OBC tasks & logic - PW-Sat2/PWSat2OBC GitHub Wiki

OBC functionality from system PoV

From highest to lowest priority:

  • Survive
  • HouseKeeping gathering and sending
  • Emergency sail deployment after 40 days
  • Experiments

OBC assumtions

  • Only one experiment can run at any given time
  • Data is stored on memory until memory is full or OPER decide to delete it
  • Everything non-BUS is turned off unless OPER runs experiment
  • HouseKeeping is gathered and stored all the time
  • Beacon & HK data is send to earth all the time

Modes

Because everything except from BUS is turned on by OPER it turned out that if no experiment is running Normal mode becomes SAFE mode. Therefore, explicit normal mode is not necessary - PW-Sat2 is in SAFE mode unless instructed by OPER to run experiment. We call this mode SURVIVAL.

During experiment duration PW-Sat2 is in EXPERIMENT mode. EXPERIMENT mode is different from SURVIVAL that some BUS tasks (e.g. detumbling in SunPointing experiment) can be disabled. In case of any fail OBC switches back to SURVIVAL mode, aborting experiment.

State machine:

       #0               #1
RESET ------> SURVIVAL ------> EXPERIMENT
/\             |   /\              |
|      #X      |   |    #e  #x     |
|--------------|   |---------------|

Transitions

  • #0 - On reboot

EDAC on program memory, load program, BIOS, self-test

  • #1 - By OPER command

Enable experiment subsystems

  • #e - experiment finished correctly

Disable all sat payload, ensure correct SURVIVE state.

  • #x - any fail during experiment

Same as #e

  • #X - multiple successive fails

Power cycles, hopefully it will help

OBC tasks in SURVIVAL mode

  • BUS healthcheck (EPS, ADCS, COMM, ANT)
  • Make sure ANT are opened
  • Detumble
  • Gather HouseKeeping data into memory
  • Send critical TM in beacon
  • Decimate measurements and send TM packets
  • Listen for OPER commands

OBC FDIR for EPS

  • If any EPS controller doesn't respond on any command, after [TBD] minutes OBC sends to a working controller a commands sequence: emergency sail deployment. [TBC]

OBC FDIR for BUS subsystems

Following procedure will be applied for every critical (BUS) subsystem except EPS - COMM, ANT, ADCS

  • Every BUS subsystem will have associated error counter ErrCnt[device]
  • In case of any fail of particular device ErrCnt[device] will be incremented by ErrInc[device]
  • In case of correct communication ErrCnt[device] will be <- 0
  • When ErrCnt[device] >= ErrFailed[device] power cycle is performed
  • Both ErrInc[device] and ErrFailed[device] can be set (and stored on OBC) by OPER via TC (e.g. ErrInc[] = 0, which means that device has failed)

It is assumed that in case of multiple successive errors EPS will automatically deploy Sail - TBD.