Contingency Software in Autonomous Systems - PowerPoint PPT Presentation

Loading...

PPT – Contingency Software in Autonomous Systems PowerPoint presentation | free to download - id: 2b02a-NDA0Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Contingency Software in Autonomous Systems

Description:

This research was carried out at the Jet Propulsion Laboratory, California ... Yamaha. System. CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS ... – PowerPoint PPT presentation

Number of Views:104
Avg rating:3.0/5.0
Slides: 26
Provided by: stacyn3
Learn more at: http://www.nasa.gov
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Contingency Software in Autonomous Systems


1
Contingency Software in Autonomous Systems
NASA OSMA Software Assurance Symposium August
9-11, 2005
Robyn Lutz, JPL/Caltech ISU Doron Tal, USRA at
NASA Ames Ann Patterson-Hine, NASA Ames
This research was carried out at the Jet
Propulsion Laboratory, California Institute of
Technology, and at NASA Ames Research Center,
under a contract with the National Aeronautics
and Space Administration. The work was sponsored
by the NASA Office of Safety and Mission
Assurance under the Software Assurance Research
Program led by the NASA Software IVV Facility.
This activity is managed locally at JPL through
the Assurance and Technology Program Office
2
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
Problem
  • PROBLEM STATEMENT
  • Autonomous vehicles currently have a limited
    capacity to diagnose and mitigate failures.
  • We need to be able to handle a broader range of
    contingencies (anomalous situations).
  • GOALS
  • Speed up diagnosis and mitigation of anomalous
    situations.
  • Automatically handle contingencies, not just
    failures.
  • Enable projects to select a degree of autonomy
    consistent with their needs and to incrementally
    introduce more autonomy.
  • Augment on-board fault protection with verified
    contingency scripts

3
CONTINGENCY SOFTWARE in AUTONOMOUS
SYSTEMS Availability of Data High
Autonomous Rotorcraft Project http//is.arc.nasa.
gov/AR/tasks/ARP.html
4
CONTINGENCY SOFTWARE in AUTONOMOUS
SYSTEMS Overview of Perception Subsystem
Right Grayscale Camera
R image
Vision Computer


Stereo Conversion to World Frame
Stereo Point Cloud In World Frame
Image Rectification
Stereo Vision
Left Grayscale Camera
Camera Manager
L image
Color Camera
L image
Tilt Control
Laser Conversion to World Frame
Laser Point Cloud In World Frame
Tilt
Pan/Tilt
6 DOF
SICK Laser
Flight Computer
6 DOF
IMU 6 DOF
GPS
Perception is a critical function in systems
requiring obstacle avoidance, threat detection,
science missions and opportunistic discovery.
3-axis accelerometer
Camera Pose MIDG
3-axis gyro
5
CONTINGENCY SOFTWARE in AUTONOMOUS
SYSTEMS Partial Onboard Architecture
Yamaha System
APEX Reactive Planner

CLAW Flight Control Laws
DOMS Distributed Messaging System
domsD DOMS transport daemon
Telemetry
GPS
6
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
Perception Instrumentation Onboard Rotorcraft
Gray scale wing tip (stereo vision)
Left Wing
Right Wing
Scanning Laser Range Finder (SICK)
Color Camera
Firewire
RS232
Firewire Hub
Onboard Flight Computer
7
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS Camera
Criticality
  • Cases in which the cameras are a critical system
  • Cameras assigned responsibility during nominal
    ops
  • No line of sight - Camera provides position info
  • Cameras are backup when other subsystems fail
  • Failed/degraded GPS - Camera provides position
    info
  • Failed/degraded ARP - Camera provides
    landing-site data
  • Images as mission objective (surveillance)
  • Failure of cameras can jeopardize success

8
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
Contingency Process Overview
1. Brainstorm with UAV team to uncover candidates
for software contingencies Review UAV literature
and project reports Lead brainstorming sessions
with domain experts Work with team to identify
and prioritize high-concern candidates Select
top priority candidates 2. Model unit of interest
(i.e. cameras, communications systems…) Model
system including Architecture State
diagram Verify models with UAV team 3.
Contingency requirements verification Perform
SFMECA and SFTA in context of Obstacle Analysis
RE05 4. Analyze testability Identify how
each contingency can be detected Perform
SFTA Experiment with assignment of measure of
uncertainty 5. Develop recovery
strategy Determine candidate strategies for
contingency responses (prevent/respond/safe) D
etermine availability of data needed to
determine/execute appropriate contingency 6.
Prototype contingency in progressively higher
fidelity testbeds 7. Monitor contingency
performance
9
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
Contingency Analysis
  • Used Bi-Directional Safety Analysis to find
    contingencies
  • Forward analysis from potential failures to their
    effects (Software Failure Modes, Effects
    Criticality Analysis)
  • Backward analysis from failures to contributing
    causes (Software Fault Tree Analysis)
  • Guides to thinking about possible ways to handle
    contingencies
  • Use Mitigation column in SFMECA
  • Remove leaf nodes from SFTA graphs
  • Use obstacle resolution patterns van Lamsweerde
    Letier, 2000
  • TEAMS produces a diagnostic tree of checks needed
    to detect isolate contingencies, identifies
    missing checks and recovery action
  • Testability Engineering and Maintenance System
  • Modeling analysis toolset
  • Won NASA Space Act Award
  • Used successfully on 2nd generation RLV IVHM risk
    reduction program

10
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS Results
TEAMS builds a Dependency Matrix in which each
row is a fault source (e.g., a camera that can
fail) and each column is a test (e.g., whether
we have a good Stereo image). Here, we select
the normal or contingency scenario (camera OK or
not) for the analysis.
Properties for each function, switch
test-point are entered into the TEAMS tools
11
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS Results
Executing the Contingency scenario, we check that
the behavior is correct left COLOR camera is
available (no red slash) being used confirm
that tests can isolate failure to which camera.
Most useful the automatic Diagnostic
Tree --Shows best sequence of checks to detect
isolate --Shows indistinguishable failures
(ambiguity groups) --XML output option is being
translated into rotorcrafts planning language
(APEX) to simulate contingencies on the vehicle
  - TYPE"TEST" ID"T.small_stereo_0.1.2.4.0"
PASS"YES" FAIL"NO" - - 12
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
Importance / Benefits
  • Contingency management is essential to the robust
    operation of complex systems such as spacecraft
    and Unpiloted Aerial Vehicles (UAVs)
  • Automatic contingency handling allows a faster
    response to unsafe scenarios, with reduced human
    intervention
  • Results, applied to the Autonomous Rotorcraft
    Project and Mars Science Lab, pave the way to
    more resilient, adaptive autonomous systems

13
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
Relevance to NASA
  • Improved contingency handling needed to safely
    relinquish control of unpiloted vehicles to
    autonomous controllers
  • More autonomous contingency handling needed to
    support extended mission operations
  • Potential applications Safety-critical UAVs and
    Mission-critical spacecraft and rovers

14
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
Next Steps
  • Autonomous Rotorcraft Project Continue working
    with team to expand and evaluate contingencies
    for imaging and ranging systems
  • Technology Readiness Level
  • FY05 3 (Experimental demonstration of critical
    function /or proof of concept)
  • FY06 4 (Validation in a lab environment) on
    rotorcraft
  • Mars Science Lab Update and enhance model for
    spacecraft pointing contingencies with domain
    expertise from software development team
  • Infusion across NASA Document process for
    technology transfer to other projects

15
Backup Slides
16
TEAMS uses a hierarchical model of the
system Boxes are key requirements (stereo
processing, etc.) Squares are switches using
left grayscale camera (nominal)
or using left color camera
(contingency) Circles are test-points 1
check whether has good (unfailed) stereo image
2 check
whether good range data

CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
17
CONTINGENCY SOFTWARE in AUTONOMOUS SYSTEMS
18
  • Critical Pointing for Spacecraft
  • Autonomous, contingency response for critical
    scenarios
  • Commandability lost
  • Before trajectory-correction maneuvers
  • Before Entry/Descent/Landing

19
What do we know when a quit-failed signal
occurs?
20
What is a contingency?
  • Contingencies are obstacles to the fulfillment of
    a systems high-level requirements that can arise
    during real-time operations
  • Failures camera fails due to hardware or
    software problem
  • Operational situations of concern lens cap left
    on means that all images are black, so cant land
    unassisted
  • Environmental situations of concern strong
    crosswind interferes with imaging, thus with
    finding landing site
  • Contingency-handling involves requirements for
    detecting, identifying and responding to
    contingencies.
  • Contingency handling includes, but extends,
    traditional fault protection

21
Autonomy
  • Something previously not done automatically is
    now done by the software
  • Previously done manually, or
  • Previously could not be done
  • Example of incremental autonomy
  • Collision avoidance (not hitting buildings)
  • Remote control by pilot steering from ground
  • Path calculated on ground, loaded into system,
    path-plan executed in flight
  • Path calculated in flight based on real-time
    imaging
  • Autonomy allows system to detect and respond to a
    broad class of anomalies in many more ways

22
Safety-critical
  • Safety-critical
  • Requires collision-avoidance
  • Requires autonomous take-off landing in
    populated areas
  • Use for critical missions finding lost hikers,
    downed pilots detecting highway accidents
    imaging (early warning) forest fires

23
Obstacle Analysis Approach
  • KAOS framework for goal-oriented obstacle
    analysis
  • Goal is a set of desired behaviors
  • Obstacle is a set of undesirable behaviors that
    impede a goal
  • Relevance to application
  • Contingencies are
  • Obstacles to achieving goals, or
  • Indications that goals are unrealizable with
    available agents
  • Advantages
  • Structured approach early-on (anticipatory
    planning)
  • Supports more formal analysis, as needed

24
Obstacle Analysis Approach
  • Step 1. Identify the goals
  • Step 2. Identify the agents
  • Step 3. Identify the obstacles
  • Step 4. Identify alternative resolutions to the
    obstacles
  • Step 5. Select a resolution among the
    alternatives.

25
Other Related Work
  • Requirements evolution
  • Use goal obstacle analysis to refine
    requirements in a developing system Anton
    Potts
  • Maintenance
  • Focus on management of requirements changes
    Bennett Rajlich
  • Evaluate in terms of traceability or
    change-impact Cleland-Huang
  • Dynamic monitoring
  • Monitor operational systems for mismatch
    assumptions/environment perform remedial
    evolutions Fickas and Feather
  • Autonomous fault handling with AI planners
  • Safety in autonomous systems
  • Vehicle health management
About PowerShow.com