Trustworthy Autonomy Development & Flight Demonstration
Transcript of Trustworthy Autonomy Development & Flight Demonstration
![Page 1: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/1.jpg)
Trustworthy AutonomyDevelopment & Flight Demonstration
Multi-Monitor Run Time Assurance Research Update
Mark Skoog
Armstrong Flight Research Center
![Page 2: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/2.jpg)
Research Timeline
Automation Research
AFTI/F-16Advanced Fighter Technology Integration
AFTI & ACAT/F-16Automated Collision Avoidance Technology
SUAV/iGCAS/SR22Improved Collision Avoidance System
1980 2000
Dedicated Safety Work for Fighters
2010 2017
Platform Diversity
Automated Collision
Avoidance
Ground
Air
Integrated
Small UAS
GA
Quad-Rotor
Automated Maneuvering Attack System
(AMAS)
Ground Collision
Avoidance
Transition
![Page 3: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/3.jpg)
Ground Collision Avoidance System(GCAS)
3
Predict Escape Trajectories
Predict Future Threat State
Determine Need to Evade
& Threat Lethality
Evade
Notify
• Evasion Types
• Maneuvering Capability
• Evasion Trajectory Estimations
• Associated Uncertainties
• Scan/Track Pertinent Threat
• Simplify Threat Profile
• Associated Uncertainties
• Minimum Approach
• Integrity Check
• Time to Evade
• Command Evasion
• Integrity Check
• Execute
•. Evasion
• Alert
• Record
• Recall
Pilot Controls
• Mode Selection
• Interface
Sense
Own-State &Atmospherics• Sufficient to
support
trajectory
estimation
Trajectory Predictions
Sense
CollisionThreat
• Terrain• Aircraft• Weather• Missiles
Common
Interface
Autopilot
Coupler
Common Functional Architecture
![Page 4: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/4.jpg)
Avoid Collisions
![Page 5: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/5.jpg)
Do Not Impede the Pilot
![Page 6: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/6.jpg)
6
Flight 18 event 6, 45 kts, 100’ buffer
sUAV
![Page 7: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/7.jpg)
Automatic Air Collision Avoidance System(Auto ACAS)
![Page 8: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/8.jpg)
Automatic Integrated Collision Avoidance System(Auto ICAS) - Air & Ground Multi-Ship
![Page 9: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/9.jpg)
The Challenge of Autonomy
• Verification & Certification of a Complex System
ComplexSystem
DeterministicSafety Net
• Verification & Certification of a Complex System
• A Possible Solution – Run-Time Assurance (RTA)
9
![Page 10: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/10.jpg)
Ground Collision Avoidance System(GCAS)
Predict Escape Trajectories
Predict Future Threat State
Determine Need to Evade
& Threat Lethality
Evade
Notify
• Evasion Types
• Maneuvering Capability
• Evasion Trajectory Estimations
• Associated Uncertainties
• Scan/Track Pertinent Threat
• Simplify Threat Profile
• Associated Uncertainties
• Minimum Approach
• Integrity Check
• Time to Evade
• Command Evasion
• Integrity Check
• Execute
•. Evasion
• Alert
• Record
• Recall
Pilot Controls
• Mode Selection
• Interface
Sense
Own-State &Atmospherics• Sufficient to
support
trajectory
estimation
Trajectory Predictions
Sense
CollisionThreat
• Terrain• Aircraft• Weather• Missiles
Common
Interface
Autopilot
Coupler
10
![Page 11: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/11.jpg)
Multi-Monitor RTA (MM-RTA)with Risk-Based Decision Making
11
![Page 12: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/12.jpg)
Informing the Standards Community
Research findings vetted with ASTM International through Working Group 53403 (WK53403)
• WK53403 Goal: Develop a standard practice that safely bounds the flight behavior of autonomous UAS
• Involvement originated from AFRC collaboration with FAA regarding Auto GCAS and integrity management work on early autonomy concepts
• Published Industry Standard Practice in Oct 2017
12
![Page 13: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/13.jpg)
Recovery
Controller
RTA
Input
Manager
Veh
icle
Man
ag
em
en
t S
yste
m
Safety
Monitor
SensorsSensors
SensorsSensors RTA
Switch
Untrusted
System
Traditional RTA Framework
Baseline Aircraft
RTA Trusted Functions
Untrusted Controllers
Legend
Sensors
13
![Page 14: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/14.jpg)
Switch
Recovery
Control
Safety/Behavioral
MonitorSafety/Behavioral
MonitorSafety/Behavioral
MonitorSafety/Behavioral
Monitor
Recovery
ControlRecovery
ControlRecovery
Control
Integrity
Monitor
Fli
gh
t C
on
tro
l S
yste
mSwitch
Control
SensorsSensors
SensorsSensors
MM-RTA FrameworkThis Work is Unique to AFRC
Flight Executivecomponents
Untrusted
Systems
14
![Page 15: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/15.jpg)
TravelerPhase 1 EVAA DevelopmentObjective
• Develop research findings to inform standards development for certifiable autonomy
• Evaluate the dynamic interaction of an MM-RTA with no integration between monitors
Expandable Variable-Autonomy Architecture (EVAA)• Stretching the paradigm of autonomy
• Deterministic Rulesets Bounding Autonomous Behavior
• Functionally Partitioned Monitors
• Risk-Based Decision Making
• A process enabling certification• Software Architecture/Framework
• Test Approach
• Scalable autonomy• Pilot-in-the-Loop to “Fully Autonomous”
Low Altitude Small UAS Test Ranges (LASUTR)• A tool for certification
• High-risk integrated research
TN36657
Phase 1 EVAA
![Page 16: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/16.jpg)
MM-RTA: Key EVAA Accomplishments
16
• Aircraft/Testbed Modifications
• Research Processor Integrated Jan 17
• Sound & Lighting System Installed May 17
• Research System
• Functional Requirements Completed Nov 16
• Design Completed Feb 17
• Coding Completed Mar 17
• Patent for GCAS Monitor Issued May 17
• V&V
• Hardware in the Loop Sim Completed Mar 17
• Integrated V&V Completed May 17
• Flight Test
• Aircraft Characterization Test Completed Mar 17
• EVAA Flight Test Began May 17
• Reporting
• Update to FAA & ASTM May 17
Flight Controls
EVAA Processor
Development Environment HITLS
LiDAR data for Obstacle Avoidance
MM-RTA Flight Test Begun
![Page 17: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/17.jpg)
![Page 18: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/18.jpg)
Flight Test AccomplishmentsEVAA Command Delegation with Conflicting Multi-Monitor Resolution
Waypoint Following Control
GeoFence Control
60
0’ T
all
Ob
sta
cle
No-Fly Zone
Ground Collision Avoidance Control
![Page 19: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/19.jpg)
EVAA Phase 2
![Page 20: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/20.jpg)
EVAA Phase 2 DevelopmentOSD’s JCTD Resilient Autonomy Project
![Page 21: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/21.jpg)
EVAAFlight Executive
Expandable Variable-Autonomy Architecture (EVAA)Phase 2
Mission Functions:• Takeoff
• Landing
• WP Follower
• In-Flight Route Planner
• Mission Planner
• Terrain Following
Coupler• Elissa
• HQ-x
• Cozy – MGL
• Towed Glider
Light
System
Voice
System
Sound
System
Pilot
Ground
Control
Station
Moral
Compass
Maneuver
Selection
Sh
are
d D
ata
iGCAS
Privacy & Personal
Space Asur.
Auto ACAS
Geo-Fence
Sep. Asur.
Person
Avoidance
Wx Avoidance
Obstacle
Avoidance
Map Manager
Trajectory Manager
• Terrain• Features• Risk• Imagery
Monitors
Helper
Functions
In-Flight
Re-Planner
Re-Route
SelectionSensors:• Aircraft State
• Attitudes• Rates
• Navigation• GPS• INS• TRN• Vis Nav
• Physical Threats• Stereo Vis• DAA Radar
• Environmental Threats• Winds• Weather
Nothing
System Wide Integrity
Monitors
Contingency
MangersRules of Behavior
Radio
Select Highest
Consequence
Non-Viable
Maneuvers by
Consequence
Re-Routing
Validated
Data
Guidance
Commands
AP Engagement
& Capture
Commands
FCS
Status &
Health
Dynamic
Consistency Checks
OLIV• Boundary Crosschecks
• Monitor Persistence
Checks
• Mission Progress
Checks
Test Safety
Self-Health Checks
Coupler
Sh
are
d D
ata
.
FLS
Geo-Recover
RTB
Where-to-Land
FCSLOC Prevention*
LOC Recovery*
Autopilot
De
rive
d D
ata
Flight
Plan/Req
Route Verifier
Intent
Manager
External
Data
Interface
Cellular
Network
Internet
![Page 22: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/22.jpg)
OSD Resilient Autonomy
ADS-B & DAA Radar
Non-Safety Critical Link
Cooperative & Non-Cooperative Targets
GCS Features• Mission Plan Verification• Situational Awareness
Displays
Visual-Nav System – transient operation in GPS denied or degraded environment
Automatic Well-Clear & Air Collision-Avoidance
Automatic Ground & Obstacle Collision-Avoidance
EVAA
Processor
EVAA• Certifiable Autonomy• Safe Pilotless BLOS Ops• Risk-Based Decision Logic• Easily Tailored to any Vehicle &
Mission
Obstacles
Terrain
Automatic Airspace Boundaries & Safe-Ditch Contingency Management
Cellular or
Other Link
HQ-90
Non-Safety Critical Link
![Page 23: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/23.jpg)
HQ-90 Testbed• 103 Lbs. Max Gross Takeoff Weight
• 14’ 8” Wingspan
• 20 to 30 Pound Payload
• 12 to 24 hours Endurance
Command
& Control
Link
Safety Pilot
Radio
GCS
Laptop
Piccolo 2
Autopilot
EVAA
Processor
Cellular or
Other Link
Big
Data
ADS-B
DAA Radar
VisNav &
Detection
Flight Test
Only
Ground Control
Station
Flight Test
Link
![Page 24: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/24.jpg)
DAA Approach
24
Separation AssuranceBehavioral
Air Collision AvoidanceLoss of life
Ground
Collision AvoidanceLoss of property
![Page 25: Trustworthy Autonomy Development & Flight Demonstration](https://reader031.fdocuments.net/reader031/viewer/2022012510/6187b23160f1a37dbc32b9ab/html5/thumbnails/25.jpg)
25
Questions