240 likes | 388 Views
X-Ray Gratings Mission. Flight Software David Leucht 19 – 23 March, 2012. Spacecraft flight software for a dual redundant system Command and data handling 3-axis stabilized stellar pointing attitude control system Payload support including mechanisms control and heath & safety monitoring
E N D
X-Ray Gratings Mission Flight Software David Leucht 19 – 23 March, 2012
Spacecraft flight software for a dual redundant system Command and data handling 3-axis stabilized stellar pointing attitude control system Payload support including mechanisms control and heath & safety monitoring Power system control and battery management COMM management including HGA pointing Development approach consistent with NPR 7150.2. Reuse of LRO/GPM flight software based on the Code 582 Core Flight Software System (CFS) Three testbeds for flight sw/hw I/Fs, FSW build/system tests Flight software sustaining engineering Flight hardware/software based on proven in-house or COTS system, no creditable technical risk identified (i.e., no show-stoppers) Summary
Flight SW Architecture Attitude Determination & Control Mass Storage System Payload Manager Memory Memory Scrub Memory 1553 Control Limit Checker Checksum Manager Dwell Software HK Data Storage Scheduler Power Control Orbit Models CFDP Mechanism Control HGA Pointing File Stored Commanding Manager Local Storage EDAC Housekeeping Inter-task Message Router (SW Bus) Memory Scrubber Manager Re-engineered From LRO/GPM Table Software Bus Telemetry Output Command Ingest Event Time Executive Services Services Services Services New Commands Core Flight System (CFS) Heritage Deployed for I&T on GPM and MMS Transceiver Comm Cards Real-time Telemetry Core Flight Executive (cFE) Heritage Flying on LRO File downlink FSW development will use ASIST T&C GSE (to maximize reuse of heritage FSW test product)
Class B full redundancy, fail safe mission, cold backup avionics Broad-Reach Engineering BRE440 C&DH avionics Diagnostic S/W and SUROM will be COTS from Broad-Reach Payload perform science data collection, compression, CCSDS packetization and time stamping C&DH/FSW provides commands and accept housekeeping data from payload via 1553 Science data will be directly relayed to onboard SSR via RS422 Command decryption is done by hardware Passive thermal control GNC FSW development will use modeling and autocode generation method Safe-hold (Sun avoidance for payload, power positive & thermally safe) will be manually developed by an independent team No controlled Re-entry FSW development will use ASIST T&C GSE (to maximize reuse of heritage FSW test product) Assumptions
FSW Product Development Process Shall Comply with NPR 7150.2A, NASA-STD-8719.13B and GSFC GOLD Rules. Class B for all mission critical FSW Uplink/downlink management including Communication Security Box management. FSW shall be capable of supporting following COMM rates to/from DSN: S-band 2 kbps command, 8 kbps HK telemetry Ka-band 20 Mbps science data, payload telemetry, and S/C telemetry Command and data handling, comply with CCSDS Time management and distribution, 100 microsecond accuracy with periodic updates from ground 3-axis stabilized attitude control system CSS(8), ST(2), SIRU (1), RW(4), Thrusters(12) Up to 10 Hz sensors data acquisition and processing; 10 Hz control cycle Up to 10 Hz Kalman filter ACS control modes: Acquisition; Cruise/Sun-point; Science (i.e. slew, calibration, inertial hold); Thruster Ground initiated momentum management using thrusters (i.e. delta H) Ground initiated L2 insertion/orbit adjust using thrusters (i.e. delta V) Perform sun avoidance (not even slew by, Moon is ok) for payload’s mirror(s) and detector(s) Dual axis HGA pointing 2 Hz Safe-hold Controller software using CSS, IRU, RW Onboard ephemeris propagator with periodic ground updates FSW Requirements (1 of 3)
FSW Requirements (2 of 3) • Payload support • Provide time synch, 100 microsecond accuracy • 1553/RS422 I/F • Payload commands pass through • Payload science/HK collection (instruments to put science/HK and time data in CCSDS packets) • Collect and forward ACS ancillary data (i.e. telescope alignment monitoring data, ACS attitude, etc.) • Heath and Safety monitoring • Mechanisms Control • Solar array deployment (hardware initiated with software backup) • Inner Purge Shield deployment (once time command) • Recorder Memory Management, store and forward HK and science data using CCSDS File Delivery Protocol (CFDP) • 89 Gbits for 72 hours nominal data plus 12 hours of peak data • S/C Power System Electronic Support • Switched Services and Battery Management
FSW Requirements (3 of 3) • Onboard autonomy • Absolute & relative time-tagged command sequences • Limit checker • Health & Safety Management • Memory Checksum Management • EDAC Memory Scrub Management • Parameter Table & Memory Management • Serviceable: allow FSW updates, patches and/or entire module (capabilities to start, stop, delete module without shutting down the system) • Provides three spacecraft simulators – one for each payload development teams and one spare
Processor Utilization Estimates IAU ~60% margin
C&DH/PSE FSW Testbed Analysis Tools Bus Monitor Development Workstation Serial Line 1553 ASIST System FEDS IAU BB 1553 1 PPS GDS with GNC models Instruments Sim PSE BB Detector ElectronicsBB RIU BB Ethernet Decryption Sim • Top-Level Requirements: • Support C&DH FSW development • Support C&DH FSW build integration • Support C&DH FSW build test • GDS to checkout GNC I/Fs FSW development will use ASIST T&C GSE (to maximize reuse of heritage FSW test product)
ACS FSW Testbed Analysis Tools Bus Monitor Development Workstation Serial Line 1553 ASIST System FEDS IAU BB 1553 1 PPS Instruments Sim Full up GDS with GNC models Flight Dynamics Ethernet Decryption Sim • Top-Level Requirements: • Support GNC FSW development • Support GNC FSW build integration • Support GNC FSW build test FSW development will use ASIST T&C GSE (to maximize reuse of heritage FSW test product)
FSW System/Maintenance Testbed Analysis Tools Bus Monitor Development Workstation Serial Line 1553 ASIST System FEDS IAU/Safehold ETU IAU ETU 1553 1 PPS Full up GDS with GNC models Flight Dynamics Instruments Sim PSE ETU Detector Electronics ETU RIU ETU Ethernet Decryption Sim FSW development will use ASIST T&C GSE (to maximize reuse of heritage FSW test product) • Top-Level Requirements: • Support FSW system test • Support mission operation training • Support FSW maintenance
Elements Required For FSW Development(Inc. Deliverables/Receivables)
Recommendations • Recommend add feedback/position sensors to all mechanisms to facilitate onboard autonomous fault detections and corrections • Further study might be needed to ensure primary CDH fault (CBE ~30 seconds to power up the cold backup CDH and regain control of the spacecraft) does not risk putting the Sun on/near the boresight of the telescope
Backup Slides • System Diagrams from Avionics • Layered Software Architecture and Heritage • Development Approach • Management Approach • Verification & Validation • Flight Software Maintenance
Processor Layered Software Architecture & Associated Heritage Command Management Telemetry Management SSR Management Stored Commanding Software Bus Exec & Task Services Time Management Event Handler • AXSIO • Application Layer • Med/High Heritage For Common Functions (e.g., Stored Commanding, Health & Safety, Command Management), • Low/No Heritage For Mission Unique Functions (e.g., Deployables, Payload, ACS, power) Payload Support Power Safe Hold Deployables ACS Health & Safety Subsystem Telemetry Monitoring, Checking and Response COMM Housekeeping Thermal System Support Layer (582’s Core Flight Exec) C Table Management OS Services Layer (VxWorks OS, 582 OS Abstraction Layer) I/O Driver RS422 1553 Driver VxWorksOS Bootstrap Loader HK Driver Memory R/W Driver Timer Driver PCI Driver COMM Driver Comm. Processor BRE440 Non-Volatile Memory Volatile Memory Timers AXSIO Physical (Hardware) Layer cPCI RS422 1553 Analog Acquisition Digital I/O
FSW Development Approach • Reuse LRO/GPM C&DH FSW (Med to high heritage, low risk - LRO launched 2009) • LRO FSW Features (based on 582’s Core Flight Executive) • Being developed using FSW best practices consistent w/NPR 7150.2 • Onboard file systems and associated file transfer mechanisms • Onboard networks with standard interfaces • Standard application interfaces (API) for ease of development and rapid prototyping • Dynamic application loading, middleware (SB) provide dynamic cmd/tlm registration • POSIX APIs and open source Integrated Development Environment • Benefits • Will enable parallel collaborative development and system interoperability • Will automate many previously manual development activities • Will simplify technology infusion and system evolution during development and on-orbit • Will enable rapid deployment of low cost, high quality mission software • New development for all mission specific components • ACS, Instrument support, mission-specific ops concept support, power electronics, etc.
Management Approach • Product Development Process Will Comply with NPR 7150.2 (NASA Software Engineering Requirements, now a GOLD Rule) • Development • Product Development Plan per 582 branch standards, approve by Branch & Project • Detailed FSW development schedule integrated with project & subsystems schedules • Requirements management using MKS tool • Monthly PSR with AETD & project; branch status reviews • Weekly system engineering meetings, FSW team meetings • FSW Design & Code reviews • Major milestones (SCR, PDR, CDR, etc) • Configuration Management • FSW CM Plan per 582 branch standards, approve by Branch & Project • Commercial CM tool (i.e., MKS) to manage source codes and document • Proposed FSW changes affecting missions requirements, cost and/or schedule will be forwarded to Project level CCB • Test Plan • FSW Test Plan per 582 branch standards, approve by Branch & Project
FSW Verification and Validation • Unit Test • Done by developers using PC tools • Follow Branch 582 Unit Level Test Standard - Tailored • Includes Path testing, Input/Output testing, Boundary testing, and Error Reporting verification • Occasionally BB H/W is required to verify H/W I/F • Build Integration Test • Done by developers to verify that the FSW performs properly on the BB H/W in the FSW testbeds using embedded system tools • First level functionality ensured for integrated software • Build Test Team to assist in GSE I/F checkout • Build Verification Test • Done by independent test team with GNC Analyst support on the BB H/W in the FSW testbeds using embedded system tools • Test each requirement in the Flight Software Requirements documents (where possible at the build level) • Use test scenarios to test requirements in both a positive and negative fashion. • Scenarios constructed to combine requirements that are logically connected to create a test flow. • Automation to be utilized as much as possible • Requirements Traceability Matrix maintained
FSW Verification & Validation (cont) • System Test • Done by independent test team including Flight S/W Maintenance & Flight Operation Team members with support from GNC analyst, AXSIO system & subsystems • Top-down approach with end-to-end testing • Test scenarios will focus on the operational aspects of the flight software. For each test, as much as practical, all software will be running, including all C&DH, ACS and PSE applications with checks and responses enabled • Stress test of the FSW will demonstrate correct performance at peak CPU and bus loading • Perform negative testing from an operational perspective, system level failure modes test & analysis • Flight qualify Ground System Telemetry & Command Database • Test scenarios can be used to support S/C CPT • Tests will be Performed on System/FSW Maintenance Testbed
Flight Software Maintenance • Code 582 will provide FSW Maintenance for AXSIO • Dedicated FSW Maintenance Team will be responsible for maintaining the FSW • Maintenance staff will be a part of the FSW Acceptance Test Team • FSW Maintenance development will be performed in the System/FSW Maintenance Test Bed