HMI Peer Review - Stanford University
Download
Report
Transcript HMI Peer Review - Stanford University
HMI00373
Flight Software PDR Presentation
Jerry Drake
HMI Software Lead
[email protected]
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 1
Agenda – Flight Software
•
Requirements
–
–
Sources
Driving requirements
•
Heritage - Flight Processor and Software
•
Design Description
–
–
–
Development Environment
Context Diagram
Computer Software Configuration Items (CSCIs)
•
Start-Up ROM (SUROM) Software
o
•
•
Architecture
Flight Software Overview
o
Architecture
o
Camera Operational Modes
o
Sequence Control
o
Time Handling
o
Fault Management
Resource Utilization
•
Safety and Reliability
•
Software Development Status
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 2
Requirements Sources
•
•
•
•
•
464-SYS-REQ-0004, Mission Requirements Document, Rev. 4.4
HMI Contract Functional Specification
SU-HMI-S013, Instrument Performance Document
2H00021, HMI Performance Assurance Implementation Plan (PAIP)
ICDs
–
–
–
–
•
464-HMI-ICD-0002, Spacecraft to HMI ICD
464-CDH-ICD-0005, 1553 ICD
464-CDH-ICD-0012, High Speed Bus ICD
464-GS-ICD-0001, Ground System ICD
HMI Hardware Functional Specifications, Section 4.2, Software Interface
–
–
2H00119, Functional Specification, HEB Power Converter Subsystem
2H00120, Functional Specification, HEB PCI to Local Bus/1553 Interface
–
–
–
–
–
–
–
2H00121, Functional Specification, HEB Housekeeping Data Acquisition
2H00122, Functional Specification, HEB Image Stabilization Subsystem
2H00123, Functional Specification, HEB Mechanism & Heater Controllers
2H00124, Functional Specification, HEB CCD Camera Interface
2H00125, Functional Specification, HEB Data Compressor/High Rate Interface
2H00126, Functional Specification, HMI Oven Controller
2H00180, Functional Specification, HEB Electronics Box
–
Camera ICD (available by HMI PDR)
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 3
Driving Requirements
•
Spacecraft Command I/F: Provide command capability with spacecraft
–
APIDs, sampling rates and protocols contained in ICDs
–
Commands uplink rate from ground: 2 kbps
–
Maximum command rate to HMI
10 commands/sec
–
Maximum command packet size
250 bytes
–
CCSDS formatted
–
•
HMI Command APID range: 800 - 815
•
Function code identifies each command (in CCSDS header)
Command sources
•
•
Spacecraft
o
Ground (1553 through spacecraft)
• STOL
• Manual
2 kbps (effective 1 kbps)
o
Absolute Time Sequence (ATS)
10 commands/sec
o
Relative Time Sequence (RTS)
10 commands/sec
o
Telemetry & Statistics Monitor (TSM)
Internal to HMI
o
Scripts: Same as macro
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 4
Driving Requirements (cont.)
•
Spacecraft Telemetry I/F: Provide telemetry capability with spacecraft
–
–
1553 Telemetry Channels (Transmit SubAddresses, TSA)
•
•
•
•
Housekeeping
Event Message
Image Motion Compensation
Diagnostic
•
•
Wraparound
TSA 30
Accept and respond to transmit mode codes 2, 4, 5 & 8
1553 Rates
•
•
–
TSA 3 - 6 and completion TSA 7
TSA 12 - 13 and completion TSA 14
TSA 15 and completion TSA 16
TSA 17 - 26 and completion TSA 27
Housekeeping
Diagnostic
Nominal 2 kbps, reduced 1 kbps, emergency 100 bps
10 kbps
1355 Telemetry (Science)
•
•
Software controls
o
Configuration of 1355 connection
• Two High-Speed Bus Channels per interface card
• Two HSB Interface cards in HMI
• Doppler and magnetic images
o
Initiation of transfer (load image parameters)
o
Place housekeeping data into science stream
o
Increment Image Sequence Counter
o
APID range
532 - 595
Hardware controls transfer
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 5
Driving Requirements (cont.)
•
Provide control of subsystems (derived requirements)
–
–
–
–
–
–
–
•
•
•
•
•
Wavelength Tuning Mechanisms (4)
Polarization Selector Mechanisms (3)
Shutters (2)
Calibration/Focus Mechanisms (2)
•
•
Front Door Mechanisms (2)
Alignment Mechanisms (2)
Cameras (2)
Control image transfers and compression (internal to HMI, 2)
Control image transmission (over 1355 to S/C, 2)
Image Stabilization System (1)
Oven (2)
Operational Heaters (max of 8)
Provide diagnostic telemetry capability
–
•
Mechanisms (quantity in parentheses below)
High-rate mechanism current or Image Stabilization data (up to 5 items at 512 Hz sampling
rate)
Provide capability to load code on-orbit
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 6
Driving Requirements (cont.)
•
Science
–
Maintain regular cadence for doppler and vector cameras
•
Framelist must start at the requested time within +/- 100 msec absolute time
–
Provide capability for table-driven sequence control
–
Provide time in telemetry to 100 msec accuracy
–
Provide the capability to maintain HMI internal clock to an accuracy of +/- 100 msec absolute
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 7
Flight Processor/Software and Heritage
•
•
RAD6000
Program A, Program B, Program C, Program D
–
RAM
–
EEPROM
512 Kbytes
–
PROM (SUROM)
64 Kbytes
–
Clock rate
20 Mhz
–
PCI bus
4 Mbytes
Software Heritage
–
VxWorks/RAD6000
Program A, Program B, Program C, Program D
–
SUROM
BAE generic, Program A, Program C, Program D
–
EEPROM
Program C, Program D
–
GNUZIP
Program B, other program
–
Mechanisms
MDI, TRACE, Program B, Program C, Program D, Program F
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 8
Development Environment
•
Languages
–
–
SUROM
•
C
•
Assembly
•
PAS
Flight
•
•
Tools
–
SUROM
•
–
•
C compiler on RS6000 workstation
Flight
•
VxWorks
•
GreenHills Multi
•
Sunblade Workstation
Configuration management tool
–
•
C++/C
Revision Control System (RCS)
Schedule
–
Purchase Sun workstation and software in Nov 2003
–
Install and configure Sun worstation in Dec 2003
–
Transferring 2 existing RS6000 workstations from other contracts (Program A and Program C) to HMI
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 9
Context Diagram
ISS Sensor
ISS PZT
OVN (2)
HTR (8)
FDM (2)
UART (test)
HMI Electronics Box (HEB)
SDO Spacecraft
COP (test)
S/C 1553 I/F
Processor (Rad6000)
Processor (Rad6000)
PCI/Local Bus Bridge/1553
PCI/Local Bus Bridge/1553
Mech/Heater Controller Type 2
Mech/Heater Controller Type 2
Mech/Heater Controller Type 1
Mech/Heater Controller Type 1
PZT Driver
Housekeeping Data Acquisition
Limb Tracker
Spare
Compressor/High Rate Interface
Compressor/High Rate Interface
Camera Interface/Buffer
Camera Interface/Buffer
ALM (2)
WTM (4)
Cmd/HK
PSM (3)
CFM (2)
S/C High Rate I/F (2)
Science
1355
Doppler Camera
Electronics Box
HMI Preliminary Design Review – Nov. 18 &19, 2003
1355
Magnetics Camera
Electronics Box
SH M (2)
WTM
PSM
SHM
CFM
FDM
ALM
ISS
OVN
HTR
Wavelength Tuning Mech
Polarization Selector Mech
Shutter Mech
Calibration/Focus Mech
Front Door Mech
ALignment Mech
Image Stabilization System
Oven
Heaters
[Flight Software] [Drake] Page 10
CSCIs
•
•
Start-Up ROM (SUROM) Computer Software Configuration Item (CSCI)
–
Commands and HK telemetry over 1553 bus
–
Contained in PROM on processor card
–
Can upload kernel from ground to RAM
–
Can load kernel into EEPROM
–
Default is to load kernel from EEPROM to RAM, decompress and boot
Flight SoftWare (FSW) CSCI
–
Contained in EEPROM on processor card
–
Loaded and booted by kernel code
–
Consists of:
•
Kernel code (VxWorks operating system, device drivers, basic cmd and tlm on 1553)
•
Flight code
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 11
SUROM Code
•
SUROM heritage
–
•
BAE generic, Program A, Program C and Program D
Development approach
–
Develop in simulator (Borland Builder C++)
•
–
–
Test on Program A ODP
•
Port from Borland to RS6000
•
Test 1553 (ODP processor has 1553 chips on board)
Test on HMI ETU
•
•
•
Establish socket connection to use EGSE
Requires Interconnect board & PCI/Local Bridge Bus/1553 card with minimal capabilities
Development system for RAD6000 target
–
–
RS6000 workstation
C compiler, PAS assembler, RS6000 assembler and linker
–
COP connection to processor board
Architecture
–
–
–
–
–
Executive
State
1553
Command Handler
Telemetry Handler
–
–
Time
EEPROM
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 12
Nominal Boot Sequence
•
If no commands are received within 30 seconds (5 seconds in fast-boot mode) of the first
1553 telemetry packet, the following occurs:
–
–
A copy of the self-extracting VxWorks kernel is:
•
Read from EEPROM to a default RAM location
•
Decompressed
•
Executed
Kernel then:
•
•
Initializes memory-resident file systems in
o
EEPROM
o
RAM
•
Locates script file /EEPROM/BOOT0001.SCR
•
Executes script file /EEPROM/BOOT0001.SCR
Script /EEPROM/BOOT0001.SCR contains the list of object modules to:
–
Decompress
–
Load into RAM
–
Link
–
Run for auto-booting
–
Other script files (BOOT0002.SCR through BOOT9999.SCR) can be used for alternate booting by an operator
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 13
Flight Software Architecture Diagram
Flight Software
Kernel SW
Messaging
Command
CmdParser
FM 2
Telemetry
1553 I/F
ISS
Timing Ctrl
PCI
Power Ctrl
Idle Task
FileSystem
Mech
Scripts
Sequencer
Image Ctrl
Heater Ctrl
Camera
Ctrl
Mech. Ctrl
Data Acq
HSS
Hardware
SC
1553 AMBI
Timing HW
EEPROM
Cam I/F
CEB
Compressor
I/F AMBI
FPGA 1
LEGEND
:Direct Call
:Message Bus
:Module used within other tasks
:Tasks that run at a constant interval
:Device Drivers/HW
:Tasks that run as needed
Color denotes Task Priority: Priority 1 Priority 2 Priority 3 Priority 4 Priority 5 Priority 6 Priority 7 Priority 8
2
The FM module is used by all tasks.
HMI Preliminary Design Review – Nov. 18 &19, 2003
1
Encompasses Tlm Acq, Power, ISS, and Mechanical FPGA’s
[Flight Software] [Drake] Page 14
Camera Operational Modes
•
Clear
–
•
•
Remove charge from CCD (in preparation for obtaining new image)
Integrate
–
During integration, the CCD’s parallel register clocks will be held at appropriate voltage levels
–
Serial register clocks can be individually programmed to be high, low or clocking
–
Dither clocking
Readout
–
Full-frame readout of n lines
–
Windowed readout of at least two windows
•
Dump n lines
•
Read x lines
•
Dump m lines
•
Read y lines, etc.
–
Full-frame or windowed readout with n x m pixel binning
–
Continuous clocking
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 15
Sequence Control
•
Modes
–
–
•
Science (cadence held)
•
Doppler cadence: 50 seconds or shorter
•
Vector cadence: 5 minutes or shorter
Test and calibration (no cadence, free running)
Table-driven observing sequences
–
Timeline table
–
Framelist table
•
Focus table
•
Polarization table
•
Wavelength table
o
•
Tuning table
•
Exposure table
•
Table contents and definitions currently under development with science team
Tables are uploadable and modifiable
–
Can be stored in EEPROM or loaded from ground
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 16
Time Handling
•
•
•
VxWorks system tick (interrupt)
–
OBC derived:
–
RAD6000 decrementer: 20 msec (fallback source)
~1.95 msec (512 Hz)
Time at tone:
–
Internal clock latched into OBC 1553 Time Tag Register by 1553 interrupt on receipt of “tone
message”
–
Software accesses OBC 1553 Time Tag Register over PCI bus
Rate adjustment
–
Send OBC 1553 Time Tag Register in housekeeping telemetry
–
Ground calculates drift and issues command to change rate (if so desired)
•
Spacecraft time included in every telemetry packet
•
Observing cadence maintained by:
–
Starting sequence on nearest system tick to time of day modulo cadence in seconds
•
–
The sequence period must be settable in software
o
Command
o
Contained in sequence table
Repeating sequence
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 17
Fault Management
•
Internal limit checking of:
–
Motor current and total current
–
Heater zone temperatures
–
Camera aliveness
–
Alignment Leg Mechanism
–
Front Door Mechanism
–
Autonomous checks of HMI 1553 bus activity over 2 (TBR) minutes
•
Activity level reported in health & safety telemetry
•
Levels below a settable threshold cause internal recovery or safing actions
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 18
Resource Utilization
•
•
PROM (SUROM)
–
Available:
64 K
–
Expected utilization:
95%
–
HMI SUROM contains less functionality (the HMI estimate is conservative) than the Program A SUROM which
fit into the same 64 K PROM
–
SUROM is unchangeable once programmed into PROM and installed on the processor board
EEPROM
–
Available:
–
Expected utilization:
512K
11 K file system overhead
128 K for compressed kernel
128 K for compressed FSW
245 K available margin
•
RAM
–
Available:
4 Mbytes
–
Expected usage:
512 Kb FSW
512 Kb RAM filesystem
Up to 3 MB telemetry buffers for diagnostic data storage (infrequent)
•
CPU Usage
–
FSW
HMI Preliminary Design Review – Nov. 18 &19, 2003
30%
[Flight Software] [Drake] Page 19
Safety and Reliability
•
•
Safety
–
HMI flight software cannot cause loss of mission or injury or death to humans
–
Coding standards will be used (2H00006) to increase safety and reliability
–
Possible safety items:
•
Programming EEPROM
•
Operating front door mechanism, alignment legs and/or heaters
–
Fault management will be implemented (see next slide)
–
Safety issues addressed at all major program reviews
Reliability
–
FSW developed incrementally
–
FSW tested in simulation and emulation
–
FSW will be used for as much hardware testing as possible
–
Idle task shall detect and report in telemetry CPU usage percentage and overrun (if any)
–
Exception handling shall capture and report task errors
–
Internal consistency checks shall be made on cmd parameters & initial use of global pointer
values
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 20
Software Development Status
•
Completed Peer Review on October 8, 2003
•
Complete Software Requirements Document
–
Initial draft submitted with CSR and updated for PDR
•
Complete hardware board specifications
•
Complete
•
–
Command list (draft currently exists)
–
Telemetry list (draft being prepared)
Start detailed design
–
SUROM and kernel in progress
–
FSW starting
•
Develop Software Design Documents
•
Establish interface between simulator and EGSE (to confirm design approach)
•
Risks
–
Complexity of camera control interface
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 21