Evaluation of anomaly and failure scenarios involving an exploration rover: a Bayesian network approach

Recent studies focused on the achievement of autonomy by spacecrafts, with the aim of avoiding the intervention of the ground control. In this sense, the ARPHA software prototype has been developed for the automatic failure detection, identification and recovery (FDIR), and is based on the on-board analysis of a Dynamic Bayesian Network (DBN) representing the system behaviour conditioned by the conditions of components and environment. In this paper, we describe the main functionalities of ARPHA, and we apply its FDIR capabilities to the power supply subsystem of an exploring rover, taking into account four scenarios leading to anomalies or failures. The DBN model of the system is described. Then, we test the execution of ARPHA, together with a rover simulator providing sensor data and plan data. In particular, we show the results of diagnosis, prognosis and recovery, returned by ARPHA when the scenarios occur

OMEGA “Correct Development of Real-Time Embedded

Supporting UML-based development of embedded systems by formal technique

FAME Process: A Dedicated Development and V&V Process for FDIR

In the frame of the European Space Agency (ESA) studies, Thales Alenia Space Italia is carrying out a research – FAME – in collaboration with Fondazione Bruno Kessler and Thales Alenia Space France. The objective of the FAME project is to define a dedicated FDIR development, verification and validation process that can address the issues and shortcomings of the current industrial FDIR development practices. The ultimate goal is to allow for the consistent and timely FDIR conception, development, and Verification & Validation. A parallel objective of the study is the development of a toolset supporting the Process and enabling a coherent definition, specification, development, and V&V of the FDIR functionalities. It started in September 2013 and ended in May 2014

Model Checking Satellite Operational Procedures

We present a model checking approach for the automatic verification of satellite operational procedures (OPs). Building a model for a complex system as a satellite is a hard task. We overcome this obstruction by using a suitable simulator (SIMSAT) for the satellite. Our approach aims at improving OP quality assurance by automatic exhaustive exploration of all possible simulation scenarios. Moreover, our solution decreases OP verification costs by using a model checker (CMurphi) to automatically drive the simulator. We model OPs as user-executed programs observing the simulator telemetries and sending telecommands to the simulator. In order to assess feasibility of our approach we present experimental results on a simple meaningful scenario. Our results show that we can save up to 90% of verification time

FAME: A Model-Based Environment for FDIR Design in Aerospace

The FAME environment is a model-based toolset that implements an integrated process for FDIR (Fault Detection, Isolation and Recovery) design, addressing the shortcomings of existing practices for FDIR development in aerospace. It is built on top of COMPASS, a framework for model-based design and verification, that provides several verification capabilities, including simulation, property verification, RAMS analysis (FTA, FMEA), diagnosability and FDIR analysis. The FAME environment supports FDIR design by providing functionality to define mission and FDIR requirements, fault propagation modeling using TFPGs (Timed Fault Propagation Graphs), and automated synthesis of FDIR models from TFPGs and FDIR requirements. The FAME environment has been developed within an ESA-funded study, and has been thoroughly evaluated by the industrial partners on a case study derived from the ExoMars project

An Integrated Process for FDIR Design in Aerospace

The correct operation of complex critical systems increasingly relies on the ability to detect and recover from faults. The design of Fault Detection, Isolation and Recovery (FDIR) sub-systems is highly challenging, due to the complexity of the underlying system, the number of faults to be considered and their dynamics. Existing industrial practices for FDIR are often based on ad-hoc solutions, that are conceived and developed late in the design process, and do not consider the software- and system-level RAMS analyses data (e.g., FTA and FMEA). In this paper we propose the FAME process: a novel, model-based, integrated process for FDIR design, that addresses the shortcomings of existing practices. This process aims at enabling a consistent and timely FDIR conception, development, verification and validation. The process is supported by the FAME environment, a model-based toolset that encompasses a wide range of formal analyses, and supports the FDIR design by providing functionality to define mission and FDIR requirements, fault propagation modeling, and automated synthesis of FDIR models. The FAME process and environment have been developed within an ESA-funded study, and have been thoroughly evaluated by the industrial partners on a case study derived from the ExoMars project