FDIR architectures for autonomous spacecraft: Specification and assessment with event-B

Abstract

On-board Fault Detection, Isolation and Recovery (FDIR) systems are considered to ensure the safety and to increase the autonomy of spacecrafts. They shall be carefully designed and validated. Their implementation involves a relevant knowledge of items like functions and architectures of the system, and a fault model in relation with these items. Thus, the event-B method is well suited to correctly specify and validate on-board safety architectures. This paper focuses on the FDIR concept presentation and the use of event-B for formalising and for refining the FDIR concept. The paper is organised as follows: after a short presentation of on-board FDIR concept strongly bounded with autonomy architecture concept, we suggest activities enabling to implement FDIR concept. Then, we present the framework of formal modelling that we will use to describe our architecture and the properties related to this architecture. We illustrate our approach by modelling more specifically a safety architecture pattern that includes a primary functional component and a redundant one, under the hypothesis of no common fault. The safety property to be met is: "one single fault shall not lead to the total loss of the function". The last section of the paper deals with the objectives for the future work. © 2008 Springer-Verlag Berlin Heidelberg.