1 / 20

On-board Timeline Validation and Repair: A Feasibility Study

On-board Timeline Validation and Repair: A Feasibility Study. Maria Fox, Derek Long University of Strathclyde, Glasgow, UK Les Baldwin, Graham Wilson, Mark Woods SciSys Ltd, UK Davide Jameux ESA, Netherlands Ruth Aylett Heriot-Watt University, Edinburgh, UK. Background.

zeno
Download Presentation

On-board Timeline Validation and Repair: A Feasibility Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On-board Timeline Validation and Repair: A Feasibility Study Maria Fox, Derek Long University of Strathclyde, Glasgow, UK Les Baldwin, Graham Wilson, Mark Woods SciSys Ltd, UK Davide Jameux ESA, Netherlands Ruth Aylett Heriot-Watt University, Edinburgh, UK

  2. Background • MMOPS: Mars-Mission On-board Planner and Scheduler • ESA funded project to develop a demonstrator • Show potential on-board capabilities for autonomous plan repair using Beagle 2 on-board software

  3. Context • Scientists identify objectives and propose activities • Priorities set by lead scientist(s) • Constraints generally implicit (eg ordering and dependencies between activities) • Lander Operations personnel construct a plan (timeline), integrating proposed science activities and lander-oriented activities over predetermined interval • Plan downlinked to lander; lander attempts execution • Plan might execute successfully • Plan might fail during execution and lander enter safe mode • Results uplinked for return to ground staff and analysis

  4. Typical Operations Sequence

  5. Sequence with failure

  6. OBCP Event Action Priority/Constraint Based t TVCR Planner On-board Autonomy Pre-Planned Pre-Planned t Adaptive t Opportunities Priorities & Constraints Goal Orientated Goals t

  7. Target Problems • Isolation of plan failure • Protect the remainder of the plan • Over-subscription • Reduce planned activity to avoid use of over-subscribed resources • Under-subscription • Attempt to exploit potential opportunities to make use of under-subscribed resources

  8. On-board software ConTool TVCR Ground-based and On-board Partnership Timeline Construction: Primary timeline Opportunity fragments Standard timeline downlink Packaged date On-board Operations Ground Operations

  9. Using CONTOOL • Timeline constructed, but now annotated: constraints made explicit • Additional timeline fragments are then added: opportunities • Further constraints are added: • Ordering constraints between opportunities themselves and between opportunities and fragments in the main timeline • Dependencies • Mutual exclusions (pairs of fragments which should not both be executed) • Priorities • Ordering between activities or connected elements of a timeline (fragments) • Dependencies between activities or fragments (eg the rock surface should only be ground if the microscope successfully imaged it beforehand)

  10. Opportunities: Features • Opportunities are designed as consistent self-contained timeline fragments • Fragments generally represent subplans needed for future operations • Often generic fragments capturing an experimental process consisting of multiple activities, so reusable • Opportunities are designed on the ground, by operations personnel • Constraints make explicit relationships required of lander operations by both scientists and operations personnel

  11. Exploiting Opportunities • If an activity fails during execution, a new fragment can be executed – an opportunity • Failed fragments are removed from the plan, together with fragments that depend on them • Opportunities are selected: • to respect the existing resource constraints within the current timeline • according to priority and according to the constraints between them and with main plan fragments • Execution of the main plan remains highest priority • Opportunities are only selected from those identified and constructed by operations personnel Timeline validated Broken elements removed Opportunity considered Constraints checked Flaw identified Opportunity inserted

  12. Operations with TVCR

  13. On-board: TVCR • TVCR: Timeline Validation, Control and Repair • a module invoked by on-board software • Requirements of TVCR: • The timeline, fragments and constraints constructed on the ground • A model of the activities • Preconditions for execution; effects on execution • Built once – unlikely to change • A view of the current state • At level of abstraction used by activity models • Built on-board using diagnosis of sensor signals

  14. TVCR On-board Control Software Lander Hardware Systems TVCR Architecture Primed with activity models Timeline Opportunities Constraints On-board Software Sensed state

  15. TVCR: Behaviours • On validate request: • Validate newly entered timeline from the current state • Report anticipated failures and causes • On control request: • Validate current remaining fragment of timeline from current state • On repair request: • If the current timeline is predicted to fail and there is time to react before the next action, construct a new timeline • Remove broken fragments • Insert opportunities

  16. Taking Opportunities • When opportunities can be added to a timeline, choices often exist: • Which opportunities to add • Where to add them • Use a bounded search • Not a full search: save space and time and ensure bounded termination • Not guaranteed to find optimal repairs in terms of opportunities added • Greedy approach to opportunity insertion • Fallback position: execute the fragments of the original main plan that are still valid (repairs to link activities where fragments removed)

  17. Example Test Case • A timeline is planned including two Mössbauer experiments • During the first experiment, the Mössbauer signals a failure… • Repair removes second Mössbauer experiment and related activities • Opportunities are considered in priority order and one is identified as a candidate for insertion • The opportunity selected is an environmental sensor suite experiment • The timeline is repaired by the addition of the opportunity and connecting activities • New downlink schedule is recorded

  18. Example Repair • Failed fragment removed from timeline • Benefits • After first failure, timeline continues execution • Subsequent expected failure anticipated by TVCR and isolated • Timeline executes successfully to conclusion • Science data is collected during execution of parts of this timeline that would otherwise be aborted

  19. Example Repair • Broken fragment removed and opportunity fragment added • Benefits: • Timeline successfully executes to completion • Broken fragments do not cause timeline to abort • Broken fragment removed and replaced with valid opportunity fragment • Resources are utilised and science data gathered • Downlink schedule modified to allow for new data log

  20. Conclusions • Successful demonstration of a level of autonomy that lies between reactive responses and full on-board planning • Demonstrable benefits for science gathering • Conservative approach reduces risks and makes it more attractive to operations personnel

More Related