EVALUATING THE EVALUATING THE AUTONOMY OF AUTONOMY OF UAVsUAVs

Herbert Hecht, Ph. D.Herbert Hecht, Ph. D.SoHaR IncorporatedSoHaR IncorporatedCulver City, CaliforniaCulver City, California

NO HUMAN PILOTNO HUMAN PILOT

SAVES WEIGHTSAVES WEIGHTSIMPLIFIES DESIGNSIMPLIFIES DESIGNINCREASES LOSS INCREASES LOSS ACCEPTANCEACCEPTANCEEXTENDS FLIGHT EXTENDS FLIGHT ENVELOPEENVELOPE

ALL HANDLING OF ALL HANDLING OF ANOMALOUS ANOMALOUS CONDITIONS MUST CONDITIONS MUST BE PROGRAMMED BE PROGRAMMED AND TESTED IN AND TESTED IN ADVANCEADVANCE

EXCEPTION HANDLING

SOFTWARE TESTINGSOFTWARE TESTING

REQUIREMENTS BASEDREQUIREMENTS BASEDALL STATED REQUIREALL STATED REQUIRE--MENTS HAVE BEEN MENTS HAVE BEEN IMPLEMENTEDIMPLEMENTEDEXECUTION PRODUEXECUTION PRODU--CES DESIRED CES DESIRED RESULTSRESULTS

STRUCTURALSTRUCTURALTRAVERSAL OF TRAVERSAL OF IMPLEMENTED IMPLEMENTED PATHS PRODUPATHS PRODU--CES NO CES NO UNDESIRABLE UNDESIRABLE RESULTSRESULTS

NEITHER APPROACH ASSURES ADEQUACY OF EXCEPTION HANDLING

EXCEPTION HANDLINGEXCEPTION HANDLING

VERY LITTLE LITERATUREVERY LITTLE LITERATUREEXCEPT FOR LANGUAGE CONSTRUCTSEXCEPT FOR LANGUAGE CONSTRUCTS

NO GUIDANCE FOR SYSTEM LEVEL NO GUIDANCE FOR SYSTEM LEVEL REQUIREMENTS FORMULATIONREQUIREMENTS FORMULATIONMOST SOFTWARE FAILURES IN WELLMOST SOFTWARE FAILURES IN WELL--TESTED SYSTEM ARE DUE TO FAULTY TESTED SYSTEM ARE DUE TO FAULTY EXCEPTION HANDLINGEXCEPTION HANDLING

EXCEPTION HANDLING AND EXCEPTION HANDLING AND CRITICALITYCRITICALITY

SPACESPACE SHUTTLE AVIONICS SOFTWARESHUTTLE AVIONICS SOFTWAREFraction EH

00.10.20.30.40.50.60.70.80.9

1

Safety

Crit,

Mission

Crit.

Major

Interm

ediate

Minor

Hecht, H. and P. Crane, “Rare Conditions and their Effect on Software Failures”, Proc. of the 1994 Annual Reliability and Maintainability Symposium”, January 1994, pp. 334 – 337.

MORE EXCEPTION HANDLING MORE EXCEPTION HANDLING FAILURESFAILURES

0.54

0.30

0.160.00

DEFENSE

TELEPHONY

COMMONROUTINES

EXECUTIVE

ALL FAILURES GLOBAL FAILURES

Kanoun, K. and T. Sabourin, “Software Dependability of a Telephone Switching System”, Digest of Papers, FTCS-17, Pittsburgh PA, July 1987, pp. 236 – 241

0.3

0.29

0.26

0.15

DEFENSE

TELEPHONY

COMMONROUTINESEXECUTIVE

RELEVANT QUOTESRELEVANT QUOTES““The main line software code usually does its job. Breakdowns typThe main line software code usually does its job. Breakdowns typically ically

occur when the software exception code does not properly handle occur when the software exception code does not properly handle abnormal input or environmental conditions abnormal input or environmental conditions –– or when an interface or when an interface does not respond in the anticipated or desired manner.does not respond in the anticipated or desired manner.””

C. K. Hansen, C. K. Hansen, The Status of Reliability Engineering Technology 2001The Status of Reliability Engineering Technology 2001, Newsletter of the IEEE , Newsletter of the IEEE Reliability Society, January 2001Reliability Society, January 2001

““Therefore the identification and handling of the exceptional sitTherefore the identification and handling of the exceptional situations uations that might occur is often just as (that might occur is often just as (un)reliableun)reliable as human intuition.as human intuition.””

FlaviuFlaviu CristianCristian ““Exception Handling and Tolerance of Software FaultsException Handling and Tolerance of Software Faults”” in in Software Fault Tolerance,Software Fault Tolerance,Michael R. Lyu, ed., Wiley, New York, 1995Michael R. Lyu, ed., Wiley, New York, 1995

SPECIFYING EXCEPTION SPECIFYING EXCEPTION HANDLING IS DIFFICULTHANDLING IS DIFFICULT

EXCEPTION CONDITIONS ARISE FROM EXCEPTION CONDITIONS ARISE FROM SEVERAL LEVELSSEVERAL LEVELS

SPECIFYING EXCEPTION SPECIFYING EXCEPTION HANDLING IS DIFFICULTHANDLING IS DIFFICULT

EXCEPTION CONDITIONS ARISE FROM EXCEPTION CONDITIONS ARISE FROM SEVERAL LEVELSSEVERAL LEVELSEXCEPTION CONDITIONS ARE MORE EXCEPTION CONDITIONS ARE MORE DIFFICULT TO UNDERSTAND THAN DIFFICULT TO UNDERSTAND THAN MAIN LINE REQUIREMENTSMAIN LINE REQUIREMENTS

SPECIFYING EXCEPTION SPECIFYING EXCEPTION HANDLING IS DIFFICULTHANDLING IS DIFFICULT

EXCEPTION CONDITIONS ARISE EXCEPTION CONDITIONS ARISE FROM SEVERAL LEVELSFROM SEVERAL LEVELSEXCEPTION CONDITIONS ARE MORE EXCEPTION CONDITIONS ARE MORE DIFFICULT TO UNDERSTAND THAN DIFFICULT TO UNDERSTAND THAN MAIN LINE REQUIREMENTSMAIN LINE REQUIREMENTSEXCEPTIONS OCCUR INFREQUENTLY EXCEPTIONS OCCUR INFREQUENTLY BUT REQUIRE DISPROPORTIONATE BUT REQUIRE DISPROPORTIONATE EFFORTEFFORT

SOURCES OF EXCEPTIONSSOURCES OF EXCEPTIONSOPERATIONAL REQUIREMENTS

LOSS OF PROPULSION, ELECTRIC POWER, COMMUNICATION, THERMAL CONTROL

IMPLEMENTATION DETAILCALIBRATION ANOMALIES, ACTUATOR STATES, SENSOR INPUT

COMPUTING ENVIRONMENTHARDWARE FAILURES, MEMORY ERRORS, EXECUTIVE, MIDDLEWARE

MONITORING AND SELF-TESTOVER-TEMPERATURE SENSORS, SYSTEM PERFORMANCE TEST

APPLICATION SOFTWAREASSERTIONS, VIOLATION OF TIMING CONSTRAINTS, MODE CHANGES

WHO IS RESPONSIBLE?WHO IS RESPONSIBLE?

OPERATIONAL REQUIREMENTS

IMPLEMENTATION DETAILS

COMPUTING ENVIRONMENT

MONITORING AND SELF-TEST

APPLICATION SOFTWARE

SYSTEM

ENGINEERING

EQUIPMEMT

SPECIALIST

VEHICLE

HEALTH MGM’T

SOFTWARESOFTWARE

ENGINEERINGENGINEERING

REQUIREMENT GENERATIONREQUIREMENT GENERATION

OBJECTIVE OBJECTIVE EXCEPTION CONDITION AND ACTIONEXCEPTION CONDITION AND ACTION

ALGORITHMALGORITHMQUANTITATIVE CONDITION DESCRIPTIONQUANTITATIVE CONDITION DESCRIPTIONTIMING AND RESPONSIBILITY FOR TIMING AND RESPONSIBILITY FOR ACTIONACTION

ASSIGNMENTASSIGNMENTSPECIFY SOFTWARE IMPLEMENTATION SPECIFY SOFTWARE IMPLEMENTATION OF ALGORITHMOF ALGORITHM

DOES IT ADD UP?DOES IT ADD UP?

CONCEPT SYST. REQ'MTS SOFTW.REQ'MTS SOFTW.DESIGN CODING

OBJECTIVE ALGORITHM ASSIGNM'T

OBJECTIVE ALGORITHM ASSIGNM'T

OBJECTIVE ALGORITHM ASSIGNM'T

OBJECTIVE ALGORITHM ASSIGNM'T

OBJECTIVE ALGORITHM ASSIGNM'T

OPERATIONAL REQM'TS

IMPLEMENTATION

COMPUTING ENV.

MONIT. & SELF-TEST

APPLICATION SOFTW.

SOLUTIONS TO THE PROBLEMSOLUTIONS TO THE PROBLEM

SHARING EXISTING PRACTICESSHARING EXISTING PRACTICESSHARING EXPERIENCESHARING EXPERIENCECREATING AND SHARING TOOLSCREATING AND SHARING TOOLS

INTEREST GROUPINTEREST GROUPSTANDARDS WORKING GROUPSTANDARDS WORKING GROUPRECOMMENDED PRACTICERECOMMENDED PRACTICE

HERBERT HECHT

herb@sohar.com

310.338.0990 X110