What Are Strategic Issues

Document Sample
What Are Strategic Issues Powered By Docstoc
					    New GDS Architectures
Including Goal-Based Operations


                    Co-Chairs:
        Dan Dvorak, JPL / Caltech
         Dan Mandl, NASA / GSFC




            QMSW 2006: Goal-Based Operations   1
          What is this session all about?


This session will …

• overview the concept of goal-based operations

• compare & contrast it to command sequencing

• examine mission software affected by the paradigm

• examine software infrastructure and environment that
  facilitates communication and interoperation within
  and among goal-driven systems



                      QMSW 2006: Goal-Based Operations   2
        Why is this topic important to NASA?

Goal-based operations can …

• Reduce operational complexity and human error
   – Too many states for an operator to keep track of
   – Allow operators to focus on big picture

• Make more effective use of expensive assets
   – Missions no longer satisfied with “run to safe-mode”
   – Proceed in presence of intermittent communications

• Operate multiple, diverse assets as a system

• Simplify human-robotic interaction


                           QMSW 2006: Goal-Based Operations   3
     Session Deliverables / Proposed Results

• Shared definition of „goal‟ and goal-driven operation

• Benefits of goal-driven operation over command
  sequencing

• Identification of affected flight and ground software
  elements

• Software architecture ideas for supporting goal-driven
  operation on flight and ground

• How goal-based software facilitates verification



                         QMSW 2006: Goal-Based Operations   4
Goal-Based Operation

Overview and Motivations


         Richard Morris
          JPL / Caltech
  Planning & Execution Systems




        QMSW 2006: Goal-Based Operations   5
                 What is Goal-Based Operation?
A “goal” is an explicit expression of operator or customer intent
• Specify what to accomplish, not how to accomplish it
• Express intent in an explicitly verifiable form
• Carry expression of intent into the uplink products
• Allow system to select among alternatives to achieve goals
• Intent includes not only activity objectives but also
   flight rules and other operational constraints
                                                             “Be at x,y”. OK.
                                                             Let me choose
                                                             how to achieve
                                                                  that.
       I want
      rover N
        to be
        at x,y




                          QMSW 2006: Goal-Based Operations                      6
                     Why Should You Care?
Flexibility, reliability, and robustness
•   Systems have a much better chance of …
     – preserving planned functionality, because they know
       what was intended by the original plan
     – responding to opportunities, because they can quickly
       implement intent according to local conditions
•   Checking plans becomes more rigorous and complete
•   Execution directly monitors results, enabling local fault responses
Operability
•   Enables more concurrent, iterative operations planning
Inspectability
•   More readable and verifiable than sequences, sequence generators,
    and rule bases
Automation
•   Goals are amenable to automated reasoning using domain models
•   Easier to encode domain models than rules
                               QMSW 2006: Goal-Based Operations           7
               Why Do We Need Standards?
Interoperability and reusability
• Goals enable an interoperability standard for control
• Same high-level goals can be used by diverse elements of a system
• Hierarchical nature of goals makes them more reusable

                                                          “Be at x,y”.
                                                          OK. Let me
                                                        choose how to
                                                         achieve that.




      I want Rover N
        to be at x,y
        and Rover M
        to be at x,w




                                                                          “Be at x,w”.
                                                                           OK. Let me
                                                                         choose how to
                                                                          achieve that.

                          QMSW 2006: Goal-Based Operations                                8
 Goals: Some Defining Characteristics (1 of 2)

• A goal specifies an objective to be accomplished
  (operator or customer intent)
   – A goal specifies a desired state, not the commands necessary to
     achieve it
   – It leaves options for a control system in how to achieve the goal
     based on local knowledge
   – It is explicit, compact, and inspectable
   – The activity to achieve the objective plays out over time


• A goal can be low-level or high-level
   – “switch 12 is closed from 2pm to 3pm”
   – "camera boresight is pointed within 1 milliradian of Polaris from
     2pm to 3pm"


                            QMSW 2006: Goal-Based Operations             9
 Goals: Some Defining Characteristics (2 of 2)

• During execution a goal either succeeds or fails
  (principle of cognizant failure)
   – Execution is monitored
   – Nominal execution and fault reactions both use goals
   – Facilitates verification (self-checking)
   – Goals imply closed-loop control


• Multiple goals can be coordinated to achieve complex objectives
   – Hierarchical expansion (a goal can have subgoals)
   – Ordering and timing dependencies


• Conflicts among goals can be detected and avoided during
  scheduling

                          QMSW 2006: Goal-Based Operations          10
            Motivations for Goal-Based Operation
•   Reduce operations costs                                       •      Integrated fault protection
     – Easier to specify what to do                                        – Goal-based control architecture enables
        than how to do it                                                      integral fault protection
     – Plans are more compact and inspectable                              – Avoids awkward, hard-to-engineer
     – Detailed steps generated automatically                                  relationship between sequencer and fault
                                                                               protection
•   Reduce human error
     – Systems are too complex for operators to                   •      More robust systems
        know, in all cases, how to transition from                        – In situ decision-making enables quick
        state A to state B                                                    reaction to events
                                                                          – System can react to hazards and faults
•   More effective use of operators
     – Automation frees operators to focus more                   •      System design simplification
         on the big picture (what humans do best)                         – Goals can represent several forms of intent:
                                                                              activities to be achieved, flight rules, events
•   More effective use of assets                                              to pursue opportunistically
     – Onboard closed-loop control enables full
         use of capabilities in the face of intermittent          •      Verification & Validation
         communications and long light time delays                        – Goal-based execution is inherently self-
     – Detect short-lived science events                                       checking
     – Military reconnaissance events
                                                                  •      Leverage increased computing power on flight
•   Operation of diverse elements                                        systems
     – Goals provide a lingua franca for operation
         of system elements from multiple suppliers



                                            QMSW 2006: Goal-Based Operations                                                11
                               Current State of the Practice


     Activity
                                                             Time-tagged nominal command sequences,
    Planning                                                 mixture of open- and closed-loop commands
         Sequence                                                              GS,SITURN,490UA,BOTH,96-355/03:42:00.000;
         Generation
                                                                CMD,7GYON,    490UA412A4A,BOTH,      96-355/03:47:00:000,   ON;
                Etc.*                                           CMD,7MODE,    490UA412A4B,BOTH,      96-355/03:47:02:000,   INT;
                 Etc.*
                Etc.*                                           CMD,6SVPM,    490UA412A6A,BOTH,      96-355/03:48:30:000,   2;
                                                                CMD,7ALRT,    490UA412A4C,BOTH,      96-355/03:50:32:000,   6;
                                                                CMD,7SAFE,    490UA412A4D,BOTH,      96-355/03:52:00:000,   UNSTOW;
                                                                CMD,6ASSAN,   490UA412A6B,BOTH,      96-355/03:56:08:000,   GV,153,IMM,231,
                * SAP, MAPGEN,
                                                                                                                            GV,153;
Ground            RSVP, SEQGEN, etc.
                                                                CMD,7VECT,    490UA412A4E,BOTH,      96-355/03:56:10.000,   0,191.5,6.5,
Flight                                                                                                                      0.0,0.0,0.0,
                                                                                                                            96-350/
                                                                                                                            00:00:00.000,MVR;
         Sequence                                               SEB,SCTEST,   490UA412A23A,BOTH,     96-355/03:56:12.000,   SYS1,NPERR;
           Mgnt                                                 CMD,7TURN,    490UA412A4F,BOTH,      96-355/03:56:14.000,   1,MVR;
                                                                MISC,NOTE,    490UA412A99A,,         96-355/04:00:00.000,   ,START OF TURN;,
                                                                CMD,7STAR,    490UA412A406A4A,BOTH   96-355/04:00:02.000,   7,1701,
                                                                                                                            278.813999,38.74;
                                                                CMD,7STAR,    490UA412A406A4B,BOTH, 96-355/04:00:04.000,    8,350,120.455999,
                                                                                                                            -39.8612;
         Sequence                        Fault
                                          Fault                 CMD,7STAR,    490UA412A406A4C,BOTH, 96-355/04:00:06.000,    9,875,114.162,
                                          Fault                                                                             5.341;
         Execution                          Fault
                                       Protection
                                       Protection               CMD,7STAR,    490UA412A406A4D,BOTH, 96-355/04:00:08.000,    10,159,27.239,
                                        Protection                                                                          89.028999;
                                         Protection
                                                                CMD,7STAR,    490UA412A406A4E,BOTH, 96-355/04:00:10.000,    11,0,0.0,0.0;
                                                                CMD,7STAR,    490UA412A406A4F,BOTH, 96-355/04:00:12.000,    21,0,0.0,0.0;



         Real Time
         Real Time
          Real Time
         Behaviors
           Real Time
         Behaviors
          Behaviors
           Behaviors


                                                      QMSW 2006: Goal-Based Operations                                                      12
                               Current State of the Practice


     Activity
    Planning
         Sequence
         Generation
                Etc.*
                 Etc.*                                      If absolutely necessary, conditional behavior
                Etc.*
                                                            (event-driven execution) via rule-based
Ground
                * SAP, MAPGEN,
                  RSVP, SEQGEN, etc.                        monitors or hard-coded state machines
Flight

         Sequence
           Mgnt



         Sequence                        Fault
                                          Fault
                                          Fault
         Execution                          Fault
                                       Protection
                                       Protection
                                        Protection
                                         Protection



         Real Time
         Real Time
          Real Time
         Behaviors
           Real Time
         Behaviors
          Behaviors
           Behaviors


                                                      QMSW 2006: Goal-Based Operations                  13
                               Current State of the Practice


     Activity
    Planning
         Sequence
         Generation
                Etc.*
                 Etc.*
                Etc.*

                * SAP, MAPGEN,
Ground            RSVP, SEQGEN, etc.

Flight
                                                                                Fault protection software running
         Sequence
           Mgnt                                                                 in parallel, ready to “take over”
                                                                                from nominal sequence execution
         Sequence                        Fault
                                          Fault
                                                                                when a fault monitor is triggered.
                                          Fault
         Execution                          Fault
                                       Protection
                                       Protection
                                        Protection                              The usual off-nominal response is
                                         Protection
                                                                                “safe mode”:
                                                                                • costly ground ops
         Real Time
         Real Time
          Real Time                                                             • lost science opportunities
         Behaviors
           Real Time
         Behaviors
          Behaviors
           Behaviors


                                                      QMSW 2006: Goal-Based Operations                           14
                               Current State of the Practice


     Activity
    Planning
         Sequence
         Generation
                Etc.*
                 Etc.*
                Etc.*

                * SAP, MAPGEN,
Ground            RSVP, SEQGEN, etc.

Flight

         Sequence
           Mgnt
                                                                              For critical mission sequences,
                                                                              standard safing mechanism is
         Sequence                        Fault
         Execution
                                          Fault
                                          Fault
                                            Fault
                                       Protection
                                       Protection
                                                                              disabled - hard-coded fault
                                        Protection
                                         Protection                           protection provided by highly-
                                                                              specialized s/w modules:
         Real Time
                                                                              • ad-hoc
         Real Time
          Real Time
         Behaviors
           Real Time
         Behaviors
          Behaviors                                                           • complex
           Behaviors
                                                                              • expensive to generate and test
                                                      QMSW 2006: Goal-Based Operations                           15
                  Commands vs. Goals


All commands direct momentary changes of state, …

   – But many commands are open-loop
      • Examples: open a valve; select an antenna; set a mode…


   – Typically depend only on intrinsic state stability
      • Persistence of effects is assumed, not enforced
      • Failure to effect or sustain a change may go unnoticed
        until subsequent dangers trigger a fault response




                          QMSW 2006: Goal-Based Operations       16
                  Commands vs. Goals

Goals, a.k.a. closed-loop commands, change objectives on state
   – Common in most space systems, but not the norm
      • Examples: Track the earth; take a picture; drill a hole…

   – Subsequent action monitors and sustains the objective
      • Playing out over time is a defining characteristic
      • Failure to achieve an objective is overt and recognized early

   – More general representation
      • A goal can mimic any open-loop command
      • No hidden assumptions, so easier to construct, schedule, and
        verify robust sequences

   – Goals can also specify passively achieved behavior
      • Flight rules and constraints, resource management, fault
        monitoring can use same representation as nominal “sequence”


                          QMSW 2006: Goal-Based Operations              17
                 Steps in the Right Direction
        Deep Space One — Remote Agent



Deep Space One            Mission                                                 Spacecraft
                          Objectives                                              Commands
                                                          Remote Agent
                                                  Mission           Scripted
                                                  Manager           Executive



                                                   HSTS:           Livingstone:
                                                  Planner/         Diagnosis &
                                                 Scheduler           Repair




                       QMSW 2006: Goal-Based Operations                                 18
                 Steps in the Right Direction
        Deep Space One — Remote Agent



Deep Space One            Mission                                                 Spacecraft
                          Objectives                                              Commands
                                                          Remote Agent
                                                  Mission           Scripted
                                                  Manager           Executive



                                                   HSTS:           Livingstone:
                                                  Planner/         Diagnosis &
                                                 Scheduler           Repair



                          Sends Mission Objectives
                          as high-level goals to the
                          Planner/Scheduler.

                       QMSW 2006: Goal-Based Operations                                 19
                 Steps in the Right Direction
        Deep Space One — Remote Agent



Deep Space One            Mission                                                 Spacecraft
                          Objectives                                              Commands
                                                          Remote Agent
                                                  Mission           Scripted
                                                  Manager           Executive



                                                   HSTS:           Livingstone:
                                                  Planner/         Diagnosis &
                                                 Scheduler           Repair




                          Plans and schedules detailed
                          tasks (lower-level goals) to
                          achieve the high-level goals.
                       QMSW 2006: Goal-Based Operations                                 20
                 Steps in the Right Direction
        Deep Space One — Remote Agent



Deep Space One            Mission                                                 Spacecraft
                          Objectives                                              Commands
                                                          Remote Agent
                                                  Mission           Scripted
                                                  Manager           Executive



                                                   HSTS:           Livingstone:
                                                  Planner/         Diagnosis &
                                                 Scheduler           Repair



                                                     Executes scripts associated
                                                     with lower-level goals, issues
                                                     appropriate commands.

                       QMSW 2006: Goal-Based Operations                                 21
                 Steps in the Right Direction
        Deep Space One — Remote Agent



Deep Space One            Mission                                                 Spacecraft
                          Objectives                                              Commands
                                                          Remote Agent
                                                  Mission           Scripted
                                                  Manager           Executive



                                                   HSTS:           Livingstone:
                                                  Planner/         Diagnosis &
                                                 Scheduler           Repair



                                 Provides state estimates and suggests
                                 reconfiguration commands to Exec,
                                 by reasoning through a declarative
                                 model of the spacecraft system.
                       QMSW 2006: Goal-Based Operations                                 22
                     Steps in the Right Direction
                   MER — Activity Planning


MAPGEN:    MAPGEN:   Spread-
                                         RSVP               STS/SLINC
 Planner    APGEN     sheet



                                                                        MER
  SAP                                  SEQGEN




           CAST…                         Other
                                          Other
                                           Other
                                         models
                                         models
                                          models




                               QMSW 2006: Goal-Based Operations          23
                       Steps in the Right Direction
                   MER — Activity Planning


MAPGEN:    MAPGEN:     Spread-
                                           RSVP               STS/SLINC
 Planner    APGEN       sheet



                                                                          MER
  SAP                                    SEQGEN




           CAST…                  NASA
                     Developed byOther
                                  Other
                                   Other
                                 models
                                 models
                     ARC & JPL;   models


                     MER Ops personnel
                     use MAPGEN to:
                     • Plan Activities (Goals)
                     • Analyze Resources
                     • Edit Plans
                                 QMSW 2006: Goal-Based Operations          24
                               Steps in the Right Direction
                      DSN Array — Monitor & Control
          Problem Domain
 Supervisory control of a physically
 distributed system
 Service requests, not asset requests
 Policy-based allocation of assets
 Complex coordination and fault
 responses
 Automation to reduce ops costs

              Approach                                                  Deliverables
 Model-based systems engineering                         Partial level 3 & 4 requirements expressed in
  (State Analysis)                                         terms of states and models, captured in a
                                                           structured database
 Iterative systems and software
  engineering                                             Reusable & adaptable framework software
 State- & model-based software                           Low-fidelity simulation model of DSN
  architecture                                            Monitoring & Control prototype software that
 Goal-based operations                                    executes selected operational scenarios

                                   QMSW 2006: Goal-Based Operations                                 25
                                                      Steps in the Right Direction
                                        DSN Array — Monitor & Control

                     Information & control flow
                                  service request

                                    Convert
                                                                                              DSN customer
                                          activity

                                Goal Elaboration                 “Automation will be focused on providing
                    schedule




                                                                 real-time and non-real-time tools that will
                    conflict




                                          goal
                                          network                handle, without human intervention,
                                                                 nominal operations and selected non-
                                  Near-term
                                                                 nominal failures, and free the 24x7 staff to
execution failure




                                  Scheduling
                                                                 attend to non-routine events.”
                                         executable
                                         timelines
                                                                 Concept of Operations for the Deep Space Network
                                                                 Array, Rev. D, 11/1/2004
                                   Execution
                               (goal achievement)
                                                           QMSW 2006: Goal-Based Operations                         26
                                                     Steps in the Right Direction
                                        DSN Array — Monitor & Control

                    Information & control flow                                           Automated decision-making
                                  service request
                                                                                     •   Antenna selection
                                    Convert                                          •   Electronics package selection
                                                                                     •   Signal processing configuration
                                          activity
                                                                                     •   Deliberative fault responses
                                Goal Elaboration
                    schedule




                                                                                     • Priority calls
                    conflict




                                          goal
                                          network
                                                                                     • Ordering & timing of goals
                                  Near-term                                          • MSPA decisions
                                                                                         (MSPA ≡ multiple spacecraft per antenna)
execution failure




                                  Scheduling

                                         executable
                                         timelines                                   • RT state determination
                                   Execution
                                                                                     • RT control decisions
                               (goal achievement)                                    • RT fault responses
                                                          QMSW 2006: Goal-Based Operations                                          27
     Towards Standards for
     Goal-Based Operations

Summary of the GSAW 2006 Working Group


                   Session 10A
         Daniel Dvorak, Richard Morris
            Jet Propulsion Laboratory
        California Institute of Technology



               QMSW 2006: Goal-Based Operations   28
                                     Panel

Daniel Dvorak (chair)
   – Principal Engineer: Planning & Execution Systems
     Jet Propulsion Laboratory, California Institute of Technology
John Gersh
   – Principal Engineer: Human-Computer Interaction,
     System and Information Sciences Group
     Applied Physics Laboratory, The Johns Hopkins University
Mitch Ingham
   – Senior Engineer: Flight Software Systems Engineering & Architectures
     Jet Propulsion Laboratory, California Institute of Technology
Andrew Rowland
   – Project Engineer, WGS Mission Integration
     The Aerospace Corporation
Bonnie Triezenberg
   – Software Chief Engineer
     Boeing Satellite Development Center
                             QMSW 2006: Goal-Based Operations               29
                   Presenters / Panelists

Daniel Dvorak (chair)
   – Principal Engineer: Planning & Execution Systems
     Jet Propulsion Laboratory, California Institute of Technology
John Gersh
   – Principal Engineer: Human-Computer Interaction,
     System and Information Sciences Group
     Applied Physics Laboratory, The Johns Hopkins University
Mitch Ingham
   – Senior Engineer: Flight Software Systems Engineering &
     Architectures
     Jet Propulsion Laboratory, California Institute of Technology
Andrew Rowland
   – Project Engineer, WGS Mission Integration
     The Aerospace Corporation
Bonnie Triezenberg
   – Software Chief Engineer, Boeing Satellite Development Center


                           QMSW 2006: Goal-Based Operations          30
        What is Goal-Based Operations?


• Variously called…
   – Policy-based management
   – Activity-based operations
   – Directive-based commanding
   – Goal-based operations (GBO)

• Common themes
   – Explicit representation of operator intent
   – Expresses what not how
   – Inherently closed-loop control


                     QMSW 2006: Goal-Based Operations   31
                  Session Goals



• Build community of interest in Goal-Based Ops

• Raise awareness of motivations and benefits

• Identify issues and start a dialogue leading to
  standards




                    QMSW 2006: Goal-Based Operations   32
       Motivations for Goal-Based Operations


• Reduce operational complexity and human error
   – Too many states for an operator to keep track of
   – Allow operators to focus on big picture

• Make more effective use of expensive assets
  – Missions no longer satisfied with “run to safe-mode”
  – Proceed in presence of intermittent communications

• Operate multiple, diverse assets as a system

• Human-robotic interaction


                       QMSW 2006: Goal-Based Operations    33
                     Key Points


• GBO overcomes limitations of command-based
  sequencing

• GBO can be viewed as a management layer on top of
  the control system

• GBO enables more autonomous operation




                    QMSW 2006: Goal-Based Operations   34
             What are the Challenges?

• Making it concrete for managers

• Verification & validation

• Adaptation of legacy tools

• Cultural hurdles




                      QMSW 2006: Goal-Based Operations   35
           Why do we need standards?


• Interoperability for coordinated spacecraft

• Programs with assets developed by multiple agencies

• Common terminology

• Focus the community




                     QMSW 2006: Goal-Based Operations   36
        What do we standardize for GBO?

• Goal representation

• Operations processes and tools

• Control software architecture

• V&V techniques

• Human Machine Interface




                     QMSW 2006: Goal-Based Operations   37
                    Conclusions

• GBO concepts are appearing in several places

• We need standards … to achieve interoperability
  and avoid stovepipes

• We are engaging several standards organizations
  (CCSDS, TOG, OMG)

• We need to start defining terms and promote a
  dialogue with the larger community




                    QMSW 2006: Goal-Based Operations   38
                   Next Steps


• Set up a working group with TOG
  (The Open Group)

• Set up web site and mailing list

• Investigate Space Domain Task Force at OMG
  (Object Management Group)

• Submit paper and/or working group proposal to
  GSAW 2007




                   QMSW 2006: Goal-Based Operations   39
Reserves




QMSW 2006: Goal-Based Operations   40
                       Topics of Interest

                          Motivations
           Standards                                         Defining Characteristics

    Barriers to
     Adoption                                                     Human Supervisory
                                                                      Dialogue

Verification &
 Validation                                                        Human Interface
                                                                       Design

Fault Protection                                                 Operations Process


Planning & Execution                                         Operations Tools

                           Control
                         Architecture
                          QMSW 2006: Goal-Based Operations                            41