The Pathfinder mission demonstrated the potential for robotic Mars exploration, but at the same time indicated the need for increased rover autonomy. The highly ground-intensive control with infrequent communication and high latency limited the effectiveness of the Sojourner rover. This project set out to increase the flexibility and robustness of Mars rovers by developing a contingent sequence language, a contingent planner/scheduler to support generation of such sequences, and an onboard executive system that can execute contingent sequences, manage resources, and perform fault diagnosis.
The first step was the design of a new commanding language, called the Contingent Rover Language (CRL). A key feature of CRL is that it enables the encoding of contingent plans specifying what to do if a failure occurs, as well as what to do if a serendipitous science opportunity arises. For example, a CRL plan could specify the following contingent rover behavior: when a failure occurs, execute a contingency plan to recover from the failure; if none is available, then execute a contingency plan to acquire additional data to support failure diagnosis and recovery by the ground operations team.
The current autonomy architecture (see figure 1) consists of a contingency planner/scheduler, a conditional executive, a resource manager, and a state-identification component. The contingency planner/scheduler, CPS, is given high-level science goals; it generates a temporally flexible schedule along with contingency plans for possible execution failures and serendipitous science opportunities. The contingent schedule is refined with help from a rover operator and then sent to the onboard conditional executive, CX. These commands are sent to the real-time control system, with results coming back via state monitors into the state identification system, SI, which infers the system state from the monitored information and updates the state for CX. If commands fail or schedule constraints are violated, CX tries to recover using contingency plans.
Resources on rovers are severely limited and at the same time critical for mission success. An onboard, run-time resource manager, RM, receives estimated resource profile information from tasks, monitors current and planned resource usage, and reacts to changes in resource availability. Accounting for the complete state of the rover, diagnosis enables earlier fault detection and produces fewer false alarms than fault diagnostic systems, like those on Sojourner, which simply trigger on particular anomalies. The State Identification component (SI) eavesdrops on commands sent by CX to the rover. Based on inputs from low-level monitors, the commands executed on the rover, and a declarative model of the rover, SI infers the most likely current state of the rover. SI also provides a layer of abstraction to the executive, allowing plans to be specified in terms of component modes, rather than in terms of low-level sensor values.
The particular characteristics of Mars rover operations require a significant level of rover autonomy and an ability to handle resource constraints and unpredictable events. Ames researchers have designed an architecture for rover autonomy that includes contingency planning on ground and flexible, robust execution of conditional sequences on board. The onboard executive draws on model-based fault diagnosis and dynamic resource management to maximize its science return. In February 1999, some of these rover autonomy technologies were demonstrated as part of a field test in the Mojave Desert with the Marsokhod rover, which appears in the right image of figure 2. During this exercise, both advanced rover technologies and science investigation strategies for planetary surface operations were demonstrated.
Point of Contact: J. Bresina
(650) 604-3365
jbresina@mail.arc.nasa.gov
Back To Top
Previous Paper
Return to Space Technology
Next Paper 
