SSC implemented a new development process based on MathWorks tools for Model-Based Design to model, simulate, automatically generate code, and to test the onboard AOCS software. Engineers developed accurate simulation models to predict system behavior and to create exhaustive system and software test cases, which met the ESA PSS-05 software development standard.
Using Simulink, SSC first established the system’s architectural design model, which contained only a few subsystem layers and blocks but was sufficient to support initial simulation scenarios. The architecture models were then elaborated into the detailed design by using only allowed blocks, following certain parameter-naming conventions, and adding robustness checks such as divide-by-zero protection.
Engineers used Stateflow to develop a state machine that configures the subsystems of the AOCS model based on the operating mode, including detumble, safe, electric propulsion, and science. In addition, they used Stateflow to control the autonomous momentum management function to heat the thrusters.
SSC used MathWorks tools to automatically generate the application C code, which was then compiled, integrated, and linked into the overall onboard software. Low-level device drivers and operating system software were developed using traditional, hand-written methods. SSC then deployed the onboard software onto a radiation-hardened ERC32 embedded processor.
"Simulation models helped us to create the detailed software design and to accurately predict the system behavior, including spacecraft dynamics," Bodin says. "We then developed detailed test scenarios and generated code with a high degree of confidence that the implementation would match the model behavior."
The Simulink subsystems of the AOCS were unit-tested and integration-tested on a simulated ERC32 target by reusing test cases that the engineers developed and executed within Simulink. In addition to meeting the low-level software requirements, the unit and integration tests also included structural code coverage analysis, input range testing, and max-path testing.
SSC performed software system testing on a hard real-time simulation environment and analyzed the results with MATLAB. They verified the AOCS at the system level using the integrated spacecraft. These tests included open and closed-loop tests at the European Space Research and Technology Centre (ESTEC) in the Netherlands.
"We are quite pleased with the results so far," says Bodin. "We plan to use more MathWorks tools for future project activities, including Simulink Real-Time for hardware-in-the-loop testing."