Design and verification of a safe autonomous satellite rendezvous maneuver

A fundamental maneuver in autonomous space operations is known as rendezvous, where an active spacecraft navigates towards and maneuvers within close proximity of a free-flying passive spacecraft. Any mistake during autonomous space flight can be extremely costly, yet these systems are difficult to verify due to limitations of testing spacecraft. In this thesis, we present a benchmark model formulation for the rendezvous mission, two control solutions to achieve this mission, and a rigorous method to demonstrate that the resulting system’s behavior remains safe. The benchmark model provides both a nonlinear description of the spacecraft’s motion and a linearized approximation, and the mission objectives, or equivalently, our set of safety properties. We present a set of control solutions, which includes a hybrid, or switched, version of linear quadratic regulator (LQR)—a fundamental approach in the theory of optimal control for linear systems. We formulate a novel hybrid controller, dubbed state-dependent linear quadratic (SDLQ) control, which extends the former controller in a way that may improve its ability to generate only safe trajectories. With these choices of dynamical models and controllers, we obtain a collection of models that are shown to robustly achieve safety properties of interest using a suite of hybrid verification tools. We utilize several existing tools, each developed for different classes of hybrid models, and we implement a new tool called SDVTool which improves upon one of the former tools. We present experimental results that illustrate the promise (and ongoing challenges) of this approach; that is, applying a class of simulation-based verification algorithms to our proposed set of benchmark models and safety requirements to design and rigorously demonstrate safety of the autonomous satellite maneuver. We will demonstrate both successful, safe scenarios and incomplete or unsafe examples

Model Predictive Control approach for guidance of spacecraft rendezvous and proximity maneuvering

Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/92370/1/rnc2827.pd

Space Tug Docking Study. Volume 4: Supporting Analyses

For abstract, see N76-21245

Computational Techniques for Stochastic Reachability

As automated control systems grow in prevalence and complexity, there is an increasing demand for verification and controller synthesis methods to ensure these systems perform safely and to desired specifications. In addition, uncertain or stochastic behaviors are often exhibited (such as wind affecting the motion of an aircraft), making probabilistic verification desirable. Stochastic reachability analysis provides a formal means of generating the set of initial states that meets a given objective (such as safety or reachability) with a desired level of probability, known as the reachable (or safe) set, depending on the objective. However, the applicability of reachability analysis is limited in the scope and size of system it can address. First, generating stochastic reachable or viable sets is computationally intensive, and most existing methods rely on an optimal control formulation that requires solving a dynamic program, and which scales exponentially in the dimension of the state space. Second, almost no results exist for extending stochastic reachability analysis to systems with incomplete information, such that the controller does not have access to the full state of the system. This thesis addresses both of the above limitations, and introduces novel computational methods for generating stochastic reachable sets for both perfectly and partially observable systems. We initially consider a linear system with additive Gaussian noise, and introduce two methods for computing stochastic reachable sets that do not require dynamic programming. The first method uses a particle approximation to formulate a deterministic mixed integer linear program that produces an estimate to reachability probabilities. The second method uses a convex chance-constrained optimization problem to generate an under-approximation to the reachable set. Using these methods we are able to generate stochastic reachable sets for a four-dimensional spacecraft docking example in far less time than it would take had we used a dynamic program. We then focus on discrete time stochastic hybrid systems, which provide a flexible modeling framework for systems that exhibit mode-dependent behavior, and whose state space has both discrete and continuous components. We incorporate a stochastic observation process into the hybrid system model, and derive both theoretical and computational results for generating stochastic reachable sets subject to an observation process. The derivation of an information state allows us to recast the problem as one of perfect information, and we prove that solving a dynamic program over the information state is equivalent to solving the original problem. We then demonstrate that the dynamic program to solve the reachability problem for a partially observable stochastic hybrid system shares the same properties as for a partially observable Markov decision process (POMDP) with an additive cost function, and so we can exploit approximation strategies designed for POMDPs to solve the reachability problem. To do so, however, we first generate approximate representations of the information state and value function as either vectors or Gaussian mixtures, through a finite state approximation to the hybrid system or using a Gaussian mixture approximation to an indicator function defined over a convex region. For a system with linear dynamics and Gaussian measurement noise, we show that it exhibits special properties that do not require an approximation of the information state, which enables much more efficient computation of the reachable set. In all cases we provide convergence results and numerical examples

Apollo Lunar Exploration Missions (ALEM) program plan

This program plan supports the requirements of Apollo Program Directive 4K and is based on the most current information available at the time of publication. This directive defines the ALEM schedule and hardware planning guidelines and requirements to be used as a baseline for detailed Apollo spacecraft programming. Also, this directive reflects the requirements of Apollo Program Directive 4 (APD-4).[George M. Low]

Robust Control for Dynamical Systems With Non-Gaussian Noise via Formal Abstractions

Controllers for dynamical systems that operate in safety-critical settings must account for stochastic disturbances. Such disturbances are often modeled as process noise in a dynamical system, and common assumptions are that the underlying distributions are known and/or Gaussian. In practice, however, these assumptions may be unrealistic and can lead to poor approximations of the true noise distribution. We present a novel controller synthesis method that does not rely on any explicit representation of the noise distributions. In particular, we address the problem of computing a controller that provides probabilistic guarantees on safely reaching a target, while also avoiding unsafe regions of the state space. First, we abstract the continuous control system into a finite-state model that captures noise by probabilistic transitions between discrete states. As a key contribution, we adapt tools from the scenario approach to compute probably approximately correct (PAC) bounds on these transition probabilities, based on a finite number of samples of the noise. We capture these bounds in the transition probability intervals of a so-called interval Markov decision process (iMDP). This iMDP is, with a user-specified confidence probability, robust against uncertainty in the transition probabilities, and the tightness of the probability intervals can be controlled through the number of samples. We use state-of-the-art verification techniques to provide guarantees on the iMDP and compute a controller for which these guarantees carry over to the original control system. In addition, we develop a tailored computational scheme that reduces the complexity of the synthesis of these guarantees on the iMDP. Benchmarks on realistic control systems show the practical applicability of our method, even when the iMDP has hundreds of millions of transitions.Comment: To appear in the Journal of Artificial Intelligence Research (JAIR). arXiv admin note: text overlap with arXiv:2110.1266

SSTAC/ARTS Review of the Draft Integrated Technology Plan (ITP). Volume 2: Propulsion Systems

The topics addressed are: (1) space propulsion technology program overview; (2) space propulsion technology program fact sheet; (3) low thrust propulsion; (4) advanced propulsion concepts; (5) high-thrust chemical propulsion; (6) cryogenic fluid management; (7) NASA CSTI earth-to-orbit propulsion; (8) advanced main combustion chamber program; (9) earth-to-orbit propulsion turbomachinery; (10) transportation technology; (11) space chemical engines technology; (12) nuclear propulsion; (13) spacecraft on-board propulsion; and (14) low-cost commercial transport

Model-based Fault Diagnosis and Fault Accommodation for Space Missions : Application to the Rendezvous Phase of the MSR Mission

The work addressed in this thesis draws expertise from actions undertaken between the EuropeanSpace Agency (ESA), the industry Thales Alenia Space (TAS) and the IMS laboratory (laboratoirede l’Intégration du Matériau au Système) which develop new generations of integrated Guidance, Navigationand Control (GNC) units with fault detection and tolerance capabilities. The reference mission isthe ESA’s Mars Sample Return (MSR) mission. The presented work focuses on the terminal rendezvoussequence of the MSR mission which corresponds to the last few hundred meters until the capture. Thechaser vehicle is the MSR Orbiter, while the passive target is a diameter spherical container. The objectiveat control level is a capture achievement with an accuracy better than a few centimeter. The research workaddressed in this thesis is concerned by the development of model-based Fault Detection and Isolation(FDI) and Fault Tolerant Control (FTC) approaches that could significantly increase the operational andfunctional autonomy of the chaser during rendezvous, and more generally, of spacecraft involved in deepspace missions. Since redundancy exist in the sensors and since the reaction wheels are not used duringthe rendezvous phase, the work presented in this thesis focuses only on the thruster-based propulsionsystem. The investigated faults have been defined in accordance with ESA and TAS requirements andfollowing their experiences. The presented FDI/FTC approaches relies on hardware redundancy in sensors,control redirection and control re-allocation methods and a hierarchical FDI including signal-basedapproaches at sensor level, model-based approaches for thruster fault detection/isolation and trajectorysafety monitoring. Carefully selected performance and reliability indices together with Monte Carlo simulationcampaigns, using a high-fidelity industrial simulator, demonstrate the viability of the proposedapproaches.Les travaux de recherche traités dans cette thèse s’appuient sur l’expertise des actionsmenées entre l’Agence spatiale européenne (ESA), l’industrie Thales Alenia Space (TAS) et le laboratoirede l’Intégration du Matériau au Système (IMS) qui développent de nouvelles générations d’unités intégréesde guidage, navigation et pilotage (GNC) avec une fonction de détection des défauts et de tolérance desdéfauts. La mission de référence retenue dans cette thèse est la mission de retour d’échantillons martiens(Mars Sample Return, MSR) de l’ESA. Ce travail se concentre sur la séquence terminale du rendez-vous dela mission MSR qui correspond aux dernières centaines de mètres jusqu’à la capture. Le véhicule chasseurest l’orbiteur MSR (chasseur), alors que la cible passive est un conteneur sphérique. L’objectif au niveaude contrôle est de réaliser la capture avec une précision inférieure à quelques centimètres. Les travaux derecherche traités dans cette thèse s’intéressent au développement des approches sur base de modèle de détectionet d’isolation des défauts (FDI) et de commande tolérante aux défaillances (FTC), qui pourraientaugmenter d’une manière significative l’autonomie opérationnelle et fonctionnelle du chasseur pendant lerendez-vous et, d’une manière plus générale, d’un vaisseau spatial impliqué dans des missions située dansl’espace lointain. Dès lors que la redondance existe dans les capteurs et que les roues de réaction ne sontpas utilisées durant la phase de rendez-vous, le travail présenté dans cette thèse est orienté seulementvers les systèmes de propulsion par tuyères. Les défaillances examinées ont été définies conformément auxexigences de l’ESA et de TAS et suivant leurs expériences. Les approches FDI/FTC présentées s’appuientsur la redondance de capteurs, la redirection de contrôle et sur les méthodes de réallocation de contrôle,ainsi que le FDI hiérarchique, y compris les approches à base de signaux au niveau de capteurs, les approchesà base de modèle de détection/localisation de défauts de propulseur et la surveillance de sécuritéde trajectoire. Utilisant un simulateur industriel de haute-fidélité, les indices de performance et de fiabilitéFDI, qui ont été soigneusement choisis accompagnés des campagnes de simulation de robustesse/sensibilitéMonte Carlo, démontrent la viabilité des approches proposées