| 研究生: | 陳立偉 Chen, Li-Wei | 
|---|---|
| 論文名稱: | PHOENIX立方衛星飛行軟體的容錯設計與實現 Design and Implementation of the Fault Tolerance Module in PHOENIX CubeSat | 
| 指導教授: | 莊智清 Juang, Jyh-Ching | 
| 學位類別: | 碩士 Master | 
| 系所名稱: | 電機資訊學院 - 電機工程學系 Department of Electrical Engineering | 
| 論文出版年: | 2015 | 
| 畢業學年度: | 103 | 
| 語文別: | 英文 | 
| 論文頁數: | 79 | 
| 中文關鍵詞: | 立方衛星 、容錯設計 、飛行軟體 、錯誤模式分析 | 
| 外文關鍵詞: | CubeSat, Fault Tolerance, Flight Software, FDIR, FMECA | 
| 相關次數: | 點閱:136 下載:10 | 
| 分享至: | 
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 | 
近年來,在航太科技與小型衛星的研究日漸蓬勃。衛星的飛行軟體(on-board flight software)在面對發生錯誤時的處理與容錯能力成為一個關鍵的設計要求。本論文主要發展容錯設計並實現於成功大學開發之PHOENIX立方衛星。
作為QB50衛星計畫的一份子,PHOENIX衛星的主要目標是對低層大氣進行研究。為了達成這個目標,PHOENIX衛星上搭載了兩個科學酬載:離子中子質譜儀(Ion and Neutral Mass Spectrometer)與太陽紫外線(Solar Extreme Ultraviolet)偵測器。與其他常見的酬載操作方式不同,這兩個酬載的操作時間跟模式不是固定的,必須根據由地面操作站上傳的腳本來進行操作,這極大的增加了軟體開發的複雜度,也使飛行軟體的容錯能力與可靠性成為設計時的主要條件之一。
飛行軟體負責的事情包括地面上傳指令的驗證與執行,任務排程,科學資料的收集、儲存、打包與進行下傳,還有檢查與維護衛星的健康狀態。衛星電腦同時也是各個子系統之間通訊的橋樑與管理者。讓衛星電腦出錯的可能因素有很多,大致上能分成軟體因素,硬體因素,人為因素這三種。這些因素背後隱藏的成因又主要來自於兩種因輻射線所引發的效應:單粒子翻轉(Single Event Upset)與單事件閉鎖(Single Event Latch-up)。單粒子翻轉的原理是電子裝置因輻射所發生非預期的狀態改變,可會導致系統錯誤,改變衛星執行的參數或是資料毀損。單事件閉鎖則是因為受到高能量的微粒子撞擊,導致的結果可能是硬體毀損或是電壓準位異常。幸運的是,因輻射所導致的大部分問題是可以被處理的,甚至透過正確的軟體的架構設計便能避免或降低其部分的損害,至於其他無法避免的情況,我們便需要透過其他的容錯設計來解決。
PHOENIX衛星的飛行軟體設計過程中使用了數種軟體容錯技術,例如軟體自我監測,看門狗計時器,還有資料備份,這些容錯技術能幫助衛星偵測並解決可能發生的錯誤。如此之外還搭載了一套容錯資料庫以作為軟體自我監測功能的輔助。地面上的使用者能夠透過更新這個資料庫內的問題處理腳本來讓衛星學會更多的容錯手段。這些的容錯設計皆是以如何有效應對輻射相關效應還有其餘常見錯誤為原則所進行開發。論文的最後呈現了一些測試的結果還有開發經驗的討論。
The research in space technology and small satellite development has become more prevalent in recent years. On-board flight software (FSW) should be able to handle subsystems with recovery capability in the presence of errors and faults. Fault Detection, Isolation and Recovery (FDIR) has become a key function when designing flight software. This thesis depicts the FDIR functions that are implemented in the On-Board Computer (OBC) of PHOENIX. 
For the QB50 mission, the main objective of PHOENIX is to conduct research with respect to the lower atmosphere and to study the atmospheric re-entry process associated with aerothermodynamics phenomena. According to this objective, two science payloads, the INMS and SolarEUV, are installed in PHOENIX. Instead of routine operation, the ground station has to upload scripts to control these two payloads. This increases the complexity of the on-board software. Thus, robustness and reliability become one of the main requirements of the FSW development. 
FSW is in charge of command validation and execution, mission scheduling, data reception, storage and downlinking, and maintaining satellite health. The OBC is also the interface for managing the communication between subsystems and payloads. The cause of system failure can be very complex, including software, hardware, and human factors. Besides human factors, many failures are caused by two primary effects of radiation: Single Event Upset (SEU) and Single Event Latch-up (SEL). SEU is a change of state in micro-electronic devices, which may cause system crash, behavior change, and data damage. SEL is a current caused by high-energy particle collision, which can damage devices. However, some of these failures can be prevented with the right software design, and we need to find solutions to handle the remaining failures.
PHOENIX CubeSat uses several FDIR methods including a software supervisor, watch dog timers, data redundancy, and so on, to scan important system parameters for potential failures and also to avoid data corruption. A FDIR library is designed to support the ability of the software supervisor to handle potential failures. Ground station is able to update this library by unloading scripts. These FDIR methods and strategies follow some guidelines, principles and a failure hierarchy in the engineering phase and are able to adjust to single events and other failure situations. Herein, some discussions and lesson learned are presented.
[1] NanoMind A712D-Datasheet, GOMSpace, 2014.
[2] R. Gumzej, Real-Time Systems' Quality of Service, 2010, pp. 63.
[3] P. Daniel, C. Siewiorek, G. Bell, and A. Newell et al., Computer Structures: Principles and Examples, 1982, pp. 155.
[4] W. Stallings, Operating Systems. Internals and Design Principles, 2009.
[5] T. Ritter, The Great CRC Mystery , 2009, pp. 26 - 34.
[6] M. R. Neilforoshan, "Fault Tolerant Computing in Computer Design," in Journal of Computing Sciences in Colleges, vol. 18, pp. 213 - 220, 2003.
[7] Remzi H, Andrea C, "RAID " Operating Systems: Three Easy Pieces, 2014.
[8] NanoPower P31u V8.0 Datasheet, GOMSpace, 2014.
[9] A. Heimann, "PHOENIX Thermal Simulation Report," PACE Lab, National Cheng Kung University, 2015.
[10] J. Zoutendyk, Estimating Rates of Single-Event Upsets, vol. 12, 1988, pp. 10.
[11] A. Corsetti, A. M. Ambrósio, M. d. Fátima, and M. Francisco et al., "Robustness Testing of Satellite Attitude and Orbit Control Systems: a Proposal Guided by Two Model Based Testing Methodologies," in Brazilian Symposium on Computing Systems Engineering , pp. 159 - 160, 2013.
[12] F. Samuel, T. J. Hishmeh, J. E. Doering, and J. Lumpp et al., "Design of Flight Software for the KySat CubeSat Bus," in Aerospace Conference , pp. 1 - 15, 2009.
[13] M. Greg, Fault Tolerant and Flexible CubeSat Software Architecture, Master Thesis, Electrical Engineering, California Polytechnic State University, 2011.
[14] U. Naftaly and R. Levy-Nathansohn, "Overview of the TECSAR Satellite Hardware and Mosaic Mode," in IEEE Geoscience and Remote Sensing Letters, vol. 5, no. 3, 2008.
[15] Y.-P. Tsai, Development of Mudular and Flexible Nano Satellite Flight Software, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2013.
[16] F. SalarKaleji and A. Dayyani, "A survey on Fault Detection, Isolation and Recovery Module in Satellite Onboard Software," in International Conference on Recent Advances in Space Technologies, pp. 545 - 548, 2013.
[17] T.-L. Kuo, Implementation and Test of a Microsatellite Flight Software, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2011.
[18] VKI. QB50 Project. Access Year: 2015; https://www.qb50.eu/
[19] J. Thoemel, "50 CubeSats for Multi-point, In-situ Measurements (QB50)," presented at the 3rd International Space Research Conference, 2014.
[20] R. A. Chaudery, QB50 INMS Science Unit Interface Control Document, Mullard Space Science Laboratory, University College London, 2014.
[21] T.-W. Tsau, Miniaturized Solar Extreme Ultraviolet Probe for CubeSat Missions, Master Thesis, Institute of Space and Plasma Sciences, National Cheng Kung University, 2015.
[22] L.-W. Chen, A. Heimann, E. Huang, T.-Y. Lin, Vina, J. Tsai, J. Vannitsen, T.-W. Tsau, et al., PHOENIX Design Overview, PACE Lab, National Cheng Kung University, 2015.
[23] L.-W. Chen and T.-C. Huang, "Implementation of the Fault Tolerance Module in PHOENIX CubeSat," in IAA Symposium on Small Satellites for Earth Observation, 2015.
[24] T.-Y. Lin, Design and Verification of the Control Procedure of Attitude Determination and Control Subsystem for Nanosatellite, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2014.
[25] Vina, Attitude Determination and Control Subsystem for PHOENIX CubeSat: Design, Implementation, and Testing, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2015.
[26] S.-H. Wu, "Pre-Mission Analysis and Architecture Design of Electrical Power Subsystem for 2U CubeSat," in IAA Symposium on Small Satellites for Earth Observation, 2015.
[27] E. Timmer, S. Speretta and M. Alvarez, TRxVU Interface Control Document, ISIS, 2014.
[28] J. L. Tresvig and T. Lindem, "Design of a Communication System for a Nanosatellite Space Weather Mission," in Aerospace and Electronic Systems Magazine, pp. 22 - 29, 2014.
[29] C.-S. Sun, Design and Implementation of Microsatellite Electrical Power Subsystem, Master Thesis, Department of Electrical Engineering, National Cheng Kung University, 2010.
[30] Quality RTOS & Embedded Software. Access Year: 2013; http://www.freertos.org/
[31] J. M. Erasmus, Generic Interface System User Manual, ISIS , 2011.
[32] Failure Modes, Effects and Criticality Analysis (FMECA), European Space Agency Standard MIL–STD–882, 1991.
[33] Y. Chen, L. Du, Y.-F. Li, H.-Z. Huang, and X. Li et al., "FMECA for Aircraft Electric System," in International Conference of Quality, Reliability, Risk, Maintenance, and Safety Engineering, pp. 122 - 125, 2011.
[34]	GitHub. Available: https://github.com/