Handling Mode Transition Errors Sample Clauses

Handling Mode Transition Errors. At the beginning of each AOCS cycle, after sensor data is processed and actuators are commanded according to the control computations, the FDIR Manager evaluates whether there has been any flagged mode transition error. A typical mode transition error is Timeout. Each mode transition is timed, meaning that if a step of a transition is not completed within a specified time limit, timeout occurs. In case such an error is reported to the FDIR Manager, all possibly ongoing unit reconfigurations are aborted (units under reconfiguration are released and commanded to their respective Off states). In case a mode transition error is detected during transitions aiming to Standby or Safe modes, then the emergency reboot is required and the Mode Manager is requested to initiate transition to Off mode. In the Off mode the AOCS Manager stops all activities and waits an externally controlled S/W reboot. Otherwise, if a mode transition error occurred during transition to Nominal, Preparation or Science modes, the recovery action is to move back to Safe mode. In case an error is reported while AOCS is still recovering from a previous error, the recovery action depends on the target mode of the last FDIR recovery action. If this mode is Off, Safe or Standby, then the previous FDIR action is discarded and the new recovery action is to move to Off mode. Otherwise, the recovery action is to move to Safe mode.