How Do I Rate This?
The blue stars show the average user rating for this item. To add your own rating, move your cursor over the stars to highlight them in gold, and click to show your rating. One star highlighted is the lowest rating, all five is the highest. Once you have rated an item, your rating is added to the average.
Mission System Software and Avionics
Software and avionics enable core mission capabilities such as commanding and fault protection, and critical mission functions such as entry, descent and landing, as well as emerging capabilities such as science event detection and response.
Mission system software and avionics, and autonomous capabilities in particular, have always been a central part of JPL missions, going back to the days of assembly programming languages, kilobits of memory, and feeble (by today’s standards) central processing unit (CPU) performance.
A spacecraft and mission system’s ability to plan, act, react and generally accomplish science and other mission objectives resides partly in the minds and skills of the engineers who designed these systems, partly with the operators who command them, and partly in the flight and ground software and computers that implement the intended functionality.
Success has historically depended on an ability to predict the relevant fine details of remote environments well enough to perform the mission safely and effectively. Deep-space missions often have the additional challenge of operating in remote and poorly understood environments. The flight project team must be prepared to encounter unexpected issues and must implement contingency plans that typically include a generalized response to reliably secure the spacecraft and mission until problems can be solved.
Because science investigations are expected to deliver increasingly exciting results and discoveries, necessitating more complex systems, engineering designs must adapt by improving the functionality of mission software and the performance of the computers that host this software. Mission software and avionics have thus become more sophisticated in order to meet the needs of science and exploration missions.
Enhancing security has also become an important consideration in system design and operation, increasing system and software complexity and significantly impacting performance requirements.
Cost effectiveness, as well as continuous reliability enhancement, in the face of increasingly complex systems and exponential software growth requires that mission software and computing solutions address multiple missions, i.e., capabilities developed for one mission should be equally relevant to other missions and reusable, especially for missions within the same general class, e.g., orbital or surface missions.
Mission system software and avionics have the potential to advance rapidly and must do so to support next generation space science and exploration goals. Advances in system software engineering and related areas from the academic, industry and government arenas are available to be applied to space systems. At the same time, current mission approaches are reaching the limits of what can be accomplished without such advances. There are four principal areas JPL focuses on in striving for technology development, maturation and infusion in mission system software and avionics:
Mission system software
Principal Research Areas
The functionality requirements of science missions will, and must, continue to evolve, while the need for extreme reliability in flight systems remains a critical factor. In the past, deep space missions had been commanded almost entirely from the ground, with ingenuity and patience overcoming the difficulties of light-time delays. The only exceptions occurred during entry, descent, and landing on Mars and similar one-shot activities such as orbit insertion. Other than for these critical sequences, reliability was achieved largely via safing responses and the use of block level redundancy with fail-over based on straightforward and simplistic system behavior checks, along with interconnect protocol monitoring and watchdog timers, with the majority of the system reliability deriving from the use of radiation hardening at the parts level of the avionics. Now, with the advent of surface missions as an established mission class—with their continuous uncertainties associated with operating on a planetary surface—and the evolution of science objectives requiring real time, goal directed, situationally aware decision making, capabilities are evolving to close more decision loops onboard spacecraft, both for mission planning/operations and fault response. Future spacecraft and space missions will rely more on software-based functionality, and flight computing must evolve to keep pace.
MAESTRO, Rad-hard by design (RHBD) 7X7 tiled multicore chip (proof-of-concept for space-qualified multicore computing)
Recent missions have used single radiation-hardened (rad-hard) computers of a few tens to a few hundred mega-operations per second (MOPS) with power consumption of 20 to 30 W. For many missions, such processors are reliable enough that additional hardware does not need to be added to the system architecture to provide acceptable reliability and availability.
However, emerging missions increasingly require more complex entry, descent and landing, close proximity operations, and onboard scientific data analysis and autonomy. These can drive up the mission requirements for onboard computing by a factor of a hundred or more. While processors that support this level of capability exist in the commercial sector, it typically takes a decade or more for these processors to migrate into rad-hard systems. The current trend in commercial computing systems is toward increasing the number of cores per chip, while decreasing power utilization.
The Maestro processor, shown below, is an example of this type of processor. Developed by NRO and Boeing, the processor provides up to 44 GOPS of throughput at approximately 20 W. While Maestro does not meet many of NASA’s objectives for power management and fault tolerance, it serves as a proof of principle that such a machine can be developed for reasonable cost and schedule from currently available technologies.
A promising development, one that JPL has brokered and is leading, is a joint investment of NASA and the Air Force Research Lab (AFRL) to develop a next-generation spaceflight computer with at least 24 cores on a chip, to include architectural support for very low power operation and for a range of fault tolerance methods. An important objective is to enable dynamic change of operating point in the performance-power-fault tolerance space.
This is an exciting time for flight system developers. New challenges, new capabilities and new technologies and products appear at every corner.
Mission System Software
For mission system software at JPL, an important objective is enhancement of the reliability of mission systems by creating them within a common framework that both systems and software engineers utilize. This unified approach reduces the opportunities for miscommunications between these two technical communities, and increases the lifecycle coherency of design, development and operations activities.
On the flight software front, several major advances are being addressed. First and foremost is the need for a modular, structured software architecture for the basic C&DH, Comm, and GNC software suite with well-defined APIs for the addition of other mission-specific modular functions. Once this is accomplished, it will ease the development of reliable, high quality space-based software. JPL’s Core Flight Software effort is currently developing this architecture and its essential core modules, APIs, development, maintenance and V&V tools, processes and development methods.
To address issues of growing flight software complexity, JPL is developing “state aware software technology.” The technology is intended to be embodied in a compiler and augmented with additional development and analysis tools. State aware software manages complexity by explicitly identifying and handling system state variables, constraining the allowable state space, constraining the ability of software to perform unsafe operations, and supporting the examination and operation of state variables. The Spot compiler, currently in development, provides these capabilities and, as a consequence of its capabilities, allows automated execution of Spin-compatible code. Spin is a dynamic model/code checker that provides extremely high coverage V&V testing. The use of Spot with Spin could provide unprecedented code correctness at budget and schedule reductions of up to an order of magnitude for large complex systems.
Mission system software quality has been improved through the implementation of standard software development processes. Use of these processes has contributed to substantial improvements in software development cost estimation, productivity and defect density for flight software.
JPL’s capabilities in autonomous operations include automated planning, intelligent data understanding, and model-based fault diagnosis and management. These capabilities can be used in both flight and ground systems to support deep-space and Earth-orbiting missions. They support a range of automated behaviors for spacecraft including onboard science event detection and response, rapid turnaround of ground science plans, and efficient re-planning and recovery in response to anomalous events. Successes in this area include 1) the use of onboard image analysis to automatically identify and measure high priority science targets for the rovers on Mars and 2) the use of automated planning on an Earth satellite to routinely manage science activities and automatically record events such as volcanic eruptions, flooding and changes to polar ice caps.
Results from dust-devil detection through image analysis on the Mars Exploration Rover mission. Two of the dust devils are observable (third and fifth boxes) while the other three occur later in the image sequence. The bottom image is contrast-adjusted to highlight detected dust devils in the scene. This autonomy capability was used on the Spirit rover from 2006 to 2010 and is still actively used on the Opportunity rover.
Autonomous capabilities will continue to advance to meet the needs of science investigations while maintaining the highest standard for system reliability and risk management. Future applications include the use of onboard landmark detection and matching to provide pinpoint landing of future Mars surface missions and the use of onboard planning and data understanding to provide rapid event detection and response for upcoming missions to primitive bodies.
The JPL Laboratory for Reliable Software (LaRS) takes a lifecycle approach to software reliability. This approach is based on the simple observation that software defects can be introduced in any phase of software development, starting with requirements elicitation, into design, coding, testing and even mission operations. The approach followed by the LaRS group is to develop and introduce improved methods to reduce defect insertion rates, and to increase defect detection rates, in each phase of software development. In 2009, for instance, LaRS introduced a new risk-based JPL Institutional Coding Standard for flight software development, which helped institute a new program for the certification of flight software developers. JPL also introduced a range of strong static source-code analysis tools into the daily build cycle for flight software developers. In addition, LaRS developed and introduced a new streamlined code review process. For the design phase, LaRS works on design methods for verifiable software components, and model-driven software verification. LaRS is also working on improved randomized software testing techniques, and develops new architectures for more effective fault containment during mission operations. The LaRS group started at JPL in 2003 and has since helped to improve software quality on many missions. Most recently, the LaRS team worked with the flight software development team for the Mars Science Laboratory (MSL) Curiosity Rover. The long-term objective for the group is to achieve a significant reduction in, and where possible to eliminate, the occurrence of residual software defects: those troublesome software defects that only reveal themselves after launch.
Increasing system and software complexity coupled with increasing adversarial activity underscores the need to improve the defensive posture of JPL missions against cyber attacks. Currently, the cyber protections applied across JPL vary across the institution based, in part, on differing risk profiles as well as incomplete knowledge of cyber threats. Such differences in the implementation of protections carries risk to neighboring systems that may have different risk acceptance profiles. Across the institution there is lack of visibility of those shared risks. JPL’s Cyber Defense and Information Architecture (CDIA) team is working to raise awareness of, and to address, the threats that missions and infrastructure face. The team is developing a repeatable framework for assessing cyber risk across programs and projects. CDIA is engaged in research and development of cyber-focused, integrated, executable models for the protection of critical infrastructure for oil and gas facilities (Chevron) and the power grid (DoE). The team’s models enable the identification of weaknesses against cyber attacks and risks to resiliency in key aspects of physical plants and infrastructure. Constructing these cyber-focused, integrated models for JPL missions would confer needed ability to identify weaknesses and risks to JPL-specific systems and projects against cyber adversaries.
Furthermore, there is a need to model data flows and trust profiles between JPL and its various partners. There are emerging responsibilities and perhaps liabilities should JPL be the victim or the conveyed source of a cyber attack from or to a partner facility. The CDIA is creating a cyber defense laboratory that will enable the validation of defensive architectures, designs and solutions in a principled and repeatable manner. Specifically, the results that are targeted will advance and broaden core JPL competencies in modeling and V&V to the important new arena of cyberspace.
Strong support and research is greatly needed in the area of hardening the current mission infrastructure to better detect, diagnose and respond to live adversarial activity and/or intrusion attempts. Such effort would include tasks aimed at understanding and capturing nominal environment baseline data in order to detect anomalous system behavior, changes in system configurations, changes in workflow, and even alterations to low-level system communications that can be indicative of penetration or compromise. In effect, mission systems need to be instrumented to enable situational awareness to detect, diagnose and remediate the consequences of cyber attacks.
JPL missions can receive, transmit and process terabytes of science and engineering data every day for decades, yet not all of that data presents the same risk and vulnerability to a mission, to the institution or its partners, e.g., the sensitivity of command data is very different from the sensitivity of ephemerides. Additional research is on the horizon in the area of adaptively supporting security attributes such as confidentiality, integrity and availability of data where resources may not allow for comprehensive security coverage. The ultimate goal is to better understand how to address dynamic changes to security attributes as the threat environment evolves or risk postures change.