Formal Verification of Astronaut-Rover Teams for Planetary Surface Operations

This paper describes an approach to assuring the reliability of autonomous systems for Astronaut-Rover (ASRO) teams using the formal verification of models in the Brahms multi-agent modelling language. Planetary surface rovers have proven essential to several manned and unmanned missions to the moon and Mars. The first rovers were tele- or manuallyoperated, but autonomous systems are increasingly being used to increase the effectiveness and range of rover operations on missions such as the NASA Mars Science Laboratory. It is anticipated that future manned missions to the moon and Mars will use autonomous rovers to assist astronauts during extravehicular activity (EVA), including science, technical and construction operations. These ASRO teams have the potential to significantly increase the safety and efficiency of surface operations. We describe a new Brahms model in which an autonomous rover may perform several different activities including assisting an astronaut during EVA. These activities compete for the autonomous rovers “attention’ and therefore the rover must decide which activity is currently the most important and engage in that activity. The Brahms model also includes an astronaut agent, which models an astronauts predicted behaviour during an EVA. The rover must also respond to the astronauts activities. We show how this Brahms model can be simulated using the Brahms integrated development environment. The model can then also be formally verified with respect to system requirements using the SPIN model checker, through automatic translation from Brahms to PROMELA (the input language for SPIN). We show that such formal verification can be used to determine that mission- and safety critical operations are conducted correctly, and therefore increase the reliability of autonomous systems for planetary rovers in ASRO teams

Continuous Planning and Execution with Timelines

Planning systems need to be endowed with some additional features to cope effectively with execution: e.g., the ability to keep the plan database updated with respect to the actual feedbacks provided by the controlled system, to mention but one. In this paper, we identify a set of noteworthy planning and execution open issues relatively to the timeline-based planning approach. We address those issues presenting a domain independent deliberative system, implemented on top of the APSI-TRF, the A PSI Timeline-based Representation Framework, extended with timeline dispatching and execution-supervision capabilities so as to allow continuous planning and closed-loop re-planning activities. Some ongoing research directions are also briefly introduced

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Swarm Communication in Space - Evaluating Ad-Hoc Routing Protocols for In-Situ Space Exploration Networks

Upcoming space exploration missions targeted on visiting extraterrestrial worlds like the surface of other planets and moons in our solar system demand new technologies due to more complex mission designs. The utilization of multiple robotic units during such missions enables the investigation of a broad surface area. By establishing communication channels between all the robotic units, a swarm of agents is created capable of jointly executing scientific tasks. These will include the collection of sensor data which is distributed within the swarm agents and sensor measurements, time synchronization, and localization information will be exchanged between the agents. The German Aerospace Center (DLR) has designed a wireless communication system that is suitable for space exploration missions of this type where autonomous robots jointly explore unknown terrain on extraterrestrial worlds. The system enables data transmission as well as localization of the swarm agents by implementing a Physical Layer (PHY) and Medium Access Control (MAC) for unit-to-unit communication in the context of an ad-hoc network during in-situ space exploration missions. To allow the communication of swarm agents which are not in direct communication range, routing protocols are needed to relay packets of other agents. This work presents a network simulation environment focused on in-situ space exploration missions for the evaluation of existing ad-hoc routing protocols. The simulation utilizes a wireless MAC using a Time Division Multiple Access (TDMA) channel access function implemented in this work resembling the DLR MAC on the network’s nodes. Elevation data of the Moon’s surface is taken into account for radio-propagation modeling in the simulation. Within this simulation environment 11 different experiment designs are implemented to evaluate the performance differences of the Dynamic MANET On-demand (DYMO), Destination-Sequenced Distance-Vector (DSDV), and Greedy Perimeter Stateless Routing (GPSR) protocols in operation on the TDMA MAC and a standard IEEE 802.11g MAC. Performance metrics are defined to compare the routing protocols utilizing the different MACs. The evaluation reveals observations like less stable operation of all routing protocols on the TDMA MAC and a bias introduced to the route establishment of the protocols by the builtin ordering. Further, the differences observed in operation of the individual routing protocols is discussed in details, such as DSDV always being capable of establishing the shortest route to its destination whereas the other routing protocols chose longer routes. Especially DYMO preferred staying on longer routes if the shortest route was not initially available. It is concluded that the DLR MAC will benefit from applications and routing protocols being aware of the TDMA scheme and incorporating the TDMA cycles into their operation to avoid additional waiting times or biases

A Formal Methodology for Engineering Heterogeneous Railway Signalling Systems

Ph. D. Thesis.Over the last few decades, the safety assurance of cyber-physical systems has become one of the biggest challenges in the field of model-based system engineering. The challenge arises from an immense complexity of cyber-physical systems which have deeply intertwined physical, software and network system aspects. With significant improvements in a wireless communication and microprocessor technologies, the railway domain has become one of the frontiers for deploying cyber-physical signalling systems. However, because of the safety-critical nature of railway signalling systems, the highest level of safety assurance is essential. This study attempts to address the challenge of guaranteeing the safety of cyber-physical railway signalling systems by proposing a development methodology based on formal methods. In particular, this study is concerned with the safety assurance of heterogeneous cyber-physical railway signalling systems, which have emerged by gradually replacing outdated signalling systems and integrating mainline with urban signalling systems. The main contribution of this work is a formal development methodology of railway signalling systems. The methodology is based on the Event-B modelling language, which provides an expressive modelling language, a stepwise model development and a proof-based model verification. At the core of the methodology is a generic communication-based railway signalling Event-B model, which can be further refined to capture specific heterogeneous or homogeneous railway signalling configurations. In order to make signalling modelling more systematic we developed communication and hybrid railway signalling modelling patterns. The proposed methodology and modelling patterns have been evaluated on two case studies. The evaluation shows that the methodology does provide a system-level railway signalling modelling and verification method. This is crucial for verifying the safety of cyber-physical systems, as safety is dependent on interactions between different subsystems. However, the study has also shown that automatic formal verification of hybrid systems is still a major challenge and must be addressed in the future work in order to make this methodology more practical.(EPSRC and Siemens Rail Automation