2008
An Architectural Pattern for Goal-Based Control
ABSTRACT -
Time-based command sequencing is the time-honored paradigm for control of spacecraft and rovers in NASA's robotic missions, but the paradigm has been increasingly strained to accommodate today's missions. Goal-based control is a new paradigm that supports time-driven and event-driven operation in a more natural way and permits a melding of sequencing and fault protection into a single control paradigm. This paper describes goal-based control as an architectural pattern in terms of intent, motivation, applicability, structure, and consequences. This paper is intended to help flight and ground software engineers understand the new paradigm and how it compares to time-based sequencing.
IEEE Aerospace Conference.
Big Sky, MT.
March
Goal-Based Operations of an Antenna Array for Deep Space Communication
ABSTRACT -
NASA is currently evaluating the benefits of transitioning to a highly reconfigurable network of arrayed disk antennas to support an increasing number of deep space missions. The next-generation Deep Space Network (NG-DSN), as currently conceptualized, would require extensive automation to reduce operations cost and handle the increased complexity associated with monitoring and controlling the larger number of antennas. This paper presents a prototype operations architecture for the proposed NG-DSN that is fundamentally based on three concepts: physical state variables of the system to be controlled. expressions of operational intent for those state variables ("goals"), and models describing the benavior of these state variables and their interactions. These concepts shape the software design of an automated control system, the model-based systems engineering analysis that feeds the design, and the human operator interface to the control system. This control system provides for automation of capabilities such as resource allocation and fault recovery (both localized and system-wide). This paper describes the development and demonstration of the control system on prototype antenna array hardware at the Jet Propulsion Laboratory.
iSAIRAS.
Los Angeles, CA.
Feb
Comparison of Goal-Based Operations and Command Sequencing
ABSTRACT -
In robotic space missions the purpose of any operations paradigm is to achieve specific objectives while protecting the health of the space vehicle(s). Unfortunately, in the dominant paradigm of command sequencing, the representation of such objectives, health constraints and other dependencies is left behind in the ground-based activity planning process and never carried into uplinked products where it can support context-specific status monitoring, resource allocation, fault protection, and general automation on the spacecraft. In contrast, in the paradigm of goal-based operations, operational objectives are ever-present, from the beginning of activity planning all the way to execution on a space vehicle. This paper examines the change in operations perspective from command sequencing to goal-based operations, with particular emphasis on the uplinked product—termed a goal network—and the design of goal elaborators needed to generate it.
SpaceOps.
Heidelberg, Germany.
May
Application of a Safety-Driven Design Methodology to an Outer Planet Exploration Mission
ABSTRACT -
Traditional requirements specification and hazard analysis techniques have not kept pace with the increasing complexity and constraints of modern space systems development. These techniques are incomplete and often consider safety late in the development cycle when the most significant design decisions have already been made. The lack of an integrated approach to perform safety-driven system development from the beginning of the system lifecycle hinders the ability to create safe space systems on time and within budget. To address this need, the authors have created an integrated methodology for safety-driven system development that combines four state-of-the-art techniques: 1) Intent Specification, a framework for organizing system developmen and operational information in a hierarchical structure; 2) the STAMP model of accident causation, a system-theoretic framework upon which to base more powerful safety engineering techniques; 3) STAMP-based Hazard Analysis (STPA); and 4) State Analysis, a model-based systems engineering approach. The iterative approach specified in the methodology employs State Analysis in modeling of system behavior. STPA is used to identify system hazards and the constraints that must be enforced to mitigate these hazards. Finally, Intent Specification is used to document traceability of behavioral requirements and subject them to formal analysis using the SpecTRM-RL software package. In this paper, the application of this methodology is demonstrated through the specification of a spacecraft high-gain antenna pointing mechanism for a hypothetical outer planet exploration mission.
IEEE Aerospace Conference.
Big Sky, MT.
March
GN&C Fault Protection Fundamentals
ABSTRACT -
Addressing fault tolerance for spacecraft Guidance, Navigation, and Control has never been easy. Even under normal conditions, these systems confront a remarkable blend of complex issues across many disciplines, with primary implications for most essential system functions. Moreover, GN&C must deal with the peculiarities of spacecraft configurations, disturbances, environment, and other physical mission-unique constraints that are seldom under its full control, all while promising consistently high performance.
Adding faults in all their insidious variety to this already intricate mix creates a truly daunting challenge. Appropriate tactical recovery must be ensured without compromise to mission or spacecraft integrity, even during energetic activities or under imminent critical deadlines. If that were not enough, the consequences of a seemingly prudent move can have profoundly negative long-term consequences, if chosen unwisely, so there is often a major strategic component to GN&C fault tolerance, as well. Therefore, it is not surprising that fault protection for GN&C has an enduring reputation as one of the more complex and troublesome aspects of spacecraft design is one that will only be compounded by the escalating ambitions of impending space missions.
Despite these difficulties, experience has suggested methods of attack that promise good results when followed consistently and implemented rigorously. Upon close scrutiny, it is strikingly clear that these methods have roots in the same fundamental concepts and prin
ciples that have successfully guided normal GN&C development. Yet it is disappointing to note that the actual manifestation of these ideas in deployed systems is rarely transparent. The cost of this obfuscation has been unwarranted growth in complexity, poorly understood behavior, incomplete coverage, brittle design, and loss of confidence.
The objective of this paper is to shed some light on the fundamentals of fault tolerant design for GN&C. The common heritage of ideas behind both faulted and normal operation is explored, as is the increasingly indistinct line between these realms in complex missions. Techniques in common practice are then evaluated in this light to suggest a better direction for future efforts.
American Astronautical Society 31st Annual AAS Guidance and Control Conference.
Breckenridge, CO.
Feb
Publications
By Year
By Author
Copyright Notice
This material is provided for your personal use only and may not be retransmitted or redistributed without permission in writing from the paper's publisher and/or author.
You may not upload this material to any public server, on-line service, network, or bulletin board without prior written permission from the publisher and/or author. You may not make copies for any commercial purpose.
This material is not public domain. Reproduction or storage of materials retrieved from this web site are subject to the U.S. Copyright Act of 1976, Title 17 U.S.C.
