Europa Clipper Uses New Software Assurance Process

4-minute read
Europa Clipper Uses New Software Assurance Process

Key Findings

  • The CFE distribution can be predicted with consideration of a base error rate and several related parameters for the flight project in question.
  • The most significant parameters are the number of files sent during each period and the level of “novelty” of the operations conducted during that period.
    • Although files have a different number of commands and blocks in them and these variables are not completely insignificant, their significance is not very high.
  • Most CFEs are caused by a combination of “hard” and “soft” factors.
    • Hard factors relate to the actual system components, such as hardware, software or procedures.
    • Soft factors relate to human errors.

An upcoming mission to examine one of Jupiter’s largest moons is the first to apply a new process for managing Command File Errors (CFEs) during its design phase. CFEs increase risk and impact reliability in NASA spacecraft missions.

A command file is a piece of software that is sent to a spacecraft with command and/or control functions. If not properly managed, CFEs can cause anomalies, disruptions and even mission failure.

NASA Jet Propulsion Laboratory (JPL) Senior Engineer Leila Meshkat and her team, in conjunction with NASA’s Software Assurance Research Program (SARP), have developed a new process for managing CFEs, and she is applying that knowledge on the Europa Clipper mission. The mission, which is still early in its design phase, will send a spacecraft into Jupiter’s orbit to study the moon Europa through repeated flybys. This is the first time the process is being applied to the design phase of a mission.

“At some level, CFEs used to be kind of a mystery, a toss of a die,” said Meshkat. “We knew what the rates were, but the impact of different mitigation strategies was not explicit or quantitative.”

Meshkat, along with JPL Mission Assurance Managers Bruce Waggoner, Larry Bryant and Grant Faris, tried various Model-Based Systems Engineering (MBSE) tools and techniques to pinpoint the root cause, prevent and predict the rates of CFEs. However, they discovered the most effective technique was to accurately model the behavior of the CFEs and use empirical methods to verify the models and examine existing assumptions about CFE management.

“We analyzed the data, and verified some of these assumptions and found some new information. Some new knowledge we gained from the actual data has changed the way people look into command file errors,” said Meshkat.

The team found that the distribution of CFEs can be predicted with consideration of a base error rate and several key parameters for the flight project in question. These key variables include the number of files sent and the “novelty level” of operations. High novelty occurs due to the relative unfamiliarity of flight activities, i.e., the first few months of a mission or unusual operations, such as impacting a comet.

The team developed a set of models and tools that are being used to manage CFEs. Their Sigma Tool, which provides a stochastic model of CFEs based on the key parameters, can be used to assess the anticipated probability of CFEs based on mission plans.

Unlike the other missions using Meshkat’s findings, which are all in the operations phase, Europa Clipper is still in the early design phase. Her CFE knowledge has given the team unique insights that they are able to incorporate into Europa Clipper’s design.

“I’m able to let them know, this is how command file errors happen. This is what we need to do to prevent them. This is how we need to take in estimations of their unreliability as we’re doing the design,” said Meshkat.

There are specific advantages of taking CFEs into consideration early in the design phase, instead of waiting for the operations phase.

“Anytime you consider an important factor earlier on as you’re doing the design, you make better informed decisions upfront, rather than considering it after the fact.  Sometimes it’s really hard to change your design after the fact, or it takes a lot of resources to change your design,” said Meshkat.

Europa Clipper is a unique mission in other ways, too. It is the first official NASA mission to use MBSE techniques exclusively, as opposed to more traditional designs.

“In general, Europa is using a very different design process than other missions have ever done… We’re using a lot more modeling for a more complete top-down design; we’re building the architecture based on analyses from other missions first and then getting into more detailed design, which is something other missions haven’t done. We’re using systems modeling techniques. We’re doing probabilistic risk assessments from the very onset of the mission. We’re doing a lot of things differently on Europa than we’ve done on other missions,” said Meshkat. 

Meshkat’s findings are being used in several missions that are in the operations phase, including NASA’s Dawn spacecraft, the Mars Reconnaissance Orbiter and the Mars Science Laboratory.