Embedding Online Runtime Verification for Fault Disambiguation on Robonaut2

Kempa, Brian; Zhang, Pei; Jones, Phillip H.; Zambreno, Joseph; Rozier, Kristin Yvonne

doi:10.1007/978-3-030-57628-8_12

Cited by 23 publications

(20 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, all test data was recorded and put to use offline in refining our specifications and implementations of R2U2 into each subsystem. We argue that since R2U2 has previously been embedded and used in several successful aerospace applications [7,10,13,17,23], our offline, real-time simulations of this embedding perform representatively to an actual implementation. Note we plan to incorporate R2U2 into the UTM system for the next test.…”

Section: Discussionmentioning

confidence: 84%

“…R2U2 has implementations in hardware (FPGAs), C++, and C; we choose the latter for embedding in the UTM. R2U2's architecture details appear in a tool overview [20], with additional details from past case studies in [7,10,13,17,23]. R2U2 reads relevant sensor readings off the main system bus, then passes them through lightweight, real-time atomic checkers that filter and discretize the sensor readings.…”

Section: Preliminariesmentioning

confidence: 99%

See 1 more Smart Citation

Integrating Runtime Verification into an Automated UAS Traffic Management System

Cauwels

Hammer

Hertz

et al. 2020

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

Unmanned Aerial Systems (UAS) are quickly integrating into the National Air Space (NAS). With the number of registered small (under 55 pounds) UAS in the USA alone at over 1.5 million, and projected to expand rapidly, according to the Federal Aviation Administration (FAA), safety is a pressing consideration. Safe UAS integration into the NAS requires an intelligent, automated system for UAS Traffic Management (UTM). Even more than for manned aircraft, UTM must integrate runtime checks to ensure system safety, at the very least to make up for the lack of humans on board to employ the common-sense safety checks ingrained into the culture of human aviation. We overview a candidate automated, intelligent UTM system and propose multiple integration points for runtime verification (RV) to ensure that each part of the UTM adheres to safety requirements during operation. We write, validate, and present patterns for formal requirements across multiple subsystems of this UTM framework. After encoding our requirements as flight-certifiable runtime observers in the R2U2 RV engine, we execute them in simulation across multiple real-life test flights supplemented with simulated data to cover additional cases that did not occur in flight. Lessons learned accompany an analysis of the efficacy and performance of RV integration into the UTM framework.

show abstract

Section: Discussionmentioning

confidence: 84%

Section: Preliminariesmentioning

confidence: 99%

Integrating Runtime Verification into an Automated UAS Traffic Management System

Cauwels

Hammer

Hertz

et al. 2020

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…We designed 19 MLTL runtime specifications for Nova Somnium's ACS, shown in Table 3. The total memory for R2U2 monitoring all 19 specifications in parallel was ∼400 kB of memory, which would fit on-board the ACS; we could further reduce memory by employing optimizations from [6] or down-selecting specifications to monitor. To better understand how the specifications are encoded into observation trees for R2U2, see [17,19,20].…”

Section: Resultsmentioning

confidence: 99%

“…Mission-time Linear Temporal Logic (MLTL) was designed for this purpose [8,13]; it adds finite, integer-bounded intervals to each of the temporal operators in LTL. MLTL has been used in many industrial projects [1,4,6,9,13,14,[19][20][21], and since 2018 has been an official logic of the RV Benchmark Competition [12,16].…”

Section: Approachmentioning

confidence: 99%

“…LOLA is a stream-based specification language that previously provided the necessary level of formalization and expressibility for this project [18], but the computational limits of Nova Somnium's ACS are ill-matched for this tool and LOLA's current restriction to past-time specification presents a significant barrier to use. R2U2 was developed to monitor expressive properties of systems in real-time, with little overhead and significant resource constraints [1,6,9,17,19,20]. For this reason, R2U2 is a viable option for integrating RV onto sounding rocket systems.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Integrating Runtime Verification into a Sounding Rocket Control System

Hertz

Luppen

Rozier

2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

An actuation fault in the aerobraking control system (ACS) took down Iowa State's Nova Somnium rocket during the 2019 Spaceport America Cup competition, prematurely ending the team's participation. The ACS engaged incorrectly before motor burnout, altering the rocket's trajectory and leading to a dangerous crash. The ability to detect this fault in real time on-board the ACS's Arduino microcontroller would have prevented an uncontrolled landing and rapid unscheduled disassembly, which posed a major safety threat and ended a year's worth of effort by the 50-student team. Runtime verification (RV) specializes in efficiently catching this type of scenario; the R2U2 RV engine uniquely fits in the project's resource constraints. We design specifications to detect ACS faults and trigger the appropriate mitigations. We discuss specification development, validation, coverage, and robustness against false positives. Experimental evaluation on the real, recorded flight data demonstrates that running R2U2 on the Nova Somnium ACS would have prevented this accident from occurring. We generalize our results and outline our plans for integrating runtime verification into future sounding rockets.

show abstract