Contingency Software in Autonomous Systems

1. Contingency Software in Autonomous Systems NASA OSMA Software Assurance Symposium August 9-11, 2005 Robyn Lutz, JPL/Caltech & ISU Doron Tal, USRA at NASA Ames Ann Patterson-Hine, NASA Ames This research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, and at NASA Ames Research Center, under a contract with the National Aeronautics and Space Administration. The work was sponsored by the NASA Office of Safety and Mission Assurance under the Software Assurance Research Program led by the NASA Software IV&V Facility. This activity is managed locally at JPL through the Assurance and Technology Program Office SAS_05_Contingency_Lutz_Tal

2. Contingency Software in Autonomous Systems Problem • PROBLEM STATEMENT • Autonomous vehicles currently have a limited capacity to diagnose and mitigate failures. • We need to be able to handle a broader range of contingencies (anomalous situations). • GOALS • Speed up diagnosis and mitigation of anomalous situations. • Automatically handle contingencies, not just failures. • Enable projects to select a degree of autonomy consistent with their needs and to incrementally introduce more autonomy. • Augment on-board fault protection with verified contingency scripts SAS_05_Contingency_Lutz_Tal

3. Contingency Software in Autonomous Systems Approach • Identify* contingencies that risk mission-critical functions in Camera & Communication subsystems (*using S-FTA, S-FMECA, Obstacle Analysis) • Model contingencies & autonomous recovery actions using TEAMS* (*Testability And Engineering Maintenance System, QSI) • Analyze contingencies: TEAMS produces diagnostic tree of checks needed to detect & isolate contingency, identifies missing checks and recovery actions • Code contingencies’ diagnosis & recovery behavior in the project’s planner scripting language (auto-translation from TEAM’s XML output) • Verify contingencyscripts with hardware-in-loop simulation • Using the above steps, • Verify contingency plans used by NASA projects • Investigate issues in safely relinquishing control to autonomous controllers • Test results on autonomous helicopter in flight SAS_05_Contingency_Lutz_Tal

4. Contingency Software in Autonomous Systems Importance / Benefits • Contingency management is essential to the robustoperation of complex systems such as spacecraft and Unpiloted Aerial Vehicles (UAVs) • Automatic contingency handling allows a faster response to unsafe scenarios, with reduced human intervention • Results, applied to the Autonomous Rotorcraft Project and Mars Science Lab, pave the way to more resilient, adaptive autonomous systems SAS_05_Contingency_Lutz_Tal

5. Contingency Software in Autonomous Systems Relevance to NASA • Improved contingency handling needed to safely relinquish control of unpiloted vehicles to autonomous controllers • More autonomous contingency handling needed to support extended mission operations SAS_05_Contingency_Lutz_Tal

6. Contingency Software in Autonomous Systems Accomplishments • Identified & modeled software contingencies • for laser/stereo ranging system, using ARP as the • model platform and the TEAMS tool. • Auto-generated diagnostic tree with TEAMS • for automated contingency script execution • onboard the aircraft by project. • Defined and published a repeatable • process for contingency analysis. • Modeled MSL-relevant Critical • Pointing contingencies and • auto-generated diagnostic tree. SAS_05_Contingency_Lutz_Tal

7. Contingency Software in Autonomous Systems Next Steps • Autonomous Rotorcraft Project: Continue working with team to expand and evaluate contingencies for imaging and ranging systems • Mars Science Lab: Update and enhance model for spacecraft pointing contingencies with domain expertise from software development team • Infusion across NASA: Document process for technology transfer to other projects SAS_05_Contingency_Lutz_Tal