Mouse Droid

Base Logic Board C0048

The base logic board consists of several electronic parts shown in Base Logic Board.

--> Base Micro Controller R0053

--> Clock R0055

--> PMIC R0049

--> Temperature Sensor R0095

Base Micro Controller C0051

The base micro controller consists of
- logic unit
- data storage
- persistent data+logic storage
- self supervision (by ECC and lockstep-cores)
- HW watchdog
- clock
- temperature sensor
- io ports
This block is optimized for providing a reliable execution of algorithms, see Quality Requirements.

Temperature: sensor: F0010

clock comm: I2C: F0007

Speaker: I2S: F0004

Main Board Connector: F0009

reset cmd: F0006

Motor Control: I2C: F0003

Diag: JTAG: F0005

--> PMIC R0062

--> Clock R0066

Clock C0053

wakeup --> PMIC R0067

PMIC C0049

Power Management Integrated Circuit

Temperature Sensor C0071

--> Base Micro Controller R0096

Main Logic Board C0047

The main logic board consists of several electronic parts shown in Main Board Logic.

Base Board Connector: F0008

Camera: LVDS: F0001

Mic-Connector: I2S: F0002

--> RAM R0070

--> ROM R0071

--> High Performance SoC R0069

--> Motivator R0077

--> High Performance SoC R0074

--> High Performance SoC R0076

High Performance SoC C0056

This block provides an execution environment for algorithms that is optimized for high performance.

--> RAM R0072

--> ROM R0073

--> Main Logic Board R0075

RAM C0057

ROM C0058

Motivator C0059

A motivator is a basic component needed to keep going on.

triggers --> High Performance SoC R0078

Mouse Droid MoD5G C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

--> Drive to Location R0003

--> Use Tools R0004

Drive to Location C0007

The mouse droid can explore its environment and calculate a route from its actual position to the target location.

- The mouse droid explores its environment
- The mouse droid enriches an internally memorized map
- The mouse droid calculates a route
- The mouse droid drives along the calculated route
- The mouse droid re-caclulates the route in case of new environment data
- The mouse droid reaches the target location

--> Plan tasks R0091

--> Explore Environment R0234

--> Perform Movement R0235

Use Tools C0008

The mouse droid has a couple of tools inside its chassis.

- The mouse droid uses a screw diver to untighten damaged parts
- The mouse droid uses a gripper to move the damaged part out of the way
- The mouse droid uses a gripper to put a spare part from its internal cargo bin to the target place
- The mouse droid uses a screw diver to tighten replaced parts
- The mouse droid uses a gripper to move the damaged part into its internal cargo bin.
(see Mechanics)

--> Plan tasks R0090

--> Steer motors of tools R0233

Explore Environment C0067

When the mouse droid is missing relevant data on the environment, it plans a list of actions that suits the purpose of gaining the missing knowledge.

Perform Movement C0068

Steer motors of tools C0069

--> Base Micro Controller R0255

Plan tasks C0070

The mouse droid creates a list of actions to fulfill the given mission. If data on the environment is missing, it plans an explortion task and re-plans the action list later.

High Performance SoC C0056

This block provides an execution environment for algorithms that is optimized for high performance.

--> Explore Environment R0258

--> Plan tasks R0259

Base Micro Controller C0051

The base micro controller consists of
- logic unit
- data storage
- persistent data+logic storage
- self supervision (by ECC and lockstep-cores)
- HW watchdog
- clock
- temperature sensor
- io ports
This block is optimized for providing a reliable execution of algorithms, see Quality Requirements.

Temperature: sensor: F0010

clock comm: I2C: F0007

Speaker: I2S: F0004

Main Board Connector: F0009

reset cmd: F0006

Motor Control: I2C: F0003

Diag: JTAG: F0005

--> Steer motors of tools R0256

--> Perform Movement R0257

Self-Preservation C0081

In case a wookiee growls at the MoD5G, it shall flee for self-preservation

Interoperability C0123

The programming and charging interfaces of the MoD5G shall be compatible to
- old republic terminals
- imperial terminals

Imperial Operator C0082

program --> Mouse Droid MoD5G R0113

Operator of the old republic C0083

program --> Mouse Droid MoD5G R0112

Mouse Droid MoD5G C0004

The Mouse Droid (MoD5G) is a repair droid that can be instructed to perform a mission and which then autonomously selects tactics to achieve the mission goals.

Environment Capture C0118

Tactics Calculator C0108

Calculate tactics based on given strategy and current situation model

System Control C0119

Base Software Structure C0121

The software is basically structured into three parts:
- environment model generation
- calculating actions
- controlling execution of actions

Software Parts C0020

The software consists of control logic, initial data that was integrated at the factory and learned data that is aggregated during operation.
These software items are split over two logical boards and subdivided into independent execution partitions.

--> Tactics Calculator R0236

--> Environment Capture R0241

--> System Control R0242

Video Capture C0106

actual scene --> Environment Model Composer R0155

Audio Capture C0107

actual scene --> Environment Model Composer R0154

Tactics Calculator C0108

Calculate tactics based on given strategy and current situation model

Motor Controller C0109

Move motors according to calculated tactics

movement info --> Environment Model Composer R0153

Environment Capture C0118

--> Environment Model Composer R0152

--> Video Capture R0148

--> Audio Capture R0149

System Control C0119

--> SW Watchdog R0174

--> Motor Controller R0151

Environment Model Composer C0120

--> Tactics Calculator R0156

SW Watchdog C0129

The SW Watchdog shall check

- validity of data as well as
- validity of sequence of checkpoints
received from software components on the Main Logic Board.
See also Crosscutting Concepts.

Software Parts C0020

The software consists of control logic, initial data that was integrated at the factory and learned data that is aggregated during operation.
These software items are split over two logical boards and subdivided into independent execution partitions.

--> Tactics Calculator R0236

--> Environment Capture R0241

--> System Control R0242

power::booting C0024

--> sw::sync R0107

--> sw::start R0099

--> sw::par R0100

--> sw::boot_main_board R0098

--> sw::booted R0110

--> sw::boot_base_board R0097

ready --> power::full_operation R0016

power::full_operation C0025

While the MoD5G is in full_operation state, all software parts are running and able to react on input data.

--> sw::op_sync R0117

--> sw::op_end R0115

--> sw::op_par R0116

--> sw::op_start R0114

--> sw::run_base R0105

--> sw::run_main R0104

next steps are planned --> power::energy_saving R0017

mission tactics are planned, no need to adapt

supervision fault --> power::booting R0033

power::energy_saving C0026

--> sw::run_base_only R0106

external event --> power::full_operation R0018

external event causes re-evaluating tactics

supervision fault --> power::booting R0032

sw::boot_base_board C0072

--> sw::sync R0109

sw::boot_main_board C0073

--> sw::sync R0108

sw::start C0074

--> sw::par R0101

sw::par C0075

--> sw::boot_main_board R0102

--> sw::boot_base_board R0103

sw::run_main C0076

--> sw::op_sync R0123

sw::run_base C0077

--> sw::op_sync R0122

sw::run_base_only C0078

sw::sync C0079

--> sw::booted R0111

sw::booted C0080

sw::op_start C0084

--> sw::op_par R0119

sw::op_end C0085

sw::op_par C0086

--> sw::run_main R0120

--> sw::run_base R0121

sw::op_sync C0087

--> sw::op_end R0118

Motor Controller C0109

Move motors according to calculated tactics

movement info --> Environment Model Composer R0153

--> Base Logic SW Partition R0200

Base Logic SW Partition C0064

General Purpose Partition 2 C0063

Tactics Calculator C0108

Calculate tactics based on given strategy and current situation model

--> General Purpose Partition 2 R0202

Audio Capture C0107

actual scene --> Environment Model Composer R0154

--> General Purpose Partition 1 R0204

General Purpose Partition 1 C0062

Real Time Video Processing Chip C0060

Video Capture C0106

actual scene --> Environment Model Composer R0155

--> Real Time Video Processing Chip R0201

Environment Model Composer C0120

--> Tactics Calculator R0156

--> General Purpose Partition 1 R0203

Environment Capture C0118

--> Environment Model Composer R0152

--> Video Capture R0148

--> Audio Capture R0149

System Control C0119

--> Motor Controller R0151

Fault Detection (main logic) C0127

Logic and data is supervised by the SW Watchdog located on the Base Micro Controller.
Every software component on the Main Logic Board shall check processed data and report its health to the SW Watchdog as well as passed checkpoints in the logic.

--> SW Watchdog R0175

Fault Detection (base logic) C0128

The hardware of the Base Micro Controller enables logic and data supervision. Therefore no extra software solution is implemented to monitor the base logic.

--> SW Watchdog R0198

SW Watchdog C0129

The SW Watchdog shall check

- validity of data as well as
- validity of sequence of checkpoints
received from software components on the Main Logic Board.
See also Crosscutting Concepts.

Wookiee Detection C0131

Challenge: Detect presense of a Wookiee
Alt-1: Detect a growling wookie only by analyzing the audio spectrum recorded from the microphone.
- pro: simple to implement
- con: may produce false alarms
Alt-2: Combine the Video and the Audio sensor data to better distinguish a growling wookie from a shouting officer.
- pro: better recognize wookiees
- con: dependency on video processing
Decision: Alt-1
Rationale: Reacting on a false alarm is not mission-critical.

--> Self-Preservation R0177

Self-Preservation C0081

In case a wookiee growls at the MoD5G, it shall flee for self-preservation

Compatibility C0122

Compatibility defines a set of attributes that measures how well data and messages can be exchanged with other programs and/or versions.

Interoperability C0123

The programming and charging interfaces of the MoD5G shall be compatible to
- old republic terminals
- imperial terminals

--> Compatibility R0158

Fault Detection Strategy may fail C0130

The fault detection strategy for logic and data on the Main Logic Board allows for unnoticed faults:
Not every error in logic can be detected by checkpoints only.

--> Risk: Wrong tactic is calculated R0181

Fault Detection (main logic) C0127

Logic and data is supervised by the SW Watchdog located on the Base Micro Controller.
Every software component on the Main Logic Board shall check processed data and report its health to the SW Watchdog as well as passed checkpoints in the logic.

--> Risk: Wrong tactic is calculated R0199

Risk: Wrong tactic is calculated C0134

- cause/fault: Due to cosmic rays, the main logic board performs a miscalculation that goes unnoticed by control flow supervision
- risk/failure: the MoD5G calculates a tactic that results in falling off a cliff

Situation Model C0110

The situation model refers to the (limited/erroneous) knowledge of the software on environment and status.

--> Status Model R0142

--> Environment Model R0143

Environment Model C0111

The enironment model refers to the (limited) knowledge of the software on the real environment.

observe by sensors --> Real Environment R0146

Sensor data is the basis for assuming an environment model.

Status Model C0112

The status model refers to the (limited) knowledge of the software on the real status.

observe --> Real Status R0147

Sensor data is the basis for assuming a status model. The algorithm for deriving a status model shall take into account that a sensor may be defect and/or a measured value may indicate a defect (which again may have several causes).

Real Situation C0113

The real situation refers to the reality of system status and environment.

--> Real Status R0144

--> Real Environment R0145

Real Environment C0114

The real environment refers to the physical environment of the system.

Real Status C0115

The real status refers to the real system status. This may differ from what the sensors report.

power::off C0027

--> power::startup R0209

power::full_operation C0025

While the MoD5G is in full_operation state, all software parts are running and able to react on input data.

sleep --> power::energy_saving R0212

shutdown --> power::off R0215

power::startup C0023

wakeup (0 ms) --> power::booting R0210

power::booting C0024

run (2300 ms) --> power::full_operation R0211

power::energy_saving C0026

wakeup (0 ms) --> power::energy_saving R0213

run (500 ms) --> power::full_operation R0214

max 2300 msec C0139

a --> power::booting R0218

b --> power::full_operation R0216

max 500 msec C0140

c --> power::energy_saving R0219

d --> power::full_operation R0217

Maintainability C0010

Maintainability defines a set of attributes that influence how to analyze and mitigate defects that occur during operation.

Repairability C0012

The MoD5 hardware parts shall be exchangeable in case they are damaged.

--> Maintainability R0007

30 years spare-parts supply C0013

The mechanical and electrical/electronics parts of the MoD5 shall be produceable in identical or similar form and quality for 30 years after production of the unit.

--> Repairability R0008

Analyzability C0014

The MoD5G shall allow to analyze faults that occurred during operation.

--> Maintainability R0009

Self-Diagnosis C0015

At the maintenance booth, the MoD5G shall provide an error log. This error log contains detected errors from operation and related environment conditions. It also lists possible causes(faults).

--> Analyzability R0010