S1.6 Requirements: KnightSat C&DH

Requirement Source Verification Source Document

Test/Analysis Number

S1.6-1 Provide reliable, real-time access and control of input/output (IO) devices

S1.6-2 Provide modular, adaptable and scalable computational interfaces between all IO devices and computers

S1.6-3 Provide sufficient computing resources for execution of all required system processes (excluding payloads)

S1.6-4 Provide sufficient, error corrective storage for system data logging and payload data storage

S1.6 Design: KnightSat C&DHRISK

Y

Architecture

S1.6 Design: KnightSat C&DH

• Physical Characteristics– Intel XScale PXA255 processing bank– Mass TBD, 12.5cm x 12.5cm x 2cm main

computer box, X” aluminum shielded– XX connector interface to IO bus

• Performance Characteristics– 2.6 Watts main computer board– TBD MBs modular NAND flash storage bank– Combined 600MHz modular MCU bank – Software controllable sleep/idle/active modes

per power block– CAN based distributed heterogeneous

network– Network monitor defaulted ON when power

applied; independent module activation as needed

RISK

Y

S1.6 Design: KnightSat C&DH

• Hardware status– CAN network functionality tests –done*– Network based IO access tests -done*– PXA255 functionality under Linux -done*– Software cross-compilation procedures -done*– Network Controller functionality tests –TBD**– PXA255/Network Controller integration tests –

TBD**– Storage bank prototyping and testing –TBD**– Network redundancy and failure tolerance tests

–TBD**

*Completed as part of FUNSat `05 Project**To Be Done

RISK

Y

S1.9 Requirements: KnightSat Software

Requirement Source Verification Source Document

Test/Analysis Number

S1.9-1 Provide a scalable and reliable inter-process communication mechanism

S1.9-2 Provide a scalable, reliable, and real-time process/IO communication mechanism

S1.9-3 Provide reliable and adaptive control software to fulfill each individual subsystem’s tasks

S1.9-4 Provide a standard data exchange mechanism between individual subsystem tasks

S1.9 Design: KnightSat Software

• ARM v5TE / AVR Assembly and C/C++ Programming Languages

• GNU Linux based on the 2.6.x kernel• Intel XScale architecture on a distributed

heterogeneous network• Loosely-coupled processing load

distribution• CVS based software development

RISK

Y

G = low risk Y = medium risk R = high risk NA = N/A

C&DH

Software

… … … … … …

Performance G G

Schedule Y Y

Cost G G

Safety G G

Testing G Y

Manpower Y Y

Facilities G G

Overall Subsystem Assessment Y Y NA

Program/Subsystem Risk Assessment

C&DH Detailed Requirements

Subsystem / Component Requirements Method

1.6-1 –Provide reliable, real-time access and control of input/output (IO) devices

A software control process must be able to communicate with its associated IO device(s) with minimal transmission delays

Design, Test, Analysis

The data exchange medium must have a high tolerance to electrically harsh environments (ie. EMI, radiation, etc.), having a bit error rate of no more than 10^-6 ppm.

Test, Analysis

Each IO node must be individually addressable and any two nodes (ie. computer to IO device) must be able to directly address each other without a master node coordinating the transmission. The node addressing scheme must support message prioritization.

Design

1.6-2 –Provide modular, adaptable and scalable computational interfaces between all IO devices and computers

Each individual network node interface must have minimal power consumption and each node must be easily inserted/removed on the network without interrupting pre-existing communications

Design, Test

Critical IO devices (ie. Star tracker, thruster, etc.) must have redundant interfaces to ensure device network availability at all times

Design, Test

Each network node must be able to operate without specific knowledge of the network topology Design

1.6-3 –Provide sufficient computing resources for execution of all required system processes (excluding payloads)

Any subsystem task and its corresponding processes must be able to execute when required and all of its requirements (ie. Real time access to thrusters) must be met

Design, Test, Analysis

C&DH Detailed Requirements

Subsystem / Component Requirements Method

1.6-4 –Provide sufficient, error corrective storage for system data logging and payload data storage

A sufficiently large memory space must be provided in which to store subsystem status data and payload data for downlink

Design, Analyze

The storage system must implement periodic EDAC to at least successfully detect two bit errors and correct one bit errors

Design, Test

C&DH

Risk element Description Proposed Mitigation

Bus Overrun Events

•A network node fails electrically and holds bus lines at fixed levels•A network node logically locks on transmission status

•Perform extensive complete network tests to detect possible failures•Implement an active monitoring system to monitor bus activity and isolate defective nodes

Storage Bank Module Failure

•A memory sector within the storage bank fails due to an SEU or to prolonged radiation exposure•A memory sector randomly fails due to poor component manufacturing or write cycle limits

•Conduct extensive product research and manufacturing processes analysis•Conduct prolonged memory usage (read/write cycles) tests•Design and implement a defective sector identification and memory remapping mechanism•Design and implement a redundant storage mechanism

Detailed Risk Assessment / Mitigation