Declic
System design and implementation of a scientific system for use in the International Space Station
Role: System Design/Developer/Documentation writer
I was involved in the design of its Thermal Control Subsystem in multiple roles:
Because this was a design for use in space, there was a heavy emphasis on reliability. Taco walstra and I designed the overall architecture of software of the Thermal Control Subsystem ("TCSS"). This subsystem consisted of a configuration dependent number of microprocessors, sensors, actuators, and fpga's. The whole TCSS was controlled by the C3 process, a mixed C and Tcl application that I wrote.
A Failure Modes Effects and Criticality Analysis document that I wrote was instrumental in designing redundancies into the TCSS. I've managed to use these features to good effect when a critical sensor died a few years after operation in the International Space Station. I managed to create a sort of synthetic sensor channel and corresponding pid-controller in Tcl that worked around the failure. This article of the International Astronautical Congress shows the results of the software workaround, and mentions my contribution (see page 7 and last paragraph of article).
The software of the TCSS keeps the temperatures of the scientific components of Declic stable within milli-kelvins. Distributed PID feedback loops on various parts of the system control multiple heaters and Peltier heatpumps in order to keep the system as stable as possible.
The whole system communicated over ethernet between the central Linux embedded system, that communicated via tcp to the Data Handling System, and via udp to embedded microcontrollers that controlled the actual sensors and actuators via fpga hardware.
The needed low interrupt latency required the then new Linux kernel 2.6, and I think this was the first time that it was used in space.
Temperature calibration of the system was a very big issue. Absolute temperature accuracy at several 100 °C within 0.1°C required a very careful electronics design, high quality Platinum sensors, and software calibration.
I designed a test plan including a software controlled resistance bench, that automatically calibrated boards. A typical calibration run would take several days.
The space qualified design required a lot of paperwork. I wrote an FMECA, an Architectural Design Document, a Detailed Design Document, Software Verification Plans, many test reports etc...
In order to keep track of all this documentation, I wrote the Documentation Management System.
An interesting article on Declic has appeared in Linux Journal (Aug. '04)