Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
EVALUATING THE EVALUATING THE AUTONOMY OF AUTONOMY OF UAVsUAVs
Herbert Hecht, Ph. D.Herbert Hecht, Ph. D.SoHaR IncorporatedSoHaR IncorporatedCulver City, CaliforniaCulver City, California
NO HUMAN PILOTNO HUMAN PILOT
SAVES WEIGHTSAVES WEIGHTSIMPLIFIES DESIGNSIMPLIFIES DESIGNINCREASES LOSS INCREASES LOSS ACCEPTANCEACCEPTANCEEXTENDS FLIGHT EXTENDS FLIGHT ENVELOPEENVELOPE
ALL HANDLING OF ALL HANDLING OF ANOMALOUS ANOMALOUS CONDITIONS MUST CONDITIONS MUST BE PROGRAMMED BE PROGRAMMED AND TESTED IN AND TESTED IN ADVANCEADVANCE
EXCEPTION HANDLING
SOFTWARE TESTINGSOFTWARE TESTING
REQUIREMENTS BASEDREQUIREMENTS BASEDALL STATED REQUIREALL STATED REQUIRE--MENTS HAVE BEEN MENTS HAVE BEEN IMPLEMENTEDIMPLEMENTEDEXECUTION PRODUEXECUTION PRODU--CES DESIRED CES DESIRED RESULTSRESULTS
STRUCTURALSTRUCTURALTRAVERSAL OF TRAVERSAL OF IMPLEMENTED IMPLEMENTED PATHS PRODUPATHS PRODU--CES NO CES NO UNDESIRABLE UNDESIRABLE RESULTSRESULTS
NEITHER APPROACH ASSURES ADEQUACY OF EXCEPTION HANDLING
EXCEPTION HANDLINGEXCEPTION HANDLING
VERY LITTLE LITERATUREVERY LITTLE LITERATUREEXCEPT FOR LANGUAGE CONSTRUCTSEXCEPT FOR LANGUAGE CONSTRUCTS
NO GUIDANCE FOR SYSTEM LEVEL NO GUIDANCE FOR SYSTEM LEVEL REQUIREMENTS FORMULATIONREQUIREMENTS FORMULATIONMOST SOFTWARE FAILURES IN WELLMOST SOFTWARE FAILURES IN WELL--TESTED SYSTEM ARE DUE TO FAULTY TESTED SYSTEM ARE DUE TO FAULTY EXCEPTION HANDLINGEXCEPTION HANDLING
EXCEPTION HANDLING AND EXCEPTION HANDLING AND CRITICALITYCRITICALITY
SPACESPACE SHUTTLE AVIONICS SOFTWARESHUTTLE AVIONICS SOFTWAREFraction EH
00.10.20.30.40.50.60.70.80.9
1
Safety
Crit,
Mission
Crit.
Major
Interm
ediate
Minor
Hecht, H. and P. Crane, “Rare Conditions and their Effect on Software Failures”, Proc. of the 1994 Annual Reliability and Maintainability Symposium”, January 1994, pp. 334 – 337.
MORE EXCEPTION HANDLING MORE EXCEPTION HANDLING FAILURESFAILURES
0.54
0.30
0.160.00
DEFENSE
TELEPHONY
COMMONROUTINES
EXECUTIVE
ALL FAILURES GLOBAL FAILURES
Kanoun, K. and T. Sabourin, “Software Dependability of a Telephone Switching System”, Digest of Papers, FTCS-17, Pittsburgh PA, July 1987, pp. 236 – 241
0.3
0.29
0.26
0.15
DEFENSE
TELEPHONY
COMMONROUTINESEXECUTIVE
RELEVANT QUOTESRELEVANT QUOTES““The main line software code usually does its job. Breakdowns typThe main line software code usually does its job. Breakdowns typically ically
occur when the software exception code does not properly handle occur when the software exception code does not properly handle abnormal input or environmental conditions abnormal input or environmental conditions –– or when an interface or when an interface does not respond in the anticipated or desired manner.does not respond in the anticipated or desired manner.””
C. K. Hansen, C. K. Hansen, The Status of Reliability Engineering Technology 2001The Status of Reliability Engineering Technology 2001, Newsletter of the IEEE , Newsletter of the IEEE Reliability Society, January 2001Reliability Society, January 2001
““Therefore the identification and handling of the exceptional sitTherefore the identification and handling of the exceptional situations uations that might occur is often just as (that might occur is often just as (un)reliableun)reliable as human intuition.as human intuition.””
FlaviuFlaviu CristianCristian ““Exception Handling and Tolerance of Software FaultsException Handling and Tolerance of Software Faults”” in in Software Fault Tolerance,Software Fault Tolerance,Michael R. Lyu, ed., Wiley, New York, 1995Michael R. Lyu, ed., Wiley, New York, 1995
SPECIFYING EXCEPTION SPECIFYING EXCEPTION HANDLING IS DIFFICULTHANDLING IS DIFFICULT
EXCEPTION CONDITIONS ARISE FROM EXCEPTION CONDITIONS ARISE FROM SEVERAL LEVELSSEVERAL LEVELS
SPECIFYING EXCEPTION SPECIFYING EXCEPTION HANDLING IS DIFFICULTHANDLING IS DIFFICULT
EXCEPTION CONDITIONS ARISE FROM EXCEPTION CONDITIONS ARISE FROM SEVERAL LEVELSSEVERAL LEVELSEXCEPTION CONDITIONS ARE MORE EXCEPTION CONDITIONS ARE MORE DIFFICULT TO UNDERSTAND THAN DIFFICULT TO UNDERSTAND THAN MAIN LINE REQUIREMENTSMAIN LINE REQUIREMENTS
SPECIFYING EXCEPTION SPECIFYING EXCEPTION HANDLING IS DIFFICULTHANDLING IS DIFFICULT
EXCEPTION CONDITIONS ARISE EXCEPTION CONDITIONS ARISE FROM SEVERAL LEVELSFROM SEVERAL LEVELSEXCEPTION CONDITIONS ARE MORE EXCEPTION CONDITIONS ARE MORE DIFFICULT TO UNDERSTAND THAN DIFFICULT TO UNDERSTAND THAN MAIN LINE REQUIREMENTSMAIN LINE REQUIREMENTSEXCEPTIONS OCCUR INFREQUENTLY EXCEPTIONS OCCUR INFREQUENTLY BUT REQUIRE DISPROPORTIONATE BUT REQUIRE DISPROPORTIONATE EFFORTEFFORT
SOURCES OF EXCEPTIONSSOURCES OF EXCEPTIONSOPERATIONAL REQUIREMENTS
LOSS OF PROPULSION, ELECTRIC POWER, COMMUNICATION, THERMAL CONTROL
IMPLEMENTATION DETAILCALIBRATION ANOMALIES, ACTUATOR STATES, SENSOR INPUT
COMPUTING ENVIRONMENTHARDWARE FAILURES, MEMORY ERRORS, EXECUTIVE, MIDDLEWARE
MONITORING AND SELF-TESTOVER-TEMPERATURE SENSORS, SYSTEM PERFORMANCE TEST
APPLICATION SOFTWAREASSERTIONS, VIOLATION OF TIMING CONSTRAINTS, MODE CHANGES
WHO IS RESPONSIBLE?WHO IS RESPONSIBLE?
OPERATIONAL REQUIREMENTS
IMPLEMENTATION DETAILS
COMPUTING ENVIRONMENT
MONITORING AND SELF-TEST
APPLICATION SOFTWARE
SYSTEM
ENGINEERING
EQUIPMEMT
SPECIALIST
VEHICLE
HEALTH MGM’T
SOFTWARESOFTWARE
ENGINEERINGENGINEERING
REQUIREMENT GENERATIONREQUIREMENT GENERATION
OBJECTIVE OBJECTIVE EXCEPTION CONDITION AND ACTIONEXCEPTION CONDITION AND ACTION
ALGORITHMALGORITHMQUANTITATIVE CONDITION DESCRIPTIONQUANTITATIVE CONDITION DESCRIPTIONTIMING AND RESPONSIBILITY FOR TIMING AND RESPONSIBILITY FOR ACTIONACTION
ASSIGNMENTASSIGNMENTSPECIFY SOFTWARE IMPLEMENTATION SPECIFY SOFTWARE IMPLEMENTATION OF ALGORITHMOF ALGORITHM
DOES IT ADD UP?DOES IT ADD UP?
CONCEPT SYST. REQ'MTS SOFTW.REQ'MTS SOFTW.DESIGN CODING
OBJECTIVE ALGORITHM ASSIGNM'T
OBJECTIVE ALGORITHM ASSIGNM'T
OBJECTIVE ALGORITHM ASSIGNM'T
OBJECTIVE ALGORITHM ASSIGNM'T
OBJECTIVE ALGORITHM ASSIGNM'T
OPERATIONAL REQM'TS
IMPLEMENTATION
COMPUTING ENV.
MONIT. & SELF-TEST
APPLICATION SOFTW.
SOLUTIONS TO THE PROBLEMSOLUTIONS TO THE PROBLEM
SHARING EXISTING PRACTICESSHARING EXISTING PRACTICESSHARING EXPERIENCESHARING EXPERIENCECREATING AND SHARING TOOLSCREATING AND SHARING TOOLS
INTEREST GROUPINTEREST GROUPSTANDARDS WORKING GROUPSTANDARDS WORKING GROUPRECOMMENDED PRACTICERECOMMENDED PRACTICE