presentation-1 · title: presentation-1 author: austeeka created date: 7/13/2012 1:48:06 pm
TRANSCRIPT
Fault Detection Isolation Reconfiguration (FDIR) Scheme for
Star Sensor based Spacecraft
By Author: Austeeka Atri
1© 2012 The MathWorks, Inc.
By Author: Austeeka Atri
Control System Group, CDAD
ISRO Satellite Centre (ISAC),Bangalore-560017
Agenda
� Introduction
� Challenges
� Sensors and Actuator
� Table to Check Consistency Logic
2
� Flow Diagram of FDIR Scheme
� State space Simulink Model
� Typical Simulation Cases
� Advantages
� Conclusion
Introduction
� The main objectives of our work is to implement a FDIR scheme for
spacecraft where Earth Sensors are not available and in addition validate the
different logics of this scheme.
� Our FDIR scheme was generated based on some consistency logic check
3
and threshold limiting value of Star Sensors, Gyro, Actuators etc.
� The different paths of the FDIR scheme was confirmed using
Matlab/SIMULINK.
Challenges
� The major challenges we faced are listed below:
– Require a quicker simulation for any condition from a larger number of
possible combinations of input conditions.
– All the logics need to be checked and provide better insight and
4
All the logics need to be checked and provide better insight and
validation for a fail proof logic design.
– User friendly.
Attitude Control Block Diagram
ControllerControllerControllerController ActuatorActuatorActuatorActuatorSpacecraftSpacecraftSpacecraftSpacecraft
Attitude Attitude Attitude Attitude DynamicsDynamicsDynamicsDynamics
SensorSensorSensorSensor
+ -
Disturbance TorqueDisturbance TorqueDisturbance TorqueDisturbance TorqueAttitude AngleAttitude AngleAttitude AngleAttitude Angle
θθθθΘ Θ Θ Θ ref
5
SensorSensorSensorSensor
1. Earth Sensor
2. Sun Sensor
3. Star Sensor
4. Gyro1. Reaction wheels/Momentum
Wheels
2. Thrusters
3. Torquers
�
Sensors
Sensor Name Accuracy Comments
Earth Horizon Sensor Sun Sensor Star Tracker
Earth sensor Sun sensor
Star sensor
Gyro
6
Star Sensor 10 arcsec
Sun sensor 0.01 deg nominal Eclipse
Earth Sensor
GEO
LEO
0.1 deg
0.1 deg
2-axis
Gyro Gyroscope are device that sense rotation in three-
dimensional space
Actuator
� Actuators-Apply the torques needed to re-orient the vehicle to the desired
attitude
Actuator Specification Comments
REACTION WHEELTORQUER
7
Actuator Specification Comments
Torque Rods 20 Am^2
Reaction Wheels 15 Nms at 3300 rpm High Mass and Power, Momentum Dumping
Thrusters 11 N and 1 N Propellant limited, Large impulse
Expected Condition of Status
Status Dual SS Case (Both ON and SEL)
Star Sensor (SS1, SS2) �������� �������� �������� �������� �������� �������� �������� �������� �������� �������� �������� �������� �������� �������� �������� ��������
Gyro ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
Actuators ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
SSCC (���� for FAIL state) ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
SS1GCC (���� for FAIL state) ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
SS2GCC (���� for FAIL state) ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
8
SS2GCC (���� for FAIL state) ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
SS1RCC (���� for FAIL state) ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� - - - -
SS2RCC (���� for FAIL state) ���� ���� ���� ���� ���� - ���� ���� ���� ���� ���� ���� - - - -
Changeover to SS1, SS1CO ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
Changeover to SS2, SS2CO ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
SS Safe Mode Det, SS_SM ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� - - - -
*4Pi Safe Mode Det,
4Pi_SM
���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ����
Basic Logic
Sl No Consistency Check
for
Logic Condition
1 Star Sensor Consis. Chk
with SS1, SS2
SSCC = FALSE if |Qss1 ~ Qss2| > QTHsscc
2 SS1 Consis.Chk with Gyro SS1GCC = FALSE if |Qss1 ~ Qg| > QTHss1gcc
3 SS2 ConsisChk with Gyro SS2GCC = FALSE if |Qss2 ~ Qg| > QTHss2gcc
4 SS1 ConsisChk with Ref
Profile
SS1RCC = FALSE if |Qss1 ~ Qref| > QTHss1ref
5 SS2 ConsisChk with Ref SS2RCC = FALSE if |Qss2 ~ Qref| > QTHss2ref
9
5 SS2 ConsisChk with Ref
Profile
SS2RCC = FALSE if |Qss2 ~ Qref| > QTHss2ref
6 Changeover to SS2 SS2CO = TRUE if FSS1GCC=FALSE AND SS2GCC= TRUE
7 Changeover to SS1 SS1CO = TRUE if FSS1GCC=TRUE AND SS2GCC= FALSE
Variables:
QSS1=SS Head-1 Qs
QSS2=SS Head-2 Qs
Qg=Gyro Ref Qs
QTHsscc=Threshold value for Star Sensor Consistency Check
QTHss1gcc=Threshold value for Star Sensor-1 to Gyro Ref Consistency Check
QTHss2gcc=Threshold value for Star Sensor-2 to Gyro Ref Consistency Check
QTHss1ref=Threshold value for Star Sensor-1 to Ref profile to detect Atti. Loss
QTHss2ref=Threshold value for Star Sensor-2 to Ref profile to detect Atti. Loss
Reconfiguration Logic
Sl No Failure
Condition
Failure Detection Logic Action
1 SS-1 Failure SS1GCC=FALSE AND SS2GCC=TRUE
for all 3 Qs
Single Head Mode with SS2
2 SS-2 Failure SS1GCC=TRUE AND SS2GCC=FALSE
for all 3 Qs
Single Head Mode with SS1
3 Both SS Failure SS1GCC=FALSE AND SS2GCC=FALSE AND No SS updates, 4Pi Safe Mode
10
3 Both SS Failure SS1GCC=FALSE AND SS2GCC=FALSE AND
SSCC=FALSE
No SS updates, 4Pi Safe Mode
4 Gyro Failure SSCC=TRUE AND SS1RCC=FALSE AND
SS2RCC=FALSEAND SS1GCC=FALSE AND
SS2GCC=FALSE
Only 4 Pi Safe Mode if both SS failed
or one head failure
5 Actuator Failure SSCC=TRUE AND SS1RCC=FALSE AND
SS2RCC=FALSEAND SS1GCC=TRUE AND
SS2GCC=TRUE
Only 4 Pi Safe Mode if both SS failed
Flow Diagram of FDIR Scheme
11
Flow Diagram of FDIR Scheme
SSCC = T
SS1GCC=T SS1GCC=F
SS1GCC=TSS2GCC=F
N
N
SS1Failure
YN
Dual Head ?Y
SS1 EN ?
SS1GCC=T
Y
N
N
Single SSHead Modes
N
N
SS2 EN ?
SS2GCC=T Y
Both SSDIS
Y
N
Safe ModeSunAcq usingonly 4Pi
ResetSS1Fcount
Y
GFcount >LimN
SS1 upd DIS
Y
FDIR_Flag=TRUE
4Picount > LimitY
N
CONTINUEincr 4Picount
ActuatorFailure
SS1RCC=TY
N
ResetAFcount
Reset4Picount
4Pi SMFLAG +ve?
FDIR_FlagY
N
CONTINUE
FDIR_LogicENA/DIS
CONTINUE
EN
DIS
ResetGFcount
SetDualHead=N
Reset SS1FcountSS2Fcount
SS1Fcount &SS2Fcount >Lim
Safe mode Sun Acq using 4 Pi
Y
Flow Dia (1)
Flow Dia (2)
Flow Dia (3)
SS2GCC=T
12
SS2GCC=FFailure
SS2FailureY
Y NGyroFailure
GyroFAIL statusGyrosOFFReset GFcount
Y
SS1Fcount > Limit
SS1 upd CLOSEDReset SS1Fcount
SS1 Upd DIS
SS2 Upd DIS
SS2Fcount > Limit
N CONTINUESS1Fcount > Limit
SS1 upd
SS2 upd DIS
SS2Fcount > Limit
SS2 upd CLOSED
GyrolessModeusing SS,Wheels
SS2 upd CLOSEDReset SS2Fcount
Y
ResetSS2Fcount
Yincr GFcount
CONTINUE
CONTINUE
incr SS1Fcount
CONTINUE
incr SS2Fcount
N
N
CONTINUE
N
Y
CONTINUE
incr SS1Fcount
N
FDIR_Flag=TRUE
FDIR_Flag=TRUE
Y
FDIR_Flag=TRUE
ActuatorFailure
CONTINUE
SS1RCC=TY
SS DetectsSafe Mode
N
ACT FAIL statusWheelsOFFReset AFcount
ResetAFcount
AFcount >Lim
incr AFcount
Safe ModeSunAcq using4Pi, Gyros
CONTINUE
FDIR_Flag=TRUE
SS DetectsSafe Mode
Safe ModeSunAcq using4Pi, Gyros
FDIR_Flag=TRUE
Failure
CONTINUE
ACT FAIL statusWheelsOFFReset AFcount
AFcount >Lim
incr AFcount
CONTINUE
SS DetectsSafe Mode
Safe ModeSunAcq using4Pi, Gyros
FDIR_Flag=TRUE
incr SS2Fcount
ActuatorFailure
CONTINUE
FSS2RCC=TY
N
ACT FAIL statusWheelsOFFReset AFcount
ResetAFcount
AFcount >Lim
incr AFcount
CONTINUE
Closed
SS2 usable ?
SS1 usable ?
FDIR_Flag=TRUE
SS2 sel
FDIR_Flag=TRUE
SS1 sel
Flow Dia 2(a)
Flow Dia 3(b)
Flow Dia 3(a)
Flow Dia 2(b)
Safe mode Sun
Acq using only
4Pi
START
Flow Dia (1)
Incr 4Picount
4Picount>limit
CONTINUE
4PiSMFLAG
+ve
Reset
4Picount
N YY
N
13
CONTINUE
CONTINUE
CONTINUE
Flow Dia 2
FDIR_Logic
ENA/DIS
FDIR_Flag
FDIR_Flag=TRUE
Y
DIS
ENA
N
Dual HeadCONTINUE
Flow Dia.3
SSCC=TSet Dual
Head=NCONTINUE
Flow Dia.2b
Reset
SS1Fcount
SS2Fcount
SS1GCC=T
N
NCONTINUE
Y
Y
Y
N
Start Flow
Dia (2)
14FDIR_Flag=TRUE
Reset
GFcount
SS1RCC=T Reset
AFcountCONTINUE
CONTINUE
Actuator failure
AFcount>Lim Incr AFcount
Actuator Fail
status wheels off
reset AFcount
SS detect Safe
Mode
Safe Mode Sun Acq
using 4pi,Gyro
NCONTINUE
Flow Dia.2a
N
Y
Y
START
Flow Dia (3)
Single SS Head Modes
SS1 EN
SS1GCC=T
SS1 upd DIS
Reset
SS1FcountSS2 EN Continue
Both SS DIS
N
N
N
Y
YContinue flow dia
3(a)
Y
15
SS1 upd DIS
SS1FAILcount>Lim
SS1upd CLOSED
FDIR_Flag=TRUEFDIR_Flag=TRUE
Incr SS1Fcount
SS2GCC=T
SS2 upd DIS
SS2FAILcount>Lim
SS2upd CLOSED
Reset
SS2Fcount
Continue flow dia
3(b)
Incr SS2Fcount Continue
Continue
N
N
N
Y
3(a)
Y
START
Flow Dia 3(a)
Reset AFcountSS1RCC=T Continue
NActuator
Failure
Y
16
Incr AFcount AFcount>Lim
Actuator Fail Status
wheel OFF Reset
AFcount
SS detect Safe
Mode
Safe Mode Sun Acq
using 4pi,GyroFDIR_Flag=TRUE
Continue
START
Flow Dia 3(b)
SS2RCC=TContinue
Reset AFcount
Actuator
Failure
Y
N
17
Incr AFcount
AFcount>Lim
Actuator Fail Status
wheel OFF Reset
AFcount
Continue
SS detect Safe
Mode
Safe Mode Sun Acq
using 4pi,GyroFDIR_Flag=TRUE
START
Flow Dia 2(a)
SS1GCC=F
Y
18
N
Gyroless Mode
using SS wheels
FDIR_Flag=TRUE
GFcount>Lim
Incr AFcount
Continue
Gyro FAIL status
Gyros OFF Reset
GFcount
Gyro FailureY
START
Flow Dia 2(b)
SS1GCC=F
SS2GCC=T
SS1 Failure
SS1GCC=T
SS2GCC=F
SS1 Sel
SS2 FailureY
N
Y
SS2 Sel
N
Set Dual
Head=N
19
Y
N
SS1 Sel
SS1 upd DIS
SS1upd CLOSED
Reset SS1Fcount
Incr SS1FcountContinue
Y
N
SS2 upd DIS
SS2FAILcount>Lim
FDIR_Flag=TRUE
SS2upd CLOSED
Reset SS2Fcount
Incr SS2Fcount
SS2 Sel
FDIR_Flag=TRUE
SS1FAILCount>LimContinue
Block Schematic
... Output
Display.. .. ..
20
. . .. .Input
Input value:
(0): for fail state
(1):for okay state
State flow/Simulink Environment
Double click these constantblocks to switch the value
between 0(fail state) and 1(okay state)For FourPi_SPS_ASS
changeover will be automatically
Demo of a Stateflow Failure Detection,Isolation, Reconfiguration Scheme
for Star Sensor based Spacecraft
ss2_selection_display
ss1selection_display
both ss1_ss2_selection_display
Single_head_display
1
SS2
0
SS1
SAFE_Mode_SA_FourPi_alarm
Output
1
f sscc
f ss1gcc
f ss1rcc
f ss2gcc
Saf EMODE_SA_FOURPI_alarm
dual_head_select
Single_head
SS1_select
SS2_select
both_ss1_ss2_head
SMSA_alarm_on
ss1select_alarm
ss2select_alarm
singlehead_SMSA_4pi_gy ro_alarm
changeov er_to_ss1
changeov er_to_ss2
ss1
ss2
actu
f sscc_state
f ss1gcc_state
f ss2gcc_state
f ss1rcc_state
FSSCC_display
FSS2GCC_display
FSS1GCC_display
Dual Head_Selection
0
Actuator
21
ss2_update_close_alarm
dualhead_ss2_select_alarm
dualhead_ss1_select_alarm
dualhead_bothss1_ss2_fai lure_alarm
Singlehead_actuator_ss2_alarm
Singlehead_actuator_ss1_alarm
1
SS2_update_En/Dis
SS1_update_close_alarm
1
SS1_update_En/Dis
Reconfiguration_Output
O/P of FourPi
Gyro
FourPi_SPS_ASS
f ss2rcc
dual_head
ss1
ss2
f our_pi
GYROLESS_MODE_alarm_on
ss1select_alarm
ss2select_alarm
ss1_ss2_f ail_alarm
singlehead_SMSA_4pi_gry o_alarm
singlehead_GYROLESS_MODE_alarm_on
ss1_UPDATE_close_alarm
ss2_update_close_alarm
Faliure Detection and Isolation
singlehead_GYROLESS_MODE_alarm_on
ss1_ss2_f ail_alarm
ss1_UPDATE_close_alarm
ss2_update_close_alarm
f our_pi
trigger_FPSM
changeov er_to_4pi_saf emode
Failure Reconfiguration scheme
gy rof ss2rcc_state
Failure Generation
FSS2RCC_display
FSS1RCC_display
Dualhead_Gyro_mode_alarm_on
Dualhead_Actuator_alarm_on
1
Dual Head
Typical Test Cases
Sl No Condition Output Remarks
1 SS1=����
SS2=����
Gyro=����
Actuator=����
All okay condition Figure-1
2 SS1= ����
SS2=����
Gyro=����
Actuator=����
Single Head Mode with SS2 Figure-2
22
3 SS1= ����
SS2=����
Gyro=����
Actuator=����
Single Head Mode with SS1 Figure-3
4 SS1= ����
SS2=����
Gyro=����
Actuator=����
Only 4 Pi Safe Mode if both
SS failed or one head failure
Figure-4
5 SS1= ����
SS2=����
Gyro=����
Actuator=����
Only 4 Pi Safe Mode if both
SS failed
Figure-5
Simulation Results: Case (1)
23
Simulation Results: Case(2)
24
Simulation Results: Case (3)
25
Simulation Results: Case(4)
26
Simulation Results: Case(5)
27
Advantages of FDIR Scheme and Simulink Stateflow Environment:
� FDIR Scheme are used in Spacecraft so to aim at maintaining the safe
spacecraft operations even when fault occur. Such modes are entered without
intervention from ground controller.
� FDIR Systems are considered to ensure the safety and to increase the
28
autonomy of spacecraft.
� Stateflow provides the language elements required to describe complex logic
in a natural, readable and understandable form.
� Permits rapid and robust coding directly from the visual description and
accompanying Event Action Table
Conclusion
� We were successful in implementing this scheme and check the different
cases of failure using the State flow/Simulink model.
� This scheme was implemented in MeghaTropique Spacecraft and
successfully ground tested.
29
successfully ground tested.
� Stateflow/Simulink model has help to simulate and analyse our system. It has
also allowed us to check all the multiple path accuracy in the flow chart in a
minimal time and efficiently.