Copyright © 2004 BSSE.
All rights reserved.
Impressum Legal Notice

Projects In Space Area

For the period up to 1996 projects, studies and other activities were executed by Dr. Rainer Gerlich as an employer of EADS Astrium (former Dornier GmbH).

2004-: Automation in the Lifecycle

The ESA project "Automatic Code Generation" started beginning of 2004 aims to introduce a higher degree of automation in the software lifecycle, focusing on automatic code and test case generation, verification and validation. This work includes identification of impact on standards and a proof of feasibility by pilot applications in the contect of mission critical software. Prime contractor is EADS-ST (Space Transportation) (F), subcontractors are SynSpace (CH), SciSys (UK) and BSSE.

1999: MSL V&V

Verification and validation of the MSL software has been performed for ESA/ESTEC by a separate contract. ISG techniques of formal validation, automated testing, stress testing and fault injection have been applied.

1999: MSL Software

MSL ("Material Science Laboratory") is a micro-gravity experiment on-board of the International Space Station (ISS). BSSE did provide the infrastructure software for the two-processor real-time system, the command handling, the data acquisition, data processing, database and telemetry handling software. The software was developed using the ISG environment.

1999: ISG

ISG ("Instantaneous System and Software Generation") is a software development technique with supporting environment which allow to derive automatically distributed, real-time software from system engineering information provided by spreadsheets. The generated software is immediately ready for execution. It is automatically instrumented so that a number of figures are provided for system optimisation and tuning. An incremental deveopment approach is supported. Automated testing, stress testing and fault injection are also available.

1998: OnlineM

OnlineM (Online Maintenance) is a project executed under subcontract to AONIX (France) and Aerospatiale (Les Mureaux) in the course of the ATV (Automated Transfer Vehicle) project of ESA. ATV is a part of the international space station (ISS) which will be established during the next years by a cooperation between ESA, NASA, NASDA (Japan) and the Russian space organisation.

OnlineM is a technology which allows reconfiguration or maintenance of software when it is in operation without the need to stop the executing program. This technology was initiated by ESA/ESTEC under the AESOD contracts (see below) between 1986 and 1989.

Between 1990 and 1993 the approach was continuously improved by R. Gerlich for Ada platforms (Meridian, Alsys, PC/Intel platform) and presented at the first Eurospace Symposium in Barcelone and during ESA's first workshop on Guidance and Navigation in 1991.

On request by Aerospatiale and Aonix BSSE ported this technology to the Sparc architecture and GNAT and Aonix/Alsys Ada compilers.

1996-1997: EaSySim II

Based on the experience collected since 1992 by the ESTEC projects HRDMS, OMBSIM, DDV a new modelling and validation environment EaSySim II was developed by BSSE, partially supported by ESTEC by the funding in the course of "Executable Specifications and Formal Methods" activity in 1996 and by provision of a budget for commercialisation of the space know-how.

EaSySim II is based on a completely new technological approach which provides capabilities for modelling, simulation, system validation and code generation for a SDL/C/Ada environment. EaSySim II enhances the SDL toolset ObjectGEODE from Verilog and introduces guidelines, standards, templates, SDL extensions and C libraries.

EaSySim II introduces performance analysis capabilities into the SDL environment, allows for change of a system's topology at run-time without any need for recompilation, provides features needed to implement fault-tolerance and enhances the communication capabilities of SDL.

Moreover, by its templates and guidelines EaSySim II helps a software engineer to succeed with behavioural verification even for larger and complex systems.

1995-1996: DDV (DMS Design Validation)

DDV was an ESTEC study being executed together with MMS-F as prime contractor and Verimag (F) as further subcontractor. Subcontract manager at Dornier was Mr. Rainer Gerlich. The goals of DDV were

  • to apply formal methods,
  • to use executable specifications for validation of DMS specification and design by means of simulation, and
  • to define a general FDIR concept which is reusable for future autonomous spacecrafts (earth-orbit or deep-space missions).
Contribution by Mr. Rainer Gerlich was related to
  • support of the DDV validation approach by provision of experience on the EaSyVaDe methodology (Early System Validation of Design),
  • definition of a general and modular FDIR concept,
  • support to validation of DMS specification, and
  • design validation of the sample application
based on his experience from previous projects (HRDMS and OMBSIM, see below).

1993-1995: OMBSIM (On-Board Management System Behavioural Simulation)

OMBSIM was an ESTEC study on improvement of system development life cycle addressing hardware-software co-design, early system validation by simulation, executable specifications and design and formal methods. It has been executed by Dornier as prime contractor (study manager: Rainer Gerlich) and FZI (D) and University of Linz (A) as subcontractors.

The main goals were

  • to identify an improved methodology for system development (hardware and software),
  • to establish a tool environment supporting the methodology, and
  • to prove by execution of a pilot application that the methodology is feasible and suitable for development of future data management systems on-board of a spacecraft.

The tasks were successfully completed by end of 1995. The identified approach has been proposed to the industry by ESTEC (division WS) in January 1996. MMS-F has already applied the approach in the course of the DDV study and recommends it for further use.

1992-1994:HRDMS (Highly-Reliable DMS and Simulation)

HRDMS was an ESTEC study aiming to define a new approach for a highly reliable DMS of a future autonomous spacecraft for deep-space missions. The contract was executed together with Saab-Ericsson Space (S) as prime contractor and Cap Computas (N) as subcontractor. Subcontract manager at Dornier was Mr. Rainer Gerlich.

The contribution of Mr. Rainer Gerlich in the course of this project was:

  • to establish a simulation environment by which the new DMS design could be validated w.r.t. to functionality and performance,
  • to prove that by the proposed centralised DMS approach data can be acquired right in time, and
  • -to validate the proposed system reconfiguration concept.

All tasks have been completed successfully. As it could be demonstrated by the HRDMS simulation environment that the centralised DMS approach can provide the needed performance the new approach is proposed for the ROSETTA mission. The experience gained by the HRDMS simulation task formed the base for execution of the OMBSIM study.

1987-1992: Software Engineering for Columbus

Since 1987 Mr. Rainer Gerlich has been involved into several software engineering tasks in the Columbus project:

  • software engineering for MTFF-RM as member of the Dornier RM team (the RM (Resource Module) included the subsystems "communication", "electrical power system", "data management system", "guidance and navigation control system", "thermal control system", "solar panels")
  • software engineering for MTFF-AOCS (Attitude and Orbit Control System) as a member of the Dornier AOCS team
  • software engineering for ECLSS (APM/MTFF) as a member of the Dornier ECLSS team (ECLSS = Environmental Control and Life Support System)
  • software engineering for the Management and Technical Information System as a member of the Dornier MATIS team.

Mr. Rainer Gerlich was responsible for co-ordination of software engineering activities including subcontractor management.

1987-1988:Software Engineering for ROTEX

ROTEX was the Robotics Experiment flown in April 1995 during the German D2-mission aiming to demonstrate feasibility of robotics in space, to confirm the selected design approach and to identify optimum solutions for future missions.

This activity was executed at the beginning of Phase C/D and included - apart from ususal software engineering and subcontractor management tasks - as an important issue the complete re-design of the data management system (hardware and software) in view of performance needs. The resources provided by this re-design ensured a successful mission. The experience for this re-design was collected during the AESOD I study.

The ROTEX project was executed by Dornier as prime in collaboration with several other German SME's and universities.

1986-1987: AESOD I (AOCS Embedded Software Design),

1988-1989: AESOD II

AESOD I,II projects were both lead by Mr. Rainer Gerlich.

AESOD was an activity initiated by ESTEC for implementation of reusable software forming a layer between a real-time operating system and AOCS (Attitude and Orbit Control System) application software. For AESOD I the subcontractor was CRISA (E), AESOD II was executed together with Carlo Gavazzi Space (CGS) (I).

During AESOD I a standard interface for real-time applications was defined including a scheduler, bus support software and software for communication between the embedded system and the external world. Techniques for on-line reconfiguration and maintenance of on-board software were identified and implemented. The implementation language was C. In order to allow for a smooth transition to Ada an Ada-like programming style was introduced by the help of macros. Object-oriented package concepts were used by dividing the C source code into package-like subsets. Package interfaces were introduced by include-files.

The benefit of portable software was demonstrated by developing and pre-integrating all the software on the development environment (PC and VAX/VMS) and porting it then to the target hardware for final integration with the software closely related to hardware which had been developed in parallel on the target system.

Sensor data had been derived by simulation on PC and were fed in via the buses into the target environment in real time. Actual actuator commands were compared with the pre-calculated ones.

The AESOD I activity lead to establishment of a portable simulation environment for AOCS applications. Also, it is the source of experience on on-line maintenance and generic system decomposition.

The main goal of AESOD II was to port the AESOD I software to Ada.