Next: 3.2.7 Operation Scenarios
Up: 3.2 Commanding
Previous: 3.2.5 SI Monitoring
There are no critical or semi-critical situations over which the ACIS Science Instrument Software has control, according to the ACIS Software Requirements Specification. Therefore, the software is not required to address these types of situations. There are, however, a number of safing and recovery procedures for ACIS. Note that, for this reason, the ability for the software to command the FP bakeout heater has been removed from the final version (1.5) of the flight software. A software patch must be uploaded from the ground to enter bakeout mode.
In order to enhance the ACIS software or work around problems discovered after delivery, the spacecraft OBC shall maintain an on-board list of ACIS software changes. These changes are applied upon each ROM reboot. The changes are specified using the equivalent of a series of ``write memory'' commands which are executed upon startup of the ACIS software. This form of a write memory command is known as a patch.
To install a set of software changes, the maintainer issues a series of ``Add Patch'' commands to ACIS, described in Table 3.21. ACIS then just records the patch in its internal patch list, to be applied upon the next reboot from ROM. Once the maintainer is satisfied that all of the patches needed for the changes are installed, a command is issued to restart the ACIS software. After reloading its core image from ROM, the ACIS startup code installs each of the patches specified in the patch list.
Item | Description |
---|---|
Packet Length | Length of command packet in 16-bit words |
Sequence # | Identifies the command packet in a series. |
Command Opcode | Add_Patch opcode |
Patch ID | Identifies the patch within the patch list. |
Virtual Address | 32-bit Back End Processor address to start writing into. |
Length to Write | Number of 32-bit words to write. |
Data to Write | Data values to be copied into BEP memory. |
To remove previously installed patches, the maintainer issues a series of ``Remove Patch'' commands to ACIS, described in Table 3.22. ACIS then removes the specified patches from its internal patch list. Once the maintainer has removed the old changes, a command is issued to restart the ACIS software. After reloading its core image from ROM (effectively undoing the selected patches), the ACIS startup code installs whatever patches are remaining.
In the event that a badly-conceived patch prevents the maintainer from removing the patch, the maintainer must edit the patch list by hand using the ``Write BEP'' command feature. Note that should a boot after a patch fail, then the next boot will not load any patches. This feature also helps the maintainer diagnose and work around problems which occur as a result of failures in the main software ROM. It serves as the maintainer's ``back door'' into ACIS.
In the event of a hardware failure which allows ACIS to boot, but not to execute its ROM startup code, the maintainer can load and execute code directly from the ACIS serial command channel. To accomplish this, the maintainer issues a discrete command to set the ACIS ``Uplink Load'' flag, followed by a second discrete command to reset ACIS. The ACIS Boot ROM then detects the assertion of the flag and polls the uplink channel for a ``Start Uplink Load'' command (see Table 3.23 for the format of this command). The maintainer then sends this command, followed by zero or more ``Continue Uplink Load'' commands (see Table 3.24). Upon receipt of the Start Uplink Load command, ACIS saves the total load length specified in the command, copies the code specified in the command to the desired location, and saves the execution address specified in the command. If the total load length exceeds the length of the command, ACIS waits for one or more Continue Uplink Load commands. Once all of the code has been loaded, ACIS jumps to the execution address specified in the initial command. The ACIS software execution proceeds from there. If another Start Uplink Load command arrives before the load is complete, ACIS ignores the previous load and starts over.
Item | Description |
---|---|
Packet Length | Length of command packet in 16-bit words |
Sequence # | Identifies the command packet in a series. |
Command Opcode | Uplink_Load_Command opcode |
Virtual Address to Write to | 32-bit Back End Processor address to start writing into. |
Length to Load | Number of 32-bit words to write. If the length exceeds the number of words allowed in the command packet, subsequent Continue_Uplink_Load commands must be sent. |
Virtual Address to Start Execution from | Virtual address to jump to after the load is complete. |
Data to Write | Values to be copied into BEP memory. |
Item | Description |
---|---|
Packet Length | Length of command packet in 16-bit words |
Sequence # | Identifies the command packet in a series. |
Command Opcode | Continue_Load_Command opcode |
Data to Write | Values to be copied into BEP memory. Values are appended to information copied from the last Start_Uplink_Load or Continue_Uplink_Load command. |
John Nousek