Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #15 #18, Add missing rationale and update application table requirements #26

Merged
merged 2 commits into from
Jun 1, 2022
Merged

Fix #15 #18, Add missing rationale and update application table requirements #26

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
de7c783
Fix #15, Add missing requirements rationale
skliper May 25, 2022
70925a7
Fix #18, Clarify application table requirements
skliper May 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 9 additions & 19 deletions docs/hs_FunctionalRequirements.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,13 @@ b) Ground Command Rejected Counter.",Important for testing and on-orbit fl
HS1002,HS1002,"For all HS commands, if the length contained in the message header is not equal to the expected length, HS shall reject the command and issue an event message.",Basic command verification in the event of SEU or memory corruption
HS1003,HS1003,"If HS accepts any command as valid, HS shall execute the command, increment the HS Valid Command Counter and issue an event message.",Operators require feedback on command execution.
HS1004,HS1004,"If HS rejects any command, HS shall abort the command execution, increment the HS Command Rejected Counter and issue an error event message.",Operators require feedback on command execution.
HS2000,HS2000,The HS Application shall verify that each application defined in the Critical Application Table is executing.,HS uses a table to define the critical application. Tables are used so that the list can be configured for a mission and can be easily changed.
HS2000.1,HS2000.1,"If the entry indicates that the application is a cFE Core Application and it has not executed for the corresponding table-defined number of HS execution cycles, HS shall perform one of the table-defined actions
a) cFE Processor Reset
b) Send an Event message
c) Send a Software Bus Message
d) Perform No Action","Not able to individually start a cFE core application, therefore, need to perform a cFE Processor Reset. Note that the Software Bus message can be any message, however, the intent it to allow the starting of an RTS (without tying HS to SC)."
HS2000.1.1,HS2000.1.1,"If the action is to perform a cFE Processor Reset and the Number of cFE Processor Resets is less than the <PLATFORM_DEFINED> Max Number of cFE Processor Resets , HS shall
a) Increment the Number of cFE Processor Resets
b) Set the Watchdog servicing flag to False
c) Command the cFE Processor Reset.",Note that the watchdog flag is set to false in the event that the cFE Processor reset can’t be performed.
HS2000.1.2,HS2000.1.2,"If the action is to perform a cFE Processor Reset and the Number of cFE Processor Resets is greater-than-or-equal-to the <PLATFORM_DEFINED> Max Number of cFE Processor Resets , HS shall send an event message.",No cFE Processor Reset will be performed. Need to prevent an infinite reset loop.
HS2000.2,HS2000.2,"If the entry indicates that the application is not a cFE Core Application and it has not executed for the corresponding table-defined number of HS execution cycles, HS shall execute one of the table-defined actions:
a) Restart the Application (that failed to check-in)
b) cFE Processor Reset
c) Send an Event Message
d) Send a Software Bus Message
e) Perform No Action","Note that each entry has a corresponding HS execution counter. This represents the number of HS execution cycles before the Application is declared “not there”. Note also that an application can have more than one entry (could have one entry to restart the app and a second entry to perform a cFE) Processor reset. More than one application restart can be performed in one HS cycle. Note that the Software Bus message can be any message, however, the intent is to allow the starting of an RTS (without tying HS to SC)."
HS2000,HS2000,The HS Application shall verify that each application defined in the Application Table is executing.,HS uses a table to define monitored applications. Tables are used so that the list can be configured for a mission and can be easily changed.
HS2000.2,HS2000.2,"If the Application has not executed for the corresponding table-defined number of HS execution cycles, HS shall execute one of the table-defined actions:
a) Restart the Failed Application (This action will fail for cFE Core Apps)
b) cFE Processor Reset
c) Send an Event Message
d) Send a Software Bus Message
e) Perform No Action","Note that each entry has a corresponding HS execution counter which represents the number of HS execution cycles before the Application is considered failed. An application can have more than one entry (could have one entry to restart the app and a second entry to perform a cFE Processor reset). More than one application restart can be performed in one HS cycle. The Software Bus message can be any message, however, the intent is to allow the starting of an RTS (without tying HS to SC). cFE ES will reject any attempt to restart a core application, so this combination should not be used."
HS2000.2.1,HS2000.2.1,"If the action is to perform a cFE Processor Reset and the Number of cFE Processor Resets is less than the <PLATFORM_DEFINED> Max Number of cFE Processor Resets , HS shall
a) Increment the Number of cFE Processor Resets
b) Set the Watchdog servicing flag to False
Expand Down Expand Up @@ -62,7 +52,7 @@ b) Begin processing the Critical Event Table.",Useful for making table upd
HS5002,HS5002,"Upon receipt of a Disable Critical Event Monitor Command, HS shall
a) Set the Enable Critical Event Monitoring to Disabled
b) Stop executing the Critical Event Table.",Useful for making table updates.
HS5003,HS5003,HS shall support up to <PLATFORM_DEFINED> critical events.,
HS5003,HS5003,HS shall support up to <PLATFORM_DEFINED> critical events.,Configurable limit on critical events for platform resource management.
HS5004,HS5004,"Upon receipt of a Critical Event Table update indication, HS shall validate the Critical Event Table by validating the action",Validate the table for gross errors. Only able to valid the action field (all others are runtime checks)
HS5004.1,HS5004.1,"If the Critical Event Table fails validation, HS shall issue an event message.","Can verify gross errors in table. If errors exist, HS can still perform other monitoring (just not critical event monitoring)."
HS6005,HS6005,"During each HS execution cycle, HS shall send a <PLATFORM_DEFINED> character(s) to the UART port every <PLATFORM_DEFINED> second(s).",Heartbeat reported to the UART gives an indication that the system is running.
Expand Down Expand Up @@ -104,7 +94,7 @@ j) Number of cFE Processor Resets (commanded by HS)
k) Number of Invalid/Unknown Apps contained in Critical Event Table
l) Peak CPU Utilization
m) Average CPU utilization
n) CPU Utilization Monitoring Enabled/Disabled to <PLATFORM_DEFINED",
n) CPU Utilization Monitoring Enabled/Disabled to <PLATFORM_DEFINED",Reset behavior for states and data.
HS8001,HS8001,"Upon cFE Processor Reset or HS Application Restart, HS preserves the following:
a) Number of cFE Processor Resets (commanded by HS)
b) Maximum number of cFE Processor Resets.",Need to preserve the cFE Processor reset default and current number across a reset.
Expand Down