Embed Size (px)
Citation preview
Developing NASA’s Fault Management Guidebook for
Deep Space Robotic Missions
Lorraine Fesq and Raquel Jacome Jet Propulsion Laboratory, California Institute of Technology Flight Software Workshop December 16-18, 2014 California Institute of Technology Annapolis, MD Copyright 2014 California Institute of Technology. Government sponsorship acknowledged. The research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration.
FM By Any Other Name…
• Names for this discipline: ISHM, FP, IVHM, SHM, RM, FDIR, Hazards/Aborts/C&W, HUMS, PHM
2
2010-2012: Developed NASA’s Fault Management Handbook
Goal • Ameliorate schedule/cost/predictability challenges of testing/operating FM systems • Improve reliability and safety of NASA’s flight and ground systems • Coalesce the FM field
3
Scope • Outline scoped to address needs of
Agency – crewed and robotic missions
• Robotic emphasis in Version 1, due to SMD co-funding
• Suggested use as “companion” to SE Handbook
http://www.nasa.gov/offices/oce/documents/2012_fm_workshop.html
Presenter
Date Release of Draft FM Handbook
4
• Draft 1 Released July 2011 • 1113 comments (NTSPO record) • 283 dispositioned by Handbook Lead
Ø Easier comments that could be addressed individually were tackled first
Ø 400-500 due to Handbook not representing diverse views of FM across NASA
Current Status: Draft 2 released 4/9/12.
10#
73#
4# 3#
220#
172#
297#
54#
280#
0#
50#
100#
150#
200#
250#
300#
350#
JSC#
GRC#
GSFC#
KSC/S&MA#
MSFC#
WSTF#
ARC# JPL
#NESC#
#"of"com
men
ts"
Number"of"Comments"per"Center"
Lesson Learned: Diverse FM views across NASA. Comments cannot be dispositioned by one person or one Center – requires discussions/consensus among people in the discipline, across the Agency Plans: Refocused effort to develop “chapter” for each mission type, to be incorporated into NASA FM Handbook
Take 2: Developing a Deep Space FM Robotic Guidebook
• Motivation – Ad hoc implementations and incomplete existing
guidance – Issues from attempt to develop NASA-wide FM
Handbook (NASA-HDBK-1002) • Final product will be applicable across NASA,
but focused on FM for deep-space robotic missions – Hosted on the NEN FM Community of Prac:ce web site
• Intent is to leverage existing guidance into a more structured and useful form – Adding more “why” and “how” to current
descriptions • Funded by OCE
5
Perspec've: Other Organiza'ons are Developing FM Guidance
Other organizations recognize the need to develop FM guidance for their teams and stakeholders • APL
– Developed a process description for fault protection June 2009 • QY3-660, Fault Management Engineering Process
• SAE – Formed IVHM committee June 2010 to develop cornerstone
aerospace Recommended Practice document • Developed a book/standard on IVHM: Perspectives on an Emerging Field
• IEEE – Developing a Prognostics and Health Management Standard
• Aerospace Corporation – Developed guidelines for Earth-orbiting spacecraft
• Aerospace Report No. TOR-2009(8591)-14, Effective Fault Management Guidelines, 5 June 2009
• Aerospace Report No. TOR-2012(1302)-13, Proposed Satellite System Safe Mode Standard, August 1, 2012 (Draft) 6
FM Process and Phase “Spider” Diagrams
7
Pre-Phase A Phase A Phase C Phase D Phase E
Preliminary Design Cycle Final Design Cycle
Implementation
Requirements
Design
Trades/Analysis
Policy
Architecture
V&V Development V&V Execution
prelim final upd
prelim final exceptions
exceptions
Conceptual Design
Failure Space
Requirements
Design
Trades/Analysis
Failure Space
updates
MCR MDR PDRKDP A KDP B KDP C
CDR SIRKDP D
ORRKDP E
Phase B
V&V Planning
Thu Oct 10 2013
Sample Task Descrip'on
8
9
Example Ar'facts and/or Template • Safing design demonstrates how all systems/subsystems coordinate to produce “safe”
end state • Fault Coverage/Mi:ga:on List
• This is customizable for each mission but is should include the faulted func:on, the symptom, the mi:ga:on (or preven:on steps), and where the mi:ga:on is being done.
O Return to Derive Preliminary FM Design and Map into failure space
B.TSD.03: Derive Preliminary FM Design and Map into failure space SE Function: Technical Solution Definition Phase: B
comments
model error in attitude estimator
newbie specifies -Z instead of +Z
designers: prevent fault
h/w item (if applicable)
faulted function
medium, before attitude exceeds thermal rqmts
response timeliness:
detect somehow and swap clocks
avionics clock
medium, before attitude exceeds thermal rqmts
n/a
Fail to maintain attitude
3
Item #
clock runs slow
fault tree
incorrect parameter
command bad parameter
mitigation
tweak code?
mission operators: prevent fault
extensive testing fault tree
fault injection method
n/aonboard FP: system response
onboard FP: local response
quick, before it affects users
4 fault tree
Fail to maintain attitude
FFA
command incorrect vector
cause
medium, before attitude exceeds thermal rqmts
Fail to maintain attitude
offsun angle monitor calls safing to sunpoint
1
2
flight rule: double check parameter values
identified where?
external oscillator
n/a
allocated to whom?
wonky oscillator
Guidebook Naviga'on
10
Purpose and Plan
• Product purpose – Field-guide for engineer – Manager’s planning tool – The Deep Space Robotic chapter of the FM
Handbook – Companion to the NASA Systems Engineering
Handbook • Plans
– Completion: Early CY 2015 – Posted on NASA Engineering Network on Fault
Management Community of Practice https://nen.nasa.gov/web/faultmanagement/home
11
