# SAFER++ VDM++ and UML Thomas Christensen & Tommy Pedersen.

## Presentation on theme: "SAFER++ VDM++ and UML Thomas Christensen & Tommy Pedersen."— Presentation transcript:

SAFER++ VDM++ and UML Thomas Christensen & Tommy Pedersen

Agenda Discussion VDM++ code Summary

Discussion How to compensate for a defective thruster ?

Discussion How to compensate for a defective thruster ? Cases:  Rotation around one axis only  Translation along one axis only  Multi-axis rotation  Multi-axis translation

Discussion

Case: Rotation around one axis only Example:  +pitch (Clockwise around y-axis)  Thrusters B1 and F3 are fired (left side thrusters)

Discussion Case: Rotation around one axis only Example:  +pitch (Clockwise around y-axis)  Thrusters B1 and F3 are fired (left side thrusters) Thruster B1 fails.. Compensate by:  Disabling B1 and F3  Firing equivalent right side thrusters, B2 and F4

Discussion Case: Translation along one axis only Example:  Forward translation (along +X-axis)  All forward thrusters are fired, F1, F2, F3, F4

Discussion Case: Translation along one axis only Example:  Forward translation (along +X-axis)  All forward thruster are fired, F1, F2, F3, F4 Thruster F3 fails... Compensate by:  Disabling diagonally opposite thruster F2  Keep firing F1 and F4 (½ power)

Discussion Case: Multi-axis rotation Example:  -pitch, -yaw (CCW around z and y-axes)  Thrusters B4 and F1 are fired

Discussion Case: Multi-axis rotation Example:  -pitch, -yaw (CCW around z and y-axes)  Thrusters B4 and F1 are fired Thruster B4 fails... Problem....  No equivalent thruster combinations

Discussion Case: Multi-axis rotation Possible solution 1:  Rotate backwards

Discussion Case: Multi-axis rotation Possible solution 1:  Rotate backwards  Fire opposite thrusters, F4, B1 SAFER rotates to same position (backwards) Problems:  Counter-intuitive movement. (Warning light ?)  May use more GN 2 for propulsion

Discussion Case: Multi-axis rotation Possible solution 2:  Replace single multi-axis rotation by multiple single-axis rotations.  Single-axis rotations can always be performed by alternative thrusters. ”Step-wise” rotation Problems:  R(a+Δa,b+Δb,c+Δc) ≠ R(a,b,c)R(Δa,Δb,Δc)

Discussion Case: Multi-axis rotation Possible solution 3:  Don’t compensate Example:  -pitch -yaw, (CCW around z and y-axes)  Thrusters B4 and F1 are fired Thruster B4 fails...  Use F1 only

Discussion Case: Multi-axis rotation Possible solution 3:  Don’t compensate  Problems: Wider turn radius. Thruster output constant, cannot boost to compensate

Discussion Case: Multi-axis translation  Not possible  Translation prioritized X > Y > Z Only one axis at a time

Discussion Summary Cases:  Compensation possible Rotation around one axis only Translation along one axis only  Compensation not feasible Multi-axis rotation  Compensation not relevant Multi-axis translation

VDM++ SelectThrusters() ==... if numberOfDefThr = 0 then selected := selected else if numberOfDefThr = 1 then if card (selected inter defThrusters) = 0 then selected := selected else selected := CompensateSingle(selected, defThrusters) else if numberOfDefThr > 1 then if card (selected inter defThrusters) = 0 then selected := selected else if card (selected inter defThrusters) = 1 then selected := CompensateSingle(selected, defThrusters) else if card (selected inter defThrusters) > 1 then selected := CompensateMultiple(selected, defThrusters)

VDM++ CompensateSingle : set of ThrusterPosition * set of ThrusterPosition ==> set of ThrusterPosition CompensateSingle(selected, defective) == let transType : TransformationType = GetTransformationType(intcmd) in cases transType: -> alt_thrusters = (tran_single_axis(defective union DiagonalMap(defective))) -> alt_thrusters = (OppositeMap(defective) union OppositeMap(selected\defective)), -> alt_thrusters = {}, others -> alt_thrusters = {} return alt_thrusters;

VDM++ TransformationType = | | ; public DiagonalMap : map ThrusterPosition to ThrusterPosition = { -- Back Thruster positions |->,... public OppositeMap : map ThrusterPosition to ThrusterPosition = { -- Back Thruster positions |->,

VDM++ tran_single_axis : map set of ThrusterPosition to set of ThrusterPosition = { -- +X translation {, } |-> {, }, -- -X translation {, } |-> {, },...

VDM++ GetTransformationType : IntegratedCommand ==> TransformationType GetTransformationType() == let mk_(tran, rot) = intcmd.GetCommand() in if rot(Command`ROLL) = and rot(Command`PITCH) = and rot(Command`YAW) = and tran(Command`X) = and tran(Command`Y) = and tran(Command`Z) = then return else if rot(Command`ROLL) = and rot(Command`PITCH) = and rot(Command`YAW) = and (tran(Command`X) <> or tran(Command`Y) <> or tran(Command`Z) <> ) then return else...

VDM++ public CompensateMultiple : set of ThrusterPosition * set of ThrusterPosition ==> set of ThrusterPosition CompensateMultiple(selected, defective) == return {};

Summary Strategies for compensating for defective thrusters  Single-axis translation and rotation can be compensated for.  Multi-axis translation is not possible.  Multi-axis rotation cannot safely be compensated for. VDM++ code

Similar presentations