# Modular Architecture for Robust Computing (MARC)

Presented by Alan Senior 17<sup>th</sup> September 2007 at the International SpaceWire Conference 2007



### Project team

- Systems Engineering & Assessment Ltd (SEA)
  - Definition of the system hardware architecture
  - Selection of component technologies
  - Design, manufacture and test of a demonstrator system
  - Implement hardware FDIR functions
  - SciSys UK Ltd
    - Develop the Generic Fault-tolerant Architecture using SOIS (GenFAS) software framework
    - Implement software FDIR functions
- EADS Astrium Ltd
  - Definition of FDIR requirements, partitioning and algorithms
  - System analysis and verification of demonstrator performance
  - Activity coordination



#### MARC Aims

- Define a modular architecture based on a SpaceWire network that is scalable to meet future mission needs
- Design, manufacture and test a representative demonstration system comprising:
  - Processing modules, Mass Memory (RMAP interface) and active SpW backplane
  - New flight capable hardware technologies (eg LEON2, SpW router)
  - COTS Power PC to demonstrate network load handling
  - SOIS based software and related services to ECSS-E-40
- Demonstrate the essential features of a heterogeneous, fault tolerant, high availability distributed avionics system





## **GenFAS** features

- Decentralised, distributed Onboard software
  - May be located on any processor
  - Telecommands routed based on APIDs
- Decentralised, distributed access to all instruments and transducers via a SpaceWire network
- Advanced Mass Memory architecture
  - Supporting a file system, packet store, FIFO buffer etc.
- Fault tolerance based on "spare" capability, rather than full redundancy
  - Applications are linked together into a validated software build
  - Build information stored in a safeguarded context area
  - Software builds are allocated by a configuration manager to processors
  - FDIR manager detects failures and initiates re-deployment of the software build to a spare processor





#### Software architecture



#### FDIR analysis and performance

- Define failure scenarios, detection strategies and levels of autonomy
- Partition FDIR functions into onboard hardware and software or TM/TC actions
- Define FDIR architecture as centralised (single node), distributed FDIR (multiple nodes with majority voting) or a combination of both
- Create an FDIR analysis tool in UML to derive the FDIR actions
- Create an FDIR model of the system incorporating the FDIR algorithm using UML
- Evaluate and optimise the system architecture performance when exposed to different failure scenarios
- Demonstrate the FDIR algorithm running on the MARC demonstrator, handling failures
- Assess the performance and reliability of the SpaceWire network to handle critical commands/telemetry and hence act as an alternative to Mil-Std-1553B

