**4. Failure detection isolation and recovery (FDIR) design**

In order to achieve autonomous and healthy operation of the satellite, the intelligent satellite system uses the FDIR software to monitor the status of the satellite in real time and diagnose and predict its working status and performance trends [18]. When a failure occurs, the FDIR software can locate the failure in time and determine which components are not working normally or the performance is degraded.

#### **4.1 FDIR design goals and principles**

Design goals:

i.Satellites can survive if any failure occurs.


The above three principles apply to the launch phase, the transfer orbit phase, and the on-orbit phase.

FDIR is an important component of the onboard software, which can perform on-orbit processing of failures, thereby reducing the impact of failures. However, not all on-orbit failures can be detected and processed. FDIR design should follow the following principles:


iv.The failures of the same level are processed in the order of occurrence.

v.All FDIR processing requires failure recovery instructions and failure processing records.
