Fault injection platform for affordable verification and validation of CubeSats software

Resumo

CubeSats and very small satellites represent an emergent trend in the space industry. These satellites use commercial off-the-shelf (COTS) components to reduce cost and take advantage of the performance/power consumption ratio of COTS, which is an order of magnitude better than the equivalent radiation hardened space grade components. Unfortunately, COTS components are susceptible to Single Event Upsets (SEU), which are transient errors caused by space radiation. This makes the study of the impact of faults caused by space radiation a mandatory step in the development of CubSats, in order to carefully evaluate weak points that must be strengthened through the use of specific software fault tolerance techniques. The fact that the impact of faults is strongly dependent on the software running on the COTS hardware indicates that the study of the impact of radiation faults must be carried out every time the CubeSat software has a major change, or even a minor update. This paper proposes CubeSatFI, a fault injection platform for CubeSats meant to facilitate the incorporation of this extra step in the Verification and Validation of CubeSats software. CubeSatFI allows the easy definition of fault injection campaigns that emulate the effects of space radiation. SEU are emulated realistically through bit-flip faults injected in the processor registers and in other locations of the CubeSat boards that can be reached by boundary-scan, which is available in CubeSat boards through JTAG Test Access Port. The execution of the fault injection campaigns is controlled by the CubeSatFI platform in a fully automated mode. The paper describes the architecture of the CubeSatFI platform, the fault models, and the general fault injection process. Additionally, the use of the CubeSatFI platform is demonstrated with a fault injection campaign for the EDC (Environment Data Collection), a payload system that will be used in a constellation of satellite from the Brazilian National Institute for Space Research (Instituto Nacional de Pesquisas Espaciais - INPE), providing a first realistic insight on the impact of faults in the EDC software.