260 likes | 281 Views
Explore the challenges and opportunities in developing high confidence systems for personal mobility, with a focus on aviation safety, certification processes, and future trends. Identify gaps and solutions in design, development, testing, and integration. Discuss the potential of automation, UAV technologies, and advancements in control systems.
E N D
High Confidence Systems forPersonal Mobility Dr. Shankar Sastry, Department of EECS, Berkeley
Aviation Safety: A Military Perspective • Current status • High-cost FAA certification (RTCA Task Force IV Report) • Process- and test-based certification • Delayed commercialization of safety- and performance-enhancing technology • Consequence: Airspace restrictions for MAC CONUS operation • AF Safety Office collision data: • 41 aircraft lost due to air-to-air collisions since 1989 • 4 per year • $30-40M/aircraft, over $100M/year • Future of military aviation • Field operation with airborne, rather than ground-based, airspace management support • ATC-compliance required for joint, CONUS operations • High-density airspaces, variable configuration for urban operations • Need low-cost, but safety-critical (human transport) vehicles
V&V/Certification Evidence Design & Development Interoperability Trust Criticality Safety Security Risk Accountability Composition Allocation HW/SW Scalability Cost High Confidence Operation Coordination/Interaction Authority & Access Control Mode Confusion Overload Skill Ubiquity Complexity Fault/Intrusion Tolerance Fault/Failure Avoidance Autonomy Fault Detection Isolation & Recovery Mobility Assurance Technology and Integration Gap • “Over the wall designs” • V&V is post-development activity • Testing-centered V&V • “Black-box” methods predominate • Reliability concepts adapted from hardware “wear-out” models • Software reliability growth models lack ability to detect complex flaws • Unit testing methods do not scale for integration testing • Isolated, problem-specific design tools, lack support for integrated reasoning • Limited support: modeling, simulation, rigorous reasoning requires separate, redundant effort • Testing costs >50% of development for some systems (“test until the money runs out”)
Future Aviation Outlook • Tactical and transport • Challenges for emerging and future vehicles (increasing) • Complex system, operational modes; complex airspace • Harder-to-fly VTOL/STOL vehicles • Complex full-envelope training regimes • Adequacy of operator skill levels • Control designs for full range of environmental conditions • Trend-makers • Example: NASA Agate/SATS programs • Small, fast, quiet vehicles • Reduced airport infrastructure • Lighting, guidance equipment, small runway protection zones (STOL) • Citizen pilots • UAV technologies • Autonomous operations, RPV assist SKILL AUTOMATION
NASA/FAA Small Aircraft Transport System (Strawman) “Smart” Airports (Highway in the Sky Approaches; Airport databus; “Virtual” Terminal Procedures (TerPs); Synthetic tower/towerless-radarless operations) • Ultra- Propulsion (non-hydrocarbon and heat engine options; low-noise/emissions) • AutoFlight (Integrated Vehicle and Air Traffic Services automation; Control de-coupling; Ride Smoothing) • Airborne Internet (Satellite-based communications-navigation-surveillance for Ground-to-Sky Air Traffic Management functions in all airspace) • Simultaneous Non-Interfering (SNI) Approaches at Class B airports for Runway-Independent Aircraft • Affordable Manufacturing (Thermoplastics, aluminum, composites automation for integrated airframe systems design & manufacturing) • Wireless Cockpit (open standards for on-board systems and architecture; databus; through-the-window displays) • Cyber-tutor and InterNet-based training systems (embedded and on-board training and expert systems) • Extremely Slow Takeoff & Landing (Configuration Aerodynamics for slow & vertical flight; roadability)
Translate Ht(x)=…………... Hd (x)= Hk (x)= Hc (x)= Ascend Descend Ht(x)=…………... Hd (x)= Hk (x)= Hc (x)= Hover Ht(x)=…………... Hd (x)= Hk (x)= Hc (x)= Ht(x)= …... Hd (x)= Hk (x)= Hc (x)= KG Plant H(x) DARPA Research in UAV andSoftware Enabled Control (SEC) • Active state models • Exploit dynamic information, prediction • Coordinated multi-modal control • hybrid: discrete logic + continuous control • Supports coordinated system, subsystem operation logic • Active support for mode transition • On-line control customization • Reject extreme disturbances • Improve performance • Open Control Platform • Reusable middleware services • Systems software support for hybrid adaptive control Reaction + Prediction Weather, Failure System Dynamics Sensor Data
Berkeley BEAR Fleet: Ursa Magna2 (1999- ) Based on Yamaha R-50 industrial helicopter Camera GPS Antenna Wavelan Antenna Ultrasonic Height meter Integrated Nav/Comm Module Length: 3.5m Width:0.7m Height: 1.08m Dry Weight: 44 kg Payload: 20kg Engine Output: 12 hp Rotor Diameter: 3.070m Flight time: 60 min System operation time: 60 min Boeing DQI-NP on fluid mounting
Strategic Planner Discrete Event System control points conflict notification Tactical Planner Detector detect y_d replan Trajectory Generator flight modes tracking errors Regulation Control Law Continuous System Helicopter Platform sensory information Hierarchy of the UAVS Management System
10Hz 4±1Hz Nav Data to Vision computer @10Hz Ultrasonic sensors@4±1Hz Nav data Relative Altitude Control output at 50Hz Flight Status Boeing DQI-NP INS Update Command Yamaha Receiver (using HW INT & proxy) RX values RS-232 Shared Memory Radio link GPS Update NovAtel GPS RT-2 Navigation Software: DQI-NP-Based VCOMM ULREAD PERIODIC APERIODIC Processes running on QNX DQICONT PERIODIC 100Hz Ground Station DGPS measurement PRTK@ 5Hz PXY@1Hz DQIGPS PERIODIC ANYTIME Ground computer Win 98
The Legacy of Success in UAV Research at BErkeley AeRobotics • Pursuit-evasion games 2000- to date • Architecture for multi-level rotorcraft UAVs 1996- to date • Landing autonomously using vision on pitching decks 2001- to date • Multi-target tracking 2001- to date • Formation flying and formation change 2002, 2003 • Conflict resolution with model predictive control, 2003 • Airspace Management and personal aviation, 2004?
Mesh Stable Formation Flight 2 real + 7 virtual Record Set Nov. 2002
Vehicle Platform : Tankopter Aerobotic vehicles will need to have micro-maneuver capabilities .
Roadmap for full-scale experiments : Vehicle Platforms High-level control system development, High-resolution vision-based navigation platformHigh QoS wireless communication, formation flight testbed S-UAVs T-UAVs Aggressive/evasive maneuver, trajectory planning platform, dynamic-networking, multi-modal analysis OAVs Dynamic, low-resolution sensor network equipped with smart dust, time-critical problems MAVs
Potential Missions Deep Insertion: covert delivery of small numbers of personnel with equipment Deep Extraction: covert recovery of personnel with equipment Covert Supply: delivery of equipment and consumables to covert site Covert Fuel Delivery: delivery of fuel to covert site Covert Medivac: extraction of wounded personnel from covert site AFRL Personal Mobility Vehicle Con Ops No special pilot training: autonomous or highly automated guidance and control, must be easily programmable to various missions Modularity: easy configurability for various missions Scalability: single or multiple ship formations of various aircraft configurations Air Delivery: capability for launch from large transport aircraft Sea Launch: capability for launch from submarine Sea Delivery/Recovery: light aircraft carrier Military Application: Special Ops Air Vehicles
NASA/DARPA/FAA Opportunity NASA/FAA Small Aircraft Transportation System Military PMV Mission Requirements SAFE Semi-autonomous & autonomous multi-system flight Mixed airspace: UAV, UAV/human payload, manned In-weather flight Terrain masking Stealth operation Evasion & combat Unimproved landing sites Low vehicle cost Highly-automated Low training burden High speed GPS-based navigation STOL/VTOL Minimal airport infrastructure Quiet CONUS military aircraft flight Advanced collision avoidance technologies Special airspace management Reduced cost of certification
Software Needs for PMV • Platforms are coming along: pricing is an issue, but this will sort itself out if there is a way to certify the airworthiness of the platforms. • Cost of Airspace Automation and Partial Automation of Flight Management Systems is a key bottleneck • Key technologies include conflict detection and resolution (Sastry/Tomlin) , airspace network management (Tomlin), sofwalls for security (Lee), and fault tolerant operations (Speyer).
High Confidence Embedded Systems Trustworthiness and Evidence -- Issues • Design concerns • FDIR (failure detection, isolation, and recovery) and defensive mode reconfiguration • Isolation and. interference • Confidence-based resource management • Compositional design • Managing authority • Constructing a dependability case • Reliability measures vs. other evidence • Sources of confidence • Managing trust under software composition • Partial evidence • Context • Assumptions • Evidence management support
Assuring Mixed-Initiative Control • Formal operational-authority policy modeling & analysis technology -- Examples: • pilot/vehicle authority management • mixed piloted/ unmanned airspace • friendly/foe, controlled/uncontrolled encounter regimes • airspace ATC authority, terminal area ops • special ops, adverse condition constrained airspace regimes • Expected areas of IT innovation: • Extended joint transition behaviors for mixed initiative operation: enablement, forcing, blocking • Fast authorization, checking methods • Modularity management for aggregation & limitation of authority, operational regimes, airspace boundaries • Run-time authority management infrastructure
Certification Technology Assurance technology for automated/autonomous human-transport vehicles • Domain-specific verification technology • Timed system verification tools • Mixed-initiative protocol language/verification tools • Hybrid maneuver design & verification tools • FT, BIT, other qualification evidence & accountability models • Mixed verification & test technology • Assume-guarantee evidence management system • Trustworthiness* applied to embedded systems • Authority sufficiency, completeness, consistency (*Trust in Cyberspace - Schneider, et al, NRC/CSTB, 1998)
Opportunities for IT Leverage • Domain-specific development technology • Correct-by-construction techniques • Domain-specific assurance-bearing languages and code synthesis environments • Domain-specific (aviation, naval, communication, medical systems) verification and validation technology • Operational policy & protocol V&V tools • Scalable FTA, BIT, FMECA, HM, system-based qualification evidence & accountability models • Hybrid and timed system design verification tools • Software assurance and certification technology • Forensic software analysis tools (state-space search, counter-example discovery & explanation) • Software-analytic V&V, checking • Coordinated verification & test technology • Scalable evidence composition and management technology • Modular trust, accountability, criticality relations • Sufficiency, completeness, consistency checking
TechnologyVision:Assurance Technology for High Confidence Embedded Systems • Assurance support tightly integrated with design, development tools: • Single unified effort for construction and assurance • Support for modeling, abstraction, hierarchical analysis to reduce complexity • Domain-specific models for system/software construction, integration, analysis • Domain-specific languages and tool support for correctness checking • Correct-by-construction code generation • Interoperable design, analysis, & reasoning tools • Methods appropriate to task, problem • Design-time analysis • Run-time checking • Shift in balance of effort from testing-dominated to high confidence design-dominated process • Confidence case as by-product of construction