航天嵌入式现代小卫星软件容错设计及测试系统研究

【作者】 李华旺；

【导师】 杨根庆；

【作者基本信息】 中国科学院上海冶金研究所 ， 微电子学与固体电子学， 2001， 博士

【摘要】 本文的主要工作是研究航天嵌入式现代小卫星软件高可靠、强容错的设计及实现，以及如何评价软件的冗余、容错效果，并且应用于CX-1小卫星软件的容错设计及测试。 软件质量是软件开发过程中所使用的各种开发技术和验证方法的最终体现。通常用软件质量模型来描述影响软件质量的特性。本文首先在众多经典软件质量模型的基础上，提出了一套动态的、实用的、可度量的适合于现代小卫星软件质量管理及开发的软件质量模型，该模型强调了软件质量应该与软件生存周期相对应，体现了质量模型的动态特性；同时针对航天环境的特殊性，强调了容错能力特性在软件质量度量中的重要性。该模型为“创新一号”现代小卫星软件的开发及质量管理提供了有益的手段。 软件冗余、容错是现代小卫星软件质量模型的重要内容，本文对小卫星软件容错设计技术进行了研究。根据小卫星硬件冗余结构的特点，采用了以多版本编程、恢复块技术、前向恢复和后向恢复技术等软件容错技术来提高现代小卫星系统的容错能力。同时利用基于双机冗余备份的双机互检技术来提高整个系统的可靠性。 软件容错效果需要通过软件容错测试来进行评估。测试用例生成、仿真测试环境及测试结果分析是软件容错测试的三个重要环节。本文将故障树分析方法应用于故障测试用例的分析与设计，利用软件故障树分析方法来分析软件故障模式有利于分析导致软件故障的起因，从而得到导致软件故障的集合；为了克服传统的随机抽样方法生成测试用例测试时间长的缺点，本文利用仿生学中的遗传算法来生成测试用例，测试结果表明这种方法可以在较短的时间内达到较高的覆盖率，因此可以大大缩短软件测试时间。 空间宇宙射线易导致半导体器件发生单粒子效应，从而引起软件故障，因此评估软件对单粒子事件的容错能力是必不可少的。故障注入是一种非常有效的验证容错机制的方法。本文根据单粒子事件效应及内存故障模式，提出了一种事件驱动的单粒子事件故障模型，同时针对该模型的具体应用算法进行了详细阐述，提供了将故障注入技术应用于容错机制测评的具体试验中的一种方法。 中国科学院博土研究生学位论文 ＊同时，本文在比较了众多故障注入方法的优点和缺陷之后，提出了以内存故障注入和总线故障注入相结合的故障注入方法，并在此基础上设计并实现了单粒子事件故障注入器。单粒子事件故障注入器具有成本低、通用性强、故障注入方便快捷。全动态实时和定量注入单粒子事件的能力等特点。 软件测试环境的建立是软件容错测试中的另一关键环节。测试环境与具体工程相关。本文以CX4小卫星软件工程为基础，重点研究了小卫星仿真测试平台的分析、设计及实现。采用混合原型法构建的分布式小卫星软件仿真测试平台，具有成本低、配置灵活等特点。混合原型设计方法的关键是各分系统仿真模型的实现，本文结合CX－l小卫星的体系结构，对动力学仿真模型。能源仿真模型和 GPS及轨道仿真模型进行了具体的研究和设计。同时，利用确定性同步算法来减小分布式仿真系统的时空不一致性，保证了分布式仿真的真实性和有效性。实验结果表明，软件开发仿真测试平台可以用来进行软硬件集成实时仿真、故障模式仿真、软件功能验证、软件调度及控制算法验证等，对加速小卫星软件开发进程及软件自闭环测试具有重要意义。更多还原

【Abstract】 Relevant studies on the design of micro-satellite embedded software high fault-tolerance and high reliability and the method for testing and evaluation of software fault-tolerance mechanisms (FTMs) are presented in this dissertation. The software quality model in the space condition is discussed and researched in detail at first. After the comparison of lots of software quality models, a model that fits the needs of project managers is introduced. According to other models, This model is dynamic, not static, in the fact that it allows the production of multiple snapshots of project status across the development, and uses a broad range of measures, since it contains goals, attributes, and metrics for both software products and development processes. This model is also comprehensive, starting with specifying goals through presenting the results. In order to fit the space condition, the ability of fault-tolerance is used to measure the software quality. Subsequently, the design method of fault-tolerance is discussed. According to the needs of high function density and low volume and mass of modem micro-satellite, not only hardware fault-tolerance but also software fault-tolerance are needed. In order to improve the reliability and ability of fault-tolerance of CX- 1 micro-satellite, hardware fault-tolerance technology such as WDT, EDAC, multi-computer system etc. and software fault-tolerance technology such as NYP, Recovery Block, Forward and Backward Recovery etc. are used together. Fault-tolerance testing is a classic emphasis of evaluating the effection of software fault-tolerance. Testing case generation is one of three key processes of software fault-tolerance testing. And this paper brings out one method to optimize the fault testing case based on Fault Tree Analysis (FTA) and GA (Genetic Algorithm) software testing case generation strategy. Fault injection (FL) is a powerful method for the testing and evaluation of fault-tolerance mechanisms (FTMs), which may widely be used during all phases of the development of fault tolerant computer systems. A single event phenomenon fault injection (SEP-FL) model based on event-driven is presented in this paper, and SEP-FL algorithm is discussed in detail. After the comparison of lots of fault injection tools, the aerospace SEP Fault Insertion System based on injecting fault both in the memory and through the bus is introduced in the following. The structure and functions of FIS (Fault Injection System) are firstly introduced. On the basis of expansibility and universality, the study is concentrated on the key implementation technology in Fault Injection Unit. The practical results show that the FIS is low cost, high universality, fully dynamically and real-timely injected. Another problem that must be studied in the software fault-tolerance testing is SRTP (Software Reliabi1ity Testing PlatfOrm). Because of the specia1 needs of theembedded software, SRTP is very imPortant for the morden micro-sate1liteembedded software testing. A S&T (Simulation and Testing) platform fitted to CX-1micro-satellite is introduced in this paPer S&T platfOrm is designed by mixedprototape, which can improve the system’s flexibility and low the cost. Thesimulation models such as dynamics simulation, energy system simulation and GPSsimulation are discussed in detail. As a DIS (Distributed Interactive Simulation)system, the problem of time syncbIonization is a key technology and is discussed inthis paper Finally one simPly software time sgnchronization method with highprecision is proposed and realized. S&T platfOrm is very significant for self testingof the com更多还原