Safety Verification of Fault Tolerant Goal-based Control Programs with Estimation Uncertainty

Fault tolerance and safety verification of control systems that have state variable estimation uncertainty are essential for the success of autonomous robotic systems. A software control architecture called mission data system, developed at the Jet Propulsion Laboratory, uses goal networks as the control program for autonomous systems. Certain types of goal networks can be converted into linear hybrid systems and verified for safety using existing symbolic model checking software. A process for calculating the probability of failure of certain classes of verifiable goal networks due to state estimation uncertainty is presented. A verifiable example task is presented and the failure probability of the control program based on estimation uncertainty is found

Safety verification of a fault tolerant reconfigurable autonomous goal-based robotic control system

Fault tolerance and safety verification of control systems are essential for the success of autonomous robotic systems. A control architecture called Mission Data System (MDS), developed at the Jet Propulsion Laboratory, takes a goal-based control approach. In this paper, a method for converting goal network control programs into linear hybrid systems is developed. The linear hybrid system can then be verified for safety in the presence of failures using existing symbolic model checkers. An example task is simulated in MDS and successfully verified using HyTech, a symbolic model checking software for linear hybrid systems

Energy Management of the Multi-Mission Space Exploration Vehicle Using a Goal-Oriented Control System

Safe human exploration in space missions requires careful management of limited resources such as breathable air and stored electrical energy. Daily activities for astronauts must be carefully planned with respect to such resources, and usage must be monitored as activities proceed to ensure that they can be completed while maintaining safe resource margins. Such planning and monitoring can be complex because they depend on models of resource usage, the activities being planned, and uncertainties. This paper describes a system - and the technology behind it - for energy management of the NASA-Johnson Space Center's Multi-Mission Space Exploration Vehicles (SEV), that provides, in an onboard advisory mode, situational awareness to astronauts and real-time guidance to mission operators. This new capability was evaluated during this year's Desert RATS (Research and Technology Studies) planetary exploration analog test in Arizona. This software aided ground operators and crew members in modifying the day s activities based on the real-time execution of the plan and on energy data received from the rovers

Bisimulation conversion and verification procedure for goal-based control systems

Fault tolerance and safety verification of control systems are essential for the success of autonomous robotic systems. A control architecture called Mission Data System (MDS), developed at the Jet Propulsion Laboratory, addresses these needs with a goal-based control approach. In this paper, a software algorithm for converting goal network control systems into linear hybrid systems is described. The conversion process is a bisimulation; the resulting linear hybrid system can be verified for safety in the presence of failures using existing symbolic model checkers, and thus the original goal network is verified. A moderately complex example goal network control system is converted to a linear hybrid system using the automatic conversion software that is based on the bisimulation and then is verified

Control Program Verification for a Sample Titan Aerobot Mission

Fault tolerance and safety verification of control systems are essential for the success of autonomous robotic systems. A control architecture called Mission Data System (MDS), developed at the Jet Propulsion Laboratory, takes a goal-based control approach. A software algorithm for converting goal network control programs into linear hybrid systems exists and is a bisimulation; the resulting linear hybrid system can be verified for safety in the presence of failures using existing symbolic model checkers, and thus the original goal network is verified. A substantial example control program based on a proposed mission to Titan, a moon of Saturn, is converted using the procedures discussed

Verification Procedure for Generalized Goal-based Control Programs

Safety verification of fault-tolerant control systems is essential for the success of autonomous robotic systems. A control architecture called Mission Data System, developed at the Jet Propulsion Laboratory, takes a goal-based control approach. In this paper, the development of a method for converting a goal network control program into a hybrid system is given and a process for converting logic associated with the goal network into transition conditions for the hybrid automata is developed. The resulting hybrid system can then be verified for safety in the presence or failures using existing symbolic model checkers. An example task and goal network is designed, converted to hybrid automata, and verified using symbolic model checking software for hybrid systems