Validation of SpacecraftBehaviour Concept using aCollaborative ApproachAna Rugina, Cristiano Leorato, Elena TremolizzoESA-...
Context•     Space system engineering domains of knowledge              •       Attitude and Orbit Control (AOCS)         ...
Outline1. Objectives2. Perimeter of Early Validation Activities3. Constraints and Choices4. Modelling Insights5. Results6....
Global Objectives•     Validate the FDIR strategy              •       Behaviour « as expected » in the presence of faults...
Perimeter of Validation Activities•     Functional validation              •       AOCS, Thermal, Power subsystems•     Co...
Functional Validation•     Per subsystem (e.g., power & thermal control, AOCS)•     Most often in Matlab/Simulink•     Mos...
Command/Control and FDIR•   Executable control-oriented models    (based on state machines)•   Two levels of early validat...
Constraints (Legacy)•     AOCS model              •       Existing functional model                         –       Algori...
Integration Choices•    Integration backbone: Simulink              •     Functional Engineering Simulator infrastructure ...
Model Architecture Observables/Action Requests                                                                            ...
Model Granularity•     System Control              •       Equipment management (abstract, including redundancy and timing...
Results1. Identification of issues in the design phase              a.      Several alarms lead to the same reconfiguratio...
Conclusions & Perspectives1. Conclusions              a.      Pragmatic collaborative modelling and simulation approach in...
Upcoming SlideShare
Loading in...5
×

Validation of Spacecraft Behaviour Using a Collaborative Approach

316

Published on

Presentation delivered at the 3rd IEEE Track on
Collaborative Modeling & Simulation - CoMetS'12.

Please see http://www.sel.uniroma2.it/comets12/ for further details.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
316
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Validation of Spacecraft Behaviour Using a Collaborative Approach

  1. 1. Validation of SpacecraftBehaviour Concept using aCollaborative ApproachAna Rugina, Cristiano Leorato, Elena TremolizzoESA-ESTEC26/06/2012ESA UNCLASSIFIED – For Official Use
  2. 2. Context• Space system engineering domains of knowledge • Attitude and Orbit Control (AOCS) • Power Control • Thermal Control • Payload • Failure Detection Isolation and Recovery (FDIR)• Early validation and analysis • Usually performed independently per domain • More or less heavy depending on project objectives • Galileo navigation satellites  very high availability• Approach • Integrated model-based simulation to give confidence in command/control and FDIR (functional and timing aspects)Validation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 2ESA UNCLASSIFIED – For Official Use
  3. 3. Outline1. Objectives2. Perimeter of Early Validation Activities3. Constraints and Choices4. Modelling Insights5. Results6. ConclusionsValidation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 3ESA UNCLASSIFIED – For Official Use
  4. 4. Global Objectives• Validate the FDIR strategy • Behaviour « as expected » in the presence of faults – Single fault tolerance (not considering fault combinations) • Logical correctness • Temporal consistency (including functional algorithms)• Subsystems FDIR • Consistency: no contradiction, no shading • Completeness: no missing info to achieve executable specification • Correctness: sound reaction to feared events• System-level FDIR (Cross-subsystems) • Consistency between subsystems’ modes • Analyse impact of dependencies between the subsystemsValidation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 4ESA UNCLASSIFIED – For Official Use
  5. 5. Perimeter of Validation Activities• Functional validation • AOCS, Thermal, Power subsystems• Command/Control and FDIR • Mode management for subsystems – AOCS – Power – Thermal – TTC – Payload • System control application • Hardware reconfiguration moduleValidation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 5ESA UNCLASSIFIED – For Official Use
  6. 6. Functional Validation• Per subsystem (e.g., power & thermal control, AOCS)• Most often in Matlab/Simulink• Most often purely cyclic data-flow (get data from sensors, compute commands, output data to actuators) Functional Eng Simulator Controller Environment dynamicsValidation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 6ESA UNCLASSIFIED – For Official Use
  7. 7. Command/Control and FDIR• Executable control-oriented models (based on state machines)• Two levels of early validation a. The “What” level: what is the chain of events/actions leading from detected error to reconfiguration  Model-checking b. The “How ” level: how the chain of events/actions is to be implemented (e.g., filtering, detection thresholds)  Simulation Validation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 7 ESA UNCLASSIFIED – For Official Use
  8. 8. Constraints (Legacy)• AOCS model • Existing functional model – Algorithms for most of the modes – Environment dynamics (continuous) • In Simulink• Power and Thermal models • Part of functional engineering simulator • In Simulink• FDIR models for power and thermal subsystems • In RTDS (SDL language)Validation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 8ESA UNCLASSIFIED – For Official Use
  9. 9. Integration Choices• Integration backbone: Simulink • Functional Engineering Simulator infrastructure • Matlab scripts to launch simulations with particular parameters (fault injections) and to log results• Power and Thermal FDIR  legacy RTDS models • Integration in Simulink using S-functions (black boxes in the Simulink model) • TASTE toolset for integration of heterogeneous models • Description of model architecture and interfaces • Manages code generation and interfaces• AOCS & System FDIR  Simulink (+ Stateflow and Embedded Matlab) • Native model  white box • Interfaces as bus objects (defined in Excel, processed automatically)Validation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 9ESA UNCLASSIFIED – For Official Use
  10. 10. Model Architecture Observables/Action Requests AOCS System AOCS Manage Mode Mgr CDU reboot notification commands ment AOCS AOCS (SW & Ctrl FDIR HW) Env HW Power ControlReconf Thermal ControlModule TT&C Payload Level ¾ alarms Validation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 10 ESA UNCLASSIFIED – For Official Use
  11. 11. Model Granularity• System Control • Equipment management (abstract, including redundancy and timing) • High-level subsystem coordination logic• Reconfiguration Module • Level 3-4 alarms (computing data unit and global reconfiguration)• Subsystems • Mode manager (Nominal and FDIR transitions) • Functional behaviour model • Environment • FDIR (partly detection, reconfiguration) for level 1-2 alarms (subsystem level) – Electrical, physical, internal, consistency faults – Filtering, voting, error counters• Timing behaviourValidation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 11ESA UNCLASSIFIED – For Official Use
  12. 12. Results1. Identification of issues in the design phase a. Several alarms lead to the same reconfiguration (unoptimized FDIR wrt. Payload availability requirement) b. Reconfigurations not fully specified c. Errors in the filtering algorithms d. Missing information: which TCs are discared during reconfiguration procedure e. Diagnosis issues: how to distinguish between alarm resulting from sequence of unsuccessful HW reconfigurations and alarm resulting from one fault f. Shadowed FDIR rules g. Responsibility issues (what system application/module decides the mode changes) h. Timing issuesValidation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 12ESA UNCLASSIFIED – For Official Use
  13. 13. Conclusions & Perspectives1. Conclusions a. Pragmatic collaborative modelling and simulation approach in the context of a challenging space project b. Constraints related to legacy, schedule, organizational issues2. Perspectives a. Scalability of model-checking techniques b. Test case generation from the simulation activity c. Modelling patterns favouring integration d. Modern collaborative platforms for multi-team/multi-site workValidation of Spacecraft Behaviour Concept | Ana Rugina | ESA-ESTEC | 26/06/2012 | TEC | Slide 13ESA UNCLASSIFIED – For Official Use

×