1. Technical Field
The present invention relates generally to fault detection, identification and recovery in spacecraft; and, specifically, it relates to on-board systems which not only provide autonomous fault and onset detection and identification, but also support autonomous correction and recovery.
2. Related Art
Conventional software and hardware systems found within spacecraft, e.g., satellites, rockets, etc., continue to exhibit increasing degrees of complexity. This results in spacecraft systems which are very difficult to monitor and control from earth. To monitor a conventional spacecraft's performance from earth, large streams of data must be continuously transmitted from the spacecraft to a conventional ground support system for analysis. To attempt controlling or corrective action, the ground support system performs such analysis in real time.
If a fault or an onset of a fault is detected in spacecraft data streams during analysis of the spacecraft data stream, the ground support system responds by attempting to isolate the cause of the fault, and selects and transmits instructions (hereinafter "command sequences") to the spacecraft to attempt to recover from the fault. Through continuous monitoring and analysis of the spacecraft data stream, the ground support system determines the success or failure of the selected command sequences.
If the cause of the fault (or fault onset) is incorrectly isolated, command sequences transmitted may not only fail to correct the fault, but may also compound or create additional faults. As a result, the ground support system attempts to generate a new command sequence to attempt to recover from the previous command sequence transmitted as well as the original fault condition.
Conventional ground support personnel create command sequences for a ground based system in a ground based test configuration (hereinafter a "test bed"). Generated command sequences are verified to solve particular faults that might occur in the spacecraft systems during a mission. These verified command sequences are then called upon when determined to be needed to correct a detected fault condition as previously discussed. However, the generation of faults in the test bed, no matter how thorough, may not result in the identification of all possible spacecraft faults. Thus, numbers of highly trained, ground based personnel often have to step in to attempt to diagnose a fault condition and generate a command sequence in hopes of correcting the problem. And, of course, not all faults lend themselves to recovery.
Compounding matters, communication propagation times and available bandwidth constraints along with ground support and spacecraft processing times often yields a control feedback system that is very difficult to stabilize. In attempts to address such problems, conventional spacecraft systems are designed to enter a "safe state" upon detecting severe operating conditions. In the safe state, the spacecraft awaits ground based diagnosis and command sequences while attempting to minimize (further) damage to spacecraft systems. Moreover, during such times, the mission may be jeopardized merely as a result of entering the safe state.
To accommodate conventional spacecraft, base support systems require very complex and costly processing systems capable of receiving and processing real time spacecraft data streams. They must also rapidly identify, isolate and attempt to recover from faults. As a design goal, conventional base support systems should recover a spacecraft from all encountered faults. As can be appreciated with such conventional designs, this goal is not easily met.