HMI00373
Flight Software PDR Presentation
Jerry Drake
HMI Software Lead
[email protected]
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 1
Agenda – Flight Software
•
Requirements
–
–
Sources
Driving requirements
•
Heritage - Flight Processor and Software
•
Design Description
–
–
–
Development Environment
Context Diagram
Computer Software Configuration Items (CSCIs)
•
Start-Up ROM (SUROM) Software
o
•
•
Architecture
Flight Software Overview
o
Architecture
o
Camera Operational Modes
o
Sequence Control
o
Time Handling
o
Fault Management
Resource Utilization
•
Safety and Reliability
•
Software Development Status
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 2
Requirements Sources
•
•
•
•
•
464-SYS-REQ-0004, Mission Requirements Document, Rev. 4.4
HMI Contract Functional Specification
SU-HMI-S013, Instrument Performance Document
2H00021, HMI Performance Assurance Implementation Plan (PAIP)
ICDs
–
–
–
–
•
464-HMI-ICD-0002, Spacecraft to HMI ICD
464-CDH-ICD-0005, 1553 ICD
464-CDH-ICD-0012, High Speed Bus ICD
464-GS-ICD-0001, Ground System ICD
HMI Hardware Functional Specifications, Section 4.2, Software Interface
–
–
2H00119, Functional Specification, HEB Power Converter Subsystem
2H00120, Functional Specification, HEB PCI to Local Bus/1553 Interface
–
–
–
–
–
–
–
2H00121, Functional Specification, HEB Housekeeping Data Acquisition
2H00122, Functional Specification, HEB Image Stabilization Subsystem
2H00123, Functional Specification, HEB Mechanism & Heater Controllers
2H00124, Functional Specification, HEB CCD Camera Interface
2H00125, Functional Specification, HEB Data Compressor/High Rate Interface
2H00126, Functional Specification, HMI Oven Controller
2H00180, Functional Specification, HEB Electronics Box
–
Camera ICD (available by HMI PDR)
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 3
Driving Requirements
•
Spacecraft Command I/F: Provide command capability with spacecraft
–
APIDs, sampling rates and protocols contained in ICDs
–
Commands uplink rate from ground: 2 kbps
–
Maximum command rate to HMI
10 commands/sec
–
Maximum command packet size
250 bytes
–
CCSDS formatted
–
•
HMI Command APID range: 800 - 815
•
Function code identifies each command (in CCSDS header)
Command sources
•
•
Spacecraft
o
Ground (1553 through spacecraft)
• STOL
• Manual
2 kbps (effective 1 kbps)
o
Absolute Time Sequence (ATS)
10 commands/sec
o
Relative Time Sequence (RTS)
10 commands/sec
o
Telemetry & Statistics Monitor (TSM)
Internal to HMI
o
Scripts: Same as macro
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 4
Driving Requirements (cont.)
•
Spacecraft Telemetry I/F: Provide telemetry capability with spacecraft
–
–
1553 Telemetry Channels (Transmit SubAddresses, TSA)
•
•
•
•
Housekeeping
Event Message
Image Motion Compensation
Diagnostic
•
•
Wraparound
TSA 30
Accept and respond to transmit mode codes 2, 4, 5 & 8
1553 Rates
•
•
–
TSA 3 - 6 and completion TSA 7
TSA 12 - 13 and completion TSA 14
TSA 15 and completion TSA 16
TSA 17 - 26 and completion TSA 27
Housekeeping
Diagnostic
Nominal 2 kbps, reduced 1 kbps, emergency 100 bps
10 kbps
1355 Telemetry (Science)
•
•
Software controls
o
Configuration of 1355 connection
• Two High-Speed Bus Channels per interface card
• Two HSB Interface cards in HMI
• Doppler and magnetic images
o
Initiation of transfer (load image parameters)
o
Place housekeeping data into science stream
o
Increment Image Sequence Counter
o
APID range
532 - 595
Hardware controls transfer
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 5
Driving Requirements (cont.)
•
Provide control of subsystems (derived requirements)
–
–
–
–
–
–
–
•
•
•
•
•
Wavelength Tuning Mechanisms (4)
Polarization Selector Mechanisms (3)
Shutters (2)
Calibration/Focus Mechanisms (2)
•
•
Front Door Mechanisms (2)
Alignment Mechanisms (2)
Cameras (2)
Control image transfers and compression (internal to HMI, 2)
Control image transmission (over 1355 to S/C, 2)
Image Stabilization System (1)
Oven (2)
Operational Heaters (max of 8)
Provide diagnostic telemetry capability
–
•
Mechanisms (quantity in parentheses below)
High-rate mechanism current or Image Stabilization data (up to 5 items at 512 Hz sampling
rate)
Provide capability to load code on-orbit
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 6
Driving Requirements (cont.)
•
Science
–
Maintain regular cadence for doppler and vector cameras
•
Framelist must start at the requested time within +/- 100 msec absolute time
–
Provide capability for table-driven sequence control
–
Provide time in telemetry to 100 msec accuracy
–
Provide the capability to maintain HMI internal clock to an accuracy of +/- 100 msec absolute
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 7
Flight Processor/Software and Heritage
•
•
RAD6000
Program A, Program B, Program C, Program D
–
RAM
–
EEPROM
512 Kbytes
–
PROM (SUROM)
64 Kbytes
–
Clock rate
20 Mhz
–
PCI bus
4 Mbytes
Software Heritage
–
VxWorks/RAD6000
Program A, Program B, Program C, Program D
–
SUROM
BAE generic, Program A, Program C, Program D
–
EEPROM
Program C, Program D
–
GNUZIP
Program B, other program
–
Mechanisms
MDI, TRACE, Program B, Program C, Program D, Program F
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 8
Development Environment
•
Languages
–
–
SUROM
•
C
•
Assembly
•
PAS
Flight
•
•
Tools
–
SUROM
•
–
•
C compiler on RS6000 workstation
Flight
•
VxWorks
•
GreenHills Multi
•
Sunblade Workstation
Configuration management tool
–
•
C++/C
Revision Control System (RCS)
Schedule
–
Purchase Sun workstation and software in Nov 2003
–
Install and configure Sun worstation in Dec 2003
–
Transferring 2 existing RS6000 workstations from other contracts (Program A and Program C) to HMI
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 9
Context Diagram
ISS Sensor
ISS PZT
OVN (2)
HTR (8)
FDM (2)
UART (test)
HMI Electronics Box (HEB)
SDO Spacecraft
COP (test)
S/C 1553 I/F
Processor (Rad6000)
Processor (Rad6000)
PCI/Local Bus Bridge/1553
PCI/Local Bus Bridge/1553
Mech/Heater Controller Type 2
Mech/Heater Controller Type 2
Mech/Heater Controller Type 1
Mech/Heater Controller Type 1
PZT Driver
Housekeeping Data Acquisition
Limb Tracker
Spare
Compressor/High Rate Interface
Compressor/High Rate Interface
Camera Interface/Buffer
Camera Interface/Buffer
ALM (2)
WTM (4)
Cmd/HK
PSM (3)
CFM (2)
S/C High Rate I/F (2)
Science
1355
Doppler Camera
Electronics Box
HMI Preliminary Design Review – Nov. 18 &19, 2003
1355
Magnetics Camera
Electronics Box
SH M (2)
WTM
PSM
SHM
CFM
FDM
ALM
ISS
OVN
HTR
Wavelength Tuning Mech
Polarization Selector Mech
Shutter Mech
Calibration/Focus Mech
Front Door Mech
ALignment Mech
Image Stabilization System
Oven
Heaters
[Flight Software] [Drake] Page 10
CSCIs
•
•
Start-Up ROM (SUROM) Computer Software Configuration Item (CSCI)
–
Commands and HK telemetry over 1553 bus
–
Contained in PROM on processor card
–
Can upload kernel from ground to RAM
–
Can load kernel into EEPROM
–
Default is to load kernel from EEPROM to RAM, decompress and boot
Flight SoftWare (FSW) CSCI
–
Contained in EEPROM on processor card
–
Loaded and booted by kernel code
–
Consists of:
•
Kernel code (VxWorks operating system, device drivers, basic cmd and tlm on 1553)
•
Flight code
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 11
SUROM Code
•
SUROM heritage
–
•
BAE generic, Program A, Program C and Program D
Development approach
–
Develop in simulator (Borland Builder C++)
•
–
–
Test on Program A ODP
•
Port from Borland to RS6000
•
Test 1553 (ODP processor has 1553 chips on board)
Test on HMI ETU
•
•
•
Establish socket connection to use EGSE
Requires Interconnect board & PCI/Local Bridge Bus/1553 card with minimal capabilities
Development system for RAD6000 target
–
–
RS6000 workstation
C compiler, PAS assembler, RS6000 assembler and linker
–
COP connection to processor board
Architecture
–
–
–
–
–
Executive
State
1553
Command Handler
Telemetry Handler
–
–
Time
EEPROM
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 12
Nominal Boot Sequence
•
If no commands are received within 30 seconds (5 seconds in fast-boot mode) of the first
1553 telemetry packet, the following occurs:
–
–
A copy of the self-extracting VxWorks kernel is:
•
Read from EEPROM to a default RAM location
•
Decompressed
•
Executed
Kernel then:
•
•
Initializes memory-resident file systems in
o
EEPROM
o
RAM
•
Locates script file /EEPROM/BOOT0001.SCR
•
Executes script file /EEPROM/BOOT0001.SCR
Script /EEPROM/BOOT0001.SCR contains the list of object modules to:
–
Decompress
–
Load into RAM
–
Link
–
Run for auto-booting
–
Other script files (BOOT0002.SCR through BOOT9999.SCR) can be used for alternate booting by an operator
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 13
Flight Software Architecture Diagram
F lig h t S o ftw a r e
M e s s a g in g
K e rn e l S W
Com m and
C m d P a rs e r
T e le m e try
1 5 5 3 I/F
IS S
T im in g C trl
PCI
P o w e r C trl
Id le T a s k
F ile S y s te m
FM
2
M ech
Im a g e C trl
H e a te r C trl
C a m e ra
C trl
D a ta A c q
M e c h . C trl
SC
1553 AM BI
T im in g H W
S c rip ts
S equencer
H a rd w a re
EEPROM
C a m I/F
CEB
HSS
C o m p re s s o r
I/F A M B I
FPG A
1
LEGEND
:D ir e c t C a ll
:M e s s a g e B u s
:T a s k s th a t r u n a s n e e d e d
:M o d u le u s e d w ith in o th e r ta s k s
:T a s k s th a t r u n a t a c o n s ta n t in te r v a l
:D e v ic e D r iv e r s /H W
C o lo r d e n o te s T a s k P r io r ity : P r io r ity 1 P r io r ity 2 P r io r ity 3 P r io r ity 4 P r io r ity 5 P r io r ity 6 P r io r ity 7 P r io r ity 8
2
T h e F M m o d u le is u s e d b y a ll ta s k s .
HMI Preliminary Design Review – Nov. 18 &19, 2003
1
E n c o m p a s s e s T lm A c q , P o w e r , I S S , a n d M e c h a n ic a l F P G A ’s
[Flight Software] [Drake] Page 14
Camera Operational Modes
•
Clear
–
•
•
Remove charge from CCD (in preparation for obtaining new image)
Integrate
–
During integration, the CCD’s parallel register clocks will be held at appropriate voltage levels
–
Serial register clocks can be individually programmed to be high, low or clocking
–
Dither clocking
Readout
–
Full-frame readout of n lines
–
Windowed readout of at least two windows
•
Dump n lines
•
Read x lines
•
Dump m lines
•
Read y lines, etc.
–
Full-frame or windowed readout with n x m pixel binning
–
Continuous clocking
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 15
Sequence Control
•
Modes
–
–
•
Science (cadence held)
•
Doppler cadence: 50 seconds or shorter
•
Vector cadence: 5 minutes or shorter
Test and calibration (no cadence, free running)
Table-driven observing sequences
–
Timeline table
–
Framelist table
•
Focus table
•
Polarization table
•
Wavelength table
o
•
Tuning table
•
Exposure table
•
Table contents and definitions currently under development with science team
Tables are uploadable and modifiable
–
Can be stored in EEPROM or loaded from ground
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 16
Time Handling
•
•
•
VxWorks system tick (interrupt)
–
OBC derived:
–
RAD6000 decrementer: 20 msec (fallback source)
~1.95 msec (512 Hz)
Time at tone:
–
Internal clock latched into OBC 1553 Time Tag Register by 1553 interrupt on receipt of “tone
message”
–
Software accesses OBC 1553 Time Tag Register over PCI bus
Rate adjustment
–
Send OBC 1553 Time Tag Register in housekeeping telemetry
–
Ground calculates drift and issues command to change rate (if so desired)
•
Spacecraft time included in every telemetry packet
•
Observing cadence maintained by:
–
Starting sequence on nearest system tick to time of day modulo cadence in seconds
•
–
The sequence period must be settable in software
o
Command
o
Contained in sequence table
Repeating sequence
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 17
Fault Management
•
Internal limit checking of:
–
Motor current and total current
–
Heater zone temperatures
–
Camera aliveness
–
Alignment Leg Mechanism
–
Front Door Mechanism
–
Autonomous checks of HMI 1553 bus activity over 2 (TBR) minutes
•
Activity level reported in health & safety telemetry
•
Levels below a settable threshold cause internal recovery or safing actions
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 18
Resource Utilization
•
•
PROM (SUROM)
–
Available:
64 K
–
Expected utilization:
95%
–
HMI SUROM contains less functionality (the HMI estimate is conservative) than the Program A SUROM which
fit into the same 64 K PROM
–
SUROM is unchangeable once programmed into PROM and installed on the processor board
EEPROM
–
Available:
–
Expected utilization:
512K
11 K file system overhead
128 K for compressed kernel
128 K for compressed FSW
245 K available margin
•
RAM
–
Available:
4 Mbytes
–
Expected usage:
512 Kb FSW
512 Kb RAM filesystem
Up to 3 MB telemetry buffers for diagnostic data storage (infrequent)
•
CPU Usage
–
FSW
HMI Preliminary Design Review – Nov. 18 &19, 2003
30%
[Flight Software] [Drake] Page 19
Safety and Reliability
•
•
Safety
–
HMI flight software cannot cause loss of mission or injury or death to humans
–
Coding standards will be used (2H00006) to increase safety and reliability
–
Possible safety items:
•
Programming EEPROM
•
Operating front door mechanism, alignment legs and/or heaters
–
Fault management will be implemented (see next slide)
–
Safety issues addressed at all major program reviews
Reliability
–
FSW developed incrementally
–
FSW tested in simulation and emulation
–
FSW will be used for as much hardware testing as possible
–
Idle task shall detect and report in telemetry CPU usage percentage and overrun (if any)
–
Exception handling shall capture and report task errors
–
Internal consistency checks shall be made on cmd parameters & initial use of global pointer
values
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 20
Software Development Status
•
Completed Peer Review on October 8, 2003
•
Complete Software Requirements Document
–
Initial draft submitted with CSR and updated for PDR
•
Complete hardware board specifications
•
Complete
•
–
Command list (draft currently exists)
–
Telemetry list (draft being prepared)
Start detailed design
–
SUROM and kernel in progress
–
FSW starting
•
Develop Software Design Documents
•
Establish interface between simulator and EGSE (to confirm design approach)
•
Risks
–
Complexity of camera control interface
HMI Preliminary Design Review – Nov. 18 &19, 2003
[Flight Software] [Drake] Page 21
Descargar

HMI Peer Review - Stanford University