Papers by Nicolas Rouquette
This paper presents a software engineering perspective to designing and building fault protection... more This paper presents a software engineering perspective to designing and building fault protection monitor software for spacecraft. We capitalize on fault protection ideas inheritted from Cassini [1] and emphasize streamlining the design and development process on the basis of separating domain-specific monitor specifications from architectural software issues. We emphasize the view of fault protection monitoring as a functional transformation of raw sensor data for feature extraction and symptom detection. Combined with automatic code generation from specification, the functional viewpoint of monitoring can be seen as one application of the cleanroom software engineering methodology [2]. 1 Introduction Sensor monitoring is an integral part of the fault-protection architecture of a spacecraft. Monitors extract features from raw sensor data to detect symptoms of nominal and abnormal behavior. Even though symptom detection is hardware specific, the overall fault protection...
Spacecraft Autonomy Flight Experience: The DS1 Remote Agent Experiment
allowed to assume command and control of the Deep Space One spacecraft during the Remote Agent Ex... more allowed to assume command and control of the Deep Space One spacecraft during the Remote Agent Experiment. This experiment demonstrated numerous autonomy concepts ranging from high-level goaloriented commanding to on-board planning to robust plan execution to model-based fault protection. Many lessons of value to future enhancements of spacecraft autonomy were learned in preparing for and executing this experiment. This paper describes those lessons and suggests directions of future work in this field.
Programming and Validation Techniques for Reliable Goal-driven Autonomic Software
engineering of some of the most complex man-rated autonomous software systems. According to some ... more engineering of some of the most complex man-rated autonomous software systems. According to some recent estimates, the certification cost for mission-critical software exceeds its development cost. The current process-oriented methodologies do not reach the level of detail of providing guidelines for the development and validation of concurrent software. Time and concurrency are the most critical notions in an autonomous space system. In this work we present the design and implementation of a first concurrency and time centered framework for verification and semantic parallelization of real-time C++ within the JPL Mission Data System Framework (MDS). The end goal of the industrial project that motivated our work is to provide certification artifacts and accelerated testing of the complex software interactions in autonomous flight systems. As a case study we demonstrate the verification and semantic parallelization of the MDS Goal Networks.
Requirements Analysis for an Integrated OCL Development Environment
Abstract: An Integrated OCL Development Environment (IDE4OCL) can signifi-cantly improve the prag... more Abstract: An Integrated OCL Development Environment (IDE4OCL) can signifi-cantly improve the pragmatics and praxis of OCL. We present the domain concepts, tool–level interactions with OCL and the use cases we identified in a systematic analysis of requirements for an IDE4OCL. The domain concepts is an important contribution of our work as it attempts to clarify inconsistencies in the relevant spec-ifications. Because OCL is not a stand–alone language, the OCL landscape includes several interacting tools including an IDE4OCL. The use cases describe our vision of the desired functionality unique to an IDE4OCL. The results of our analysis and the long term vision of our work should be relevant to developers of OCL tools as well as to the OMG Request for Information regarding the UML Futures1. Our work is relevant to the UML Futures Roadmap because providing OCL for the constraints in the UML specification has been a longstanding problem at the OMG.
In recent years, compositional modeling and self-explanatory simulation techniques have simplifie... more In recent years, compositional modeling and self-explanatory simulation techniques have simplified the process of building dynamic simulators of physical systems. Building steadystate simulators is, conceptually, a simpler task consisting in solving a set algebraic equations. This simplicity hides delicate technical issues of convergence and search-space size due to the potentially large number of unknown parameters. We present an automated technique for reducing the dimensionality of the problem by 1) automatically identifying feedback loops (a generally NP-complete problem), 2) hierarchically decomposing the set of equations in terms of feedback loops, and 3) structuring a simulator where equations are solved either serially without search or in isolation within a feedback loop. This paper describes the key algorithms and the results of their implementation on building simulators for a two-phase evaporator loop system across multiple combinations of causal and non-cau...
Using Defect Reports to Build Requirements Knowledge in Product Lines
In a recent study of a product line, we found that the defect reports both (1) captured new requi... more In a recent study of a product line, we found that the defect reports both (1) captured new requirements information and (2) implicated undocumented, tacit requirements information in the occurrence of the defects. We report four types of requirements knowledge revealed by software defect reports from integration and system testing for two products in this high-dependability product line. We argue that store-and-retrieve-based requirements management is insufficient to avoid recurrence of these types of defects on upcoming members of the product line. We then propose the use of two mechanisms not traditionally associated with requirements management, one formal and one informal, to improve communication of these types of requirements knowledge to developers of future products in the product line. We show how the two proposed mechanisms, namely feature models extended with assumption specifications (formal) and structured anecdotes of paradigmatic product-line defects (informal), can...
This paper is an experience report on a first attempt to develop and apply a new form of software... more This paper is an experience report on a first attempt to develop and apply a new form of software: a fullservice testbed designed to evaluate alternative software dependability technologies, and to accelerate their maturation and transition into project use. The SCRover testbed includes not only the specifications, code, and hardware of a public safety robot, but also the package of instrumentation, scenario drivers, seeded defects, experimentation guidelines, and comparative effort and defect data needed to facilitate technology evaluation experiments. The SCRover testbed’s initial operational capability has been recently applied to evaluate two architecture definition languages (ADLs) and toolsets, Mae and AcmeStudio. The testbed evaluation showed (1) that the ADL-based toolsets were complementary and costeffective to apply to mission-critical systems; (2) that the testbed was cost-effective to use by researchers; and (3) that collaboration in testbed use by researchers and the Je...
Semantically Enhanced Containers for Concurrent Real-Time Systems
2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, 2009
Evaluating fractionated space systems - Status
2013 IEEE Aerospace Conference, 2013
ABSTRACT DARPA has funded a number of teams to further refine its Fractionated Spacecraft vision.... more ABSTRACT DARPA has funded a number of teams to further refine its Fractionated Spacecraft vision. Several teams, including this team led by JPL, have been tasked to develop a tool for the evaluation of the Business case for a fractionated system architecture. This evaluation is to understand under what conditions and constraints the fractionated architecture make more sense (in a cost/benefit sense) than the traditional monolithic paradigm. Our approach to this evaluation is to generate and evaluate a variety of trade space options. These options include various sets of stimuli, various degrees of fractionation and various subsystem element properties. The stimuli include many not normally modeled such as technology obsolescence, funding profile changes and changes in mission objectives during the mission itself. The degrees of fractionation enable various traditional subsystem elements to be distributed across different free flyers which then act in concert as needed. This will enable key technologies to be updated as need dictates and availability allows. We have described our approach in a previous IEEE Aerospace conference paper but will briefly summarize here. Our approach to generate the Business Case evaluation is to explicitly model both the implementation and operation phases for the life cycle of a fractionated constellation. A variety of models are integrated into the Phoenix ModelCenter framework and are used to generate various intermediate data which is aggregated into the Present Strategic Value (PSV). The PSV is essentially the value (including the value of the embedded real options) minus the cost. These PSVs are calculated for a variety of configurations and scenarios including variations of various stimuli or uncertainties (e.g. supply chain delays, launch vehicle failures and orbital debris events). There are various decision options (e.g. delay, accelerate, cancel) which can now be exercised for each stimulus. We can compute the PSV for the various comb- nations and populate a tradespace. We have developed tooling to allow models to be automatically created and executed allowing us to explore large numbers of options with no human intervention. The methodology, models and the process by which they are integrated were a key subset of the previous paper. We will present the results of the Business Case analyses for a variety of configurations and scenarios, present the populated tradespace, show the GUI we have developed to facilitate the use of the tool and discuss the implications of both the results and our work to date. We will also discuss future work and possible approaches for that work.
Proceedings of the 13th international conference on Formal methods and software engineering
Google, Inc. (search). ...
— State Analysis is a methodology developed over the last decade for architecting, designing and ... more — State Analysis is a methodology developed over the last decade for architecting, designing and documenting complex control systems. Although it was originally conceived for designing robotic spacecraft, recent applications include the design of control systems for large ground-based telescopes. The European Southern Observatory (ESO) began a project to design the European Extremely Large Telescope (E-ELT), which will require coordinated control of over a thousand articulated mirror segments. The designers are using State Analysis as a methodology and the Systems Modeling Language (SysML) as a modeling and documentation language in this task. To effectively apply the State Analysis methodology in this context it became necessary to provide ontological definitions of the concepts and relations in State Analysis and greater flexibility through a mapping of State
MESA: an interactive modeling and simulation environment for intelligent systems automation
Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences HICSS-94
Abstract Describes MESA, a domain-independent interactive tool for the development of reusable ca... more Abstract Describes MESA, a domain-independent interactive tool for the development of reusable causal models and model-based-reasoning applications. Our current efforts are focused on developing automated sensor monitoring applications for NASA flight projects. ...
CAESAR Model-Based Approach to Harness Design
2020 IEEE Aerospace Conference
In this paper we describe a system called the Computer Aided Engineering for Spacecraft System Ar... more In this paper we describe a system called the Computer Aided Engineering for Spacecraft System Architectures Tool Suite, or CAESAR for short, a platform for enabling model-based system engineering (MBSE). CAESAR recognizes that engineers are already likely to use models, but they typically keep the models private, only interpreting model information into documents or presentations that become project baseline. MBSE needs to enable more automated sharing of information directly between models to ensure model consistency, improve the rigor of engineering process, and ultimately, reduce the effort needed to get a clear answer to engineering questions. We explain the features of CAESAR, and describe how these features were leveraged in a case study where CAESAR was used to develop a model-based process for spacecraft electrical interface design and harness specification for the Europa Clipper flight project.
Remote Agent Experiment Validation Report
Position paper for WIFT'98 ["Pushbutton" analysis via integration of industrial tools with formal validation]
Proceedings. 2nd IEEE Workshop on Industrial Strength Formal Specification Techniques
Spacecraft fault protection software is a challenging and critical system. Our goal is to use the... more Spacecraft fault protection software is a challenging and critical system. Our goal is to use the same specifications for the starting point of both the code development (whether manual or automated) and the formal analysis. Furthermore, we aim to automate as much as possible of the analysis process, to make it an easy-to-apply “pushbutton”-like activity. Towards this end, we are
In recent years, compositional modeling and self-explanatory simulation techniques have simplifie... more In recent years, compositional modeling and self-explanatory simulation techniques have simplified the process of building dynamic simulators of physical systems. Building steady-state simulators is, conceptually, a simpler task consisting in solving a set algebraic equations. This simplicity hides delicate technical issues of convergence and search-space size due to the potentially large number of unknown parameters. We present an automated technique for reducing the dimensionality of the problem by 1) automatically identifying feedback loops (a generally NP-complete problem), 2) hierarchically decomposing the set of equations in terms of feedback loops, and 3) structuring a simulator where equations are solved either serially without search or in isolation within a feedback loop. This paper describes the key algorithms and the results of their implementation on building simulators for a two-phase evaporator loop system across multiple combinations of causal and non-causal approxim...
CAESAR Model-Based Approach to Harness Design
2020 IEEE Aerospace Conference, 2020
In this paper we describe a system called the Computer Aided Engineering for Spacecraft System Ar... more In this paper we describe a system called the Computer Aided Engineering for Spacecraft System Architectures Tool Suite, or CAESAR for short, a platform for enabling model-based system engineering (MBSE). CAESAR recognizes that engineers are already likely to use models, but they typically keep the models private, only interpreting model information into documents or presentations that become project baseline. MBSE needs to enable more automated sharing of information directly between models to ensure model consistency, improve the rigor of engineering process, and ultimately, reduce the effort needed to get a clear answer to engineering questions. We explain the features of CAESAR, and describe how these features were leveraged in a case study where CAESAR was used to develop a model-based process for spacecraft electrical interface design and harness specification for the Europa Clipper flight project.
This paper describes the validation of the Remote Agent Experiment. A primary goal of this experi... more This paper describes the validation of the Remote Agent Experiment. A primary goal of this experiment was to provide an onboard demonstration of spacecraft autonomy. This demonstration included both nominal operations with goal-oriented commanding and closed-loop plan execution, and fault protection capabilities with failure diagnosis and recovery, on-board replanning following unrecoverable failures, and system-level fault protection. Other equally important goals of the experiment were to decrease the risk of deploying Remote Agents on future missions and to familiarize the spacecraft engineering community with the Remote Agent approach. These goals were achieved by successfully integrating the Remote Agent with the Deep Space 1 ight software, developing a layered testing approach, and taking various steps to gain the con dence of the spacecraft team. In this paper we describe how we achieved our goals, and discuss the actual on-board demonstration in May, 1999, when the Remote Ag...
Uploads
Papers by Nicolas Rouquette