系統識別號 U0026-1607201517520000
論文名稱(中文) PHOENIX立方衛星飛行軟體的容錯設計與實現
論文名稱(英文) Design and Implementation of the Fault Tolerance Module in PHOENIX CubeSat
校院名稱 成功大學
系所名稱(中) 電機工程學系
系所名稱(英) Department of Electrical Engineering
學年度 103
學期 2
出版年 104
研究生(中文) 陳立偉
研究生(英文) Li-Wei Chen
電子信箱 mike6102@gmail.com
學號 N26024244
學位類別 碩士
語文別 英文
論文頁數 79頁
口試委員 指導教授-莊智清
中文關鍵字 立方衛星  容錯設計  飛行軟體  錯誤模式分析 
英文關鍵字 CubeSat  Fault Tolerance  Flight Software  FDIR  FMECA 
中文摘要 近年來,在航太科技與小型衛星的研究日漸蓬勃。衛星的飛行軟體(on-board flight software)在面對發生錯誤時的處理與容錯能力成為一個關鍵的設計要求。本論文主要發展容錯設計並實現於成功大學開發之PHOENIX立方衛星。
作為QB50衛星計畫的一份子,PHOENIX衛星的主要目標是對低層大氣進行研究。為了達成這個目標,PHOENIX衛星上搭載了兩個科學酬載:離子中子質譜儀(Ion and Neutral Mass Spectrometer)與太陽紫外線(Solar Extreme Ultraviolet)偵測器。與其他常見的酬載操作方式不同,這兩個酬載的操作時間跟模式不是固定的,必須根據由地面操作站上傳的腳本來進行操作,這極大的增加了軟體開發的複雜度,也使飛行軟體的容錯能力與可靠性成為設計時的主要條件之一。
飛行軟體負責的事情包括地面上傳指令的驗證與執行,任務排程,科學資料的收集、儲存、打包與進行下傳,還有檢查與維護衛星的健康狀態。衛星電腦同時也是各個子系統之間通訊的橋樑與管理者。讓衛星電腦出錯的可能因素有很多,大致上能分成軟體因素,硬體因素,人為因素這三種。這些因素背後隱藏的成因又主要來自於兩種因輻射線所引發的效應:單粒子翻轉(Single Event Upset)與單事件閉鎖(Single Event Latch-up)。單粒子翻轉的原理是電子裝置因輻射所發生非預期的狀態改變,可會導致系統錯誤,改變衛星執行的參數或是資料毀損。單事件閉鎖則是因為受到高能量的微粒子撞擊,導致的結果可能是硬體毀損或是電壓準位異常。幸運的是,因輻射所導致的大部分問題是可以被處理的,甚至透過正確的軟體的架構設計便能避免或降低其部分的損害,至於其他無法避免的情況,我們便需要透過其他的容錯設計來解決。
英文摘要 The research in space technology and small satellite development has become more prevalent in recent years. On-board flight software (FSW) should be able to handle subsystems with recovery capability in the presence of errors and faults. Fault Detection, Isolation and Recovery (FDIR) has become a key function when designing flight software. This thesis depicts the FDIR functions that are implemented in the On-Board Computer (OBC) of PHOENIX.
For the QB50 mission, the main objective of PHOENIX is to conduct research with respect to the lower atmosphere and to study the atmospheric re-entry process associated with aerothermodynamics phenomena. According to this objective, two science payloads, the INMS and SolarEUV, are installed in PHOENIX. Instead of routine operation, the ground station has to upload scripts to control these two payloads. This increases the complexity of the on-board software. Thus, robustness and reliability become one of the main requirements of the FSW development.
FSW is in charge of command validation and execution, mission scheduling, data reception, storage and downlinking, and maintaining satellite health. The OBC is also the interface for managing the communication between subsystems and payloads. The cause of system failure can be very complex, including software, hardware, and human factors. Besides human factors, many failures are caused by two primary effects of radiation: Single Event Upset (SEU) and Single Event Latch-up (SEL). SEU is a change of state in micro-electronic devices, which may cause system crash, behavior change, and data damage. SEL is a current caused by high-energy particle collision, which can damage devices. However, some of these failures can be prevented with the right software design, and we need to find solutions to handle the remaining failures.
PHOENIX CubeSat uses several FDIR methods including a software supervisor, watch dog timers, data redundancy, and so on, to scan important system parameters for potential failures and also to avoid data corruption. A FDIR library is designed to support the ability of the software supervisor to handle potential failures. Ground station is able to update this library by unloading scripts. These FDIR methods and strategies follow some guidelines, principles and a failure hierarchy in the engineering phase and are able to adjust to single events and other failure situations. Herein, some discussions and lesson learned are presented.
論文目次 摘要 III
Abstract V
Acknowledgement VII
Content VIII
List of Tables XI
List of Figures XII
List of Abbreviations XIII
Chapter 1 Introduction 1
1.1 Objective 1
1.2 Survey of fault tolerance and existing FDIR methods 2
1.2.1 Requirements of a Fault Tolerance System 2
1.2.2 Fault Tolerance in a Computer System 4
1.2.3 Fault Tolerant Methods Used on Spacecraft Computers 8
1.3 Organization 10
Chapter 2 PHOENIX Nanosatellite 11
2.1 Objective of QB50 Mission 11
2.2 PHOENIX Design 13
2.3 PHOENIX C&DH Subsystem 16
2.3.1 OBC NanoMind A712D 17
2.3.2 On-board Operating System: FreeRTOS 18
2.3.3 Development Environment 19
2.3.4 Software Library 21
2.3.5 Electrical Ground Support Equipment (EGSE) 22
2.3.6 UART Debugging Interface 23
Chapter 3 PHOENIX Flight Software 25
3.1 FSW Architecture 25
3.1.1 Mode Control Task (MCT) 26
3.1.2 INMS Payload Handler (IPH) 26
3.1.3 SEUV Payload Handler (SPH) 26
3.1.4 Telecom Handler (TH) 26
3.1.5 HouseKeeping Handler 27
3.1.6 ADCS Handler 27
3.1.7 Software Supervisor Module (SSM) 27
3.1.8 Debugging Interface Handler 28
3.2 FSW Four-Layer Coding Hierarchy 28
3.3 PHOENIX Operation Mode 30
3.3.1 OFF Mode 31
3.3.2 Initialization Mode 31
3.3.3 Safe Mode 32
3.3.4 Stabilization Mode 32
3.3.5 Payload Mode 32
3.3.6 Communication Mode 33
3.4 Software Dynamic Architecture 34
3.4.1 Subsystems Power Status in Modes 34
3.4.2 Software Behavior 34
3.5 Inner Communications 36
3.5.1 Subsystem Interface 36
3.5.2 I2C 37
3.5.3 UART 38
3.5.4 Inter-Process Communication 39
Chapter 4 FDIR Design in PHOENIX 41
4.1 PHOENIX Failure Modes Analysis 41
4.1.1 Classification of Severity 42
4.1.2 Classification of Failure Probability 42
4.1.3 PHOENIX Unit FMECA 43
4.1.4 PHOENIX System FMECA 50
4.1.5 Analysis Result 52
4.2 FDIR in Module Layer 53
4.2.1 Goal and Requirements 53
4.2.2 FDIR Techniques in COTS components 53
4.2.3 FDIR Techniques in Software Modules 55
4.3 FDIR in System layer 63
4.3.1 Goal and Requirements 63
4.3.2 Implementation of Software Supervisor 64
4.3.3 Implementation of FDIR Library 68
4.4 FDIR Implementation and Test Environment 71
Chapter 5 Discussions 73
5.1 Implementation Cost and Effectiveness 73
5.2 Lesson Learned 74
Chapter 6 Conclusion 76
6.1 Summary 76
6.2 Future Work 76
Reference 77

參考文獻 [1] NanoMind A712D-Datasheet, GOMSpace, 2014.

[2] R. Gumzej, Real-Time Systems' Quality of Service, 2010, pp. 63.

[3] P. Daniel, C. Siewiorek, G. Bell, and A. Newell et al., Computer Structures: Principles and Examples, 1982, pp. 155.

[4] W. Stallings, Operating Systems. Internals and Design Principles, 2009.

[5] T. Ritter, The Great CRC Mystery , 2009, pp. 26 - 34.

[6] M. R. Neilforoshan, "Fault Tolerant Computing in Computer Design," in Journal of Computing Sciences in Colleges, vol. 18, pp. 213 - 220, 2003.

[7] Remzi H, Andrea C, "RAID " Operating Systems: Three Easy Pieces, 2014.

[8] NanoPower P31u V8.0 Datasheet, GOMSpace, 2014.

[9] A. Heimann, "PHOENIX Thermal Simulation Report," PACE Lab, National Cheng Kung University, 2015.

[10] J. Zoutendyk, Estimating Rates of Single-Event Upsets, vol. 12, 1988, pp. 10.

[11] A. Corsetti, A. M. Ambrósio, M. d. Fátima, and M. Francisco et al., "Robustness Testing of Satellite Attitude and Orbit Control Systems: a Proposal Guided by Two Model Based Testing Methodologies," in Brazilian Symposium on Computing Systems Engineering , pp. 159 - 160, 2013.

[12] F. Samuel, T. J. Hishmeh, J. E. Doering, and J. Lumpp et al., "Design of Flight Software for the KySat CubeSat Bus," in Aerospace Conference , pp. 1 - 15, 2009.

[13] M. Greg, Fault Tolerant and Flexible CubeSat Software Architecture, Master Thesis, Electrical Engineering, California Polytechnic State University, 2011.

[14] U. Naftaly and R. Levy-Nathansohn, "Overview of the TECSAR Satellite Hardware and Mosaic Mode," in IEEE Geoscience and Remote Sensing Letters, vol. 5, no. 3, 2008.

[15] Y.-P. Tsai, Development of Mudular and Flexible Nano Satellite Flight Software, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2013.

[16] F. SalarKaleji and A. Dayyani, "A survey on Fault Detection, Isolation and Recovery Module in Satellite Onboard Software," in International Conference on Recent Advances in Space Technologies, pp. 545 - 548, 2013.

[17] T.-L. Kuo, Implementation and Test of a Microsatellite Flight Software, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2011.

[18] VKI. QB50 Project. Access Year: 2015; https://www.qb50.eu/

[19] J. Thoemel, "50 CubeSats for Multi-point, In-situ Measurements (QB50)," presented at the 3rd International Space Research Conference, 2014.

[20] R. A. Chaudery, QB50 INMS Science Unit Interface Control Document, Mullard Space Science Laboratory, University College London, 2014.

[21] T.-W. Tsau, Miniaturized Solar Extreme Ultraviolet Probe for CubeSat Missions, Master Thesis, Institute of Space and Plasma Sciences, National Cheng Kung University, 2015.

[22] L.-W. Chen, A. Heimann, E. Huang, T.-Y. Lin, Vina, J. Tsai, J. Vannitsen, T.-W. Tsau, et al., PHOENIX Design Overview, PACE Lab, National Cheng Kung University, 2015.

[23] L.-W. Chen and T.-C. Huang, "Implementation of the Fault Tolerance Module in PHOENIX CubeSat," in IAA Symposium on Small Satellites for Earth Observation, 2015.

[24] T.-Y. Lin, Design and Verification of the Control Procedure of Attitude Determination and Control Subsystem for Nanosatellite, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2014.

[25] Vina, Attitude Determination and Control Subsystem for PHOENIX CubeSat: Design, Implementation, and Testing, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2015.

[26] S.-H. Wu, "Pre-Mission Analysis and Architecture Design of Electrical Power Subsystem for 2U CubeSat," in IAA Symposium on Small Satellites for Earth Observation, 2015.

[27] E. Timmer, S. Speretta and M. Alvarez, TRxVU Interface Control Document, ISIS, 2014.

[28] J. L. Tresvig and T. Lindem, "Design of a Communication System for a Nanosatellite Space Weather Mission," in Aerospace and Electronic Systems Magazine, pp. 22 - 29, 2014.

[29] C.-S. Sun, Design and Implementation of Microsatellite Electrical Power Subsystem, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2010.

[30] Quality RTOS & Embedded Software. Access Year: 2013; http://www.freertos.org/

[31] J. M. Erasmus, Generic Interface System User Manual, ISIS , 2011.

[32] Failure Modes, Effects and Criticality Analysis (FMECA), European Space Agency Standard MIL–STD–882, 1991.

[33] Y. Chen, L. Du, Y.-F. Li, H.-Z. Huang, and X. Li et al., "FMECA for Aircraft Electric System," in International Conference of Quality, Reliability, Risk, Maintenance, and Safety Engineering, pp. 122 - 125, 2011.

[34] GitHub. Available: https://github.com/
  • 同意授權校內瀏覽/列印電子全文服務,於2015-07-23起公開。
  • 同意授權校外瀏覽/列印電子全文服務,於2016-07-23起公開。

  • 如您有疑問,請聯絡圖書館