## A SUBSTANTIAL EXPERIENCE IN SPACE AVIONICS

- some notes from 38 years in space business

Torbjörn Hult



## Data Handling H/W in the early 80-ies

- OTS, ECS, MARECS, TELECOM-1 and SKYNET satellites:
  - Telecommand Decoder unit (typically 9 boards)
  - Telemetry Encoder units (5 6 boards)
- TTC-A-01 and TTC-A-02 standards
  - 96 bit TC frames carrying 3 byte commands
  - TM frames with typically 128 or 256 bytes repeated to form a matrix with one column containing a frame counter and other columns sync and data
  - The OTS implementation did not have a PROM as PROMs were considered too immature in the 70-ies !



Credit: Saab Scania

## Introducing the OBDH bus

- The TTC-B-01 standard defines the bus
  - 32-bit interrogations and 13/21 bit responses
  - Transformer coupled using Litton coding
- ESA-funded developments:
  - Bus coupler connector including transformers (Dornier)
  - Bus interface hybrid (Crouzet)
  - Central Terminal Unit, CTU (Saab-Scania)
- First telecom satellites with OBDH bus:
  - TV-SAT/TDF/TELE-X (Spacebus-300 platform)







## Selected for the Hipparcos satellite





Credit: Saab Space

- Based on the TELE-X Data handling merged with the SPOT-1 OBC
- Some features
  - TC to the RTU directly to the OBDH bus
  - TC packets to the OBC S/W

### Software scheduling in the early 80-ies



1-311-30400

## 16-bit microprocessor in the DHS

- The discrete logic in the CTU was to a large extent replaced by an 80C86 microprocessor from Japan for the Eultelsat-2 family (Spacebus-2000 platform)
- The MAS-281 from GEC Plessey was introduced in SOHO and later used in the Spacebus-3000A platform
- The development of a 3 MIPS 1750 processor was then initiated by ESA due to the needs from the Hermes space shuttle.
  - Hermes was terminated in 1992 but the MA31750 was, after several chip revisions, a success and was used in ENVISAT, Meteosat Second Generation, the Spacebus-3000B platform, ATV, Rosetta and the PROTEUS platform
  - For SPOT-4 and the ENVISAT, an F9450 processor from Fairchild was used, but later replaced by MA31750 for METOP A-C

## Why was 31750 a success?

- It solved a problem that could not be solved by other technology available to European companies
- It was fairly simple to design and use the processor
  - It could also be used as radiation shielding ③
- There was adequate software development environment available for a long time

## 32-bit microprocessors

- Before Hermes was terminated it was realised that more than 3 MIPS was needed
- A workshop was held at ESA and the outcome was to initiate a development of a SPARC V7 based processor (ERC32) including a Software Development Environment
  - Ada compiler and debugger, Schedulability analyser, Scheduler simulator, CPU target simulator
- Saab Ericsson Space won the contract using 5 subcontractors
- One of the first designs using the ERC32 chip set has not yet been launched (European Robot Arm OBC) !!
- The rest is history and was presented by Jiri Gaisler at ADCSS 2017

#### **Technology trends, CPU performance**



#### Computers in most satellites



#### Ariane5 computers



- High error detection coverage
- Fast switchover (typically 50 ms)
- Context continuously exchanged over the I/O bus



Ariane5 computer (right)

Vega computer (left)



#### New Ariane5 computer

Credit: RUAG Space

#### Majority voting computers

Used in manned space applications (International Space Station, ATV)

### Example: Computers developed for the space shuttle Hermes

Intercomputer comm. links





- Errors are masked without functional interruption
- Very high reliability for short missions
- Every computer has dual processors for nominal and back-up mode

#### ATV had a separate monitoring computer





Credit: Saab Ericsson Space

- MSU (Monitoring and Safing Unit) supervises the docking process
- In case of hazardous event a Collision Avoidance Manoeuvre is carried out

## Rosetta, Mars Express, Venus Express computers





## Rosetta Main computer

 Two identical boxes with in total four computers, of which two are active at a time

| CPU:    | MA31750@8 MHz    |
|---------|------------------|
|         | 16-bit processor |
| Memory: | 2 MiByte         |
| Power:  | 20 W             |
| Mass:   | 9 kg             |



Credit: Saab Ericsson Space

# Why did ATV and Rosetta become so complex ?

- Several opinions about the architecture were introduced into the proposal requirements
- The cost impact of these opinions could not be handled during the negotiation and iterations of the system concept had to be done during the development
- ATV could have been implemented without the MSU if the fault tolerant computer pool would have been tolerant also to a software failure
- Rosetta could have been implemented with a classical CDMS and AOCS computer configuration

## How did SAVOIR start?

- Increasing cost pressure
- Desire to harmonise developments
- Reuse of hardware from project to project
  - Avoid discussions about CDMS and AOCS architecture implementations
- Reduce variability
  - The following slide initiated some discussions at ESA  $\ensuremath{\textcircled{\odot}}$

#### **Basic problem**, variability



#### CDMS basic blocks, school-book version



## Evolved into the ESA SAVOIR functional architecture



## **Discussions still remain**

- FDIR aspects in particular are prone to qualitative thinking without considering quantitative aspects, e.g.:
  - Landing the ExoMars Rover with de-flatable airbags required hot operating computers the last seconds of the landing
    - The probability of losing both computers before arriving at Mars is much higher than the probability of a failure during the last minute
  - Failures causing the loss of 50% of e.g. the payload are not accepted even they are very unlikely (< 1 fit)</li>
    - Introduces unnecessary complexity and quite a lot of extra hardware without improving the system reliability

# Some other terms you might not have seen or heard of before

- MACS bus
  - Modular Attitude Control System bus
  - A custom development intended to standardise the interface to AOCS units
  - No transformer coupling
  - Flown in a few satellites, ISO was the one I worked with
- Regulated square wave AC power
  - Used within the DHS and the payload in Hipparcos
- THOR microprocessor
  - Custom development by Saab Space, available 1993
  - Stack architecture with Ada RTS support in H/W
  - Flown in two Swedish satellites, Astrid 1 (1995) and Odin (2001)



## Why have these technologies not survived ?

- They were basically bottom-up approaches that had a "brilliant" basic concept that, although solving a specific problem, was not sufficient to motivate a long term existence of the product
- The MACS bus was too costly to maintain for the AOCS sensor and actuator suppliers, other links were selected
- For the AC power it simply turned out to be more complex than classical DC/DC converters, i.e. the trade-offs made were too optimistic
- THOR lacked a good software development environment and was never able to compete with commercial instruction sets

## Highlights during these 38 years

- Working together with skilled engineers from different countries
  - Co-engineering activities during B-phases are very efficient
- Experiencing a launch campaign on site at ESOC
  - With extensive work due to a satellite malfunction
- Rosetta wake-up after 10 years of travel to the comet
- Setback:
  - No live experience of a launch

