Environmental Engineering Reference
In-Depth Information
Another requirement would be tools and techniques that would have built-
in autonomic, intelligent, and interacting constructs to reduce development
time and increase developer productivity. Tools would need to allow rapid
simulation so that developers might identify errors in requirements or code
at the earliest stage possible. For now, ideas about creating standard intelli-
gent, autonomic components are still evolving: there is yet no consensus as to
what constitutes a system of such components. Hopefully, more research and
development in these areas will yield effective and timely results.
10.5.2 Verification
These new approaches to exploration missions simultaneously pose many chal-
lenges. Swarm missions will be highly autonomous and will have autonomic
properties. Many of these missions will be sent to parts of the solar sys-
tem where manned missions are regarded as infeasible, and where, in some
instances, the round-trip delay for communications between earth and the
spacecraft exceeds 40 min., meaning that the decisions on responses to prob-
lems and undesirable situations must be made in situ rather than from ground
control on earth. The degree of autonomy that such missions will require would
mean an extreme burden of testing in order to accomplish system verification.
Furthermore, learning and adaptation toward continual improvements in per-
formance during mission operations will mean that emergent behavior pat-
terns simply cannot be fully predicted through the use of traditional system
development methods. Consequently, formal specification techniques and for-
mal verification will play vital roles in the future development of these types
of missions.
Full testing of software of the complexity of the ANTS mission may be
recognized as a heavy burden and may have questionable feasibility, but ver-
ification of the on-board software, especially the mechanism that endows the
spacecraft with autonomy and the ability to learn, is crucial because the one-
way communications delay makes real-time control by human operators on
earth infeasible. Large communications delays mean human operators could
not, in many scenarios, learn of problems or errors or anomalies in the mis-
sion until the mission had substantially degraded or failed. For example, in a
complex system with many concurrently communicating processes on board
or among the members of the swarm, race conditions are highly likely, but
such conditions rarely come to light during the testing or mission development
phase by inputting sample data and checking results. These types of errors
are time-based, occurring only when processes send or receive data at partic-
ular times or in a particular sequence, or after learning takes place. To find
these errors, testers must execute the software in all the possible combina-
tions of the states of the communicating processes. Because the state space is
extremely large (and probably extremely dicult to project in sucient detail
for actual testing), these systems become untestable with a relatively small
number of elements in the swarm. Traditionally, to get around the state-space
