Mouse Droid

Mouse Droid

Scope of this Specification Comment C0141

This document describes system and software architecture
for engineering generation 5 of the mouse droid,
denoted by the term MoD5G.

Mouse Droid

MoD5G mouse-droid Image C0173

A brown mouse is the symbol for the MoD5G project.

Mouse Droid

Purpose of MoD5G Comment C0203

The main purpose of the MoD5G droid is
to repair mechanical, electrical and logical elements
at remote locations.

Goal

Introduction mouse-droid Comment C0001

The mouse droid is a repair droid.

An operation supervision department
defines a mission for the mouse droid.

The mouse droid autonomously drives to the destination location,
replaces damaged parts, re-configures program logic if needed and
returns to the programming terminal.

It is easily reprogrammable and can therefore also be used for
- cleaning tasks
- spying and surveillance tasks
- message delivery

Constraints

Operating Temperatures environment Requirement C0003

The droid shall be functional in the range 240K..360K,
it shall survive temperatures from 150K to 400K.

Constraints, Architecture Decisions

Cosmic Rays environment Requirement C0002

The droid shall ensure data and program integrity.

It shall continue operation after cosmic rays have interfered with data storage or program execution.

Corrupted data must not be stored permanently.

Constraints

Environmental Constraints environment Package C0144

This package lists technical/physical constraints imposed by the environment in which to operate.

Scope and Context, Lifecycle, Operational Context

Operational Context Subsystem C0089

This boundary encompasses the topics that are in scope during operation and maintenance.

Scope and Context, Lifecycle, Factory Context

Development and Production Context Subsystem C0088

This boundary encompasses the topics that are in scope during development and production.

Scope and Context, Use Cases and Requirements, Factory Context, Requirements and Goals, Operational Context, Scope and Context, Deployment View

Mouse Droid MoD5G mouse-droid Subsystem C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Scope and Context, Lifecycle, Factory Context

Development and Production Context Subsystem C0088

This boundary encompasses the topics that are in scope during development and production.

Scope and Context, Lifecycle, Operational Context

Operational Context Subsystem C0089

This boundary encompasses the topics that are in scope during operation and maintenance.

Lifecycle

Build Droid factory Use Case C0090

At the factory, workers assemble hardware and electronic parts to mouse droids and integrate control logic and data.

Lifecycle

Develop Software SW Use Case C0091

A team of engineers designs, produces and tests the control logic and factory data of the droids.

Lifecycle

Operate Droid usage Use Case C0092

An operator instructs the mouse droid which mission to perform.
The logic of the mouse droid translates this mission into driving maneuvers and actions of the integrated tools.

Lifecycle

Repair Droid maintenance Use Case C0093

A service mechanic analyzes the health state of a mouse droid.
Depending on the outcome, oil is refilled, logic is updated, parts are exchanged or the whole droid is disintegrated.

Lifecycle

Design Hardware HW Use Case C0135

A team of engineers designs, produces and tests the mechanical hardware parts of the droids.

Lifecycle

Electrical Engineering EE Use Case C0136

A team of engineers designs, produces and tests the electrical and electronic parts of the droids.

Lifecycle

Disposal Use Case C0210

The empty space is a good location for damaged droids (see flow in Health States).

Scope and Context, Lifecycle, Factory Context

Development and Production Context Subsystem C0088

This boundary encompasses the topics that are in scope during development and production.

Factory Context

Factory Robot Actor C0212

Factory Context

Factory Worker Actor C0211

Factory Context

Factory Test System Actor C0213

Scope and Context, Use Cases and Requirements, Factory Context, Requirements and Goals, Operational Context, Scope and Context, Deployment View

Mouse Droid MoD5G mouse-droid Subsystem C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Scope and Context, Use Cases and Requirements, Factory Context, Requirements and Goals, Operational Context, Scope and Context, Deployment View

Mouse Droid MoD5G mouse-droid Subsystem C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Scope and Context, Lifecycle, Operational Context

Operational Context Subsystem C0089

This boundary encompasses the topics that are in scope during operation and maintenance.

Operational Context

Environment Subsystem C0214

Operational Context, Deployment View

Charging Terminal Node C0097

This terminal charges the energy cell of the MoD5G.

Operational Context, Deployment View

Programming Terminal Node C0096

This terminal programs the next mission for the MoD5G.

Operational Context, Deployment View

Maintenance Booth Node C0098

A thie booth, a mechanic analyzes the health of the MoD5G and replaces parts if damaged.

Operational Context

Malfunctioning Terminal Node C0215

Use Cases and Requirements, Operational Context, Scope and Context

Operator Actor C0216

Operational Context

Service Worker Actor C0217

Scope and Context, Use Cases and Requirements, Factory Context, Requirements and Goals, Operational Context, Scope and Context, Deployment View

Mouse Droid MoD5G mouse-droid Subsystem C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Use Cases and Requirements

Perform a 1-day mission goal Use Case C0006

The mouse droid is able to perform a mission that takes several hours. The energy resources of the MoD5G last for one terrestrial day.

- The operator programs a mission
- The mouse droid drives to the first location
- The mouse droid uses tools to remove a defective part
- The mouse droid installs a spare part
- Above steps are repeated for further mission objectives
- The mouse droid returns to its base location (see Glossary)

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Drive to location goal Use Case C0007

The mouse droid can explore its environment and calculate a route from its actual position to the target location.

- The mouse droid explores its environment
- The mouse droid enriches an internally memorized map
- The mouse droid calculates a route
- The mouse droid drives along the calculated route
- The mouse droid re-caclulates the route in case of new environment data
- The mouse droid reaches the target location

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Repair using tools goal Use Case C0008

The mouse droid has a couple of tools inside its chassis.

- The mouse droid uses a screw diver to untighten damaged parts
- The mouse droid uses a gripper to move the damaged part out of the way
- The mouse droid uses a gripper to put a spare part from its internal cargo bin to the target place
- The mouse droid uses a screw diver to tighten replaced parts
- The mouse droid uses a gripper to move the damaged part into its internal cargo bin.

(see Mechanics)

Use Cases and Requirements, Requirements View, Functionality per Mode

Return to base location goal Use Case C0177

The MoD5G returns to its base location.

Note: Base location is defined at Glossary.

Use Cases and Requirements, Operational Context, Scope and Context

Operator Actor C0216

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Drive to location goal Use Case C0007

The mouse droid can explore its environment and calculate a route from its actual position to the target location.

- The mouse droid explores its environment
- The mouse droid enriches an internally memorized map
- The mouse droid calculates a route
- The mouse droid drives along the calculated route
- The mouse droid re-caclulates the route in case of new environment data
- The mouse droid reaches the target location

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Repair using tools goal Use Case C0008

The mouse droid has a couple of tools inside its chassis.

- The mouse droid uses a screw diver to untighten damaged parts
- The mouse droid uses a gripper to move the damaged part out of the way
- The mouse droid uses a gripper to put a spare part from its internal cargo bin to the target place
- The mouse droid uses a screw diver to tighten replaced parts
- The mouse droid uses a gripper to move the damaged part into its internal cargo bin.

(see Mechanics)

Requirements View, Requirements, Functions covering Requirements

L1Req: Recognize paths env-perception Requirement C0149

The MoDG5 shall use redundant sensor data to calculate paths that it can drive along.

Requirements View, Requirements, Functions covering Requirements

L1Req: Position screw driver Requirement C0150

The MoDG5 shall bring the screw driver into a given 3D position.

Use Cases and Requirements, Requirements View, Functionality per Mode

Return to base location goal Use Case C0177

The MoD5G returns to its base location.

Note: Base location is defined at Glossary.

Quality Requirements

Usability quality_characteristic Requirement C0009

Usability defines a set of attributes that measures how easy to learn and use the program is.

Maintainability, Quality Tree, Quality Requirements

Maintainability quality_characteristic Requirement C0010

Maintainability defines a set of attributes that influence how to analyze and mitigate defects that occur during operation.

Quality Requirements

Reliability quality_characteristic Requirement C0011

Reliability defines a set of attributes that measures how mature and fault-tolerant the software is.

Quality Tree, Quality Requirements, Quality Requirements

Compatibility quality_characteristic Requirement C0122

Compatibility defines a set of attributes that measures how well data and messages can be exchanged with other programs and/or versions.

Maintainability, Quality Tree, Quality Requirements

Maintainability quality_characteristic Requirement C0010

Maintainability defines a set of attributes that influence how to analyze and mitigate defects that occur during operation.

Maintainability, Quality Tree, Quality Scenarios

Analyzability SW_sub-characteristic Requirement C0014

The MoD5G shall allow to analyze faults
that occurred during operation.

Maintainability, Quality Tree, Quality Scenarios

Repairability HW_sub-characteristic Requirement C0012

The MoD5 hardware parts shall be exchangeable
in case they are damaged.

Maintainability, Quality Tree, Quality Requirements

Maintainability quality_characteristic Requirement C0010

Maintainability defines a set of attributes that influence how to analyze and mitigate defects that occur during operation.

Maintainability, Quality Tree, Quality Scenarios

Repairability HW_sub-characteristic Requirement C0012

The MoD5 hardware parts shall be exchangeable
in case they are damaged.

Maintainability

30 years spare-parts supply HW-attribute Requirement C0013

The mechanical and electrical/electronics parts of the MoD5
shall be produceable in identical or similar form
and quality for 30 years after production of the unit.

Maintainability, Quality Tree, Quality Scenarios

Analyzability SW_sub-characteristic Requirement C0014

The MoD5G shall allow to analyze faults
that occurred during operation.

Maintainability

Self-Diagnosis SW-attribute Requirement C0015

At the maintenance booth,
the MoD5G shall provide an error log.
This error log contains detected errors from operation
and related environment conditions.
It also lists possible causes(faults).

Quality Scenarios

Spare Parts Supply quality_scenario Use Case C0017

pre-condition:
- the stock of MoD5G spare parts is empty

trigger:
- 20 years after production,
a MoD5G needs a spare part that is not available anymore

scenario:
- a service mechanic orders a batch of parts
- a factory creates the parts that fit in form, function and quality to the MoD5G
- spare parts are delivered

Quality Scenarios

Motor defect quality_scenario Use Case C0016

pre-condition:
- the MoD5G is performing a 1-day mission autonomously

trigger:
- a motor fails to operate
- the goals of the 1-day mission cannot be accomplished anymore

scenario:
- the MoD5G cancels the mission and returns to the service point
- a service mechanic reads out the error log
- the MoD5G proposes to replace the suspicious motor
- the service mechanic replaces the motor

Maintainability, Quality Tree, Quality Scenarios

Repairability HW_sub-characteristic Requirement C0012

The MoD5 hardware parts shall be exchangeable
in case they are damaged.

Maintainability, Quality Tree, Quality Scenarios

Analyzability SW_sub-characteristic Requirement C0014

The MoD5G shall allow to analyze faults
that occurred during operation.

Operation Modes

Op::Modes State C0188

The operation modes list all modes in which different, intended subsets of functionality are available.

Operation Modes

Charging State C0189

The charging mode allows to perform charging the batteries.

Operation Modes

Programming State C0190

The Programming mode allows an operator to program a mission.

Operation Modes, Functionality per movement-related mode, Functionality per Mode

Moving State C0191

The moving mode allows to move the MoD5G.

Operation Modes, Functionality per tool-related mode, Functionality per Mode

Using Tools State C0192

The using tools mode allows to repair or clean an object at the target location of the programmed mission.

Operation Modes, Functionality per movement-related mode, Functionality per tool-related mode, Functionality per Mode

Waiting State C0193

The waiting mode allows to perform nothing till an outside trigger changes the mode.

Operation Modes

Being Repaired State C0195

The being repaired mode allows an mechanic to read out log data and to replace hardware parts.

Use Cases and Requirements, Requirements View, Functionality per Mode

Return to base location goal Use Case C0177

The MoD5G returns to its base location.

Note: Base location is defined at Glossary.

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Repair using tools goal Use Case C0008

The mouse droid has a couple of tools inside its chassis.

- The mouse droid uses a screw diver to untighten damaged parts
- The mouse droid uses a gripper to move the damaged part out of the way
- The mouse droid uses a gripper to put a spare part from its internal cargo bin to the target place
- The mouse droid uses a screw diver to tighten replaced parts
- The mouse droid uses a gripper to move the damaged part into its internal cargo bin.

(see Mechanics)

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Drive to location goal Use Case C0007

The mouse droid can explore its environment and calculate a route from its actual position to the target location.

- The mouse droid explores its environment
- The mouse droid enriches an internally memorized map
- The mouse droid calculates a route
- The mouse droid drives along the calculated route
- The mouse droid re-caclulates the route in case of new environment data
- The mouse droid reaches the target location

Operation Modes, Functionality per tool-related mode, Functionality per Mode

Using Tools State C0192

The using tools mode allows to repair or clean an object at the target location of the programmed mission.

Operation Modes, Functionality per movement-related mode, Functionality per Mode

Moving State C0191

The moving mode allows to move the MoD5G.

Operation Modes, Functionality per movement-related mode, Functionality per tool-related mode, Functionality per Mode

Waiting State C0193

The waiting mode allows to perform nothing till an outside trigger changes the mode.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Main Board Logic, Requirements, Outer World, Solution Strategy, Physical View, Electric Parts and Electronics, Power Distribution

Main Logic Board Block C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Solution Strategy

Guiding Main Principles mouse-droid Comment C0116

The functions of the MoD5G are divided onto two logic boards.
The main logic
gets sensor data of the environment and
calculates movement actions to efficiently fulfill the mission (that was programmed before).
The base logic
gets local sensor information and
controls things within the system boundary of the MoD5G.

Outer World

Outer World locigal_form Comment C0094

The main logic
addresses the following tasks:
- evaluating sensor signals
from microphone and camera
- calculating movement actions
to be performed by base logic (tactics)

Main Board Logic, Requirements, Outer World, Solution Strategy, Physical View, Electric Parts and Electronics, Power Distribution

Main Logic Board Block C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Inner World

Inner World locigal_form Comment C0117

The base logic addresses the following tasks:
- charging
- programming
- steering the motors
- self-check
If a list of actions is available,
this logic board can steer the MoD5G
without further help of the main logic board.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Functional View

Motors to move the MoD5G (L1-Fct) device Block C0178

Functional View

Recognize environment (L1-Fkt) device Block C0179

Functional View

Recognize objects to repair (L1-Fct) device Block C0180

Functions covering Requirements, Functional View, Logical View, Functionality per movement-related mode

Plan movement strategy (L1-Fct) role Block C0181

Functional View, Logical View, Functionality per tool-related mode

Plan repair strategy (L1-Fct) role Block C0182

Functional View, Logical View, Functionality per movement-related mode

Perform movement tactic (L1-Fct) role Block C0183

Functions covering Requirements, Functional View, Logical View, Functionality per tool-related mode

Perform repair tactic (L1-Fct) role Block C0184

Functional View

Tools to repair device Block C0185

Functions covering Requirements, Functional View, Logical View, Functionality per movement-related mode

Plan movement strategy (L1-Fct) role Block C0181

Functions covering Requirements, Functional View, Logical View, Functionality per tool-related mode

Perform repair tactic (L1-Fct) role Block C0184

Requirements View, Requirements, Functions covering Requirements

L1Req: Position screw driver Requirement C0150

The MoDG5 shall bring the screw driver into a given 3D position.

Requirements View, Requirements, Functions covering Requirements

L1Req: Recognize paths env-perception Requirement C0149

The MoDG5 shall use redundant sensor data to calculate paths that it can drive along.

Functions covering Requirements, Functional View, Logical View, Functionality per movement-related mode

Plan movement strategy (L1-Fct) role Block C0181

Functional View, Logical View, Functionality per movement-related mode

Perform movement tactic (L1-Fct) role Block C0183

Operation Modes, Functionality per movement-related mode, Functionality per Mode

Moving State C0191

The moving mode allows to move the MoD5G.

Operation Modes, Functionality per movement-related mode, Functionality per tool-related mode, Functionality per Mode

Waiting State C0193

The waiting mode allows to perform nothing till an outside trigger changes the mode.

Functional View, Logical View, Functionality per tool-related mode

Plan repair strategy (L1-Fct) role Block C0182

Functions covering Requirements, Functional View, Logical View, Functionality per tool-related mode

Perform repair tactic (L1-Fct) role Block C0184

Operation Modes, Functionality per tool-related mode, Functionality per Mode

Using Tools State C0192

The using tools mode allows to repair or clean an object at the target location of the programmed mission.

Operation Modes, Functionality per movement-related mode, Functionality per tool-related mode, Functionality per Mode

Waiting State C0193

The waiting mode allows to perform nothing till an outside trigger changes the mode.

Functions covering Requirements, Functional View, Logical View, Functionality per movement-related mode

Plan movement strategy (L1-Fct) role Block C0181

Functional View, Logical View, Functionality per tool-related mode

Plan repair strategy (L1-Fct) role Block C0182

Functions covering Requirements, Functional View, Logical View, Functionality per tool-related mode

Perform repair tactic (L1-Fct) role Block C0184

Functional View, Logical View, Functionality per movement-related mode

Perform movement tactic (L1-Fct) role Block C0183

Logical View, Physical View

Strategy planning locigal_form Block C0186

This system element aggregates functions that have high demands on computation power but less demands on realtime-reactions.
These even may be turned off from time to time.

Logical View, Physical View

Tactic execution locigal_form Block C0187

This system element aggregates functions that have high demands on realtime observations and reactions; also high demands on availability.

Mechanics, Physical View

Mechanical Parts HW Block C0018

The mechanical parts encompass all parts of which the mouse droid consists.
From outside, the chassis and wheels are the most obvious parts.
Inside, a skeleton frame provides stability of the assembly.

Important charactereistics are weight, operating temperature range, durability, stability.

Mechanics, Physical View, Electric Parts and Electronics

Electrical Parts and Electronics EE Block C0019

The main components of the electric parts are:
- a set of cables and connectors
- a set of sensors and actuators
- the energy cell
- two printed circuit boards (PCB) containing the electronic parts

Solution Strategy, Physical View, Building Block View

Main Logic Software SW Package C0020

The software consists of control logic, initial data that was integrated at the factory and learned data that is aggregated during operation.

These software items are split over two logical boards and subdivided into independent execution partitions.

Main Board Logic, Requirements, Outer World, Solution Strategy, Physical View, Electric Parts and Electronics, Power Distribution

Main Logic Board Block C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Logical View, Physical View

Strategy planning locigal_form Block C0186

This system element aggregates functions that have high demands on computation power but less demands on realtime-reactions.
These even may be turned off from time to time.

Logical View, Physical View

Tactic execution locigal_form Block C0187

This system element aggregates functions that have high demands on realtime observations and reactions; also high demands on availability.

System Control, Solution Strategy, Physical View, Building Block View, Deployment View

System Control base_logic Package C0119

Mechanics

Chassis mouse-droid Block C0035

Mechanics

Cargo Bin Block C0036

A cargo bin allows to transport replacement parts to repair remote systems.

Mechanics, Requirements

Screw Driver Block C0037

A screw driver can rotate screws. It is one of several tools fixed on top of the Tool-Arm.

Failure Modes of Motors and Wheels, Mechanics, Risks

Wheels (4) Block C0038

The functionality of wheels is to transform a torque force into movement of the MoD5G.

Mechanics

Fan Block C0039

A fan prevents overheating in hot environment conditions.

Failure Modes of Motors and Wheels, Mechanics, Risks, Electric Parts and Electronics

Motors Block C0040

There are two motors to drive and steer and further motors to control the movement of a tool-arm.

Mechanics, Requirements, Electric Parts and Electronics

Camera env-perception Block C0041

A camera records the video signal of the environment.

Mechanics, Electric Parts and Electronics

Microphone env-perception Block C0042

A microphone records the audio signal of the environment.

Mechanics, Electric Parts and Electronics

Loud Speaker Block C0043

A loud speaker allows to produce single-frequency audio signals.

Mechanics, Electric Parts and Electronics

Programming and Diagnostic Connector Block C0044

A connector allows to attach a cable. Via this cable, self diagnosis and re-programming can be performed.

Mechanics, Power Distribution

Charging Connector Block C0045

A connector allows to attach a cable. Via this cable, the energy cell can be re-charged.

Failure Modes of Energy Cell, Mechanics, Risks, Power Distribution

Energy Cell Block C0046

An energy cell provides power sufficient for a 1-day mission.

Mechanics, Physical View

Mechanical Parts HW Block C0018

The mechanical parts encompass all parts of which the mouse droid consists.
From outside, the chassis and wheels are the most obvious parts.
Inside, a skeleton frame provides stability of the assembly.

Important charactereistics are weight, operating temperature range, durability, stability.

Mechanics, Physical View, Electric Parts and Electronics

Electrical Parts and Electronics EE Block C0019

The main components of the electric parts are:
- a set of cables and connectors
- a set of sensors and actuators
- the energy cell
- two printed circuit boards (PCB) containing the electronic parts

Mechanics

Gripper Block C0054

A tool that allows to grab objects and move them. It is one of several tools fixed on top of the Tool-Arm.

Mechanics

Tool-Window (2) Block C0055

A tool window is a flap in the chassis that protects screw driver, gripper and cargo bin when unused.
It can be opened and closed by a motor.

Mechanics

Skeleton Frame mouse-droid Block C0146

The skeleton frame provides stability to the assembly of parts.
Anchorage points latch the assembled parts at their positions.

Mechanics

Tool-Arm Component C0202

An arm consisting of two segments.
The angle between the segments provides 1 degree of movement freedom, both ends provide 2 degrees of movement freedom each.

Mechanics, Physical View, Electric Parts and Electronics

Electrical Parts and Electronics EE Block C0019

The main components of the electric parts are:
- a set of cables and connectors
- a set of sensors and actuators
- the energy cell
- two printed circuit boards (PCB) containing the electronic parts

Mechanics, Electric Parts and Electronics

Loud Speaker Block C0043

A loud speaker allows to produce single-frequency audio signals.

Mechanics, Requirements, Electric Parts and Electronics

Camera env-perception Block C0041

A camera records the video signal of the environment.

Mechanics, Electric Parts and Electronics

Microphone env-perception Block C0042

A microphone records the audio signal of the environment.

Failure Modes of Motors and Wheels, Mechanics, Risks, Electric Parts and Electronics

Motors Block C0040

There are two motors to drive and steer and further motors to control the movement of a tool-arm.

Mechanics, Electric Parts and Electronics

Programming and Diagnostic Connector Block C0044

A connector allows to attach a cable. Via this cable, self diagnosis and re-programming can be performed.

Main Board Logic, Requirements, Outer World, Solution Strategy, Physical View, Electric Parts and Electronics, Power Distribution

Main Logic Board Block C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Base Logic Board, Requirements and Goals, Software [subsystem]

Base Micro Controller Block C0051

The base micro controller consists of
- logic unit
- data storage
- persistent data+logic storage
- self supervision (by ECC and lockstep-cores)
- HW watchdog
- clock
- temperature sensor
- io ports

This block is optimized for providing a reliable execution of algorithms, see Quality Requirements.

Base Logic Board

Clock Block C0053

Base Logic Board, Power Distribution

PMIC Block C0049

Power Management Integrated Circuit

Base Logic Board

Temperature Sensor Block C0071

Main Board Logic, Requirements, Outer World, Solution Strategy, Physical View, Electric Parts and Electronics, Power Distribution

Main Logic Board Block C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Main Board Logic, Requirements and Goals, Software [subsystem]

Main Performance Controller Block C0056

This block provides an execution environment for algorithms that is optimized for high performance.

Main Board Logic

RAM Block C0057

Main Board Logic

ROM Block C0058

Main Board Logic

Motivator Block C0059

A motivator is a basic component needed to keep going on.

Base Logic Board, Power Distribution

PMIC Block C0049

Power Management Integrated Circuit

Mechanics, Power Distribution

Charging Connector Block C0045

A connector allows to attach a cable. Via this cable, the energy cell can be re-charged.

Failure Modes of Energy Cell, Mechanics, Risks, Power Distribution

Energy Cell Block C0046

An energy cell provides power sufficient for a 1-day mission.

Main Board Logic, Requirements, Outer World, Solution Strategy, Physical View, Electric Parts and Electronics, Power Distribution

Main Logic Board Block C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Main Board Logic, Requirements and Goals, Software [subsystem]

Main Performance Controller Block C0056

This block provides an execution environment for algorithms that is optimized for high performance.

Base Logic Board, Requirements and Goals, Software [subsystem]

Base Micro Controller Block C0051

The base micro controller consists of
- logic unit
- data storage
- persistent data+logic storage
- self supervision (by ECC and lockstep-cores)
- HW watchdog
- clock
- temperature sensor
- io ports

This block is optimized for providing a reliable execution of algorithms, see Quality Requirements.

Deployment View, Software [subsystem]

Real Time Video Processing Chip Node C0060

Software [subsystem]

Watchdog Execution Environment Node C0061

Deployment View, Software [subsystem]

General Purpose Partition 1 Node C0062

Deployment View, Software [subsystem]

General Purpose Partition 2 Node C0063

Deployment View, Software [subsystem]

Base Logic SW Partition Node C0064

Scope and Context, Use Cases and Requirements, Factory Context, Requirements and Goals, Operational Context, Scope and Context, Deployment View

Mouse Droid MoD5G mouse-droid Subsystem C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Drive to location goal Use Case C0007

The mouse droid can explore its environment and calculate a route from its actual position to the target location.

- The mouse droid explores its environment
- The mouse droid enriches an internally memorized map
- The mouse droid calculates a route
- The mouse droid drives along the calculated route
- The mouse droid re-caclulates the route in case of new environment data
- The mouse droid reaches the target location

Use Cases and Requirements, Requirements and Goals, Requirements View, Functionality per Mode

Repair using tools goal Use Case C0008

The mouse droid has a couple of tools inside its chassis.

- The mouse droid uses a screw diver to untighten damaged parts
- The mouse droid uses a gripper to move the damaged part out of the way
- The mouse droid uses a gripper to put a spare part from its internal cargo bin to the target place
- The mouse droid uses a screw diver to tighten replaced parts
- The mouse droid uses a gripper to move the damaged part into its internal cargo bin.

(see Mechanics)

Requirements and Goals, Requirements

Explore environment env-perception Use Case C0067

When the mouse droid is missing relevant data on the environment, it plans a list of actions that suits the purpose of gaining the missing knowledge.

Requirements and Goals

Perform movement Use Case C0068

Requirements and Goals, Requirements

Operate tools Use Case C0069

Requirements and Goals

Plan tasks Use Case C0070

The mouse droid creates a list of actions to fulfill the given mission.
If data on the environment is missing, it plans an explortion task and re-plans the action list later.

Main Board Logic, Requirements and Goals, Software [subsystem]

Main Performance Controller Block C0056

This block provides an execution environment for algorithms that is optimized for high performance.

Base Logic Board, Requirements and Goals, Software [subsystem]

Base Micro Controller Block C0051

The base micro controller consists of
- logic unit
- data storage
- persistent data+logic storage
- self supervision (by ECC and lockstep-cores)
- HW watchdog
- clock
- temperature sensor
- io ports

This block is optimized for providing a reliable execution of algorithms, see Quality Requirements.

Requirements View, Requirements, Functions covering Requirements

L1Req: Recognize paths env-perception Requirement C0149

The MoDG5 shall use redundant sensor data to calculate paths that it can drive along.

Requirements View, Requirements, Functions covering Requirements

L1Req: Position screw driver Requirement C0150

The MoDG5 shall bring the screw driver into a given 3D position.

Requirements and Goals, Requirements

Explore environment env-perception Use Case C0067

When the mouse droid is missing relevant data on the environment, it plans a list of actions that suits the purpose of gaining the missing knowledge.

Requirements and Goals, Requirements

Operate tools Use Case C0069

Requirements, Environment Capture

L3Req: Calc 3D scene from 2 cameras env-perception Requirement C0151

The Main Logic Board shall create a 3D model of the environment based on 2 camera images.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Main Board Logic, Requirements, Outer World, Solution Strategy, Physical View, Electric Parts and Electronics, Power Distribution

Main Logic Board Block C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Requirements, System Control

L3Req: Operate motors of tool-arm Requirement C0152

The Base Logic Board shall steer the motors of the tool-arm to a given 3D position.

Mechanics, Requirements

Screw Driver Block C0037

A screw driver can rotate screws. It is one of several tools fixed on top of the Tool-Arm.

Mechanics, Requirements, Electric Parts and Electronics

Camera env-perception Block C0041

A camera records the video signal of the environment.

Constraints, Architecture Decisions

Self-Preservation Requirement C0081

In case a wookiee growls at the MoD5G,
it shall flee for self-preservation

Quality Tree, Constraints, Quality Scenarios, Quality Requirements

Interoperability SW-subcharacterisitc Requirement C0123

The programming and charging interfaces
of the MoD5G shall be compatible to
- old republic terminals
- imperial terminals

Scope and Context

Imperial Operator Actor C0082

Scope and Context

Operator of the old republic Actor C0083

Scope and Context, Use Cases and Requirements, Factory Context, Requirements and Goals, Operational Context, Scope and Context, Deployment View

Mouse Droid MoD5G mouse-droid Subsystem C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Use Cases and Requirements, Operational Context, Scope and Context

Operator Actor C0216

Environment Capture, Solution Strategy, Building Block View, Deployment View

Environment Capture main_logic Package C0118

Environment Model Composer Sequence, Solution Strategy, Building Block View, Deployment View, Risks and Technical Debts

Tactics Calculator main_logic Component C0108

Calculate tactics based on given strategy and current situation model

System Control, Solution Strategy, Physical View, Building Block View, Deployment View

System Control base_logic Package C0119

Solution Strategy

Base Software Structure Comment C0121

The software is basically structured into three parts:
- environment model generation
- calculating actions
- controlling execution of actions

Solution Strategy, Physical View, Building Block View

Main Logic Software SW Package C0020

The software consists of control logic, initial data that was integrated at the factory and learned data that is aggregated during operation.

These software items are split over two logical boards and subdivided into independent execution partitions.

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Video Capture env-perception Component C0106

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Audio Capture env-perception Component C0107

Environment Model Composer Sequence, Solution Strategy, Building Block View, Deployment View, Risks and Technical Debts

Tactics Calculator main_logic Component C0108

Calculate tactics based on given strategy and current situation model

Environment Model Composer Sequence, System Control, Building Block View, Deployment View

Motor Controller Component C0109

Move motors according to calculated tactics

Environment Capture, Solution Strategy, Building Block View, Deployment View

Environment Capture main_logic Package C0118

System Control, Solution Strategy, Physical View, Building Block View, Deployment View

System Control base_logic Package C0119

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Environment Model Composer env-perception Component C0120

System Control, Building Block View, Crosscutting Concepts

SW Watchdog Component C0129

The SW Watchdog shall check

- validity of data as well as
- validity of sequence of checkpoints

received from software components
on the Main Logic Board.

See also Crosscutting Concepts.

Solution Strategy, Physical View, Building Block View

Main Logic Software SW Package C0020

The software consists of control logic, initial data that was integrated at the factory and learned data that is aggregated during operation.

These software items are split over two logical boards and subdivided into independent execution partitions.

Requirements, Environment Capture

L3Req: Calc 3D scene from 2 cameras env-perception Requirement C0151

The Main Logic Board shall create a 3D model of the environment based on 2 camera images.

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Audio Capture env-perception Component C0107

Environment Capture, Solution Strategy, Building Block View, Deployment View

Environment Capture main_logic Package C0118

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Video Capture env-perception Component C0106

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Environment Model Composer env-perception Component C0120

Environment Capture, Glossary

Environment Model data Class C0111

The enironment model refers to the (limited) knowledge of the software on the real environment.

Requirements, System Control

L3Req: Operate motors of tool-arm Requirement C0152

The Base Logic Board shall steer the motors of the tool-arm to a given 3D position.

System Control, Solution Strategy, Physical View, Building Block View, Deployment View

System Control base_logic Package C0119

Environment Model Composer Sequence, System Control, Building Block View, Deployment View

Motor Controller Component C0109

Move motors according to calculated tactics

System Control, Building Block View, Crosscutting Concepts

SW Watchdog Component C0129

The SW Watchdog shall check

- validity of data as well as
- validity of sequence of checkpoints

received from software components
on the Main Logic Board.

See also Crosscutting Concepts.

Power States, Power State Timings, Runtime View

power::booting Activity C0024

While the MoD5G is in booting state, the MoD5G can not yet react on input data; input signals from sensors are queued for later processing.

Power States, Power State Timings, Runtime View

power::full_operation Activity C0025

While the MoD5G is in full_operation state, all software parts are running and able to react on input data.

Power States, Power State Timings, Runtime View

power::energy_saving Activity C0026

While the MoD5G is in energy saving state, the MoD5G does not react on input data. Only few wakeup mechanisms can caus a transition to full operation.

Runtime View

sw::boot_base_board Activity C0072

The software on the base board is initializing, not yet fully functional.

Runtime View

sw::boot_main_board Activity C0073

The software on the main board is initializing, not yet fully functional.

Runtime View

sw::start Initial Node C0074

Runtime View

sw::par Fork C0075

Runtime View

sw::run_main Activity C0076

The software on the main board is initialized and running.

Runtime View

sw::run_base Activity C0077

The software on the base board is initialized and running.

Runtime View

sw::run_base_only Activity C0078

The software on the base board is initialized and running.

Runtime View

sw::sync Join C0079

Runtime View

sw::booted Final Node C0080

Runtime View

sw::op_start Initial Node C0084

Runtime View

sw::op_end Final Node C0085

Runtime View

sw::op_par Fork C0086

Runtime View

sw::op_sync Join C0087

Environment Model Composer Sequence, System Control, Building Block View, Deployment View

Motor Controller Component C0109

Move motors according to calculated tactics

Environment Model Composer Sequence, Solution Strategy, Building Block View, Deployment View, Risks and Technical Debts

Tactics Calculator main_logic Component C0108

Calculate tactics based on given strategy and current situation model

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Environment Model Composer env-perception Component C0120

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Audio Capture env-perception Component C0107

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Video Capture env-perception Component C0106

Environment Model Composer Sequence

Persist List Comment C0142

the action list
shall be persisted,
so that
after a sudden reboot,
the next actions are
immediately available.

Environment Model Composer Sequence, System Control, Building Block View, Deployment View

Motor Controller Component C0109

Move motors according to calculated tactics

Deployment View, Software [subsystem]

Base Logic SW Partition Node C0064

Deployment View, Software [subsystem]

General Purpose Partition 2 Node C0063

Environment Model Composer Sequence, Solution Strategy, Building Block View, Deployment View, Risks and Technical Debts

Tactics Calculator main_logic Component C0108

Calculate tactics based on given strategy and current situation model

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Audio Capture env-perception Component C0107

Deployment View, Software [subsystem]

General Purpose Partition 1 Node C0062

Deployment View, Software [subsystem]

Real Time Video Processing Chip Node C0060

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Video Capture env-perception Component C0106

Environment Capture, Environment Model Composer Sequence, Building Block View, Deployment View

Environment Model Composer env-perception Component C0120

Environment Capture, Solution Strategy, Building Block View, Deployment View

Environment Capture main_logic Package C0118

System Control, Solution Strategy, Physical View, Building Block View, Deployment View

System Control base_logic Package C0119

Crosscutting Concepts, Risks and Technical Debts

Fault Detection (main logic) Comment C0127

Logic and data is supervised
by the SW Watchdog
located on the Base Micro Controller.

Every software component
on the Main Logic Board
shall check processed data
and report its health to the SW Watchdog
as well as passed checkpoints in the logic.

see Architecture Decisions

Crosscutting Concepts

Fault Detection (base logic) Comment C0128

The hardware of the Base Micro Controller
enables logic and data supervision.
Therefore no extra software solution
is implemented to monitor the base logic.

System Control, Building Block View, Crosscutting Concepts

SW Watchdog Component C0129

The SW Watchdog shall check

- validity of data as well as
- validity of sequence of checkpoints

received from software components
on the Main Logic Board.

See also Crosscutting Concepts.

Architecture Decisions

Wookiee Detection decision Comment C0131

Challenge: Detect presense of a Wookiee

Alt-1: Detect a growling wookie only by
analyzing the audio spectrum
recorded from the microphone.
- pro: simple to implement
- con: may produce false alarms

Alt-2: Combine the Video and the Audio
sensor data to better distinguish
a growling wookie from a shouting officer.
- pro: better recognize wookiees
- con: dependency on video processing

Decision: Alt-1

Rationale: Reacting on a false alarm
is not mission-critical.

Constraints, Architecture Decisions

Self-Preservation Requirement C0081

In case a wookiee growls at the MoD5G,
it shall flee for self-preservation

Quality Tree, Quality Requirements, Quality Requirements

Compatibility quality_characteristic Requirement C0122

Compatibility defines a set of attributes that measures how well data and messages can be exchanged with other programs and/or versions.

Quality Tree, Constraints, Quality Scenarios, Quality Requirements

Interoperability SW-subcharacterisitc Requirement C0123

The programming and charging interfaces
of the MoD5G shall be compatible to
- old republic terminals
- imperial terminals

Quality Tree

Old Republic Programming IF SW-attribute Requirement C0124

The old republic protocol
for programming a droid
shall be supported.

Quality Tree

Imperial Programming IF SW-attribute Requirement C0125

The imperial protocol
for programming a droid
shall be supported.

Quality Tree

Universial Charging IF SW-attribute Requirement C0126

The intergalactic standard protocol for power charging
shall be supported.

Quality Tree, Constraints, Quality Scenarios, Quality Requirements

Interoperability SW-subcharacterisitc Requirement C0123

The programming and charging interfaces
of the MoD5G shall be compatible to
- old republic terminals
- imperial terminals

Quality Tree, Quality Requirements, Quality Requirements

Compatibility quality_characteristic Requirement C0122

Compatibility defines a set of attributes that measures how well data and messages can be exchanged with other programs and/or versions.

Quality Scenarios

Mixed standards of terminals Use Case C0145

precondition:
- The MoD5G operates in an environment
providing mixed terminal standards

trigger:
- The MoD5G drives to a charging or programming terminal
which complied to either old republic or imperial standard.

scenario:
- The MoD5G determines the applicable standard
- The MoD5G uses the terminal for programming or charging

Quality Tree, Constraints, Quality Scenarios, Quality Requirements

Interoperability SW-subcharacterisitc Requirement C0123

The programming and charging interfaces
of the MoD5G shall be compatible to
- old republic terminals
- imperial terminals

Risks and Technical Debts

Fault Detection Strategy may fail Comment C0130

The fault detection strategy for
logic and data on the Main Logic Board
allows for unnoticed faults:

Not every error in logic can be detected
by checkpoints only.

Crosscutting Concepts, Risks and Technical Debts

Fault Detection (main logic) Comment C0127

Logic and data is supervised
by the SW Watchdog
located on the Base Micro Controller.

Every software component
on the Main Logic Board
shall check processed data
and report its health to the SW Watchdog
as well as passed checkpoints in the logic.

see Architecture Decisions

Risks and Technical Debts

Wrong tactic is calculated Risk Requirement C0134

- cause/fault: Due to cosmic rays,
the main logic board performs a miscalculation
that goes unnoticed by control flow supervision
- risk/failure: the MoD5G calculates a tactic that
results in falling off a cliff

Environment Model Composer Sequence, Solution Strategy, Building Block View, Deployment View, Risks and Technical Debts

Tactics Calculator main_logic Component C0108

Calculate tactics based on given strategy and current situation model

Glossary

Situation Model data Class C0110

The situation model refers to the (limited/erroneous) knowledge of the software on environment and status.

Environment Capture, Glossary

Environment Model data Class C0111

The enironment model refers to the (limited) knowledge of the software on the real environment.

Glossary

MoD5G-Status Model data Class C0112

The status model refers to the (limited) knowledge of the software on the real status.

Glossary

Real Situation Class C0113

The real situation refers to the reality of system status and environment.

Glossary

Real Environment Class C0114

The real environment refers to the physical environment of the system.

Glossary

MoD5G Real Status Class C0115

The real status refers to the real system status of the MoD5G. This may differ from what the sensors report.

Runtime View

Power States Interaction Use C0021

refers to Power States

Runtime View

Health States Interaction Use C0022

refers to Health States

Runtime View

start operation Initial Node C0153

After production or repair, this initial state indicates the system start.

Runtime View

orthogonal Fork C0154

operation mode, power states and heath states are three distinct statemachines that handle their state-transitions independantly.

Runtime View

Operation Modes Interaction Use C0194

refers to Operation Modes

Power States, Power State Timings

power::startup Initial Node C0023

The startup pseudo-state indicates where the transitions start when powered on.

Power States, Power State Timings, Runtime View

power::booting Activity C0024

While the MoD5G is in booting state, the MoD5G can not yet react on input data; input signals from sensors are queued for later processing.

Power States, Power State Timings, Runtime View

power::full_operation Activity C0025

While the MoD5G is in full_operation state, all software parts are running and able to react on input data.

Power States, Power State Timings, Runtime View

power::energy_saving Activity C0026

While the MoD5G is in energy saving state, the MoD5G does not react on input data. Only few wakeup mechanisms can caus a transition to full operation.

Power States, Power State Timings

power::off Final Node C0027

The off pseudo-state indicates where the transition logic ends when powered off.

Power States

power::all Activity C0138

The statemachine of power states shows the triggers and transitions between states that enable or disable hardware parts.

Power States, Power State Timings

power::off Final Node C0027

The off pseudo-state indicates where the transition logic ends when powered off.

Power States, Power State Timings, Runtime View

power::full_operation Activity C0025

While the MoD5G is in full_operation state, all software parts are running and able to react on input data.

Power States, Power State Timings

power::startup Initial Node C0023

The startup pseudo-state indicates where the transitions start when powered on.

Power States, Power State Timings, Runtime View

power::booting Activity C0024

While the MoD5G is in booting state, the MoD5G can not yet react on input data; input signals from sensors are queued for later processing.

Power States, Power State Timings, Runtime View

power::energy_saving Activity C0026

While the MoD5G is in energy saving state, the MoD5G does not react on input data. Only few wakeup mechanisms can caus a transition to full operation.

Power State Timings

max 2300 msec Comment C0139

Power State Timings

max 500 msec Comment C0140

Health States

health::factory Initial Node C0028

Health States

health::disposal Final Node C0029

Health States

health::healthy State C0030

Health States

health::slightly_damaged State C0031

Failure Modes of Motors and Wheels, Failure Modes of Energy Cell, Failure Modes of Base Logic Board, Health States, Risks

health::limp_home State C0032

In case the full operation is not possible anymore, the MoD5G shall drive back to the home charging station.

Health States

health::damaged State C0033

Health States

health::operation State C0034

Health States

health::all State C0137

The statemachine of all health states

Deployment View

Space Station Node C0095

A station allows persons and goods to arrive, stay, leave or transit.
This station is engineered for that purpose; it is not attached to a natural asteroid or planet.

Scope and Context, Use Cases and Requirements, Factory Context, Requirements and Goals, Operational Context, Scope and Context, Deployment View

Mouse Droid MoD5G mouse-droid Subsystem C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Operational Context, Deployment View

Programming Terminal Node C0096

This terminal programs the next mission for the MoD5G.

Operational Context, Deployment View

Charging Terminal Node C0097

This terminal charges the energy cell of the MoD5G.

Operational Context, Deployment View

Maintenance Booth Node C0098

A thie booth, a mechanic analyzes the health of the MoD5G and replaces parts if damaged.

Crosscutting Concepts

Motor Type Comment C0099

All motors are electrical step motors.

Step motors can be controlled
to move a defined number of steps
forward or backwards.

Note that there are conditions
when the actual number of steps
is not equal to the previously requested
number of steps, e.g. when accellerating
or slowing down too fast.

Constraints, Architecture Decisions

Cosmic Rays environment Requirement C0002

The droid shall ensure data and program integrity.

It shall continue operation after cosmic rays have interfered with data storage or program execution.

Corrupted data must not be stored permanently.

Architecture Decisions

2 of 3 Voter rejected_alternative Requirement C0100

In order to support integrity of the system, the logic boards and the data storages are deployed three times as three identical parts.

All three parts shall produce the same outcomes given the same input.

If one deviates, it's result is ignored and the part is rebooted.

Architecture Decisions

Cosmic Rays Information Comment C0101

When a cosmic ray interferes with the system,
the logic or the processed data gets corrupted.

Architecture Decisions

Watchdog Supervision chosen_alternative Requirement C0102

In order to support integrity of the logic and data,
a multi-stage hierarchy supervision shall be implemented.

Software watchdogs shall supervise the running software parts
in a way that logic errors and corrupted data can be detected.

A hardware watchdog shall supervise the software watchdogs.

In case of a failure in the supervised logic/data, the system shall reboot.
In case of a failure in the monitors, the system may reboot
or it shall fall back to a valid supervision mode.

Architecture Decisions

Decision: Watchdog decision Comment C0103

Arguments:

- The 2 of 3 voter is easier to implement but causes higher hardware costs.
- The watchdog supervision requires higher engineering efforts but is cheaper in production.

The watchdog supervision shall be implemented.

Failure Modes of Motors and Wheels, Failure Modes of Energy Cell, Failure Modes of Base Logic Board, Health States, Risks

health::limp_home State C0032

In case the full operation is not possible anymore, the MoD5G shall drive back to the home charging station.

Risks

Limp Home Functionality Comment C0206

In case of a single fault,
the MoD5G shall return
to the maintenance booth.

Failure Modes of Energy Cell, Mechanics, Risks, Power Distribution

Energy Cell Block C0046

An energy cell provides power sufficient for a 1-day mission.

Failure Modes of Motors and Wheels, Mechanics, Risks, Electric Parts and Electronics

Motors Block C0040

There are two motors to drive and steer and further motors to control the movement of a tool-arm.

Failure Modes of Motors and Wheels, Mechanics, Risks

Wheels (4) Block C0038

The functionality of wheels is to transform a torque force into movement of the MoD5G.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Failure Modes of Motors and Wheels, Failure Modes of Energy Cell, Failure Modes of Base Logic Board, Health States, Risks

health::limp_home State C0032

In case the full operation is not possible anymore, the MoD5G shall drive back to the home charging station.

Failure Modes of Motors and Wheels

Risk: MoD5G does not drive back (motors) Risk Requirement C0148

- cause/fault: the ,ovement/steering motors are damaged
- risk/failure: the MoD5G cannot drive anymore

Failure Modes of Motors and Wheels, Mechanics, Risks, Electric Parts and Electronics

Motors Block C0040

There are two motors to drive and steer and further motors to control the movement of a tool-arm.

Failure Modes of Motors and Wheels, Mechanics, Risks

Wheels (4) Block C0038

The functionality of wheels is to transform a torque force into movement of the MoD5G.

Failure Modes of Motors and Wheels, Failure Modes of Energy Cell, Failure Modes of Base Logic Board, Health States, Risks

health::limp_home State C0032

In case the full operation is not possible anymore, the MoD5G shall drive back to the home charging station.

Failure Modes of Energy Cell, Mechanics, Risks, Power Distribution

Energy Cell Block C0046

An energy cell provides power sufficient for a 1-day mission.

Failure Modes of Energy Cell

Risk: MoD5G does not drive back (energy) Risk Requirement C0147

- cause/fault: the energy cell is damaged
- risk/failure: the MoD5G cannot drive anymore

Failure Modes of Motors and Wheels, Failure Modes of Energy Cell, Failure Modes of Base Logic Board, Health States, Risks

health::limp_home State C0032

In case the full operation is not possible anymore, the MoD5G shall drive back to the home charging station.

Base Logic Board, Requirements, Failure Modes of Base Logic Board, Inner World, Solution Strategy, Physical View, Risks, Electric Parts and Electronics, Power Distribution

Base Logic Board Block C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

It provides functionality to detect health status of MoD5G components, it steers motors.

Failure Modes of Base Logic Board

Risk: MoD5G does not drive back (logic board) Risk Requirement C0133

- cause/fault: the base logic board is damaged
- risk/failure: the MoD5G cannot drive anymore

Glossary

Maintenance booth Comment C0104

A room in a star ship or on a planet
where the following tasks are performed:
- check operability of droids
- oil refill service
- repair of droids
- disintegration of old droids

Glossary

Base location Comment C0143

The location where the MoD5G droid returns to when its mission is finished.
This location typically provides a charging and programming terminal.
This location can be re-programmed.

Stereotypes on "What to build"

UML:Node Metaclass Stereotype C0165

Stereotypes on "What to build"

mouse-droid Stereotype C0163

<path
d="
c 3, -0.8 4.5, 0.5 4.5, 2.5
l -8, 0
c 1, -2, 2, -3, 3, -3
c 0.5, 0 0.5, 1 0, 1
m -1.1, 0.3
l -0.2, 0.2
"
fill="#bb9977"
/>

Stereotypes on "What to build"

mouse-img mouse-droid Image C0164

Stereotypes on "What to build"

UML:UseCase Metaclass Class C0170

Stereotypes on "What to build"

goal Stereotype C0171

<path fill="#aaeeff" d="
M 5,9
L 5,1 1,2.5 5,4
"/>

Stereotypes on "What to build"

flag goal Image C0172

Stereotypes on "What to build"

UML:Actor Metaclass Class C0174

Stereotypes on "What to build"

environment Stereotype C0175

<path fill="#eeff88" d="
M 1,0
C 1,0.55 0.55,1 0,1
C -0.55,1 -1,0.55, -1,0
C -1,-0.55 -0.55,-1 0,-1
C 0.55,-1, 1,-0.55, 1,0
"/>
<path d="
M 2,0 L 4,0
M 1.73,1 L 3.46,2
M 1,1.72 L 2,3.46
M 0,2 L 0,4
M -1,1.72 L -2,3.46
M -1.73,1 L -3.46,2
M -2,0 L -4,0
M -1.73,-1 L -3.46,-2
M -1,-1.72 L -2,-3.46
M 0,-2 L 0,-4
M 1,-1.72 L 2,-3.46
M 1.73,-1 L 3.46,-2
"/>

Stereotypes on "What to build"

env-img environment Image C0176

Stereotypes on "How to achieve the goal"

UML:Component Metaclass Class C0155

Stereotypes on "How to achieve the goal"

env-perception Stereotype C0156

<path
fill="#ffcc66"
d="
M 0.8,0
a 0.8,0.8 0 1 0 -1.6,0
a 0.8,0.8 0 1 0 1.6,0
"
/>
<path
d="
M 1,0
A 1,0.5 22 1 1 0.707,0.707
A 1,0.5 67 1 1 0,1
A 1,0.5 112 1 1 -0.707,0.707
A 1,0.5 157 1 1 -1,0
A 1,0.5 202 1 1 -0.707,-0.707
A 1,0.5 247 1 1 0,-1
A 1,0.5 -68 1 1 0.707,-0.707
A 1,0.5 -23 1 1 1,0
"
/>

Stereotypes on "How to achieve the goal"

env-image env-perception Image C0157

Stereotypes on "How to achieve the goal"

UML:Class Metaclass Class C0158

Stereotypes on "How to achieve the goal"

decision Stereotype C0159

<path d="m 8,12 l -4,7 1,1 6,0 1,-1 -4,-7 l 8,-4 9,0 l -4,7 1,1 6,0 1,-1 -4,-7 " /><path d="m 15,5 l 1,3 m 0,2 l 0,17 " />

Stereotypes on "How to achieve the goal"

decision-img decision Image C0160

Stereotypes on "How to achieve the goal"

data Stereotype C0161

<path d="m 4,5 l 0,22 c 0,2.25 5.25,4 12,4 s 12,-1.75 12,-4 l 0,-22 " /><path d="m 4,5 c 0,-2.25 5.25,-4 12,-4 s 12,1.75
12,4 s -5.25,4 -12,4 s -12,-1.75 -12,-4 " />

Stereotypes on "How to achieve the goal"

data-img data Image C0162

Stereotypes on "How to achieve the goal"

rejected_alternative Stereotype C0166

<path d="m 1,24 4,4 22,0 4,-4 " /><path stroke="#cc0000" d="m 8,17 c 0,-4.4 3.6,-8 8,-8 s 8,3.6 8,8 s -3.6,8 -8,8 s
-8,-3.6 -8,-8 " /><path stroke="#cc0000" d="m 11,17 l 10,0 " />

Stereotypes on "How to achieve the goal"

rejected rejected_alternative Image C0167

Stereotypes on "How to achieve the goal"

chosen_alternative Stereotype C0168

<path d="m 1,24 4,4 22,0 4,-4 " /><path stroke="#00aa00" d="m 8,17 c 0,-4.4 3.6,-8 8,-8 s 8,3.6 8,8 s -3.6,8 -8,8 s
-8,-3.6 -8,-8 " /><path stroke="#00aa00" d="m 11,17 l 10,0 m -5,-5 l 0,10 " />

Stereotypes on "How to achieve the goal"

chosen chosen_alternative Image C0169

Stereotypes on "How to achieve the goal"

SW Stereotype C0196

<path fill="#eeffdd" d="
M 0,-1
M 1.5,5
L 2,3
C 4,2 6,2, 8,3
L 8.5,5 7.5,5 8,4
C 6,5 4,5 2,4
L 2.5,5 1.5,5
" />

Stereotypes on "How to achieve the goal"

SW-img SW Image C0197

Stereotypes on "How to achieve the goal"

HW Stereotype C0198

<path fill="#eeddff" d="
M 1,3
L 5,1 7,1 7.5,2 2,5 z
" />
<path d="
M 4,4
L 7,10 8,9.5 5,3.5
" />

Stereotypes on "How to achieve the goal"

HW-img HW Image C0199

Stereotypes on "How to achieve the goal"

EE Stereotype C0200

<path fill="#ffffdd" d="
M 1,5
L 3,5 3,3.5, 5,5 3,6.5 3,5
M 5,3.5
L 5,6.5
M 5,5
L 7,5" />
<path d="
M 4,3
L 5,1 4.5,1.5
M 5,3
L 6,1 5.5,1.5
" />

Stereotypes on "How to achieve the goal"

EE-img EE Image C0201

Stereotypes on "How to achieve the goal"

locigal_form Stereotype C0207

<path d="
M 0,5.5
c 0,0.5 1,0.5 3,0.5
L 4,8
5.5,8
5,6
c 2,0 2,-0.5 3.5,-1
L 9,4
8,4
7.5,5
5.25,5
5.5,4
4,4
3,5
c -1,0 -3,0 -3,0.5
">
</path>

Stereotypes on "How to achieve the goal"

Logical-img locigal_form Image C0208

Stereotypes on "How to achieve the goal"

SysML:block Metaclass Stereotype C0209