The Automated Test Monitor computer program provides for continuous monitoring of the operations of a complex system (e.g., a spacecraft). This program implements a rigorous analytic (instead of an ad hoc) technique that prescribes exactly how to express requirements for the operation of the system, and how to construct and implement a software subsystem that can detect violations of the requirements. Thus, the program provides a theoretical and computational framework that is potentially applicable to monitoring of a variety of systems. Run-time monitor software is constructed (hereafter, "monitor" for short) that can be embedded in the software that controls the operation of the system to be monitored. In the generation of the monitor, correctness properties are expressed as linear temporal logic (LTL) formulas, then a procedure is generated from the formulas. The system-control software is then modified manually to provide the software analog of instrumentation that informs the monitor of events in the system that can cause changes in LTL correctness properties. The monitor responds whenever it detects an event that violates a specified correctness property. The response of the monitor can be used to activate a subsystem to respond to the fault that caused the violation.
This program was written by Francis Schneider of Caltech for NASA's Jet Propulsion Laboratory. NPO-20585
This Brief includes a Technical Support Package (TSP).
Software for detecting anomalies and responding to faults
(reference NPO20585) is currently available for download from the TSP library.
Don't have an account?
Overview
The document outlines a technical support package for a software program developed by Francis L. Schneider at NASA's Jet Propulsion Laboratory (JPL) aimed at detecting anomalies and responding to faults in complex systems, particularly spacecraft. The program, known as the Automated Test Monitor, provides a continuous monitoring solution that employs a rigorous analytical framework rather than an ad hoc approach. This framework prescribes specific methods for expressing operational requirements and constructing software subsystems capable of detecting violations of these requirements.
The core of the program involves the use of linear temporal logic (LTL) to express correctness properties of the system being monitored. A runtime monitor is generated from these LTL formulas, which can be embedded within the system's control software. This monitor is designed to respond to events that may indicate a violation of the specified correctness properties. When an anomaly is detected, the monitor can activate a fault response subsystem to address the issue, thereby enhancing the reliability and availability of the spacecraft's operations.
The document also discusses the motivation behind the development of this software, which stemmed from the need to validate existing spacecraft controllers. Schneider identified a way to integrate fault detection capabilities into existing code with minimal disruption, thereby improving the overall fault protection and response systems aboard spacecraft.
In terms of implementation, the software constructs a state machine representing the executing spacecraft controller. It outputs data values associated with specific data structures to the monitor program, which checks for anomalies in real-time. If the monitor identifies a fault, it triggers a fault response routine that repairs the fault and resumes normal operations.
The document emphasizes the novelty of this approach, highlighting its potential to incorporate existing fault response systems within its framework, thus providing a higher degree of reliability for newly developed systems. Overall, the Automated Test Monitor represents a significant advancement in the field of spacecraft fault detection and response, ensuring safer and more efficient space missions.
