ledinot
commented
7 years ago Yes it is an interim F_EL for increment 1 only (to design these control aspects similar to F_FC). As early as increment 2, F_EL moves to EPS and HBS.
De : SylvanDissoubray [mailto:notifications@github.com] Envoyé : mardi 5 septembre 2017 15:10 À : AdaCore/RESSAC_Use_Case Cc : Subscribed Objet : [Message publicitaire : ] [AdaCore/RESSAC_Use_Case] Relation between F_EL and MMS SW (#34)
Multi-system spec says F_EL will be implemented possibly on FPGA and being part of HBS (at least for final increment). This is key as F_EL must run even when MMS is unavailable or broken.
MMS (software) spec describes an F_EL function as part of MMS (maybe it is just part of the whole F_EL).
Why is this function in MSS software (for increment 1 at least) and what does it do exactly ?
Is it to provide an F_EL mock-up so that MMS implements on the side of the real MMS the logic and control law of F_EL to provide BrakingTorque that can be used to simulate at system level (intended to be removed from MMS at a later increment) ?
Or is it that even in final increment, part of MMS software is spying on itself (on F_PT/F_MM more specifically) to send an EmergencyLanding signal outside as a last will and commit "suicide", i.e. deactivate MMS. In this case the F_EL function defined in MMS spec is a subpart of the function F_EL described in the multi-system spec. In this case, the HBS/F_EL also contains safetyescapes detection as well as MMS total failure detection, partly redundant with the failure detection internal to MMS software.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/AdaCore/RESSAC_Use_Case/issues/34, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVVweCZg0q9LjBI-h8t1D8_mlWebp9_kks5sfUg8gaJpZM4PM7IL.
Multi-system spec says F_EL will be implemented possibly on FPGA and being part of HBS (at least for final increment). This is key as F_EL must run even when MMS is unavailable or broken.
MMS (software) spec describes an F_EL function as part of MMS (maybe it is just part of the whole F_EL).
Why is this function in MSS software (for increment 1 at least) and what does it do exactly ?
Is it to provide an F_EL mock-up so that MMS implements on the side of the real MMS the logic and control law of F_EL to provide BrakingTorque that can be used to simulate at system level (intended to be removed from MMS at a later increment) ?
Or is it that even in final increment, part of MMS software is spying on itself (on F_PT/F_MM more specifically) to send an EmergencyLanding signal outside as a last will and commit "suicide", i.e. deactivate MMS. In this case the F_EL function defined in MMS spec is a subpart of the function F_EL described in the multi-system spec. In this case, the HBS/F_EL also contains safetyescapes detection as well as MMS total failure detection, partly redundant with the failure detection internal to MMS software.