1
Jillian RedfernOrbital Express PresentationTITAN All-Hands07/08/2003
2
Topics to be Discussed
• Orbital Express and Mission Manager
• TITAN’s role
• Progress
• Future work
• Suggestions
3
DARPA’s Motivation
4
Movie of Robotic Arm
5
Movie of Direct Capture
6
Program Plans• Develop and validate software for autonomous mission
planning, rendezvous, proximity operations and docking. • Design, fabricate, and test on-orbit robotic satellite
servicing, including fuel and electronics transfer, deployment of and operations with a micro-satellite.
• Design, fabricate, and test on orbit a modular micro-satellite for protection of stationary satellites.
• Perform utility assessments of on-orbit servicing in conjunction with operational customers and plan for technology transition.
7
Main Operations
– Guidance, Navigation, & Control– Capture
• Free Fly Capture (With Robotic Arm)• Direct Capture (With Grappling Mechanism)
– ORU Transfer• NextSat to ASTRO (With Robotic Arm)• ASTRO to NextSat (With Robotic Arm)
– Fluid Transfer• NextSat to ASTRO• ASTRO to NextSat
– Mission Manager (Draper Lab’s part)
8
Failure Concerns
• Top 12 Failures Which Require Autonomous Response• Fail to direct capture• Fail to free-flyer capture• AC1 fault which results in reboot• AC2 fault which results in reboot• AVGS fails during prox ops• MCU fail during arm use• Battery DOD above 75 (TBR) %• Fluid coupler fails to engage• Fluid coupler fails to disengage• Pump fails on• RCS jet fail during prox ops• Selected valves fail open or closed
9
Draper’s Mission Manager
• Draper’s Mission Manager “looks” a lot like TITAN at the high levels
• Current thinking for fault diagnosis: – rule-based -- system engineer generated fault
response system which is pre-determined (simplifies Diagnosis and Planning step through database utilization)
• I want to add in a Diagnosis step through either TITAN or MINI-ME
10
MM Executive
Database
Monitor
Sequencer
NEXTSatOEDMSAutoGdAutoNav CM FTAPS ASTRO
Commands
Resource Predictor
Contingency Responder
Response Messages
Mission Manager
11
TITAN
Model-basedProgram
Titan Model-basedExecutive
Sequencer
Deductive Controller
ControlProgram
PlantModel
Configuration goals
State estimates
Physical Plant
Flight Control Software
Control actionsObservations
Mode Reconfiguration
ModeEstimation
s
Activity goals(from planner)
CCAs
12
FTAPSModeling
(What Jillian has been up to)
13
System (Extremely simplified)
2 Valves (not pyro)2 Fluid Transfer Tanks1 Pump1 Pressure Sensor2 Flow Sensor
Flow in both directions
*Assume valves open individually
Tank1 Tank2
Valve2
Valve1
PumpF2
F1
P1
14
Fluid Transfer Tank Level (Tank1)
Broken
Filling/Emptying
Empty
Full
(P1 = Nominal)
(P1 = Low)
(P1 = High)
Pump = 1to2
Pump = 2to1
Pum
p =
2to1
Pum
p =
1to2
Pump = OffPump = Off
Pump = Off
15
Fluid Transfer Tank Level (Tank2)
Broken
Filling/Emptying
Empty
Full
(P1 = Nominal)
(P1 = High)
(P1 = Low)
Pump=Off
Pump=Off
Pump=Off
Pum
p =
1to2
Pum
p =
2to1
Pump = 2to1
Pump = 1to2
16
Propellant Isolation Valve Number 1
Unknown
Open
Closed
LeakingCm
d=O
penV
1
Cm
d=C
loseV
1
F1 = reverse
F1 = stagnant
F1 = forward
17
Propellant Isolation Valve Number 2
Unknown
Open
Closed
Leaking
Cm
d=O
penV
2
Cm
d=C
loseV
2
F2 = stagnant
F2 = reverse
F2 = forward
18
Pump
Broken
1to2
OffC
md=
Pum
p
Off
(NOT Valve2=open) OR (Valve2=open AND F2=forward)
(F1 = Stagnant) AND (F2 = Stagnant)
2to1
(NOT Valve1=open) OR (Valve1=open AND F1=forward)
Cm
d=PumpO
ff
Cm
d=PumpR
ight Cm
d =
Pum
pLef
t
19
Initial State
• Pump = Off• V1 = Closed• V2 = Closed• Tank1Level = Full• Tank2Level = Empty • Pressure = High• Flow1 = Stagnant• Flow2 = Stagnant
20
Nominal Scenarios
• When Tank1Level = Full, turn pump on right and open valve V1 and close valve V2
• When Tank1Level = Empty, turn pump off and close valve V1 and open valve V2. Turn the pump on left.
21
Off-Nominal Scenario
• At t = 1– Pump = Off– Flow1 = Stagnant– Flow2 = Stagnant– V1 = Closed– V2 = Closed– Tank1Level = Empty– Tank2Level = Full– Pressure = Low
• At t = 2– Valve2_Command = open– Pump_Command = PumpLeft
• At t = 3– Pump = 2to1– Flow1 = Reverse– Flow2 = Forward– V1 = Closed– V2 = Open– Tank1Level = Filling– Tank2Level = Filling– Pressure = Nominal
• At t = 4– Valve1 = Leaking (Can I think of this as a fail to close?)
22
Another Off-Nominal Scenario
• At t = 1– Pump = 1to2– Flow1 = Forward– Flow2 = Stagnant– V1 = Open– V2 = Closed– Tank1Level = Filling– Tank2Level = Filling– Pressure = Nominal
• At t = 2– Pump_Command = Off
• At t = 3– Pump = Off– Flow1 = Forward– Flow2 = Stagnant– V1 = Open– V2 = Closed– Tank1Level = Filling – Tank2Level = Filling– Pressure = Nominal
• At t = 4– Pump = Broken
23
Failure Probabilities
• Valve1 – equal probability of failure• Valve2 – equal probability of failure• Pump – higher probability of failure• Tank1 – low probability of failure• Tank2 – low probability of failure
24
Progress
• Extremely simple model has just now been compiled successfully
• I have not run the mof file through TITAN or even Mode Estimation
25
Goals for Thesis/Project
• Model the rest of the system accurately– FTAPS– Capture
• Direct• Free-Flyer
– ORU Transfer
• Adapt TITAN/MINI-ME to my needs or at least demonstrate its diagnosis is better than a system engineer
• Help improve the utility of TITAN to other programs
26
My questions to the group
• The monitor: I receive a lot of status updates from software and general system statuses. What can I do with those?
• Do I always assume the commands are getting to the correct components?
• Not sure whether I have hybrid capabilities with the monitor• Is there someone who is a better modeler than I in this group?• Why do we code it like this:
(off :documentation "The OFF mode."
:model (and
(= (flow ?valveName1) stagnant) (= (flow ?valveName2) stagnant) (= (pump_mode ?pumpName) off))