MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Aero/Astro Open House MERS Research Group Model-based Embedded and Robotic Systems Group Space Systems Laboratory Massachusetts Institute of Technology Friday, March 21, 2003

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Motivation Apollo 13 quintuple fault Mars Polar Lander failed due to a faulty sensor. Autonomous systems handle Faults Anomalies Communication Commanding Europa Probe Distant Explorers Mercury Orbiter Cooperative Exploration Mars Outpost Earth Imager

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Model-based Programming Paradigm Mars ‘98 Polar Lander Goal: provide an embedded language that operates on system state and reasons from commonsense models Leading Hypothesis: Legs deploy during descent. Noise spike on leg sensors latched by s/w monitors. Laser altimeter registers 50m. Begins polling leg monitors to determine touchdown. Latched noise spike read as touchdown. Engine shutdown at ~50m. Lander impacts planetary surface at high velocity. Spacecraft are highly complex systems, with significant interaction at the subsystem level Spacecraft encounter harsh, uncertain environments. Robustness in such systems requires: high-reliability software; fault protection built into the control sequence; highly reactive sense-decide-act loop. Using traditional embedded software approach, difficult to anticipate such low-level subsystem interaction and explicitly encode responses to each possible fault.

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Robust Systems Should be “Fully State Aware” Embedded programs interact with the system’s sensors/actuators: Read sensors Set actuators Model-based programs interact with the system’s state: Read state Set state Embedded Program S Plant Obs Cntrl Programmer must map between state and sensors/actuators. M-B Executive maps between states and sensors/actuators. Model-based Embedded Program S Plant S’ Model-based Executive ObsCntrl

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Diagnose and Reconfigur e Compiled Goal Interpreter Reactive Planner Diagnose and Reconfigur e Compiled Goal Interpreter Reactive Planner c e e dd _ d Titan Model-based ExecutiveClosedValveOpen Stuckopen Stuckclosed OpenClose inflow = outflow = 0 B (t) B (t+1) S 1 (t) S 2 (t) S n (t) S 1 (t+1) S 2 (t+1) S m (t+1) ……  RMPLModel-based Executive Sequencer Control Program System Model Configuration goals State estimates CommandsObservations Flight System Control RT Control Layer Mode Estimation Mode Reconfiguration Control Model Mode Estimation Compiled ME Hybrid ME Distributed ME Plant

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House M-B Programming Example: Orbital Insertion Scenario EngineAEngineB Science Camera EngineAEngineB Science Camera must fire one of the two engines set both engines to ‘standby’ prior to firing engine, camera must be turned off to avoid plume contamination in case of primary engine failure, fire backup engine instead Standby Engine Model Off off-cmd standby-cmd 0.01 (thrust = full) AND (power_in = nominal) Firing 0.01 standby-cmd fire-cmd (thrust = zero) AND (power_in = zero) (thrust = zero) AND (power_in = nominal) 0.01 Failed On Camera Model Off turnoff-cmd turnon-cmd (power_in = zero) AND (shutter = closed) (power_in = nominal) AND (shutter = open) Systems engineers think in terms of state trajectories:

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House M-B Programming Example: Orbital Insertion Scenario once primary engine is in standby and camera is off, proceed to fire engine (preempt this operation if engine is ever found to be in a faulty state) Model-based Programming provides a way to encode the prescribed state trajectory into a control program: assert and check states which may be “hidden”, rather than operating directly on observable or control variables allow for embedded management of fault states RMPL code for OrbitInsert control program: (do-watching ((EngineA = Firing) OR (EngineB = Firing)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Firing))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Firing)))) goal is to fire one of the two engines; terminate when accomplished concurrently sets both engines to ‘standby’, and turns off camera to avoid plume contamination in case of primary engine failure, fire backup engine instead

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House S3S3 S2S2 S1S1 Mode Estimation Example Configuration Goal: Engine A = Firing Possible Diagnoses Observation: Thrust = 0 Engine A

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Mars Entry, Descent & Landing Hybrid Model-based Programming: Motivation  Tight coupling of attitude/position control and spacecraft configuration control  Mars ‘98 mission failure demonstrates need for improved robustness in this type of “critical sequence”  To achieve this level of robustness, need to track and control both discrete and continuous spacecraft states (“hybrid” system) chute deploys when velocity drops to 493 m/s lander separates when entry attitude is achieved legs deploy 10 secs after heatshield is jettisoned chute jettisoned at 1300m, lander performs controlled gravity turn maneuver

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Hybrid Mode Estimation – Gesture Recognition Stereo vision system –Tracks head and hand motion of human associate Hybrid model of human associate supports Robonaut’s recognition of human gestures –Gestures of interest include pointing to a tool, holding hand up to indicate stop, “come closer” gestures, etc. Continuous dynamics model of human arm includes inertial and damping terms HMM model takes output of stereo vision system as observation –Transitions between motion control point states Robonaut – EVA astronaut’s assistant Humanoid design requires no specialized robotic tools Controlled by tele-operator, but autonomous modes under development

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House RMPLModel-based Executive Sequencer Control Program System Model Configuration goals State estimates CommandsObservations Flight System Control RT Control Layer Mode Estimation Mode Reconfiguration Mode Reconfiguration INPUT Configuration Goal –Trust = on Current State –Tank = full –Pressure = nominal –Driver = off –Valve = closed –Thruster = off Goal Interpreter Reactive Planner Configuration goals Goal State Command Current State OUPUT Command –Turn driver on

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Goal Interpreter INPUT Current State –Tank = full –Pressure = nominal –Driver = off –Valve = closed –Thruster = off Configuration Goal –Trust = on OUPUT Goal State –Tank = full –Pressure = nominal –Driver = off –Valve = on –Thruster = on Goal Interpreter Configuration goals Goal State Current State Generate optimal goal state that achieves the Configuration Goal! Goal InterpreterCompiled Goal Interpreter Partial Goal Interpretation Best-first Kernel Goal State Generator Minimize online deduction by generating all partial goal interpretation offline! Online: Goal State Goal Configuration

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Example: The model-based program sets the state to thrusting, and the deductive controller.... Determines that valves on the backup engine will achieve thrust, and plans needed actions. Deduces that a valve failed - stuck closed Plans actions to open six valves Fuel tank Oxidizer tank Deduces that thrust is off, and the engine is healthy

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Reactive Planner Goal State Command Current State INPUT Current State –Tank = full –Pressure = nominal –Driver = off –Valve = closed –Thruster = off Goal State –Tank = full –Pressure = nominal –Driver = off –Valve = on –Thruster = on fail Goal fail driver = on cmd = open idle driver = on cmd = close Current Open Closed Stuck Open Closed Goal cmd = onidle cmd = off Current On Off Resettable On Off cmd = resetcmd = off ValveDriver OUPUT Command –Turn driver on Reconfiguration Order 1.Tank = full 2.Pressure = nominal 3.Valve = on 4.Thruster = on 5.Driver = off Planner guarantees to: Only generate non-destructive actions Never propose actions that lead to dead-end plans Ensure progress toward the goal Operate at reactive time scale

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Divide and Conquer Plant Structure (cyclic) Tree Decomposition (acyclic) Structural Decomposition Compile model structure into equivalent tree structure Effort depends on structural properties (graph width) Reasoning on equivalent tree structure is very efficient (highly parallelizable) => Distributed Algorithm Precompilation

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Planning through Divide-and-Conquer Bus Control Computer Generate a plan for each grouped components. Execute each plan one at a time to achieve the goal Antenna Amplifier Transmitter Antenna Amplifier Transmitter comp = on bus = on cmd T = on Goal comp = on bus = on cmd T = on comp = on bus = on cmd A = on idle comp = on bus = on cmd A = off Current On T, On A On T, Off A Off T, Off A On T, On A On T, Off A idle bus = on cmd T = off comp = on bus = on cmd A = off Off T, Off A fail Off T, On A comp = on bus = on cmd A = off comp = on bus = on cmd A = off comp = on bus = on cmd A = off idle Off T, On A Goal comp = on cmd = on idle comp = on cmd = off Current On Off On Off

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House MIT-NASA Ames Mars ’03 Simulation Center Simulate Mission Objective of Mars ’03 –Use NASA’s MERBoard to visualize the environment and control the rovers. –Demonstrate the ability to achieve mission autonomously Analyze this rock!

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Future Missions Courtesy JPL MER 2003 Mars 2007 SPHERES

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House New Slides

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Plant Model Implementation

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Next Generation RMPL Tentatively called ROOMPL, for “Reactive, Object-Oriented Model-based Programming Language”. Language Design Goals Surface / Syntax –consistent, across plant and control specifications. –analyzable, for static (i.e. pre-runtime) correctness. Below the Surface –extensible – amenable to language experimentation by non-programming language experts. Long Term –apply to general purpose programming domains. –dynamic, reflective.

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Plant Models instances of “primitive classes” are CCA’s (MPL components) ROOMPLMPL primitive classescomponents primitive fieldsobservable variables methodscontrol variables referencesdependent variables

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Example: Engine models

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Control Programs Instances of non-primitive classes are HCA’s Classes still have modes Goals established with try blocks Preemption at block level with watch (similar to RMPL when )

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Implementation Notes Implementing language in OCAML –has a bunch of language hacking tools. Initially, will generate MOF. Later, will use C interface to talk to current executive components.

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Old Slides

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Compiled Mode Estimation Dissents represent same model in a smaller theory. Off-line Operations (Press1 = nom)  G(S)  SH(S)  U(S) (Thrust = on)  O(V)  U(V).... Model Compilation On-line Operations G(S)U(S) SL(S) U(S)U(V) C(V) SL(S)B(C)U(C)SH(S) Partial Diagnosis Trigger Most Likely Diagnosis: Sensor = Stuck Low Valve = Closed Catalyst Bed = Good

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House RMPLModel-based Executive Sequencer Control Program System Model Configuration goals State estimates CommandsObservations Flight System Control RT Control Layer Mode Estimation Mode Reconfiguration Mode Estimation Mode estimation relies on: –Commands –Observations –System Model Encoded as propositional logic with probabilistic transitions to determine the most likely state of the system. OPSAT

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Mode Reconfiguration (GI)

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Hybrid Model-based Programming: Approach extend M-B Programming to include: –assertion of discrete & continuous states –conditional branching on discrete states, continuous states & time requires integration of engines for discrete state reconfiguration, and continuous control (e.g. spacecraft attitude control system) need both discrete & continuous state estimation capability S Plant Obs Cntrl Model-based Control Programs Model-based Executive S’ Plant Model cont. & discrete state estimates Hybrid Mode Estimation hardware config goals Discrete Controller Continuous Controller attitude & position goals Hybrid Model-based Executive

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Hybrid Mode Estimation failures can manifest themselves through coupling between a system’s continuous dynamics and its evolution through different behavior modes  must track over continuous state changes and discrete mode changes symptoms initially on the same scale as sensor/actuator noise  need to extract mode estimates from subtle symptoms m1m1m1m1  21  12  23  13 m3m3m3m3 m2m2m2m2  22  11  33 Hidden Markov Models Continuous Dynamics Hybrid Model old estimate : X k-1 ={m i,x k-1 } X + k-1 ={m j,x k-1 } new estimate: X k ={m j,x k } Hybrid Mode Estimation tracks a set of trajectories Kalman Filter Bank y c (k) u c (k-1) Mode Estimation x ci (k) P i (k) ^ kk XkXk ^

MIT Dept of Aeronautics and Astronautics March 21, 2003 Graduate Open House Plant Model Implementation Physical plant modeled as Timed Concurrent Constraint Automata: variant of factored POSMDP (time continuous, but observations and decisions at discrete points) constraints guarded & timed probabilistic transitions nominal modes fault modes p  (t) t P  = 99.9% modal rewards