Autonomy & FDIR Logics in ISRO Spac Autonomy & FDIR Autonomy & FDIR Logics in ISRO...

download Autonomy & FDIR Logics in ISRO Spac Autonomy & FDIR Autonomy & FDIR Logics in ISRO Spacecraft Subramanya

of 31

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Autonomy & FDIR Logics in ISRO Spac Autonomy & FDIR Autonomy & FDIR Logics in ISRO...

  • Autonomy & FDIR

    Autonomy & FDIR Logics in ISRO Spacecraft

    Subramanya Udupa

    Deputy Director, CDA,ISAC/ISRO



    John Hopkins Applied Physics Lab, Maryland, USA

    October- 2015

  • Autonomy & FDIR


    • On-Board computer

    • Spacecraft Autonomy

    • FDIR logics

    • Safe mode & MRS (Master Recovery Sequencer)

    • Software architecture

    • Software Features & Statistics

    October , 2015 Autonomy & FDIR 2

  • Autonomy & FDIR

    On-Board Computer



    Sensor Processing


    Thermal Management

    Power Manag- ement

    Solar Panel


    Payload Operation &


    Operational Autonomy

    Fault Tolerant/


    Attitude and Orbit


    Command processing

    Telemetry and


    Sensor Processing


    Thermal Management

    Power Management

    Safety Logics


    Mil Std 1553B Bus


    Customized Interfaces

    October , 2015 Autonomy & FDIR 3

  • Autonomy & FDIR

    October , 2015 Autonomy & FDIR 4

    On-Board Computer

    Software Requirements

    Control Requirements

    1. Attitude Pointing & Rate Specification: - Sensor requirements - Actuator requirements

    2. Control Law - Computational - Logical - Precision - Accuracy - Timing

    3. Data Validation / Error Handling

    Operational Requirements

    1. Orbit Determination - SPS Data Acquisition - Orbit Model

    2. Telecommand 3. Telemetry 4. Spacecraft Thermal Control 5. Spacecraft Power

    Management 6. Payload Sequencer 7. Spacecraft Operation


    Safety / Redundancy Requirements

    1. Avoid Single Point failures 2. Fuel Conservation

    - LPD

    3. Power Safe Mode & Sun Pointing

    4. Processor hang up - FDI

    5. Algorithm failure handling - Remote programmability

    6. Sensor/Actuator failure/malfunction - FDIR/ESR/Auto Reconfiguration /MRS

  • Autonomy & FDIR

    o To carryout day today activities without ground intervention

    o To Monitor health of AOCS systems continuously & take corrective actions to avoid Attitude loss

    o Ensure Power Generation & communication towards Earth and survive without ground intervention incase of any AOCS system anomalies

    Autonomy : Definition/Objectives

    Spacecraft Autonomy

    October , 2015 Autonomy & FDIR 5

  • Autonomy & FDIR

    Spacecraft Autonomy

    • Autonomy features like • Time tagged mode, Event based commanding

    • Configurable command blocks

    • Auto temperature control

    • FDIR logics for sensors, Actuators, Payload

    • Master Recovery Sequencer

    • AOCS Safe Mode, Power Safe Mode

    • Driving Factors: • Fail Safe Operations.

    • Easiness of Operations.

    • Non availability of Contact.

    Launch Phase Sequencer

    Auto Acquisition Sequencer

    LEB / Orbit / Station Keeping


    Payload Operation Sequencer

    Master Recovery Sequencer

     Fault Tolerant features  Hardware : NMI, WDT, Redundancy,

    EDAC, Hardware Filters

     Software: Memory Scrubbing, Filters, Wild Sample Remover, Data Validation, Consistency Checks, Remote Programming, EEPROM

     Actions: Shutdown, Abort, Retry, Reconfiguration

    October , 2015 Autonomy & FDIR 6

  • Autonomy & FDIR

    Levels of Autonomy • Level A Autonomy

    o Fault Detection and Isolation(FDI) logic: WDT Based

    o Long Pulse Detection(LPD) logic: Thruster Driver stuck high failure detection and Isolation

    o EDAC and Memory Scrubbing

    o Mil 1553B Bus Change over Logic

    o Remote Programming

    o AOCE Reset Handling

    o E2PROM Management

    • Level B Autonomy

    o Fault Detection, Isolation and Reconfiguration (FDIR)

    • Level C Autonomy

    o Power Safety Logic

    o AOCS Safe Mode Autonomy & FDIR 7

    Spacecraft Autonomy

    October , 2015

  • Autonomy & FDIR

    Levels of Autonomy • Level D Autonomy

    o Operational Autonomy

    o Sequencers

    o Launch phase sequencer

    o LEB Sequencer

    o Thruster Augmentation Logic

    o LEB termination logic

    o Payload operation Sequencer

    o Other Logics

    o SS occultation handling

    o Over speed protection logic

    o Reference check logic

    • Master Recovery Sequencer (MRS): To handle more than one failure and recovery & Safe Mode recovery

    Autonomy & FDIR 8

    Spacecraft Autonomy

    October , 2015

  • Autonomy & FDIR

    Spacecraft Autonomy

    9October , 2015 Autonomy & FDIR

    OBC Hardware Layer

    Real Time Executive

    Data Acq Layer

    Data Delivery


    Interface Layer

    Data Proc &


    Data Selection &


    Mission & Control Laws

    (Operational Autonomy)

    O/P Data Proc &


    Level-A: EDAC, FDI, LPD

    Fault Tolerant Autonomy

    Level-B: Gyro, SS, AccMtr


    ARC, Spurious On/Off

    handling), Memory

    Scrubbing, Memory

    consistency, SPDM, 1553-B

    FDIR, Reset, FDI, LPD

    Handling with EEPROM,

    Remote Programming

    Level-C: Power Safety Logic

    Level-D: Safe Mode

    M a s te

    r R

    e c o v e ry

    S e q

    u e

    n c e r

    (M R

    S )

  • Autonomy & FDIR

    1553 Interface

    Events Flag Interface

    Tele command Processor ( TCP-1 and TCP-2)

    1. Isolation and Reconfiguration Commands

    Execution on the reception of Events Flag ( 64)

    from AOCE.

    2. Health Check Using Telemetry and Isolation

    and Reconfiguration using EBC’s (40)

    3. Auto Thermal Control ( PATC)

    AOCE Processor ( AOCE-1 and AOCE-2)

    1. Health and Performance Analysis

    2. Fault Detection

    3. Isolation and Reconfiguration Through Events


    4. Internal Reconfiguration

    5. Battery Voltage and Current Check

    6. Safe Mode Detection and Normalization(thru

    Events Flag)


    3 Dynamically Tuned Gyros

    2 Star Sensors

    4 Accelerometers


    4 Reaction Wheels

    8 22N Attitude Control


    2 SPDM Motor Coils

    Power Electronics

    Li-Ion Battery ( Voltage Levels

    Check )

    Thermal System

    Heaters Temperatures

    ( PATC)

    Communication System

    2 Transmitters

    2 Receivers

    2 TWTA

    3 Antennas ( Low Gain ,

    Medium Gain , High Gain)





    InterfaceTelemetry Interface

    TC Interface

    TC InterfaceTC Interface

    TC Interface

    Events Commands Execution for

    Isolation and Reconfiguration

    TC Interface

    Events Commands

    Execution for Isolation

    and Reconfiguration

    16 TM Words ( Battery

    Voltage , Current etc)

    Telemetry Interface

    Spacecraft Autonomy

    October , 2015 Autonomy & FDIR 10

  • Autonomy & FDIR

    Why FDIR ?

    • Hardware Faults

    • Temporary or Permanent

    • Computation Faults

    • Numerical errors, Divide by zero, exceptions

    • Design Errors

    • Algorithm failures

    • Interface Errors

    • Communication failures

    • Environment Errors

    • Temperature out of limits etc

    FDIR Logics

    October , 2015 Autonomy & FDIR 11

  • Autonomy & FDIR

    FDIR Logics in Spacecraft system

    • Gyro FDIR

    • Accelerometer FDIR

    • SS FDIR

    • Mil-STD-1553 BC/RT FDIR

    • Wheel FDIR

    • Thruster FDIR

    • Solar Panel Drive Mechanism safety logic

    Autonomy & FDIROctober , 2015

    FDIR Logics


  • Autonomy & FDIR

    Gyro FDIR

    GFDIRSync loss

    Sync Toggling

    Low Wheel Speed

    Data Freeze

    RT Fail

    Autonomy & FDIR 13October , 2015

    FDIR Logics

  • Autonomy & FDIR

    Accelerometer FDIR


    Accelerometer Data Freeze

    Accelerometer Wild Data

    Gyro Data Freeze

    RT Failure

    Autonomy & FDIR 14October , 2015

    FDIR Logics

  • Autonomy & FDIR




    RefT Reset

    Attitude FD

    Data Error

    CCD Temperature Voltage


    Check Sum

    SS Occultation

    Bus Fail

    SS Change Over if other sensor is usable Else Retry

    If both SS Fail indicate Both SS fail Flag to MRS

    Consistency Logic Disable

    Consistency Logic disable if both head attitude are


    No failure but update counter is not incrementing

    No failure but update counter is