Methods for Mitigating Space Radiation Effects, Fault Detection and Correction, and Processing Sensor Data
- Created: Friday, 28 February 2014
- Lyndon B. Johnson Space Center, Houston, Texas
A combination of three innovations enables increased efficiency, stability, and flexibility of data management and systems functionality.
The Integrated Modular Avionics (IMA) architecture being developed for space applications requires that sensor data be autonomously sampled and transmitted to the system network. This transmission needs to occur on a predetermined, fixed schedule to avoid conflicts on the network. It needs to be capable of building packets of sensor data for individual application partitions (i.e., environmental control, propulsion, and vehicle management). It must be easily configured for flexibility in system scheduling.
Once a minor frame interrupt (MFI) is received from the network, the timing within a frame begins. The poll list table controls the timing. It starts the input/output module (IOM) sample list execution within each IOM. After enough time has elapsed for the IOMs to step through their respective sample lists, the poll list initiates the command to start assembling the packets. These may include, for example, a packet that contains only data for the environmental control system, another packet could include data for the propulsion system, and yet another packet may contain RIU (remote interface unit) status information. These packets are transferred to the network interface card (NIC). The tables in the NIC schedule the transmission onto the network for each packet. The tables may be unique by minor frame. This allows different packets of data to be sent on different minor frames of the system schedule.
Self-checking lockstep processor architectures, by their nature, are intended to detect differences between redundant elements and to prevent their further propagation. Traditional methods of dealing with detected differences between the halves of a lockstep processor pair are to cease lockstep operation and to initiate recovery. In an integrated processor application, ceasing lockstep operation impacts all software applications on the platform, as they are unable to perform their function until the recovery has been completed and lockstep operation is resumed. The method being described here eliminates the loss of lockstep operation under certain conditions such that the recovery can be done “seamlessly” to all applications other than the one directly accessing the resource that caused the detected difference between lockstep halves.
The Orion VMC (vehicle management computer) processor design is based upon the re-use of a processor design from a commercial avionics product. That design includes the use of several commercial off-the-shelf (COTS) components for which there are no equivalent space-rated components. One of those COTS components is NOR flash that is used to store program and database information for the processor. A design solution that maximizes the advantages of re-use, while satisfying the radiation requirements of the product when using these COTS NOR flash devices in the program flash array, was needed.
This work was done by Mike Bartels, Dean Sunderland, Terry Ahrendt, Tim Moore, David Yeager, Kevin Stover, James Tyrrell, and Bob Poucher of Honeywell for Johnson Space Center. MSC-24769-1/81-1/5-1