Experimental results of a terrain relative navigation algorithm using a simulated lunar scenario

This paper deals with the problem of the navigation of a lunar lander based on the Terrain Relative Navigation approach. An algorithm is developed and tested on a scaled simulated lunar scenario, over which a tri-axial moving frame has been built to reproduce the landing trajectories. At the tip of the tri-axial moving frame, a long-range and a short-range infrared distance sensor are mounted to measure the altitude. The calibration of the distance sensors is of crucial importance to obtain good measurements. For this purpose, the sensors are calibrated by optimizing a nonlinear transfer function and a bias function using a least squares method. As a consequence, the covariance of the sensors is approximated with a second order function of the distance. The two sensors have two different operation ranges that overlap in a small region. A switch strategy is developed in order to obtain the best performances in the overlapping range. As a result, a single error model function of the distance is found after the evaluation of the switch strategy. Because of different environmental factors, such as temperature, a bias drift is evaluated for both the sensors and properly taken into account in the algorithm. In order to reflect information of the surface in the navigation algorithm, a Digital Elevation Model of the simulated lunar surface has been considered. The navigation algorithm is designed as an Extended Kalman Filter which uses the altitude measurements, the Digital Elevation Model and the accelerations measurements coming from the moving frame. The objective of the navigation algorithm is to estimate the position of the simulated space vehicle during the landing from an altitude of 3 km to a landing site in the proximity of a crater rim. Because the algorithm needs to be updated during the landing, a crater peak detector is conceived in order to reset the navigation filter with a new state vector and new state covariance. Experimental results of the navigation algorithm are presented in the paper

Early Dependability Analysis of FPGA-Based Space Applications Using Formal Verification

SRAM-based FPGAs are increasingly attractive in the aerospace industry for their field programmability and low cost. Unfortunately, they suffer from cosmic radiation induced Single Event Effects (SEEs). In safety-critical applications, the dependability of the design is a prime concern since failures may have catastrophic consequences. Hence, an early analysis of dependability of such safety-critical applications will enable designers to develop systems that meet high dependability requirements, such as the DO-254 standard. In this thesis, we propose a high-level dependability and performability analysis methodology based on probabilistic model checking. Compared to the pen-and-pencil and discrete-event simulation approach, our methodology is more accurate due to the use of an automated formal verification technique. Moreover, compared to fault injection or beam testing, analysis at early design stages can guide designers to build more reliable designs reducing the overall cost and effort. The proposed methodology can perform three different types of analysis: evaluation of available design options, optimization of scrub intervals while satisfying its design assurance level requirements, and optimal partitioning of Triple-Modular Redundant (TMR) Systems. Such analysis can also guide designers to adopt proper mitigation technique(s), such as rescheduling, TMR, TMR with less frequent scrubs, or even can help to decide the number of TMR partitions for a given scrub intervals. Starting from a high-level description of a system, based on the preferred analysis, a Markov model or Markov (reward) model is constructed from the extracted Control Data Flow Graph (CDFG) and the failure/mitigation parameters for the targeted FPGA. Such modeling and exhaustive analysis elaborated using a probabilistic model checking technique can capture all the failures and repairs possible (according to some general model) in the system within the radiation environment. To illustrate the applicability of the proposed approach, we present our quantitative analysis obtained from DSP benchmark circuits