Packets • Routes packets based upon ApID and Table 4 routing information • [0] -> Waste Basket • [1] -> Real-Time Telemetry • [2] -> Archive (Flash) storage • Design changes since SwPDR • Instrument Message to Real-Time Packet Conversion (for EM I&T Tests) • Automatically Adds PAD bytes to achieve 4-byte alignment requirement
SSR RT Mgmt RT Data Management
SSR Achive Mgmt Archive Data Management
SSR Archive Format • FLASH Hardware • 8 GB Capacity • Each 4GB powered separately • EDAC Enabled Write/Read • DMA-Channel to/from SRAM • Block Addressable • 2^16 128KB Blocks • Each Block has 2K extra bytes EDAC Bad-Block-Indicator Erase Count Write Time • FSW Functions • Stores/Retrieves Archive Science Blocks • Circular Memory with Separate Read & Write Ptrs • Playback Commanded by Block Number and Length • Both Read/Write Block pointers Telemetered • Ground S/W keeps Time-to-Block Number relationship • FMAP of 256 provides 32 MB control FSW_020_ANALYSES.XLS FMAP : FLASH Virtual-to-Physical Memory Map
SSR FLASH Timing FLASH Timing – Bi-Directional, Failure Tolerant
SSR FLASH Logic Read/Write/Diag Decision State D0
SSR FLASH Logic Read Logic States with Error Handling
SSR FLASH Logic Write Logic State W1 with Error Handling
