AIAA Intelligent Systems Technical Committee Newsletter

Intelligence: the ability to apply knowledge to manipulate ones environment Webster’s Dictionary

Newsletter Contents

Fall 2013

AIAA ISTC Putting the brains into planes

Message from the chair elect

Page 2

Highlights of Intelligent Systems in Aerospace

Pages 6-14

Newly elected ISTC chair (elect) Nhan Nguyen shares his thoughts and vision for the AIAA ISTC.

IS 2014 Workshop Basic information about the upcoming 2014 workshop for an Intelligent Systems Roadmap

Page 3

Defining an IS A brief summary of the ISTC’s work to define IS.

Pages 4-6

Awards & Honors Information about the recipient of the 2014 AIAA Intelligent Systems award, Dr. Heinz Erzberger. AIAA 2012 intelligent systems best paper award. AIAA ISTC member Kristin Rozier’s recognition by women in aerospace.

Short technical highlights of intelligent systems technology applied to aerospace applications.

;

` Fall 2013

2

It is my honor and privilege to serve the ISTC as the chair-elect in 2015. I am humbled by your trust and confidence in me. Our ISTC has been growing in membership and visibility under the stewardships of the current chair, Dr. Kelly Cohen, and the past chairs. Their leaderships and steadfast commitments continue to advance the cause of the ISTC at the Institute and contribute to the vision of the intelligent systems. With your support, I pledge to maintain continuity, communication, and transparency in our technical committee processes. The aerospace enterprise in general and the Institute in particular are experiencing profound changes. Some of these changes are in response to the emerging information-enabled intelligent systems technologies, which are rapidly becoming critical in many aerospace systems. These cross-cutting technologies are enabling new advanced capabilities throughout the aerospace industry and are playing an equal role as the traditional aerospace disciplines of aerodynamics, propulsion, and structures. Intelligent systems and autonomy together can potentially improve efficiency and reduce costs associated with the design and operation of many aerospace systems. To improve our communication of the intelligent systems vision, the ISTC is developing the intelligent systems roadmap, which will serve as a guide to lay out a future strategy of inserting intelligent systems technologies into operational aerospace systems. This roadmap will also help to communicate our vision to the Institute and the aerospace community. Bringing intelligent systems into academic settings is a strategic goal, which the ISTC is currently pursuing. Our future aerospace workforce can be better trained by learning how to apply theory and practice of intelligent systems as parts of the aerospace engineering and computer science curricula. Our ISTC can play an important role in promoting this goal with the help of our academic ISTC colleagues. To promote the intelligent systems vision and foster information sharing, the Infotech@Aerospace

Message from Chair Elect conference has been providing an important venue for technical interchange among working professionals and students. The ISTC has been instrumental in the success of this conference since its inception. Under the new event model, the Infotech@Aerospace conference will be a part of the AIAA SciTech event in 2015. Our ISTC will continue to organize, promote, and support this important conference alongside other technical committees in the Information Systems Group. All ISTC members can contribute to this conference to grow its influence and increase awareness of intelligent systems in the aerospace setting. To serve the Institute in providing a technical forum to the aerospace enterprise, membership growth is highly critical to the Institute as well as the ISTC. Intelligent systems disciplines sit at a cross road between traditional aerospace disciplines and computer science-related disciplines. Our affiliation with intelligent systems technical organizations via our ISTC membership affords us the opportunity to reach out to non-traditional communities to bring in new membership from these communities. Their participation will help to promote the understanding of the intertwining roles of computer science and aerospace engineering in the intelligent systems. These goals and many other important ISTC pursuits will be high on my agenda. I ask for your support in implementing the vision of the intelligent systems and communicating this vision to our key stake holders at the Institute and in the industry, government, and academia. Our ISTC will continue to thrive and make contributions to the Institute with your full participation and spirit of collegiality. Nhan Nguyen, Ph.D. Chair-Elect

;

` Fall 2013

3

ISTC Planning for 2014 Intelligent Systems Workshop

Your TC is tentatively planning to hold an off-site technical workshop in Dayton, OH on 7-8 Aug 2014. The location will be at the Wright Brothers Institute Innovation and Collaboration Center adjacent to Wright Patterson AFB and near the National Museum of the USAF. <http://wbi-icc.com/centers-services/tecedge-icc> The purpose of the workshop is to have technical sessions and discussions that contribute to the AIAA Intelligent Systems Roadmap that TC members are preparing. The roadmap will serve two general purposes: 1) describes the “as-is” state-of-the-art, creates a “to-be” vision, and explains what is needed in order to achieve the vision and 2) steer and accelerate development integration of intelligent systems technology in aerospace systems. This two-day event is sure to pique

your interest and capture your thoughts. We expect stimulating two-day meeting. In addition, we will be holding a short ISTC meeting in conjunction with the workshop. We hope you’ll plan to attend as there will not be an Infotech meeting in 2014. We’ll provide updates to you as they become available. Intelligent Systems Workshop POC: Corey Schumacher. Intelligent Systems Roadmap POC: Chris Tschan

ISTC Continues to Refine Thoughts about “What is an Intelligent System”

Chris Tschan, Elad Kivelevitch, and Kevin Melcher have led a dialog with a few other TC members over the past year on “What an Intelligent System is.” This is a continuing discussion that forces us to think fundamentally about where we’ve been and where we should be going. We have seen the results of the “What is an IS?” contests the past few years and one observation is that undergraduate engineering students don’t yet have a well-recognized and popular example of a top-level aerospace intelligent system.

At least one TC member believes that perhaps we’ve spent recent year refining techniques we’re comfortable with, some of which represent shallow learning systems. However, maybe it’s time that we open a parallel line of research for deep learning systems and create something with much more far reaching implications than we’ve seen today. TC members expect to share their thoughts at the 2014 Intelligent Systems Workshop where you’ll see what the Intelligent Systems Roadmap committee has been doing.

;

` Fall 2013

4

Dr. Heinz Erzberger has been selected as the recipient of AIAA Intelligent Systems Award for 2014. The award recognizes important fundamental contributions to intelligent systems

technologies and applications that advance the capabilities of aerospace systems.

Dr. Erzberger is widely recognized within academia, industry, and government for his pioneering research in developing intelligent systems that increase the efficiency and safety of aircraft and air traffic control operations. During the energy crisis of the 1970’s, he created the mathematics and practical algorithms for computing fuel and cost-saving trajectories on board aircraft. These tools led to the development of Flight Management Systems, which are installed on most airliners since the mid 1980’s and continue to represent the state-of-the-art today. In the 1980’s and 90’s, Dr. Erzberger adapted the technologies from the flight deck to ground-based air traffic control. These tools provide computer intelligence and graphical user interfaces based upon advanced scheduling techniques to intelligently allocate the use of landing runways. The FAA has installed his Traffic Management Advisor at the nation’s most congested airports, including Chicago, Dallas-Ft. Worth, Atlanta, Newark, Boston, and Los Angeles among others. This robust system results in up to 25% reductions in reported delays, millions of dollars of cost savings per year, and a reduction of the frequency of unsafe incidents by two-thirds. Dr. Erzberger also contributed to the formal specification and verification of a coordination protocol for automated air traffic control system.

He synthesized an approach that joins automated air traffic control with formal verification techniques, including

model checking and encoding verification

and validation specifications using temporal

logics. His research enabled significant contributions in advancing the state of the art in formal verification and validation to enable rigorous analysis of automated aerospace systems. Arguably one of his greatest achievements, Dr. Erzberger has built an entire organization of scientists, engineers, and innovators who have, in turn, dedicated their careers to an application of intelligent systems research – air traffic management – that did not exist prior to him. Colleagues attribute the success of the Airspace Systems Division at NASA Ames Research Center to his “brilliant vision, passionate leadership, and inspiring mentorship of the bright and dedicated people who have gone through the organization”. His standing at NASA Ames Research Center, more than 90 refereed technical publications, and various awards speak to his contributions to the aerospace industry. Dr. Erzberger’s numerous advancements and use of intelligent systems have helped to shape the air traffic control systems of today and the future.

2014 AIAA Intelligent Systems Award

;

` Fall 2013

5

Kristin Rozier (left) was awarded the ISTC Service Award for her exceptional service to the ISTC. Kristin’s supervisor

Ann Patterson-Hine (right) is shown below presenting the award.

Chris Tschan (right) was presented a plaque during Infotech@Aerospace 2013

by Kelly Cohen (left) applauding his meaningful and substantial contributions to the ISTC and for initiating fresh new ideas

and goals.

AIAA Best Intelligent Systems Paper Award for 2012

Graduate student Matthew Gombolay and Assistant Professor Julie Shah from the Massachusetts Institute of Technology, Computer Science and Artificial Intelligence Laboratory were awarded the American Institute of Aeronautics and Astronautics Best Intelligent Systems Paper award for their paper, A Uniprocessor Scheduling Policy for Non-Preemptive Task Sets with Precedence and Temporal Constraints, which was published during AIAA Infotech@Aerospace 2012. The paper discusses task scheduling for processors with dynamic priority for non-preemptive tasks with precedence, wait constraints, and deadline constraints and is a piece of a larger system developed in the Interactive Robotics Group, which is led by Prof. Shah. Julie Shah is also a member of the AIAA Intelligent Systems Technical Committee.

;

` Fall 2013

6

2013 Intelligent Systems Technical Highlights for Aerospace Systems

This year the AIAA Intelligent Systems Technical Committee received a number of highlights of intelligent systems technology in aerospace systems for the year in review.

Some of these submissions are now presented (in no particular order).

Using Biological Algorithms with NASA JSC's Morpheus Flight Vehicle Design

Morpheus is a vertical test bed vehicle demonstrating new propulsion systems, autonomous landing, and hazard detection technology. There is a high fidelity Trick(r) simulation that is used with the hardware for purposes of test, design, analysis, and training. Leveraging observation of animal flocking and swarming behavior an optimization technique called Particle Swarm Optimization (PSO) tunes simulations to reflect real flight test data. Simulations are traditionally tuned using complex techniques requiring specific domain knowledge. PSO searches the multi-dimensional problem space for a solution without the need for the user to have domain knowledge of optimization or simulation technology. The PSO/Trick symbiotic architecture is useful for:

1. Black-box development matching reference data to an unknown model.

2. Rapid simulation upgrades to reflect hardware changes, without the effort of a model development cycle.

3. Validation and test. 4. Intelligent optimized control of any code-base performance

with respect to arbitrary and potentially competing metrics.

Author: Brian K. Birge (brian.k.birge@nasa.gov)

AIAA ISTC’s own Kristin Rozier, a Research Scientist at NASA Ames Research Center, Moffett Field, California, was awarded the Initiative, Inspiration, Impact Award by Women in Aerospace. Kristin is recognized for her exemplary achievement of formal specification, verification and validation of a Next Gen air traffic control system candidate and for dedication as a mentor and role model. http://www.womeninaerospace.org/news/09-19-2013_1.html http://women.nasa.gov/wiaawards/

;

` Fall 2013

7

Formal Verification of Human-automation Interaction Problems In complex systems, unexpected interactions between humans, automation, and the environment can lead to failures that were unforeseen by designers. These Human-Automation Interaction (HAI) problems are a major contributor to failures in aerospace systems. In a collaboration between the University of Illinois at Chicago, the Delft University of Technology (Delft, The Netherlands), IXION Industry and Aerospace (Madrid, Spain), and ESA, a method is being developed that allows analysts to automatically discover HAI problems using formal verification. Formal models of the human operator task, automation, and system are constructed and integrated into a larger formal system model. A model checker is then used to verify that the system supports safe HAI by checking the model against specification properties automatically generated from the task model. This method is being used to evaluate the HAI of two aerospace systems: a satellite tracking and control system and a UAV ground control station. More information can be found at http://www.sys.uic.edu/publications/Bolton2013IAASS.pdf. Authors: Matthew L. Bolton (mbolton@uic.edu), Rene van Paassen, and Noelia Jimenez

Successful Demonstration of Online Wire Chafing Fault Detection Technology on C17 Jet Engine at DFRC

The Electrical Wiring and Interconnect System in any vehicle is a critical, and sometimes overlooked, electronic subsystem where relatively minor issues can grow and eventually lead to serious safety problems like smoke, fire, and loss of critical system functionality, in addition to significant out-of-service time. Many such issues, however, would be preventable through the use of technology capable of electronically detecting common precursor wiring faults such as chafing. Towards this goal, researchers in the Intelligent Systems division at NASA Ames have developed advanced physics-based methods for automatically detecting the size and location of chafing faults to shielded and coaxial aircraft cable types. In July, these methods were successfully field-tested on cable connected to the Electronic Engine Controller of a live C17 engine while operating over a suite of test conditions at NASA Dryden. The technology was able to reliably detect and locate a 3x6mm chafe to the shield of a standard aircraft grade cable from a 4m distance, a result that strongly establishes the viability of precursor wire fault detection in live operational environments. The experiment was part of the Vehicle Systems Safety Technologies Project, Vehicle Integrated Propulsion Research test program focused on maturing engine health management technologies with a list of partners including multiple NASA centers (GRC, DFRC, LaRC, ARC), the Air Force, Pratt & Whitney, Boeing, United Technologies Research Center, Makel Engineering, Auburn University, and Kansas State University. WEBSITE: http://ti.arc.nasa.gov/project/wiring/ Author: Stefan Schuet (stefan.r.schuet@nasa.gov)

;

` Fall 2013

8

Onboard Small UAV Battery Forecasting Online algorithms for forecasting the eventual depletion of battery power onboard a small unmanned electric aircraft are being developed and demonstrated in a joint research effort between NASA LaRC and the Prognostics Center of Excellence at NASA Ames. The aircraft platform used in this study is a commercial-off-the-shelf 33% scale model of the Zivko Edge 540T airplane, powered by four lithium polymer battery packs. Challenges associated with the development and V&V of online algorithms for the representation and management of battery charge depletion risk over flights of an electric aircraft are considered to be representative of the fundamental challenges that must be addressed in other implementations of system health prognostics and post-prognostic reasoning for aerospace systems. Concepts from game theory, stochastic and multi-objective optimization, Bayesian statistics, and decision theory, are being investigated to develop generally applicable algorithmic and analytical tools for prognostics based health management in aerospace applications. Author: Brian Bole (brian.bole@nasa.gov)

Rek: A State-of-the-art Software Model Checker Rate Monotonic Scheduling (RMS) is widely used in real-time embedded software (RTES). However, combining RMS with locking is challenging. Two issues are priority inversion and deadlocks. For example, priority inversion caused the infamous Mars Pathfinder problem [1], which was solved by using Prioriry Inheritance Protocol (PIP) lock. However, incorrect use of PIP locks leads to deadlock. The High-Confidence Cyber-Physical Systems group [2] at SEI/CMU has developed a Software Model Checker, called Rek, for automatically detecting deadlocks and violations of safety properties in RTES with RMS, under various locking disciplines, including PIP. Rek has been successfully applied for verification of controllers of LEGO Mindstorms [4] and the Parrot ARDrone [5]. This represents state-of-the-art in automated analysis of source code by precisely accounting for the scheduling and locking semantics. More details are available at our project webpage [3]. References: [1] http://www.rapitasystems.com/blog/what-really-happened-to-the-software-on-the-mars-pathfinder-spacecraft [2] http://www.sei.cmu.edu/cyber-physical/research/high-confidence [3] http://www.andrew.cmu.edu/user/arieg/Rek/ [4] http://mindstorms.lego.com/en-us/default.aspx [5] http://ardrone2.parrot.com/ Authors: Sagar Chaki (chaki@sei.cmu.edu) and Arie Gurfinkel

;

` Fall 2013

9

Model Checking Intelligent Systems All unmanned aircraft, and any intelligent systems associated with them, must undergo rigorous certification before use. Researchers at the University of Liverpool’s Centre for Autonomous Systems Technology (http://www.liv.ac.uk/cast/) have developed new processes that might provide evidence for certification of unmanned aircraft, specifically the intelligence controlling the aircraft's high-level decision-making. Their approach uses model checking, a kind of formal verification which works on a model of a program and its environment. Such models are analysed exhaustively and automatically by a model checker relative to some formal requirements. These requirements can be based on safety concerns or desired system functionality, e.g., “At all times, the unmanned aircraft will request permission before taxiing.” The team verified a rational agent-based intelligent system against a set of requirements derived from the Rules of the Air as well as Airmanship. More recent work has expanded the approach to include verification of ethical behaviour of intelligent systems. For more details see: Matt Webster, Neil Cameron, Michael Fisher and Mike Jump. Generating Certification Evidence for Autonomous Unmanned Aircraft Using Model Checking and Simulation. To appear in AIAA Journal of Aerospace Information Systems. Author: Matt Webster (m.webster@liverpool.ac.uk)

Real time cloud screening onboard the Next Generation Airborne Visible Infrared Imaging Spectrometer (AVIRIS-NG).

Next-generation Earth orbiting imaging spectrometers will generate unprecedented data volumes, requiring new methods to optimize storage and communications resources. Instruments that screen cloud-contaminated images could improve data volumes by a factor of two for typical missions. A team at JPL recently demonstrated real time cloud screening onboard the “Next Generation” Airborne Visible Infrared Spectrometer (AVIRIS-NG). The system operates in real time at Gb/s data rates. Operators exploit foreknowledge of solar geometry and stable radiometric calibration to predict the apparent brightness distributions for clouds and terrain in advance of each new observation. These define optimal channel thresholds in terms of raw instrument data values. The method was implemented in a software testbed that operated alongside the main data acquisition pipeline during AVIRIS-NG flights. It excised cloud-contaminated data without any false positive errors during a week-long science campaign in Casper, WY. To our knowledge this test marks the highest execution speed yet demonstrated by a real time cloud screening system. More information on the AVIRISng instrument is available at http://airbornescience.jpl.nasa.gov/instruments/avirisng

Authors: David R. Thompson (david.r.thompson@jpl.nasa.gov) and Robert O. Green (robert.o.green@jpl.nasa.gov) et al.

;

` Fall 2013

10

Enhanced Operator Function Model with Communications (EOFMC)

Our task analytic modeling formalism, Enhanced Operator Function Model with Communications (EOFMC), supports analyses of single operators, as well as groups of human operators working with each other and automation. Our work has focused on function allocation and related issues including mode confusion, adherence to procedures, and human-human communication. Using our EOFMC to SAL translators, the translated models can be composed with other modules of interest and analyzed by a model checker. Counter examples can be visualized using our counter example visualizer. With respect to model checking using SAL, we developed techniques for automatically generating task analytic models encompassing erroneous human behavior from normative formal task models and can replicate Hollnagel’s zero-order phenotypes of erroneous action for omissions, jumps, repetitions, and intrusions. We also developed methods for automatically generating formal task analytic models encompassing erroneous human behavior where the misapplication of strategic knowledge is used to generate erroneous behavior.

E. J. Bass, M. L. Bolton, K. Feigh, D. Griffith, E. Gunter, W. Mansky, and J. Rushby, “Toward a multi-method approach to formalizing human-automation interaction and human-human communications,” in Proc IEEE Int’l Conf on Systems Man and Cybernetics, 2011.

M. L. Bolton and E. J. Bass, “Evaluating human-human communication protocols with miscommunication generation and model checking,” in NASA Formal Methods, Lecture Notes in Computer Science (G. Brat, N. Rungta, and A. Venet, eds.), vol. 7871, pp. 48–62, Springer-Verlag, 2013.

Authors: Ellen J. Bass (ejb96@drexel.edu) and Matthew L. Bolton (mbolton@uic.edu)

Representing and Exploiting Cumulative Experience with Objects for Autonomous Manipulation

Remote manipulation tasks (geology, habitation construction, maintenance and repair) involves high-bandwidth control of contact forces. When significant communication lags exist, this requires autonomous control on-site. We contend that this capability relies on knowledge of objects, tools, and assemblies. Professor Rod Grupen, UMass Amherst, has received a NASA GCT grant to develop models and skills for autonomous

manipulation. The approach allows robots to learn models and skills in situ---by direct exploratory interaction---to support probabilistic reasoning about novel tasks. We adopt a representation of objects in terms of their affordances for control and formulate plans that optimize information gain to solve assembly tasks. The goal of the study is to formalize the representation and use of control knowledge, learn models of 100 mission-relevent objects, and demonstrate unprecedented levels of autonomy in manipulation tasks including multi-body assembly tasks.

Author: Rod Grupen (grupen@cs.umass.edu) and Shiraj Sen (shiraj@cs.usmass.edu)

;

` Fall 2013

11

Uncertainty Management in Automated Prognostics and

Health Monitoring A work element of the System Wide Safety Assurance Project at NASA Ames Research Center focused on identifying risks and providing knowledge required to safely manage increasing complexity in the design and operation of vehicles and air transportation systems. This was established through the development of an automated, onboard prognostics and health management system in engineering applications that are used in time-critical and safety-critical missions. Researchers at NASA Ames have developed a theoretical framework for uncertainty quantification and management in prognostics, using which it is possible to identify the different sources of uncertainty that affect prognostics and systematically estimate the uncertainty in the remaining useful life of systems by analyzing possible failure scenarios and fault degradation modes. Information regarding prediction uncertainty will be used to focus on uncertainty reduction and provide useful information for decision-making activities such as fault recovery and mission re-planning. The developed framework has been extensively tested by monitoring the power system of mobile robots and unmanned aerial vehicles, and successful results have been obtained. These results have been presented in AIAA conferences on system health management and uncertainty management, and documented in several renowned publications (Webpage: http://ti.arc.nasa.gov/tech/dash/pcoe/uncertainty-prognostics/).

Author: Shankar Sankararaman (shankar.sankararaman@nasa.gov)

HW/SW Architecture Analysis on Correctness, Performance and

Safety & Dependability We report on the emergence of a broad palette of formal modeling and analysis techniques aimed for spacecraft architecture validation in the early design (phase B and C). It tackles the increasing difficulty of analyzing spacecraft software, particularly that of the fault management system, as it crosscuts the whole spacecraft. Our approach is holistic, rigorous and semi-automated. A single and integrated model is expressed in AADL (Architecture Analysis and Design Language), covering both nominal, erroneous and degraded operations. The model's formal nature enables rigorous and semi-automated analysis using the recently developed COMPASS toolset. It generates validation artifacts of the design's functional correctness, safety and dependability aspects (FTA & FMEA generation), performability (Markov analysis) and fault management effectiveness. Model checkers, and probabilistic variants thereof, are cornerstone to this. We evaluated the technology with great success on satellite fault management architectures of ongoing European missions. It is developed by a consortium of the European Space Agency, RWTH Aachen University, Fondazione Bruno Kessler and Thales Alenia Space. More information can be found on our website: http://compass.informatik.rwth-aachen.de/ Author: Viet Yen Nguyen (nguyen@cs.rwth-aachen.edu)

;

` Fall 2013

12

Verification of Safe Aircraft Separation As airspace becomes ever more crowded, air traffic management must reduce both space and time between aircraft to increase throughput, making on-board collision avoidance systems ever more important. However, complexities that arise from non-linear flight trajectories make these systems impossible to analyze completely via testing or simulation, since no amount of simulation could capture all possible aircraft behavior. With thousands of aircraft in flight at any given time, it is difficult to predict whether executing a local collision avoidance maneuver may cause unintended behavior elsewhere, thereby doing more harm than good. For example, simple roundabout maneuvers, which are safe for a few aircraft, may be a terrible idea for crowded airspace. As illustrated, two maneuvers executed in close proximity may cause a new, unavoidable collision. This unexpected effect, called an emergent behavior, is one of several challenges researchers working with André Platzer at Carnegie Mellon University address using formal verification methods for cyber-physical systems. To ensure safety for these complex systems, they employ their theorem prover, KeYmaeraD [1], which soundly handles the continuous and non-linear flight trajectories, as well as the infinite behaviors that can result from an arbitrary number of planes entering and exiting maneuvers. Using KeYmaeraD, they proved safe separation for an arbitrary number of aircraft flying under the disc-based collision avoidance scheme pictured [2], a level of verification that has yet to be accomplished for any other distributed and flyable collision avoidance protocol. (http://symbolaris.com/info/RCAS.html) [1] D. W. Renshaw, S. M. Loos, and A. Platzer, “Distributed Theorem Proving for Distributed Hybrid Systems,” in ICFEM, 2011, vol. 6991, pp. 356–371. [2] S. M. Loos, D. Renshaw, and A. Platzer, “Formal verification of distributed aircraft controllers,” in Proceedings of the 16th international conference on Hybrid systems: computation and control, 2013, pp. 125–130. Authors: Sarah M Loos (sloos@cs.cmu.edu) and Andre Platzer (aplatzer@cs.cmu.edu)

;

` Fall 2013

13

TACTICAL FLIGHT MANAGEMENT SYSTEM (T-FMS)

EXPERIMENT ON THE ADVANCED CONCEPTS FLIGHT SIMULATOR (ACFS)

Loss of Control (LOC) remains the leading category of commercial airplane accidents. Roughly half of the recent LOC events involve loss of airplane state awareness, with automation confusion and/or awareness playing a role in the majority of these events. Under NextGen, there will be an increased dependency on automation as aircraft fly energy efficient optimized profile descents and continuous descent approaches under trajectory based operations. As a result, mode awareness and energy state management aspects of flight-deck automation will become even more critical. The Vehicle Systems Safety Technologies (VSST) project is evaluating Tactical Flight Management System (T-FMS) technologies, within a simulated Next Generation Air Transportation System (NextGen) environment, on the Advanced Concepts Flight Simulator (ACFS) at the Crew-Vehicle Systems Research Facility (CVSRF) at NASA Ames. The software predicts the future flight path and energy state of the aircraft, by taking into account anticipated autopilot mode transitions, in order to address loss of mode and energy state awareness issues. The Next-Gen Concepts and Technology Development (CTD) project is also evaluating these technologies in support of Single Pilot Operations (SPO). This flight-deck simulation evaluation was successfully completed at the end of June. In all, 10 commercial airline crews and 2 (retired) single pilots participated in the ACFS simulation study. VSST is a project under the Aviation Safety (AvSP) program, directed by Doug Rohn at Headquarters, and led by NASA LaRC. CTD is a project under the Airspace Systems Program (ASP), directed by John Cavolosky at Headquarters, and led by NASA Ames. Author: John Kaneshige (john.t.kaneshige@nasa.gov)

;

` Fall 2013

14

A toolchain for the safety analysis of flight-critical systems The increasing complexity of flight-critical systems (FCS) requires infrastructures that provide high level of confidence and safety assurance. As mandated by DO-178C and its formal method supplement DO-333, the ideal tool and method should combine the easiness of use and efficiency of a model-based approach with the completeness and verifiability of formal method. The purpose of this work is to develop multidisciplinary V&V tools and techniques that advance safety assurance and certification of complex FCS. For such purpose, we have designed a toolchain that integrates compilers and formal verification tools to support the development of controllers. The overall framework consists of three level. Each level of design embed a dedicated formal design language (or programming language) and tools to perform analysis. This framework relies on modular compilation that preserves the hierarchical structure of the controller throughout the compilation. The main emphasis was to ensure functional properties at the appropriate level. The toolchain has been applied to aerospace representative examples: a FADEC and a simple aircraft PID controller. Both enriched with a safety architecture based on redundancy, voters, and alarm logics. (http://www.cmu.edu/silicon-valley/faculty-staff/kahsai-work.html)

Author: Temesghen Kahsai Azene (temesghen.kahsaiazene@nasa.gov)

SPEcification Editing and DiscoverY tool (SPEEDY) GrammaTech received an award from NASA to prototype a specification editing and discovery tool (SPEEDY) for C/C++ code analysis. Packaged as a plug-in to the Eclipse integrated development environment (IDE), the tool will assist software developers in modular formal verification tasks. SPEEDY will provide automated suggestions of specifications for given contexts, with user interface features aiding developers in generating, editing, and checking specifications. SPEEDY will essentially be able to look over your shoulder, using machine-checkable specifications to automate sound verification and warn you if something isn’t right. The user-interface features and underlying automation in SPEEDY will facilitate the use of formal methods by all software developers, improving efficiency and accuracy of development teams. Here is more info on SPEEDY: http://www.grammatech.com/news/releases/nasa-contract-for-eclipse-specification-editing-discovery-tool Author: David Cok (dcok@grammatech.com)

;

` Fall 2013

15

ISTC Leadership

Chair: Kelly Cohen kelly.cohen@uc.edu Vice Chair: Chris Tschan chris.tschan@aero.org Chair-elect: Nhan Nguyen nhan.t.nguyen@nasa.gov Secretary: David Casbeer david.casbeer@us.af.mil

Subcommittee Chairs’ Names Email Address

Awards Nhan Nguyen and Chelsea Sabo

nhan.t.nguyen@nasa.gov cmsabo8@gmail.com

Conference Planning Yucel Adnan and David Casbeer

adnan.yucel@lmco.com david.casbeer@us.af.mil

Membership Kelly Cohen, Chris Tschan and David Casbeer

kelly.cohen@uc.edu chris.tschan@aero.org david.casbeer@us.af.mil

Procedures Mitch Ingham and Sam Adhikhari

michel.d.ingham@jpl.nasa.gov sadhikari@sysoft.com

Publications Kristin Rozier and Ella Atkins

kristin.y.rozier@nasa.gov ematkins@umich.edu

Professional Development, Education & Outreach

Chelsea Sabo and Kristin Rozier

cmsabo8@gmail.com kristin.y.rozier@nasa.gov

Public Policy Chris Tschan and Elad Kivelevitch

chris.tschan@aero.org kiveleeh@ucmail.uc.edu

Website Leeha Wood and Nick Ernest

lwood@tdkc.com ernestnd@mail.uc.edu