Bi-Directional Safety Analysis for Product-Line, Multi-Agent Systems

Abstract. Safety-critical systems composed of highly similar, semi-autonomous agents are being developed in several application domains. An example of such multi-agent systems is a fleet, or “constellation ” of satellites. In constellations of satellites, each satellite is commonly treated as a distinct autonomous agent that must cooperate to achieve higher-level constellation goals. In previous work, we have shown that modeling a constellation of satellites or spacecraft as a product line of agents (where the agents have many shared commonalities and a few key differences) enables reuse of software analysis and design assets. We have also previously developed efficient safety analysis techniques for product lines. We now propose the use of Bi-Directional Safety Analysis (BDSA) to aid in system certification. We extend BDSA to product lines of multi-agent systems and show how the analysis artifacts thus produced contribute to the software’s safety case for certification purposes. The product-line approach lets us reuse portions of the safety analysis for multiple agents, significantly reducing the burden of certification. We motivate and illustrate this work through a specific application, a product-line, multi-agent satellite constellation

Assessing the impacts of fractionation on pointing-intensive spacecraft

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, February 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 165-168).Fractionated spacecraft consist of physically independent, "free-flying" modules composed of various subsystems. Thus, a fractionated spacecraft might consist of one-module responsible for the power generation and storage, another module responsible for the communications and computing, another module responsible for the attitude and guidance determination, another module responsible for the payload, and so on. Fractionated spacecraft are of particular interest for pointing-intensive, remote sensing mission spacecraft because of their ability to physically decouple subsystems and payloads that truly need precise pointing, thereby potentially reducing the lifecycle cost of fractionated spacecraft relative to a comparable monolithic spacecraft, for a given space mission. Additionally, using fractionation to decouple pointing-intensive subsystems and payloads may potentially reduce the mass and size of the module containing the payload in a fractionated spacecraft (i.e., Payload Module) relative to that of a comparable monolithic spacecraft. If fractionated spacecraft prove to reduce the mass and size associated with the Payload Module, for a given pointing-intensive, remote sensing mission, it may enable pointing-intensive fractionated spacecraft to have longer space mission lifetimes than comparable monolithic spacecraft.(cont.) This research seeks to quantitatively assess the impacts of various fractionated spacecraft architecture strategies on the lifecycle cost, mass, propellant usage, and mission lifetime of pointing-intensive, remote sensing mission spacecraft. A dynamic lifecycle simulation and parametric model was used to assess the lifecycle cost impacts, while the mass, propellant usage, and mission lifetime impacts were assessed using a non-parametric, physics-based computer model. Results from the research demonstrate that fractionated spacecraft can be both more and less expensive than a comparable monolithic spacecraft performing the same space mission. Additionally, the results show that due to the ability of fractionated spacecraft to decouple subsystems and payloads that truly need precise pointing, the mass and propellant usage of the Payload Module can be appreciably less than that of a comparable monolithic spacecraft. Subsequently, fractionated spacecraft can attain longer mission lifetimes than a monolithic spacecraft, and in certain instances, do so with a lesser lifecycle cost than the monolith at its respective shorter mission lifetime.by Michael Gregory O'Neill.S.M