July 26, 2005: QNX boards NASA’s return to flight mission

Has it been five years already? I just came across a blog post on the PARS3C website that says today marks the fifth anniversary of the Space Shuttle’s return to flight mission.

This was, of course, the first shuttle mission after the tragic loss of the Columbia and its crew in 2003. It was also the first mission to use the QNX-based Laser Camera Systems (LCS) from Neptec.

The goal of the LCS is simple: Detect any fractures or anomalies on the shuttle’s exterior surface that could lead to a repeat of the Columbia disaster. Achieving that goal is anything but simple, however. To get an idea, check out this article that I co-authored with Iain Christie of Neptec back in 2005...

Laser camera system puts focus on shuttle safety
By Iain Christie, Neptec, and Paul Leroux, QNX Software Systems

On February 1, 2003, the space shuttle Columbia disintegrated upon re-entering the Earth’s atmosphere, killing the entire crew. The most likely cause: a hole in the shuttle’s left wing. To avoid such disasters in the future, NASA decided they needed in-flight technology that could inspect the shuttle exterior — including areas normally invisible to the astronauts inside — and identify even the smallest threat to mission safety.

Enter the Neptec Laser Camera System (LCS). Designed and built by Neptec, a Canadian-based developer of space vision systems, this high-precision 3D laser scanner made its debut on the space shuttle Discovery, which launched on July 26 of this year and returned safely to Earth two weeks later. Using the LCS, NASA can detect tiny fractures in the shuttle's heat shield, even if they’re only a few millimeters in size. Just as important, the LCS can provide NASA with the data needed to determine whether a fracture does, in fact, pose a threat to the shuttle crew.

In this artist’s rendering, Neptec's LCS scans the nose cone of the shuttle Discovery for potential damage to the shuttle's heatshield tiles.

While in orbit, the shuttle faces extreme, fluctuating temperatures, with the sun rising and setting 18 times each day. These harsh conditions make it virtually impossible to use a traditional video camera to inspect the shuttle exterior. Neptec's LCS not only provides 3D information of the exterior, but is immune to changing temperature and lighting conditions. To achieve this immunity, the LCS incorporates a number of design features, including the wavelength of the laser source (1.5 micrometers) and the very small instantaneous field of view of the scanner. Radiation at 1.5 micrometers falls in a part of the spectrum in which there is very little competing radiation from the sun. As a result, there is only a small possibility that direct sunlight or specular reflections of the sun will be in the field of view at any given time.

A striking insight
Neptec has been a prime NASA contractor for 10 years and has worked on over 25 space shuttle flights. Working closely with more than 40 astronauts, the Neptec team has logged over 10,000 hours at NASA's mission control center in Houston.

The inspiration for Neptec's core technology occurred when an engineer for Canada's National Research Council (NRC) was watching The Graduate, a 1967 movie starring Dustin Hoffman. At the end of the movie, Hoffman runs quickly past a brick wall. The engineer found the image — a person moving against a regular pattern of bricks — very striking. More importantly, he realized that a computer could be programmed to use this regular pattern as a means to accurately measure the person’s motion. The idea led to the birth of the Space Vision Systems (SVS), with which Neptec eventually became involved.

Synchronized scanning
Neptec’s LCS is a wide-angle, high-speed, high-precision laser scanner. At distances of up to 10 metres, it can create a model of any object that is accurate to a few millimeters. Using a synchronized scanning technique, the LCS generates precise images in three modes: QuickView Area Scan, Detailed Area Scan, and Continuous Line Scan.

Using the Quickview Area Scan, the LCS gathers data to generate a 2D image that helps the astronaut operating the system to determine what is in the field of view of the LCS. In the Detailed Area Scan and Continuous Line Scan modes, the LCS gathers 3D data that is processed by software running on a ground-based workstation to produce 3D images and make quantitative measurements.

The LCS generated this 3D wireframe model, which shows a damaged tile on the underside of the shuttle wing. The model is color-coded to indicate the depth of the damage.

System design
The LCS consists of three main components: the Laser Camera Head, the Laser Camera Controller, and the Image Analysis Workstation. The Laser Camera Head is attached to a 50-foot-long extension of the Canadarm (the robotic arm used to deploy and retrieve satellites from the shuttle), allowing it to scan critical portions of the shuttle exterior. The output of the Laser Camera Head consists of raw time-tagged 3D data that is forwarded to the Laser Camera Controller for consolidation and storage.

The Laser Camera Controller, installed in the shuttle cockpit, consists of a laptop computer that executes the Neptec-developed LCS control software. This software provides the graphical interface for the LCS, which lets the user control various functions of the LCS and view the inspection images.

The ground-based Image Analysis Workstation consists of a computer platform situated in or near the mission control center. It runs software applications that process and analyze the 3D image data to support damage-inspection and detection operations.

Tight schedules
The biggest challenge facing Neptec’s LCS software development team was the tight production schedule. The team had to design and develop software to run on new hardware platforms, port application code to a new version of the operating system, develop new features, and qualify and deliver the product — all in less than one year.

“As if that wasn’t difficult enough,” says John Schneider, Neptec’s director of engineering, “Neptec encountered technical challenges with interfacing third-party hardware and resolving cross-platform communications protocol issues.”
QNX Neutrino, the realtime operating system (RTOS) chosen for the LCS, played a key role in helping Neptec address these issues.

OS matters
Neptec’s software developers have worked with QNX operating systems since 1991. They first used QNX during research and development work for Neptec’s early Space Vision System (SVS). Used with the Canadarm, the SVS allows astronauts to accurately position and orient payloads, such as satellites. In fact, the SVS can support all kinds of shuttle operations — everything from piloting the shuttle to providing relative range, bearing, and elevation information that helps astronauts monitor clearances between a payload and the shuttle.

In 2000 the Neptec team used QNX in the first-generation LCS system, which they developed as a Design Test Object (DTO) for the STS-105 shuttle mission in August 2001. They then ported the code to the QNX Neutrino RTOS, the latest generation of QNX operating system technology.

“Having developed a core expertise in QNX and gaining trust in the reliability of QNX products,” says John Schneider, Neptec’s director of engineering, “QNX became the natural choice for the LCS.”

Because Neptec developed a new computing platform for the LCS project, they needed a custom Board Support Package (BSP) to run QNX Neutrino on the new hardware. Consequently, they invited the application support team at QNX Software Systems to develop the BSP. This saved Neptec considerable time and resources, allowing Neptec developers to concentrate on the application development.

“The Neptec staff found the QNX support team to be knowledgeable, competent, and very responsive to the requirements,” says Schneider.

Extreme conditions
On the space shuttle, there is no room for error. Every system must perform with absolute reliability. To address this challenge, the QNX Neutrino RTOS uses a microkernel architecture. Microkernel RTOSs have two defining characteristics, both of which are critical to ensuring system reliability:

1. The OS kernel contains only a small core of fundamental services, such as timers, messages, and scheduling. All higher-level services and programs — device drivers, file systems, protocol stacks, user applications, and so on — run outside the kernel as separate, memory-protected components.

2. Most software components communicate via message passing, a well-defined communication mechanism that allows programs to exchange data while remaining safely isolated from each other.

In the QNX Neutrino RTOS, most system services run as separate, memory-protected processes.

This architecture offers two key reliability benefits. First, it makes it much easier to isolate and correct programming errors before the errors can make their way into a deployed system. For instance, if any service or application under development attempts to access memory outside its process container, the OS can identify the process responsible, indicate the location of the fault, and create a process dump file viewable with source-level debugging tools. The dump file can include all the information the debugger needs to identify the source line that caused the problem, including a history of function calls, contents of data items, and other diagnostic information. Errors that would normally take days or weeks to resolve can be pinpointed almost immediately.

Second, microkernel architecture enables dramatically shorter Mean Time to Repair (MTTR). Consider what happens if, say, a device driver faults in a deployed system: the OS can terminate the driver, reclaim the resources the driver was using, and then restart it, often within a few milliseconds. From start to finish, the entire procedure can be orders of magnitude faster than the conventional solution, which is to reboot the entire system.

Extreme conditions
“The LCS was a critical element of NASA's Return to Flight mission and we had to be sure it used the most reliable operating system available,” said Iain Christie, vice president of research and development at Neptec. “Selecting the QNX Neutrino RTOS was an easy decision because we already knew that the system can handle the extreme conditions found in space.”

This article first appeared in Embedded Control Europe (ECE) magazine.

For more information on Neptec's technology and its role in NASA's Retun to Flight mission, visit www.neptec.com. For more information on the QNX Neutrino RTOS, visit www.qnx.com.

No comments: