Article

How Much Fault Protection is Enough – A Deep Impact Perspective

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

For the deep impact project, a myriad of fault protection (FP) monitors, symptoms, alarms and responses is engineered into the spacecraft FP software, common and yet custom to the flyby and impactor mother-daughter spacecraft. Device faults and functional faults are monitored, which are mapped 1-to-n into FP symptoms, per instance of the fault. Symptoms are then mapped n-to-1 to FP alarms, further down mapped n-to-1 to FP responses. Though the final statistics of 49 monitors, 921 symptoms, 667 alarms, and 39 responses appear to be staggering, it remains debatable whether the amount of on-board autonomous fault protection is sufficient and friendly to operate

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Chapter
The subject of spacecraft fault detection, isolation, and recovery, also known as fault protection, is introduced along with standard terminology. A general description of a typical fault protection system is presented with a specific emphasis on the application to guidance, navigation, and control (GN&C) subsystems. The functions of a fault protection system for a notional three-axis controlled GN&C subsystem are presented as examples. Finally, the role of various types of redundancy and the desire for graceful degradation in the presence of failures in fault protection systems are discussed.
Article
The Deep Space One (DS-1) spacecraft launched aboard a Delta II rocket is the first step towards the bold task of testing and validating 12 new technologies for future missions. The launch also represented the successful test and validation of a 13th heretofore undisclosed technology. This article describes the process used to leverage model-based code generation from state diagrams and structural specifications to better respond to the evolving requirements and scope of DS-1's system-level fault-protection design, development, test and operation.
Conference Paper
This paper describes an innovative approach to spacecraft fault protection based on automatic code-generation techniques
Conference Paper
This paper describes how fault tolerance has been addressed in the design of the Attitude and Articulation Control Subsystem for the Saturn-bound Cassini spacecraft. Cassini's fault tolerance objectives have strongly influenced the subsystem's level of autonomy, and have motivated some significant improvements over the autonomous capabilities of previous interplanetary spacecraft. Autonomous fault tolerant behaviors have been embedded at several points in the object-oriented flight control software, including a dedicated set of failure detection, isolation, and recovery algorithms
Cassini Fault Protection Description Document, Internal Document D-11816
  • G M Brown
Brown, G.M., Cassini Fault Protection Description Document, Internal Document D-11816, Jet Propulsion Laboratory, Pasadena, CA, 1994.
Deep Impact: 19 Gigajoules Can Make Quite an Impression
  • T Bank
  • W Frazier
  • W Blume
  • D Kubitschek
  • G Null
  • N Mastrodemos
  • S Synnot
Bank, T., Frazier, W., Blume, W., Kubitschek, D., Null, G., Mastrodemos, N., and Synnot, S., " Deep Impact: 19 Gigajoules Can Make Quite an Impression, " Proc. 24 th AAS G&C (American Astronautical Guidance and Control) Conference, Breckenridge, CO, Jan. 31 – Feb.
Programmable Deep Space Autonomy: The First 25 Years
  • G M Brown
Brown, G.M., " Programmable Deep Space Autonomy: The First 25 Years, " Publication 97-18, Jet Propulsion Laboratory, Pasadena, CA, May 8, 1998.
The Deep Impact Mission: Opening a New Chapter
  • A Hearn
  • M Delamere
  • A Frazier
A'Hearn, M., Delamere, A., and Frazier, W., " The Deep Impact Mission: Opening a New Chapter in Cometary Science, " Proc. 51 st International Astronautical Congress, Rio de Janeiro, Brazil, Oct. 2-6, 2000.
Deep Impact Fault Protection Design Document (FPDD), Deep Impact Project Document (Internal Document), #SER DI-SYS-FP-020
  • K Bartlrop
Bartlrop, K., Deep Impact Fault Protection Design Document (FPDD), Deep Impact Project Document (Internal Document), #SER DI-SYS-FP-020, Jet
CDH (Command and Data Handling) (3) COM (Telecommunications) (4) ADCS (Attitude Determination and Control Subsystem) (5) PROP (Propulsion) (which is lumped into ADCS for DI FP design
  • System
System (spacecraft critical events, crosslink, command loss, safing) (2) CDH (Command and Data Handling) (3) COM (Telecommunications) (4) ADCS (Attitude Determination and Control Subsystem) (5) PROP (Propulsion) (which is lumped into ADCS for DI FP design) (6) INS (Science Instruments) (7) NAV (Auto-Navigation) (8) POWER (i.e. EPDS – Electrical Power and Distribution Subsystem) (9) THERM (Thermal) (10) MECH (Mechanical) REFERENCES
Deep Impact: ACS Fault Tolerance in a Comet Critical Encounter
  • K Barltrop
  • E Kan
  • J Levison
  • J Slonski
  • C Schira
  • K Epstein
Barltrop, K., Kan, E., Levison, J., Slonski, J., Schira, C., Epstein, K., " Deep Impact: ACS Fault Tolerance in a Comet Critical Encounter, " Proc. 25 th AAS G&C (American Astronautical Society Guidance & Control) Conference, Breckenridge, CO, Feb. 6-10, 2002.
Mars Pathfinder Fault Protection Description Document, Internal Document D-12808
  • S Franklin
Franklin, S., Mars Pathfinder Fault Protection Description Document, Internal Document D-12808, Jet Propulsion Laboratory, Pasadena, CA, 1996.
The deep impact mission: Opening a new chapter in cometary science
  • A 'hearn
  • M Delamere