Speakers
Mr
A. Guiotto
(TAS-I)Mr
M. Bozzano
(FBK)
Description
Activity: TRP
ESA TO: Mr. Yuri Yushtein - Software Systems Division
During FAME study, a FDIR Development and V&V Process has been defined and Failure and Anomaly Management Engineering (FAME) Environment has been developed to support the process. The FAME process is technology-independent and covers phases B, C, D. It is composed by the following activities:
• Analyze User Requirements composed by the following tasks:
• Define RAMS and Autonomy Requirements
• Build Mission Phase/Spacecraft Operational Mode matrix
• Define Partitioning/allocation composed by the following tasks:
• Define Partitioning/allocation
• Define Architecture
• Define FDIR objectives and strategies composed by the following tasks:
• Define FDIR objectives
• Define FDIR strategies
• Perform Timed Fault Propagation Analysis composed by the following tasks:
• Specify TFPM
• Analyze TFPM
• Design composed by the following tasks:
• Define detailed FDIR implementation
• Define Detailed SW Specification
• Define Detailed Spacecraft Data Base specification
• Implement FDIR, V&V
• Implement FDIR composed by the following tasks:
• Validate and verify at Unit level
• Validate and verify at Subsystem level
• Validate and verify at System level
The FAME environment is developed on top of, and extends, the COMPASS approach and toolset. The main ingredients and functionalities provided by the FAME environment are:
• Modeling and verification framework inherited from COMPASS. This includes: use of formal models, written in the SLIM language, for nominal models, error models and FDIR models; model extension and fault injection to automatically extend the nominal models with error specification; definition of properties using property patterns; formal verification techniques, based on model checking, that cover a broad range of activities (functional verification, safety assessment, FDIR effectiveness analysis, performability analysis, etc.)
• Definition of mission phases and operational modes, mission requirements and FDIR requirements, to specify the desired requirements on the FDIR
• Modeling of fault propagation using TFPGs (Timed Failure Propagation Graphs)
• Analyses of TFPGs
o Behavioral validation, to check compliance of a TFPG with respect to a SLIM model
o Effectiveness validation, to check suitability of a TFPG for implementing a diagnoser
• Automatic synthesis of a TFPG from a model. (This feature is currently under implementation.)
• Automated synthesis of an FDIR model
o Synthesis of an FD model from a TFPG
o Synthesis of an FR model, using conformant planning routines
