|TABLE OF CONTENTS|
|Figure 1. The product-gas transfer in the Phase III test.|
The IMC software managed the configuration of the O2 supply for transfer to the airlock for incineration or to the crew chamber. The software flexibly reconfigured and transferred gas among multiple reservoirs in response to predicted needs, observed usage, and problems with the system elements.
The uppermost tier of the 3T software is a planner that handles the management of resources and products, and the middle tier is a sequencer that provides a reactive discrete-control layer that handles event-based control, sequencing, and procedures for managing operational configurations and operation phases.3 The planner can alter the sequencer's task agenda. The lowest tierthe skill managerhandles low-level control. The skill manager interfaces with both the sequencer and the hardware and manages the continuous performance of processors and the continuous-control systems. The discrete- and continuous-control layers and a user-interface layer can manage instrumentation and control subsystems.
Four heterogeneous types of models have been essential for developing, testing, and maintaining intelligent-control software for space life-support systems and providing operational model-based what-if analyses: discrete functional operational and failure modes of components; continuous dynamic performance within component modes, modeled qualitatively or quantitatively; configurations of flows and power among components in the system; and operations activities, schedules, and scenarios. The CONFIG simulation tool has provided the necessary integration of all four types of models,58 making it a suitable testbed for dynamic, interactive, simulation-based testing of the LMLSTP IMC application of the 3T-layered control software.9
CONFIG uses a state-transition-system formalism in a system model composed of a set of connected components, or devices, structured within a configuration or flow path. The direction of physical flows and the effects of flow reconfigurations are efficiently analyzed during simulations. Two of the basic building blocks of a CONFIG model are devices (e.g., pumps, valves, tanks, and condensers) and activities. Devices model the behavior of system-hardware components and activities model actions in procedures or software. Device relations represent the connections between system components. Activity-device relations are used to relate activities to system components for control and monitoring purposes.
The modular discrete-event modeling approach provides a framework for organizing and managing the application of more detailed knowledge. In device models, time-related behavior models are embedded within modes that are within state-transition systems. For example, two modes of a simple valve might be open and closed. The way a device interacts with connected devices can depend on the current mode. Failures can be modeled as modes or as factors that precipitate or prevent transitions. Transitions between device modes can be determined by control variables, variable changes propagated through interdevice connections, or changes in system flows. The model structure can be recomposed during a simulation as the direction and activation of interconnections changes.
Activity models are also state-transition models. Several levels of control can be modeled as activities (e.g., an activity might be used to control the positioning of a set of valves). States of activity models, called activity phases, have embedded control behaviors, which can represent discrete- or continuous-control regimes or elements of schedules or simulation scenarios.
Life-support-system applications require the accurate accounting of resource inventories transferred by continuous flow at variable rates to various locations within the modeled system. In CONFIG, two operators, Integrate and Apply-When, are used to periodically compute states or time advances that depend on continuous changes. The Apply-When operator calls external algebraic functions to determine the time advance for a rate-dependent event. The Integrate operator uses a discrete-time approach, providing periodic updates of variables based on a rate, which may be changed dynamically by external inputs. Complex behavior emerges from the interaction of devices that have simple models of internal continuous processes.
CONFIG provides an object-oriented and graphical environment for building models and managing simulation tests. This environment supports incremental model development, maintenance, and reuse.
|Figure 2. The product gas-transfer system model.|
Simulation-based testing followed unit testing and hardware-integration testing by the software developers. The interactive simulation-based testing used multiple long-duration scenarios running at about 20 times real time. The testing verified software activities during nominal operations in a system context and tested software response to hardware problems and imbalances. The testing, which is documented in References 9 and 11, uncovered some software problems and some issues concerning software requirements. The most interesting issue was observed in the context of a complex interaction including elements of the crew chamber and the plant-growth chamber. It is not likely that this type of software problem would have been found during conventional software testing because it involved a sequence of interactions of multiple devices and controllers in the system that would be difficult to conceive of or emulate in conventional software testing.
During simulation tests, when the CO2 accumulator was depleted, the IMC software switched the source of CO2 from the accumulator to the facility supply as intended, except when the plant-chamber CO2 concentration was between the alert-low and alarm-low thresholds. When the plant-chamber CO2 concentration was below the alert-low level (1,000 ppm) and the CO2 accumulator on the crew chamber side was also at its alert-low limit (83 kPa), the IMC software failed to switch to the facility CO2 supply. The IMC software disabled the continuous flow into the plant chamber and gave control to the local CO2 controller in the plant chamber. The local controller then switched to the backup pulse-injection system to raise the CO2 level in the plant chamber. Because the IMC software had failed to switch the CO2 source from the accumulator to the facility supply, the backup system drew CO2 from the depleted accumulator. The CO2 level in the plant chamber continued to drop even with the backup system on.
Current work includes CONFIG extensions to support interactive operator-in-the-loop evaluations of strategies for adjustable autonomy, which supports operator intervention at multiple levels when appropriate. An interface has been developed between CONFIG and the lowest skills layer of the autonomy software to support testing of all layers of the architecture. More models are being developed to support the engineering and operation of autonomous production plants for consumables on Mars.
1. P. Bonasso et al., "Experiences with an Architecture for Intelligent, Reactive Agents," J. Experimental and Theoretical AI, 9 (1997), pp. 237256.
2. D. Schreckenghost et al., "Three Tier Architecture for Controlling Space Life Support Systems," Proc. IEEE Symposium on Intelligence in Automation and Robotics (IEEE, 1998).
3. R.J. Firby, The RAP Language Manual (Evanston, IL: Neodesic Corporation, 1997).
4. J.T. Malin, "Some Roles of Models in Monitoring and Control for BIO-Plex." SAE paper no. 981727 (Paper presented at the SAE 28th International Conference on Environmental Systems, Danvers, MA, 1998).
5. J.T. Malin, B.D. Basham, and R.A. Harris, "Use of Qualitative Models in Discrete Event Simulation for Analysis of Malfunctions in Continuous Processing Systems," Artificial Intelligence in Process Engineering, ed. M. Mavrovouniotis (San Diego, CA: Academic Press, 1990), pp. 3779.
6. J.T. Malin and D.B. Leifker, "Functional Modeling with Goal-Oriented Activities for Analysis of Effects of Failures on Functions and Operations," Informatics & Telematics, 8(4) (1991), pp. 353364.
7. J.T. Malin, D. Ryan, and L. Fleming, "CONFIGIntegrated Engineering of Systems and Their Operation," Proc. Fourth National Technology Transfer Conference (Houston, TX: NASA Conference Publication CP-3249, 1993), pp. 97104.
8. J.T. Malin, D. Ryan, and L. Fleming, "Computer-Aided Operations Engineering with Integrated Models of Systems and Operations," Proc. Dual Use Space Technology Transfer Conference and Exhibition (Houston, TX: NASA Conference Publication CP-3263, 1994), pp. 455461.
9. J.T. Malin, L. Fleming, and T. Hatfield, "Interactive Simulation-Based Testing of Product Gas Transfer Integrated Monitoring and Control Software for the Lunar Mars Life Support Phase III Test," SAE paper no. 981769 (Paper presented at the SAE 28th International Conference on Environmental Systems, Danvers, MA, 1998).
10. L. Fleming, T. Hatfield, and J. Malin, Simulation-Based Test of Gas Transfer Control Software: CONFIG Model of Product Gas Transfer System, Automation, Robotics and Simulation Division Report, AR&SD-98-017 (Houston, TX: NASA Johnson Space Center, 1998).
11. L. Fleming, T. Hatfield, and J. Malin, Simulation-Based Test of Gas Transfer Control Software: CONFIG Model of Product Gas Transfer System, Automation, Robotics and Simulation Division Report, AR&SD-98-018 (Houston, TX: NASA Johnson Space Center, 1998).
Jane T. Malin is with the Intelligent Systems Branch, Automation, Robotics and Simulation Division of NASA Johnson Space Center.
For more information, contact J.T. Malin, Intelligent Systems Branch, MC ER2, Automation, Robotics, and Simulation Division, NASA Johnson Space Center, Houston, Texas 77058-3696; e-mail firstname.lastname@example.org.
Direct questions about this or any other JOM page to email@example.com.
|Search||TMS Document Center||Subscriptions||Other Hypertext Articles||JOM||TMS OnLine|