JPL spacecraft collect scientific data to further our understanding of Earth, the Solar System, and the Universe. Onboard electronics take data from the instruments, store it, process it, and package it for transmission back to Earth. Spacecraft often operate far from Earth and communicate only infrequently with ground controllers. All the software and autonomy that allows these spacecraft to function and implement commands from the ground is hosted by the spacecraft electronics -- the avionics.
For the many spacecraft operating at large distances from Earth, much -- if not all -- of the short-term decision-making in the spacecraft operation must be performed autonomously onboard the spacecraft themselves because of the light delay in commanding from Earth. For spacecraft at Mars, this light delay means that communications from ground controllers take between 4 and 21 minutes to arrive; for spacecraft in the outer Solar System, it can take several hours each way. The spacecraft themselves need to be smart and independent, knowing how to perform their own basic housekeeping as well as more advanced science processing such as science data evaluation and analysis. Since physical repair is impossible at these distances, spacecraft need autonomous detection and resolution of problems if they are to continue the mission even after components have failed. Robust identification and tolerance of faults are of the utmost importance.
The avionics -- and the flight software hosted within the avionics -- form the central nervous system and brain of the spacecraft, constantly monitoring the health of the system, keeping it working, and making decisions on what to do next. In the future, spacecraft will have smarter brains, enabling increased autonomy (spacecraft will require less and less involvement from ground operators) and improved capability (spacecraft will perform increasingly complex scientific investigations). To make future spacecraft more capable and more robust, JPL is actively involved in advancing avionics and flight software in a variety of technological research areas:
- Spaceflight computing architectures and multicore processing
- Computational capabilities
- Software modeling
- Mission operations automation
- Software reliability and fault-tolerant flight software architectures
Selected Research Topics
Spaceflight Computing Architectures and Multicore Processing
Today’s state-of-the-art deep-space spacecraft have a single prime control processor at the center of their avionics, and this limits the amount of processing power available, the robustness of the system to faults, and the timeliness of responses to errors in the processor. A redundant processing box with an additional copy of the processor can be added to cover these faults and increase robustness, but this adds mass and power consumption and makes timely response to faults on the primary processor more challenging. JPL is investigating how to reduce the mass and power consumption of the avionics and increase the robustness and flexibility of the electrical hardware.
One area of active research is the use of simultaneous multicore processing. Not only does multicore provide additional processing power when needed, it could also allow smarter power management by reducing the number of active cores -- and, therefore, the power consumption -- when mission conditions demand it. When combined with time- and space-functional partitioning, multicore processing could improve system robustness by routing around failed cores autonomously and dynamically. This could enable active recovery in the presence of hardware and software faults in scenarios such as entry, descent, and landing on planetary surfaces, something that is now impossible due to extremely low control outage requirements.
JPL is also making advances in fundamental spaceflight computing architectures that could allow capabilities and designs to be shared across missions of vastly different scales and objectives. These scalable and tunable computing architectures could provide increased computational capability and a common architectural framework for all JPL missions, from CubeSats and SmallSats to flagship outer planet missions. Since these architectures are inherently very low power and low mass, missions could also benefit from having more spacecraft resources (mass, power, volume) available for scientific investigations. These computing architectures could provide the scalability and robustness to host complex, possibly mission-critical, autonomous software behaviors that would further scientific return.
Robotic spacecraft continue to become more advanced and more autonomous to increase mission returns and enable novel scientific investigations. Path planning, decision-making, and complex onboard science data analysis are only a handful of the autonomous capabilities currently being investigated, and JPL is researching space-rated, high reliability, high performance computing resources to support these capabilities.
Greater autonomy and scientific return could be achieved by giving spacecraft the ability to perform high-performance and complex software codes remotely. For example, high-speed data compression, complex onboard hyperspectral analysis, and multi-sensor data fusion could allow more data to be returned to scientists on Earth. High performance computational capabilities could allow spacecraft to perform activities that were previously impossible, such as autonomous terrain-relative navigation. This computing power could also allow spacecraft to perform complex scientific target selection and evaluations without having to wait for instructions from ground control.
Various basic research activities are currently being conducted to enhance the software development process, with the objective of producing more robust flight applications. Model-based system engineering (MBSE) has been gaining acceptance and is being applied as standard methodology to specify system requirements for various flight projects. It has the benefit of being more precise in specifying system behavior than informal English text requirements that may be subject to ambiguity in interpretation during design and implementation. To facilitate the transition from traditional methods of system specifications to more precise MBSE methods such as SysML notations, a textual modeling language named K (Kernel language) is being developed for the Europa project. The objective is to provide sufficiently rich semantics that all system model designs can be represented by this language. This language is similar to known formal specification languages and is inspired by SysML in representing a relational view of models. The expression sublanguage of K can be used to specify constraints in the models, even in a graphical context (e.g., textual expressions in block diagrams). A system engineer with basic programming knowledge can readily learn and apply this technique for system specification, thus facilitating the MBSE adoption process. There is ongoing research to develop analysis capabilities on top of the K language. The grammar (parser) and type checker are already complete, and a translator to an automated theorem prover is currently in progress.
Mission Operations Automation
Mission operations rely on downlink telemetry to inform the operators about the successful execution of uplink commands and the health status of the flight system. Two major categories of telemetry data are analyzed in support of operations: event reporting (EVR) and channelized state data (EHA). For missions such as Mars Science Laboratory (MSL), there are approximately 4,000 data channels and 26,000 EVR message types. Continuously monitoring and evaluating EVRs and EHA values is a major undertaking for mission operators. There are many scenarios when multiple EVR(s) and EHA data from different time points need to be analyzed and correlated for health assessment.
To ease the effort by a human operator, a monitoring tool called DASHBOARD has been developed to automate the monitoring and analysis function. The key DASHBOARD technology is the rule-based engine LogFire, which was developed in-house and is coupled to a telemetry retrieval tool. The methods of telemetry data analysis are expressed as rules using the LogFire domain specific language and running the rule-based engine for analysis. This tool is capable of quickly processing large volumes of data and automatically performing the analysis more completely for many complex scenarios. It has benefitted the MSL operations team tremendously in conducting their daily routines. In addition to supporting operations, the tool can be applied to sequence validation prior to uplink as well as to verification and validation testing during development. With its demonstrated effectiveness, this tool has been incorporated as a standard feature for future ground systems and will have lasting benefits to JPL operations.
A precursor of LogFire, the JPL-developed tool named TraceContract (a log analysis tool based on state machines and temporal logic), was used by mission operations at the NASA Ames Research Center during the entire LADEE (Lunar Atmosphere and Dust Environment Explorer) Mission to check command sequences against flight rules before submission to the LADEE spacecraft.
Software Reliability and Fault-Tolerant Flight Software Architectures
As spacecraft become increasingly capable and are tasked with performing increasingly challenging missions, the amount of software code they require increases substantially. At the same time, hardware reliability advanced, and mature processes have been put in place to decrease the likelihood of hardware failures. Ensuring the reliability of the software has become increasingly complex and challenging. This is of the utmost importance to JPL’s space missions because robotic spacecraft frequently operate outside the view of ground controllers and at a significant light time delay with respect to Earth. For much of the duration of such a mission, the success of the spacecraft is fully within the control of the onboard flight software. In the event of a fault onboard the spacecraft, it is the flight software that must regain control of the spacecraft, make sure that it is in a safe state (power, thermal, and communications), and then re-establish contact with Earth. More challengingly, this also includes being able to recover from faults or anomalies within the flight software itself.
JPL is working to develop even more robust flight software architectures to ensure continued safe operation in the face of unexpected hardware or software faults. These architectures include flight software that is partitioned in both execution time and resources to contain potential faults within specific functional areas. These areas could then be recovered quickly without affecting other parts of the executing flight software. In addition to flight software partitioning, JPL is also working on hosting the flight software across multiple disparate processing cores and hosts. By using multiple cores and distributed architectures, additional redundancy can be achieved, and flight software that is not critical for maintaining the health and safety of the spacecraft can be isolated from health-critical tasks. Taking examples from nature as inspiration, JPL is also using distributed control for the electronics design and software architectures. These bio-inspired techniques could allow spacecraft to have a hierarchy of capabilities that could be executed depending on the available resources.