1 / 7

Design Verification of MSL Second Chance

Design Verification of MSL Second Chance. What is MSL Second Chance? Some Design Details Verifying the Design Summary Questions. Pradip Maitra TASC Pradip.Maitra@ivv.nasa.gov. What is Second Chance (SECC)?.

garron
Download Presentation

Design Verification of MSL Second Chance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Design Verification ofMSL Second Chance What is MSL Second Chance? Some Design Details Verifying the Design Summary Questions Pradip Maitra TASC Pradip.Maitra@ivv.nasa.gov

  2. What is Second Chance (SECC)? • MSL has 2 Flight Computers (FC-A and FC-B) normally loaded with the same flight software (FSW) image. • Only FC-A is ON during Cruise and Surface Ops. • During EDL, the FC-B is also turned ON. • FC-B executes a different FSW image during EDL. • This FC-B image monitors FC-A state and actions. • If FC-A misbehaves, FC-B takes over control and resumes EDL operation within 1-2 seconds. • This was the intent of MSL Second Chance (SECC).

  3. Design Details • 134 Second Chance requirements in addition to original 4446 FSW requirements. • Principal guidelines: • Do not harm existing FSW functionality as it is going to get changed to accommodate Second Chance. • SC Image will not share normal FSW image banks. • SC Functionality can be deactivated in the last moment. • SC Image will be uploaded 2 weeks before EDL. • SC Image will be forgotten immediately after landing.

  4. Design Details

  5. Verifying the Design • Reset Scenario Analysis. • Does any SECC requirement violate EDL Timeline? • How capable is SECC image in resuming EDL? • How SECC image interfaces with FSW environment? • SECC image upload and booting into it. • Unintended Enabling/Disabling/Arming SECC image. • Verifying receipt of “Prime in distress” event. • Where SECC image is being stored and can it affect normal FSW boot sequence? • Verifying successful removal of SECC image after landing.

  6. Swim lane example: Verifying the Design

  7. Summary • The design verification work had uncovered a few problem areas that were judged to be of very low probability of occurrence. • JPL conducted a high resolution simulation of FC-A failures during different time points of EDL. Their simulation also found that not all possible failure periods can be covered using a 1.5 to 2 seconds recovery time.

More Related