Automated Synthesis of SEU Tolerant Architectures from OO Descriptions

SEU faults are a well-known problem in aerospace environment but recently their relevance grew up also at ground level in commodity applications coupled, in this frame, with strong economic constraints in terms of costs reduction. On the other hand, latest hardware description languages and synthesis tools allow reducing the boundary between software and hardware domains making the high-level descriptions of hardware components very similar to software programs. Moving from these considerations, the present paper analyses the possibility of reusing Software Implemented Hardware Fault Tolerance (SIHFT) techniques, typically exploited in micro-processor based systems, to design SEU tolerant architectures. The main characteristics of SIHFT techniques have been examined as well as how they have to be modified to be compatible with the synthesis flow. A complete environment is provided to automate the design instrumentation using the proposed techniques, and to perform fault injection experiments both at behavioural and gate level. Preliminary results presented in this paper show the effectiveness of the approach in terms of reliability improvement and reduced design effort

An expert system for satellite and instrument data anomaly and fault isolation

A prototype Generic Payload Operations Control System (GPOCC) is being developed at the NASA Jet Propulsion Laboratory to provide a low-cost command and control processing center for science instruments and small payloads. The GPOCC supports the difficult transition from integration and test to flight operations. The prototype will incorporate four expert systems to perform telemetry, command, and mission planning functions as well as telecommunications scheduling. The first of these expert systems to be developed will perform telemetry data analysis and fault isolation, as well as propose corrective action. This Data Analysis Module (DAM) will monitor telemetry data and perform continual data monitoring and trend analysis based on a knowledge base and historic data archived on an optical disk storage device. The system maintains a continuous knowledge database of past system performance characteristics. The goal of the Data Analysis Module is to achieve consistent, dependable and validatable performance, to demonstrate thorough, reliable and fast reasoning, and to reduce the concentration demanded of flight analysis personnel

Method and system for environmentally adaptive fault tolerant computing

A method and system for adapting fault tolerant computing. The method includes the steps of measuring an environmental condition representative of an environment. An on-board processing system's sensitivity to the measured environmental condition is measured. It is determined whether to reconfigure a fault tolerance of the on-board processing system based in part on the measured environmental condition. The fault tolerance of the on-board processing system may be reconfigured based in part on the measured environmental condition

A survey on online monitoring approaches of computer-based systems

This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use

Beyond Formal Methods for Critical Interactive Systems: Dealing with Faults at Runtime

International audienceFormal methods provide support for validation and verification of interactive systems by means of complete and unambiguous description of the envisioned system. They can also be used (for instance in the requirements/needs identification phase) to define precisely what the system should do and how it should meet user needs. If the entire development process in supported by formal methods (for instance as required by DO 178C [7] and its supplement 333 [8]) then classical formal method engineers would argue that the resulting software is defect free. However, events that are beyond the envelope of the specification may occur and trigger unexpected behaviors from the formally specified system resulting in failures. Sources of such failures can be permanent or transient hardware failures, due to (when such systems are deployed in the high atmosphere e.g. aircrafts or spacecrafts) natural faults triggered by alpha-particles from radioactive contaminants in the chips or neutron from cosmic radiation. This position paper proposes a complementary view to formal approaches first by presenting an overview of causes of unexpected events on the system side as well as on the human side and then by discussing approaches that could provide support for taking into account system faults and human errors at design time

A Component-Based Middleware for a Reliable Distributed and Reconfigurable Spacecraft Onboard Computer

Emerging applications for space missions require increasing processing performance from the onboard computers. DLR's project “Onboard Computer - Next Generation” (OBC-NG) develops a distributed, reconfigurable computer architecture to provide increased performance while maintaining the high reliability of classical spacecraft computer architectures. Growing system complexity requires an advanced onboard middleware, handling distributed (realtime) applications and error mitigation by reconfiguration. The OBC-NG middleware follows the Component-Based Software Engineering (CBSE) approach. Using composite components, applications and management tasks can easily be distributed and relocated on the processing nodes of the network. Additionally, reuse of components for future missions is facilitated. This paper presents the flexible middleware architecture, the composite component framework, the middleware services and the model-driven Application Programming Interface (API) design of OBC-NG. Tests are conducted to validate the middleware concept and to investigate the reconfiguration efficiency as well as the reliability of the system. A relevant use case shows the advantages of CBSE for the development of distributed reconfigurable onboard software

A unified approach to computer analysis and modeling of spacecraft environmental interactions

A new, coordinated, unified approach to the development of spacecraft plasma interaction models is proposed. The objective is to eliminate the unnecessary duplicative work in order to allow researchers to concentrate on the scientific aspects. By streamlining the developmental process, the interchange between theories and experimentalists is enhanced, and the transfer of technology to the spacecraft engineering community is faster. This approach is called the UNIfied Spacecraft Interaction Model (UNISIM). UNISIM is a coordinated system of software, hardware, and specifications. It is a tool for modeling and analyzing spacecraft interactions. It will be used to design experiments, to interpret results of experiments, and to aid in future spacecraft design. It breaks a Spacecraft Ineraction analysis into several modules. Each module will perform an analysis for some physical process, using phenomenology and algorithms which are well documented and have been subject to review. This system and its characteristics are discussed

Separation kernel robustness testing : the xtratum case study

With time and space partitioned architectures becoming increasingly appealing to the European space sector, the dependability of separation kernel technology is a key factor to its applicability in European Space Agency projects. This paper explores the potential of the data type fault model, which injects faults through the Application Program Interface, in separation kernel robustness testing. This fault injection methodology has been tailored to investigate its relevance in uncovering vulnerabilities within separation kernels and potentially contributing towards fault removal campaigns within this domain. This is demonstrated through a robustness testing case study of the XtratuM separation kernel for SPARC LEON3 processors. The robustness campaign exposed a number of vulnerabilities in XtratuM, exhibiting the potential benefits of using such a methodology for the robustness assessment of separation kernels.peer-reviewe