Upload
frank-morgan
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
S1.6 Requirements: KnightSat C&DH
Requirement Source Verification Source Document
Test/Analysis Number
S1.6-1 Provide reliable, real-time access and control of input/output (IO) devices
S1.6-2 Provide modular, adaptable and scalable computational interfaces between all IO devices and computers
S1.6-3 Provide sufficient computing resources for execution of all required system processes (excluding payloads)
S1.6-4 Provide sufficient, error corrective storage for system data logging and payload data storage
S1.6 Design: KnightSat C&DHRISK
Y
Architecture
S1.6 Design: KnightSat C&DH
• Physical Characteristics– Intel XScale PXA255 processing bank– Mass TBD, 12.5cm x 12.5cm x 2cm main
computer box, X” aluminum shielded– XX connector interface to IO bus
• Performance Characteristics– 2.6 Watts main computer board– TBD MBs modular NAND flash storage bank– Combined 600MHz modular MCU bank – Software controllable sleep/idle/active modes
per power block– CAN based distributed heterogeneous
network– Network monitor defaulted ON when power
applied; independent module activation as needed
RISK
Y
S1.6 Design: KnightSat C&DH
• Hardware status– CAN network functionality tests –done*– Network based IO access tests -done*– PXA255 functionality under Linux -done*– Software cross-compilation procedures -done*– Network Controller functionality tests –TBD**– PXA255/Network Controller integration tests –
TBD**– Storage bank prototyping and testing –TBD**– Network redundancy and failure tolerance tests
–TBD**
*Completed as part of FUNSat `05 Project**To Be Done
RISK
Y
S1.9 Requirements: KnightSat Software
Requirement Source Verification Source Document
Test/Analysis Number
S1.9-1 Provide a scalable and reliable inter-process communication mechanism
S1.9-2 Provide a scalable, reliable, and real-time process/IO communication mechanism
S1.9-3 Provide reliable and adaptive control software to fulfill each individual subsystem’s tasks
S1.9-4 Provide a standard data exchange mechanism between individual subsystem tasks
S1.9 Design: KnightSat Software
• ARM v5TE / AVR Assembly and C/C++ Programming Languages
• GNU Linux based on the 2.6.x kernel• Intel XScale architecture on a distributed
heterogeneous network• Loosely-coupled processing load
distribution• CVS based software development
RISK
Y
G = low risk Y = medium risk R = high risk NA = N/A
C&DH
Software
… … … … … …
Performance G G
Schedule Y Y
Cost G G
Safety G G
Testing G Y
Manpower Y Y
Facilities G G
Overall Subsystem Assessment Y Y NA
Program/Subsystem Risk Assessment
C&DH Detailed Requirements
Subsystem / Component Requirements Method
1.6-1 –Provide reliable, real-time access and control of input/output (IO) devices
A software control process must be able to communicate with its associated IO device(s) with minimal transmission delays
Design, Test, Analysis
The data exchange medium must have a high tolerance to electrically harsh environments (ie. EMI, radiation, etc.), having a bit error rate of no more than 10^-6 ppm.
Test, Analysis
Each IO node must be individually addressable and any two nodes (ie. computer to IO device) must be able to directly address each other without a master node coordinating the transmission. The node addressing scheme must support message prioritization.
Design
1.6-2 –Provide modular, adaptable and scalable computational interfaces between all IO devices and computers
Each individual network node interface must have minimal power consumption and each node must be easily inserted/removed on the network without interrupting pre-existing communications
Design, Test
Critical IO devices (ie. Star tracker, thruster, etc.) must have redundant interfaces to ensure device network availability at all times
Design, Test
Each network node must be able to operate without specific knowledge of the network topology Design
1.6-3 –Provide sufficient computing resources for execution of all required system processes (excluding payloads)
Any subsystem task and its corresponding processes must be able to execute when required and all of its requirements (ie. Real time access to thrusters) must be met
Design, Test, Analysis
C&DH Detailed Requirements
Subsystem / Component Requirements Method
1.6-4 –Provide sufficient, error corrective storage for system data logging and payload data storage
A sufficiently large memory space must be provided in which to store subsystem status data and payload data for downlink
Design, Analyze
The storage system must implement periodic EDAC to at least successfully detect two bit errors and correct one bit errors
Design, Test
C&DH
Risk element Description Proposed Mitigation
Bus Overrun Events
•A network node fails electrically and holds bus lines at fixed levels•A network node logically locks on transmission status
•Perform extensive complete network tests to detect possible failures•Implement an active monitoring system to monitor bus activity and isolate defective nodes
Storage Bank Module Failure
•A memory sector within the storage bank fails due to an SEU or to prolonged radiation exposure•A memory sector randomly fails due to poor component manufacturing or write cycle limits
•Conduct extensive product research and manufacturing processes analysis•Conduct prolonged memory usage (read/write cycles) tests•Design and implement a defective sector identification and memory remapping mechanism•Design and implement a redundant storage mechanism
Detailed Risk Assessment / Mitigation