Runtime Assurance for Complex Autonomy

pdf

Abstract:

For over a decade there have been important advances in control systems technologies that have enabled fast adaptation to changing environmental conditions and large unforeseen system dynamic changes. These advances in adaptive capabilities can provide significant benefit to the unmanned aircraft community, turning remotely piloted vehicles into truly autonomous unmanned aircraft systems functions. There is now wide interest in developing teams of UASs performing various cooperative operations, such as terrain mapping, search missions, high-value escort, border patrol, supply delivery, and military operations, such as surveillance and reconnaissance.

However the actual implementation of even the basic building blocks for such autonomy have still not been realized on a wide scale due to the lack of useful analysis tools in the V&V process required for flight and mission critical certification. This is mainly due to the highly advanced, complex and potentially nondeterministic nature of these new systems. For autonomous systems with no human oversight, even mission critical systems now have safety implications, requiring stringent certification.

Along with advances in design-time V&V methods, there has been considerable development of runtime assurance (RTA) systems to provide additional levels of protection during mission operations to unforeseen software errors or overall design flaws that can result in critical safety violations. This presentation will cover the latest progress from an on-going Air Force initiative that began in 2004. Our current focus has been on developing feasible frameworks for interacting RTA systems and the decision making protocols required to maintain overall system safety of the entire UAS fleet executing the current mission.

An interacting RTA system framework is a natural result of the sequential loop closure architecture of aerospace command/control systems – from (1) inner-loop attitude stabilization to (2) guidance systems directing the flight path to (3) flight management systems determining the flight path to (4) mission planning systems generating assignment allocations and overall mission goals for the entire fleet of UAS platforms. We assume here a decentralized but cooperative command/control architecture in which the mission planning is “negotiated” by each platform’s autonomous systems through intra-fleet communications. We further assume that advanced, uncertifiable elements can exist at each of the aforementioned feedback levels, thereby requiring RTA monitoring at each level.

Our current framework defines RTA monitoring systems as assume-guarantee contract checkers, a formal methods approach from compositional reasoning. Key to this investigation is how to construct and analyze such disparate contracts with differing “languages” at each feedback level. Contracts at the inner-loop control level will involve control theoretic measures, such as norm bounds on tracking errors. However, contracts at the flight management or mission planning level may involve more discrete decision making attributes whereby it may be best to define the subsystem contracts in terms of, for example, linear temporal logic.

Biography:

  • Dr. Schierman works for Barron Associates, a small R&D company that focuses on development of advanced control systems for aerospace and defense systems and biomedical applications.
  • As such, the company has also been involved in a number of projects focusing on building new software assurance arguments and development of run time assurance approaches for these types of advanced control systems.
  • At Barron Associates, Dr. Schierman has been Principal Investigator on a number of advanced guidance & control projects funded by the Air Force, Navy and NASA, involving fighter aircraft, rotorcraft, reusable launch vehicles, and unmanned aircraft systems.
  • He has led the company's efforts in the area of run time assurance since 2004.
  • Dr. Schierman served as Chair of AIAA's Guidance, Navigation, and Control Technical Committee from 2010 to 2012.
Tags:
License: CC-2.5
Submitted by Katie Dey on