Embedded Systems November 2000 Vol13_12

Issue link:

Contents of this Issue


Page 184 of 189

e BREAK POINTS (heavy spinning wheels that absorb or impart spin to the spacecraft) for atti- tude control. According to the report, "Due to insufficient review and testing of the clean-up script, the commands needed to make a graceful transition to attitude control using reaction wheels were missing." Wow! Excessive spacecraft momentum meant that the reaction wheels just weren't up to the task of putting NEAR into the earth-safe mode. The firmware did try, for the programmed 300 sec- onds, but then gave up and started warming up d1rusters, which offer much more kick than the momentum wheels. Now the only chance to save the space- craft was to go to the lowest level save mode, "sun-safe," where it spw1 slowly around an axis pointing towards the stm. Tlus would keep the batteries charged till grOtmd intervention could help out. Seven minutes later an error in a data structure (that is, a paran1eter stored in the fimnvare) led to the system d1inking a momentum wheel that was running at its maximum speed was stopped. A seties of race conditions, exacerbated by low batterie , led to orne 7,900 seconds of thruster firing over the course of many hours. Eventually NEAR did stabilize in sun-safe mode, though now missing 29kg of critical propellant. So NEAR's troubles stem ultimately from a transient due to an odd vibration mode- somed1ing the firmware design team could not have anticipated. This rather small transient revealed flaws in the firmware that, in large part, led to a near-catastrophe (pun intended). The review board inspected some, but not all, of the system's 80,000 lines of code (C, Ada, and assembly). They uncovered nine oftware bugs and eight data structure errors. Bugs included poorly designed exception handlers and critical variables that could be erroneously overwritten. Hindsight is certainly a powerful microscope, especially when zooming in on a specific problem that causes a mishap. But I can't help but wonder why the post-failure review board's firmware review was o much more PCM-9550F Features B" x 5.75" - Intel low power Pentium~ MMX •• processor - Supports Video-in and Wout (PCM-9550FM) - 8 digrtal inputs and 8 digital outputs - Supports XGA & 36-brt LCD - 3D audio & 100 Mbps Ethernet - One PC/104+ & one mini PCI socket (Type Ill) AD\-\NTECH Embedded Computing Advantech Technologies, Inc. E-mail ' _ ~o Cool~ng~ry-__ __ plgl1al ~ 1/0::.__ __ __ !~rrw:! Su..PQ.IL __ _ € CE F

Articles in this issue

Archives of this issue

view archives of EETimes - Embedded Systems November 2000 Vol13_12