Model-based Program MERS CSAIL Control program specifies Orbitinserto: state trajectories (do-watching((EngineA= Thrusting) OR (EngineB= Thrusting)) fires one of two engines (parallel sets both engines to standby (EngineA= Standby) ngineB Standby) prior to firing engine, camera must be turned off to avoid plume contamination (do-watching(EngineA=Failed) (when-donext((EngineA= Standby) AND in case of primary engine failure, fire (Camera=Off) backup engine instead (Engine= Thrusting)) (when-donext((EngineA= Failed) AND Plant Model describes (EngineB= Standby) AND (Camera=Off)) behavior of each component (EngineB= Thrusting)) Nominal and off nominal qualitative constraints likelihoods and costs Example: The model-based program sets engine=thrusting, and the deductive controller Mode estimation Mode reconfiguration Oxidizer tank Fuel tank →点 Deduces that configuration thrust is off. and the engine is healthy plans actions Deduces that a valve six valves d- stuck closed Determines valves on backup engine that will achieve thrust. and plans needed actions Mode reconfiguration Mode estimationModel-based Program Control program specifies state trajectories: • fires one of two engines • sets both engines to ‘standby’ • prior to firing engine, camera must be turned off to avoid plume contamination • in case of primary engine failure, fire backup engine instead OrbitInsert():: (do-watching ((EngineA = Thrusting) OR (EngineB = Thrusting)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Thrusting))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Thrusting)))) Plant Model describes behavior of each component: – Nominal and Off nominal – qualitative constraints – likelihoods and costs Example: The model-based program sets engine = thrusting, and the deductive controller . . . . Determines valves on backup engine that will achieve thrust, and plans needed actions. Deduces that a valve failed - stuck closed Selects valve configuration; plans actions to open six valves Oxidizer tank Oxidizer tank Fuel tank Fuel tank Deduces that thrust is off, and the engine is healthy Mode Estimation Mode Reconfiguration Mode Reconfiguration Mode Estimation