Abstract

This paper presents a model-based fault management (FM) system designed to provide off-nominal state detection and isolation capabilities that are key components to assessing spacecraft state awareness. The ability to autonomously isolate spacecraft failures to component levels will enable faster and more targeted responses and recovery thereby reducing down time. The use of model-based systems and practices is being explored by the FM community as a viable approach to developing more capable, autonomous systems in order to meet mission objectives. Model-based systems can provide better fault identification than traditional methods of fault detection such as limit-checking. They also lend themselves to more straight-forward approaches to verification and validation. We have chosen a particular model-based technique called Constraint Suspension for autonomous fault detection and isolation that does not require explicit fault modeling. The system is composed of a diagnostic engine and nominal system models of the target application, for example sensors and actuators. Sensed data are propagated through models of nominal system behavior. Faults are diagnosed when inconsistencies arise between sensed and modeled data. Several benefits result from this choice. First, because knowledge of faulty behavior is not required, it is possible to detect unanticipated and unforeseen faults. In fact, anomalous, degraded, and failed states all can be detected. Second, the same models used for nominal analyses and operations can be re-used for fault management, saving development resources and time. Third, the core diagnostic engine algorithm is complete and requires no additions to accommodate a potentially growing number of faults over time resulting in a relatively compact software footprint. Related to the second and third points is that the core algorithm and, potentially, models can be reused from mission to mission. Finally, the system can be used early in the design phase as a tool for sensor placement analyses and model verification. Health information produced by the FM system can be used to make resource allocation and planning and scheduling decisions by ground operations or by other on-board autonomy agents. Autonomous fault detection, isolation, and recovery (FDIR) on board space vehicles will provide protection and increased mission availability and reliability. On the ground such systems enable lights-out monitoring as well as training and support for operators. This paper presents the development of fault detection and isolation algorithms and models. Application of the system to a spacecraft attitude control system is discussed. Finally we apply Model-Based Systems Engineering (MBSE) modeling patterns to the fault management system models as a way to facilitate the development of the models through the use of SysML.