In order to illustrate how MIR really works, we will use an authentic example from Deep Space One's (DS1) communication system.
During the DS1 mission the spacecraft sends data like photographs of the asteroid via its communication system, to the Deep Space Network (DSN). The communication system consists of many devices, which MIR calls components. These devices have specific functions and work together to send the signal. A failure in any of these components could prevent Earth from receiving any signals. It is very important that any failures are detected and corrected; otherwise, all information gathered during the mission could be lost.
The first step in monitoring the health of a spacecraft is to gather information regarding how the components and systems on the spacecraft are behaving. Sensors are placed throughout the spacecraft and constantly feed MIR such data. There are sensors which detect whether current is flowing through a circuit, whether valves are open or closed, whether switches are on or off, etc. Part of the challenge of spacecraft engineering is to determine how many sensors are necessary and where they should be located. Sensors add mass to the spacecraft and use energy, so the fewer the better; however, if there are too few, there will not be enough information to accurately determine the status of the spacecraft.
In order to detect failures, it is important for MIR to know what the spacecraft's systems should look like at any point in time. The way MIR accomplishes this is through the use of "models." A model is a description of the components that make up a system on the spacecraft, and the expected behavior or "modes" of those components. The model includes many different combinations of the expected behaviors of the components given various situations. For example, if a radio signal is being sent through Power Conversion Unit A (PCU A), the model would show PCU A drawing power in order to amplify the signal.
MIR knows what should be happening on the spacecraft by eavesdropping on the EXEC when it commands different parts of the spacecraft to carry out various actions. For example, DS1 has several antennas through which it transmits information. If the spacecraft has been commanded to switch to the +z axis low-gain antenna, and to send the signal by way of Power Conversion unit A (PCU A), MIR hears that information. Based on its model, MIR knows the "mode" that each component should be in and therefore, what the sensors should read. MIR's model also includes the expected modes of the components given certain failures. For example, the model shows that if PCU A were broken, it would not be drawing any power even if it were supposed to be sending a signal. Finally, MIR compares its model of what the spacecraft should look like to the actual status of the spacecraft based on the sensor data. If there is a conflict between the two, MIR knows that some failure has taken place and searches its model to find out which failure would give the current sensor reading.
Once MIR detects conflicts in the expected and actual sensor information, it does a search to determine the most likely cause for the conflict. Determining which component or components are actually failing and in what manner (in other words, the "failure mode") is called diagnosis. Each failure mode is programmed with the probability of its happening. The failure mode that is the most likely to happen is the one that MIR first assumes is the correct diagnosis.
The last step is to take action to recover from the failure. In the example above, if a temporarily stuck waveguide switch is the most likely failure, MIR will report this diagnosis to EXEC. Usually, EXEC will then ask MIR for the best recovery action. (See the EXEC section for exceptions.) Many recovery actions may disrupt other spacecraft activities. EXEC communicates with MIR regarding what is currently happening on the spacecraft. MIR will then suggest a recovery action to the EXEC which will not alter other activities. If the suggested recovery action doesn't work, MIR will discard this diagnosis and move on to the next most likely diagnosis. If a failure is permanent, MIR will report this to the EXEC. The EXEC will either attempt to accomplish the plan goals without using the failed component, or will request PS to generate a new plan taking the failure into account.
The above description focuses on failure detection and diagnosis, but MIR's constant monitoring also provides feedback when things are going as planned. As stated before, MIR compares the actual status of the spacecraft (based on sensor information) to the model's prediction based on EXEC's commands and PS's plan. If the predicted model and the actual status match after a given command, MIR reports that the command was completed successfully. If the status of the spacecraft is not what it should be according to the command, MIR reports this to EXEC and waits for the recovery action request.
What exactly can Remote Agent do?
How are remote agents used?
How does DS1's electrical system work?
What makes DS1 send distress signals?
What is DSN?
How does DS1's communications system work?
What is an example of Mode identification and recovery in every day life?
How does the Smart Executive work?
How does the Mode Identification and Recovery system work?
What's a circuit?