To fulfill the needs of its deep space exploration program, NASA is actively supporting research and development in autonomy software. However, the reliable and cost-effective development and validation of autonomy systems poses a tough challenge. Traditional scenario-based testing methods fall short because of the combinatorial explosion of possible situations to be analyzed, and formal verification techniques typically require a tedious, manual modelling by formal method experts. This paper presents the application of formal verification techniques in the development of autonomous controllers based on Livingstone, a model-based health-monitoring system that can detect and diagnose anomalies and suggest possible recovery actions. We present a translator that converts the models used by Livingstone into specifications that can be verified with the SMV model checker. The translation frees the Livingstone developer from the tedious conversion of his design to SMV, and isolates him from the technical details of the SMV program. We describe different aspects of the translation and briefly discuss its application to several NASA domains.
[1]
Gerard J. Holzmann,et al.
The Model Checker SPIN
,
1997,
IEEE Trans. Software Eng..
[2]
Charles Pecheur,et al.
Autonomous Control of an In-Situ Propellant Production Plant
,
1999
.
[3]
P. Pandurang Nayak,et al.
Validating the DS-1 Remote Agent Experiment
,
1999
.
[4]
P. Pandurang Nayak,et al.
Remote Agent: To Boldly Go Where No AI System Has Gone Before
,
1998,
Artif. Intell..
[5]
Charles Pecheur,et al.
Automating Model Checking for Autonomous Systems
,
2000
.
[6]
Charles Pecheur,et al.
INFORMATION TECHNOLOGY AND CONTROL NEEDS FOR IN-SITU RESOURCE UTILIZATION
,
1999
.
[7]
Edmund M. Clarke,et al.
Symbolic Model Checking: 10^20 States and Beyond
,
1990,
Inf. Comput..
[8]
P. Pandurang Nayak,et al.
A Model-Based Approach to Reactive Self-Configuring Systems
,
1996,
AAAI/IAAI, Vol. 2.