 HiPeRCAR artistic view The High Performance Resilient Computer for Autonomous Robotics (HiPeRCAR) is a distributed computer for space robotics. It is composed of a SpaceWire network connecting a radiation-hardened CPU ("master node") to several commercial CPU's ("worker nodes"). The main feature of HiPeRCAR is the software-based SEU tolerance: if a worker node fails, it is immediately backed-up by the master as long as necessary, with possible reduction of performances but without any interruption of service. This makes HiPeRCAR a cheap and robust platform for real-time applications. The failure-tolerant architecture of HiPeRCAR is designed so that, for any given function, two modes of operation exist: Nominal and Basic. The first one employs relatively high computational resources to provide advanced features and mission autonomy; the second one employs low system resources and provides relatively simple features with limited or no mission autonomy. In case of failure, the Basic functionalities are always guaranteed, while the Nominal functionalities are tolerated to be temporarily suspended or permanently lost. No service interruption is suffered in these cases: the user will observe a system continuously providing the given function, and only its quality can change, passing from Nominal to Basic during a failure and then returning to Nominal if recovery is possible.  The HiPeRCAR failure tolerance concept |  |
This FDIR idea has been realized by requiring the robotic software being a collection of independent Control Tasks, each one in charge of a specific function. Each Control Task is implemented in a Basic version, always running on the Master node, and in a Nominal version, that may be or may be not running on an available Worker node. The Basic version of a Control Task is designed to perform the minimum required data processing. The Nominal version is designed to perform additional, complex data processing by taking advantage, where possible, from the data already made available by its Basic counterpart. Therefore, the available Worker nodes run algorithms elaborating only advanced data and send their output to the Master node. The Basic mode of functioning is guaranteed, no matter what happens to the rest of the system, since the Master node is assumed failure-tolerant.
HiPeRCAR is currently under development and has passed the Preliminary Design Review. I'm working as program manager of the HiPeRCAR Application Software.
Published papers:
P. A. Marra, D. Akuatse, E. Crudo, F. Fusco, S. Montenegro, R. Vitulli, HiPeRCAR: the High Performance Resilient Computer for Autonomous Robotics (PDF, 1082 KB), DASIA 2006 (Data Systems in Aerospace), EUROSPACE, Berlin 22-25 May 2006.