Engineering:Safe mode in spacecraft

From HandWiki

Safe mode is an operating mode of a modern uncrewed spacecraft during which all non-essential systems are shut down and only essential functions such as thermal management, radio reception and attitude control are active.[1]

Safe mode is entered automatically upon the detection of a predefined operating condition or event that may indicate loss of control or damage to the spacecraft. Usually the trigger event is a system failure or detection of operating conditions considered dangerously out of the normal range. Cosmic rays penetrating spacecraft electrical systems can create false signals or commands and thus cause a trigger event. The central processor electronics are especially prone to such events.[2] Another trigger is the lack of a received command within a given time window. Lack of received commands can be caused by hardware failures or mis-programming of the spacecraft, as in the case of the Viking 1 lander.

The process of entering safe mode, sometimes referred to as safing,[3] involves a number of immediate physical actions taken to prevent damage or complete loss. Power is removed from non-essential subsystems. Regaining attitude control, if lost, is the highest priority because it is necessary to maintain thermal balance and proper illumination of the solar panels.[1] A tumbling or cartwheeling spacecraft can quickly roast, freeze or exhaust its battery power and be lost forever.[4]

In safe mode

While in safe mode the preservation of the spacecraft is the highest priority. Typically all non-essential systems, such as science instruments, are shut down. The spacecraft attempts to maintain orientation with respect to the Sun for illumination of solar panels and for thermal management. The spacecraft then awaits radio commands from its mission control center monitoring for signals on its low-gain omnidirectional antenna. Exactly what happens while in safe mode is dependent on the spacecraft design and its mission.[2]

Recovery from safe mode involves reestablishing communication between the spacecraft and mission control, downloading any diagnostic data and sequencing power back on to the various subsystems to resume the mission. The recovery time can be anywhere from a few hours to days or weeks depending on the difficulty in reestablishing communications, conditions found on the spacecraft, distance to the spacecraft and the nature of the mission.[5]

Overriding normal safe mode behavior

Normal safe mode operation can sometimes be overridden. A spacecraft's ability to enter safe mode may be suppressed during crucial spacecraft operations (such as the orbit insertion maneuver of the Cassini spacecraft at Saturn), during which – if a critical failure were to occur – most, if not all, of the mission objectives would be lost anyway.[3] On occasion, a spacecraft is placed in safe mode deliberately by mission control, as the Spirit rover was on sol 451.[6]

Modern incidents

2005
2007
  • Cassini–Huygens download of the Iapetus flyby data was interrupted by a safing event September 10, 2007.[3]
  • New Horizons entered safe mode March 19, 2007 due to an uncorrectable memory error in the primary Command and Data Handling (C&DH) computer.[5]
  • Odyssey has broken the communications link between the Mars Exploration Rovers and Earth during several sudden safing events.[7][8]
2009
  • The Mars Reconnaissance Orbiter (MRO) entered safe mode on August 26, 2009 for the second incident in a month, the fourth in 2009 and the eighth since launch in 2005.[9][10] The spacecraft was kept in safe mode until December 8, 2009.[11]
  • Kepler entered safe mode on June 15 and again on July 3, 2009. Both cases were triggered by an on-board processor reset.[12]
  • Dawn entered safe mode due to a programming error during its February 17, 2009 Mars flyby.[13]
  • MESSENGER entered safe mode during its third flyby of Mercury on September 29, 2009.[14]
2014
  • The Philae lander entered safe mode on 15 November 2014, after its batteries ran down due to reduced sunlight and an off-nominal spacecraft orientation at its unplanned landing site.[15]
2015
  • New Horizons entered safe mode on July 4, 2015, ten days before its closest approach to Pluto, after a timing problem in a command sequence. Some scientific data was lost, but with only minimal impact on mission objectives.[16]
2016
  • Juno entered safe mode on 18 October 2016, just prior to a planned maneuvering burn using its main engine to lower its orbit.[17] The spacecraft's on-board computer was rebooted, and subsequent check-out of its scientific research systems showed no major malfunctions. The exact cause remains under investigation.[18]
2018
  • The Opportunity rover entered safe mode on 13 June 2018 during the 2018 Mars dust storm. The opacity of the atmosphere was such that almost all sunlight was blocked and the rover's solar panels were unable to recharge its batteries even for minimal maintenance and communications.[19][20] It was hoped it would reboot once the atmosphere cleared in October, but it did not, suggesting either a catastrophic failure or that a layer of dust has covered its solar panels.[21] On February 13, 2019, NASA officials declared that the Opportunity mission was complete, after the spacecraft had failed to respond to over 1,000 signals sent since August 2018.[22]
  • The Hubble Space Telescope entered safe mode on October 5, 2018, after one of its three active gyroscopes failed. The failing gyro had been exhibiting end-of-life behavior for approximately a year, and its failure was not unexpected. Hubble had six new gyros installed during Servicing Mission 4 in 2009 (STS-125). The spacecraft usually uses three gyros at a time, but can continue to make scientific observations with just one.[23][24]
2021
  • NASA announced that Hubble Space Telescope went into safe mode after experiencing synchronization issues with internal spacecraft communications. Science observations were temporarily suspended.

Incidents resulting in spacecraft loss or near loss

  • SOHO entered safe mode and was nearly lost on June 25, 1998. Normal operations were eventually restored after a gap of four months.[4][25]
  • NEAR entered safe mode, tumbled out of control and was nearly lost during the first attempt of Eros orbit insertion on December 20, 1998.[26]
  • Mars Global Surveyor entered safe mode and was lost when its batteries were overheated and destroyed by incorrect solar orientation on November 2, 2006.[27]
  • ISEE-3 was lost on September 16, 2014, during a civilian reboot effort.[28] It is believed that the 36-year-old spacecraft entered safe mode due to a drop in power from its solar panels.[29] The crowdfunded project has been unable to re-establish contact.

References

  1. 1.0 1.1 Bokulic, R. S.; Jensen, J. R. (November–December 2000). "Recovery of a Spacecraft from Sun-Safe Mode Using a Fanbeam Antenna". Spacecraft and Rockets 37 (6): 822. doi:10.2514/2.3640. Bibcode2000JSpRo..37..822B. https://arc.aiaa.org/doi/abs/10.2514/2.3640?journalCode=jsr. 
  2. 2.0 2.1 Bayer, Todd J. (18–20 September 2007). "Planning for the Un-plannable: Redundancy, Fault Protection, Contingency Planning and Anomaly Response for the Mars Reconnaissance Orbiter Mission". AIAA SPACE 2007 Conference & Exposition. https://arc.aiaa.org/doi/10.2514/6.2007-6109. Retrieved January 28, 2023. 
  3. 3.0 3.1 3.2 Cassini Spacecraft Safing
  4. 4.0 4.1 "SOHO Mission Interruption Preliminary Status and Background Report". July 15, 1998. http://umbra.nascom.nasa.gov/soho/prelim_and_background_rept.html. Retrieved 2006-08-17. 
  5. 5.0 5.1 "The PI's Perspective: Trip Report". NASA/Johns Hopkins University/APL/New Horizons Mission. 2007-03-26. http://pluto.jhuapl.edu/News-Center/PI-Perspectives.php?page=piPerspective_3_26_2007. Retrieved 2016-10-19. 
  6. 6.0 6.1 "Spirit Updates 2005". NASA/JPL. Archived from the original on 2007-08-23. https://web.archive.org/web/20070823125703/http://marsrover.nasa.gov/mission/status_spiritAll_2005.html. Retrieved 2009-08-18. 
  7. "Spirit Updates 2006". NASA/JPL. Archived from the original on 2007-08-23. https://web.archive.org/web/20070823125703/http://marsrover.nasa.gov/mission/status_spiritAll_2006.html. Retrieved 2009-08-18. 
  8. "Spirit Updates 2007". NASA/JPL. Archived from the original on 2009-04-13. https://web.archive.org/web/20090413064712/http://marsrover.nasa.gov/mission/status_spiritAll_2007.html. Retrieved 2009-08-18. 
  9. Tariq Malik (August 8, 2009). "Powerful Mars Orbiter Switches to Backup Computer". SPACE.com. http://www.space.com/7113-powerful-mars-orbiter-switches-backup-computer.html. Retrieved 2009-08-18. 
  10. "Orbiter in Safe Mode Increases Communication Rate". NASA/JPL. August 28, 2009. Archived from the original on 2011-06-11. https://web.archive.org/web/20110611093250/http://marsprogram.jpl.nasa.gov/mro/newsroom/pressreleases/20090828a.html. Retrieved 2009-08-31. 
  11. "Spacecraft Out of Safe Mode". NASA/JPL. December 8, 2009. Archived from the original on 2011-06-11. https://web.archive.org/web/20110611093416/http://marsprogram.jpl.nasa.gov/mro/newsroom/pressreleases/20091208a.html. Retrieved 2009-12-23. 
  12. "2009 July 7 Mission Manager Update". NASA. 2009-07-07. Archived from the original on 2009-06-11. https://web.archive.org/web/20090611215138/http://kepler.nasa.gov/about/manager.html. Retrieved 2009-07-08. 
  13. "Dawn Receives Gravity Assist from Mars". NASA/JPL. 2009-02-28. Archived from the original on 2004-10-16. https://web.archive.org/web/20041016170033/http://dawn.jpl.nasa.gov/mission/status.asp. Retrieved 2009-08-04. 
  14. "MESSENGER Gains Critical Gravity Assist for Mercury Orbital Observations". MESSENGER Mission News. September 30, 2009. Archived from the original on May 10, 2013. https://web.archive.org/web/20130510175510/http://messenger.jhuapl.edu/news_room/details.php?id=136. Retrieved 2009-09-30. 
  15. Brumfield, Ben; Carter, Chelsea J. (18 November 2014). "On a comet 10 years away, Philae conks out, maybe for good". CNN. http://www.cnn.com/2014/11/14/world/comet-landing/. Retrieved 28 December 2014. 
  16. Gipson, Lillian (6 July 2015). "NASA's New Horizons Plans July 7 Return to Normal Science Operations". http://www.nasa.gov/nh/new-horizons-plans-july-7-return-to-normal-science-operations. Retrieved 6 July 2015. 
  17. Feltman, Rachel (20 October 2016). "Juno spacecraft slips into safe mode, putting science on hold". https://www.washingtonpost.com/news/speaking-of-science/wp/2016/10/20/juno-spacecraft-slips-into-safe-mode-putting-science-on-hold. Retrieved 20 October 2016. 
  18. "Juno Spacecraft in Safe Mode for Latest Jupiter Flyby; Scientists Intrigued by Data from First Flyby". 19 October 2016. http://www.jpl.nasa.gov/news/news.php?feature=6653. Retrieved 20 October 2016. 
  19. Opportunity Hunkers Down During Dust Storm. NASA. 12 June 2918.
  20. NASA Staff (13 June 2018). "Mars Dust Storm News - Teleconference - audio (065:22)". NASA. https://www.youtube.com/watch?v=fIKxdRFx2Wo. Retrieved 13 June 2018. 
  21. "Mars Exploration Rover Mission: All Opportunity Updates". https://mars.nasa.gov/mer/mission/status_opportunityAll.html. 
  22. "NASA's Opportunity Rover Mission on Mars Comes to End". NASA. February 13, 2019. https://mars.nasa.gov/news/8413/nasas-opportunity-rover-mission-on-mars-comes-to-end/. 
  23. Chou, Felicia (2018-10-08). "Oct. 8, 2018 - Hubble in Safe Mode as Gyro Issues are Diagnosed" (in en). NASA. https://www.nasa.gov/feature/goddard/2018/update-on-the-hubble-space-telescope-safe-mode. 
  24. "Hubble on Twitter" (in en). Twitter. https://twitter.com/NASAHubble/status/1049303793362526209. 
  25. Nancy G. Leveson (2004). "The Role of Software in Spacecraft Accidents". Spacecraft and Rockets 41 (4): 564–575. doi:10.2514/1.11950. Bibcode2004JSpRo..41..564L. http://sunnyday.mit.edu/papers/jsr.pdf. 
  26. "The NEAR Rendezvous Burn Anomaly of December 1998". Final Report of the NEAR Anomaly Review Board. November 1999. Archived from the original on 2011-06-14. https://web.archive.org/web/20110614042059/http://klabs.org/richcontent/Reports/Failure_Reports/NEAR_Rendezvous_Burn.pdf. Retrieved 2009-08-18. 
  27. "Report Reveals Likely Causes of Mars Spacecraft Loss" (Press release). NASA. 13 April 2007. Retrieved 2009-07-10.
  28. "Space, the financial frontier – how citizen scientists took control of a probe". 3 October 2014. http://theconversation.com/space-the-financial-frontier-how-citizen-scientists-took-control-of-a-probe-32117. Retrieved 16 January 2016. 
  29. "ISEE-3 is in Safe Mode". 25 September 2014. http://spacecollege.org/isee3/isee-3-is-in-safe-mode.html. Retrieved 15 January 2016. 

See also