Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operational Flight Software

Published byAlannah Newton Modified over 6 years ago

Similar presentations

Presentation on theme: "Operational Flight Software"— Presentation transcript:

1 Operational Flight Software
MAVEN Particles and Fields Operational Flight Software Code Walkthrough Fault Protection Peter R. Harvey

2 Fault Protection (FP) Failure detection and correction (FDC) requirements, approach, and detailed design R1. The spacecraft shall provide the instrument zone alert states to the PFDPU, RSDPU, and NGIMS at a rate of once a second for the following: EUV boresight in Ram below parameterized altitude SEP 1 parameterized rectangular FOV 1 in Sun SEP 1 parameterized rectangular FOV 2 in Sun SEP 2 parameterized rectangular FOV 1 in Sun SEP 2 parameterized rectangular FOV 2 in Sun Ambient Density STATIC > parameterized density limit Ambient Density SWIA/SWEA > parameterized density limit Ambient Density EUV > parameterized density limit IUVS parameterized rectangular FOV in Sun Ambient Density IUVS > parameterized density limit Ambient Density NGIMS > parameterized density limit R2. The payloads shall respond to a transition into a zone alert region by putting the affected instruments into a known safe state until a transition out of the zone alert region occurs. R3. The payload shall respond to a transition into a zone alert region by blocking all internally sequenced and spacecraft initiated commands that would put an instrument into an unsafe instrument state until a transition out of the zone alert region occurs. R4. The payloads shall issue a safe me request if the affected instrument is unable to properly configure upon transition into a zone alert region. Instruments shall stop generating HeartBeat messages. R5. The payloads shall configure all affected instruments into a safe state if a zone alert message has not been received for a parameterized amount of time. R6. The payloads shall configure all affected instruments into a safe state upon power up until a zone alert status is established. R7. HeartBeat should indicate PFDPU is fully functional, meaning TBD (should be sent every 1 second).

3 Associated Requirements
FP Requirements Associated Requirements P1. Users must be able to disable HV or Door operations, regardless of S/C Zone Alerts. (e.g. PF GSE cannot release Zone Alert and allow HV to ramp up when we don’t want it to. ) P2. Door Actuations have a timeout following actuation of TBD seconds for the SMA to cool down. Implementation Details Telemetry Task does not itself need to be monitored. If it fails, the S/C will know and take action. When Tasks succeed, they clear their respective “time-since-task” register. PF will principally rely upon Relative Time Sequences for Open/Close or HVON/HVOFF sequences. PF FSW will have two independent software activities: one for safing actions, one for safety verification. Each safing action expected duration will be independent of others and will be commandable If you remove power from PF, hardware circuits will safe the HV and will close the EUV, SEP1, SEP2 doors within 5 minutes. On power up, PF is guaranteed to be safe (meet R6). If you remove power from STATIC, SWEA or SWIA, their High Voltages are zero. So, before asking for the Spacecraft to safe the PF, the PF FSW would prefer to turn off these non-complying instruments.

4 FP HV Details HV Registers
These are high voltages, each separately controlled, so they all need to come down to be safe. SWEA: SWEMCPHV SWENRHV Note SWENRHV does not have a DAC. It just comes on to full scale when you enable it. Analyzer, Def1, and Def2 HV are based on NRHV. If NRHV is low, the others have to be. SWIA: SWIMCPHV SWIDefRawV SWISwpRawV Note the last two share a single control they should ramp up and down together. Analyzer, Def1, and Def2 HV are based on DefRaw and SwoRaw. If DefRaw and SwpRaw are low, the others have to be. STATIC: STAAccHV STAMCPHV STADefRawV STASwpRawV Note the last two share a single control they should ramp up and down together. Analyzer, Def1, and Def2 HV are based on DefRaw and SwoRaw. If DefRaw and SwpRaw are low, the others have to be.

5 FP Definitions Safing Status Quick digest on all requests and measures
“Allowed” register is combination of Zones and User Enables registers. “Instrument Status” is independent measures of what’s actually happening. Safing Status can be returned in “Safe Me” message

6 FP CMD & TM Tasks CMD Task Decodes all S/C messages
ZoneAlerts Reset Timer[6] TM Task Determines “Safe Me” status from safety failures or task stoppages (meets R5, R7). Will not send normal telemetry including NOOP (Heartbeat) when “Safe Me” is being req’d (meets R4)

7 FP Safing Task, Failures
Has_Failed( bit ) If the Instrument Status bit is safe, then returns(NotFailed) If the bit is Allowed, returns( NotFailed). Otherwise, the Instrument is out-of-compliance. The respective Timer is incremented. If the Timer exceeds its Limit, then it returns (Failed=1) Safing Task Computes the Instrument Status register (6 bits) Computes what is Allowed by a combination of Zone Alerts and User Enables. Calls Door and HV managers to act (meets R2). Calls Power managers to shut off non-complying instruments (meets R2).. Clears its task timer. A failure is an unallowed state for a period of time. Status is developed by reading back from electronics, not by FSW variables.

8 FP EUV Aperture IsEUVOpen() FSW reads the 2-bit status of the EUV Ap
Compares that to the Open & not-Closed condition. IsEUVAllowed() If either “Boresight in RAM” or “Density High” ZoneAlerts, then EUV Aper is not allowed. If user Enable is low, EUV Aper is not allowed. ManEUVAper() If open but not allowed, this routine starts RTS (5) If closed but allowed, this routine starts RTS(11) Does not matter whether LPW/EUV power is On or Off

9 SEP FP SEP1&2 Doors ManSEP1Door()
IsSEP1Open() FSW Selects SEP1 Door status and directly reads its status. IsSEP1Allowed() If either “SEP1 FOV1” or “SEP1 FOV2” ZoneAlerts, then SEP1 Door is not allowed. If user Enable is low, SEP1 Door is not allowed. ManSEP1Door() If open but not allowed, this routine starts RTS[6], SEP1 Door Closure. If closed but allowed, this routine starts RTS(11), SEP1 Door Open If SEP is off, doors will close as a result. Identical logic used in SEP2 Zone[1]=1? No Yes IsSEP1 Allowed() Return( 0 ) Zone[2]=1? SEP1 FOV1 in Sun? Is Task[12] > Limit? User Enabled ? OK, its allowed Return( 1 ) BiasMon > "-0.2V" Enable[1]=1? SEP1 FOV2 in Sun? If no SEP1 comm Low BiasMon => Sun

10 FP STATIC HV STAT Mgr() Decodes STATIC messages
Resets Timer(9) when HSK message found. Resets its timer when STATIC is off. IsSTATHVOn() If STATIC Off, HV is off. If any HV > 100V, then HV is ON. IsSTATAllowed() If Zone Alert[5]=1 then No. If User Enable[3]=0, then No.

11 FP STATIC HV ManSTATHV() If STATIC is off, HV is off so exit.
If HV is ON but not allowed, this routine starts RTS[8], STATIC HV Off. If HV is OFF but allowed, this routine starts RTS(14), STATIC HV On ManSTATPower() If no HSK coming out, then turn STATIC off. If HV not complying, then turn STATIC off.

12 FP SWIA HV SWIA Mgr() Decodes SWIA messages
Resets Timer(10) when HSK message found. Resets its timer when SWIA is off. IsSWIAHVOn() If SWIA Off, HV is off. If any HV > 100V, then HV is ON. IsSWIAAllowed() If Zone Alert[6]=1 then No. If User Enable[4]=0, then No.

13 FP SWIA HV ManSWIAHV() If SWIA is off, HV is off so exit.
If HV is ON but not allowed, this routine starts RTS[9], SWIA HV Off. If HV is OFF but allowed, this routine starts RTS(15), SWIA HV On ManSWIAPower() If no HSK coming out, then turn SWIA off. If HV not complying, then turn SWIA off.

14 FP SWEA HV SWEA Mgr() Decodes SWEA messages
Resets Timer(11) when HSK message found. Resets its timer when SWEA is off. IsSWEAHVOn() If SWEA Off, HV is off. If any HV > 100V, then HV is ON. IsSWEAAllowed() If Zone Alert[6]=1 then No. If User Enable[5]=0, then No.

15 FP SWEA HV ManSWEAHV() If SWEA is off, HV is off so exit.
If HV is ON but not allowed, this routine starts RTS[10], SWEA HV Off. If HV is OFF but allowed, this routine starts RTS(16), SWEA HV On ManSWEAPower() If no HSK coming out, then turn SWEA off. If HV not complying, then turn SWEA off.

Download ppt "Operational Flight Software"

Similar presentations

PLC Applications[ATE-1212] Module-1

PLC Applications[ATE-1212] Module-1
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
In this presentation you will:

In this presentation you will:
Tool removed during cycle Fault #2 Conditions for setting Tool cocked prox switch goes open during cycle AND force on load cell drops below limit in fault.

Tool removed during cycle Fault #2 Conditions for setting Tool cocked prox switch goes open during cycle AND force on load cell drops below limit in fault.
PHEOS PSRR Concept of Operations. 2 Scope The purpose of the PCW-UVI Concept of Operations (ConOps) is to communicate how mission systems will operate,

PHEOS PSRR Concept of Operations. 2 Scope The purpose of the PCW-UVI Concept of Operations (ConOps) is to communicate how mission systems will operate,
1 PFP IPDR 2010/6/14 - 16 Particles and Fields Package (PFP) GSE Timothy Quinn.

1 PFP IPDR 2010/6/ Particles and Fields Package (PFP) GSE Timothy Quinn.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
MAVEN CDR May 23-25, 2011 Particles and Fields Package Pre-Environmental Review May 22 -23, 2012 Flight Software Peter R. Harvey Mars Atmosphere and Volatile.

MAVEN CDR May 23-25, 2011 Particles and Fields Package Pre-Environmental Review May , 2012 Flight Software Peter R. Harvey Mars Atmosphere and Volatile.
Solar Probe Plus FIELDS ICU/FSW Peter R. Harvey Dorothy Gordon –ICU Will Rachelson – FSW Dec 1, 2012.

Solar Probe Plus FIELDS ICU/FSW Peter R. Harvey Dorothy Gordon –ICU Will Rachelson – FSW Dec 1, 2012.
Higher Computing Computer Systems S. McCrossan 1 Higher Grade Computing Studies 2. Computer Structure Computer Structure The traditional diagram of a computer...

Higher Computing Computer Systems S. McCrossan 1 Higher Grade Computing Studies 2. Computer Structure Computer Structure The traditional diagram of a computer...
SwRR 4/28/2010 1 Telecon MAVEN Particles and Fields Flight Software Requirements Review SwRR Peter R. Harvey April 28, 2010.

SwRR 4/28/ Telecon MAVEN Particles and Fields Flight Software Requirements Review SwRR Peter R. Harvey April 28, 2010.
The Functions of Operating Systems Interrupts. Learning Objectives Explain how interrupts are used to obtain processor time. Explain how processing of.

The Functions of Operating Systems Interrupts. Learning Objectives Explain how interrupts are used to obtain processor time. Explain how processing of.
SPS policy – Information Presentation Presentation to ROS June 16, 2004.

SPS policy – Information Presentation Presentation to ROS June 16, 2004.
© Janice Regan, CMPT 300, May 2007 0 CMPT 300 Introduction to Operating Systems Mutual Exclusion.

© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Mutual Exclusion.
EE330 Final Project Lithium Battery Monitor Evan Adkins and Brandon Umscheid.

EE330 Final Project Lithium Battery Monitor Evan Adkins and Brandon Umscheid.
21-1 MAVEN IPSR October 30,31, 2012 Particles and Fields Package Pre-Ship Review October 30,31, 2012 21: Flight Software Peter R Harvey Mars Atmosphere.

21-1 MAVEN IPSR October 30,31, 2012 Particles and Fields Package Pre-Ship Review October 30,31, : Flight Software Peter R Harvey Mars Atmosphere.
GLAST Large Area Telescope Instrument Flight Software Flight Unit Design Review 16 September 2004 Software Watchdog Steve Mazzoni Stanford Linear Accelerator.

GLAST Large Area Telescope Instrument Flight Software Flight Unit Design Review 16 September 2004 Software Watchdog Steve Mazzoni Stanford Linear Accelerator.
Time Management.  Time management is concerned with OS facilities and services which measure real time, and is essential to the operation of timesharing.

Time Management.  Time management is concerned with OS facilities and services which measure real time, and is essential to the operation of timesharing.
24-1 MAVEN IPSR October 30,31, 2012 Particles and Fields Package Pre-Ship Review October 30,31, 2012 24: ATLO Support Dave Curtis Mars Atmosphere and Volatile.

24-1 MAVEN IPSR October 30,31, 2012 Particles and Fields Package Pre-Ship Review October 30,31, : ATLO Support Dave Curtis Mars Atmosphere and Volatile.
Conclusion Speech. Content Organization Pronunciation Handwriting.

Conclusion Speech. Content Organization Pronunciation Handwriting.

Similar presentations

Ads by Google